Agentless Deployment

(Click on images for higher definition view)

Installing yet another agent on a large network of UNIX and Linux based systems to enable privileged management is enough to daunt even the most committed of security managers.  Add the human cost of implementing and maintaining the software to the change management issues and it is no wonder that many large projects never get completed.

Privileged User Manager ® (PUM) was designed from conception to avoid these roll-out issues.  PUM requires only that software be installed on the Access Servers, Audit Servers and the web application server(s) supporting the web browser based User Interfaces.  PUM uses SSH-2 to communicate with the Managed Servers, and provided that the Managed Server runs an SSH-2 server (standard build on modern distributions of AIX, HP-UX, Solaris, Red Hat, Suse and other Linux variants) then no other software needs to be installed.  PUM can then be used to manage access to the privileged Accounts residing on those Managed Servers.Physical architecture

The key to making this work in a live environment is that no User must be able to gain direct access to the privileged Account on the Managed Servers.  When new Managed Servers are introduced into the PUM environment, the privileged Account passwords are changed on those servers.  The Users are not provided with the new passwords, so no direct access can be achieved.  The only access route to those accounts is now through PUM, so that all commands entered, and selectively the information returned, can be managed, monitored and audited using PUM.

The only PUM software that you need to install is:

PUM Access Server(s) - pumacsd - PUM access server daemon

PUM Audit Server(s) - pumausd - PUM audit server daemon

Web application server(s) - pumadmin, pumclient, pumservice

and you can be up and running with centralized control of your privileged accounts in hours or days.