The Remote Control
functionality is used to manage a remote Integration Tool
server.
Remote Control uses WCF (Windows Communication Foundation) to communicate
(using a compressed SSL-encrypted TCP channel) with the remote server.
The "scap5drc (Integration Tool Runtime Controller)" service must be
running on the remote server to be able to connect. You may also have to enable
inbound access for port 7320 on the remote server to allow the connection
(or whichever port you have configured for remotecontrol).
Note that remote-control must be enabled on the remote server
to be able to connect! The user rights which are assigned to the login
account will determine what you are allowed to manage on the remote
server.
Since the introduction of Remote
Control the setup-package has three different installation modes; "Full",
"Server" & "Remote Management". "Server" installs only the
requirements necessary to run the Integration Tool daemons and doesn't
install the "Configuration Manager". "Remote Management" allows you to
install only the requirements necessary to remotely manage an Integration
Tool server and doesn't require a license.
When Remote Control is enabled, each time the Configuration Manager is started you
have to login to be able to continue. Depending on the user-rights of the
account, certain functionality will be disabled.
There is one
built-in account called "admin" which always has all functionality enabled
and is the only account that can be used to manage the
user-accounts.
Remote Control can
be enabled/disabled from the "Options" menu in the Configuration Manager.
The first time Remote Control is enabled you will be asked to set the
Admin password.
NOTE-1: Remote Control is not
intended to be a full-proof mechanism to limit the access of certain users
to the Configuration Manager, but rather an aid in helping you manage your
configurations/daemons on a system where multiple users use the
Configuration Manager.
NOTE-2: When
Remote Control is enabled, all configuration files are automatically
encrypted using a machine-specific key. Only "Admin" has access to the
"Open Inifile" option, which will automatically decrypt the file before
opening. The "Save As" menu-option will also save the configuration file
unencrypted. The "Auto Backup" feature also stores the files
unencrypted.
On a more
technical level
The user-account information is stored
(encrypted) in the file "accounts.dat" which is located in the
installation folder. For extra security it is recommended to limit the
access to this file using NTFS permissions.
The "Admin" password is
stored (encrypted) in the registry:
"HKEY_LOCAL_MACHINE\Software\SetConnect\Integration
Tool\Manager\AdminPassword"
The Configuration
Manager checks the (encrypted) registry key
"HKEY_LOCAL_MACHINE\Software\SetConnect\Integration
Tool\Manager\AccessControl" to find out if Remote Control
is enabled or not. If this key is removed, Remote Control will be
disabled.
For extra security it is recommended to limit access to
the registry.
NOTE: all data is encrypted using a
machine-specific key, which means the data (like in the file
"accounts.dat") can NOT be transferred or copied to another
machine! |