General questions regarding shared RDM usage
Hello all,
I’m doing my apprenticeship as an IT specialist for system integration (apologies if that’s not the correct term) and have been tasked with configuring RDM to have certain entries such as servers and passwords shared across multiple users from the IT.
Our current situation is that users who use RDM have local databases, meaning that if credentials get changed by one user, they won’t be synced with the same credentials on other users’ devices. Thanks to the research I did prior to writing this I know that it is possible to share access to databases in RDM, however due to the lack of knowledge regarding the (for me) unknown software I wanted to ask for help, or rather ask for answers to my questions.
Before I get to my questions, the company I’m doing this for has a Team Edition licensed. Also I am using the newest version of RDM for this project.
Here are all the questions I have so far:
-Do I need to have an Active Directory connected to RDM in order to access role/group management for users?
This question has formed as I saw tutorials on how to create groups/roles and add them to users, however the buttons “users” and “roles” do not seem to show up on my
“Administration” tab.
-What other ways of sharing entries/databases across multiple users exist?
Since it’s up to me to decide what method to
use for sharing the entries, I wanted to know if there are any more besides the
one stated above, maybe options where connecting an AD is not necessary (if it even
is in the first place).
-Is a user required to have a Team Edition license in order to access shared entries/databases or is this a requirement for only the administrator managing it?
-Once the entries/databases are being shared across multiple authorized users, where would those need to be saved? (e.g. server)
This question came up while talking with our IT
Security specialist regarding the whole RDM topic, as the databases/entries
will need to be stored on a secure place where nobody except users with the
proper permission can have access to. One key sentence for this would be “We
shouldn’t have to worry when a device with an active RDM gets lost”, which is
referencing the issue that as of right now every user with RDM has a local
database stored somewhere locally on the notebook (which also leads to the
original topic of entries/databases not being synced across users).
I hope this has been clear for understanding, if there’s anything I need to let you know to help you answer my questions don’t hesitate to let me know!
Best,
Ian
All Comments (3)
Hello Ian,
Thank you for reaching out to the Devolutions support team.
You must have a license to access the database to use a shared or advanced data source with RDM. The RDM license is bound to the database and assigned to your users. This means that every user who needs access to the database in RDM will require a permit.
Regarding your questions:
- Is an Active Directory connection required to access role/group management for users in RDM?
You do not need an Active Directory to manage users and security. This is all managed in RDM as permissions on every part of your database. Every entry can be set for every user or multiple permission. Some permissions are essential to launch entries like View, View Password, and Execute.
- What are the other ways of sharing entries/databases across multiple users?
If you are looking for a password manager without sessions like RDP or SSH, the Devolutions Server Free can be a good solution. This is an advanced data source for a maximum of 10 users. Depending on your number of users, this can be a good solution if you have more users. Devolutions Server can also be used with RDM to launch your sessions and has more features than an SQL server.
- Is a user required to have a Team Edition license to access shared entries/databases, or is this a requirement for only the administrator managing it?
The licensing of RDM is based on the number of users, which means that everyone who needs access to the database requires a license assigned to their account.
- Once the entries/databases are shared across multiple authorized users, where should they be saved? (e.g. server)
If you opt for Devolutions Server, all your entries will be stored in an SQL database. It's important to note that Devolutions Server is a web application that connects your client to the database. For now, only the SQL admin has access to the database.
Let us know if you have more questions.
https://devolutions.net/server/
Best regards,
Patrick Ouimet
Hello Patrick,
thank you kindly for answering my open topics. I'd like to get more in-depth with the whole database topic.
To meet our security standards, I prefer using a solution that leaves the database within our company.
I've come across XML as a possible database and considering we have shared network drives chosen technicians have access to and that the XML file can be encrypted, this seems to be a viable solution in our scenario. (We are an internal IT service, therefore we only require access to the database within our own network.)
So while this seems to be a way we'd like to use to handle synchronized access to the database, I've stumbled across a new issue which regards individual passwords.
We have multiple servers where more than 5 different accounts have access to, either to seperate tasks or to have personal users.
Here's the issue when we want to connect to a server (or anything other really) via RDM:
If the credentials for the server within RDM are set to "Username and password", they need to type it in every time, which can get tedious over time.
However, we cannot use "Linked (Vault)" as this would let everybody using the database have access to everyones confidential log-in data they saved within RDM.
And since "Inherited" and "None" also makes everybody type it in by hand, it leaves us with using "My personal credentials" or "My privileged account".
This does do the job well, but immediately stops working when wanting to access another server where the credentials are different from the ones saved.
So my question would be: Is it possible to save multiple credentials for each RDM user individually without adding them to the XML database everybody has access to while also enabling each user to log in automatically with their credentials?
I hope this has been understandable.
Best,
Ian
Hello Ian,
Thank you for your feedback.
Regarding your situation, we have specific settings for users to override the credentials on an entry.
I would like to suggest a quick tour of our DVLS/RDM product with one of our technical agents. During this demo, you will have an hour to explore all that DVLS/RDM has to offer and ask any questions you may have. Please note that everyone is welcome to join this session.
Here is the link to schedule this session:
https://devolutions.net/server/home/requestdemo/
Best regards,
Patrick Ouimet