Manage connectors

This section describes how to manage connectors that you need to enable service functionality.

The connector components used to manage secure connections to your targets in DPA deployment are connector pools and connectors.

Connector pools

Connector pools enable you to define a cloud or on-premises network and select which connectors provide connectivity to that network by assigning them to the pool.

This enables you to have one connector in the pool to serve all the targets in the defined network.

Additionally, for high availability and scalability, you can add multiple connectors.

For more information, see Connector pools.

Connectors

Connectors enable your end users to securely connect to target devices in a cloud platform or on-premises. For more information, see Connectors.

Connectivity example

The following diagram describes an example of connectivity for a defined AWS cloud network using a connector pool and a single DPA connector for the pool:

The above diagram is only one example of connectivity. For the avoidance of doubt, DPA does support the use of one connector for multiple AWS accounts.

Installation best practices

The DPA connector must be installed on a customer-side machine, so it can enable secure communication between your users and your organizational assets. Calculate the number of required machines and their locations based on the following requirements and guidelines:

  • The host machine must be configured to allow outbound access.

  • The connector can be installed on an existing machine.

  • Each connector should reside on a separate machine.

  • To support connecting to AWS targets via RDP, make sure you install the DPA connector on a Windows machine. The DPA connector can handle the provisioning only if it is installed on Windows.

  • Each connector accesses the network that is defined in its connector pool. Make sure you create a connector pool for each network.

CyberArk recommends the following:

  • For load balancing and high availability, install an additional connector for each network (for each connector pool).

  • Use a dedicated machine as the connector host.

  • Follow your organization's standards and industry best practices for hardening protocols for these target machines. For example, close any port or connection available to the connector machine, other than the ones required under Network requirements.