Gateway-first PAM when SSH-only is not enough
Teleport pioneered identity-native infrastructure access. Ixiea extends that model across RDP, databases, and vendor workflows — with audit evidence built for regulated environments.
Days to first brokered session
Helm or Compose deploy, not a six-month agent rollout
One gateway for every protocol
SSH, RDP, databases, and Kubernetes through one policy engine
Exportable audit evidence
Session metadata, command logs, and recordings for GRC and SIEM review
Self-hosted control plane
Run on your infrastructure, no mandatory SaaS lock-in
Multi-protocol gateway vs. identity-native access
Teams evaluating Teleport often need the same identity story for Windows, databases, and third parties — without stitching together parallel tools.
| Capability | Ixiea | Teleport |
|---|---|---|
| Protocol coverage | SSH, RDP, VNC, databases, and Kubernetes in one gateway | Strong on SSH and K8s; RDP and legacy DB paths often need workarounds |
| Recording model | Gateway-native keystroke, screen, and file capture | Session recordings vary by protocol; desktop coverage differs |
| Audit exports | Signed evidence bundles for GRC and auditor handoff | Event logs and session metadata; GRC packaging often manual |
| Deployment | Self-hosted Helm/Compose or managed — your infrastructure | Self-hosted or Teleport Cloud — identity store is central |
| Third-party access | Approval-gated vendor flows with time-bound entitlements | Role-based access with short-lived certs; vendor workflows vary |
| MFA and step-up | Native gateway MFA — web, SSO, and SSH keyboard-interactive | WebAuthn and SSO integration; protocol-specific gaps |
When teams switch
When teams choose Ixiea over Teleport
- You evaluated Teleport for SSH but still need RDP and database paths in the same control plane.
- Auditors want signed, exportable session evidence — not just structured logs.
- Your estate is hybrid and you want one gateway story, not separate tools per protocol.
- Compliance scope includes PCI or HIPAA workloads that need full-fidelity playback.
Frequently asked questions
- Is Ixiea like Teleport?
- Both are gateway-first and identity-bound. Ixiea emphasizes multi-protocol brokering, gateway-native recording with signed exports, and a PAM-grade approval workflow — especially for RDP, databases, and vendor access.
- Can we run Ixiea self-hosted like Teleport?
- Yes. Ixiea ships as open source under GPL-3.0 with Helm and Docker Compose installers. Enterprise support and managed deployment are optional.
Evaluating Teleport?
See multi-protocol brokering in your stack
Walk through SSH, RDP, and database paths in one policy engine — with the recording and export model your auditors expect.