Connect to unmanaged or non-defined machines (Ad Hoc Connections)

You can connect to any machine through PSM using any account, including those that are not managed in the CyberArk Vault. Based on preconfigured platforms, you can access both Windows and *UNIX machines.

There are two types of ad hoc connections:

  • Ad hoc connection to Windows machines. Based on machine identifiers, you can initiate an ad hoc connection from the selected Windows platform and define the target machine by entering the machine address or identifier details at the Privilege Cloud Portal prompt.

  • Connect to non-defined *UNIX machines. Based on platform configuration for remote access, you can initiate a connection request and define the target machine by entering the machine ID at the Privilege Cloud Portal prompt.

Ad hoc connection sessions benefit from the standard PSM features, including session recording, detailed auditing, and standard audit records. In addition, authorized users can monitor active sessions in real time, assume control, and terminate them when necessary.

Connect to a remote Windows device with Privilege Cloud Portal Ad hoc connection

You can configure multiple ad hoc connection platforms, and define different settings for each one, such as recording Safes or a different PSM server. This way, you can create ad hoc connection platforms that suit the network structure and your organizational business needs.

In the Ad Hoc Connection page, select the ad hoc connection platform and a client that enables them to log on to the remote device. Then you specify the address of the remote machine, and the user name and password that are required to log on, but which are not managed in the Vault.

 
  • When using ad hoc connections, part of the PSM security benefits are lost since the privilege credentials that are used to connect are not secured and vaulted. When possible, it is recommended to take a more secure approach by storing the credentials in the Vault and using standard PSM connections.
  • The ad hoc connection workflow is not supported when connecting directly from the user’s desktop using an RDP client application. Use Privilege Cloud Portal for such connections.

 

To connect to a remote device with an ad hoc connection:

  1. In the Privilege Cloud Portal, in the Accounts List, click Ad-Hoc Connection.

  2. From the Platform Name drop-down list, select the ad hoc connection platform used to connect to the remote machine.

  3. From the Client drop-down list, select the ad hoc connection client used.

  4. Specify the information that is required to create an ad hoc connection to the remote machine.
  5. Information Description
    All Clients:  
    Required information:
    Platform Name The name of the ad hoc connection platform used to connect to the remote machine.
    Client The connection component used to log on to the remote device.
    Address The IP/DNS address of the remote machine that the user logs on to.
    User Name The name of the user who logging on to the remote machine.
    Password The password used to log on to the remote machine.
    Optional information:
    Map local drives Connects your local drives to the remote computer.
    SQL Plus and Toad Clients:
    Required information:
    Connect As The specific user role used to log on to the remote machine.
    Port The port used to log on to the remote machine.
    Database The remote database that the user logs on to.
    SSH and WinSCP Clients:
    Required information:
    Port The port used to log on to the remote machine.
    RDP Clients:
    Required information:
    Logon To The specific user role used to log on to the remote machine.
    Port The port used to log on to the remote machine.
    Optional information:
    Connect to machine console Connects your local machine to the machine console.
    PSM-SQLServerMgmtStudio Clients:
    Required information:
    Database The remote database that the user logs on to.

  6. Click Connect, and then, on the Remote Desktop Connection window, click Connect again.

Connect to a non-defined *NIX machine with a Privilege Cloud Portal connection

You can connect to any machine in your domain by entering the machine ID at the Privilege Cloud Portal prompt.

This is enabled when: 

  • The machine is in the organization domain

  • The user name and password are stored in the Vault.

  • The required machine is accessed through a platform that is configured to enable connection to non-defined machines. See Configure connection to non-defined *NIX machines

To connect to a non-defied machine with the machine ID:

  • In the Privilege Cloud Portal, in the Accounts List, select the required account and click Connect.

  • In the Remote Connection Details section enter the ID (address/URL) of the requested machine and click Connect.

Ad hoc connect using PSM