This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NCM - Federal Compliance - How SW handle the following

We are having an internal discussion on how SW NCM is able to be compliant.  A scenario came up and I need to know how solarwinds handles it...

NCM has login credentials so it can go and grab the configurations periodically.  These credentials, I am assuming, are stored in its database somewhere in an encrypted fashion.  The question arises, what does it use to encrypt the device credentials?

At some point, there is a cleartext password that is the "master" password that, recursively, can unencrypt everything.  How is this "master" password stored safely?  Is it in a place where only the solarwinds process can have access to it (like a flatfile)?  Is it in some registry key (which can't be encrypted because solarwinds couldnt read it)?  Or how is this done??

How does it protect that "master" password from prying eyes...  It's not like a human types in a master password at every configuration backup job runtime...