Very newbie questions, I apologize...

Hi to all, 

we are trying to configure SPS / SPP for our environment, that is based on a DMZ, where we have placed SPS, with one network interface in DMZ and another one in Corporate LAN, with the aim to use only SPS to generate connections to our target servers.

Now ,we are trying to reach an SSH server (Ubuntu) inside the DMZ from SPP, that is placed in Corporate LAN, using SPS as vector. At the moment we are blocked becouse SPP cannot discover SSH host Key.

Is it possible, or SPP must "see" directly the SSH Target? 

And another question: how can i see in SPP changes from SPS (e.g.: if i configure a new SSH connection in SPS, how can i propagate it to SPP, in order to see in Access Request Policies -> SPS Connection Policy?

THX

Silvio

Parents
  • Hi Silvio

    I think the key thing to remember here is that SPP and SPS are products that can stand up on their own without any need to interact with each other.

    You cannot use SPS to proxy SPP functions.

    If you are talking about using SPP to carry out password management functions then it needs to be able to see/communicate with the target system/assets. You can find details of the ports SPP needs to carry out management functions in the Admin guide. if it is just Linux/Unix passwords that need to be reset then you only need port 22 open from the SP cluster.

    The SPP - SPS Join function allows you to create SPP originate sessions or SPS originate sessions.

    SPP originated sessions allows you to authenticate to SPP and follow a workflow within SPP that allows you to request and start a session from SPP with SPP passing the details of the session to SPS without the need to interact directly with SPS.

    SPS originate sessions allows you to create an SPS originated session and have SPP pass the credentials for the session to SPS from SPP.

    Password reset after release is still handled by SPP.

    I hope this helps

    Best regards

    Tim

Reply
  • Hi Silvio

    I think the key thing to remember here is that SPP and SPS are products that can stand up on their own without any need to interact with each other.

    You cannot use SPS to proxy SPP functions.

    If you are talking about using SPP to carry out password management functions then it needs to be able to see/communicate with the target system/assets. You can find details of the ports SPP needs to carry out management functions in the Admin guide. if it is just Linux/Unix passwords that need to be reset then you only need port 22 open from the SP cluster.

    The SPP - SPS Join function allows you to create SPP originate sessions or SPS originate sessions.

    SPP originated sessions allows you to authenticate to SPP and follow a workflow within SPP that allows you to request and start a session from SPP with SPP passing the details of the session to SPS without the need to interact directly with SPS.

    SPS originate sessions allows you to create an SPS originated session and have SPP pass the credentials for the session to SPS from SPP.

    Password reset after release is still handled by SPP.

    I hope this helps

    Best regards

    Tim

Children