RDP Protocol - Azure Virtual Machine

Overview

In this guide, you will learn how to configure a Azure Virtual Machine on your PAM Machine and configure the RDP protocol to successfully launch a zero-trust connection to the Azure Virtual Machine — directly from your Keeper Vault.

Summary

For this setup, you need to do the following:

1. Enable the Connection Enforcement Policies

2. Install and Configure the Keeper Gateway

3. Create and configure the PAM Configuration File

4. Create the PAM Machine and PAM User record types

5. Configure PAM Settings and the RDP Connection Protocol

After completing the above, you can launch zero-trust connections to the Azure Virtual Machine directly from your Keeper Vault.

Step 1 - Enable Connection Enforcement Policies

From the Admin Console, enable the corresponding PAM Enforcement Policies for connections:

Step 2 - Install and configure the Keeper Gateway

Prior to creating the PAM Record types in your Vault, the Keeper Gateway needs to be installed in your infrastructure. Visit the following guides based on your needs:

• Windows Installation

• Linux Installation

• Docker Installation

Additionally, the Keeper Gateways needs to be configured with the Gateway token. For more information, visit this page.

Step 3 - Configuring the PAM Configuration

The PAM Configuration contains critical information on your infrastructure, settings and associated Keeper Gateway. Visit the following pages for more details based on your target infrastructure:

• Setting up Local Environment on the PAM Configuration

• Setting up AWS Environment on the PAM Configuration

• Setting up Azure Environment on the PAM Configuration

Step 4 - Create and Configure PAM Machine and PAM User(s) Records

After setting up your Gateway and PAM Configuration Record, the Azure Virtual Machine and its users need to be configured on PAM Record types in your Vault:

• PAM Machine - The Azure Virtual machine is configured on this record type

• PAM User - The Azure Virtual User is configured on this record type

Refer to this example on how to configure Azure Virtual Machine on a PAM Machine record type:

Step 5 - Configuring PAM Settings and RDP Protocol

The PAM Machine record type contains the necessary information required for the Keeper Gateway to locate and establish a connection with the machine, while the PAM User record type contains the necessary information to authenticate the connection.

The PAM Settings need to be configured to enable connections or tunnels on the target defined on the PAM Machine Record. To configure the RDP protocol, visit the following page:

Launching Connections

Once you have configured the RDP Protocol connection on your PAM Machine Record, your record will contain the following connection banner with the "Launch" Button:

In the above image, an Azure Virtual Machine has been configured on the PAM Machine Record. When clicking launch, the Vault Client will render a window with the established connection protocol to the specified target:

Sharing PAM Machine Records

PAM Machine records can be shared with other Keeper users within your organization. However, the recipient must have the appropriate PAM enforcement policies in place to utilize KeeperPAM features on the shared PAM records.

When sharing a PAM Machine record, the linked admin credentials will not be shared. For example, if the PAM Machine is configured with an Azure Virtual Machine, the recipient can connect to the Azure Virtual Machine on the PAM Machine record without having direct access to the linked credentials.