Passwordstate has flexible Privileged Account Management functionality included in the core product. This means it is available for customers with Client Access Licenses (support for up to 199 users per instance), Enterprise Licenses (unlimited number of users per instance) and Global Licenses (unlimited number of Enterprise Licenses).
With Privileged Account Management you can perform on-demand or scheduled Passwords Resets, on-demand or scheduled Heartbeat Validations (check the accuracy of account name and password) in your environments, and discover the account types on your network. All this is based on networks, their AD infrastructure and devices being accessible to Passwordstate. This can pose a challenge when you’re dealing with discreate or firewalled networks and remote sites accessible over the internet.
What Are Remote Site Locations?
The Remote Site Locations module is a subscription based offering from Click Studios. It enables Passwordstate to reach out to those discreate or firewalled networks, and remote sites accessible over the internet, and manage your accounts on those networks. It does this through the use of an agent, installed on the remote network, which acts as its proxy (authorized to act on behalf of Passwordstate) on that network.
This allows Passwordstate to send to each remote agent, the tasks that need to be run on the remote network. The agent runs these tasks and reports the details back to Passwordstate. All that is required for this to occur is an open port on the firewall of the remote site. This can be locked down to the IP address of your Passwordstate instance and the traffic between the remote agent and your Passwordstate instance uses independent In-Transit encryption.
You can obtain more details on how to install the Remote Site agents here https://www.clickstudios.com.au/downloads/version9/Passwordstate_Agent_Manual.pdf. Once you’ve installed the agents, and are starting to build up a list of the hosts, accounts and passwords used on these remote sites, you’ll want to ensure the information is tagged to each of the Remote Sites.
What Can Be Associated With A Remote Site Location?
There are multiple objects and associated records that can be linked to a Remote Site Location. This is referred to as “tagging” in our documentation. The following are the items can all be tagged with the Remote Site Location name,
- a Domain,
- a Privileged Account Credential,
- a Host record,
- a Folder (Password and Hosts Tab),
- a Password List,
- a Discovery Job (Host and Account).
- a Scheduled Report (not shown in this blog),
- a Security Group (not shown in this blog),
- a User Account (not shown in this blog).
Tagging an Active Directory Domain with a Remote Site Location: This can be done by navigating to Administration->Active Directory Domains, editing the required entry in your display grid and selecting the proper Site Location from the drop down list. In the example below we’ve selected the SandDomain Site Location,
Tagging a Privileged Account Credential with a Remote Site Location: This can be done by navigating to Administration->Privileged Account Credentials, editing the required entry in your display grid and selecting the proper Site Location from the drop down list. In the example below we’ve again selected the SandDomain Site Location,
Tagging a Host Record with a Remote Site Location: This is performed by navigating to Hosts, selecting the appropriate host from the folder hierarchy shown on the left hand side and then clicking on Edit Host Properties on the right hand side. Again, you can select the correct Site Location from the drop down list,
Tagging a Folder with a Remote Site Location: This is performed by navigating to Passwords or Hosts, selecting the appropriate Folder, right clicking and selecting Edit Properties. Then you can select the correct Site Location from the drop down list.
Please be aware, when you tag a Site Location to a Folder,
- all objects within the Folder will also be tagged to the same Site Location, and,
- You can tag any object that has a Site Location of Internal to another Site Location. However, you cannot tag any other named Site Location to another Site Location name or back to Internal.
Tagging a Password List with a Remote Site Location: This happens automatically when you add a Password List to a Folder that has already been tagged with a Remote Site Location Name.
Tagging a Discovery Jobs with a Remote Site Location: As an example, this is performed by navigating to Tools->Account Discovery and selecting the Discovery Job you want to tag. Click on the Job Name to edit the job,
Then select the appropriate Site Location, again SandDomain in our example, from the drop down list,
With all these examples you’ll obviously need to save the settings, where required, by clicking Save on the bottom right of the screen.
It is a straightforward process to tag your objects in Passwordstate and maintain the relationship between the Site Location and the data that applies to that Remote Site.
If you’d like to share your feedback please send it through to support@clickstudios.com.au.