Forum / Remote Desktop Manager - Feature Request

Urgent Improvement Cyberark PSM Integration

  • Create an Issue
  • Cancel

We are in the process of deploying CyberArk for our very complicated environment. As of today we use the ability to launch a program on the CyberArk PSM server to connect to the final endpoint.

So for example:
On my "host" entry I have the name of the CyberArk PSM server. I then go to the programs tab and select "Start this program on connection" and enter something like:


psm /u Useraccount@domainname.com /a EndPoint.Server.Name /c PSM-RDP

This works great on an individual basis. However it it is NOT scalable in an enterprise form! When I share the DB I will have everyone trying to use the same Useraccount@domainname.com and it will only work for the first user.

Ideally there would be a way to query CyberArk for a given vault name for a list of available accounts that I have access to and be assigned the first available.

In the mean time it would be helpful if a connection type was added that could be tied to private vault entries where the PSM /u useraccount@domainname.com could be tied to an individualized entry

Clock3 mths

Hello,

We've just completed an implementation for supporting various authentication models that have been added in their v10. The PSM should be our next work item.


We are starting the beta phase of our coming major release in september, I cannot confirm if we have the capacity before a few weeks though.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock3 mths

We are running version 10.1 and look forward to the features being released.

September is a long time to wait :-(

Clock3 mths

Ok it is September, where we at?

Clock3 mths

Any update on the PSM integration features with Remote Desktop Manager?

Clock2 mths

Hello,

I would need to verify this with our engineering department and our business architect because the support team doesn't have this information for now.

I'll get back to you on this subject.

Best regards,



Jeff Dagenais

signaturesignature

Clock2 mths

Any update? I have a meeting today with Cyberark and need to report on the progress.

Clock2 mths

Hello,

After verification, the integration of CyberArk PSM is not started yet. It's on our ToDo list, but I cannot provide you any timeline regarding it's delivery.

Best regards,



Jeff Dagenais

signaturesignature

Clock2 mths

that is extremely disappointing. One of the reasons I got my company to buy a global license was the rapid development so this is extremely the upsetting

Clock2 mths

Hello,

I hope you feel that a turnaround of a few weeks is rapid, no other product that we use reaches that level.

I had a call with a CyberArk employee today and it seems that our authentication feature is acceptable. We are ready to start working on the PSM integration.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

To get around this irritation, I have instead implemented a solution using environment variables. It's not perfect, and it required a lot of individual user modification to achieve, but it works.

2018 10 07 19 53 35

On each user account, I defined their email as their admin account (admin.account@domain.com). This is picked up by $DATA_SOURCE_USERPROFILE_EMAIL, and finally, $NAME passes the name of the connection to PSM as the destination RDP hostname.

Hope this helps.

Josh

2018-10-07_19-53-35.png
Clock2 mths

It has been a month, was hoping to get an update from Devolutions.

Josh, thanks for sharing your method. Gives me a fall back plan!

Clock24 days

Hello,

We have published RDM v14 today, it allows for LDAP Authentication against v10.x of CyberArk. This means that we can now start on the PSM (we do not have a dedicated team for third party integrations...)


The current planned architecture is to have a CyberArk PSM entry, which you will use much like a VPN/Gateway.


The second entry type will be a CyberArk PSM Connection, which you will link to the previous entry. In the connection, you will need to specify which Connection Component to use (PSM-RDP, PSM-SSH, etc), the asset name (host, DB Name), and lastly which credential to use.

All of the research is done, which should make things quick to implement. On the other hand, we need to perform a demo to CyberArk's team and get approval before putting it in a GA release.


I will check with them if they allow us to expose the feature prior to their approval, this would mean that you could try it in one of our beta releases.


Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock24 days

Thank you for the feedback and for letting me know how things are progressing.

Please keep in mind use cases where the PSM would be accessed via RDS Gateway.

That is our current configuration, which I would be happy to demonstrate for you!

Clock24 days

Hello,

I would sure like to show our implementation to you as soon as feasible.


Since the connection to the PSM is a pure RDP session, it would support all options of our existing entry (Gateway, VPN, before connect event, etc.) Do you simply fill-in the gateway details in the Connection tab? If so it will work for sure.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock23 days

YUP, Great!

Thanks for keeping me updated! To you have an Estimate?

Clock22 days

Hello,

Since the last estimate I gave you for that feature was for September and we are now three weeks into October, you will understand that I am not feeling too good about providing an estimate.

Its not that the feature takes weeks to implement, its that the Windows team's utmost priority is to fix bugs, especially around our two major releases per year.

I will go as far as saying that the code should be done in November, then the CEO must decide to include it into a build.

Sorry about the vague answer, but that's the best I can commit to.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock22 days