Deployment scenarios

Note

It is advised to deploy the Wheel Fudo PAM within the IT infrastructure, so it only mediates administrative connections. It will allow for lowering system load, network traffic optimization as well as maintaining access to hosted services in case of hardware malfunction.

Bridge

In bridge mode Wheel Fudo PAM mediates communication between users and servers regardless whether the traffic is being monitored (i.e. it uses any of supported protocols) or not.

../../_images/deployment_bridge.png

Mediating packages transfer, Wheel Fudo PAM preserves source IP address when forwarding requests to destination servers.

Such solution allows keeping existing rules on firewalls which control access to internal resources.

For more information on configuring bridge refer to the Network configuration topic.

Forced routing

Forced routing mode requires using a properly configured router. Such solution allows controlling network traffic in third ISO/OSI network layer, so only administrative requests are routed through Wheel Fudo PAM and the rest of the traffic is forwarded directly to the destination server.

../../_images/deployment_router.png

This mode does not require changes in existing network topology and enables network traffic optimization due to separating requests from system administrators and regular users.

Related topics: