Here is the Product Catalog
| Feature | Description |
| Device Management | RankEZ provides both Device and Account granularity. Admin can add multiple accounts under each device. The number of managed devices, passwords and accounts should be unlimited. |
| RankEZ support device grouping: different devices can be included in the device group | |
| Each device belongs to a specific network, managed and accessed by a dedicated Central Password Manager component and Privilege Session Manager component. | |
| Privilege Access | RankEZ calls the user PC’s MSTSC.exe or download RDP file to connect to target windows without typing the password. |
| RankEZ call the user's laptop local Xshell, SecureCRT, Putty, MobaXterm, FileZilla, WinSCP, xftp to connect to target Linux without typing the password. Support z-modem protocol (rz/sz) to transfer file | |
| RankEZ support open user’s laptop local Chrome or Edge to open the target web without using the jump host (RemoteApp) server to get native user experience. | |
| RankEZ discovers pod/container information of K8S Cluster and provide PSM connection to K8S container. | |
| As per K8S Management, RankEZ support Access control for each container and pod, including operation audit, and command line control for container access. | |
| RankEZ support calling macOS Tools. Like local item, Microsoft Remote Desktop Client. | |
| RankEZ support HTML5 based Web Terminal to access Linux, Windows, and any other kind of device account without typing the password. The web terminal supports tree-style navigation bars and supports users save his/her favorites account and device in. | |
| RankEZ Web Terminal support sending command in batch for open SSH sessions. | |
| Support accesses the target database through Web Terminal. | |
RankEZ support SSH/RDP direct connection like ssh <pam-username>@<account>@<deviceaddress>@<pam-address>. The direct connection method supports certificate authentication, local password authentication, AD/LDAP authentication, mobile phone Token Authentication, radius Authentication. DP and SSH service port. All the traffic is through https. | |
| RankEZ support Sharing PSM sessions to other users and control whether collaborator can control or only view the sessions. | |
| RankEZ support database management tools: SQL Developer, PLSQL Developer, Navicat, SQL Server Management Studio, DBeaver, etc. | |
| The Solution support Security Devices: Including Palo Alto, Checkpoint, Symantec, Juniper, etc. | |
| RankEZ supports different kinds of network equipment: including F5, Cisco, BlueCoat, Aruba, Brocade, H3C, Huawei, etc. Connect can support calling local chrome or edge to open target web sessions natively without while all the https session must go through RankEZ and are being recorded capture as well as URL data. | |
| RankEZ support virtualization platforms: VMware, superfusion, Various companies/private cloud etc. | |
| RankEZ does not expose any RDP and SSH service port. All the traffic is through https when calling local client MSTSC and SecureCRT/Xshell/Putty to target device. | |
| RankEZ provides a built-in database system for password storage, system configurations etc., without the need to pre-install any 3rd party relational database software or ODBC components in order to prevent direct administrative access (e.g. DBA access) to the password and system objects inside the database. | |
| Personal Workspace | RankEZ allow individual people to store their personal accounts on the platform. |
| RankEZ allows individuals to hand over the self-managed account to ID Admin. | |
| RankEZ administrators are not able to view other users' personal devices or accounts even if it is super admin. | |
| RankEZ notify the individuals after the personal account password is changed | |
| Account Management | RankEZ protect Account from being deleted by human mistake and provide recycle bin function for recovering accidentally deleted accounts. |
| RankEZ be able to rotate password and session management without agents installing on target device. | |
| RankEZ support Password Management for Change/Verify/Reconcile. | |
| RankEZ support Windows/Linux/AIX/HPUX/AIX/, any kind of database like Oracle, MySQL, SQL Server, MongoDB, and any cloud database service. | |
| RankEZ support pushing the modified passwords to Windows/Linux config file (INI, TEXT, XML), Windows Credential Manager, Windows Disk Sharing. | |
| RankEZ support pushing the modified password to the field of data entry in a table in the database. | |
| Account Discovery | RankEZ support discovering account list in specified Windows AD User Group. Support discovering the inherited relationship between AD Users and Local User Groups |
| RankEZ support discover Windows, Linux, Microsoft SQL Server, Oracle, MySQL, PostgreSQL account. | |
| RankEZ support discoveries of any kinds of network device Account information | |
| RankEZ support directly performs account life cycle management operations in the pending list. Includes: disable, deprovision the zombie, ghost account. | |
| RankEZ allows each normal user handover known device and accounts to ID admin through system workflow. The PAM admin can manage these devices and account in batch without uploading any data | |
| Password Policy | RankEZ support setting different password strength. Be able to configure the length of the password, the complexity of characters, excluding special characters, etc. |
| RankEZ support password verification. When the password saved on the platform is inconsistent with the password on the managed system, an alarm prompts, and the password can be reset manually and automatically. | |
| RankEZ support limiting the Time Window for password change and verification (by hour, by number of days in the week such as Monday and Tuesday): restrict the platform to perform password verification and modification within the specified time window. The scheduled plan/job are not accepted | |
| RankEZ supports one-time password validity period: the password can be configured to expire after a period of use, and the platform is responsible for automatically modifying and recycling the expired password. | |
| After the platform automatically manages passwords, RankEZ support synchronously updating passwords to configuration files, scripts and other places where passwords are referenced in the actual system. | |
| When the password change fails, multiple retries are supported, but each retry needs to record the temporary password and ensure the consistency of the password at all times. | |
| After the password change fails and retries several times, it has the lock function, that is, the password change, verification and reset operations will no longer be triggered. | |
| RankEZ support scheduling strategies for password change. Customers only need to limit the period for password change and verification, and do not need to pay attention to when the modification starts and when it ends. | |
| RankEZ support importing weak password databases, and discovers the possibility of weak passwords in managed accounts | |
| Access Control | RankEZ support authorization of devices and accounts based on users and user groups, and supports selection of multiple users, user groups, device groups, and approvers (users, user groups) when setting policies |
| RankEZ supports multiple access control policies which can be established according to usage requirements, and multiple policies take effect in a union. | |
| Each access control policy support time window and validity, and policies not within the time window will not take effect | |
| Access control policy support pre-approved, approval required, external ticketing system. | |
| Black and whitelists be supported on the command line. Authorization can be performed by user/user group, device group, and approver. Support application approval of high-level commands, blocking, notification, alarm, and session termination responses. | |
| RankEZ support controls the upload and download of files and clipboards for RDP and sftp/z-modem | |
| Internal access control policies be able to integrate with external ticketing systems. | |
| RankEZ be able to set vary access policies based on the different source IP when user login to PAM. E.g. VPN will make user have to pass request/approval after user retrieve/connect the password, while user can access the account without confirmation in office network. | |
| RankEZ allows the policy to bind AD/LDAP Users/Group from browsing AD/Open LDAP User/Group. | |
| RankEZ enforce access control down to command level to control the execution of “SELECT/DELETE/UPDATE/INSERT/TRUNCATE/ALTER” and be able to mask sensitive data. | |
| Request / Approval | RankEZ provides system access to the application approval process and sends the application/Approval email notifications are sent to the corresponding applicants and approvers. |
| Extended application requests be supported. At the same point in time, you can apply multiple times without deleting existing requests | |
| RankEZ allows the approvers to approve requests on mobile app or by providing the OTP over email. | |
| Monitoring | RankEZ support video recordings for Windows, SSH, and any other kinds of device type |
| RankEZ support SSH command line logging auditing, including the typed command and echo result of the command. | |
| RankEZ support audit capabilities for uploading and downloading files and copying and pasting the clipboard. | |
| RankEZ be able to query session records by keyword to find the command/keystroke/file transfer and results | |
| RankEZ provide built-in on-premises MFA function without the need of 3rd party MFA solution | |
| Audit and Trail | RankEZ has the function of querying account activity auditing, including viewing audit logs of account addition, modification, deletion, use and other events |
| RankEZ has function for querying system activity audit, including audit logs such as system configuration modification, user management operation, account authorization operation, etc. | |
| RankEZ support auditing the SQL Commands in Text for any kind of RDBMS besides video or keystroke recording. | |
| RankEZ support audit and controls the database SQL activity, including having control on database/table/column/row through web terminal. | |
| Reporting | For audit records, RankEZ allows users to search and query online by using activity codes or to download the audit records. |
| RankEZ allows users to define the dashboards in the PAM for Gauge, Heatmap, Time Series, Pie Chart, Bar Chart, State timeline, Histogram, Geomap, Node Graph and other common chart. | |
RankEZ be able to collect / receive Windows event log and Linux syslog to correlate with the logs in PAM to detect the following:
| |
| RankEZ be able to find the change history in domain AD group policy without installing agent in Domain Controller. | |
| Application Identity Management | By modifying the source code, the static password in the application can be modified regularly. The application uses PAM’s API/SDK to obtain the passwords. |
| RankEZ support multiple authentication methods for applications: including source IP, Address, program execution path, execution user, and program Hash Value (support for Java, C/C++, Python, etc) | |
| RankEZ support application dynamic retrieving the password from RankEZ without changing the code. | |
| Infrastructure | RankEZ be able to secure and protect its data and minimize the attack surface with security measures implemented such as restricting the opened port to one unique port number which all the traffic is going through including HA/DR mechanism. |
| User authentication: RankEZ support local password, AD/LDAP, mobile phone token, OAuth2, custom authentication (adapted to SMS authentication, internal CAS Service, internal IAM). | |
| RankEZ support auto provision AD/OpenLDAP Users automatically and makes the user authentication as MFA (AD/LDAP password + token/radius) as well as PC’s MAC Address. | |
| RankEZ support sending out syslog to SIEM system including Splunk/ES. Support selects activity codes for export and notification | |
| RankEZ support integration with Qualys or Tenable, which can automatically obtain passwords from PAM when executing vulnerability scanning. | |
| RankEZ support backup and recovery through Admin Console web page. The backup data includes Configuration Data and Log data. | |
| RankEZ enables password backup, support to encrypt and exporting the password in single-end or segmented form to email or SFTP site | |
| RankEZ support system configuration data backup to the specified SFTP site | |
| RankEZ support Traditional Chinese and English. | |
| RankEZ has a unified portal to manage multiple data center. | |
| Vault supports HA and DR. HA support auto failover. | |
| RankEZ be deployed in the form of a container to avoid dependence on the operating system. RankEZ support KylinOS, Redhat, Oracle Linux and various public/private clouds. | |
| RankEZ be deployed by docker-compose in VM or support deploying to K8S cluster; the ability to build private SaaS service and serve each isolated network. | |
| RankEZ supports the external load balancing server, with its own load balancing mechanism |
Comments
0 comments
Article is closed for comments.