Skip to content

Overview

The Osirium Endpoint Privilege Management (EPM) solution eliminates the need for users to have elevated admin rights and enforces least privilege. Using EPM, system administrators can control which applications and sessions are run with elevated privileges.

EPM removes the need for local admin rights, reducing the risk of security breaches, and helping to defend against and prevent ransomware and malware from being installed.

Access can easily be requested by a user and quickly granted by administrators. Access can also be granted when the user is not on the corporate network.

All user activity is tracked in the activity report, providing a complete audit trail of all user activity.

High level architecture diagram of an EPM deployment

EPM Architecture Diagram

Components

Component Name Description
Windows Domain Controller The EPM Server and EPM Client will need to be joined to a Windows Domain Controller to allow EPM access to the users and groups.
EPM Server The main component which drives Osirium EPM and used to communicate with the EPM Client. The EPM Server is a Linux based virtual appliance which includes:
  • The Management Interface: Used to create and administer policies, approve elevation requests and monitor user activity.
  • Database: Stores the configuration, polices and logging information.
EPM Client Installed on a user's workstation. Policies managed by the EPM Server determine which applications and sessions can be run by the user. A user can also request access which is granted only when approved by an administrator.

Port requirements

Protocol Port Description
TCP 443 Connections from the user's workstation to the EPM Server for policy updates.

Connections from the user's workstation to the EPM Management Interface.
TCP 22 (OPTIONAL) SSH connections for management of the EPM Server.
TCP 636 (1) LDAPS is used for a secure connection between the EPM Server and Active Directory.
TCP 5985
5986 SSL (1)		 Required when using WinRM to send connection information between the EPM Server and Active Directory.

NOTE: NOT required from 3.4.x onwards.
TCP 443 (2) Integration with Microsoft Entra ID for information on users, groups, and computers.

(1) For use with Active Directory only
(2) For use with Microsoft Entra ID only

For further information relating to ports click here.