Break the Glass Solution Design

Hi,
Can anyone suggests how Break the Glass solution should be implemented/designed for PAM solution when PAM is integrated/depend with multiple systems(AD, other directory systems , MFA, network etc)..
In this case should we consider BTG solution as per different use cases or always we should consider one BTG solution for many failures/outages.

You can suggest for Safeguard also.. 

Say below use cases can arise--

1. PAM SPP service is not working 

2. SPS is not working

3. AD integration is there and AD is not working..

4. MFA breaks to login to PAM

5. Network outage where PAM is sitting..

etc..

Parents
  • I'd like to discuss this more,  , if you don't mind.

    For example, to dig in a little deeper in each scenario and see what your expectations would be.

    Starting with 1. PAM SPP service is not working.

    Could you elaborate on that? A production deployment of SPP should consist of a minimum of 3 clustered nodes. So you immediately have redundancy in hardware and the data. You can also go as far as geolocating those nodes (however, you need sufficient bandwidth between your hosting/data centers). So when you say, "SPP service is not working", I don't think that means due to hardware failure. So it could mean networking? But again, with a geographical setup of the cluster, you should have network redundancy as well. So the next thing I can think of for "SPP service is not working" would be a complete software failure or misconfiguration. Perhaps one of the cluster nodes goes into quarantine. I've seen that happen, like when applying a patch file or something. But again, I have never seen it happen to all nodes of a cluster at the same time. During a cluster patch, if there is a failure, the patching stops.

    So I'm struggling to see a scenario where "SPP service is not working" can happen. But let's say it does. What would your expectation for "break the glass" be? Would restoring from a backup be sufficient? You can restore a backup to a single node and then access data on it. You should be taking regular backups, and then downloading those backups, password protected, and archiving them in some offsite storage.

    Or do you have some other expectation for "break the glass". Like for example, downloading a text file that contains all accounts and passwords?

Reply
  • I'd like to discuss this more,  , if you don't mind.

    For example, to dig in a little deeper in each scenario and see what your expectations would be.

    Starting with 1. PAM SPP service is not working.

    Could you elaborate on that? A production deployment of SPP should consist of a minimum of 3 clustered nodes. So you immediately have redundancy in hardware and the data. You can also go as far as geolocating those nodes (however, you need sufficient bandwidth between your hosting/data centers). So when you say, "SPP service is not working", I don't think that means due to hardware failure. So it could mean networking? But again, with a geographical setup of the cluster, you should have network redundancy as well. So the next thing I can think of for "SPP service is not working" would be a complete software failure or misconfiguration. Perhaps one of the cluster nodes goes into quarantine. I've seen that happen, like when applying a patch file or something. But again, I have never seen it happen to all nodes of a cluster at the same time. During a cluster patch, if there is a failure, the patching stops.

    So I'm struggling to see a scenario where "SPP service is not working" can happen. But let's say it does. What would your expectation for "break the glass" be? Would restoring from a backup be sufficient? You can restore a backup to a single node and then access data on it. You should be taking regular backups, and then downloading those backups, password protected, and archiving them in some offsite storage.

    Or do you have some other expectation for "break the glass". Like for example, downloading a text file that contains all accounts and passwords?

Children
No Data