Using PRA

Remote Access Service (RAS) is now Privileged Remote Access (PRA)

PRA and the Delinea Platform

All PRA remote connections occur within a user’s Delinea Platform portal session. If a user logs out or is logged out of their Delinea Platform portal session, for example when their maximum session time is exceeded, all active PRA remote connections are automatically terminated.

Delinea Platform users may be subject to Identity Policies that define inactivity time limits for browser-based portal sessions. Please note that activity in any PRA remote connection browser tab is also considered to be Delinea Platform portal activity and keeps a user’s Delinea Platform portal session active.

PRA Sites

A PRA Site is the location where local (on-prem) Windows and Linux resources are stored. A Site includes the engines to which these resources are available. For reliability, it is recommended to add at least two engines to each site.

PRA sites are mainly used on the launch secrets page, where users need to select a site from the list for the selected secret. Once the selection is made, an SSH or RDP connection will be established through any available engine of this site.

Naming a PRA Site

Delinea recommends that users name their PRA Sites for engines the same as the site used for the secret. This way, the site is automatically selected when launching a session and removes the necessity to manually search for a site to use for the session.

The site selection drop-down is only prompted if the PRA Site name and the site used for the secret do not match.

Launch a PRA Session

Delinea Privileged Remote Access (PRA ) runs entirely on the Delinea Platform interface, enabling users to quickly access and control remote computers.

To launch a PRA session, follow these steps:

1. Log into the Delinea Platform.

2. From the left-side navigation, click Secret Server (or Remote Access for on-premises Secret Server).

3. Locate a secret associated with PRA .

4. Hover your cursor over the Secret row

5. Click the rocket (launch) icon.

   

6. From the pop-up window, click Open with Remote Access.

   

7. From the pop-up window, select the appropriate site from the drop-down menu and click Continue.

   

   If a PRA Site name matches the vault Site name set on the Secret, the PRA Site is pre-selected in the Site Selection dialog. The site selection list is only shown when more than one PRA site exists to select from.

   If you have Session Connector based launchers associated with a secret template, you will see a second dialog window where you will be able to select the session connector launcher. For more information on how to set up a Session Connector, please refer to the Session Connector documentation.

   

From Secret Server On Premises

When using Privileged Remote Access (PRA) with Secret Server On-Premises, any restrictions such as checkouts, checkout with tickets, approval workflows, quantumlock, etc. must be fulfilled directly in the Secret Server On-Premises web portal. These must be completed prior to initiating remote access through PRA.

This section describes how to launch secure RDP or SSH PRA sessions from the Delinea Platform to remote protected resources using Secret Server on premises.

1. Log into the Delinea Platform.

2. From the left-side navigation, select Settings > Remote Access.

3. Locate the appropriate secret.

4. Click Launch.

5. Select the appropriate site from the drop-down menu and click Continue.

   

If a PRA Site name matches the Secret Server Site name set on the Secret, the PRA Site is pre-selected in the Site Selection dialog when the tenant has multiple Sites during the launch process.

6. A remote web session will launch in a new browser tab.

Update PRA Engines

Delinea frequently releases new versions of the PRA on-prem engine. Administrators receive notifications through the platform UI that engine updates are available, as shown below. These notifications can be ignored with no negative consequences.

When a PRA engine update is in progress, current sessions are not affected, but no new sessions can be started until the update is complete.

If your Delinea PRA engine version is lower than version 0.0.21, you must update it by manually uninstalling the older engine and then manually installing the newer one (see Manually Updating a PRA Engine, below). If your Delinea PRA engine is version 0.0.21 or higher, you can continue to the next section,Updating a PRA Engine.

Updating a PRA Engine

1. From the left navigation menu click Settings, then select Remote access

2. On the Sites & Engines tab, you can see the following:

   • The sites, listed under Site Name
   • The state of each site's engines under Engine Health
   • The number of engines on each site, under Engines Count.

If one or more of your PRA engines is due for an update, you will see the following:

• A purple banner near the top of the page announcing the version number of the available update.
• A bell icon to the left of each site containing one or more engines that can be updated.
• A pop-up message when you click the bell, saying There is a newer version of the engine available for this site. Please update soon!

1. Click the name of the site where you wish to update an engine. The Engines page displays the engine's name, current version, status, and activation status.

   

2. To see the version number of the newer engine you can upgrade to, hover your cursor over the bell icon.

   

3. To update the engine, hover your cursor in the engine row. On the right side of the Engine Name column, three dots appear

   

4. Hover your cursor over the three dots. A pop-up appears saying More Actions.

   

5. Click the three dots and choose Update.

   

As the engine is updating, a daisy icon will appear in place of the bell. When a PRA engine update is in progress, current sessions are not affected, but no new sessions can be started until the update is complete. When the update completes, a check mark appears inside a circle, and if it fails, a bar appears inside a circle.

Manually Updating a PRA Engine

To manually update a PRA engine, follow these steps:

1. Uninstall the engine by completing the steps in the Uninstall section.
2. Once the engine is uninstalled, follow the procedure in Installing a Remote Access Engine to install the most recent version of the PRA on-prem engine.