Introduction to strongDM

You have arrived at strongDM’s intro guide! In this guide, we will cover the basics to get started, what strongDM is, the problems it solves, and how to start using it.

What is strongDM?

strongDM is a control plane to secure access to servers and databases. strongDM simplifies onboarding, offboarding, and evidence collection for technical teams. strongDM consists of an authentication API, protocol aware proxy, and log repository. strongDM deploys as a self-healing mesh network that works out of the box.

The key features of strongDM are:

strongDM is designed to make Infrastructure teams’ lives easier by eliminating the administrative work to manage and monitor access to databases and servers. The service is designed for modern, elastic environments and can deploy across any cloud, on-prem, or hybrid environment.

Architecture of strongDM

strongDM deploys via a statically compiled Go binary. Here’s how it works on your machine, in the cloud, or behind a firewall. For a deep-dive of our architecture, head over to our Architecture pages.

strongDM creates a software-defined network that securely manages and monitors access to databases and servers. To access the network, end users install a client locally on their machine. Users authenticate with their preferred identity provider.

Upon successful authentication, the client routes all traffic through a single TLS 1.2 secured TCP connection to one or more proxies that may be hosted in the cloud or on-prem. The proxy validates the user’s session and permissions, then intelligently routes the session to the target database or server through the most efficient path. The proxy logs every user’s session, query, ssh, and RDP commands. The proxies may be chained together and operate with egress-only in order to respect the integrity of isolated environments.

While strongDM can function with a single proxy, redundancy is recommended to avoid failure scenarios. Redundant proxies are recommended for each datacenter and/or VPC. The network is agentless and does not require anything to be installed on the target database or server.

Next Steps