-
Connect to SPS.
The SPS virtual machine acquires an IP address from your DHCP server accessible in the virtual environment. After SPS has booted up, the console displays the IP address of the SPS web interface at login prompt. To connect to SPS, use this IP address. For details, or tips if SPS cannot receive an IP address, see The initial connection to One Identity Safeguard for Privileged Sessions (SPS) in the Administration Guide.
-
Complete the Welcome Wizard as described in Configuring One Identity Safeguard for Privileged Sessions (SPS) with the Welcome Wizard in the Administration Guide. Upload the evaluation license file you have downloaded with your support portal account.
-
Configure a server: set up a host that is on the same subnet as SPS, and enable Remote Desktop (RDP) or Secure Shell (SSH) access to it.
-
Configure a connection on SPS to forward the incoming RDP or Secure Shell (SSH) connection to the host and establish a connection to the host. For more information, see Logging in to One Identity Safeguard for Privileged Sessions (SPS) and configuring the first connection.
-
Replay your session in the browser. For more information, see Replaying audit trails in your browser.
In case you have questions about SPS, or need assistance, contact your One Identity representative.
Evaluating One Identity Safeguard for Privileged Sessions in a virtual environment
Supported virtual environments for evaluating One Identity Safeguard for Privileged Sessions
Download the evaluation version of SPS
Setting up SPS and the virtual environment
Setting up One Identity Safeguard for Privileged Sessions with vSphere
Setting up One Identity Safeguard for Privileged Sessions with VirtualBox
Setting up One Identity Safeguard for Privileged Sessions with Hyper-V
Setting up One Identity Safeguard for Privileged Sessions using Kernel-based Virtual Machine (KVM)
Creating a simple scenario
General connection settings
Configuring connections: SSH
Configure an SSH connection with fixed destination IP
Server-side (only) password authentication
Permitting or denying access to SSH channels
Authorizing and monitoring a connection personally in real-time
Inband destination selection
Gateway authentication
Configuring connections: RDP
Password-based gateway (local) + password-based server-side authentication from credential store
Public key-based gateway + password-based server-side authentication from credential store
Configuring an advanced channel policy for SSH
Group-based auditing
Integration with ticketing systems
Configure an RDP connection with fixed destination IP
Inband destination selection with Remote Desktop Gateway
Real-time content monitoring with Content Policies
Indexing service
Creating a simple scenario
General connection settings
General connection settings
SPS supports transparent and non-transparent proxy operation modes to make deployments in existing network infrastructures as easy as possible. SPS will automatically handle non-transparent and transparent connections simultaneously.
Modes of operation
The following operation modes are possible:
-
Non-transparent proxy operation: This guide will focus on this operation mode.
-
Transparent mode: If you configure SPS proxies in transparent mode, the client usually addresses the target server directly. Therefore, you have to configure the connection policies in SPS accordingly. For more information, see Transparent mode in the Administration Guide.
-
Single-interface transparent mode: For more information, see Single-interface transparent mode in the Administration Guide.
Non-transparent proxy operation
This guide focuses on non-transparent proxy operation, which is the easiest to implement. In this configuration, clients connect to a server through SPS. That is, end-users address SPS explicitly, which then forwards connections to target systems based on various parameters depending on what destination selection method you select.
Figure 1: SPS in non-transparent mode
For an illustration of what happens when a client connects a server through SPS and how the different configuration options and policies of SPS affect this process, see:
-
Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) using SSH in the Administration Guide
-
Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) using RDP in the Administration Guide
Configuring the destination selection method
To configure the destination selection method, navigate to for example Traffic Controls > SSH > Connections (or the respective protocol control that you want to configure), and in the Target section, select the preferred method:
-
Use the original target address of the client: Connect to the IP address targeted by the client. This is the default behavior in transparent mode.
-
NAT destination address: Perform a network address translation on the target address.
-
Use fixed address: The connection will connect always to this address, redirecting the clients to the server.
-
Inband destination selection: Extract the address of the server from the username.
For details, see Modifying the destination address in the Administration Guide.