Frequently asked questions¶
1. How many user sessions can be stored on Wheel Fudo PAM at once?
2. How Wheel Fudo PAM supports sessions archiving?
3. How to calculate storage space required for archiving sessions?
4. How users can hide their activities on servers which they access through Wheel Fudo PAM?
5. How to determine unauthorized access attempts to supervised servers?
6. Is it possible to hide the Wheel Fudo PAM login screen when connecting over the RDP protocol?
7. Why the users list in the connection’s properties is incomplete?
8. Why is a user removed from the LDAP/AD server still present on Wheel Fudo PAM?
9. How frequently are users’ definitions synchronized with an LDAP/AD server?
11. Can I deactivate a session URL?
1. How many user sessions can be stored on Wheel Fudo PAM at once?
Wheel Fudo PAM F1000 series is delivered with 24 TB of RAW hard drive space (18.2 TB usable) while the F3000 series appliances come with 96 TB of RAW storage space (71.8 TB usable) dedicated for storing users sessions.
Size of the stored session is determined by user’s activity. An hour of recorded connection takes on average:
RDP | 218 MB active user session (no activity generates almost no data). Definite session size depends on the screen resolution, color depth and actual user activity. |
SSH | 41.5 MB active session. |
Given that assumptions, internal storage space enables recording of:
RDP | SSH | |
F1000 | 28.6 years | 150.2 years |
F3000 | 112.8 years | 592.5 years |
Note
- Disk usage figures include space taken up by the filesystem’s redundancy mechanism. The filesystem reserves a portion of available storage, which results in some of the storage space being reported as used on a newly initiated system.
- Wheel Fudo PAM allows specifying how long sessions data should be stored, and will automatically delete session data after a certain time, determined by retention parameter, elapses.
2. How Wheel Fudo PAM supports sessions archiving?
All sessions are stored on Wheel Fudo PAM internal storage space. In addition to that, Wheel Fudo PAM allows exporting sessions in native format or a video record.
3. How to calculate storage space required for archiving sessions?
File size of sessions in native format are the same as in question 1. In case of video record, file size depends on the codec and resolution settings.
4. How users can hide their activities on servers which they access through Wheel Fudo PAM?
In case of the SSH protocol, Wheel Fudo PAM supports SCP channel and monitors all transferred files, including scripts. This allows auditing given session searching for malicious code embedded in software sent to the server.
Protection of other communication channels (e.g. web browser or other applications) are task for different kind of solutions. There is no solution similar to Wheel Fudo PAM which are able to monitor such channels, thus it is important to create proper server configuration by the system administrator.
5. How to determine unauthorized access attempts to supervised servers?
Unauthorized access and DoS attacks attempts, can be determined by analyzing event log entries. Each ERROR or WARNING severity entries should be closely examined. Cases of login timeout errors can be potential DoS attack attempts.
6. Is it possible to hide the Wheel Fudo PAM login screen when connecting over the RDP protocol?
Hiding the Wheel Fudo PAM login screen requires using the Enhanced RDP Security (TLS) + NLA
security mode.
7. Why the users list in the connection’s properties is incomplete?
The users list in the connection’s properties does not contain users synchronized with the LDAP service. To assign a connection to an LDAP synchronized user, define a group mapping in the LDAP synchronization properties or disable the synchronization option for the given user.
8. Why is a user removed from the LDAP/AD server still present on Wheel Fudo PAM?
Deleting a user object from an AD or an LDAP server requires performing the full synchronization to reflect those changes on Wheel Fudo PAM. The full synchronization process is triggered automatically once a day at 00:00, or can be triggered manually in the LDAP synchronization settings view.
9. How frequently are users’ definitions synchronized with an LDAP/AD server?
New users definitions and changes in existing objects are imported from the directory service periodically every 5 minutes. The full synchronization process is triggered automatically once a day at 00:00.
10. I see * instead of the keystrokes in the session player. Is it possible to see the actual keyboard input?
Presenting keyboard input qualifies as a sensitive feature and it is disabled by default. Enabling displaying keystorkes in the session player requires a consent from two superadmin
users. Refer to the Sensitive features topic for the details on enabling this functionality.
11. Can I deactivate a session URL?
Active session URL can be deactivated anytime. URL revoking procedure is described in the Sessions sharing topic.