Configuring the UI client to securely access a remote applicationRequires Pliant release 108 or more. Why use enhanced security ?If you don't expect enhanced security, then you don't need to configure anything. Pliant enhanced security brings you:
What needs to be done to provide enhanced security ?For the specialists, in order to achieve this extra level of security, Pliant relies on the well known RSA key pairs mechanism for exchanging a shared key, then RC4 channel ciphering with extended seed and MD5 checksuming of the ciphered packets. It means that:
Moreover, since copying files using Pliant UI clipboard requires each machine to securely connect to the other:
Preparing the serverYou need to prepare the server though creating a user account that will receive the public key of the user, and a host account that will receive the public key of the machine running the Pliant UI for the user. First select a temporary clear password. Here, it will be 'foo' In order to prepare the user account, from the main FullPliant menu, use 'Dashboard' 'Accounts' 'Users', create the new user record and fill it's public key with 'pass foo'. In order to prepare the host account, from the main FullPliant menu, use 'Dashboard' 'Accounts' 'Hosts', create the new machine record and fill it's public key with 'pass foo'. Of course, the user ID, host name and temporary password you selected must match the ones the user will use to configure his machine. Configuring the clientFrom the main FullPliant menu, use 'Dashboard' 'Once' In our sample, 'Keys exchange password' will be 'foo' If you fill it, 'Remote administration user' will futhermore create a user account on your machine, with administration right, that can be used to access and remotely configure or upgrade your machine. The administrator can see everything in your machine as soon as the 'UI server' service is running on it. When you have filled the form, 'See current situation' enables to check the situtation and provide a report, without changing anything. Please also notice that the public keys are exchanged through a not protected TCP connection, so could be changed by a machine modifying the packets in the middle. The simple password (here 'foo') protection is not enough to prevent it. As a result, it is recommanded to check, maybe through on the phone or through a paper provided validation, that the received public keys on both sides are correct. |