How it works

Access Control
Theory of Operation

The Remote Control functionality is used to manage a remote Integration Tool server.

Access Control uses WCF (Windows Communication Foundation) to communicate (using a compressed SSL-encrypted TCP channel) with the remote server. The "scap5drc (Integration Tool Remote Control)" service must be running on the remote server to be able to connect. You may also have to enable inbound access for port 7320 on the remote server to allow the connection (or whichever port you have configured for remotecontrol).

Note that access-control must be enabled on the remote server to be able to connect! The user rights which are assigned to the login account will determine what you are allowed to manage on the remote server.

Since the introduction of Remote Control the setup-package has three different installation modes; "Full", "Server" & "Remote Management". "Server" installs only the requirements necessary to run the Integration Tool daemons and doesn't install the "Configuration Manager". "Remote Management" allows you to install only the requirements necessary to remotely manage an Integration Tool server and doesn't require a license.

When Access Control is enabled, each time the Configuration Manager is started you have to login to be able to continue. Depending on the user-rights of the account, certain functionality will be disabled.

There is one built-in account called "admin" which always has all functionality enabled and is the only account that can be used to manage the user-accounts.

Access Control can be enabled/disabled from the "Options" menu in the Configuration Manager. The first time Access Control is enabled you will be asked to set the Admin password.

NOTE-1: Access Control is not intended to be a full-proof mechanism to limit the access of certain users to the Configuration Manager, but rather an aid in helping you manage your configurations/daemons on a system where multiple users use the Configuration Manager.

NOTE-2: When Access Control is enabled, all configuration files are automatically encrypted using a machine-specific key. Only "Admin" has access to the "Open Inifile" option, which will automatically decrypt the file before opening. The "Save As" menu-option will also save the configuration file unencrypted. The "Auto Backup" feature also stores the files unencrypted.

On a more technical level

The user-account information is stored (encrypted) in the file "accounts.dat" which is located in the installation folder. For extra security it is recommended to limit the access to this file using NTFS permissions.

The "Admin" password is stored (encrypted) in the registry: "HKEY_LOCAL_MACHINESoftwareSetConnectIntegration ToolManagerAdminPassword"

The Configuration Manager checks the (encrypted) registry key "HKEY_LOCAL_MACHINESoftwareSetConnectIntegration ToolManagerAccessControl" to find out if Access Control is enabled or not. If this key is removed, Access Control will be disabled.

For extra security it is recommended to limit access to the registry.

NOTE: all data is encrypted using a machine-specific key, which means the data (like in the file "accounts.dat") can NOT be transferred or copied to another machine!


Release notes