security model and encryption - microsoft · 2019. 11. 4. · for encryption at rest ∙ security...

SECURITY MODEL AND ENCRYPTION

MULTI-USER Remote Desktop

Manager

MULTI-USER Devolutions

Password Server

Security Model and Encryption

LEGEND : Encryption at Rest Encryption in Transit

∙ Security Providers are used for encryption at rest

∙ Security Providers support passphrase and certificate secret

∙ Clients must have network access to the database

∙ AES256 encryption key is derived from passphrase or certificate using PBKDF2

∙ Encryption in transit is optional

∙ Encryption at rest is performed by DPS server.

∙ Security Providers are not required

∙ Clients only need to have network access to DPS

∙ AES256 encryption key is generated using a secure pseudo-random number generator (PRNG) on installation

∙ Encryption in transit should be enabled for maximum security

Database

Remote DesktopManager

Web Access

DatabaseDevolutions

Password Server

Documents