September 17, 2014
Securing Surround SCM Client/Server Communication
Protecting your valuable digital property is extremely important. Encrypting client/server communication is one way to make sure your data is secure from potential hackers. Surround SCM 2014.1 introduces improved encryption methods and a new, stronger security option: RSA key exchange.
Configuring encryption and server securityCommunication between Surround SCM clients and the Surround SCM Server should always be encrypted. At a minimum, make sure the Encrypt communication between clients and the server option is enabled in the global General server options. If you need stronger encryption, you can use RSA key exchange, which is a public key algorithm that uses separate keys for encryption and decryption. You may want to use RSA key exchange if:
- Your organization stores sensitive information in Surround SCM.
- Your network is potentially insecure.
- Users log in to client applications from outside your network.
- Users are authenticated to Surround SCM using LDAP, single sign-on, or external authentication.
Adding the key to clientsAfter RSA key exchange is enabled, the public key must be added to server connections in clients so users can access Surround SCM. This process is slightly different for different client types. Distribute the key file to all users who use the Surround SCM Client or CLI. Client users must import the file to their server connection settings. For example, on the Surround SCM Login dialog box, click Setup. Select the server connection to add the public key to and click Edit. Click Import, select the key file, and click Open. Click OK to save the changes. CLI users simply need to save the key file and enter the full path to it in the -z option with commands instead of entering the server connection information. If users use Surround SCM Web or proxy servers, only the Surround SCM administrator needs to import the key file using the Surround SCM Registry Utility. For example, click Web Options or Proxy Options in the registry utility and then click Import on the Server Options dialog box. Select the key file and click OK to save the changes.
Securing Seapine License Server communicationThe same encryption and key exchange principles apply to the Seapine License Server. Always enable encryption to make sure communication is secure between the license server, admin utilities, API, and other Seapine product servers. To enable encryption and RSA for the license server, click Server Options in the license server admin utility and select the Server category.
More informationFor more information about encryption and key exchange, see the following help topics:
- How encryption, authentication, and key exchange works
- Setting general global server options
- Configuring RSA key exchange