Privileged Task Automation in Real-Time Operations

6 minutes to read

In today’s fast-paced IT landscape, system administrators play a crucial role in maintaining security and operational efficiency. Their responsibilities include applying system updates, managing firewall rules, enforcing access control policies, provisioning temporary access for vendors, and performing routine system backups. Traditionally, these tasks rely on manual processes, which can be time-consuming, increase workload, and introduce the risk of human error and inconsistencies.

To overcome these challenges, organizations need an automated, secure, and well-structured approach to executing privileged tasks. PAM360’s Privileged Task Automation (PTA) addresses this need by eliminating the need for direct credential handling while automating critical administrative tasks with security and precision.

By leveraging Qntrl Circuits using a Bridge, PAM360 enables IT teams to execute privileged tasks in a controlled, auditable, and efficient manner. The following sample use case demonstrates how organizations can leverage PAM360’s PTA to automate tasks, streamline operations, strengthen security, and ensure compliance in today’s evolving IT landscape.

Use Case: Automating Regular Backup of Linux Servers

Scenario

An organization with a large workforce relies on multiple privileged Linux servers to support different teams and departments. These servers host critical applications and databases, making regular data backups essential for business continuity, disaster recovery, and regulatory compliance.

Organizational Requirements

The IT team must ensure that backup scripts are executed consistently across multiple servers. However, manually running these scripts is time-consuming, prone to human errors, and increases administrative workload. Additionally, the IT team does not want to share the privileged accounts with other users for the backup process to ensure the resources are secure. Automating this process will help:

  • Reduce inconsistencies and operational delays.
  • Minimize human intervention and errors.
  • Ensure secure, reliable, and auditable backups.
  • Prevent direct access to privileged accounts, enhancing security.

Solution: How PAM360 Addresses This Challenge

PAM360 streamlines the backup process by leveraging its SSH Engine, a privileged task available in PTA, ensuring that backup scripts run automatically and securely without manual intervention.

Step 1: Adding Linux resources and accounts to PAM360

The first step is to add the Linux resources (the devices involved in the backup process) to the PAM360 application. For more details on adding resources and accounts in the PAM360 application, refer to this document.

Step 2: Creating a Privileged Process using PTA

Prerequisites:

  1. Ensure that the PTA configuration in PAM360 is complete before proceeding. Click here for detailed configuration instructions.
  2. Install the Bridge on the required devices within the network so that it can access the target endpoints.
  3. Create a Linux backup script and have it ready as you need to add it in Scripts for the privileged process to be created.
  1. Open the circuit builder in PAM360's PTA to create a privileged process.
  2. To create the workflow, drag and drop the SSH Engine and File Transfer tasks from the left-side pane. As illustrated in the image, the Parallel state from the Flow Controls section is used to execute these tasks concurrently.
    For each task, configure the necessary settings in the Configuration tab on the right-side pane. This includes mapping the relevant bridge, resource type (e.g., Linux), specific resources (Linux Machine 1 and Linux Machine 2 in the image), and the appropriate account credentials.
    The example shown in the image demonstrates a backup process where:
    1. 'Linux Backup 1' and 'Linux Backup 2' (SSH Engine tasks) initiate backups on two separate Linux machines simultaneously.
    2. A Wait state is used to introduce a delay (10 minutes for Linux Backup 1, 5 minutes for Linux Backup 2) before proceeding to the file transfer.
    3. 'File Transfer 1' and 'File Transfer 2' tasks transfer the resulting backup files to their respective destination folders.
    This workflow leverages the Parallel state to optimize execution time by running the backup and file transfer operations concurrently.

    Note: For detailed information about the SSH Engine task and its configurations, refer to this document. Similarly, for information about the File Transfer task, refer to this document.

  3. After creating the privileged process for Linux backup, navigate to Scripts and Bridges >> Scripts. Click Add and add the backup script to the privileged process.
  4. To initiate the Linux backup privileged process, navigate to the Processes tab and click Execute. Alternatively, you can delegate execution to other PAM360 users by selecting Share with Users from the Actions dropdown and enabling the Grant option for the desired users.
  5. To schedule the Linux backup process for later execution, navigate to the Schedules tab and click Add Schedule. In the dialog box that appears, select the process name and other attributes for the schedule. You can either schedule the backup process execution for monthly or daily as per your organization requirements.

Automated Backup Workflow

  1. A privileged process in PAM360 triggers the backup script on target Linux servers via SSH.
  2. The script executes predefined commands to generate backups and securely transfer them to a designated storage location.
  3. PAM360 logs each backup execution, maintaining visibility, audit readiness, and compliance.

With the automated backup workflow, organizations can achieve secure, consistent, and efficient backups across multiple Linux servers, significantly eliminating the need to share access to privileged accounts and reducing manual effort while enhancing security and reliability.



"Stay tuned for more real-time operations using PAM360 Privileged Task Automation"
Top
Back to Top