Lab_architecture - sandersdHES/PAMEmergingTech GitHub Wiki
4. Lab Architecture
4.1 Environment
Our lab was built using Microsoft Azure, leveraging its scalable infrastructure and ease of resource provisioning.
4.2 Components
The lab setup includes the following components:
| Component | Role |
|---|---|
| PAM360 Server | Central management console for privileged access, credential vault, session monitoring, and Zero Trust enforcement |
| Active Directory Server | Centralized identity management system used for user authentication, group policies, and AD-integrated login scenarios |
| Windows 10 Client VM | Simulates end-user scenarios such as RDP access, password requests, and session recording |
| Ubuntu Linux VM | Demonstrates SSH-based access control, command restriction, and key-based authentication |
| Test Users (Windows & Linux) | Created via PowerShell and added to AD, used to simulate roles like administrators, power users, and standard users |
| Azure SQL Server & Database | Represents a cloud-hosted data resource secured via PAM360, with session auditing and password rotation capabilities |
| Azure Web App (TOTP Demo) | A demo application used to showcase TOTP integration with PAM360 for secure authentication and form autofill |
| VPN Gateway (Azure) | Provides secure remote access to the virtual network hosting PAM360, enabling controlled external connections to lab assets |
4.3 Network Design
All components were deployed within a single Azure Virtual Network (VNet) segmented using subnets for isolation:
-
Subnet A: Management Layer – PAM360
-
Subnet B: Resource Layer – AD, Linux and Windows VMs
Network Security Groups (NSGs) were configured to tightly control traffic between subnets, only allowing required ports (e.g., RDP 3389, SSH 22, HTTP 80/8282, SQL 1433). VPN access has also been set up on the Management Layer. This allows user to connect from their local on PAM360, but not directly into the resources. You must go through PAM360 to access them.
4.3 Visual Architecture from our lab
4.4 Visual Architecture Template from ManageEngine
This diagram shows how users interact with PAM360 to access remote systems while traffic is monitored and routed securely through the PAM360 server, which acts as a central point of control and audit.