On April 11, at the Palladium National Channel Partner Conference in 2019, Chen Yun, General Manager of Palladium, announced the official release of Palladium’s next-generation fortress machine (PAM) to meet the era of automated operation and maintenance. The needs of management and channel control empower the enterprise's security and intelligent operation and maintenance.

People who are not familiar with Palladium and Palladium may ask: Why are Palladium's products released at Palladium's conference? The answer is that Palladium and Palladium are homologous. In 2005, Chen Yun established Hangzhou Palladium Network Technology Co., Ltd. and released the fortress that year. In 2015, Chen Yun realized that what users really need is IAM (Identity and Access Management), so he founded Hangzhou Palladium Network Technology Co., Ltd., which focuses on the field of database application security.

Chen Yun believes that there are three "cancers" in network security: security vulnerabilities, weaknesses in human nature, and database security issues. The fight against network security "cancer" needs to be oriented to users' problems, starting from three directions: protection effects, solving the delay problem caused by security risks, and ensuring the stability of the user's business system. "Safety is not only a technical reason, but also a historical reason and management reason. To take these reasons into consideration, we must integrate safety and management into one."

It is for this reason that Palladium focuses on security management and continues to focus on the three major directions of database security, system security, and log big data analysis. As an important role of safety management, an important sub-module of IAM, the bastion machine will continue to be cultivated by Palladium. "In the second half of this year, Palladium will officially become a wholly-owned subsidiary of Palladium." Chen Yun also announced in his speech.

So, what is the next-generation bastion machine? What capabilities does the next-generation bastion machine have? What new elements does Palladium's next-generation bastion machine PAM add?

The new era needs a new bastion machine

With the continuous development of IT technology, the data center has been constantly evolving. At the host level, from traditional physical servers to virtual machines to microservice architecture; at the network level, from traditional networks to the current SDNS; at the storage level, from warehousing to data lakes; at the data center operation and maintenance level, from manual Operation and maintenance to the present IT operation and maintenance automation, development automation, DevOps and AIOps and other concepts have emerged, making the existing traditional bastion machines unable to adapt to these changes in IT infrastructure, unable to meet the security needs of users, and the new era needs new bastions machine.

In this regard, Palladium’s technical director Wang Feng also said that Fort Street urgently needs reform and upgrade. After years of development, although the fortress machine has formed a relatively complete account management, authority management and audit system, there are still many shortcomings:

One is that a single device cannot support large concurrency problems for multiple users, and cannot support cluster expansion.

Second, management is inconvenient, authorization needs to be added with strategies, and authorization cannot be visualized, that is, click and realize authorization, and human assets are presented in a tree form.

The third is that the access terminal is limited, and the mobile Internet of Things era cannot support mobile phone operation and maintenance and real-time control of data center assets and permissions.

Fourth, the account cannot be automatically collected. When the target asset account changes, the bastion host cannot know and respond.

Fifth, the use of privileged accounts of the automation platform cannot be supported, and the operation and maintenance of the automation platform has become an extra-legal place.

Sixth, it is unable to cooperate with ITSM, CMDB, DevOps, network management platform and other systems to coordinate process operation and maintenance.

What is the next generation of bastion machine?

How to solve the above problems and meet the security management needs of the future data center? The next generation of fortress machines came into being.

"The so-called next generation is more vividly a new generation. The new generation of fortresses addresses the new needs of the new generation of data centers and meets the existing IT infrastructure." Wang Feng, Technical Director of Palladium, believes that the next generation of fortresses emphasizes privileges. Account management center, and need to have the following six attributes, can be called the next-generation bastion machine.

Attribute 1: Provide programmable environment channel. Automatic program penetration can be carried out. Through the API interface, the operation and maintenance automation is no longer outside the law, and the entire automation process can be managed and audited.

Attribute 2: Supports highly reliable clusters and distributed deployment. The volume of the data center is getting larger and larger, and the corresponding bastion machine also needs to adapt to it, and it needs to support clustering and distributed deployment in any environment.

Attribute 3: Support mobile management and operation and maintenance BYOD. In the era of mobile Internet, mobile management and operation and maintenance have gradually become rigid demands. The next-generation bastion machine PAM can conduct multi-faceted management and operation from the perspective of managers and operators through dedicated apps.

Attribute 4: Data security control. Data security is the core concern of enterprises, and it is necessary to solve the problem of unauthorized copying and leakage of data during the operation and maintenance process.

Attribute five: account security management. All accounts in the server and the network can be collected with one click, and their status can be seen at a glance, and the most complete single sign-on can be achieved.

Attribute six: high experience, high convenience. Customize management of account permissions, support multiple browsers, provide customers with a visual permission matrix display, and provide one-stop security settings.

Wang Feng said: "The importance of the bastion host is higher than that of the network firewall. It manages all permissions and is a high-frequency security device that is convenient to use and supports various application environments, and its own security is also extremely important. A good next-generation bastion Confidentiality is mature and stable, safe and reliable, and technologically advanced."

Empowering enterprise security and intelligent operation and maintenance, Palladium's next-generation fortress machine PAM released

So, what features does Palladium’s next-generation bastion machine PAM include? What new elements are added?

Wang Feng told reporters that Palladium's next-generation bastion machine PAM not only has all the functions of a traditional bastion machine, such as: single sign-on, multi-factor authentication technology, OCR title recognition technology, data synchronization technology, and seamless RemoteApp applications. "It will also provide unified and independent account management and channel control services for the data center infrastructure. The data center infrastructure is programmable. So far, SDN, SDS, ITSM, CMDB, automated operation and maintenance, various network management software, etc., will be available through The next-generation bastion host programs the data center infrastructure to achieve closed-loop control and AI processing."

Wang Feng explained using the financial industry application as an example that with the vigorous development of e-banking, many banks’ IT architectures are now investing more manpower and material resources, introducing various automation technologies to improve work efficiency through automation. At the same time, security risks have come quietly, and automation has become a point of security vulnerabilities. The automation platform was born in order to provide convenient delivery services, but without more protective measures, it has become an opaque black box. For example, whether the script is maliciously used is unknown outside the automation platform. Once a problem occurs, it is difficult for the administrator to quickly withdraw the authority of the automation platform to terminate the business. With the next-generation bastion machine, administrators can withdraw permissions with one click, cut off insecure communications, and then perform appropriate manual intervention.

In addition, at this conference, Wang Feng also conducted a detailed interpretation of the data center data security in-depth prevention solution and the database full life cycle security solution, and analyzed the relevant requirements of the level protection 2.0 that is about to be released and implemented. Related solutions are given.