Architecture

This topic describes how users can connect to target systems through Privileged Session Manager (PSM).

Overview

Users can connect through the PVWA portal, or alternatively through PSM for Windows, that is, directly from their desktops using any standard RDP client application, such as MSTSC, different Connection Managers or an RDP file.

By default, the user connects to the PSM machine through port 3389, using the RDP protocol. This is required to facilitate remote access, although this port is not usually opened in the corporate firewall, and in some cases it is not permitted.

You can configure PSM to provide secure remote access to a target machine through an HTML5 gateway when connecting with the PVWA portal. The HTML5 gateway tunnels the session between the end user and the PSM machine using a secure WebSocket protocol (port 443). This eliminates the requirements to open an RDP connection from the end-user's machine. Instead, the end user only requires a web browser to establish a connection to a remote machine through PSM.

Alternatively, PSM can be configured to work with the Microsoft Remote Desktop Gateway (RDGateway) which tunnels the RDP session between the user and the PSM machine using the HTTPS protocol (port 443). This provides a secure connection without needing to open the firewall. All information that is transferred between the user and the PSM machine is encrypted and protected by the HTTPS protocol, which enables secure cross-network and remote access.

For more information about Microsoft Remote Desktop Gateway, refer to Microsoft's official documentation.

For details, see:

Connect through the web portal (PVWA)

This section describes how a connection to a monitored target session is established through the PVWA.

Connect through PSM for Windows

 
TruePrivileged Access Security11.1