Configuring Landing Servers for Data Center Remote Access

Typically, data centers limit direct access to remote devices via SSH, Telnet, and RDP connections. Hence, data center admins working remotely first connect to a landing server and then hop to the target system. Admins can decide on whether to take a single hop (for RDP) or multiple hops before connecting to the target devices. At each step of the remote access process - from the initial landing server to each subsequent hop and the target device, the Admin must provide the username and password, as well as know the IP address of the landing server.

PAM360 has simplified this entire data center remote access management. Use PAM360 to effectively launch direct connections (TELNET, SSH, RDP, SFTP) to access IT equipment in the data center, overcoming access barriers created by network segmentation, while adhering to data center access protocols. PAM360 also supports full password management for those remote devices.

First, configure any number of landing servers, to remotely access the IT equipment in your data centers. Next, associate the landing servers with the resources managed by PAM360. Once the configuration is complete, you will be able to launch direct connections with the remote resources through a single click, without worrying about the intermediate hop(s). PAM360 takes care of automatically establishing the connection with the landing server(s) and finally with the remote resources.

Supported Connection Types

PAM360 supports configuring landing servers for the following types of connections:

  1. SSH
  2. Telnet
  3. RDP
  4. SFTP

Notes:

  1. If the configured landing server only uses an RDP connection for accessing the data center i.e, the landing server is a Windows Domain server, install and configure the ME_AMP_REMOTEAPP program in the landing server endpoint for the optimal remote connection to the data center.
  2. RDP is applicable from PAM360 build 5000 only. Similarly, SFTP is applicable from PAM360 build 6530 only.

At the end of this document, you will have learned the following topics:

1. Adding the Landing Servers as Resources

Basically, Landing servers are also resources in PAM360. Remote access to data centers starts with establishing a connection with the landing servers. So, the first step is to add the required landing servers as resources in PAM360 through the usual resource addition process. Landing servers typically have primary and secondary setups. All you need to do is to add both primary and secondary servers as resources in PAM360.

2. Creating Identities for Landing Servers

After adding the required landing servers as resources in PAM360, you need to establish an identity for each landing server. Do this by providing a name for each landing server.

  1. Navigate to Admin >> Connections >> Landing Servers.
  2. Click Add Landing Server available on the top-left corner.
  3. In the pop-up form that opens,
    1. Enter a name for the landing server. This will help you uniquely identify it.
    2. Enter other details like Location, descriptive Notes.
    3. If you have primary and secondary instances for your landing server, select the respective resources from the dropdown (the resources that were added by you in step 1 above).
    4. Also, select the account that is used to login to the landing server.
  4. Click Save.

Repeat the above steps and create identities for as many landing server as needed.

3. Associating Resources with Landing Servers

After adding the landing servers, you need to associate resources with the respective landing servers. This is a crucial step as this is where you are connecting the resources with the landing servers. You will also be defining the direct connection launching path.

For example, assume that you want to connect to your corporate mail server, which runs on a Linux host in the database and you need to hop to 'Landing Server A' first. Now, you will have to associate the mail server with Landing Server A.

Associate as many resources with a landing server as needed - different resources have different landing servers and different connecting paths. Quite often, there could be multiple landing servers(or multiple hops) to connect to a resource. In that case, you should be associating resources as explained below:

3.1 Example Use Case Scenario

Assume the following landing server configuration setup:

PAM360 Server >> Landing Server 1 >> Landing Server 2 >> Proxy Server in Data Center

  1. To connect to your proxy server in data center from PAM360, first you need to connect to Landing Server 1, then to Landing Server 2, and finally to the actual resource, i.e., the Proxy Server in Data Center.
  2. Associate the landing servers and the Proxy Server with the resources in PAM360 using the steps below:
    1. Navigate to  Admin >> Connections >> Landing Servers.
    2. Click the 'Configure Resources to use this Landing Server' icon under the 'Actions' dropdown against the respective landing server.
    3. In the window that opens, select the required resources/connections.
    4. Click 'Associate Connections'.
    Now, all the three entities - landing server 1, landing server 2 and the proxy server are resources in PAM360.
  3. First, associate the Landing Server 1 with the Landing Server 2, and then Landing Server 2 with the Proxy Server.

Once you establish the association this way, PAM360 will take care of finding the connection path automatically and establish a direct connection with the resource.

3.2 Providing landing server details during resource addition:

If you have added the landing servers and created identities for them using step 2 and 3 above, the association (step 3) can be done during the resource addition process, where you need to select the Resource Type as the landing server. Alternatively, you can associate the landing servers with the resources by editing them.

Top