Thycotic Secret Server
Strengths: Scales and integrates easily into almost any environment.
Weaknesses: None that we found.
Verdict: Excellent all-around workhorse with good support and an attractive price. Top that off with good scalability and this a good choice for most environments.
Secret Server from Thycotic offers highly scalable distributed privileged account management. It is built on top of a secure vault that can not only lock up credentials, but can be used to secure certificates and other valuable documents as well as control access through policy and auditing. It also features credential check-out, remote session management and randomizing of passwords for privileged accounts. Customizable workflows can be designed to easily integrate this product directly into any environment, including being able to launch a session - such as a remote desktop client - without ever showing the credentials to the end-user at all.
This solution comes as a software-based install and only requires that it be loaded onto a Windows Server with IIS installed. It also requires SQL Server for the backend database, but that can be installed locally or as part of an enterprise cluster. After installation is complete, all management is done via a web-based management console. This is well-organized and the layout is intuitive to navigate. Secret Server also fully integrates with Active Directory to pull in users and groups for setting access policy. From the user side, all access to assigned accounts, systems and passwords is done through an equally intuitive web interface. Users can also access systems directly with Remote Desktop and Putty while still working within the Secret Server.
Scale, distribution and integration are all strong points. The Thycotic Secret Server can be easily deployed in multiple locations or across several servers and configurations. It can be easily pushed out using the distributed engine. Aside from being easily scalable, this offering is also easily integrated for managing service accounts with scripted password changing and API level integration to remove clear text passwords out of configuration files. Credentials can also be managed directly for vulnerability scanners, ensuring credential-based scanning is properly managed. Finally, it can be directly integrated into ticketing systems to allow for full process and change management. All of these functions, plus all user activity, is logged and archived for auditing, including session recordings of user RDP and SSH sessions.
Documentation included installation, getting started and full user guides. We found all documentation to be well-organized and easy to follow with clear, step-by-step configuration instructions. It also includes an excellent amount of detail and screen shots.
Thycotic offers full standard phone-, email- and ticket-based technical support 12/7 at no additional cost. Customers also have access to a large online assistance portal which includes resources such as an online community and moderated user forum, knowledge base and full product documentation downloads. Premium 24/7 support is also available at an additional subscription cost of $2,500 per year.
At a price starting at $5,000, this product is an excellent value for the money. The Thycotic Secret Server provides high functionality and high scalability at a reasonable starting price. Couple that with really good, no-cost technical support and this product can be a great investment for almost any environment.