Privilege Control for Servers

Privilege Control for Servers (PCS) carries Delinea's PAM capabilities into the individual servers and computer endpoints in your corporate network. PCS is designed to work in concert with some new and recently-updated platform services. These are described briefly below, and they are explained in more depth in the rest of this documentation.

The Privilege Control Agent

On non-Windows computers, Privilege Control for Servers consists of the core Privilege Control Agent (adclient), related libraries, and optional tools. The Privilege Control Agent enables local host computers—most commonly Linux or UNIX—to join an Active Directory domain. After the agent is deployed on a server, that computer is considered a managed computer and it can join any Active Directory domain you choose.

When a PCS-managed computer joins an Active Directory domain, it essentially becomes an Active Directory client and relies on Active Directory and the Delinea Platform to provide authentication, authorization, policy management, and directory services. The interaction between Active Directory and the agent on the local computer is similar to the interaction between a Windows system and its Active Directory domain controller, including fail-over to a backup domain controller if the managed computer cannot connect to its primary domain controller.

PCS Policies

PCS policies provide users with machine-level (server) permissions for logging into and performing elevated actions on remote computers and servers managed by the Delinea Platform. By assigning machine-level policies, you can ensure that each asset adheres to compliance standards, maintaining both security and efficiency across your network.

Inventory

The Inventory service delivers a user-friendly, asset-centric perspective of computers within your infrastructure. It empowers the user to readily view and manage assets, and to launch remote sessions directly into computers that have been discovered through the Secret Server discovery service.

Engine Management

The Delinea Platform manages and protects endpoints using small software packages called engines. The Platform’s Engine Management feature provides administrators with a single interface for managing these engines, which are automatically updated and maintained after installation — removing the need for separate installers and management processes that are traditionally necessary on individual machines. See Engine Management.

Audit Collector

Delinea Audit Collectors transmit machine-level audit data to the Delinea Platform, allowing recorded activities and events to be presented, examined, and preserved. They function as intermediary services that receive and compress activities captured in real time from agents deployed on audited computers.

An agent on each audited machine captures user activities and forwards them to a designated Collector. When the agent cannot establish a connection with a collector—for example, when computers hosting the collector service are offline for maintenance—the agent temporarily stores the session data locally, then transfers it to a collector once the connection is reestablished. The collector then transmits this data to the Delinea Platform.

We recommend setting up at least two collectors to ensure uninterrupted auditing. Additional collectors can be deployed at any point for additional resiliency or improved scale. See Audit Collector Workload.

Command Relay

Command Relay facilitates communication between the Delinea Platform and the customer through an SSH connection. Its primary function is to dispatch commands along with their parameters to be executed within the customer's environment. The command relay requires a service account that can modify your domain so the proper administrative policies can be added.

We expect that most Privilege Control for Servers (PCS) customers will be existing Delinea clients, with standard environments and components already deployed for the Delinea Platform and Secret Server.

PCS does not support FIDO2 MFA.

Proceed to the PCS End-to-End Installation and Run Guide.