Indeed PAM Gateway

The Indeed PAM Gateway component is installed onto Remote Desktop Session Host server. If there are several RDSH servers, then the Indeed PAM Gateway has to be installed onto each of them.

Attention! Make sure the RDS role is preinstalled and configured. The Indeed PAM Gateway component should be installed last.

All URLs are specified in lowercase.

Switch to C:\Program Files\Indeed PAM\Gateway\ProxyApp folder and edit Pam.Proxy.App.exe.config file:

Core section

  • Url - URL of Indeed PAM Core

    "Core": {
  "Url": "https://pam.domain.local/pam/core"

Auth section

  • IdpUrl - URL of Indeed PAM IdP

  • GatewaySecret - Secret for additional component authentication

    The secret is generated by the console utility Pam.ConsoleApp.exe

    "Auth": {
  "IdpUrl": "https://pam.domain.local/pam/idp",
  "IdpRequiresHttps": true,
  "GatewaySecret": "DdtlPwUty5pVElPwXfqvfXCx2LSqr1loM0KC0N6i+mC0iKH8DL8RuPbW14GHolsm/I3Hfwz3qqzzhsp5VzDtAw=="
},

Session section

  • AgentConnectionTimeout - timeout for a response from Indeed PAM Agent until the session is aborted

  • AgentHeartbeatTimeout - interval for checking Indeed PAM Agent operation 

      "Session": {
    "AgentConnectionTimeout": "00:01:00",
    "AgentHeartbeatTimeout": "00:00:20"
  },

Media section

  • VideoTempPath - path to the temporary files folder, C:\ProgramData\Indeed\Pam\VideoTemp is the default path

    "Media": {
  "VideoTempPath": ""
},

FileCopy section

Conditions for copying files from a mapped drive to shadow storage:

  • MaxPercentToIgnore - skip the file if no more than the specified percentage of the file size is read
  • EnoughPercentToSave - save the file if read at least the specified percentage of the file size

  • MinBytesToSave - save the file if the specified number of bytes are read

      "FileCopy": {
    "MaxPercentToIgnore": 1,
    "EnoughPercentToSave": 50,
    "MinBytesToSave": 1048576
  },

Rdp section

  • UseMultimon - support for multiple monitors in an RDP session

      "Rdp": {
    "UseMultimon": true
  }

Configuration of session collection

  1. Log in to the server that performs Remote Desktop Connection Broker role and run Server Manager
  2. Switch to Remote Desktop Services - Collections
  3. In the Collections section click Tasks and select the Create session collections item
  4. Create a collection with parameters you need using the wizard
  5. Click Tasks in the RemoteApp Programs section and select Publish RemoteApp Programs item
  6. Click Add, select the C:\Program Files\Indeed PAM\Gateway\ProxyApp\Pam.Proxy.App.exe application, click Next and then Publish
  7. Open the context menu of the published application in the RemoteApp Programs section and select Edit Properties item
  8. Switch to Parameters, mark the Allow any command-line parameters option and click ОK

  • No labels