PUM Audit Server

(click on images for higher definition view)

Access Server filter diagramThe Audit Server is where PUM sends all logging information.   Because all communication between a PUM User and a privileged Account on a Managed Server flows through a PUM Access Server then any or all traffic through the Access Server can be filtered off and logged on one or more Audit Servers.  All audit trails are encrypted and check-summed to ensure integrity.  A total of four audit trails are kept - a log of each instance of each Session invocation, a log of activity for each Access Server, a log of activity for each Audit Server, and a Database Log which maintains details of all changes to the PUM Database.

There may be any number of Audit Servers installed.  You must define at least one Audit Server to be able to use PUM.  The reasons for having more than one Audit Server include:

  • throughput, in the case of larger sites;
  • redundancy, so that all logging is not dependent on a single server staying up;
  • geography, so that Audit Servers can be located logically in the enterprise;
  • security, so that access to all logging information is not concentrated on a single point in the network.

The Audit Server(s) is provided in one of two forms:

  • software only, which may be installed on any compatible system, normally a UNIX or Linux box. 
  • a virtual appliance.  This is a VMware instance of a stripped down Linux server, complete with the PUM software.

PUM physical architectureThe Audit Server(s) may be dedicated to the task in larger organizations, or perform a shared purpose in smaller sites.  Nobody other than compliance officers, data auditors or security managers will normally have access to the Audit Server.  It cannot, therefore, be altered by anybody else (after all, nobody has the superuser password for that system) and retains an indelible and complete record of all privileged commands executed, and the data returned for those commands.  It also keeps a record of all activity within PUM.  It becomes possible to know at any time, who was granted access to what, by whom and when.

Audit Trails are written to the Audit Server by both the Access Server and the PUM Database Server, and it is good practice to assign at least two Audit Servers to each.  In the event of one Audit Server failing then the second Audit Server will take over, resulting in uninterrupted auditing of all PUM-related activity.