Servers

Windows

For installing Axidian Privilege components, servers on Windows OS must:

• access one DNS server;
• be in the same domain and network;
• have the WinRM service running;
• have a hostname that matches the DNS name of the server, in lowercase and FQDN format.
  Example: pam.my-company.local.

For hardware and software requirements, as well as networking for servers, see the System Requirements section.

Starting the WinRM Service

To perform service operations on management and access servers, start the WinRM service.

To start the service:

1. Run PowerShell as administrator.

2. Execute the command:

   Enable-PSRemoting –Force

The command sets standard WinRM settings, changes the service startup type to automatic, and allows incoming network connections through Windows Firewall to ports 5985 and 5986.

Configuring the RDS Access Server

PAM users can open Web/Desktop sessions through the RDS access server. The connection is implemented using Microsoft Remote Desktop Services. When a user connects to the RDS access server, the Axidian Privilege application launches. The application checks user permissions, authenticates them, and logs the session. Applications are launched in RemoteApp mode.

To prepare the server for operation, enable the WinRM service, deploy the RDS role, and configure the firewall.

Before deploying a server with the RDS role, make sure that:

• no group policies related to remote access are applied to it;
• it does not have any of the RDS role components (RDCB, RDG, RDL, RDSH, RDVH, RDWA).

Deploying the Remote Desktop Services role

1. Open Server Manager and in the Manage menu select Add Roles and Features.
2. Select the Remote Desktop Services Installation type and click Next.
3. Select the Standard deployment type and click Next.
4. Select the Session-based desktop deployment type and click Next.
5. Skip the Role Services step and click Next.
6. Select the current server name on the RD Connection Broker, RD Web Access,  RD Session Host and click Next.
7. Select the Restart the destination server automatically if required option and click Deploy.
8. After reboot, open Server Manager and wait for the process to complete.

Configuring a firewall rule

1. Go to the Local server tab and click on the Windows Defender Firewall parameter value.
2. Go to the Firewall & network protection window and click Advanced settings.
3. Go to the Windows Defender Firewall with Advanced Security window and open the Inbound Rules tab.
4. Click New Rule and configure the settings:
   1. Select the Port rule type and click Next.
   2. Specify the port in the Specific local ports field:
      • 5985 — for connections via HTTP
      • 5986 — for connections via HTTPS
   3. Select the Allow the connection option and click Next.
   4. Select all profiles and click Next.
   5. Enter the rule name in the Name field and click Finish.

Linux

To install Axidian Privilege components, servers on Linux OS must:

• access one DNS server;
• be in the same domain and network;
• have a hostname that matches the DNS name of the server, in lowercase and FQDN format.
  Example: pam.my-company.local.

For hardware and software requirements, as well as networking for servers, see the System requirements section.