This video describes how Symantec DCS can be used to lockdown a jumphost and force a requirement for secondary authorisation (separation of duty) for high risk commands to a system such as a NetAPP filer. The original development was to specifically to integrate with CyberArk enterprise password manager to provide credentials for elevated commands.
We have since gone on to use similar principles in SCAD environments.
00:01:56