Service Architecture Overview
Sectona Privileged Access Management (PAM) system is built on service-based architecture leveraging Internet Information Services (IIS) as a web server and supporting embedded or Microsoft SQL as a vault access option.
Enterprise edition is equivalent to embedded vaulting and Enterprise Plus allows external RDBMS vault deployments. All services or modules can be activated based on your licenses and additional modules must be activated for actual configuration.
With no options for native operating system dependent services, the web interface allows you to manage services within the solution. For more information on managing services, you may refer to documentation in the section Monitoring System Health & Service Status
Component Characteristics
Sectona PAM platform is a self-contained system based on .NET framework and related technologies. Sectona PAM platform uses the IIS web server and supports both embedded and external RDBMS to store passwords and configuration data. Multiple components of the system include:
Build Components
Component Name | Description | Built-In Web Access | Support for Distributed Setup |
|---|---|---|---|
Sectona Web Access | Web-based interface for the users and administrator to communicate with the vault and leverage system services. | - | - |
Vault Storage Host | Secure, encrypted, tamper-proof storage for passwords, certificates, and keys. | - | Yes |
Sectona Jump Host | Performs hardening of the hosts, enables communication with the vault, single sign-on, and session recording. | - | Yes |
Sectona Vault Session Proxy Host
| Provides gateway and proxy services for common protocols, web applications, and clients to communicate from client to target machine. This also enables a password at the proxy layer when web server does not have direct connectivity from web application. | Yes | Yes |
RDP Direct Proxy | Provides gateway and proxy services for RDP access when accessed directly using native RDP clients. | Yes | Planned |
Sectona Remote Access Publisher | It is an independent install-able component that receives requests from specified TCP Port to actual TCP Port | - | Yes |
Sectona Satellite Vault | It is an external component built to offer alternate access to passwords in case of failure, breakdown or inaccessibility of the vault | - | Yes |
Sectona File Synchronization | Provides sync services for object-level video log files between two servers. | - | Yes |
Sectona Vault API Extension | Allows communication with the vault via APIs | - | Yes |
Sectona Windows Credential Provider | Allows login to RDP Session via Sectona OTP | - | Yes |
Client Components
Component Name | Description |
|---|---|
Sectona Launcher | Independent component which communicates with the vault enables session recording and single sign-on services on the local machine. |
Sectona Client App | Independent component which communicates with the vault and multi-tabbed browsing experience for RDP & SSH access. |
Sectona Server Privilege Control | Enables monitoring of granular access in a privileged session initiated through Sectona Web Access. |
This illustration shows the key components in a typical deployment and inter dependencies within the system.
Sectona Privileged Access Management (PAM) system is built on service-based architecture leveraging Internet Information Services (IIS) as a web server and supporting embedded or Microsoft SQL as a vault access option.
Enterprise edition is equivalent to embedded vaulting and Enterprise Plus allows external RDBMS vault deployments. All services or modules can be activated based on your licenses and additional modules must be activated for actual configuration.
With no options for native operating system dependent services, the web interface allows you to manage services within the solution. For more information on managing services, you may refer to documentation in the section Monitoring System Health & Service Status