Overview
The Osirium Endpoint Privilege Management (EPM) solution eliminates the need for users to have elevated admin rights and enforces least privilege. Using EPM, system administrators can control which applications and sessions are run with elevated privileges.
EPM removes the need for local admin rights, reducing the risk of security breaches, and helping to defend against and prevent ransomware and malware from being installed.
Access can easily be requested by a user and quickly granted by administrators. Access can also be granted when the user is not on the corporate network.
All user activity is tracked in the activity report, providing a complete audit trail of all user activity.
High level architecture diagram of an EPM deployment
Components
Component Name | Description |
---|---|
Windows Domain Controller | The EPM Server and EPM Client will need to be joined to a Windows Domain Controller to allow EPM access to the users and groups. |
EPM Server | The main component which drives Osirium EPM and used to communicate with the EPM Client. The EPM Server is a Linux based virtual appliance which includes:
|
EPM Client | Installed on a user's workstation. Policies managed by the EPM Server determine which applications and sessions can be run by the user. A user can also request access which is granted only when approved by an administrator. |
Port requirements
Protocol | Port | Description |
---|---|---|
TCP | 443 | Connections from the user's workstation to the EPM Server for policy updates. Connections from the user's workstation to the EPM Management Interface. |
TCP | 22 | (OPTIONAL) SSH connections for management of the EPM Server. |
TCP | 636 (1) | LDAPS is used for a secure connection between the EPM Server and Active Directory. |
TCP | 5985 5986 SSL (1) |
Required when using WinRM to send connection information between the EPM Server and Active Directory. NOTE: NOT required from 3.4.x onwards. |
TCP | 443 (2) | Integration with Microsoft Entra ID for information on users, groups, and computers. |
(1) For use with Active Directory only
(2) For use with Microsoft Entra ID only
For further information relating to ports click here.