DR Small Sites Deployment

DR Small Sites Deployment

In this scenario, the node is configured with a workgroup name specific to the site; all managed accounts on the site are configured with the same workgroup. In this manner each worker node would be responsible for changing just the passwords for the site it is located in.

End users log on to the worker node to perform the following actions:

  • User: Requesting a new password release or RDP/SSH session
  • Admin: Approving user requests
  • Admin: Monitoring and remote control of user session activity
  • Admin/Auditor: Searching and replaying user sessions

Sessions are proxied via the local worker node; recorded keystrokes (if applicable) are stored in the central database; recorded session files may be stored locally on the node according to retention rules or transferred immediately to central archive storage locations.

DR Small Sites Scenario 1 - WAN Link from Primary Sites Down

DR Small Sites Scenario 1 - WAN Link from Primary Sites Down

In the current architecture, any separation from the central database prevents users from logging on to the worker node.

As a mitigating step, it is possible to install an unlimited number of Password Caches in the Password Safe environment to persistently store credentials in the event of an outage.

Password Caches

Each cache can store credentials that may be released in an emergency. A synchronized storage option for the worker node is planned for a future release of Password Safe.