DataHub Connection & Configuration Security 

Extensive & Robust Security for Configuration & Data Access

DataHub has always had extensive security for read, write, create, delete, remote config access, data access & tunneling, and role based permissions. With V11 forward, security has been even further enhanced. There's so much power, if you'd like to discuss your needs, please request a consultation, but also visit our deep dive blog post on DataHub V11 security.

  • Warnings about potentially unsafe configuration and account settings
  • When changes are being made, they are highlighted in red to make it very obvious what you are changing before you commit the changes
  • Expand beyond local DataHub accounts by integrating Active Directory Users via LDAP to delegate authentication to your Active Directory Security Model
  • MFA & Time Based One-Time Passwords (TOTP) with QR code generation & support for popular authentication apps
  • Access rights by principal - IP, CIDR, connection protocol with different roles for each principal
  • Role based Permission Set Assignment 
  • Permission sets group rights for scalable management
  • Effective permissions view helps you check for unintended results 
  • Password age tracking 
  • Change report to review changes before activating changes

Request A Consultation

Access Control by Principals

Modern security requires more than passwords and MFA. It's best practice to only allow protocols and connections from IPs that need access.  

DataHub V11 and newer provides this through the use of "Principals". In DataHub a Principal is a login context for a specific user which consists of:

  • IP Address or Ranges of IPs specified specifically or using CIDR notation
  • Protocol(s)

Principals can then be assigned to roles, which are assigned permission sets, to enable scalable management of rights. 

An Effective Permissions display lets you check the rights you are granting to avoid unintended consequences, and uncommitted changes are highlighted in red to further support your security management efforts 

Flexible User Types & MFA/TOTP Authentication

DataHub has always had it's own local user database. With V11 forward you can also reference local Windows users or users in Active Directory via LDAP or LDAPS (Secure) to delegate authentication to your Active Directory security system, and then assign them to DataHub security roles which in turn reference permissions sets for scalable management.  You can also enable MFA, and more. Those users then can be used in remote configuration sessions, Webview access for view or modify and more. 

 

 

Restrict Connection & Data Access

Each DataHub interface point or groups of points can be secured

  • Password protect these connections: OPC UA, Tunnel/Mirror, TCP, WebView and Remote Config
  • Use permission sets to manage permissions efficiently, assigning users to groups
  • Control different types of user activity like reading and writing values, creating or deleting points, and more
  • Define read-only or read-write access as required
  • Specify security required for a connection to succeed, including limiting by IP and protocol

Restrict Remote Configuration Access

If you choose to use the remote configuration user interface locally or remotely, you can set permissions that control what features your users have access to, and layer that with the rest of the DataHub permissions to control who can configure the application.

From V11 forward, you can also require users to use Multi-Factor Authentication (MFA) using Time-Based One-Time Passwords (TOTP)

LEARN MORE

Security Beyond Connections and Configuration 

When we discuss security and DataHub, the conversation often also turns to DataHub's ability to move data in firewall, DMZ, Data Diode, & Proxy friendly ways as well as enhance MQTT security. 

With DataHub there are many scenarios we can implement, even ones that create data movement without any inbound firewall ports on the control and business network sides, using DMZ's and DataHub's secure tunneling.  With V11 and newer, Data Diode mode on tunnels enhances security further and supports hardware data diodes with TCP Emulation.

DataHub is also able to address many of the security challenges associated with MQTT.

Secure Tunneling

Ask an Expert

Get Started Now

This trial software is fully functioning and can be used to update licensed product provided you are on an active support & maintenance agreement.  Once DataHub is started it will run for 1 hour at a time, you can restart the application to reset this timer. Purchasing a license removes the limitation for licensed features. 

Connect with Us

1-888-665-3678 (US + Canada toll free)
+1-704-849-2773 (Global)
support.softwaretoolbox.com