1 of 5

RDP Protocol - Azure Virtual Machine

Establish a connection to an Azure Virtual Machine directly from your Vault

Overview

In this guide, you will learn how to configure a Azure Virtual Machine on your PAM Machine and configure the RDP protocol to successfully launch a zero-trust connection to the Azure Virtual Machine — directly from your Keeper Vault.

Summary

For this setup, you need to do the following:

After completing the above, you can launch zero-trust connections to the Azure Virtual Machine directly from your Keeper Vault.

Step 1 - Enable Connection Enforcement Policies

Step 2 - Install and configure the Keeper Gateway

Prior to creating the PAM Record types in your Vault, the Keeper Gateway needs to be installed in your infrastructure. Visit the following guides based on your needs:

Step 3 - Configuring the PAM Configuration

Step 4 - Create and Configure PAM Machine and PAM User(s) Records

After setting up your Gateway and PAM Configuration Record, the Azure Virtual Machine and its users need to be configured on PAM Record types in your Vault:

Refer to this example on how to configure Azure Virtual Machine on a PAM Machine record type:

Step 5 - Configuring PAM Settings and RDP Protocol

The PAM Machine record type contains the necessary information required for the Keeper Gateway to locate and establish a connection with the machine, while the PAM User record type contains the necessary information to authenticate the connection.

The PAM Settings need to be configured to enable connections or tunnels on the target defined on the PAM Machine Record. To configure the RDP protocol, visit the following page:

Launching Connections

Once you have configured the RDP Protocol connection on your PAM Machine Record, your record will contain the following connection banner with the "Launch" Button:

In the above image, an Azure Virtual Machine has been configured on the PAM Machine Record. When clicking launch, the Vault Client will render a window with the established connection protocol to the specified target:

PAM Machine records can be shared with other Keeper users within your organization. However, the recipient must have the appropriate PAM enforcement policies in place to utilize KeeperPAM features on the shared PAM records.

When sharing a PAM Machine record, the linked admin credentials will not be shared. For example, if the PAM Machine is configured with an Azure Virtual Machine, the recipient can connect to the Azure Virtual Machine on the PAM Machine record without having direct access to the linked credentials.