Website through sbpam

Products Privilege Secure Discussions & Questions
,
1

Good morning

an external vendor needs to connect to an hmi within our network through http/https.

I have created a website type activity and a website type resource with the ip of the hmi in the logon url field (I have not filled in the associated resource, associated domain controller and service account fields).

In the activity the configurations are these

The image displays a user interface for setting up website login parameters, including options for account type, session monitoring, and actions for pre-session, session, and post-session management. (Captioned by AI)
The image displays a user interface for setting up website login parameters, including options for account type, session monitoring, and actions for pre-session, session, and post-session management. (Captioned by AI)711×501 29.5 KB

The access policy is resource based.

The provider accesses the pam through a client-to-site VPN and the firewall policy only grants access to the PAM.

When the user accesses the pam, he sees the access policy and when he deploys, he finds the possibility to connect to the hmi but without going through the pam, in fact in the address bar of the browser, the ip of the hmi appears. Obviously the firewall policy does not allow direct access to the ip of the hmi.

How can it, the pam, function as a proxy in this case?
Thanks!

2

Hello, Matteo.

One possible solution would be to use an RDS website launcher (documentation available here). The website could be configured as an RDS remote app. The idea is that the website for the HMI would be served up by the RDS server (which resides in your network).

Best,
-Ben

3 Likes