Remove Security Provider

Index

For any question or for assistance with this procedure, contact us at service@devolutions.net.

The Security Provider was implemented in older Devolutions Server versions and is no longer considered as secure per the explanation at the beginning of this blog article Update on Devolutions Server Security Provider Deprecation.

The following procedure explains how to remove the Security Provider and implement the Encryption at REST using the encryption keys.

Steps

  1. Ensure no users are connected to the Devolutions Server data source or the Devolutions Server web interface. It is possible to verify and disconnect all users in Reports - Connected User List on the Devolutions Server web interface.
  2. Switch the Devolutions Server instance to offline with the Go Offline button on the Devolutions Server Console
    Go Offline.png
    Go Offline.png
  3. If the Scheduler is installed, please uninstall it from the Devolutions Server Console in the Companions tab. Please note that if a service account is configured to run the Scheduler service, ensure to have the service account's password to reinstall it at the end of the procedure.
    Uninstall the Scheduler
    Uninstall the Scheduler
  4. Backup the Devolutions Server web application folder. Or if possible, take a snapshot of the virtual machine were Devolutions Server is hosted.
  5. Make a full database backup.
  6. Go in Tools menu of the Devolutions Server Console and click on Remove Security Provider button.
    Remove Security Provider.png
    Remove Security Provider.png

    KB8048.png

    KB8049.png
  7. Switch the Devolutions Server instance to online mode using the Go Online button.
    Go Online.png
    Go Online.png
  8. Once completed, verify that the data is available like the entries' configuration, passwords, etc. Verify the documents or attachments that exist in the database.

If Devolutions Server is installed in a Load Balancing/High Availability topology, only remove the Security Provider on one node. Then refresh the other nodes to notice that the Security Provider has been removed.

  1. On success, switch the instance to offline mode, make another database backup and a snapshot of the virtual machine were Devolutions Server is hosted. If for any reason, any of the next steps fails, a backup will be available to get back at this step instead of starting back to the beginning.

If the Activate Encryption at Rest button is not visible in the Tools menu, please jump to step 13.

  1. Again, go in the Tools menu of the Devolutions Server Console and click on the Activate Encryption At Rest button. This step is to properly encrypt the data in the SQL database.
    Activate Encryption At Rest.png
    Activate Encryption At Rest.png
  2. Once completed, export the Encryption Keys. Ensure to save that file and the password in a secure place for being able to build another Devolutions Server instance connected to the same SQL database. Without those encryption keys, it is impossible to access to the data.

We recommend to not store the encryption keys file and its password in your Devolutions Server instance

Export Encryption Keys.png
Export Encryption Keys.png

KB8053.png

  1. Once completed, verify again if the entries, the documents and the attachments are available.
  2. If the Scheduler service has been uninstalled on step 3, install it back from the Devolutions Server Console in the Companions tab.
    Install the Scheduler.png
    Install the Scheduler.png
  3. On success, one last database backup and virtual machine snapshot can be done.

If Devolutions Server is installed in a Load Balancing/High Availability topology, refresh the Devolutions Server Console and import the Encryption Keys to ensure to use the same on every node.