Frequently asked questions

1. How many user sessions can be stored on Wheel Fudo PAM at once?

2. How Wheel Fudo PAM supports sessions archiving?

3. How to calculate storage space required for archiving sessions?

4. How users can hide their activities on servers which they access through Wheel Fudo PAM?

5. How to determine unauthorized access attempts to supervised servers?

6. Is it possible to hide the Wheel Fudo PAM login screen when connecting over the RDP protocol?

7. Why the users list in the connection’s properties is incomplete?

8. Why is a user removed from the LDAP/AD server still present on Wheel Fudo PAM?

9. How frequently are users’ definitions synchronized with an LDAP/AD server?

10. I see * instead of the keystrokes in the session player. Is it possible to see the actual keyboard input?

11. Can I deactivate a session URL?

1. How many user sessions can be stored on Wheel Fudo PAM at once?

Wheel Fudo PAM is delivered with 20TB of hard drive space dedicated to storing users sessions.

Size of the stored session is determined by user’s activity. A minute of recorded connection takes on average:

RDP 1 MB active user session (no activity generates almost no data). Definite session size depends on the screen resolution, color depth and actual user activity.
SSH 50 kB active session.

Given that assumptions, 20TB of disk space allows recording:

  • approximately 36 years of RDP sessions;
  • approximately 760 years of SSH sessions.

Note

Wheel Fudo PAM allows specifying how long sessions data should be stored, and will automatically delete session data after a certain time, determined by retention parameter, elapses.

2. How Wheel Fudo PAM supports sessions archiving?

All sessions are stored on Wheel Fudo PAM internal storage space. In addition to that, Wheel Fudo PAM allows exporting sessions in native format or a video record.

3. How to calculate storage space required for archiving sessions?

File size of sessions in native format are the same as in question 1. In case of video record, file size depends on the codec and resolution settings.

4. How users can hide their activities on servers which they access through Wheel Fudo PAM?

In case of the SSH protocol, Wheel Fudo PAM supports SCP channel and monitors all transferred files, including scripts. This allows auditing given session searching for malicious code embedded in software sent to the server.

Protection of other communication channels (e.g. web browser or other applications) are task for different kind of solutions. There is no solution similar to Wheel Fudo PAM which are able to monitor such channels, thus it is important to create proper server configuration by the system administrator.

5. How to determine unauthorized access attempts to supervised servers?

Unauthorized access and DoS attacks attempts, can be determined by analyzing event log entries. Each ERROR or WARNING severity entries should be closely examined. Cases of login timeout errors can be potential DoS attack attempts.

6. Is it possible to hide the Wheel Fudo PAM login screen when connecting over the RDP protocol?

Hiding the Wheel Fudo PAM login screen requires using the Enhanced RDP Security (TLS) + NLA security mode.

7. Why the users list in the connection’s properties is incomplete?

The users list in the connection’s properties does not contain users synchronized with the LDAP service. To assign a connection to an LDAP synchronized user, define a group mapping in the LDAP synchronization properties or disable the synchronization option for the given user.

8. Why is a user removed from the LDAP/AD server still present on Wheel Fudo PAM?

Deleting a user object from an AD or an LDAP server requires performing the full synchronization to reflect those changes on Wheel Fudo PAM. The full synchronization process is triggered automatically once a day at 00:00, or can be triggered manually in the LDAP synchronization settings view.

9. How frequently are users’ definitions synchronized with an LDAP/AD server?

New users definitions and changes in existing objects are imported from the directory service periodically every 5 minutes. The full synchronization process is triggered automatically once a day at 00:00.

10. I see * instead of the keystrokes in the session player. Is it possible to see the actual keyboard input?

Presenting keyboard input qualifies as a sensitive feature and it is disabled by default. Enabling displaying keystorkes in the session player requires a consent from two superadmin users. Refer to the Sensitive features topic for the details on enabling this functionality.

11. Can I deactivate a session URL?

Active session URL can be deactivated anytime. URL revoking procedure is described in the Sessions sharing topic.