Applications

Vendor Privileged Access Management (VPAM) Applications are a collection of services on various hosts and ports. With applications, you can manage access to these hosts and ports for specific Vendors, Vendor Representatives, and Users of your VPAM server. Additionally, VPAM applications enable you to create custom access rules for date, time, and roles.

VPAM applications are managed by a Gateway or a Gatekeeper. Gateways and Gatekeepers are software systems that enable you, your users, your vendors, and the vendor representatives to initiate remote connections to an application.

The key differences between a Gateway and a Gatekeeper are:

Feature Gateway Gatekeeper
Application management Gateways can manage several applications at the same time, but if an application is managed by a Gateway, the application can not have built-in services. Gatekeepers can only manage a single application at a time, but Gatekeepers can provide the application with built-in services, such as Desktop Sharing and File Transfer.
Access Gateways enable vendor representatives to access a single or multiple applications at a time, but the Gateway cannot provide any additional services. Gatekeepers enable vendor representatives to access a single application at a time, as well as provide built-in or customizable services to remotely connect and manage the application.
Instancing Gateways enable you to create instances to maintain availability of the applications they manage. Gatekeepers do not have instances.

Read the Gateway Documentation and Gatekeeper Documentation to understand their features and configure your assets.

Applications Menu

After you log in to your VPAM server, click Applications to open a list of all the applications in your server. From the Applications page, you can create new applications, edit a single application or edit multiple applications at the same time, and connect to an online application. Additionally, the Applications page enables you to open the List Gateways page, where you can create and edit Gateways.

The Applications page has a table with all the applications in your VPAM server. The table contains the application's name, description, the Gateway that manages it, its status, an option to view the application's details, and the option to connect to the application.

Each application can have one of the following statuses:

Status Description
Ready The Application is ready for connection.
Online There is an active Session for this Application, but nobody's connected to it. This could be because users have recently disconnected from the Application, or are in the process of connecting.
Connected Users or Vendor Reps are currently connected.
Ready A yellow background indicates that access expires soon due to either an explicit Access Expiration time or an Access Schedule. View the Application for details.
Offline The Application is offline. This can happen when the Gatekeeper system is powered off or doesn't have network connectivity.
Not Registered

The Registration Code has not been entered into the Gatekeeper interface.

  • Click View to see the Application's details page, and scroll to the Gatekeeper or Gateway section to find the registration code.

  • Navigate to the Gatekeeper interface on the Gatekeeper box and type in the registration code.
Offline Access to the Application has expired. The Application has either an Access Schedule set or an expiration date.

Select the application name to open the View Application Details page.

View Application

When you open an Application Details page, you can see the Authorized User Groups, and Authorized Vendors. Admin users can authorize more User Groups and Vendors for an application by clicking Edit on the View Application page. The Application Details page contains the following information:

  • Gateway Information: The Gateway Information section shows information about this Application's Gateway system. For Applications that are on a Gatekeeper system instead of a Gateway system, this section shows information about the Gatekeeper host.

  • Authorized User Groups: Authorized User Groups determine which VPAM users can add Vendor Reps to access this Application. Users cannot see an Application if they are not in one of the authorized user groups. Users in an Authorized User Group can also connect to the Application.

  • Authorized Vendors: The Authorized Vendors list is a list of Vendors who are allowed to support this Application. Only Vendor Representatives of these Vendors can access the application and its configured services.

New Application

If you have a brand new VPAM server, you might want to start by creating a new application. To follow this process you must have an administrator role. To create a new application from the Applications page, click Add New Application. Follow the steps below to complete your new application creation:

  1. Select the application management type: Gateway or Gatekeeper.
    Remember, Gateways can manage multiple applications but do not provide built-in services; while Gatekeepers can manage a single application with built-in services.

    • If you select Gateway, you must select an existing Gateway to add the application. Read the Gateway documentation for more information.

    • If you select Gatekeeper, you will need to create, download, install, and register the Gatekeeper at the end of the New Application process. Read the Gatekeeper documentation for more information.

  2. Complete the Application details.
    Consider the following:

    • Application Name: Provide a unique name to the application. Required field.

    • Description: Provide a clear and short description. Required field.

    • Department: Select the server's department for the application.

    • Vendor Connection Form: Select a form that a vendor representative must complete to connect to the application. Read the Vendor Connection Forms section of the Settings document for System Admins for more information.

    • Primary Contact: Provide the name of the person in charge of the application.

    • Contact Phone:  Provide the primary contact's phone information.

    • Contact Email:  Provide the primary contact's email.

    • Approval Profile: Select the form that the application owner must complete to provide vendor reps access to the application. Read the Approval Profiles section of the Settings document of for System Admins for more information.

    • Access Expires: Configure the access policy to the application. Read the Access Expires Configuration section for more information.

    • Application Labels: Select the label for the application.

    • Authorized User Groups: Select the Users in your servers that have access to this application.

    • Authorized Vendors: Select the Vendors (and the vendor reps assigned to the Vendor) that have access to this application.

  3. Save the Application.

If you created a Gateway application, the selected Vendors and Users can now access the application in the Gateway you hosted this application.

If you created a Gatekeeper application, you must continue to download, install, and register the Gatekeeper for this application. Read the Gatekeeper documentation for more information.

The Access Expires configuration in the New Application and Edit Application pages enable you to create custom access rules for an application. The access rules are:

  • Disable Access Now: Instantly remove access to all Users and Vendor Reps. You can reinstate the access by changing this configuration again.

  • Enable Access for: State a time in hours, days, or weeks for this application to be accessible by Users and Vendor Reps. When the time passes, Access is restricted.

  • Enable Access Until: Set a date and time in which access is open. When the date and time arrive, Access is restricted.

  • Use an Access Schedule: Set the days and time when you open access. The weekly access feature displays when you select this option.

Edit an Application

To edit an application, click the Application Name from the Applications page and click Edit. From the Edit Application page, you can:

  • Change the application's details such as the name, description, Authorized User Groups, and Authorized Vendor Groups.

  • Specify that access to an application should be Disabled either now, or at some point in the future. See the Access Expire Configuration section for more information.

  • Delete the application by clicking Delete.

NOTE:
Removing user group access takes effect immediately after clicking Save, and will disconnect any connected users from the removed groups.

This page also enables you to modify the services available in the application. To change the services provided by an application, click Edit Services.

From the Edit Services page, you can:

  • Add a new service to a host by clicking New Host.

  • Delete the service by clicking Delete Host.

  • Modify the service by selecting the service and changing its attributes, including the service name, description, port, default local port, port type, etc.

Read the Services documentation for more information on the configuration of services, hosts, and ports.

Edit Multiple Applications

You can also edit multiple applications by clicking Edit Multiple Applications from the Applications page. This will take you to a page where you can select the applications you wish to edit.

After selecting the applications you wish to edit and clicking Edit Selected, you can select the fields you want to edit for all the applications, at once.

NOTE:
If you select User Groups or Vendors in this form, it removes existing User Groups or Vendors from the selected applications and will replace them with the ones you choose.

Connect to an Application

From the Applications page, you can click Connect to initiate a connection to the application. Read the Sessions documentation for more information.

List Gateways

The List Gateways page lists all the available Gateways in your VPAM server. From this page, you can create and edit Gateways. Read the Gateways documentation for more information.