Skip to main content

 

Druva Documentation

inSync AD/LDAP Connector FAQs

inSync Cloud Editions: File:/tick.png Elite Plus File:/tick.png Elite File:/cross.png Enterprise File:/tick.png Business

Answers

When do I use an inSync Connector?

The inSync inSync Connector enables you to integrate your organization’s Active Directory (AD) with inSync and automate the following tasks:

  • Create and manage users on inSync. (This is applicable only for user import.)
  • On-boarding users with AD/LDAP Mapping
    • Real-time import and automated, periodic import
    • Optional notifications to users
  • Real-time, automated, and periodic off-boarding users with AD/LDAP Mapping
  • Allow users to use their AD/LDAP credentials for logging on to inSync Web
  • Manually activate devices by using the user's AD/LDAP credentials
  • Activation of device by using Integrated Mass Deployment.

How do I set up an inSync Connector?

You can install the inSync inSync Connector on any Windows computer within your organization’s firewall. You must ensure that the inSync Connector can connect to the AD/LDAP and to inSync Cloud.

AD2_TLS.png

As the diagram illustrates, after the inSync Connector installation, the connection between the inSync Connector and inSync Cloud will be a persistent one. However, the inSync Connector will connect to the AD/LDAP Server only when required.

For detailed instructions on how to download, install, and configure the inSync Connector, see Registering an Active Directory.

Which ports does the inSync Connector use?

The following table lists the ports that the inSync Connector uses.

Port Number Used By

443

inSync Connector with inSync Cloud.

Note: If you do not want to use port 443, you can configure other available ports. For more information, contact Druva Support.

389

(Internal port)

LDAP

3268   

(Internal port)

LDAP on global catalog

636   

(Internal port)

Secure LDAP

3269   

(Internal port)

Secure LDAP on global catalog

Can I configure any other port for communication between inSync Connector and inSync Cloud?

Yes. Any of the following available ports can be configured for communication between inSync Connector with inSync Cloud, instead of the default port 443.

  • 80
  • 6061

To change your configuration, contact Druva Support.

Why am I asked for access details of my AD/LDAP Server?

To be able to create inSync users and authenticate users on inSync Web, inSync Cloud must be able to send certain queries and fetch the required information from your AD/LDAP Server. Therefore, it requires read-only access details for the AD/LDAP Server. The access details are used by the inSync inSync Connector to fetch the requisite details from your AD/LDAP Server. It cannot make any changes to your AD/LDAP.

You can check the logs on your AD/LDAP to verify the queries sent by inSync Cloud.

Can others access my AD/LDAP Server information?

No. Any information that you provide on inSync Cloud is protected by the enterprise-grade security features of inSync.  By proper compartmentalization and encryption using 256 AES encryption keys, we create a virtual private cloud for each of our customers. In addition, by using 2-factor encryption key management and authentication, we make it impossible for anybody except you to access your information.

 

For more information on inSync’s enterprise-class security features, see the white paper on Druva inSync Security.

Will the inSync Connector stay connected with my AD/LDAP Server?

No. The inSync inSync Connector connects with the AD/LDAP Server only when required. The different use cases for the inSync Connector are as follows.

  • During AD/LDAP Mapping creation: You must create AD/LDAP Mapping if you want to create inSync users by importing their details from the AD/LDAP Server. When creating AD/LDAP Mapping, inSync Cloud queries the AD/LDAP server to retrieve the name of the Base DN, Organizational Units, and Groups. The inSync Connector facilitates the communication. For information on creating AD/LDAP Mapping, refer to Creating an AD/LDAP Mapping.
  • When importing user details: When you are creating users by importing their details from the AD/LDAP Server, inSync Cloud fetches the user details from the AD/LDAP Server. The communication is facilitated by the inSync Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the inSync Connector once every 24 hours by default. For more information importing user details from AD/LDAP, refer to Adding a group of users by importing details from an Active Directory.
  • When manually activating the inSync Client: When you activate the inSync Client manually by using AD/LDAP credentials, inSync Cloud will send a verification request to the AD/LDAP Server through the inSync Connector.
  • When authenticating users on inSync Web: If a user, who is configured to use his AD/LDAP credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD/LDAP Server through the inSync Connector.
  • When activating device by using the Integrated Mass Deployment (IMD) feature - When device activation is performed through IMD, inSync Cloud fetches the user details from the AD/LDAP Server through inSync Connector.

What type of data will inSync Cloud fetch from my Active Directory?

The following table explains the type of data will be fetched from your AD/LDAP for each use case. It also explains the data size and the observed frequency for each use case.

Use Case

Data fetched

Data size

Frequency

During AD/LDAP Mapping creation

Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD/LDAP to fetch these details.

Negligible.

Creation of AD/LDAP Mapping is generally a one-time activity

When importing user details

Email, department, country code, common name, logon name of the user.

Approx. 1 MB for 10,000 users

For periodic imports, one query every 24 hours by default.

When activating inSync Client during the mass deployment process

If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user.

Negligible

One query for each user.

When authenticating users on inSync Web

Verification for password match.

Negligible

Rare

How secure is my data?

The following diagram explains the data flow between the inSync Cloud, inSync Connector, and the AD/LDAP Server.

As illustrated in the diagram:

  • All communication between the inSync Cloud and the inSync Connector are encrypted using TLS.
  • All communication between the inSync Connector and the AD/LDAP Server are protected because they are happening inside your organization’s firewall.
  • All communication between the inSync Connector and the AD/LDAP Server can be encrypted if you are using LDAPS for your AD/LDAP Server.

Is my AD/LDAP server data stored anywhere?

The following table explains when and where the data fetched from your AD/LDAP Server will be stored.

Use Case

Data fetched

Where data is stored

During AD/LDAP Mapping creation

Names of the Base DN, Organizational Units, and Groups. Three queries are sent to the AD/LDAP to fetch these details.

Data is encrypted using AES-256 and stored on inSync Cloud.

When importing user details

Email, department, country code, common name, and logon name of the user.

Data is encrypted using AES-256 and stored on inSync Cloud.

When activating inSync Client during the mass deployment process

If user has not been created at the time of activation, group information, email, department, country code, common name, and logon name of the user.

Data is encrypted using AES-256 and stored on inSync Cloud.

When authenticating users on inSync Web

Verification for password match.

Not stored.

What is the process for a manual user device activation by using the AD/LDAP credentials?

The following diagram illustrates the process for a manual user device activation by using AD/LDAP credentials.

 

What is the process for the integrated mass deployment (IMD) user device activation?

The following diagram illustrates the process for the IMD user device activation.

Go to top

What happens if I stop the inSync Connector service?

As explained earlier, there are very few use cases for an inSync Connector. Only those use cases will be affected if you stop the inSync Connector service. The inSync Connector does not have any impact on backups to and restores from inSync Cloud.

Stopping the inSync Connector will have the following impact:

  • Users will not be able to log on to inSync Web.
  • If you are activating a user device manually for users who are using AD/LDAP authentication, the inSync client will not be activated because the authentication fails.
  • If you are activating a user device by using the Integrated Mass Deployment (IMD) feature, inSync Client activation will fail, because inSync Cloud will not be able to access AD/LDAP Server to fetch the user details.

Where do I see the current status of inSync Connector service?

To view the current status of inSync Connector service

  1. Log on to inSync Master Console.
  2. On the Admin Console menu bar, click 2.png > Settings.
    The Settings page appears.
  3. Click the AD/LDAP Accounts tab. You can view the current status of inSync Connector service.

 

  • Was this article helpful?