Skip to main content

Hello Guys,

 

I’m new to BeyondTrust world but have fair understanding of PAM architecture.

I’m trying to understand the RDS server role in the Password Safe Cloud architecture. The current architecture shared by BT emphasises on Resource Broker and thats where I have clear understanding of Resource Broker from application & network perspective.

 

However, RDS Server is not covered in detailed in any document or article. I only understand that RDS Server is required for session management for non RDS/SSH connections. But, where does it fit in the architecture?

I assume the flow of Database session management may look like:

End user Workstation -→ Resource Broker (TCP/4489)  -→ RDS Server (TCP/3389)   --→ Database (e.g. TCP 1521/1433)

 

I’m keen to understand below points with respect to RDS Server:

  1. Network requirements for RDS Server. Does it connect to any other component (PS Cloud) except Resource Broker & target system (DB etc.)
  2. Does RDS Server store the session recording temporarily? if yes then how to calculate the disk storage based on the number of sessions?
  3. Any detailed architecture including RDS server in it.

I have checked this link already:

https://beyondtrustcorp.service-now.com/csm?id=kb_article&sys_id=6cbde0af47ed5ed4b77b3ddbd36d4318&table=kb_knowledge

 

https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/cloud/security/architecture.htm

 

This may seem a silly question but here I’m :)

 

Thanks in advance!

Yes, Microsoft RDS servers are used to launch Applications (RemoteApps) through Resource Broker servers. No other component of Password Safe Cloud has direct interaction with RDS servers except Resource Brokers. 

 

Session recordings are stored in Resource Broker servers before uploading to Password Safe Cloud.

 

https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/deployment/remote-apps-deployment.htm

This articles below will help with some of your questions:

 

How do remote sessions (SSH and RDP) work when proxied via Password Safe
https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0017538

 

RDS server does not store session recordings.  They are stored temporarily on Resource Broker. Refer to:


PS Cloud - Session recording does not open. Error: "Unable to open the session as the recording is not found."

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0016974

 

Average size of session recordings in BeyondInsight Password Safe - Large recording files

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020693

 

 

Communication and port list for Password Safe Cloud Resource Brokers and tenant (instance)

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0019381

 

Reply


Badge Earners

  • BCIE: Privileged Remote Access
    Bruceyhas earned the badge BCIE: Privileged Remote Access
  • BCIE: Remote Support
    Bruceyhas earned the badge BCIE: Remote Support
  • BCA: Privileged Remote Access
    linehas earned the badge BCA: Privileged Remote Access
  • BCA: Password Safe
    linehas earned the badge BCA: Password Safe
  • BCA: Password Safe
    MedBouhas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings