The management connections between the Management Server and the managed hosts are encrypted and authenticated with TLS. The server is authenticated with an X.509 certificate and the client with a pre-shared key. The pre-shared client key is renewed with a unique key at the initial connection to the Management Server.
The administration interface web connections from the administrator's workstation to the Management Server are likewise TLS-encrypted with server-side X.509 certificate authentication. The administrators are authenticated to the system using passwords and optional TLS client authentication using X.509 certificates.
The administrator user groups and roles determine which hosts each administrator is allowed to manage and view, and which management actions (for example, configuration editing, configuration deployment) they are allowed to perform.
All changes made by an administrator are logged as an audit trail in the database. Critical data in the database is encrypted. The database may be replicated, backed up, and restored with existing procedures and third-party tools.