Connect through the PVWA

This topic describes connecting to target systems from the PVWA through the PSM.

From the PVWA, you can connect through PSM to a variety of systems and applications such as Windows machines, SSH devices such as UNIX, Linux, routers and switches, VMWare machines, databases.

You require Use account permissions in the Safe to connect to remote machines.

Supported PSM end user platforms

The following table lists the end user platforms that you can use to connect through the PSM.

End user platform Connection methods
Windows
  • RDPFile

  • HTML5

Mac
  • RDPFile

  • HTML5

Unix/Linux
  • HTML5

Supported PSM connection methods

The following methods are available to establish PSM connections:

Method Description
RDP File

This method is available when connecting through any browser from a Window or Mac environment.

This method does not require any installation on the client side. The user will be prompted to download an RDP file and will have to open this file to establish the connection. It is recommended to allow these RDP files to open automatically in order to streamline the connection process. This is the default method.

This method does not support connections to target systems where NLA is enabled on the PSM server.

For each connection, an RDP file is downloaded to the Downloads folder of your browser. To use these RDP files, either open them manually from the browser or configure them to open automatically as recommended above. After the session has ended, its RDP file isn’t valid anymore and cannot be reused. In addition, these RDP files are valid for connections for only a short time after they are downloaded and cannot be used after this time. You can delete these files manually from the Downloads folder.

Make sure that the folder to which the RDP files are downloaded is a private and protected storage, which is only accessible to the user who downloaded these files.

HTML5

This method is available when connecting through the PVWA from Windows, Mac, or Unix/Linux desktops. You need only a web browser to establish a connection to a remote machine through PSM.

For configuration details, see Secure Access with an HTML5 Gateway.

The HTML5 gateway enables interaction between your local workstation and the remote target, such as copying text. For details, see Interaction between the local and remote machines.

The AllowSelectHTML5 parameter enables you to use a single account for both RDP file and HTML5-based sessions. This option is only available in the Version 10 interface.

For more information about configuring PSM connection methods and their impact on the user experience, refer to Privileged Session Management Interface.

For information on the different PSM implementations that are supported with each connection method described above, refer to Supported PSM connection methods .

Remote Windows Server (RDP)

Use one of the following procedures to connect to a remote windows server through PSM from the Web Portal:

Remote SSH device

Use one of the following procedures to connect to a remote SSH device through PSM from the PVWA:

Remote devices with X-forwarding

You can connect to remote SSH systems through PSM using X-Forwarding in addition to SSH protocol. As in all PSM connections, you do not need to know the privileged password or key content and the entire session can be recorded for auditing.

To connect with X-Forwarding requires additional configuration. This is described in Connection Component Configuration.

Databases

The PVWA enables you to log onto remote databases through PSM.

You can log onto remote Oracle databases using a different user during the log on procedure.

The built-in connection components for Oracle database connections via PSM are PSM-Toad and PSM-SQLPlus.

You can log onto remote SQL Server databases with a Microsoft SQL Server account for SQL Server authentication, or with a Windows Domain account for Windows authentication.

The Built in connection components for SQL Server databases connections via PSM are:

  • PSM-SQLServerMgmtStudio for SQL Server authentication

  • PSM-SQLServerMgmtStudio-Win for Windows authentication

VMWare Administrative Tools

You can log onto VM Administrative tools through PSM.

Mainframes

Cloud Services Management Tools

CyberArk Administrative Interfaces

Connect from Web Portal to a target device

This topic describes connecting to target systems through the PVWA .

After selecting an account in the PVWA you will be able to select the connection components that are available to you from the drop-down list.

Connection components through Web Portal do not have a prefix. For example, RDP.

You require the Retrieve accounts permissions in the Safe to connect to remote machines.

Interaction between the local and remote machines

When working in HTML5 browser-based PSM sessions, you can copy files and text between the local workstation and the remote target.

Copy files

This capability is supported when the PSM HTML5 gateway is installed.

You can copy up to 2GB or 120 files per session.

To copy files, the AllowMappingLocalDrives parameter must be valued with Yes. For details, see User Parameters.

For security reasons, CyberArk recommends that you disable the auto open downloaded files option in the browser settings.

CyberArk does not perform any scanning on customer data provided by the customer or any of its authorized users (including any files or their content) uploaded to or transferred via the service, including any anti-virus scanning or other detection of malicious code.

You are solely responsible for scanning your customer data (including any files and their content) for detection of malware prior to uploading or transferring it via the service.

CyberArk recommends that you apply malware scanning tools according to industry best practices.

Copy text