Secret Server Networking Overview

Secret Server offers a comprehensive suite of networking features designed to secure and manage privileged access. Below is an overview of key components including messaging, distributed engines, RDP proxy, HTTP, and SSH.

Messaging

Secret Server uses RabbitMQ as its message bus or broker to facilitate message traffic between various components. This asynchronous message-based system ensures that operational instructions and data are passed back and forth efficiently. All messages are encrypted during transit, and any accumulation of messages in a queue is considered abnormal, indicating a potential application problem.

Distributed Engines

Distributed engines in Secret Server provide scalability and rapid results for large networks. They use secure network communication, queueing, and parallel processing to manage tasks such as password changes and discovery. A distributed engine consists of site connectors, sites, and engines, which work together to distribute and process work items efficiently.

RDP Proxy

Secret Server uses an SSH Proxy to secure RDP connections within a Privileged Access Management (PAM) solution. This approach mitigates the risks associated with direct RDP access by routing all RDP and SSH connections through the Secret Server host or a Distributed Engine. This setup ensures that only authorized sessions can access target hosts, and it prevents malware from spreading laterally between machines.

HTTPS

You can configure Secret Server to run with multiple front-end web servers, offering clustering for redundancy and load balancing. This setup ensures better performance and limits potential downtime from a single point of failure. The backbone bus, typically RabbitMQ, handles all internal communication between roles in a clustered environment.

SSH

Secret Server's SSH Proxy routes SSH sessions to protect endpoint credentials. It can be configured to proxy through the Secret Server web application or a distributed engine. This setup allows for secure and monitored SSH access, ensuring that all connections are authorized and audited.

These components work together to provide a secure, scalable, and efficient networking environment for managing privileged access in Secret Server.