Components
Management Server
The Management Server is the main component of Axidian Privilege, which manages the operation of all components and performs the following tasks:
- Centralized management of all data in PAM.
- Encryption of critical data in the database, such as privileged user passwords.
- Monitoring of all actions and their recording in the audit log.
- Scheduled tasks, such as discovering new accounts on a resource or SSH key rotation.
Axidian Privilege Core
The central component of the Management Server that controls all Axidian Privilege objects.
The component performs the following tasks:
- Management of accounts, resources, and domains.
- Granting of permissions and revocation of access rights
- Launching and monitoring sessions.
- Policy enforcement.
- PAM audit and event logging.
- Background operations, such as domain synchronization or resource access verification.
Component composition and execution environment
| Infrastructure | Windows | Linux |
|---|---|---|
| Execution environment | Windows Server 2016–2022 | Docker |
| Web server | Internet Information Services (IIS) | Nginx |
| Web application | core | core |
Axidian Privilege IdP
IdP (Identity Provider) — the authentication center for Axidian Privilege users and components. The component performs the following tasks:
- User authentication when accessing PAM, including two-factor authentication.
- Authentication of Axidian Privilege components.
- Application authentication using the API.
Component composition and execution environment
| Infrastructure | Windows | Linux |
|---|---|---|
| Execution environment | Windows Server 2016–2022 | Docker |
| Web server | Internet Information Services (IIS) | Nginx |
| Web application | idp | idp |
Axidian Privilege Management Console
A web application for managing Axidian Privilege. In the administration console, you can configure access to resources, grant permissions for opening sessions, export logs, or view statistics. For more information about working in the console, see the Administrator's Guide.
Component composition and execution environment
| Infrastructure | Windows | Linux |
|---|---|---|
| Execution environment | Windows Server 2016–2022 | Docker |
| Web server | Internet Information Services (IIS) | Nginx |
| Web application | mc | mc |
Axidian Privilege User Console
A web application for accessing protected objects in Axidian Privilege. Through the user console, you can connect to a resource and open a session in accordance with the permission granted. For more information about working in the console, see the User Guide.
Component composition and execution environment
| Infrastructure | Windows | Linux |
|---|---|---|
| Execution environment | Windows Server 2016–2022 | Docker |
| Web server | Internet Information Services (IIS) | Nginx |
| Web application | uc | uc |
Axidian Log Server
A Management Server component responsible for collecting, processing, and storing events.
Component composition and execution environment
| Infrastructure | Windows | Linux |
|---|---|---|
| Execution environment | Windows Server 2016–2022 | Docker |
| Web server | Internet Information Services (IIS) | Nginx |
| Web application | ls | ls |
Access Server
The Access Server is a link between the user and the target resource to which access needs to be granted. Resources can be servers, databases, websites, or applications.
When a user opens a session, for example by executing a copied SSH command in a terminal to connect to a resource, authentication in PAM occurs. The Access Server then verifies the user's permissions and, if authorized, provides access to the target resource.
Axidian Privilege Gateway
A set of applications and clients that provide access to Windows resources using RDP/SSH/Telnet protocols in RemoteApp mode. The component records video of the session and saves its artifacts: text logs, screenshots, and transferred files.
The component is automatically deployed to the RDS Access Server during PAM installation. The server requires deployment of the Remote Desktop Services role.
Component composition and execution environment
Execution environment: Windows Server 2016–2022
Composition:
- ProxyApp.exe application
- File system driver Pam.FsFilter
- Service for Pam.FsFilter interaction Pam.Service
- Modified SSH client Putty.exe
- Extension for mstsc.exe
- Set of FFmpeg utilities and libraries
- Process launch control module Pam.Proxy.ProcessCreateHook
Axidian Privilege RDP Proxy
A proxy server that provides access to Linux resources using the RDP protocol without exposing privileged account credentials. The component records video of the session and saves its artifacts: text logs, screenshots, and transferred files.
The component is automatically deployed to the RDP Access Server during PAM installation and requires no additional configuration.
Component composition and execution environment
Execution environment: Linux
Composition: Docker container pam-rdp-proxy
Axidian Privilege SSH Proxy
A proxy server that provides access to resources using SSH, SCP, and SFTP protocols. The component saves text session logs and transferred files.
The component is automatically deployed to the SSH Access Server during PAM installation and supports various SSH clients.
Component composition and execution environment
Execution environment: Linux
Composition: Docker container pam-ssh-proxy
Axidian Privilege PostgreSQL Proxy
A proxy server that controls access to PostgreSQL databases. The component simplifies connection to PostgreSQL, provides users access without exposing privileged account credentials, and maintains text logging of SQL sessions. The component supports various database management clients.
PostgreSQL Proxy is automatically deployed to the PostgreSQL Access Server during PAM installation.
For information on how to configure the component and open SQL sessions, see Usage of PostgreSQL and MSSQL Proxy.
Component composition and execution environment
Execution environment: Linux
Composition: Docker container pam-sql-proxy
Axidian ESSO Agent and Axidian Admin Pack
A set of components for automatic form filling in authentication forms for web resources and applications. The components are installed on the RDS Access Server and automatically populate user credentials during a session opened in RemoteApp mode.
Component composition and execution environment
Execution environment: Windows Server 2016–2022
Composition:
- Set of applications, services, and tools for interacting with authentication forms and Axidian Privilege components
- Extensions for browsers Internet Explorer, Google Chrome, Microsoft EDGE
Additional Components
Axidian Privilege Agent
A component for text logging of RDP sessions. The log contains records of active window changes, application and process launches, as well as keyboard input data.
For information on how to install and configure PAM Agent, see Additional Components Setup.
Component composition and execution environment
Execution environment:
- Windows Server 2012R2–2022
- Windows XP SP3 x64
- Windows 7 x64 and higher
Composition:
- Service Pam.Proxy.WindowsAgentService
- Application Pam.Proxy.WindowsAgent
Axidian PamSU
A component that allows PAM users to execute commands with administrator privileges. When connecting to a resource, the PAM account password is requested instead of the local user password under which the session is opened.
Instead of sudo, the pamsu command is used.
For information on how to install and configure PamSU, see Additional Components Setup.
Component composition and Linux distributions supporting PamSU
Composition: Installation package in .deb or .rpm format
Linux distributions:
- CentOS 7 and higher
- Oracle Linux 7.9 and higher
- Rocky Linux 8.8 and higher
- Debian 10 and higher
- Ubuntu 18 LTS and higher
- Red Hat Enterprise Linux (RHEL) 6 and higher
Axidian Privilege Desktop Console
A client application that allows you to connect through Axidian Privilege to target resources using SSH and RDP protocols. The component is installed on the user's workstation.
For information on how to configure Desktop Console, see Additional Components Setup.
Component composition
Multi-protocol remote connection manager mRemoteNG.exe