Privilege Control for Servers

Privilege Control for Servers (PCS) brings Delinea's Privileged Access Management (PAM) capabilities to the servers and computer endpoints in your corporate network. Typically, before starting to use PCS, you would have a standard environment and components already deployed for the Delinea Platform and Secret Server.

This page gives a brief description of the services provided by PCS. They are explained in more depth in the rest of this documentation.

The Privilege Control Agent

On non-Windows computers, Privilege Control for Servers consists of the core Privilege Control Agent (adclient), related libraries, and optional tools. The Privilege Control Agent enables local host computers—most commonly Linux or UNIX—to join an Active Directory domain. After the agent is deployed on a server, that computer is considered a managed computer, and it can join any Active Directory domain you choose.

When a PCS-managed computer joins an Active Directory domain, the computer essentially becomes an Active Directory client. It relies on Active Directory and the Delinea Platform to provide authentication, authorization, policy management, and directory services. The interaction between Active Directory and the agent on the local computer is similar to the interaction between a Windows system and its Active Directory domain controller, including failover to a backup domain controller if the managed computer cannot connect to its primary domain controller.

PCS Policies

PCS policies provide users with machine-level (server) permissions for logging in to remote computers and servers managed by Delinea Platform and performing elevated actions on them. By assigning machine-level policies, you can ensure that each asset adheres to compliance standards, maintaining both security and efficiency across your network.

Inventory

The Inventory service delivers a user-friendly, asset-centric perspective of computers within your infrastructure. It empowers the user to readily view and manage assets, and to launch remote sessions directly on computers that have been discovered through the Secret Server discovery service.

Engine Management

The Delinea Platform manages and protects endpoints using small software packages called engines. The platform’s Engine Management feature provides administrators with a single interface for managing these engines, which are automatically updated and maintained after installation — removing the need for separate installers and management processes that are traditionally necessary on individual machines. See Engine Management.

Audit Collector

Audit Collectors transmit machine-level audit data to the Delinea Platform, so recorded activities and events can be presented and examined. The Audit Collectors function as intermediary services that receive and compress activities captured in real time from agents deployed on audited computers.

An agent on each audited machine captures user activities and forwards them to a designated Audit Collector. When the agent cannot establish a connection with a collector—for example, when computers hosting the collector service are offline for maintenance—the agent temporarily stores the session data locally, then transfers it to a collector once the connection is reestablished. The collector then transmits this data to the Delinea Platform.

We recommend setting up at least two Audit Collectors to ensure uninterrupted auditing. Additional collectors can be deployed at any point for additional resiliency or improved scale. See Audit Collector Workload.

Command Relay

The Command Relay facilitates communication between the Delinea Platform and your environment through an SSH connection. Its primary function is to dispatch commands along with their parameters to be executed within your environment. The Command Relay requires a service account that can modify your domain so the proper administrative policies can be added.

PCS does not support FIDO2 MFA.

Next Steps

For more information about PCS, see the PCS End-to-End Installation and Run Guide.