Document toolboxDocument toolbox

(12.05.100-en) Secure Shadowing (VNC with SSL/TLS)

In the IGEL Universal Management Suite (UMS), you can activate secure VNC for specific devices or globally for all devices. 

Additional information on secure shadowing can be found under IGEL OS > IGEL OS Articles > Security > Secure Shadowing (VNC with TLS/SSL).

Secure Shadowing and IGEL OS 12

Shadowing of IGEL OS 12 devices through the UMS is always via Unified Protocol and therefore secure, i.e. communication is always encrypted. By default, shadowing over plain VNC protocol is denied. However, you can deactivate the Deny shadowing via external VNC tool option under System > Remote Access > Shadow if you want that the devices could be shadowed by the external VNC viewer via plain VNC protocol.


Menu path: Setup > System > Remote Access > Shadow > Secure mode

 

The Secure Shadowing function is only relevant to clients which meet the requirements for secure shadowing and have enabled the corresponding option. Secure shadowing improves security when remote maintaining a client via VNC at a number of locations:

  • Encryption: The connection between the shadowing computer and the shadowed client is encrypted.
    This is independent of the VNC Viewer used.

  • Integrity: Only clients in the UMS database can be shadowed.

  • Authorization: Only authorized persons (UMS administrators with adequate permissions) can shadow clients.
    Direct shadowing without logging in to the UMS is not possible.

  • Limiting: Only the VNC Viewer program configured in the UMS (internal or external VNC viewer) can be used for shadowing.
    Direct shadowing of a client by another computer is likewise not permitted.

  • Logging: Connections established via secure shadowing are recorded in the UMS server log.
    In addition to the connection data, the associated user data (shadowing UMS administrator, optional) can be recorded in the log too.

How to Activate Secure Shadowing

To enable secure shadowing for specific devices:

  1. In the configuration dialog or IGEL Setup, go under System > Remote Access > Shadow and activate Allow remote shadowing.

  2. Enable Secure mode and save the settings.

 

To enable secure shadowing globally for all devices:

  1. In the configuration dialog or IGEL Setup, go under System > Remote Access > Shadow and activate Allow remote shadowing.

  2. In the UMS Console, go under UMS Administration > Global Configuration > Remote Access and activate Enable secure VNC globally. See Remote
    Access.

Limitations for Special Characters

Some special characters might not be transmitted through the VNC connection. The processing of special characters depends on the following factors:

  • Keyboard layout configured on the VNC client and on the VNC server

  • VNC viewer in use: An external viewer and the internal viewer behave differently. 

  • Firmware version of the endpoint device

  • UMS user interface: The UMS Console and the UMS Web App have different VNC viewers.