Overview
Unified Gateway/Remote Access
Please note that these docs are written with the Gateway and Remote Access single chart deployment. You may continue using the separate Gateway and Remote Access solution you currently have in order to access your remote resources.
What is Remote Access?
Akeyless Platform's Remote Access solution enables users to securely connect directly to resources - servers, databases, internal applications, and SaaS - in any of your environments, whether private, public, or on-prem.
Users can connect securely to resources either from the internal Remote Access Portal, public Remote Access Portal via the web, Desktop Application, or using the Akeyless Connect command for native CLI access to certain resources from any UNIX terminal. Akeyless supports a variety of protocols, including SSH, RDP, SQL, Kubectl, and more.
Architecture
Remote Access is deployed alongside the Akeyless Gateway and consists of a Web application and SSH application, each a separate container in the cluster. These applications are deployed on your environment and enable an extra layer of protection between your private network and the cloud:
- Web: The web application is a web-based portal that enables your users to securely access internal resources such as databases, clouds, RDP, LDAP, K8s, and more.
- SSH: The SSH application is used for both web-based portal access to SSH hosts as well as Akeyless Connect and Akeyless SCP.
When a user needs to connect to a resource, Akeyless Remote Access, through the Gateway, interfaces with the Akeyless SaaS for user authentication and authorization. It then retrieves the required credentials from the Akeyless account and automatically injects them into the resource to give the user access.
In this way, our Remote Access solution uniquely combines the ability to interface with 3rd-party identity providers for authentication with granular role-based access control for authorization and the ability to provide just-in-time access to remote endpoint resources, using dynamic secrets as short-lived credentials and certificates.
Key Features
Akeyless Remote Access offers a lot of important features for remote teams. Here are a number of the key features:
- Just-in-time Access: With Remote Access, just-in-time secrets can be created and injected into a remote resource, such as a database, on the fly.
- Rotated Secret Access: Privileged secrets can also be used to access remote resources with the ability to automatically rotate the credentials when the session ends.
- Support for Various Protocols: Akeyless supports a variety of protocols, including SSH, RDP, SQL, Kubectl, and more.
- Request for Access: Admins have the ability to enable an option for users to request access for a specific resource on-demand.
- Audit and Session Management: Akeyless provides full session management with auditing and recording capabilities to keep you compliant. You can also forward the system logs to your preferred log management solution, as described in Log Forwarding.
- Granular RBAC: Every user is given access to only the resources they should have access to. That means you can be sure that your developers don't have access to more than they need. Users also only need List access to to secrets which means they can't read secret values.
- Native SSO integrations: Remote Access works with various SSO protocols such as OIDC, SAML, and more.
- Multiple connection methods: WebUI, CLI, Desktop app
Use Cases
Secretless User Access
Allow your users to access sensitive infrastructure resources without credentials.
Just-in-Time Zero-Trust Access
Implement a gold-standard Zero-Trust environment and make auditing a breeze.
3rd Party Access
Provide third-party access to resources without compromising your security.
Manage Access to K8s Clusters
Remote Access supports access to any flavor of K8s cluster, including EKS, GKE or any other generic K8s cluster.
Supported Resource Types
Akeyless' Remote Access solution supports connections to the following resource types:
- Databases
- Windows Remote Desktop
- AWS Console
- Azure Portal
- GCP Portal
- SSH Servers
- LDAP Servers
- RabbitMQ
- Kubernetes
- Web Applications
- Kubectl
Web Access
In addition, you can define Remote Access to external SaaS systems using the Web Access Application as a separate deployment, not connected to the Gateway. This enables you to remotely access web-based applications in Isolated mode, which restricts user access to only the websites you determine, either while connected to a SaaS system or using a secure proxy mode to enable access for an internal resource from the external network.
For details about the various Remote Access components, see Infrastructure Components.
Updated about 1 month ago