Get Started!

The article discusses different deployment architecture scenarios to scale Xton Access Manager (XTAM) utilizing multiple session manager components.

XTAM Session Manager Scaleability

Component Architecture

XTAM contains several components. When XTAM is deployed on a single host all components are installed on the same server and they communicate between each other inside this server. One of these components is Session Manager. XTAM communicates with Session Manager using XTAM proprietary protocol through the port 4822. Session Manager, in turn, communicates with remote computers using RDP, SSH, Telnet or VNC protocols depending of the remote computer.

XTAM component architecture PAM

Session Manager can be installed on a separate host than XTAM WEB application. Then XTAM can be instructed to use this Session Manager instead (or together) with the one installed on the XTAM computer. This way, RDP (or SSH) session will be established from Session Manager server to a remote server and XTAM will communicate with Session Manager server using port 4822 (the port should be opened in Session Manager Server firewall). This architecture is not specifically related to RDP. Any protocol will work in the same way.

Use Cases for Session Manager Deployment

There are two applications of this deployment:

1
Performance optimization.

XTAM can automatically load balance sessions between multiple Session Managers (there could be more than two) each time selecting one with least number of currently active sessions. This architecture also supports high availability requirement.

XTAM PAM session manager deployment architecture performance scale-ability

2
Network isolation.

XTAM could be configured to select a specific session managers group out of several configured groups (called Proximity Groups) to serve remote computers located on a specific XTAM Vault, in specified IP range or in a specific domain. For example, computers from the network 10.0.0.x/24 could be served by SERVER SM1 or SERVER SM2 (balanced) while computers from the network 10.1.1.x/24 could be served by balanced session managers SERVER SM3 or SERVER SM4.

XTAM PAM session manager deployment architecture access isolated networks

For the end user there will be no visible differences – the sessions will open as usual.

How to Configure

Practically, to support this scenario install Session Manager as an individual application on the Session Manager host. To do that, run the regular installer on this host but only select one option: Session Manager. The installer at some point will ask about certificates. In a test environment ignore it leaving the communication channel between XTAM and Session Manager over the port 4822 insecure. Alternatively, bring file certbundle.zip from $XTAM_HOME folder of XTAM WEB application host. These certificates are generated during the installation and they keep the communication channel encrypted.

After that, open XTAM GUI, navigate to menu Administration / Settings / Proximity Groups, edit Default Group and add there a new server (host, port 4822). Make sure that port 4822 is accessible from XTAM server. After saving the configuration XTAM will check connection automatically displaying whether the communication channel is established (grey), failed (crossed-out) and whether it is secured (green). Optionally, remove localhost or keep it so XTAM will load balance between localhost and external one. Add more proximity groups for remote servers in specific IP ranges of with specific domain masks. Each proximity group might contain multiple session managers so XTAM will load balance between them inside a group.

Proximity groups with multiple session managers is the way how XTAM scales for large or busy environments.

Categories: xton

Mark Klinchin

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

xton

XTAM Search Query Options

Xton Access Manager (XTAM) can quickly find records that match XTAM search criteria. By default, XTAM search query finds records by record name, description and a host name on a record. However, XTAM also uses Read more…

xton

XTAM API VBScript Example

Below is a small example of calling XTAM API using VBScript. Majority of this example are the functions that parse JSon responses from XTAM API and encode parameters. Scroll down to the section “XTAM API Read more…

xton

Privileged Access Management Deployment Architecture

The article discusses a typical mid-size deployment architecture of a Privileged Access Management system. Architecture The diagram below illustrates typical High-Availability (HA) setup of an Xton Privileged Access Management (XTAM) system with Disaster Recovery (DR) Read more…

Copyright © 2018 Xton Technologies, LLC. All rights reserved.