Client deployment modes
The IBM® Security Privileged Identity Manager uses the IBM Security Access Manager for Enterprise Single Sign-On AccessAgent as its client-side component. You can deploy the client either on user workstations or on a Citrix or Remote Desktop Gateway server that acts as a gateway.
Client on user workstations
In this mode, AccessAgent performs automated check-out, check-in, and session recording operations on applications that are running on user workstations. This deployment mode is suitable when users do not have administrative privileges on their workstations.
The workstations where AccessAgent is installed must be configured to run in the default "personal desktop" mode in IBM Security Access Manager for Enterprise Single Sign-On. Shared desktop and private desktop configurations are not supported.
Client on Citrix gateway
For enhanced security and easier management, AccessAgent can be deployed on a Citrix XenApp server that acts as a gateway to the managed resources. The client performs automated check-out, check-in, and session recording operations on published applications that are running on the Citrix XenApp server.
Users access applications that are used for connecting to the managed resources, such as Remote Desktop Connection Client and PuTTY, through the Citrix Receiver application.
In this mode, the AccessAgent does not need to be installed on user workstations. If the client is also on the workstation that is used to access the Citrix gateway, then the client on the Citrix gateway can use the Virtual Channel connection or operate in Lightweight mode. See the section AccessAgent on Citrix and Terminal Server Guide in the IBM Security Access Manager for Enterprise Single Sign-On product documentation.
Client on a Remote Desktop Gateway
Remote Desktop Gateway, a role service that is part of the Remote Desktop Services server role on Windows Server 2012, enables organizations to provide access to standard Windows programs from virtually any location and from the Internet or an intranet.
Similar to the Citrix gateway, the Remote Desktop Gateway acts as a gateway to the managed resources. In this mode, the AccessAgent client can be deployed on a Remote Desktop Gateway server as a RemoteApp. Programs published as RemoteApp programs are accessed remotely by users through Remote Desktop Services or Remote Desktop Web Access and appear as if they are running on the local computer.
Users can perform automated check-out, check-in, and session recording operations with privileged credentials that are managed by IBM Security Privileged Identity Manager and with other RemoteApp programs like PuTTY.
For more information, go to the Microsoft website and search for Remote Desktop Gateway 2012.
