On-Prem Connection Manager

Manage a self-hosted version of Keeper Connection Manager

Overview

For use cases where a self-hosted or air-gapped PAM solution is required, customers can deploy the Keeper Connection Manager product. Keeper Connection Manager self-hosted licenses are included in the purchase of KeeperPAM.

Keeper Connection Manager (on-prem)

What is Keeper Connection Manager On-Prem?

Keeper Connection Manager (KCM) On-Prem is an agentless remote desktop gateway that provides instant and secure access to desktops, servers, databases and web applications from a web browser. KCM is deployed as a container, and does not require connectivity to Keeper's cloud.

Benefits of the KCM On-Prem platform:

  • Self-hosted

  • Support air-gapped environments

  • Agentless

  • Mobile and tablet friendly

  • Customizable with plug-in architecture

  • Custom authentication modules

Features include:

  • Support for RDP, SSH, VNC, K8s remote access protocols

  • Support for MySQL, PostgreSQL, SQL Server database protocols

  • Support for web application protection through Remote Browser Isolation technology

  • Session Recording and playback

  • Privileged Session Management

  • Multi-User Session Sharing

  • Role-Based Access Controls

  • MFA Options: TOTP, Duo

  • PIV/CAC smart card authentication

  • SSO, OpenID Connect, Active Directory, LDAP Integration

  • Custom Branding

KeeperPAM vs. Keeper Connection Manager

KeeperPAM is a cloud-native privileged access solution that requires only a lightweight gateway installation, while Keeper Connection Manager (KCM) is a fully self-hosted solution.

KeeperPAM works through outbound-only connections with zero-knowledge encryption, eliminating the need for inbound firewall rules or direct line-of-sight to resources. In contrast, KCM is fully hosted by the customer with control over the authentication, database, web server, reverse proxy and session recordings.

Customers who purchase KeeperPAM may use either the cloud version (described in this documentation) or the self-hosted connection manager as part of the license.

Integration with KeeperPAM

Keeper Connection Manager can pull credentials from the Keeper vault through an integration with Keeper Secrets Manager.

References

PreviousKeeperAINextReferences

Last updated

Was this helpful?