Skip to main content
Skip table of contents

Securing & Monitoring Sessions

Combinations of proxies, gateways, and jump servers can be configured to secure and monitor privileged session activity. This section describes methods for configuring proxies and gateways for various scenarios.

Before you Begin

Understand the basics of proxies supported by the system.

Proxy Type


Session proxy

This proxy type uses the SSH Tunneling method via Port forwarding between a local computer and a target asset.

Web Proxy

This proxy type is supported for securely routing web application traffic from local computers to target applications.

Jump Host

A jump server/host/box or secure administrative host is a special proxy supported with Sectona PAM and used to manage assets in a separate security zone by maintaining complete session isolation.

SSH Direct

SSH is a remote login shell that helps you to connect remote machines via an encrypted connection. An SSH tunnel consists of an encrypted tunnel created through an SSH protocol connection. An SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel.

RDP Direct

RDP direct proxy allows users to use any RDP support client like mstsc to directly logon to a device using a combination of PAM authentication credentials.

Remote Session Host

This proxy type supports RDP & SSH Over Browser sessions in a multi-site environment by using secure connection forwarding to site-specific component.

Understand how proxies are installed and managed.

Proxy type

Part of Sectona Web Access Component


Supported access types

Session Proxy



All packaged assets and access types other than web applications.

Web Session Proxy



Web Applications only

Jump Server



All access types.

SSH Direct Proxy



Supports SSH access to Unix systems

RDP Direct Proxy



Support RDP access to Windows system

Remote Session Host



RDP Over Browser, SSH over Browser.

Find more deployment instruction in Installation & Setup

  • Session proxy server and Session Proxy Server (Web) can be installed on a single server. However, two-session proxies cannot be initiated on a single server.

  • Web Session Proxy is mandatory if you have any web application assets configured.

Enabling access from HTML5 browsers

Sectona supports privileged access from any HTML5 supported browser.

RDP & SSH connections over the browsers can be initiated directly by enabling Access types RDP Over Browser and SSH Over Browser in the system.

Web Application and thick clients like SQL Management Studio must be installed on the Windows Terminal Server to be launched within HTML5 based browsers. Refer to Configuring Jump Host for more details.

Suggested Proxy Configurations: Inbuilt and Remote Session Host
To learn about, refer to Installing Remote Session Host and Configuring Remote Session Host

Enable access from Windows workstation

Sectona support privileged access from any Windows Workstation by using a Sectona Launcher.

RDP and SSH connections are supported via native clients which are downloaded over runtime from the central server.

Web application and thick clients like SQL Management Studio can be installed and launched on the same Windows workstations.

Suggested Proxy Configurations: Session Proxy, Web Session Proxy

Enabling RDP Connection from any RDP client

Sectona support RDP Connections from any RDP client without a need to logon to Sectona Web Access. Tools like Remote Desktop Connection Manager and MSTSC can be used to launch session directly.

Suggested Proxy Configurations: RDP Direct

Enabling SSH connections from any SSH client

Sectona support direct connection from any SSH clients without a need to logon to Sectona Web Access. Tools like putty can be used directly to launch SSH Session by authenticating using a specified method.

Suggested Proxy Configurations: SSH Direct

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.