Identity and Access for Servers and Databases With StrongDM
Right out of the box, you can start using StrongDM to untangle multiple credentials and sensitive information seamlessly.
Join the DZone community and get the full member experience.Join For Free
Distribution of assets and information has its challenges. When you have multiple credentials, databases to manage, SSH keys, and other mission-critical components of your cloud ecosystem (or ecosystems) scattered across multiple users, clusters, and devices, simple tasks such as checking an audit log for a point of failure can turn into a nightmare.
You may also like: Restrict Access to Your SQL Server Data Using a Facade Database
Unfortunately, this is the reality many cloud administrators and developers face. StrongDM, a solution developed to tackle this challenge, understands the pain points perfectly. Right out of the box, you can start using StrongDM to untangle multiple credentials and sensitive information seamlessly, including to manage and audit access to your databases.
A Set of Tools
Before we can look at how you can use StrongDM to manage database access and logs, it is necessary to take a closer look at the solution itself. StrongDM isn’t just a single tool; it is a combination of tools that work well together, so you can manage your keys and strings without changing the way you work.
StrongDM, as you may have guessed, sits as a control plane in your cloud cluster. It can handle anything from becoming a log repository to managing authentication APIs and integrating proxies. In essence, StrongDM handles onboarding, offboarding, rotation, and audits in one simple sweep. This is a tool that you have to try to appreciate it’s functionality.
What’s interesting is the long list of supported databases. While StrongDM isn’t specifically designed to handle database access management, its support for Amazon ES, MongoDB, MySQL, and Sybase is a promising sign of how StrongDM can be used for database management, at least in terms of access and security.
On top of that, StrongDM integrates well with a lot of SSO and credential stores. You can, for example, integrate StrongDM with Active Directory Federated Services (ADFS) by simply configuring the application properties of the server and adding a client ID. Integration with G-Suite is just as easy with API access enabled and StrongDM added as a client.
As mentioned before, it is more of a series of tools rather than a single add-on. With StrongDM, you get an authentication API, which—as the name suggests—handles authentication and permissions.
One of the reasons why StrongDM is quickly becoming very popular among developers and server administrators alike is its ability to work with multiple platforms, databases, SSOs, and more. Using StrongDM to handle IAM management for databases means gaining the ability to be flexible with user access.
Rather than relying on a centralized pool of credentials — in an attempt to reduce the hassle of using distributed systems — you can leverage distribution and still keep things simple. Multiple databases can share the same set of users and encryption keys. Security and ease of use become a focus from the beginning.
StrongDM is also designed to boost reliability. It is resilient and can work in the most challenging situation. The fact that it scales horizontally makes this tool more appealing.
You also get a proxy that routes database connections to maintain performance. The protocol-aware proxy comes equipped with load balancing capabilities, failovers, and advanced logging. The former two further enhance availability and reliability.
Logging, however, is a strong suit. StrongDM handles logging in a very meticulous way. It logs every database query and activity, especially activities related to permission change. The advanced logging allows for the server and network admins to identify potential issues early. The same detailed logging is handy for when audits are needed.
Understanding the Benefits of StrongDM
As a tool for managing credentials and other sensitive information, StrongDM is robust and accessible. It is designed to work as a control plane, so integrating StrongDM with existing cloud clusters or ecosystems is easy.
The presence of a proxy means you gain an immediate performance boost. The proxy also acts as a middleman, giving users access to databases even when the network is down. Deployment in almost every cloud platform is easy as well.
For instance, you can use a CloudFormation template to deploy StrongDM on AWS. After adding parameters like PublicSubnet and VPC, a StrongDM instance can be up and running within minutes. Naturally, the same CloudFormation template can be customized or reused.
Automation of keys and credentials management is the biggest benefit of them all. What StrongDM does is consolidate distributed information, but in a secure, consistent, and pleasant way. As a bonus, StrongDM can be deployed in the cloud or on-premise.
It is easy to see why more developers are now fans of StrongDM. The seamless integration with SSH, RDP, and Kubernetes, support for multi-factor authentication, and native support for relays and gateways make this control plane indispensable. It even works with Amazon Fargate, with both the network load balancer and the StrongDM load balancer optimizing how network resources are used. Still, think managing databases and credentials is cumbersome and difficult?
Published at DZone with permission of Juan Ignacio Giro. See the original article here.
Opinions expressed by DZone contributors are their own.