Self-Managed StrongDM

Introduction #

Self-managed StrongDM instances provide a cloud environment that is operated by your organization and uses cloud infrastructure that is owned by your organization. This capability provides an option for enhanced security and compliance with data sovereignty requirements.

Self-managed customers can deploy a version of the StrongDM control plane using a Helm chart. It is deployed onto Kubernetes clusters, and currently supports the following cloud providers:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)

The self-managed version of StrongDM is similar in most respects to the standard offering, but this page provides information on the specific requirements and limitations.

Architectural Overview #

Your self-managed StrongDM instance consists of the standard components:

• End user clients (desktop app, CLI)
• SDKs
• Admin UI
• Resources

But instead of the core services of StrongDM, including the Admin UI, being hosted in the StrongDM cloud, they are hosted in your cloud environment, behind your load balancer(s). The servers, processes, and databases that are required to run StrongDM are deployed into your cloud environment using the Helm chart and are then updated via Helm as well, including:

• StrongDM deployment servers
• nsqd
• NATS
• RDP Renderer (to render RDP replays)
• Databases

Process #

Once an arrangement is made with StrongDM to deploy a self-managed StrongDM instance, software packages will be provided to you. These packages will include documentation for the Helm chart deployment of your control plane on supported cloud types. The included documentation will be specific to your version of the Helm chart and will cover topics such as authentication, SSL certificates, load balancing, TLS termination, running the RDP rendering service, and more.