Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2257: Questions on Centrify's Deployment Manager.

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 10:57 AM

Applies to: All versions of Centrify Deployment Manager.
 
Question:
  1. What type of database is used by Centrify Deployment Manager?
  2. What is the encryption used?
  3. What is the encryption key that ensures that only the user account that encrypts them can decrypt?
  4. Is there any way to prevent the storage of credentials in the application completely?

Answer:
  1. Centrify's Deployment Manager uses Microsoft's SQL Server Compact Edition
    • The database's file extension is .sdf
  2. Centrify uses Data Protection application programming interface (DPAPI) from Microsoft to do the data protection.
  3. Deployment Manager uses the AD users' own credentials as the encryption key.
    • When you enter account information in Deployment Manager, the user name and password are securely stored in the Deployment Manager repository and are available only to the user who creates them. In addition, all passwords in the repository are encrypted with the access token of the currently logged on Windows user. Therefore, even if other users have access to the Deployment Manager repository, they cannot decrypt stored passwords because they do not have access to the Windows user account and password used to encrypt the information. Decrypting a stored password requires the user who created the password in Deployment Manager to log on and access the database from the same computer used when the password was encrypted.
  4. The idea behind Deployment Manager is automation.
    • In order to automate tasks across hundreds of systems, the credentials stored are used to connect to systems and perform privileged operations like installation of Centrify's software and management of local accounts.
    • Otherwise the application would have to prompt the user for a password every time a connection or privileged operation is performed.
 
For further info, please see the Deployment Manager Admin Guide

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.