# Connections

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FKpAclMuv7eB6AVMIYwkB%2FKeeperPAM%20Connections.jpg?alt=media&#x26;token=9e69958b-0215-4be1-aa93-fe972d4a1220" alt=""><figcaption></figcaption></figure>

## What are Keeper Connections?

**Keeper Connections** allow users to instantly and securely access assets within their target infrastructure, such as servers, databases, web apps and workloads directly from their Keeper Vault. Connections can be established without exposing the underlying credentials to the user, ensuring zero-trust and zero-knowledge access.

Keeper Connections are configured on PAM Machine, PAM Database, PAM Directory and PAM Remote Browser record types, and once configured, connections are launched directly from these records.

One of the key features of Keeper Connections is the **agentless** and **clientless** architecture. Organizations need to install only a [Keeper Gateway](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways) in each managed environment. This streamlined approach simplifies deployment and enhances security by centralizing access management.

### Connection User Interface

Connections are launched directly from the Vault interface with one click. The connection is established between the Keeper Gateway and the target machine, and the session is visually projected into the Vault where you can interact seamlessly.

Click "Launch" to open a privileged session.&#x20;

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2Fa2tCxnbadZbltDSIRGHR%2FScreenshot%202025-05-27%20at%203.10.58%E2%80%AFPM.png?alt=media&#x26;token=b18812df-2900-42c1-bb30-d04c2ee5bb32" alt=""><figcaption><p>Launch Button</p></figcaption></figure>

Sessions are opened directly inside the Keeper vault, establishing a zero trust encrypted connection to the target.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F4IPQCpGGXyoRhKs5mJz5%2FScreenshot%202025-02-13%20at%208.52.57%E2%80%AFPM.png?alt=media&#x26;token=c1f56acd-4140-4812-b23d-0c01664f6394" alt=""><figcaption><p>Connecting to a Windows Machine</p></figcaption></figure>

Full screen mode and zoom controls are available from the upper right corner of the window.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FTubGAALQlypAijl6oBwR%2FScreenshot%202025-02-13%20at%208.30.23%E2%80%AFPM.png?alt=media&#x26;token=2a101dfe-3bff-492c-80be-12d34239693e" alt=""><figcaption><p>Connecting to a Linux Machine</p></figcaption></figure>

### Connection Dock

The Connection Dock provides instant switching between active sessions. The dock can be moved to any desired location on the screen.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FPlGsdo9FpLSAzAlGSb99%2FScreenshot%202025-02-13%20at%208.56.59%E2%80%AFPM.png?alt=media&#x26;token=2fd079f1-77ed-4ffe-9835-bc848e6bae0c" alt=""><figcaption><p>Connection Dock</p></figcaption></figure>

The dock can be minimized and moved anywhere on the screen.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F5Lbi85YjOpnzJHKITAiJ%2FScreenshot%202025-02-13%20at%208.58.02%E2%80%AFPM.png?alt=media&#x26;token=d2eb9fde-f6fe-464c-8c74-b3b74725c4bf" alt=""><figcaption><p>Connection Dock Minimized</p></figcaption></figure>

### How do Keeper Connections Work?&#x20;

When launching a connection, the Web and Desktop Vault Client will render a window with the established connection protocol to the specified target defined on the PAM record.  This is done by:

1. The Vault Client communicating with the Keeper Gateway with the relevant connection info through a secure tunnel
2. The Keeper Gateway then establishes the connection protocol to the target defined on the PAM Record&#x20;
3. After establishing the connection, the Keeper Gateway projects the visual session to the Keeper vault client.

For more information on the architecture, see this [page](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/architecture).

## Why Use Keeper Connections?&#x20;

IT Admins, DevOps and development teams struggle with protecting access to cloud and on-prem infrastructure to endpoints like remote desktops, Windows machines, Linux Servers, critical web-based apps, Kubernetes clusters and Databases.

Keeper Connections protects your business, your employees and your customers against data breaches by providing a unified vault for all access and control. Reducing risk and simplifying access are the core tenants of the Keeper platform.

* Lower complexity: All zero trust access is managed by the Keeper Vault
* Lower employee risk: No VPNs, No ZTNAs and no Agents
* Lower supply chain risk: No client-side connection apps
* Lower attack surface risk: Zero-knowledge encryption and networking

## Keeper Connection Features&#x20;

* Support for RDP, SSH, VNC, K8s, telnet remote access protocols
* Support for MySQL, PostgreSQL, SQL Server database protocols
* Remote browser isolation (http/https) protocol for web-based apps
* Drag-and-drop file transfer via SFTP to target machines
* Session Recording and playback
* Privileged Session Management
* Role-Based Access Controls

To get started with Keeper Connections, proceed to the [next section](https://docs.keeper.io/en/keeperpam/privileged-access-manager/connections/getting-started).&#x20;