Database Connection Encryption Options

When Lucity programs connect to a SQL Server or Oracle database they have to send login credentials. Since these are usually sent out over a network there is the possibility that they could be intercepted in the network. To ensure safety Lucity provides several different options for managing and securing the configuration information.

Centrally Managed Desktop Gateway - This allows an administrator to make changes in a single location and have those changes automatically download to each workstation. This is the default setting.

Manual Configuration - This requires an administrator to visit each machine to make changes to the database connection configuration. This option can be more secure than a Centrally Managed Gateway.

Once an agency has decided how to manage the encryption they have 3 options with how to encrypt the connection credentials.

Integrated Security - This uses windows authentication through a Active Directory group to encrypt and send connection credentials to the database.

Unencrypted credentials - (these credentials do not provide access to the entire database, just a very limited set of stored procedures)

Encrypted credentials - Manually setup encryption. (This is the most secure method)

The following matrix outlines each of these types of databases and the options for managing the deployment of these configurations:

While Installing the client, or reviewing the settings, look at the GBAUser database settings.
Find the Centrally Managed Desktop Gateway setting. Make sure it is set to True.
Find the Integrated Security for Desktop Gateway setting. Make sure it is set to True.
Find the Active Directory Group for Gateway setting.
Enter an Active Directory group into this field, or click ... for a list of groups.
Provide the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields.
This is used to generate the Gateway account but is NOT saved in the Config folder.

While Installing the client, or reviewing the settings, look at the GBAUser database settings.
Find the Centrally Managed Desktop Gateway setting. Make sure it is set to True.
Find the Integrated Security for Desktop Gateway setting. Make sure it is set to False.
Provide the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields.
This is used to generate the Gateway account which is then saved (unencrypted) in the Config folder.

While Installing the client, or reviewing the settings, look at the GBAUser database settings.
Find the Centrally Managed Desktop Gateway setting. Make sure it is set to False.
Find the Integrated Security for Desktop Gateway setting. Make sure it is set to False.
Provide the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields.
This is used to generate the Gateway account. This information is NOT saved to the Config folder.
Each Desktop must be manually configured.
A tool is provided to do this. For more information go here.

	Centrally Managed	Manual Configuration
Integrated Security	X	X
Unencrypted Configuration	X	X
Encrypted Configuration		X