Technical Feature Highlights

ILLUSTRATION technical architecture GREY

Role based access 

Map PrivX roles to a user group in your ID management system, and automatically sync to maintain identities and role memberships.  

Integration to Identity Management Systems 

  • Microsoft AD, Azure AD via Graph API, Google G Suite, LDAP and OpenID Connect providers such as AWS Cognito, Okta, Ubisecure. 

  • Single-Sign-On (SSO) with MFA using TOTP authenticators. 

Role membership 

  • Auto-manage role membership by mapping user groups in directory services to PrivX roles. 

  • Built-in multi-step approval workflow for PrivX local users. 

  • Floating and time-based role membership to provision temporary access.   

Multi-cloud & hybrid environments 

Enable just-in-time access to your entire multi-cloud and on-prem server estate in real-time from a single console.  

Auto-discovery of cloud hosts 

Automatically scan and add tagged cloud hosts from AWS, Google Cloud, OpenStack, Azure.  

Reverse Proxy for VPC 

Connect to your virtual private cloud (VPC) using PrivX Extender (reverse proxy). 

Automated deployment 

Automate and orchestrate the target host configuration and deployment with modern automated deployment tools like Chef and Ansible. 

Connectivity 

Securely connect to your critical infrastructure over a broad array of protocols. 

 Supported target systems & protocols 

  • Connect to Windows and Unix/Linux servers, network devices and web applications. 

  • Support for SSH, RDP, HTTP(S) and SFTP protocols. 

  • Use modern browsers to connect to target systems or 

  • Continue using native SSH/RDP client applications.  

Target host authentication 

  • Ephemeral certificate-based authentication using OpenSSH certificates and Windows Virtual Smart Card for SSH & RDP connections. 

  • Public-key authentication for SSH connections. 

  • Password-based authentication for all connections. 

Monitoring and Auditing 

Reliably meet current and emerging compliance mandates with an agentless, privileged access monitoring solution. 

 Session recording & monitoring 

  • Record privileged user activity on critical systems. 

  • Monitor ongoing privileged connections, including files transferred. 

  • Control SSH/RDP channels to restrict available functionality. 

  • Terminate a connection when needed. 

  • Store recordings on an external NFS. 

  • Schedule cleanup of old recordings. 

 Forensics 

  • Video playback of recorded privileged user sessions. 

  • Free-text search into SSH session transcripts. 

  • View audit events with connection details. 

SIEM & log collectors 

  • Forward audit logs and events to Splunk, IBM Qradar, AWS CloudWatch or Azure Event Hub. 

  • Support for CEF & rsyslog formats. 

Regulatory Compliance 

Achieve NIST-800-63B Authenticator Assurance Level 2 (AAL2) and NIST-800-63C Federation Assurance Level 3 (FAL3).  

Security 

  • Secure TLS communication between directory services and PrivX. 

  • Information stored in the PrivX vault encrypted with AES128 or AES256 GCM algorithms. 

  • Tamper-proof audit trails with three-tiered security on session recordings. 

  • Store PrivX secrets in hardware security modules (HSMs) for hardened security.  

REST APIs 

PrivX supports custom integrations to external systems through REST APIs. The APIs are divided into subject matters such as role, host, user and workflow management in accordance with the microservice in PrivX system offering the capability. 

View the API specification. 

 

Software distribution & Installation 

 PrivX consists of a core server component and three optional components. They are distributed as an RPM package via the official SSH Product repository. 

PrivX Server 

Provides PrivX services, such as the PrivX GUI and certificate-based authentication services. 

Optional Components 

PrivX Extender 

Relays host connections, allowing connections to target hosts that are inaccessible from PrivX servers. 

PrivX Carrier 

Together, they enable connecting to HTTP/HTTPS services and web applications. 

PrivX Web Proxy 

 

PrivX Server System Specification 

System Configuration 

4 GB RAM, 2-core CPU, and 15 GB storage for < 10k users 

8 GB RAM, 8-core CPU, and 100 GB storage for < 100k users 

Supported Architecture 

X86-64 

Supported Operating Systems 

Red Hat Enterprise Linux 7.4 or later 7.x version (x86-64) 

CentOS 7.4 or later 7.x version (x86-64) 

Supported Databases 

Local or external PostgreSQL and Redis 

Supported OpenSSH versions for target-host authentication 

OpenSSH 6.9 or later for certificate-based authentication 

OpenSSH 5.6 or later for all other authentication methods 

Supported browsers 

Latest versions of Firefox, Chrome, Safari, Edge, IE11 

For a detailed list of pre-requisites and system requirements, please refer to the Admin Manual

 

Installation Environment 

PrivX can be installed in standard or highly-available mode in the environment of your choice. 

Please refer to our Knowledge Base for detailed instructions.