Privileged Access Management (PAM) Manual¶
Introduction¶
Excalibur PAM (Privileged Access Management) provides web-based zero-trust access to enterprise resources (PAM Targets). Zero-trust means the client machine doesn’t need to be trusted as nothing is installed on it and all access from it goes via browser or native client utilizing a well-known protocol such as RDP, SSH. The client machine doesn’t get access to the internal network.
In the Excalibur Dashboard's PAM tab, users can view a list of functionalities and PAM management options, which vary depending on their specific user role. Specific user roles have access to different functionalities within PAM Management based on their permission. For a detailed overview of role-specific features, please refer to the corresponding documentation.
Figure 1. Different user roles have different views of the PAM dashboard
This manual provides a general overview of how to use Excalibur PAM, specifically RDP Target and SSH Target: how to initiate a PAM session and then describe common PAM control functionalities.
- Starting a PAM session
- Two-way sharing of text via clipboard
- On-screen keyboard
- Two-way file sharing
- Terminating a PAM session
To be able to use Excalibur PAM it is necessary to have:
- Registered account in Excalibur
- Modern web browser (Chrome is strongly preferred).
- Excalibur application on your smartphone, download from: https://getexcalibur.com (in the footer)
- Internet connectivity (page where the running excalibur server needs to be reachable).
Connecting to a PAM target¶
The Targets tab in the Dashboard provides an overview of PAM targets with some possible actions such as Connect to Target, View Target Details, Duplicate, Edit Target, Delete Target. To connect to a target, select Connect to Target.
Figure 2. Possible actions for PAM target
PAM controls - Overview¶
After connecting to a PAM target, a new browser tab opens, and a notification appears in the bottom-right corner indicating that the session is being recorded.
Hovering the mouse near the top-center of the screen reveals the PAM control, which remains hidden by default to avoid interfering with working in a PAM session.
Figure 3. Browser tab opening after connecting to a PAM target
Figure 4. Notification displayed in the bottom-right corner of the screen
Figure 5.PAM control overview: 1. Pin/Unpin the player panel; 2. Name of the target; 3. Showing the recording is active; 4. Setting.
PAM controls - Setting¶
Clicking on Settings in the PAM control opens the settings options on the left side of the screen. It allows performing the following actions:
- Enabling two-way clipboard sharing for copying and pasting text, if supported by the PAM target.
- Accessing the mapped disk - storage for file downloading and uploading, if supported by the target (different between RDP/SSH targets).
- Toggling the virtual on-screen keyboard.
Figure 6.PAM control settings overview
On-screen keyboard¶
Figure 7. Toggling on the on-screen keyboard
Two-way sharing of text via clipboard¶
When the user copies text within the PAM target, the copied content will appear in the Clipboard box in the PAM control settings. The user can then copy the text from the Clipboard box to the local machine. However, in most cases, copy and paste actions work seamlessly without needing the Clipboard box.
Info
To copy or paste in a terminal, use the hotkeys Ctrl+Shift+C (Copy) and Ctrl+Shift+V (Paste). Alternatively, a single right-click in the terminal also performs the paste action.
SSH target¶
Copy/Paste works seamlessly using common methods of Copying/Pasting (e.g., using hotkeys Ctrl+C/V, Ctrl+Shift+C/V, right-clicking,...)
From a local machine to a SSH target:
- On the local machine: Copy the text as usual (e.g., using a hotkey Ctrl+C or by right-clicking and selecting “Copy”)
- On the SSH target: Paste the text as usual (e.g. using a hotkey Ctrl+Shift+V or by right-clicking once)
From a SSH target to a local machine:
- On the SSH target: Select the text using the left mouse button. The selected text is automatically copied to the clipboard
- On the local machine: Paste the text as usual (e.g., using a hotkey Ctrl+V or by right-clicking and selecting “Paste”)
RDP target¶
From an RDP Target to a Local Machine: Copy/Paste works seamlessly using common methods of Copying/Pasting (e.g., using hotkeys Ctrl+C/V, Ctrl+Shift+C/V, right-clicking,...)
From a Local Machine to an RDP Target: To paste on the RDP target, right-click and select "Paste." The Ctrl+V hotkey will not work for pasting text copied from the local machine.
Two-way file sharing¶
The PAM target must have a shared driver/folder. Its folder structure will be displayed after clicking the disk icon, as shown in the image below.
Figure 8.PAM - Shared driver/folder structure in an RDP target
- To transfer a file from the local machine to the PAM target, navigate to the desired destination within the folder structure in the PAM target control setting (as shown in the image above) where you want to save the file. Then, select "Upload File" and browse for the file on the local machine to upload.
- To transfer a file from the PAM target to the local machine, navigate to the desired file within the folder structure on the PAM target in the PAM target control setting (as shown in the image above). Then, double-click the file to initiate the download to the local machine.
RDP Target¶
Figure 9.PAM - RDP session: Using an Excalibur shared drive.
Figure 10.PAM - RDP session: Downloading a file from a device in a PAM session by dragging the file (drag-and-drop) to the Excalibur shared drive.
Figure 11.PAM - RDP session: A message about the successful download of the file from the PAM session in the user's browser.
Figure 12.PAM - RDP session: Press the "Upload" button to start uploading a file to the device in a PAM session from the user's computer.
Figure 13.PAM - RDP session: A message about the successful upload of a file to the device in a PAM session from the user's computer.
Figure 14.PAM - RDP session: Uploaded file to device disk in PAM session.
Figure 15.PAM - RDP session: Uploaded file to device disk in PAM session.
SSH target¶
Figure 16.PAM - SSH session: By double-clicking the left mouse button on a file from the device in the PAM session, its download to the user's computer will begin.
Figure 17.PAM - SSH session: A message about the successful download of a file from the device in a PAM session to the user's computer.
Figure 18.PAM - SSH session: A message about the successful download of the file from the PAM session in the user's browser.
Figure 19.PAM - SSH session: Press the "Upload" button to start uploading a file to the device in a PAM session from the user's computer.
Figure 20.PAM - SSH session: A message about the successful upload of a file to the device in a PAM session from the user's computer.
Figure 21.PAM - SSH session: Uploaded file to device disk in PAM session.
Ending a PAM target session¶
Ending a PAM RDP session¶
Disconnect or log out of the operating system, e.g. through the "Start" menu, the "Disconnect" option. The "Session Closed" window informs you about the successful termination of the PAM session.
Figure 22.PAM - RDP session: Ending a PAM RDP session. Press the "Close Tab" button to close the PAM session tab in the browser.
Terminating a PAM SSH session¶
Disconnect or log out of the operating system, e.g. with the "exit" command. The "Session Closed" window informs you about the successful termination of the PAM session.
Figure 23.PAM - SSH session: Terminating a PAM SSH session.Press the "Close Tab" button to close the PAM session tab in the browser.
This guide is for informational purposes only. The functionality and capabilities of individual parts of the Excalibur system depend on the installation, configuration and system administrators and may change with updates.