Online Help > Getting Started > Checklist for Teams

Select the Data Source type - Teams

Description

 

This topic is for teams that need the functionality offered by our Enterprise Edition.

 

When choosing any data source type that is not on-premise, you need to think of the safety of the data both at rest and during transport. we strongly recommend that you further encrypt your data by applying a Master key for file-based solutions, or a Security Provider for Advanced Data Sources. This will ensure that the data will be unreadable by no one but you.

 

To make choosing the data source type easier, we are presenting a set of concerns and the list of data sources that can serve in that context. If you have multiple concerns simply create the intersection of all sets to isolate a list of choices.

 

CONCERN

DEVOLUTIONS

SERVER

SQL

SERVER

SQL

AZURE

MYSQL/

MARIADB

DODB

PRO

DODB

ENT

The database is not accessible to end users.

X

note 1 & 2

note 1

note 1

note 1

note 1

AD accounts used for authentication

X

X

 

 

 

 

AD group membership used to assign permissions

X

 

 

 

 

 

The data is stored on-premises

X

X

 

X

 

 

Activity Logs

X

X

X

X

 

X

Data accessible globally

Note 3

Note 4

X

Note 4

X

X

Optional local cache of connections

X

X

X

X

X

X

 

Notes

 

Note 1

The administrators can create accounts for end users without divulging the passwords.  A locked data source definition is imported for each end user.  This obviously requires a lot of manual operations by the administrator.

 

Note 2

Integrated Security is the name of a Microsoft technology that does not sends credentials to get access to a SQL Server instance, but rather the token resulting from authentication in your Windows computer.  This therefore allows the users to connect directly to the database using other tools.  It should not be used if you need to prevent direct access to the database.

 

Our SQL Server data source offers a third option, namely the Custom (Devolutions) user type.  It allows for the user to be impersonated and therefore not be made aware of the credentials used to connect to the database.  Please consult User Management for details.

 

Note 3

You should not expose a Devolutions Password Server instance to the Internet without being able to protect it from DDoS attacks.  Strong passwords must be used as well as obscure account names that are not easily inferred using social data mining.

 

Note 4

You can indeed expose a database to the Internet, but you must use SSL/TLS to encrypt traffic, you must ALSO protect against DDoS attacks.  Cloud services, like Azure or Amazon Web Services, have that concern in the forefront. The default settings of the firewall should be to block everything, you will then open only the most limited set of ports, while filtering on a short list of acceptable origins for requests.