[MUSIC PLAYING] Hello and welcome to this little video. My name is Holger Weihe. I'm working as a sales engineer at One Identity, and I'm going to talk about new features in Safeguard 7.1 and SPS 7.11, which is the Safeguard for Privileged Sessions appliance. And we'll show you nice features about remote app launching, credential injection, branding, and some other cool stuff. So stay tuned.
On my screen, you can see a desktop. And with that desktop, I'm going to play around in my test environment, which has the necessary features installed. And now, the question is, what are these necessary features?
The first thing you need to make the remote app launcher-- and that's the first topic I want to talk about-- work is that you need to have some kind of infrastructure available. So what's this infrastructure? So the first thing we need is an RDS system. That stands for remote desktop session. Remote desktop session is a Microsoft technology which is usually deployed on a Windows Server.
And I'm going to show you how I did this here in my environment. So let's have a look on my server. Let's log in. And this is a simple Windows server. Can show you what this is, whatever system-- well, let's go to the name. And you see this is just a simple Windows system. It's a Windows 2019 server. Nothing special.
Special here is the configuration of it. And if we want to have a look on that, let's call for the Server Manager to see what roles are installed on these. So the thing we need is the so-called remote desktop service role. Here it is, remote desktop services. And if we click on that, you can see that this is a basic deployment, which has the usual components here.
You have two different kinds that you can use this technology for. One is the virtual machine-based desktop deployment, and the other one is the session-based desktop deployment. To work with our remote desktop launcher-- or the remote app launcher, not the desktop launcher, so the remote app launching feature of Safeguard-- we need the session-based desktop deployment only. There's no need to configure both of them. This one will do nicely.
Once you have done this-- and I don't cover this in this video, because it is more or less a basic task. You can simply add these roles to your server, and then you follow the configuration wizard, and if you have completed that all, you're going to end with something similar like that, because, one important thing. If you want to play around with that, RDS requires a license. The license comes from Microsoft for free for, I think it's 180 days. It might be less or more. Depends.
On the other hand, if you want to have it in production, of course, you need a valid license for that, just to make that clear. And you see you have this RD licensing role deployed here as well. This is a requirement. So without a license, that will not work. Here's a test license if you want to try it out, of course.
The important thing here is that you have to configure this session host. And on that session host, you have something that's called a collection. The collection, here, I have called Safeguard remote apps. That's the name of the collection. And in this collection, I have deployed a couple of so-called "remote apps." And if you want to add some new program you want to make accessible for your users, you simply click here on the Tasks and click on Publish Remote App Programs. And now, the system goes out to see what applications are available on this server so it can publish it in that service.
The thing is, we need only one application to be available in the first round, and this is our remote app launcher. The remote app launcher it's something you usually find not in that list of applications here, because it is not a standard application. So you have to click on that Add button.
And then you're going to browse where you have installed the remote app launcher. The remote app launcher usually goes into the program file directory under One Identity. And you've got to find something that is called Remote App Launcher. And here is the EXIF. That is the one that will take care for the launching of the target applications.
And the main use of that launcher is that it pulls parameters from the safeguard for privileged passwords and safeguard for privileged sessions and establishes communication between these two to enable that you can inject credential information into applications when we start, and maybe additional information that might be required as well.
Where do you get this launcher from? Very easy. You go to support.oneidentity.com. You're going to scroll down, see that you find something like privilege access management, and you're going to go for Safeguard for privileged sessions. That might take a second.
And select the most recent version. This is German, because I'm from Germany, so it should be-- let me switch that to English. Might be more applicable. Oh, come on. Here we go. United States. OK, here we go. So select the most recent version here. In this case, for SPS, this 7.1.1-- and please, if you start some kind of deployment here, always go with the latest versions. And for 7 and for the safeguard for privileged passwords, it's currently 7.1 at the time of doing this video.
So again, please check the latest versions and always go for the latest versions. And please have a look on the compatibility requirements as well, because there might be certain versions in the SPS side and on the SPP side that have to work together. So please check that out. Usually, the latest version will do that have the same versions, like 7.1, 7.1.1, or 7.2,
01:26:31