security model and encryption - microsoft · 2019. 11. 4. · for encryption at rest ∙ security...
TRANSCRIPT
SECURITY MODEL AND ENCRYPTION
MULTI-USER Remote Desktop
Manager
MULTI-USER Devolutions
Password Server
Security Model and Encryption
LEGEND : Encryption at Rest Encryption in Transit
∙ Security Providers are used for encryption at rest
∙ Security Providers support passphrase and certificate secret
∙ Clients must have network access to the database
∙ AES256 encryption key is derived from passphrase or certificate using PBKDF2
∙ Encryption in transit is optional
∙ Encryption at rest is performed by DPS server.
∙ Security Providers are not required
∙ Clients only need to have network access to DPS
∙ AES256 encryption key is generated using a secure pseudo-random number generator (PRNG) on installation
∙ Encryption in transit should be enabled for maximum security
Database
Remote DesktopManager
Remote DesktopManager
Remote DesktopManager
Remote DesktopManager
Remote DesktopManager
Remote DesktopManager
Remote DesktopManager
Web Access
DatabaseDevolutions
Password Server