Anveo Server Security
The data between the Anveo Mobile App and the Anveo Server is transferred encrypted. This article describes the best way to configure security.
Self-Created SSL Certificate for Test Environments
Anveo offers the automatic creation of a self-created SSL certificate for an easy start. Therefore, for technical reasons, the Anveo Mobile App cannot check this for trustworthiness. This certificate may therefore only be used for test environments.
Trusted SSL Certificate for Live Environments
A trusted data connection requires the purchase of an SSL Certificate for a specific URL from an official Certificate Authority. The user of Microsoft Dynamics, his Microsoft partner or his IT service provider is responsible for this.
In order to check the trustworthiness, a complete Internet address “Full Qualified Domain Name” (FQDN) is required when logging on to the Anveo Server. No IP address may be used directly.
The Anveo server supports all encryption methods offered in the Microsoft .NET framework. Which encryption and which key strength is used is determined by the SSL certificate and is therefore not the responsibility of Anveo. This information is provided when the SSL Certificate is created. This is usually done by an IT administrator. It is important to follow current recommendations on the encryption procedure and key strength.
A too weak key could adversely affect security. The key used is specified in the Anveo Server configuration.
For security reasons, we recommend using the latest TLS version. The Anveo Server (version for .NET version 4.7.2) is designed to ask the Microsoft Windows Server for the TLS version to use. Thus, even if a newer TLS version is available, an existing Anveo Server is compatible with new versions without updating the Anveo Server. This is Microsoft’s recommended procedure.
Anveo Server .NET Version
Beginning with Anveo Mobile App version 10, we provide two Anveo Server versions: One supporting .NET version 4.7.2 and the other one is for .NET 2. We highly recommend to use the newer version as this version automatically supports the newest TLS version, if configured in Microsoft Windows Server. For compatibility reasons only, the old version is still available.
Configure TLS Version in Microsoft Windows Server
The TLS version is configured in the Windows Server Registry. Please contact your system administrator to set up this setting. Note that this setting is a server-side configuration and may affect other services and applications.
This is an external manual without guarantee for correctness and completeness. Configuration is carried out at the user’s own risk and is the responsibility of the infrastructure and therefore outside Anveo Support.
Compatibility with mobile devices
The encryption and TLS version used must also be supported by the mobile devices. If the strongest and latest version and encryption is used on the server side, the mobile devices must also be available and installed with the appropriate updates. This must be checked in a separate test system before activation.