Skip to main content
Skip table of contents

EPM Deployment Scenarios

In a scenario where Sectona PAM needs to be installed, deployed and used, one can come across certain challenges. Selecting the correct architecture can supersede such issues and have a version of Sectona PAM that best suits the system. Whether its consisting of multiple product deployment components across sites, distributed infrastructure or network segments.

There are four types of setup structures which include Sectona PAM as a standalone setup or as a high availability architecture or it could be with system components which either handle multiple network segments or are used for a multi-site environment.

Before you start the installation process, remember to :-

Common use-cases & required components



Needed Component

Allowing session collaboration over the internet

This requires Sectona Remote Access Publisher component to be installed & activated.

Installing Sectona Remote Access Publisher Component

Scenario 1: Deploying a standalone setup

This is recommended for smaller environments or evaluation setups. Follow these steps sequentially to set up your environment:

Scenario 2: Deploying a high availability architecture

This is recommended architecture for mid to large scale deployments with a need for high availability. The Sectona Web Access component can be installed using clustering or load-balanced along with vault in replication or sync mode. Follow these steps sequentially to setup your environments:

Scenario 3: Deploying system components to handle multiple network segments

This is recommended architecture for mid-large enterprises with multiple network segments or SOC environment with multiple customers to support. Essentially if you have the system deployed in high availability mode and sites/zones hosting assets, this is the ideal solution for deployment. Consider deploying the setup with the listed steps.

  • Ensure you have at least one Windows server hosted at each site/zone location for configuring it as a Proxy server for enabling access to site specific assets through the proxy server.

  • Install the vault based on edition and find detailed steps here: Installing Vault Component.

  • Install the Sectona Web Access Component. Refer detailed setup instructions at Installing Sectona Web Access.

  • Install Vault Session Proxy Host component for each site/zone windows server where the assets are hosted. For SOC environment the proxy windows server will become a gateway to respective customer’s data center which is managed by SOC team.

  • If you desire to use any other components install by referring to section Installing Sectona Components.

  • It is recommended to use satellite vault to backup your passwords in an alternate location. Refer Configuring Satellite Vault for break glass.

Scenario 4: Deploying system components on multi-site architecture

This architecture fits large-scale deployments with multiple sites that also have one or more remote sites or branch offices where recorded endpoints reside. It is important to consider this architecture when your remote sites or other sites are connected using a site-to-site VPN tunnel to the main data center. It is important to define one site as the central site in this architecture. Contact Sectona Support or Customer Success team to guide to for this deployment.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.