0 Replies Latest reply on Apr 24, 2018 4:24 PM by brfrankl

    NCM - Federal Compliance - How SW handle the following


      We are having an internal discussion on how SW NCM is able to be compliant.  A scenario came up and I need to know how solarwinds handles it...



      NCM has login credentials so it can go and grab the configurations periodically.  These credentials, I am assuming, are stored in its database somewhere in an encrypted fashion.  The question arises, what does it use to encrypt the device credentials?


      At some point, there is a cleartext password that is the "master" password that, recursively, can unencrypt everything.  How is this "master" password stored safely?  Is it in a place where only the solarwinds process can have access to it (like a flatfile)?  Is it in some registry key (which can't be encrypted because solarwinds couldnt read it)?  Or how is this done??


      How does it protect that "master" password from prying eyes...  It's not like a human types in a master password at every configuration backup job runtime...