Infrastructure and application monitoring is shifting from an agent-based approach to an agentless one. Agentless monitoring holds the promise of cheaper and easier-to-maintain monitoring technology. Non-Windows systems is to use Virtual Agents to collect state and performance data from those resources. When using Virtual Agents, there is no necessity to deploy any software on the managed systems. Instead, REST API calls are made to the systems to capture data or invoke an action are made using common interfaces supported by the managed systems.
The functionality provides the benefit of achieving SSH relay to target servers without a requirement of installation of a client or an agent as the SSH session can be achieved in the web browser. This functionality requires an Agentless module to be installed on Privileged Account Manager Linux manager.
NOTE:You cannot add scripts when you are using SSH Web Relay.
Ensure that the agentless module is installed.
The agentless component of Privileged Account Manager (agentless) is supported only on Windows, SLES 12 (64-bit), SLES 15 (64-bit), Oracle Linux 8 (64-bit), or RHEL 8 (64-bit).
NOTE:
For Oracle Linux 8 (64-bit) and RHEL 8 (64 bit), install the redhat-lsb-core package.
For SLES 12 (64-bit) and SLES 15 (64-bit), install the lsb-release package.
You must install libpango and libcairo, and the dependent packages for both SLES and RHEL. Additionally for RHEL alone install dejavu-sans-fonts.
Advantages of configuring the secure shell web relay are:
You can configure SSH Web Relay for Linux and Unix machines to allow users to remotely access these machines without the privileged account credentials.
This method is beneficial if you do not want any operating system installed software or client.
Removes the requirement of JMobaXterm to help application to be launched on a client desktop by using resources that are hosted a remotely.
You can administer the live view of the SSH Web Relay session in real time as it opens in the My Access page.
Removes the requirement of Java Network Launch Protocol (JNLP) to help application to be launched on a client desktop by using resources that are hosted on a remote web server.
You can configure a SSH Web Relay for Unix and Linux machines to allow users to remotely access these machine without the privileged account credentials. After a SSH Web relay is configured by an administrator, the user gets an elevated access to target Linux and Unix machines over SSH using a web console and can access the privileged session as follows:
Log in using the Privileged Account Manager user credentials and click Login.
Click Home > My Access > Predefined Tags > SSH/Telnet and click the launch icon before the appropriate resource name.
You can administer the live SSH Web Relay session as it opens in Home > Active Sessions. The administrator audits the user actions in this privileged session and views these reports in the administration console.
Consider a scenario where the administrator has to provide privileged access to Linux or UNIX system and the Privileged Account Manager user can access the session from the same browser itself. For this scenario, the administrator must perform the following configuration in the Access Control.
Create an SSH type Credential Vault resource for the Linux or UNIX system and add the respective credentials.
Click Users, add the users (LDAP or Local) which will be using the resource.
Click Access Control > User Roles and create a user group and all the users which will use the resource.
Click Access Control > Resource Pools and create a resource group. Add the SSH Vault for Agentless SSH Servers.
Click Access Control > Assignment and create SSH Web and add the user group and resource pool you created in the 2 and 3 step to it.
Select the permissions you want to give.
Click Finish.
After the administrator configures the authorization rule in Privileged Account Manager, the user can gain privileged session as follows:
Log in using the Privileged Account Manager user credentials and click Login.
Click Home > My Access > Predefined Tags > SSH/Telnet and click the launch icon before the appropriate resource name.
You can administer the live SSH Web Relay session as it opens in Home > Active Sessions. The administrator audits the user actions in this privileged session and views these reports in the administration console.
The administrator audits the user actions in this privileged session and views these reports in the administration console.