Privileged Task Automation SHOULD ABSOLUTELY be one of the core layers in your Privileged Account Security strategy.
It's all about delegating the task not the privilege.
By automating sysadmin tasks, login sessions are no longer needed. This closes down the most vulnerable of attack surfaces, whilst the workflow benefits from automation speed.
Osirium's PTM will automatically perform Privileged Tasks on behalf of your team members, and without handing over insecure and unaccountable direct access to all those susceptible Privileged Accounts in your infrastructure. Tasks will be consistent and free from human error.
As a result, your team can dispense with wading through loathsome run books, looking up credentials, manual sign on etc. Now they can now more effectively focus on delivering an IT infrastructure to meet the competitive advantages your organisation needs.
It's a great way of delegating all those repetitive tasks to the most appropriate part of the organisation. Business Tasks can be wrapped up into a 'First Call Fix' strategy.
Take a look at Privileged Task Automation & Delegation features…See The Features
Business process tasks can be packaged up and delegated to 3rd parties or untrained junior staff to action, freeing up senior admin time for more important tasks, which can also be automated.
Tasks can also be run without needing risky direct privileged access to devices.
Tasks can be associated with the devices shown in the Osirium Desktop Client.
This means the SysAdmin can easily search and find the appropriate tasks.
Devices, tasks and task inputs (including dropdown options) can all be given customizable, business specific names which significantly reduce the opportunities for operational errors.
e.g. when admins are instructed to perform a task; ‘Switching the company website to the DR location’, the chance of catastrophic errors are minimized.
Tasks in Osirium are presented to the user as simple forms within the Desktop Client which can be made self-explanatory by using clear business related input field names.
No training is required and no detailed knowledge is required of the end devices and their tasks.
Tasks can handle free text inputs to allow the operator to manually enter information.
Inputs can be validated against rules i.e. numeric, alphanumeric, IPv4 IP Address etc. Incorrectly entered data is clearly alerted to the user on the form.
Tasks can have drop down pre-defined lists with input options.
The choices are defined per task/per device which can then be used to limit the choices of the operator so that incorrect options cannot be chosen, minimizing the risk of human error.
Tasks can have simple Yes/No boolean checkbox inputs.
These also have customizable display names.
Files can be selected and uploaded TO devices as part of a task.
e.g. this allows tasks to start with a file import and then other steps can be performed to check if the file had been processed correctly, for example through SQL commands.
Files can also be downloaded FROM devices either during or at the end of a task.
This would allow routine specific logs or reports to be downloaded to Osirium for diagnostic purposes, particularly if the SysAdmins did not have direct authorized privileged access to the device.
‘One Click’ tasks simply perform an action with a set of predefined inputs and controls if required.
This is particularly useful for simple, quick fixes.
One use of tasks is to create “known-fault” workarounds.
These are tasks that attempt to fix problems which are commonly encountered on systems or devices and have well-known resolutions. Typically it might be a one click task, which could be delegated to the Help Desk so that subsequent support calls for the same problem, can be fixed almost immediately after the call is made, negating the need for escalation to senior staff.
Osirium can be configured to send email alerts to device or system owners, whenever a task has been performed.
These emails can summarise the user, the specific task, the target device and confirm that the task was performed successfully.
Tasks can be performed automatically, as well as manually.
Typically being triggered by schedules defined by users for daily, weekly or monthly execution.
Tasks can run against many different types of devices with a variety of management interfaces including; SSH, Telnet, RDP, VNC, RPC, vSphere, HTTP(S) and even bespoke application APIs.
Tasks can also be created for web-only devices (such as cloud portals), web applications, servers and network devices.
Tasks can be written, not only to use command line or web interface interactions, but they can also be written for Application Programming Interfaces (APIs).
This allows a fully interactive programmatic interface into devices. This is often the preferred method of connecting because it produces the most accurate and high-performance tasks.
Tasks can be created and managed in separate files from the main template.
This makes the creation and organisation of multiple tasks much simpler.
Backing up the configuration of devices which fall outside the normal scope of a traditional network backup solution is a valuable contributor to business continuity.
Osirium does not require agents on the devices and actually invokes the vendors own commands to create a backup archive file which then gets copied and stored securely on Osirium.
Collecting diagnostic technical information can be a tedious and time consuming task.
A Tech-out task solves this by connecting to a device, running a recognized set of commands to collect diagnostic information and then copying it back to Osirium. Tech-outs can be stored for future examination and comparison with current issues.
As with programming languages, tasks can call on sub tasks so you don’t have to re-write specific initialisation or finalisation steps.
For example, a task could be called to automatically back up a device prior to the main task running and then perform the backup again afterwards.
A free text input can be setup as a change ticket reference.
Entering a valid format Change Ticket number prior to running the task will be logged in the audit trail of the task, allowing it to be searchable and found by ticket number search criteria.
Tasks can be simple one line commands or they can be complex series of steps with conditional statements.
This allows multiple steps to be run, followed by tasks to check that it has executed correctly, or in the case of failure, perform additional steps to retrieve error logs, etc.