SyncOffice Manager

som-main-gui-small

SyncOffice Manager is a Delphi VCL application. It's running on recent Windows OS PC. SyncOffice Manager is used for certificate generation and management, uploading remote control attributes to RAS/RSS, and orchestrating SyncOS Live USB creation.

Customer administrator uses SyncOffice Manager to generate certificate based on end-user generated Certificate Request (CSR) from his working PC. Certificate contains many authorization constraint attributes. Certificates issued for staff in different departments can have different privileges. SyncOffice Manager manages certificate configuration data for company level, department/group level and end-users.

Once certificate created for an end-user, administrator can use SyncOffice Manager to upload the certificate's remote control attributes to own Remote Auth Server (typically, it is SyncOffice Authenticator), and optionally also upload to auxiliary Teleon RSS server.

To achieve super sandboxing for some critical files and their cloud repository, customer administrator can create a SyncOS Live USB flash drive for its end-user. SyncOffice Manager embeds and calls an external Rufus USB utility tailored for SyncOS. SyncOffice Manager also encrypts cloud credentials and other login data and burning into the USB drive. When boot up and after authorized, SyncOS decrypts these data and automatically login to the cloud, open the file repository to the end-user. So end-user won't need to know the cloud login and other credentials to use the cloud.

SyncOffice Manager is developed by Teleon from scratch, mainly using Embarcadero Rad Studio. There are bunch of third party standalone applications are called from SyncOffice Manager. Some of these key technologies and sources include:

  • Rad Studio 10: Delphi VCL/FMX development studio for SyncOffice utility tools.
  • Rufus: Rufus is a utility that helps format and create SyncOS bootable USB flash drives.
  • Rclone: Rclone is a command line program to manage files on cloud storage.
  • RcloneBrowser: Simple cross platform GUI for Rclone command line tool.
  • MySQL: Open-source relational database management system used for certificate and other data.
  • XMPP: Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging, presence information, and contact list maintenance. It's the default communication means for SyncOffice Manager to Teleon login service.

How To Login SyncOffice Manager

Customer need to order a license pack for Teleon service from Teleon client site to run SyncOffice Manager. Once order placed, a license-key is issued. Customer use this license-key to login to Teleon service.

After login, there is no interaction or data sending to Teleon site during SyncOffice Manager working except customer is willing to upload the created certificate's remote control attributes to Teleon RSS. Teleon RSS service is optionally and auxiliary. In best practice, customer should depend only on his own RAS for remote control.

Where SyncOffice Manager Data Stored

SyncOffice Manager uses a standalone MySQL database for persistent data storage. Local MySQL server is launched by SyncOffice Manager after its login. This tailored MySQL database is portable; it resides in SyncOffice Manager application folder.

MySQL database keeps record for 3 levels of template data for various constraint attributes, previously created certificates, their remote attributes uploading history and other related data.

SyncOffice Manager also maintains internal cache storage in memory. For normal configuration work, it's working on cache data.

SyncOffice Manager and RAS/RSS

SyncOffice Manager issues certificates. Certificates can be used standalone or used with RAS/RSS. When there is no RAS/RSS support, certificate is solely rely on its own definitions for various privileges. It may define time of day constraints, IP address constraints, or need administrator informing real time passcode, etc. But in best practice, customer should set up his own Remote Auth Service (RAS). The most common RAS server is SyncOffice Authenticator.

Once customer want to his end-user get authorization from RAS/RSS, a set of definitions/attributes of the certificate need to be uploaded to RAS/RSS after the certificate created. The whole certificate is not uploaded, only a few data set, to ensure minimum impact on the certificate privacy even if RAS/RSS data were accidentally compromised.