Securing transport connections with SSL
BKD 
WinClient 
macClient
SafeGuard Enterprise supports encrypting the transport connections between its components with SSL. You can use SSL to encrypt transport between the following components:
- Database Server <-> SafeGuard Enterprise Server with IIS
- Database Server <-> SafeGuard Management Center
- SafeGuard Enterprise Server with IIS <-> managed endpoints
Before you activate SSL in SafeGuard Enterprise, you must set up a working SSL environment.
The following general tasks must be carried out for setting up SSL:
- Optional: install a Certificate Authority for issuing certificates used by SSL encryption.
- A certificate must be issued and the IIS server must be configured to use SSL and point to the certificate.
- The server name specified when configuring the SafeGuard Enterprise Server must be the same as the one specified in the SSL certificate. Otherwise client and server cannot communicate. For each SafeGuard Enterprise Server a separate certificate is needed.
- If you use Network Load Balancer, make sure that the port range includes the SSL port.
For further information, contact our technical support or see:
- The Microsoft document How To Set Up an HTTPS Service in IIS
- The Microsoft document How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
SafeGuard specific transport encryption for test setups
For demo or test setups, you can alternatively secure the connection between the SafeGuard Enterprise Server and the SafeGuard Enterprise managed endpoints by SafeGuard specific encryption. For ideal security and performance, we strongly recommend that you use SSL encrypted communication. If, for some reason, this is not possible and SafeGuard-specific encryption is used, there is an upper limit of 1000 clients that connect to a single server instance.