The Secure Shadowing function improves security when remotely maintaining a device via VNC at a number of locations:

  • Encryption: The connection between the shadowing computer and the shadowed device is encrypted.
    This is independent of the VNC viewer used.
  • Integrity: Only devices in the UMS database can be shadowed.
  • Authorization: Only authorized persons (UMS administrators with adequate authorizations) can shadow devices.
    Direct shadowing without logging on to the UMS is not possible.
  • Limiting: Only the VNC viewer program configured in the UMS (internal or external VNC viewer) can be used for shadowing.
    Direct shadowing of a device by another device is likewise not permitted.

    In addition, IGEL Management Interface (IMI) in Version 2 or newer provides an API for Secure Shadowing.
  • Logging: Connections established via secure shadowing are recorded in the UMS server log.
    In addition to the connection data, the associated user data (shadowing UMS administrator, optional) can be recorded in the log too.

    Of course, this is only relevant to devices that meet the requirements for secure shadowing and have enabled the corresponding option. Other devices can be "freely" shadowed in a familiar manner and, if necessary, secured by requesting a password. If you would like to allow secure shadowing only, you can specify this in the UMS Console under UMS Administration > Global Configuration > Remote Access.