Skip to main content
Version: 6.11

Encrypting Communication

Patriot 6 supports encrypting and authenticating the communication between the data service and clients (including task service), to prevent unauthorised access or eavesdropping.

There is an overhead to using encryption, so it is recommended to review the impact of enabling this option. If you need to support remote Patriot workstations or Task services outside the local area network, you can either enable encryption, or (recommended) setup a VPN for these remote clients. You can also run remote Patriot workstations by using terminal services which includes its own encryption.

If you are using the Json SDK, the encryption of this is covered here.

Enabling Encryption

To enable encryption, simply tick the Use Encryption box in the configuration program for the data service and any task services, and then restart the services. To enable encryption in the client, open the settings drop-down on the login page and tick the Use Encryption box. Be sure to save the settings before logging in.

The encryption in Patriot additionally uses Windows Authentication to check that only domain users can access the service. If your machines are running on a domain, this should be all you need to do to enable encryption for your network. However if your network is using a workgroup setup, there are a few additional steps which must be taken. This can also be done if your remote workstations are not part of the domain.

On the server or domain, create a new user. This user should have a strong password and can be a restricted account.

When starting the Patriot client on the remote computer, enable encryption, and select Alternate Credentials. Enter the username and password of the user account you just set up. For the domain section, either enter the name of your domain, if you have one, otherwise enter the name of the server computer. These credentials are encrypted on the client so they cannot be viewed once saved.

Troubleshooting

If you get errors when trying to log in after enabling encryption, make sure that you have enabled it on both the client and server. Ensure that you have restarted the data service for the changes to take effect.

If you get an error regarding your credentials being rejected, then check the user account you are logged in as. This must be a domain user account or you must have added the user to the server as detailed above.

A remote side security requirement was not fulfilled during authentication Error indicates that you must disable Simple File Sharing on the server.