How it Works

strongDM is a proxy that manages and audits access to databases, servers, clusters, and web apps. The strongDM network is comprised of a local client, gateway intermediary, and configuration control plane.  All data routes through your network.

The Local Client

The local client tunnels requests from the user’s workstation to the gateway, through a single TLS 1.2-secured TCP connection. strongDM supports Mac, Windows, and Linux workstations.

To authenticate, users login to the local client; that call can be optionally redirected to an identity provider / SSO.

The Gateway

Gateways are the entry point to your network.  They can be assigned a DNS entry, or sit privately on the corporate network and/or behind a VPN.  Gateways are deployed in pairs, and scale horizontally.

In the case of a flat network, it is the gateway that talks to the target systems.  If internal subnets disallow ingress, relays create a reverse tunnel to form connections to the gateway.  

Gateways decrypt credentials on behalf of end users, and deconstruct requests for the purposes of auditing.

app.strongdm.com

The SaaS layer is where configuration is housed.  Users are assigned to roles, and roles are collections of permissions across servers, databases, clusters, and web apps.  Configuration is pushed down to end user workstations, and updated in real-time.

Get started with your first strongDM server or database in 5 minutes.

Try it Free