Deployment Scenarios
In a scenario where Sectona PAM needs to be installed, deployed and used, one can come across certain challenges. Selecting the correct architecture can supersede such issues and have a version of Sectona PAM that best suits the system. Whether its consisting of multiple product deployment components across sites, distributed infrastructure or network segments.
There are four types of setup structures which include Sectona PAM as a standalone setup or as a high availability architecture or it could be with system components which either handle multiple network segments or are used for a multi-site environment.
Before you start the installation process, remember to :-
Ensure you have reviewed the system architecture components in Service Architecture Overview
Validate your system requirements here System Requirements
You have reviewed standard communication ports Standard Port Requirement for Installation
Common use-cases & required components
Use-case | Description | Needed Component |
---|---|---|
Allowing session collaboration over the internet | This requires Sectona Remote Access Publisher component to be installed & activated. |
Scenario 1: Deploying a standalone setup
This is recommended for smaller environments or evaluation setups. Follow these steps sequentially to set up your environment:
Install the vault based on edition and find detailed steps here: Installing Vault Component.
Install the Sectona Web Access Component. Refer detailed setup instructions Installing Sectona Web Access.
If you desire to use any other components install by referring to section Installing the Components.
It is recommended to use satellite vault to backup your passwords in an alternate location. Refer Configuring Satellite Vault for break glass.
Scenario 2: Deploying a high availability architecture
This is recommended architecture for mid to large scale deployments with a need for high availability. The Sectona Web Access component can be installed using clustering or load-balanced along with vault in replication or sync mode. Follow these steps sequentially to setup your environments:
First go through Building a High Availability Setup , High-Availability Introduction & Key Concepts and Choosing an Architecture for HA & DR Requirements to know more about the supported high availability architecture for Sectona.
Install the vault component on both the nodes (Primary and Failover node) based on edition and find detailed steps here: Installing Vault Component.
Install the Sectona Web Access Component on both the nodes. Refer detailed setup instructions at Installing Sectona Web Access.
Configure vault in replication/sync mode. Refer detailed steps at Configuring Vault for High Availability.
Configure Sectona web access for high availability. Refer detailed steps at Configuring Sectona Web Access for High Availability.
If you desire to use any other components install by referring to section Installing Sectona Components.
Scenario 3: Deploying system components to handle multiple network segments
This is recommended architecture for mid-large enterprises with multiple network segments or SOC environment with multiple customers to support. Essentially if you have the system deployed in high availability mode and sites/zones hosting assets, this is the ideal solution for deployment. Consider deploying the setup with the listed steps.
Ensure you have at least one Windows server hosted at each site/zone location for configuring it as a Proxy server for enabling access to site specific assets through the proxy server.
Install the vault based on edition and find detailed steps here: Installing Vault Component.
Install the Sectona Web Access Component. Refer detailed setup instructions at Installing Sectona Web Access.
Install Vault Session Proxy Host component for each site/zone windows server where the assets are hosted. For SOC environment the proxy windows server will become a gateway to respective customer’s data center which is managed by SOC team.
If you desire to use any other components install by referring to section Installing Sectona Components.
Scenario 4: Deploying system components on multi-site architecture
This architecture fits large-scale deployments with multiple sites that also have one or more remote sites or branch offices where recorded endpoints reside. It is important to consider this architecture when your remote sites or other sites are connected using a site-to-site VPN tunnel to the main data center. It is important to define one site as the central site in this architecture. Contact Sectona Support or Customer Success team to guide to for this deployment.