Breadcrumbs

Using Secure Shadowing

Rationale

If you intend to use shadowing (viewing or controlling a user’s desktop remotely) on IGEL OS 12, several configuration options can improve both security and privacy.

Instructions

By default, Shadowing in IGEL OS 12 uses TLS and certificate-based authentication. These mechanisms provide encryption and verification of the shadowing connection.

You can disable Deny shadowing via external VNC tool to allow the use of third-party VNC clients, however, this is not recommended, as doing so may result in unencrypted VNC traffic.

To configure secure shadowing:

  1. In IGEL Setup, go to System > Remote Access > Shadow.

  2. Activate Allow Remote Shadowing.

  3. Configure as many of the following options as applicable to your use case. Each additional setting improves security and, in most cases, enhances user privacy:

    • Enable Use Password and set a strong password (not required in default TLS mode).

      • Maximum length for this password: 8 characters.

    • Enable Prompt User to allow Remote Session.

    • Enable Allow User to disconnect Remote Shadowing.

    • Disable Allow Input from Remote.

  4. Click Save.

In the UMS Console, you can also enable shadowing session logging under:
UMS Administration > Global Configuration > Remote Access
This records which users have performed shadowing, providing an audit trail for security reviews.