Windows Privilege Manager - Architecture and Technical Specs

Securden Windows Privilege Manager is an on-premise, software-only solution and is available as a binary for installation on Windows. The binary package contains everything needed and you don’t require any other hardware or software. The components of the product, its architecture, and the technical specifications are explained below.

The solution runs on a central server connected to a backend database. It comes with an inbuilt web server and PostgreSQL as the RDBMS. Optionally, you can use MS SQL Server as the backend database. The server handles the application control policies. Typically, the policies define the list of trusted applications and who can use/run them.

On the end-user machines, a light-weight agent has to be installed. The agent communicates with the server periodically and gets the policies. The agent takes care of enforcing the policies. The agent can also discover the applications from end-user machines and list them on Securden applications inventory. This would come in handy to create policies.

Typically, the agent tries to get the latest policy from the server when a standard user attempts to run an application. If the agent is not able to communicate with the server, it enforces the policy that was last pulled by it from the server. The product can be deployed in high availability mode with redundant servers. Agents can be pushed to the endpoints in two ways: Either directly from the GUI or through Group Policy Objects.

Enterprise requirements such as data backup, high availability, and disaster recovery are in-built. The product integrates with Active Directory for user management and authentication. It also integrates with a variety of MFA providers - any TOTP authenticator (Google authenticator or Microsoft authentication), any RADIUS-based authentication mechanism (RSA SecurID, Digipass, etc.), Duo Security, Yubikey, Email to SMS gateway and OTP through email.

All these functionalities are delivered on a single installation. An installation instance can just have one physical server or multiple application servers as required.

The database columns are encrypted (AES-256) and the database is designed as strictly access controlled. Every installation is guarded by a unique encryption key.

Minimum System Requirements

Description Specification
Operating System

Recommended: Windows Server 2019

Note: The product can be installed on any machine running Windows Servers 2008R2 and above (64-bit). However, Windows Server 2019 is the recommended one.

Memory and Storage

8 GB RAM and 50 GB Hard Disk Space in each machine.

Backend Database

Recommended: SQL Server 2019

Note: PostgreSQL database is bundled with the product by default. For better performance and scalability, we would recommend using MS SQL Server as the backend database.

Web-Interface

Chrome, Firefox, Edge, Safari, Internet Explorer 10 and above in endpoints.

Technical Specifications

  • Product Installation: Windows Server 2019 (OR) Windows Server 2008 R2 and later.
  • Deployment Model: On-prem, VMs (or) private cloud (AWS/Azure)
  • Web-interface: IE, Chrome, Safari, Edge, Firefox
  • Backend Database: PostgreSQL (bundled) or MS SQL server
  • Primary Authentication: Active Directory
  • MFA: Any TOTP authenticator (Google authenticator or Microsoft authentication), any RADIUS-based authentication mechanism (RSA SecurID, Digipass etc.), Duo Security, Yubikey, Email to SMS gateway and OTP through email
  • Data Encryption: AES-256
  • Data Transmission: SSL over HTTPS
  • Devices Discovery: Agentless
  • Admin Rights Removal: Agentless
  • Privilege Management, Application Control, and Temporary Admin Rights: Through a light-weight agent.
  • Integrations: Active Directory, SIEM Solutions
  • High Availability: Redundant servers pointing to the same database. MS SQL clusters
  • Disaster Recovery: Periodic database backup and recovery