top of page
Search

Delinea: On-Prem or Cloud?

Delinea Secret Server strengthen PAM
Strengthen Enterprise Access Security with Delinea Secret Server

Delinea Secret Server is a popular name in the industry, opted for by a lot of companies across industries. But before choosing any platform, it requires a lot of research and analysis.


I have been working closely with the Delinea Secret Server for quite a long time now, on different environments, whether it is on-prem or cloud. There were a lot of projects I worked on, and also faced several challenges. But no worries, there were solutions implemented to overcome challenges and strategic approaches followed to improve our client's overall access security.



Read the full blog to know the platform inside out!



Work Done Using Delinea Secret Server


Here is the list of work that I performed using the Delinea platform –


  1. Took care of the overall workflow of Delinea Secret Server to strengthen the PAM strategies of clients. Overlooked implementation, and administration, along with optimizing the platform to make the best use of it, whether on-prem or cloud environment.


  2. Handled setting up several key configurations that include:


    • Password Rotation

    • Heartbeat Monitoring

    • Proxy and Launcher Setup

    • High Availability Clustering using RabbitMQ


  3. Primary and important tasks within PAM solutions require proper handling. Thus, improving the overall stability and performance of the solution and systems involved is a task in itself. Key tasks include:


    • Session launches (RDP, SSH, WinSCP): These are remote access tools whose functionality needs to be administered for smooth operations

    • Retrieving credentials: Ensuring that systems and users are able to retrieve credentials when and where required after proper authentication, quickly and securely



Challenges Faced While Working With The Platform


  1. Insufficient permissions and blocked network ports are leading to failure in password rotation and heartbeat monitoring

  2. Errors during the launching of tools like WinSCP, displaying messages such as “host not communicating after 15 seconds”

  3. Timeouts and silent session failures were noticed in the RDP launcher

  4. Session issues in load-balanced setups, caused by missing X-Forwarded-For headers and misconfigured NAT rules

  5. Firewall or VPC access control misalignments in cloud environments, causing target systems to be unreachable

  6. Lack of a centralized system responsible for managing sensitive data across essential components

  7. Difficulties integrating PAM with external systems like SSO, SCIM, and SIEM

  8. Privileged account activities were not properly monitored or tracked

  9. Performance issues under high session or credential load



Solutions Implemented to Overcome Challenges


  1. Assigned admin-level access to rotation accounts only after proper verification and validation

  2. Opened necessary firewall ports (135, 445, 3389, 22) to resolve password rotation and heartbeat issues

  3. Enabled session recording and alerting mechanisms for high-risk activities

  4. Configured and tested X-Forwarded-For headers on the load balancer for consistent session routing

  5. Checked cloud network policies and refined NSG and firewall rules to ensure uninterrupted system access

  6. Turned off the "Optimize buffer size" option to fix WinSCP session launch errors

  7. Deployed auto-discovery and automatic password rotation for seamless privileged account management

  8. Integrated SAML and Active Directory, and automated user provisioning/de-provisioning using SCIM

  9. Improved performance and productivity by scheduling background jobs, optimizing RabbitMQ queues, and maintaining SQL database health

  10. Built custom reports and dashboards for compliance and audit visibility



Approach Followed


  1. Conducted discovery workshops with stakeholders to gather business and technical requirements

  2. Performed thorough inspections to identify gaps and risky areas

  3. Designed and deployed a hybrid architecture – on-prem for critical, cloud for scalability

  4. Aligned least privilege access with RBAC principles to enhance access security

  5. Performed log analysis and manual testing for password rotation and heartbeat failures

  6. Worked with network teams to validate connectivity, port access, and firewall policies

  7. Diagnosed launcher behavior across proxies to isolate session instability issues

  8. Tested integration and performance using third-party security and identity tools

  9. Trained internal teams, conducted periodic workshops, and shared documentation to strengthen the knowledge base

  10. Resolved performance and security issues by monitoring logs, metrics, and system/user activities continuously


If you are looking for an implementation and managed service partner for securing and strengthening access security, then IDMEXPRESS is here!


Secure your tomorrow by contacting us today!



 
 
 

Commentaires

bottom of page