Jump to content
Sign in to follow this  
Warlock

CyberArk PSM connection starting the journey

Recommended Posts

Warlock

Hello,

We use CybeArk password manager Vault and PVWA to access servers and applications in our environment. CybeArk recommends AutoIT to bridge the gap between the CyberArk Apppplications PSM (Privileged session manager) and the applications that the users would be accessing. I want to know where I should install AutoIT so as to be able to create and test "helper files" so that CyberArk can use the AutoIT file to complete its web connection to a web based application. Let me provide an overview, CyberArk removes or replaces the ability for employees to RDP to Servers and applications directly from thier desk to servers. CyberArk "brokers the rdp connection using a secure encrypted communication. When a user logs into CyberArk and selects a server and selects connect CybeArk will mark the "RDP" (This is a modified and encryoted version of RDP well call it CyberARK RDP or "CRDP") The user will connect to the servers desktop. I want to create AutoIT scripts to  allow people to connect to URL and weblinks and or applications via CyberArk PSM. 

My question is basic where do I install AutoIT on the CyberArk PSM server ?

Do I install on my workstation ?

Thank you! 

Share this post


Link to post
Share on other sites
JLogan3o13

@Warlock AutoIt scripts can be compiled into stand-alone executables. So you can install AutoIt on any workstation to create the scripts, and then copy the resultant exe's to wherever the users are going to access them from (network share, etc.).


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
iamtheky

Can you show some pseudo code of how you envision autoit participating?  I hesitate to help you automate anything with a PIM solution, and would certainly attempt to deter you from altering the baseline on the PIM server.  But if we can do something innocuous to make selection of the destination easier for the client, without doing anything to alter the attack surface of your environment, then lets proceed.  But you will need to explain it with code because I don't understand the intent of the OP.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
cargostud

I too am beginning the journey with CyberArk, PVWA and PSM.  If you use CyberArk you'll know what those components are.  CyberArk has published an implementation guide (only 1300 pages) and has a section on how to use AutoIT to build the connection components for the application that you want to integrate into PSM.  Like I said, I'm just getting started and its a challenge.  So far, I have installed AutoIT on a workstation and I have a sample AutoIT script from CyberArk with some guidance on how to modify it for different applications.  The implementation guide next shows you how to test, debug and install the new script on the PSM machine.  Unfortunately there is not a lot of details in the guide so depending on the application you may have to spend a lot of development time.  CyberArk gives you just enough information to get started.  I'll post my progress. 

If anyone else out there is working on an application integration with CyberArk please feel free to reach out.  I can use all the help I can get.

Share this post


Link to post
Share on other sites
iamtheky

if you have links to, or copies of, CyberArk’s autoit examples please post them.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×