This Quick Start Guide will walk you through the steps to deploy the strongDM gateway, add your first datasource, and issue your first query.
You will need administrator access to the relevant network, database, and server running the gateway.
You will also need to provision a Linux server to host the strongDM gateway. Any server with two CPUs and four GBs of memory will work (ex: t2.medium in AWS).
Open the email invitation to join your strongDM account and click the enclosed link to set your password.
After logging in, click download and select the strongDM client appropriate for your Operating System. Complete the installation steps for your OS:
Set up a Linux server to run the gateway. The machine should have at least 2 CPUs and 4 GBs of memory. Note that this server must have network accessibility to the target datasources and servers you intend to manage access to.
Navigate back to the strongDM Admin UI. Select the relays tab and click “add gateway.”
Define the advertised host. Note that it must be an IP or hostname accessible from your strongDM clients.
Define the Bind IP, which is the IP the gateway listens on. You may use
0.0.0.0 for all interfaces.
Click create. This generates a one-time use token that you will need to use later in the installation process. Carefully copy the token and set it aside in a safe place for later use.
Log into the instance you created in step 1 to host your gateway.
Turn SE Linux off if it is running.
Download the SDM binary:
$ curl -J -O -L https://app.strongdm.com/releases/cli/linux
$ unzip sdmcli_VERSION_NUMBER_linux_amd64.zip
Install the relay:
$ sudo ./sdm install --relay
You will be prompted for the relay token you created in Step 5. Paste it in. It will not echo back to you for security purposes.
Note: The installer must be run by a user that exists in the
/etc/passwd file. Any users remotely authenticated, such as with LDAP or an SSO service, may fail to complete the installation.
Turn SE Linux on if you disabled it in Step 7.
Log into the strongDM web UI and hard refresh. The Relays section will appear on the left hand navigation. In that section, the gateway you created should appear “Online” with a heartbeat.
A database within strongDM is referred to as a “datasource” which represents the combination of both a logical database and set of permissions.
Before beginning, you must ensure that the datasource you’re attempting to add is accessible from the gateway you created.
Navigate to the Datasources tab in the strongDM Web UI and click the ‘add datasource’ button. You’ll be presented with a dialog like this:
Type in a Display Name - this is the name that will appear for all end users who are granted access - in this case, ‘testdb-01’
Select the type of datasource from the available list of DBMS - in this case, PostgreSQL. Enter the hostname. It’s imperative that the entry you choose for Hostname is one that the gateway server can connect to. To verify this, hop on the relay server, and from a command prompt, type:
$ ping <YOUR_HOSTNAME>. If your relay can connect to this hostname, proceed. In this example, you’d ping,
Unless your database is set to connect on a different port, accept the pre-populated port assignment.
Type in the name of the database you’ll be connecting to with this datasource; in this case, ‘booktown’
Type in the username that the gateway will use to connect to the database; in this case, ‘testdbuser’
Type in the password of the database user entered in previous step.
If the user has a particular schema they should use upon logging in, enter that here. By default, for PostgreSQL and its derivative DBMS (e.g. Greenplum), strongDM will limit all connections to the configured database. If you would like to change that, uncheck the Override Database option.
Click the ‘create’ button. Once this is done, the Admin UI will update and show your new datasource in a yellow state while it runs initial health checks. When the state appears green, the process is complete.
Navigate to the Users tab in the strongDM Web UI. Select your username then the Datasources tab that appears below. Select the datasource you just created to grant yourself access.
Open the strongDM client you installed on your local machine and log in. Upon authentication, the datasource you created and assigned to yourself should appear.
Click the datasource and a green lightning bolt will appear. This indicates that a tunnel has been opened between the strongDM client and the destination datasource.
Open your preferred SQL client (in this case, Postico), and create a new connection. Enter localhost and the port that was assigned in your strongDM client (in this case: 5432). For Postico leave the username and password blank as all authentication occurs through strongDM. If you’re using a different SQL client, confirm the connection settings here as each client has different requirements.
Click connect and execute your first query!