Deployment scenarios¶
Note
It is advised to deploy the Fudo PAM within the IT infrastructure, so it only mediates administrative connections. It will allow for lowering system load, network traffic optimization as well as maintaining access to hosted services in case of hardware malfunction.
Bridge
In bridge mode Fudo PAM mediates communication between users and servers regardless whether the traffic is being monitored (i.e. it uses any of supported protocols) or not.
Mediating packages transfer, Fudo PAM preserves source IP address when forwarding requests to destination servers.
Such solution allows keeping existing rules on firewalls which control access to internal resources.
For more information on configuring bridge refer to the Network configuration topic.
Forced routing
Forced routing mode requires using a properly configured router. Such solution allows controlling network traffic in third ISO/OSI network layer, so only administrative requests are routed through Fudo PAM and the rest of the traffic is forwarded directly to the destination server.
This mode does not require changes in existing network topology and enables network traffic optimization due to separating requests from system administrators and regular users.
Related topics: