Comparing Cloud Clients to Server Suite Agents
In general, you use Cloud Clients with Delinea PAS on systems that are as follows:
- May or may not be joined to Active Directory
- You create as a virtual instance for a short period of time
- Log in with accounts from alternate directory sources
You use the Server Suite Agents with Server Suite for systems that are as follows:
- Joined to Active Directory
- Where you need the Privilege Elevation service
The following tables compare Cloud Client for Windows and Cloud Client for Linux that you download from the Admin Portal to the agents that come with the software for Server Suite.
The Server Suite Agent for *NIX and Server Suite Agent for Windows come with the software for Server Suite.
Clients and Agents for UNIX and Linux Operating Systems
| Category | Server Suite Agent for *NIX | Cloud Client for Linux |
|---|---|---|
| Supported Platforms | See the Server Suite release notes, which are available in your download package or online. The latest Server Suite release notes are here. | See Cloud Suite - Release Notes |
| Workstation OS Supported | Yes | Yes |
| Supported Directory Sources | Active Directory | Active Directory, Delinea Directory, Lightweight Directory Access Protocol, Google Directory. You can also federate with other directories by way of SAML, such as Azure AD, Okta, and so forth. For details, see How to set up business partner federation. |
| UNIX Identity Management | Auto-generated from Delinea or Apple schemes Server Suite Zones via Delinea Standard, RFC-2307 SFU | You can specify Unix profile information on users and roles, and also do bulk import of Unix profiles. For more information, see Specifying UNIX profile information and Importing bulk Unix profiles. |
| Authentication | Kerberos with NTLM fallback (clients work directly against Active Directory) | Brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory) |
| Identity Assurance (MFA) | Supported via PAS Policy and Authentication Profiles | Supported by way of Delinea PAS Policy and Authentication Profiles |
| Frameworks | Name Service Switch (NSS) Pluggable Authentication Modules (PAM) Kerberos Protocol | Name Service Switch (NSS) Pluggable Authentication Modules (PAM) REST API |
| Role-based Access Control | Active Directory with Zone Authorization (DirectAuthorize) applicable to AD users/groups | PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups. |
| Audit Trail | CEF-formated by way of Syslog | Not CEF-formatted by way of the Event Table |
| Session Capture and Replay | Supported. Requires Audit and Monitoring Service Requires Active Directory for Collector, Management, Database and Consoles | Supported. Requires the following: Audit and Monitoring Service 19.9 and up and PAS version 19.6 HF5. Requires Active Directory for Collector, Management, Database and Consoles |
| SAPM Tooling | Binaries for Linux only. Requires Cloud Client for Linux | Supported |
Windows Server Operating Systems
| Category | Server Suite Agent for Windows | Cloud Client for Windows |
|---|---|---|
| Supported Platforms | All Microsoft-supported (64-bit) | Windows Server 2012 R2 (64-bit) Windows Server 2016 (64-bit) Windows Server 2019 (64-bit) |
| Workstation OS Supported | Yes | Yes |
| Supported Directory Sources | Active Directory | Active Directory, Delinea Directory, Lightweight Directory Access Protocol, Google Directory. You can also federate with other directories by way of SAML, such as Azure AD, Okta, and so forth. For details, see How to set up business partner federation. |
| Local Identity Management | Using Active Directory and Server Suite Zones (Release 2020 - September) | Partial (on-demand provisioning and group mapping) |
| Authentication | Microsoft Built-in. | Delinea-provided brokered Authentication using SSL/TLS over REST against platform (clients work via the platform, connector talks to the target source directory) |
| Identity Assurance (MFA) | Supported by way of Delinea PAS Policy and Authentication Profiles | Supported by way of Delinea PAS Policy and Authentication Profiles |
| Frameworks | Microsoft Authorization Manager (RBAC) Delinea Kerberos Extensions (Privilege Elevation) Microsoft Credential Provider | Microsoft Credential Provider |
| Role-based Access Control | Active Directory with Zone Authorization (DirectAuthorize) applicable to AD users/groups | Delinea PAS Permissions leveraging (AgentAuth) applicable to any supported directory users/groups. |
| Audit Trail | CEF-formated by way of the Application Event Log | Not CEF-formatted by way of the Event Table |
| Session Capture and Replay | Supported. Requires Audit and Monitoring Service Requires Active Directory for Collector, Management, Database and Consoles | Supported. Requires: Audit and Monitoring Service 19.9 and up and PAS version 19.6 HF5. Requires Active Directory for Collector, Management, Database and Consoles |
| SAPM Tooling | Requires Cloud Client for Windows | Supported |
