PUM Access Server

(click on images for higher definition view)

The Access Server is the central control point for PUM.  Unless you are using PUMX, then all PUM Users accessing a privileged account will log into PUM as themselves.  On successful login, the Access Server will administer Access Policy and allow the PUM User to access the PUM Sessions to which they are entitled, connecting to the Managed Server on which the privileged Account resides using SSH-2.   All communication between the PUM User and the Account on the Managed Server flows through the Access Server so that it can impose Access Policy and audit all traffic.

There may be any number of Access Servers installed.  You must define at least one Access Server to be able to use PUM.  The reasons for choosing to have more than one Access Server include:PUM physical architecture

  • throughput, in the case of larger sites;
  • redundancy, so that all privileged access is not dependent on a single server staying up;
  • geography, so that Access Servers can be located logically in the enterprise;
  • security, so that access to all servers is not concentrated on a single point in the network.

These Access Server(s) can be provided by Applecross Technologies in one of two forms:

  • software only.  The software may be installed on any compatible UNIX or Linux based system.  Throughput tests suggest that Linux servers will support more concurrent sessions per CPU than the major UNIX variants.  
  • a virtual appliance.  This is a VMware instance of a stripped down Linux server complete with the PUM Access Server software loaded.

The Access Server(s) may be dedicated to the task in larger organizations, or perform a shared purpose in smaller sites.