Click Studios introduced the Browser Based Remote Session Launcher back in Passwordstate 8.2 – Build 8275 (March 2018). When combined with our Remote Site Locations module customers have the ability to use our first-in-class Browser Based Remote Access solution, over RDP and SSH, to connect to machines located on a remote network.
The primary functionality provided by the Remote Site Locations Module, is to allow your existing Passwordstate Instance provide Privileged Account Management (PAM), for networks firewalled on either your internal network or over the Internet.
However, when using the Remote Site Locations module with the Browser Based Remote Session Launcher, customers have the ability to establish RDP and SSH sessions to systems hosted on the remote network. This offers a significant advantage for larger customers and Managed Service Providers, in that it provides a zero-additional-cost remote access solution, for connecting to remote hosts with full auditing, session recording and requires no client agent deployments.
Requirements and Architecture
As outlined above your Passwordstate instance will require the Remote Site Locations module with a current subscription for the number of remote sites that you wish to manage. Pricing for the Remote Site Locations modules can be found here. Please ensure you contact sales@clickstudios.com.au to ensure your price for the subscription is co-termed with your existing Annual Support and Upgrade Protection expiry date.
The architecture required for deployments is straightforward. In the example below we have a fictitious customer with a requirement for PAM on a remote firewalled network, with access to that network via the internet. In this example they already have a Passwordstate Instance and would require;
- A Remote Site Locations module subscription for 1 site, co-termed to their Passwordstate Annual Support and Upgrade Protection expiry date,
- Installation of the Remote Site Locations agent on a server at the remote site,
- Installation of the Browser Based Gateway on the same server as the Remote Site Locations agent,
- A functioning external DNS record which can redirect traffic to the Remote Site firewall,
- One open port on the firewall and ability to forward HTTPS traffic to the Server that has the Remote Site Locations agent and Browser Based Gateway installed on it.
In the diagram below we have installed both the Remote Site Locations agent and the Browser Based Gateway at the remote site, opened up a single port 7273 on the remote firewall to enable communication between the Passwordstate Instance and the Remote Site Agent.
Full instructions for the installation of both the Remote Site Agent and the Browser Based Gateway can be found in the Passwordstate Remote Site Agent Manual located here.
Benefits
The Browser Based Remote Session Launcher is not intended to be a feature for feature competitor with the likes of TeamViewer, AnyDesk or LogMeIn. Rather it is functionality that is included within the Passwordstate Core and Remote Site Locations offerings.
By using the solution outlined above, you can achieve the following benefits and potential cost savings;
- Remote hosts do not require to have an agent installed on them,
- Encryption of traffic, between your Passwordstate Instance and the Remote Site agent, using advanced InTransit Encryption keys (no possibility of a data breach),
- Secure RDP and SSH sessions to any host located on the remote network,
- Only one port is required to be opened on the remote firewall, restricted to traffic between the Passwordstate Instance and the Remote Site agent’s IP addresses,
- Native integration between the PAM functionality provided by Passwordstate and this Remote Access Solution e.g. control who can access what remote systems, audit these accesses, restrict and even hide the password credentials for the remote systems etc.,
- Retain full control over the use of remote access and the required remote system credentials,
- Full auditing on who launched a Remote Session, to which Host, from what IP Address, and using which specific authentication credentials,
- Session recording and playback to enable investigation into any suspicious activity during remote access,
- Make potentially substantial savings by removing the cost of your existing Remote Access solution.
It should be pointed out that this functionality is intended for System Administrators managing remote systems. The solution does not provide Screen Sharing, so it is not suitable for situations where you are either watching or showing end users how to use end devices or applications.
As always, your feedback is welcome via support@clickstudios.com.au