This topic describes how to install the PSM HTML5 gateway.
You can configure PSM to provide secure remote access to a target machine through an HTML5 gateway. The HTML5 gateway tunnels the session between the end user and the PSM machine using a secure WebSocket protocol (port 443). Rather than opening an RDP connection, the end user requires only a web browser to establish a connection to a remote machine through PSM.
Live session monitoring, by an authorized auditor, is also performed through the HTML5 gateway.
Secure access through HTML5 requires integrating an HTML5 gateway on a Linux server. The gateway uses a software called Apache Guacamole.
Each PSM server can be configured to work with an HTML5 gateway. Multiple PSM servers can work with the same gateway or with different gateways. When an end user connects with an account, the PVWA redirects the connection through the gateway that is configured for the PSM server.
If you are installing the PSM Gateway using an RPM package, the PSM Gateway supports any Web service, such as Tomcat v 8.5 or v 9, that can support Java 1.6 or later and that can support WAR files.
We recommend using Tomcat as your Web service. This topic is written for Tomcat.
HTML5 connections are supported only from browsers that support TLS 1.2.
Small + Mid-range implementation
(1-50 concurrent RDP/SSH sessions)
Mid-range + Large implementation
(51-100 concurrent RDP/SSH sessions)
Very large implementation
(101-200 concurrent RDP/SSH sessions)
- 2 core processors (Intel compatible)
- 4 GB RAM
- 4 core processors (Intel compatible)
- 8 GB RAM
- 8 core processors (Intel compatible)
- 16GB RAM
- Tests are based on 40% SSH and 60% RDP concurrent sessions running with FHD resolution.
- These requirements are based on a dedicated machine for guacd.
Make sure you can log into the PSM HTML5 gateway host machine with a user who has sudo permissions.
Make sure you can log onto PAM - Self-Hosted as a user with administrative permissions.
Make sure RDP connections between the PSM HTML5 gateway host machine and the PSM server are allowed. This is usually through TCP port 3389.
The Gateway does not support:
- Smart card redirection
- Printers redirection
- Connections to target systems where NLA is enabled on the PSM server
You can install the PSM HTML5 Gateway:
- Via Docker. For details, see HTML5 Gateway Docker deployment.
- Using an RPM package. For details, see Install PSM HTML5 Gateway using an RPM package.
The HTML5 Gateway health check enables you to determine HTML5 Gateway service availability (health) by querying the HTML5 Gateway web service on each machine. The HTML5 Gateway health check is implemented as a REST API with the following URL:
The REST API can be used for manual requests or configured in the load balancer. When HTML5 Gateway is available, the URL responds with 200 OK.