You have arrived at strongDM’s intro guide! In this guide, we will cover the basics: what strongDM is, the problems it solves, and how it works, before pointing you towards further information on how to get started.
strongDM is a control plane to secure access to servers and databases. strongDM simplifies onboarding, offboarding, and evidence collection for technical teams. strongDM consists of an authentication API, protocol aware proxy, and log repository. strongDM deploys as a self-healing mesh network that works out of the box.
The key features of strongDM are:
Authentication API: strongDM integrates with identity providers such as Okta, OneLogin, GSuite, and ADFS using OIDC. This streamlines the work to onboard and offboard technical staff by centralizing permissions to databases and servers as well as applications.
Proxy: strongDM routes all database and server connections through its protocol-aware proxy, which automatically load balances and fails over to manage high availability.
Log repository: strongDM deconstructs every database and server protocol in order to log every permission change, query, ssh, and RDP session. Log storage is fully configurable with options to retain logs locally, encrypt, and stream to any log aggregator.
strongDM is designed to make Infrastructure teams’ lives easier by eliminating the administrative work to manage and monitor access to databases and servers. The service is designed for modern, elastic environments and can deploy across any cloud, on-prem, or hybrid environment.
strongDM deploys via a statically compiled Go binary. Here’s how it works on your machine, in the cloud, or behind a firewall. For a deep-dive of our architecture, head over to our Architecture pages.
strongDM creates a software-defined network that securely manages and monitors access to databases and servers. To access the network, end users install a client locally on their machine. Users authenticate with their preferred identity provider.
Upon successful authentication, the client routes all traffic through a single TLS 1.2 secured TCP connection to one or more proxies that may be hosted in the cloud or on-prem. The proxy validates the user’s session and permissions, then intelligently routes the session to the target database or server through the most efficient path. The proxy logs every user’s session, query, SSH, and RDP commands. The proxies may be chained together and operate with egress-only in order to respect the integrity of isolated environments.
While strongDM can function with a single proxy, redundancy is recommended to avoid failure scenarios. Redundant proxies are recommended for each datacenter and/or VPC. The network is agentless and does not require anything to be installed on the target database or server.