Imprivata Privileged Access Management Product Update 2.3.202011012311
November 1, 2020
PAM Update: Added custom banners for SSH Proxy and flexibility to ports and jump hosts selection in complex distributed deployment scenarios
This update adds custom banners for SSH Proxy and more flexibility to ports and jumps hosts selection in complex distributed deployment scenarios.
Added flexibility to ports and jump hosts selection in complex distributed deployment scenarios
The update added the option to define a custom port for remote Native Session Manager in the proximity groups.
PAM uses remote session managers to provide access to isolated networks for WEB sessions as well as sessions established using native clients such as PuTTY, mstsc, WinSCP and others.
While remote WEB session manager allowed flexible port selection for a while, this update brings custom port selection for the session manager for native clients too instead of mandating all remote session managers to share the same port with the one on the master node.
The option enables multi-site distributed deployment with the Transparent Perimeter option providing access to native clients.
The option also allows sharing Native Session Manager (as much as WEB Session Managers before) between multiple independent master nodes.
The update added the option to select a reverse jump host for the Transparent Perimeter deployment option to be different from the master node itself.
The option allows increasing the security of the master cluster by hosting a reverse jump host in DMZ to avoid exposure of the master nodes to external SSH traffic.
The option also allows to offload reverse tunnel from the master node that might not allow SSH tunnelling.
Added the option to customize the SSH Proxy banner
The update added SSH Proxy banner customization using global parameter SSH Proxy Banned (service restart required).
The option allows adding a message of the day or a legal disclaimer during login to the PAM SSH Proxy and Proxy Shell.
Added user name based place-holders for dynamic credential resolution
The update added more options for dynamic credential resolution, this time based on the first and last name of the currently logged in user in addition to just the login name itself.
Record owners can now use $first-name and $last-name place-holders in the search criteria for dynamic record resolution in the User field of the main record.
The option allows more flexible mapping between personal and privileged accounts as well as complex rules for Red Forest implementations to protect privileged assets.