지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard Remote Access Hosted - Administration Guide

Introduction

Intended audience

For Administrators, the Administration Guide contains information about how to set up One Identity Safeguard Remote Access (SRA) in One Identity Starling and how to integrate with One Identity Safeguard for Privileged Sessions (SPS).

For Users, the Administration Guide describes the usage and features of SRA .

Overview

SRA is a Cloud Software as a Service (SaaS) that provides a client-less, browser-based secure terminal access to servers via integration with the SPS product.

Figure 1: SRA architecture overview

Prerequisites

To use One Identity Safeguard Remote Access (SRA), you must meet the following prerequisites:

  • One Identity Safeguard for Privileged Sessions (SPS) version 6.9.0 or later is installed. Basic network configuration is completed, and the web administrative interface is available.

  • One Identity Safeguard for Privileged Sessions (SPS) version 6.11.0 or later is installed, if SRA is intended to be used in a SPS cluster environment.

  • A SPS Authentication and Authorization (AA) plugin is selected. For more information, see Using plugins.

  • Administrator role under the SRA product in One Identity Starling.

Limitations

This section introduces the limitations of One Identity Safeguard Remote Access (SRA).

Security-related limitations:
  • The end-user is not required to periodically re-authenticate to a running session. Once the end-user logged in to a terminal session, they stay logged in to SRA.

  • The bandwidth usage of terminal connections is not limited.

Functionality-related limitations:
  • Use Chrome-based browsers for the best user experience. Other browsers are supported on a best effort basis.

  • Only SSH and RDP protocols are fully supported, VNC and Telnet are only supported on a best effort basis.

  • No RDP gateway is supported, SRA itself acts as the gateway.

  • No RDP remote application or SCP over SSH is supported at this time.

  • Only fixed and inband destination selection defined in One Identity Safeguard for Privileged Sessions (SPS) will be picked up by SRA.

  • SPS nodes are not monitored. If SPS fails or unjoined from One Identity Starling, then the related target connections remain visible on SRA.

  • No Copy & Paste support in terminal sessions.

  • The server-side resolution in terminal sessions cannot be changed.

  • Inband target servers provided by the end user are currently not supported, only preset inband targets.

  • Some browser keyword shortcuts are not forwarded to the terminal session, such as Ctrl-T, Ctrl-Shift-N.

  • For Apple users, copy-pasting text in an active remote session with Cmd+C and Cmd+V keyboard shortcuts does not work. Use (Copy to clipboard) and (Paste) on the session window's control panel to copy-paste text to/from the server.

Getting started

This section and its subsections describe how to set up One Identity Safeguard Remote Access (SRA) from an Administrator point of view.

Before you can start using SRA, first you have to create a One Identity Starling account. After that, you must access One Identity Safeguard for Privileged Sessions (SPS) to perform preliminary configurations, for example, configuring the authentication and authorization plugin, creating local credential stores, setting up connection and usermapping policies and so on.

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택