Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

System Components

SSH Tectia Manager includes the following components:

Management Server

The Management Server runs the management logics, stores the configuration and environment information, and provides management communications to the managed hosts. The Management Server software includes a built-in, hardened web server developed by SSH Communications Security.

Web-based administration interface

The administrator manages the environment via the SSH Tectia Manager administration interface. The SSH Tectia Manager administrators may use remote workstations to connect to the Management Server. The web connection is encrypted and the server is authenticated using TLS. The remote workstation does not need to have any additional components, such as Java, installed in order to run the administration interface. Administrators log into the Management Server using password authentication or optional TLS client authentication using X.509 certificates.

Management Database

Management Server has a built-in SQL database where the host environment structure, host information, host public keys, SSH Tectia Server and Client configurations, and administrator audit logs are stored. Critical control and host information is stored in encrypted form in the database. SSH Tectia Manager also supports the use of Oracle (versions 9.2, 10g and 11.1) as an external Management Database.

Management Agent

To be able to install and manage SSH Tectia software on a host machine, a software component called Management Agent needs to be installed onto the host.

The Management Agent is responsible for communicating with the Management Server, and installing, upgrading, monitoring, and controlling the SSH Tectia software on the host according to the management commands from the Management Server. The Management Agent operates with root privileges on the host.

The Management Agent needs a configuration file, created by the Management Server, called the Initial Configuration Block (ICB). This file initially authenticates the Management Agent to the Management Server, after which the Management Agent receives a permanent configuration file to be used on subsequent connections to the Management Server.

Distribution Server

In very large environments (more than two thousand hosts), Distribution Servers may be deployed within local subenvironments to ease the management operations. Distribution Servers act as management connection proxies for the managed hosts, concentrating the multiple management connections into a single TCP stream to the Management Server and caching product installation packages for distribution, so that each installation package needs to be transferred only once to the Distribution Server.

Distribution Servers do not need to be separately installed, as it is possible to turn any Unix Management Agent into Distribution Server mode from the Management Server administration interface. After deploying the mode change to the Management Agent, it will start to serve the other Management Agents that are configured to use it as a Distribution Server. It is also possible to provide redundancy by assigning two Distribution Servers to serve a group of Management Agents.

Hosts deployed as Distribution Servers should have enough free disk space to cache all product installation packages in use, and enough network bandwidth to distribute the packages to Management Agents. Apart from the extra functionality of routing Management Agent connections and caching installation packages, the Distribution Servers function exactly like normal Management Agents. When no longer needed, the Distribution Servers can be turned back into ordinary Management Agent mode.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now