Hi everyone. Appreciate your feedback on the below queries.
For PRA Cloud what is the communication matrix (firewall ports) that needs to be allowed for Jump Points, Jump clients and PRA to work smoothly?
For PRA Jump Points, what is the recommended hardware sizing (CPU, Memory, Disk) etc ?
Where the session recordings going to be stored? Is it going to be on the Jump Point or PRA cloud and in case if its going to be on the Jump Point what is the requirements for Disk storage?
Page 1 / 1
Hello @sami - I’ll try my best to answer your queries below:
Virtually all network traffic to the appliance is over Port 443. This includes Jump Clients, Desktop Consoles and Jumpoints connecting back to the appliance.
All session recordings are held by the PRA Appliance itself. They are held for up to 90days, depending on how busy (session load, lengh of sessions, etc) your appliance is.
Thanks for the response. In my case our deployment is on Cloud. So the session recordings you have mentioned at point#3 are also applicable to that? none of the recordings will be stored on Jump Point? and will be stored in the cloud?
Hello @sami - Correct, all SRA appliances operate the same way in this regard, all session data and recordings will be held on and by the appliance itself. And they are all subject to the 90 day rule.
Hi @PhillC - is it possible to extend the recordings storage beyond 90 days? I couldn't find any option in the PRA Portal.
Hello @Prudhvi Keertipati - It is not possible to extend the logging past 90 days. You will find the option under /login > Management > Security, under the Miscellaneous section, as below:
If you wish to keep the session data and recordings longer, yoi will need to look into the Integration Client software we offer for free in the Customer Portal.
@PhillC, thanks for the feedback. What Cloud URLs the Jump Point and Jump client would need access to?
Hello @sami - that depends on each individual cloud instance, every customer would have their own assingned DNS URL for their own instance.
Thanks @PhillC, So the only firewall requirement would be to allow outbound connection from Jump Points and Jump Clients to the PRA Cloud URL?, no other outbound URLs would be required to be whitelisted? Correct
@PhillC , the last query that I have is can we use SAML SSO for /console ( Web Console ) login for internal users?
I know it can be done for /login , can we also do the same for /console login?
Appreciate your feedback. Thanks.
Thanks @PhillC, So the only firewall requirement would be to allow outbound connection from Jump Points and Jump Clients to the PRA Cloud URL?, no other outbound URLs would be required to be whitelisted? Correct
This is correct, back to the appliance.
@PhillC , the last query that I have is can we use SAML SSO for /console ( Web Console ) login for internal users?
I know it can be done for /login , can we also do the same for /console login?
Appreciate your feedback. Thanks.
SAML SSO login for /login is the same one used for /console as they both use the same users. If you have set up /login SAML Access, that same set up will allow users to log in via SAML for all the Consoles, both web and desktop.
