ADMINISTRATION

Although the theoretical schema is easy to understand, it can result in an administration complexity compared to the habits taken by many administrators who connect directly to servers from their workstations.

The different layers and their accounts are isolated from each other, which means that the same staff may have up to three administration accounts depending on the perimeter they need to intervene in and three standard accounts for taking control (see next chapter).

Fortunately, only technically competent staff who are capable of understanding the benefit of this measure and using tools such as password managers or a remote desktop manager are expected to intervene on the three layers.

PRIVILEGES ACCESS WORKSTATIONS FOR ADMINISTRATION

Regardless of the technologies behind your bounce servers (Wallix, Guacamole, Windows, etc.), the placement of your bounces will remain the same.

SOLUTION 1 : ONE PAW PER TIER

This is the most secure solution, but also the most expensive in terms of licenses or maintenance.

In this solution, we deploy a bounce server per layer. We also add a dedicated bounce for potential external interveners.

Each user connects to a bounce dedicated to the layer, with their user account for that layer. They then use the administration account as needed on the necessary infrastructure.

SOLUTION 2 : A SINGLE PAW

This solution is not recommended because it goes against the principle of three-tier architecture.

Unfortunately, the first solution may encounter financial (costs of multiple bounces) and technical (resource consumption) reality.

However, it does allow for securing the infrastructure at a lower cost by deploying a single bounce server for your administrators to manage the three layers. Ideally, make a second bounce for your contractors.

In this case, the bounce server will be positioned in tier 1 because it meets a functional need for administration. Placing this bounce in tier 0 would go against the principle of minimal privileges.