The Security page enables you to configure and implement security-related settings of your , such as uploading your certificates for the server side, selecting the security level of the viewer connections, and also the password policy for the viewer and browser connections.
After you have made all modifications, click Store Settings to save your settings and then hit Apply Settings/Restart Servers to validate these new settings. Every change you have made on this page will NOT apply until you hit Apply Settings/Restart Servers!
Click the Quick Links for more information:
Certificates and Keys
Security level of Viewer Connections
User-Password Policy
Certificates are only needed if you intend to implement full PKI authentication for the viewer connections. If an SSL-encrypted session is already enough for your security requirements, you can just ignore this aspect of PKI authentication.
Where can you get the certificates? There are a default set of certificates in your support CD ROM. You can use them to practice the certificates uploads. In real world scenario, you can either generate the certificates by yourself, since there are some freeware or shareware such as XCA for this purpose. Or you can buy certificates from companies that provide authentication service.
The valid file names and formats of the certificates and Keys to be uploaded to the should be exactly as below:
First, you should get a set of certificates from your administrator. If your certificates files have different names, change them to the valid names before uploading.
To upload the certificates, click the Browse button to go to the location where your certificates reside. Select a certificate file and then click Upload to upload your certificates, one at a time, to the . After the uploading is completed, you should see the prompt page for reboot. However you don’t have to reboot before you have uploaded all the necessary certificates. Just reboot once after you have uploaded all the necessary certificates:
You must upload two extra certificates if you need to SSL-encrypt the LDAP connection for user remote authentication:
Security Level of Viewer Connections
The browser connections to the web management are always using SSL connections. The viewer connections can use different levels of security.
Security Level (SSL): The offers three levels of security for viewer connections. On the drop-down combo box, you can just choose either one of the three viewer security levels as appropriate to your real demands on viewer connection security:
Level 1 uses No SSL data encryption and No authentication. This is the most straightforward setting that opens most convenience if there are no security concerns at all. Anyone who have a viewer and an Internet connection can easily connect to as long as the user passes the password policy requests.
Level 2 uses SSL encryption for viewer connection, but only requires server authentication by viewer client. Remote users are not require to install any certificates on their client computers. However, the viewer connection is encrypted with 256-bit SSL technology to ensure that all data contents transmitted via the viewer connection are protected, including keyboard, mouse and video signals.
Level 3 uses 256-bit encryption and a bi-directional PKI authentication between server and viewer client. With this level of security, all remote users who want to make viewer connections must install a proper client certificate on their computer. This client certificate must come from the same CA that issued the root.crt certificate of .
There are altogether nine possible combinations of Viewer Security Levels + Password Policies that are available for a flexibility to adapt to your security needs.
KVM Server Password: This item will only appear if you choose to implement Level 3 security. Here you should enter the password that has been used to protect the server private key serverkey.pem. If you use the standard set of certificates provided by default on the Support CD ROM disc, the server password is serverpwd. However, if you use your own set of certificates (as you should do for a real secure installation), you must set the correct server certificate password you got from the Certificate Authority that issued those certificates.
User-Password Policy: The offers three types of password policies for selection, you can select here your password policy for viewer connections:
Note: The viewer can also prompt you for the client certificate password if you are using the security level 3.
Global User-Password: This item only appears if you select Global Password as password policy. Enter the common password used by all users here.
Note: Either Password or Security (SSL/PKI authentication) settings should be used with due precaution. If the security settings are set to No Password and no SSL or no PKI authentication (Viewer connection security - Level 1), anyone with a viewer and knowledge of the IP address and port number of can establish a remote connection. With these settings, there is no password protection and no data encryption. Unless you have taken other proper security measures or simply have no security concern, these “unsafe settings” cannot permit to survive longer than 15mn on the Internet.