- 46 -
Security Level (SSL):
The
Prima IP
offers three levels of security for viewer connections. On the drop-
down combo box, you can just choose either one of the three viewer security levels as appropriate to your
real demands on viewer connection security:
Level 1
uses No SSL data encryption and No authentication. This is the most straightforward setting that
opens most convenience if there are no security concerns at all. Anyone who have a viewer and an
Internet connection can easily connect to
Prima IP
as long as the user passes the password policy
requests.
Level 2
uses SSL encryption for viewer connection, but only requires server authentication by viewer
client. Remote users do not need to install any certificate on their client computers. However, the viewer
connection is encrypted with 256-bit SSL technology to ensure that all data contents transmitted via the
viewer connection are protected, including keyboard, mouse and video signals.
Level 3
uses 256-bit encryption and a bi-directional PKI authentication between
Prima IP
server and
viewer client. With this level of security, all remote users who want to make viewer connections must
install a proper client certificate on their computer. This client certificate must come from the same CA
that issued the root.crt certificate of
Prima IP
.
KVM Server Password:
This item will only appear if you choose to implement Level 3 security. Here you
should enter the password that has been used to protect the server private key serverkey.pem. If you use the
standard set of certificates provided by default on the Support CD ROM disc, the server password is
serverpwd
. However, if you use your own set of certificates (as you should do for a real secure installation),
you must set the correct server certificate password you got from the Certificate Authority that issued those
certificates.
First, you should get a set of certificates from your administrator. If your certificates files have different
names, change them to the valid names before uploading.
To upload the certificates, click the
Brows
e button to go to the location where your certificates reside. Select
a certificate file and then click
Upload
to upload your certificates, one at a time, to the
Prima IP
. After the
uploading is completed, you should see the prompt page for reboot. However, you do not have to reboot
before you have uploaded all the necessary certificates. Just reboot once after you have uploaded all the
necessary certificates:
root.crt ; server.crt ; serverkey.pem
You must upload two extra certificates if you need to SSL-encrypt the LDAP connection for user remote
authentication:
ldapcert.crt; ldapkey.pem
4.5.3 User
Password
User-Password Policy:
The
Prima IP
offers three types of password policies for selection. You can select
here your password policy for viewer connections:
•
No Password:
the viewer will not prompt you for any user password - the door is open unless you are
using security level 3.
•
Global Password:
the viewer will prompt you for a global user password, which is used by all users - a
sort of building door code.
•
User Password:
the viewer will prompt you for your user-specific password - a sort of apartment door
code.
Note:
The viewer can also prompt you for the client certificate password if you are using the security
level 3.
Global User-Password:
This item only appears if you select
Global Password
as password policy. Enter
the common password used by all users here.
