Iraje Tool Server Configuration manual V7.5

Introduction

The main purpose of this document is to explain PAM admins, how to use Tool Server is & how they can configure it in their environment.

The Server which is used by PAM to install Thick client applications provided by Iraje PAM clients to ensure PAM Server Security & availability.

Purpose

The PAM server is hardened and no 3rd party software is allowed to install on it. The OS credentials of the PAM server also changes every hour automatically. This security ensures no one has admin access to the PAM OS and its tamper proof.

Due to this security, the applications need to be installed on another jump server – called as Tools server by Iraje. This tools server is used to host all 3rd party applications like Toad, SQL Developer, Checkpoint Client etc.

Target Audience

Iraje PAM Admins | Security Teams

Configuration of Tool server

Adding Remote Desktop Installation Roles
  • Go to ‘Server Manager’

  • Click on Add ‘roles and features’

  • Click on ‘Next’ button

  • Select ‘Remote Desktop Services installation’.

  • Click on ‘Quick Start’

  • Select Session based ‘Desktop deployment’

  • Click on ‘Next’

  • Select ‘Restart the destination server automatically if required’

  • Note the 3 roles to be deployed successfully

  • Remote Desktop Services roles services

  • Session collection

  • RemoteApp program

  • Click on ‘Close’

Configuring Remote Desktop Services
  • Go to Server Manager→Remote Desktop Service→Overview

  • Click on ‘RD Gateway’

  • Select Server from ‘Server Pool’ to the Computer. Click on right arrow button & Click on ‘Next’

  • Give the Domain name (The domain name which you have used for adding new forest) on SSL certificate name & Click on ‘Next’)

  • Click on ‘Add’

  • Click on ‘Close’ once the role has been deployed successfully

Configuring RD Licensing
  • Go to Server Manager→Remote Desktop Services→Overview

  • Click on ‘RD Licensing’

  • Add Server from Server Pool to the Computer. Click on right arrow button Click on ‘Next’

  • Give the Domain name (The domain name which you have used for adding new forest) on SSL certificate name & Click on ‘Next’)

  • Click on ‘Add’

  • Close once it is at 100%

Configure the Deployment
  • Go to Server Manager→Remote Desktop Services→Overview

  • Click on ‘Task’ & select ‘Edit Deployment Properties’

  • Select ‘Automatically detect RD Gateway server settings’

  • Go to ‘RD Licensing’ & select ‘Per User’. After that click on ‘Apply’ and ‘OK’

Collections Configurations
  • Go to Server Manager→Remote Desktop Service
  • Click on ‘Collections’

  • 'Remove’ the default collection by selecting it and right clicking on that Collection Name

  • Click on ‘Yes’

  • Now we have to add new collection So, click on ‘Tasks’ and ‘Create Session Collection’

  • Click on ‘Next’

  • Give Collection Name as ‘remote app’ Click on ‘Next’

  • Add Server from Server Pool to the computer. Click on right arrow button

  • Click on ‘Next’

  • Click on ‘Next’

  • Remove the check-mark from unable user profile disks. Click on ‘Next’

  • Click on ‘Create’

  • Click on ‘Close’

Publishing Remote App Programs
  • Go to Server Manager→Remote Desktop Services→Collection→remote app (To Host the application like SQL, SSMS, etc)

  • Click on ‘Tasks’ and select ‘Publish RemoteApp Program’

  • Adding Remote App programs. Click on ‘Add’ and take (application .exe) from PATH also you select program from below window if the program is appearing. Select the program click on ‘Next’

  • Publish the remote app. Click on ‘Publish’

  • Edit Properties. Right click on newly publish application & select ‘Edit Properties’

  • Got to ‘Parameters’ tab

  • Select ‘Allow any command-line parameters’. Click on ‘Apply’ & ‘OK’

Tool Server Connection Configuration in ACM

  • Login to PAM portal using correct Username & Password

  • Click on ‘Access Control Manager’

  • Go to 'Access Control Manager'

  • Click on ‘Directory Access’ & select the appropriate group in which you want to create connection.

  • Click on ‘Configured Access Control Manager’

  • Click on ‘New Connection’

  • Select connection type as ‘RDP’ from drop down menu

  • Fill up the all details & click on ‘Tag’

  • Fill up the ‘Tags’ details & click on ‘OK’

  • Click on ‘Add’ Connection

Accessing Tools through Access Control Directory

  • Login to PAM portal using correct Username & Password

  • Click on ‘Access Control Directory’

  • Select ‘Group’ in which tool server connection is present

  • Right click on the connection to access the Tag

  • Application will be invoked from PAM ACD as below