Skip to main content
Skip table of contents

EPM Service Architecture Overview

The Sectona system is built on service-based architecture leveraging Internet Information Services (IIS) as a web server and supporting MySQL embedded DB or Microsoft SQL as a vault options.

Enterprise edition is equivalent to MySQL embedded DB vaulting and Enterprise Plus allows external RDBMS vault deployments. All services or modules can be activated based on your licenses and additional modules must be configured as per requirement.

As the system is designed to leverage an IIS server all the application-related functional services can be managed through a central web portal of the system. This gives you the flexibility to manage application-related services remotely. For more information on managing services, you may refer to documentation in the section Monitoring System Health & Service Status

Component Characteristics

Sectona platform is a self-contained system based on .NET framework and related technologies. Sectona PAM platform uses the IIS web server and supports both embedded and external RDBMS to store passwords and configuration data. Multiple components of the system include:

Build Components

Component Name

Description

Built-In Web Access

Support for Distributed Setup

Sectona Web Access

Web-based interface for the users and administrator to communicate with the vault and leverage system services.

-

-

Vault Storage Host

Secure, encrypted, tamper-proof storage for passwords, certificates, and keys.

-

Yes

Sectona Jump Host

Performs hardening of the hosts, enables communication with the vault, single sign-on, and session recording.

-

Yes

Sectona Vault Session Proxy Host
Single Package with

  • Session Proxy

  • Web Session Proxy

  • RDP Direct Proxy

Provides gateway and proxy services for common protocols, web applications, and clients to communicate from client to target machine. This also enables a password at the proxy layer when web server does not have direct connectivity from web application.

Yes

Yes

SSH Direct Proxy

Provides gateway and proxy services for RDP access when accessed directly using native RDP clients.

Yes

Planned

Sectona Remote Access Publisher

It is an independent install-able component that receives requests from specified TCP Port to actual TCP Port

-

Yes

Sectona Satellite Vault

It is an external component built to offer alternate access to passwords in case of failure, breakdown or inaccessibility of the vault

-

Yes

Sectona File Synchronization

Provides sync services for object-level video log files between two servers.

-

Yes

Sectona Vault API Extension

Allows communication with the vault via APIs

-

Yes

Sectona Windows Credential Provider

Allows login to RDP Session via Sectona OTP

-

Yes

Application ProxyUser session distribution across servers connected to the primary database.Yes-

Sectona Windows Monitoring Agent

Sharing current activity logs of Windows Sessions as well as manage the Server Access Policy which enabled at the target server. Yes-

Client Components

Component Name

Description

Sectona Launcher

Independent component which communicates with the vault enables session recording and single sign-on services on the local machine.

Sectona Client App

Independent component which communicates with the vault and multi-tabbed browsing experience for RDP & SSH access.

Sectona Server Privilege Control

Enables monitoring of granular access in a privileged session initiated through Sectona Web Access.

This illustration shows the key components in a typical deployment and inter dependencies within the system.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.