Professional Documents
Culture Documents
WCA
SESSION MANAGER
WALLIX products : WALLIX PAM Bastion features
• Single Sign-On
• Access policies
Session • Session recording
• Pattern detection
Audit-Risk Manager
Compliance
APPLIANCES
PASSWORD WAB
LINUX/UNIX SERVERS
Privileged
Users SESSION Cloud
MANAGER Availability
Access VAULT APPLICATIONS
WINDOWS SERVERS
Manager WEB CONSOLES
Third
parties
SIEM
• Access policies Logs management
User/primary account
Accounts
mappings
Interactive User/primary
accounts accounts
Interactive
login
© Copyright WALLIX 7
Interactive login
© Copyright WALLIX 8
Global concepts
Authorization
SSH, TELNET
Primary Vmware
SSH
accounts client
FTP
SSH startup scenario
client
© Copyright WALLIX 9
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 10
QUESTIONS?
MANAGE USER/PRIMARY ACCOUNT WITH
LOCAL AUTHENTICATION
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 13
Types of user/primary account group
© Copyright WALLIX 15
Manage a user/primary account group
© Copyright WALLIX 16
Manage a user/primary account group
© Copyright WALLIX 17
Manage a user/primary account group
Delete
© Copyright WALLIX 18
QUESTIONS?
MANAGE PRIMARY USER GROUP
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 21
Manage a user/primary account group
▪ Add a user/primary
account group
© Copyright WALLIX 22
Manage a user/primary account group
© Copyright WALLIX 23
Manage a user/primary account group
Delete a group
© Copyright WALLIX 24
Manage a user/primary account group
© Copyright WALLIX 25
QUESTIONS?
MANAGE DEVICES
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 28
Manage a device
© Copyright WALLIX 29
Manage a device
© Copyright WALLIX 30
Manage a device
▪ Delete devices
Delete a
device
© Copyright WALLIX 31
QUESTIONS?
MANAGE SECONDARY/TARGET ACCOUNT :
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 34
TYPES OF SECONDARY/TARGET ACCOUNT
Device account
• Linked to a device
Application account
• Linked to an Application
Local domains
Device1
Application1
Device1-LocalDomain1
Application1-LocalDomain1
Device1-LocalDomain2
Application1-LocalDomain2
Device1-LocalDomain3
Why ?
• Every local domain can have a different password change policy
© Copyright WALLIX 36
ADD SECONDARY/TARGET ACCOUNT - DEVICE ACCOUNT
© Copyright WALLIX 37
Manage a secondary account
© Copyright WALLIX 38
Manage a secondary account
© Copyright WALLIX 39
QUESTIONS?
ADD target GROUP
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 42
Manage a target group
© Copyright WALLIX 43
Manage a target group
Account
Account mapping
Interactive login
userbastion1
RDP: adminwindows1
SSH: adminlinux1
© Copyright WALLIX 44
QUESTIONS?
MANAGE AN AUTHORIZATION
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 47
Manage an authorization
Add an authorization
© Copyright WALLIX 48
Manage an authorization
Start/stop session
recording
Authorize/deny password
checkout
Start/stop approval
workflow
© Copyright WALLIX 49
Manage an authorization
Manage authorizations
Delete a group
© Copyright WALLIX 50
Global concepts
▪ Steps:
1. Add a user/primary account
6. Add authorization
© Copyright WALLIX 51
QUESTIONS?
MANAGE A CHECKOUT POLICY
Demo 2- Check Out Policy
with lock
QUESTIONS?
Global concepts
User/primary Secondary/Target
account account
Primary user 1
Check-out Policy
With Lock
Primary user 2
© Copyright WALLIX 57
Manage a secondary account
© Copyright WALLIX 58
MANAGE APPLICATION
Global concept
Goals
• Give an access only to an application instead of an
entire session
What's an Application
• A webapp (i.e a browser)
• A think app
QUESTIONS?
Demo 3- Check Application
Manage applications
Bastion Target application
Which account can
Secondary connection
be used to Primary connection
Interactive User/primary
Interactive login accounts accounts
© Copyright WALLIX 64
Manage applications
Prerequisites:
ELSE :
Publish the application in the collection
© Copyright WALLIX 65
QUESTIONS?
Global concepts
▪ Steps:
1. Add an Application
© Copyright WALLIX 67
Global concepts
▪ Steps:
1. Add an Application
© Copyright WALLIX 68
Manage applications
© Copyright WALLIX 69
Manage applications
Add an application requiring an account
© Copyright WALLIX 70
Global concepts
▪ Steps:
1. Add an Application
© Copyright WALLIX 71
Manage applications
© Copyright WALLIX 72
Manage applications
© Copyright WALLIX 73
Global concepts
▪ Steps:
1. Add an Application
© Copyright WALLIX 74
Manage applications
© Copyright WALLIX 75
Manage applications
Add an application
requiring an account
userbastion1 wca_user
userbastion1 userbastion1
© Copyright WALLIX 76
Manage applications
© Copyright WALLIX 77
Global concepts
▪ Steps:
1. Add an Application
© Copyright WALLIX 78
QUESTIONS?
Annexes
CONNECTING TO A SERVER USING RDP
Connecting to a server using RDP
© Copyright WALLIX 81
Connecting to a server using RDP
© Copyright WALLIX 82
Connecting to a server using RDP
▪ Account
© Copyright WALLIX 83
Connecting to a server using RDP
▪ Account mapping
© Copyright WALLIX 84
Connecting to a server using RDP
▪ Interactive
© Copyright WALLIX 85
Connecting to a server using RDP
© Copyright WALLIX 86
Connecting to a server using RDP
© Copyright WALLIX 87
CONNECTING TO AN SSH SERVER
Connecting to a server using SSH
© Copyright WALLIX 89
Connecting to a server using SSH
Interactive
Account
Account
mapping
© Copyright WALLIX 90
Connecting to a server using SSH
© Copyright WALLIX 91
Connecting to a server using SSH
© Copyright WALLIX 92
CONNECTING TO AN APPLICATION
Connecting To Application
© Copyright WALLIX 94
Connecting To Application
© Copyright WALLIX 95