Skip to main content
Contact Support

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Code42 User Directory Sync server hardening

  1. Last updated
  2. Save as PDF

Overview

To integrate your Code42 cloud environment with a directory service, you must configure User Directory Sync. This means installing the User Directory Sync tool to a dedicated server within your organization's environment as well as configuring the Code42 console. For directions, see Configure Code42 User Directory Sync.

The steps below provide best practices for implementing additional layers of security when deploying this tool in your environment. 

Considerations

  • To successfully run the User Directory Sync on a dedicated host, the computer must meet system requirements
  • Ensure your User Directory Sync installation is upgraded to the latest version.
  • For help with User Directory Sync, contact your Customer Success Manager (CSM) to engage the Professional Services team.

Deployment options

Virtual server

You should deploy the Code42 User Directory Sync tool to a virtual server. Not only will this reduce your resources requirements, but then the tool is also abstracted from a physical machine. The virtualization hypervisor can be from any vendor so long as it supports:

  • Network-based communication
  • Java runtime
  • 64-bit execution environment

Physical server

If you cannot deploy the Code42 User Directory Sync tool to a virtual server, instead deploy to a stand-alone, dedicated, minimal-resource server. Deploy the Code42 User Directory Sync tool to a different server than your Active Directory or LDAP server. 

Networking

Inbound connections

This tool does not need to receive inbound connections from any service in order to run. As a result, inbound connections that are not necessary for management should be blocked using the operating system's firewall or a third party networking tool.

Outbound connections

The UDS tool will need to make outbound connections to Code42 and your directory server. Use encrypted ports whenever setting up these connections. The tool requires the following outbound connections are open: 

Port

Destination

443 (HTTPS)

 Code42 cloud
636 (LDAPS) Your directory server

Permissions

For any permission controls, follow the security principle of least privilege. This means that a person or process is given only the minimum level of access rights to complete an assigned operation. 

LDAP bind user

The directory bind user should have read-only permissions to your directory, specifically within the search base for your target set of users.

OS service user

The operating system user account that will run the Code42 User Directory Sync tool should be given lowest-level permissions possible. The tool does not require administrative privileges to run.

Remote access user

No other users should be able to remotely access this server (SSH or RDP) other than an admin if required.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Available in CrashPlan Cloud
    No
    Available in other/on-premises product plans
    No
    Available in Incydr Basic and Advanced
    Yes
    Available in Incydr Pro, Enterprise, and Horizon
    Yes
    Available in Instructor
    No
    Available in Code42 CrashPlan Premium
    Yes
    Available in Code42 CrashPlan Standard
    Yes
    Available in CrashPlan for Small Business
    No
    Stage
    Final
  2. Tags
    1. deployment
    2. LDAP
    3. UDS
    4. User directory sync