Skip to main content
Skip table of contents

Using Secure Shadowing

Rationale

If you intend to use shadowing (viewing or controlling a user’s desktop remotely) on IGEL OS 12, several configuration options can improve both security and privacy.

Instructions

By default, Shadowing in IGEL OS 12 uses TLS and certificate-based authentication. These mechanisms provide encryption and verification of the shadowing connection.

You can disable Deny shadowing via external VNC tool to allow the use of third-party VNC clients, however, this is not recommended, as doing so may result in unencrypted VNC traffic.

To configure secure shadowing:

  1. In IGEL Setup, go to System > Remote Access > Shadow.

  2. Activate Allow Remote Shadowing.

  3. Configure as many of the following options as applicable to your use case. Each additional setting improves security and, in most cases, enhances user privacy:

    • Enable Use Password and set a strong password (not required in default TLS mode).

      • Maximum length for this password: 8 characters.

    • Enable Prompt User to allow Remote Session.

    • Enable Allow User to disconnect Remote Shadowing.

    • Disable Allow Input from Remote.

  4. Click Save.

In the UMS Console, you can also enable shadowing session logging under:
UMS Administration > Global Configuration > Remote Access
This records which users have performed shadowing, providing an audit trail for security reviews.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close