Secure Shadowing (VNC with TLS/SSL)

The Secure Shadowing function improves security when remotely maintaining a client via VNC at a number of locations:

  • Encryption: The connection between the shadowing computer and the shadowed client is encrypted.
    This is independent of the VNC viewer used.
  • Integrity: Only clients in the UMS database can be shadowed.
  • Authorization: Only authorized persons (UMS administrators with adequate authorizations) can shadow clients.
    Direct shadowing without logging on to the UMS is not possible.
  • Limiting: Only the VNC viewer program configured in the UMS (internal or external VNC viewer) can be used for shadowing.
    Direct shadowing of a client by another client is likewise not permitted.

    In addition, IGEL Management Interface (IMI) in Version 2 or newer provides an API for Secure Shadowing.
  • Logging: Connections established via secure shadowing are recorded in the UMS server log.
    In addition to the connection data, the associated user data (shadowing UMS administrator, optional) can be recorded in the log too.


    Of course, this is only relevant to clients which meet the requirements for secure shadowing and have enabled the corresponding option. Other clients can be "freely" shadowed in the familiar manner and, if necessary, secured by requesting a password. If you would like to allow secure shadowing only, you can specify this in Misc Settings in the UMS Administration area.


Last update: April 9, 2019