Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

What’s a task?
Not necessarily as straightforward as it sounds…

A Task is a series of commands that need Privilege to execute. A Process is a series of Tasks.
For example, ‘Reset Domain Password could require a Process of the Administrator or HelpDesk:

  1. Check the ID of the person on the phone.
  2. Is the Account disabled? If so, block task and ask operator to raise with HR.
  3. Is the Account locked? If so, unlock the account.
  4. Generate a temporary password and apply it to the account.
  5. Set the Account to require a new password at the next logon.

 

Launch Video

Launch video

How does Osirium’s PxM Platform fit with your existing IT infrastructure?

For a cyber-attacker there are hundreds of ways into an organisation, but once in, they will always need use of a privileged account to access and infiltrate any interesting data.

The PxM Platform ensures that privileged account credentials never exist upon the users’ workstation, making interception an impossibility. Eradicate the risks posed by sharing privileged account credentials by removing the need for them in the first place.

Robotic Process Automation / Task Automation means…

100%

Reduction in the need for direct access to systems, applications, devices

100%

Human error reduction - improved reliability and less accidental downtime

99.7%

Typical amount of time saved and first call response

Out of the box tasks with PxM Platform

ARP Refresh

Stop / Start / Refresh Services

Stop / Start / Refresh Queue

Reset Password / Unlock Accounts

Port Operations

Lockouts

Main Features

Task Delegation

Task Delegation

With the PxM Platform, any infrastructure or business process can be packaged up as a task allowing for risk-free delegation to 3rd parties or untrained staff. Tasks can also be run without granting any user privileged access to devices. With a single click, perform actions with a set of predefined inputs and controls - no elevated login credentials or insecure and unaccountable access to privileged accounts required. Or run tasks automatically - the platform allows for timed execution in accordance with user-defined schedules

Wide Protocol Support

Wide Protocol Support

Tasks can run against a range of devices with a variety of management interfaces; SSH, Telnet, RPC, vSphere, HTTP(S) and even bespoke API contracts. Tasks allow for differences between hardware architectures, for example ‘set port parameters’ will vary across device vendors, you teams only need know the parameters to set. Tasks also fully support web-only devices (cloud portals, etc.), web applications, servers and network devices.

Business Efficiencies

Business Efficiencies

It takes time for an operator to find the systems they wish to change: find the credentials, login, find the command and syntax and parameters to issue, execute commands, and then logout. Now consider they do most of the same actions for each device they deal with.

PTM gives the operator device searching and sanitised parameter entry. They just choose the list of devices, and then issue the task to all in one click. In general, this gives better than a 50:1 time saving.

Human Error Reduction

Human Error Reduction

Wherever there is complexity, multiple steps, change and humans typing there will be human error. PTM hides this complexity and wraps up multiple steps, and deals with change through both data and task abstraction. There'll always be a need to type in values and parameters, and where possible PTM can present these as drop-down lists. In addition, free form data entry can be sanitised before the task is issued.

Call Vendor APIs

Call Vendor APIs

APIs represent a strong, stable, functional contract with devices. The other options are command line and web interfaces. Web interfaces almost change with fashion, whereas command lines have greater longevity. With APIs, data is returned in useful formats. With web interfaces it would be scraping, and for command line tedious string parsing is required.

Whilst our task infrastructure has tools and libraries for web scraping and string parsing, it's always better to use a vendor's API. This is why we have a strong partner program where we seek out vendor APIs and developer agreements.

Advanced Capabilities

BYOC - Bring Your Own Code

BYOC - Bring Your Own Code

Bring Your Own Code means that customers can use their own code for tasks. Their code base will have been built over many years and using many technologies. The key issues here are that this code will have logic for ‘their’ business and ‘their’ infrastructure. Our Opus offering allows this codebase to be containerised and isolated from dependency changes.

Long Running Tasks

Long Running Tasks

Tasks like backups and data transfers take much longer than an operator’s attention span. We allow for these tasks to be initiated and monitored 'in-flight'. These parks are placed in the dashboard where they can alert for attention.

In-flight Queries

In-flight Queries

The execution path of tasks can take many paths, and some of these will lead to busy resources or conflicts. Tasks can surface these events as queries to operators, such as "The backup storage is full, do you want to cancel or continue?" This allows the operator to clear some space and continue the task successfully.

Data Abstraction

Data Abstraction

For queries to work, our task engine has to be able to take the many formats that a task can raise in queries and abstract them to a human readable form. For example, if a port configuration failed due to a pre-allocation conflict, the task might return a list of the configuration of all ports. The Abstraction Layer can filter this from all ports to available ports. The Abstraction Layer is a clean way to deliver a consistent interface from a library of tasks written by multiple developers using different technologies over a wide time span.

Code Analysis

Code Analysis

For queries to work, our task engine has to be able to take the many formats that a task can raise in queries and abstract them to a human readable form. For example, if a port configuration failed due to a pre-allocation conflict, the task might return a list of the configuration of all ports. The Abstraction Layer can filter this from all ports to available ports. The Abstraction Layer is a clean way to deliver a consistent interface from a library of tasks written by multiple developers using different technologies over a wide time span.

Additional Features

Standard Operations

Standard Operations

Our Privileged Task Management solution allows SysAdmins and DevOps to define “known-issue” workarounds - these are tasks that address issues which are commonly encountered on systems, applications or devices that have well-known resolutions. Typically this may be a one-click or input-sanitised task. It can then be delegated to the Helpdesk so that subsequent support calls for the same problem get fixed immediately, without the issue needing escalation to senior staff.

Device Techouts

Device Techouts

This allows support staff to gather information for the next line of support. Tasks can contain as many actions as you need them to, including status reports, configuration downloads, SQL database operations, uploading files to, or downloading files from devices. Likewise, routine specific logs or reports can be downloaded to the PxM Platform for diagnostic purposes, such as when a Help Desk operator does not have direct privileged access right to a device.

Task Abstraction

Task Abstraction

This is the ability to issue the same task to multiple systems and devices from different vendors using different protocols and operating systems. The simplest example is an ARP flush. This command varies between systems, and for devices such as embedded routers it issues via a web interface.

The operator needs to issue an ARP flush because of a network change. As far as they are concerned, they choose the task and a list of systems, and the PTM module gets on with it. The operator doesn’t need credentials, privileges or device-specific knowledge.

Network Task Abstraction

Network Task Abstraction

Port operations on Cisco, HP, Netgear Avaya and various operating systems are a more complex example. Osirium's PTM will present a "set port to VLAN" task. For the operator, it is the VLAN number that is important, not the access method or command syntax. Not only does this speed up network changes, but eases migrations between vendors and versions of hardware. Our customers can add business logic to these tasks. For example, if a port is in a ‘Confidential’ VLAN then it can’t be assigned to another VLAN by general netops staff.

What is Privileged Task Management?

What is Privileged Task Management?