The DDM Windows service
runs on a customer's application server computer and acts as an intermediary between the DDM web service
and the other customer-side components of the system.
It provides the following network services:
- Listens on UDP port 9600 and responds to broadcast packets (allows client applications to locate the DDM service)
- Accepts incoming connections on TCP port 9600 to provide services to client applications:
- Logon (including license checking)
- Communication between client applications
- Access to session tables
- Challenge (polls to determine concurrent users, terminates unresponsive/invalid connections)
- Accepts IPC connections from the DDM manager utility
- Regularly polls the web service to download and validate licenses
The service keeps a trusted, offline copy of product licenses to allow client applications to log in when Internet access is unavailable. If any attempt is made to tamper with these licenses, they will be invalidated. If the offline licenses exceed a certain age, they will also be invalidated.
The Windows service is solely responsible for communicating with the web service; all other customer-side components make their requests via the Windows service.
Application encryption keys
The Windows service is also responsible for managing the encryption key for each distributed application. Each client must request the key from the service before any sensitive data can be decrypted.
Encryption keys are specific to:
This ensures that other firms hosted on the same infrastructure cannot access each other's keys. Similarly, in cases where a customer has access to several databases, the key for each database is managed independently.
|Important: If encryption is used by a particular application, care must be taken to back up the key(s) separately and securely. If the Windows service is reinstalled or moved to another machine, the stored keys will no longer be accessible. Without proper backups, this could render the encrypted data permanently inaccessible.|