Session brokers are the modern control point for SSH, RDP, databases, and vendor access. This guide covers what they are, how they differ from bastions and vaults, and why security teams deploy them before the next audit.
A privileged access gateway — also called a session broker or PAM gateway — sits between authenticated identities and infrastructure targets. Instead of giving operators direct network reachability, every SSH, RDP, database, or Kubernetes session flows through a central control plane that enforces policy, injects credentials, and records activity.
A bastion is a single jump box — often one per region or VPC — that reduces attack surface but leaks on identity, evidence, and scale. A gateway is the bastion pattern industrialized: one policy engine, identity-bound sessions, protocol brokering beyond SSH, and recording built in at the termination point.
Vaults store and rotate secrets. Gateways broker access. Checkout logs show someone retrieved a password — not what they did on the target. Gateways inject credentials ephemerally at connect time and capture the full session for audit.
VPN grants network-wide reachability. Gateways grant session-level access to named targets for a defined window. VPN logs show connect and disconnect; gateway logs show commands, queries, and screen activity tied to an identity.
Recording at the gateway means evidence does not depend on agents on targets that operators may control. Sessions are bound to identity, policy version, approver, and time window at decision time — producing structured exports that map to SOC 2 CC6, PCI Requirement 10, and HIPAA audit controls.
Consolidate scattered jump hosts into one enforceable front door.
Time-bound, approval-gated access for contractors and MSPs.
Control-mapped session exports without manual log correlation.
Continuous verification on every connection, not just at login.
Next step
Wardengate ships as open source with Helm and Docker Compose installers. Stand up a control plane and broker your first session this week.
