How strongDM Works


Client on the user’s workstation listens on dedicated localhost ports, then tunnels all queries, SSH, RDP, and kubectl commands through a single TLS 1.2-secured TCP connection to the gateway.


Gateway deconstructs logs, and conveys all requests to the database or server using its native protocol.

In cases where internal subnets disallow ingress, relays can create a reverse tunnel to form connections to the gateway.


strongDM logs consist of five components:

  • Database queries
  • SSH captures
  • Kubernetes captures
  • Windows Remote Desktop captures
  • Admin UI activities

Get your first gateway up in 5 minutes, or 🍕 is on us.