Configurations for Organizations with Distributed Networks

As part of product deployment, Securden offers the flexibility to deploy multiple application servers to take care of certain specific needs such as IT infrastructure spread across multiple networks.

If your IT assets/privileged accounts are distributed across multiple networks and if you want to manage all those devices using Securden, you can deploy Securden application servers in each of those networks and also associate each application server with a remote gateway.

Application servers deployment is a three-step process - first, you need to add the required application servers, then associate each application server with a remote gateway, and finally associate the IT assets in each network with the gateway.

How to Add Multiple Application Servers?

Prerequisite: Identify the Windows machine(s) in which you will be deploying the Securden Application Server(s). Typically, you would need machines with the same specifications as that of Securden installation.

Navigate to Admin >> Remote Distributors >> Application Server

Scroll down and and click the button “Create Application Server”.

Step 1: Enter details about the application server

In this step, you will simply be creating an identifier for each of the application servers (also called secondary servers) you want to add.

To enter the details,

  • Navigate to Admin >> Remote Distributors >> Application Server and click the button “Create Application Server”.
  • In the GUI that opens, enter the following details:
  • Server identifier is just a name that helps identify the specific application server. The machines where you install application servers should be able to access the database running with the Securden primary server.
  • Address: You need to specify the hostname/IP address of the machine where the application server instance has been installed. Whenever you add or change the IP address or hostname of the machines where you have installed application servers, you need to restart the Securden primary server. Ensure that the standby server is in the same subnet as that of the primary server for failover to work.
  • When you click “Save”, you will see a pop-up, which will provide you the link to download the application server package as a .zip file. Follow the instructions on that page before downloading the zip file. You need to restart the Securden primary server before downloading the zip. (You will see the title ‘download high availability package’. It represents the application server package download).

Step 2: Deploy application server package on the designated machine

You need to deploy the zip file you have downloaded in step 1 above on the machine which has been identified for the purpose of deploying the application server.

Pre-requisites:

  • The application server should be able to access the port of the primary server (default 5959) through the primary server’s address you have specified on server settings.
  • The application server should be running the same product version of Securden primary server. Contact Securden support if you need any assistance.

Carry out the following steps in the machine where you have installed the application server:

  • Stop the Securden PAM Service
  • Unzip the application server package (high availability package downloaded above) under "∠Securden AppServer installation folder>/bin" directory.
  • Open a command prompt with Administrator privileges and navigate to "∠Securden AppServer installation folder>/bin" directory. Then execute the following command:
    ApplyHAPackage.exe HA-∠name>.zip
  • Securden AppServer server shares the same encryption key as that of the Primary installation. Ensure the location of securden.key as mentioned in "∠Securden Secondary installation folder>/conf/securden_key.location" is accessible from the secondary machine.
  • Start the service. Securden high availability setup is now ready.

Step 3: Associate application server with a remote gateway

After configuring the application server, you need to associate it with a remote gateway. This can be done from Admin >> Remote Sessions and Recordings >> Remote Gateway.

In the GUI that opens, select the required remote gateway and then select step 2 ‘Associate Application Server’ and click ‘Configure’. In that page, the list of all available application servers would be displayed. You need to select this application server and click ‘Save’.

After completing this association, you need to associate the devices and/or domains that you want to manage through this application server. Typically, this is an association between Application Servers → Remote Gateway → IT Infrastructure to be Managed. This association is to be done through step 3 in the Remote Gateway configuration page.

Once this is done, the application server would be fully ready to manage the respective network.