Secret Launchers and Protocol Handlers

A secret launcher launches applications on end-user machines and automatically logs on using credentials stored in Verify Privilege Vault. In general, there are three types of launchers: RDP, SSH, and Custom. This provides a convenient method to open RDP and PuTTY connections, but it also circumvents users needing to know their passwords—a user can still gain access to a needed machine but it is not required to view or copy the password out of Verify Privilege Vault. A Web launcher automatically logs into websites using the client's browser.

A protocol handler is an application on an end-user's machine. It enables communication between Verify Privilege Vault and that client machine. It also provides the files needed by launchers. When a Verify Privilege Vault user starts a launcher:

1. The protocol handler bootstraps the client-side application.

2. The protocol handler communicates with Verify Privilege Vault over HTTP(S) to ensure that it is the latest version. If not, it begins an upgrade process.

3. The protocol handler bootstraps the target launcher type and begin the process of securely logging in the user. Beyond HTTP(S) transport protection, credentials are retrieved securely from Verify Privilege Vault using signed AES-256-encrypted messages.