The Secure Shadowing option can be enabled if the following requirements are met:

  • IGEL Linux as of version 5.03.190 and 10.01.100 or IGEL Windows Embedded Standard 7 from version 3.09.100
  • IGEL Universal Management Suite from version 4.07.100 onwards
  • The device is registered on the UMS Server
  • The device can communicate with the UMS Console and UMS Server (see below)

Basic Technical Principles

Unlike with "normal" shadowing, the connection between the VNC viewer and the VNC server (on the device) is not established directly during secure shadowing. Instead, it runs via two proxies – one for the UMS Console and one for the VNC server on the device. These proxies communicate via a TLS/SSL-encrypted channel, while the local communication, e.g. between the VNC viewer application and the UMS proxy, takes place in the conventional unencrypted manner. As a result, a secure connection can also be established with external VNC programs that do not support TLS/SSL connections.

The two proxies (UMS Console and device) communicate with TLS/SSL encryption via the same port as the "normal" VNC connection: 5900. As a result, no special rules for firewalls need to be configured in order to perform secure shadowing.

If secure shadowing is active for a device under Setup > System > Remote Access > Shadow > Secure mode), the device generates a certificate in accordance with the X.509 standard and transfers it to the UMS Server when the system is next started. The UMS Server checks subsequent requests for a secure VNC connection using the certificate. The certificate in PEM format can be found in the /wfs/client-certs/tc_ca.crt directory on the device. The validity of the certificate can be checked on the (Linux) client using the command: x11vnc -sslCertInfo /wfs/client-certs/tc_ca.crt


If a UMS administrator calls up the Shadowing function in the UMS Console for the device, the console receives a signed request from the UMS Server which is then passed on to the device to be shadowed. This in turn passes on the request to the UMS Server which checks the validity of the request using the original certificate. If this check is successful, the console reports that the channel for the connection between the proxies can be established. The UMS proxy on the console connects to the server proxy on the device, and the server proxy, in turn, establishes on the device the connection to its VNC server.

Only when these connections have been established, the console calls up the VNC viewer which then connects to the console proxy. The VNC client and VNC server are now connected via the two proxies which transfer data with TLS/SSL encryption.

Secure shadowing can be enforced independently of the device configuration for all devices that support this function: UMS Administration > Global Configuration > Remote Access > Enable secure VNC globally.