Online Help > Commands > Administration > Settings

Security Providers

Description

 

The Security Provider allows for encrypting the data source content. To access the security provider, navigate to Administration - Security Provider.

 

This feature requires an Advanced Data Source.

 

Regardless of the selected security provider, passwords stored in data sources are ALWAYS encrypted using AES 256 bit encryption.

 

By using a security provider, you ensure that nobody can read entries configuration data, even when people have a direct access to the database(s) or a backup. Shared data sources should always be secured with a security provider especially Devolutions Online Database.

 

Prior to applying a new or changing an existing security provider, make sure that every users are disconnected from the data source. If you are changing an existing Shared Passphrase or Certificate, please note that users will get back access to the data source when they the new Shared Passphrase or Certificate on their computer.

 

Settings

 

Please note that changing a security provider on a data source with a great number of entries is a lengthy operation.

 

Applying a new security provider does process the whole database, therefore we advise you to create a backup prior to this operation.

 

1.Click on Change security settings to change the security provider.

 

Security provider

Security provider

 

2.Select a security type from the drop down list.

 

Security Type

Security Type

 

OPTION

DESCRIPTION

Default

This is the legacy security provider. The data is encrypted if the entry configuration is set accordingly in the advanced settings of the entries.

Shared passphrase

Please consult the Shared Passphrase section below in this topic.

Certificate

Please consult the Certificate section below in this topic.

 

Shared Passphrase

 

If the passphrase is lost, nothing that can be done to recover the data. When using a passphrase, always copy it to a secure location.

 

Security Provider - Shared Passphrase

Security Provider - Shared Passphrase

 

Entries configuration data is encrypted using a mix of a key stored in Remote Desktop Manager and the passphrase you've entered.

 

The passphrase is required only when configuring the data source. A policy can be enabled to always prompt for the passphrase when connecting to the data source. For more information, please consult the How to modify Group Policy Templates topic.

 

Certificate

 

When choosing Certificate as Security Provider, entries configuration data is encrypted using a mix of a key stored in Remote Desktop Manager and the private key contained in the certificate.

 

 

OPTION

DESCRIPTION

Location

Indicate the certificate location. Select between:

Current user

Local machine

Store

Indicate the store location of the certificate. Select between:

Address book

Authorization root

Certificate authority

Disallowed

My

Root

Trusted people

Trusted publisher

Thumbprint

Select an existing certificate.

 

Create Certificate

It is possible to create a Self Signed certificate by clicking on Create Certificate.

 

Self Signed Certificate

Self Signed Certificate

 

OPTION

DESCRIPTION

Common name

Name of the certificate.

Key size (bits)

Indicate the key size (bits) of the certificate. Select between:

384

512

1024

2048

4096

8192

16384

Valid from

Start date of the certificate.

Valid to

End date of the certificate.

Save to file (pfx)

Save the certificate as a pfx file and secure this certificate with a password.

Save to certificate store

Indicate the location and the store to save the certificate.