cynapspro Server and Database
The cynapspro server is responsible for managing all DevicePro clients. The Cynapspro server can be installed on any available physical or virtual server (or even a Windows XP Professional system) in your network environment. For large environments or in order to have a backup, devicepro can be installed on several servers that replicate each other.
All records are stored in a SQL database (and managed by the cynapspro server.

Distributed Environments
Several mutually replicating cynapspro servers provide load balancing capabilities in enterprise environments.
cynapspro Agent Installation and Update. The Administration Console enables you to create an MSI-package which can be rolled out to all clients using the usual software distribution mechanisms or AD policies. Once installed, the agent will automatically receive updates from the cynapspro server.

LDAP Integration
The directory structure of your existing MS Active Directory or Novell eDirectory is synchronized by the cynapspro server and a local copy will be maintained in the database. No LDAP schema extensions to MS Active Directory or Novell eDirectory are needed. cynapspro only creates a local copy of the structure, which will be updated either on a schedule or on an ad hoc basis. All it takes is a user account with read-only permissions to the AD.

Real-Time Management
The cynapspro® client server architecture is based on a real-time solution without group policies and schema extensions. All changes to access permissions will be immediately pushed out to the clients and stored in the cynapspro database. Users don’t need to restart their machines or even connect to the company network in order to upgrade their usage rights. Just consider the manufacturing sector, which requires uninterrupted processes (production lines or the like), where changing the logged on user or even a restart is simply not an option. cynapspro is the right solution for these workplaces, as it ensures that IT management guidelines are implemented and that there are no security risks.

Minimal Network Load
All changes, such as the allocation of access permissions, updates to application white lists or encryption policies, become effective immediately using “Push and Pull” technologies. Whenever changes in the settings are transmitted, only those computers and users directly affected by the changes will be notified. In addition, only the changed data is transferred. Other solutions, which use 'Polling intervals' (regular queries from Client to Server in order to check for updates) can cause unnecessary network load which may impact system performance and affect the user in his daily work.

Multi-Tenancy
Each administrator can be assigned to his administration area. All directory elements, such as OU, Groups, Users, can be used to define access and responsibilities. In addition, flexible administrative roles can be defined, i.e. specifying which administrator can perform which functions for which users. For example, an administrator may have full access and control with regard to in his office in New York, read access to the parent OU United States but no rights to make any changes, and full access to functions and reports for the Mexican subsidiary he manages. Many tasks may thus be delegated to the help desk or the service office without any security risk.

Unattended Installation and Administration
In a large, highly distributed environment, it is not always possible to simply start a console and make changes. Both the installation and the main administrative functions can be executed using script files.

Secure Kernel Driver Technology
The secure cynapspro® kernel driver technology is loaded into the operating system during the boot sequence and thus ensures that the service running on the client is not visible to the end user. It can only be stopped or uninstalled by an authorized Administrator.

Secure and efficient Communication
The communication between server and clients uses XML – RPS (optional encryption). All passwords and encryption keys are encrypted (RSA 1024 Bit) without exception.
The cynapspro agent communicates all rights changes made in the management console and takes over complete communications between the server, the kernel driver and, if necessary, with the user. The cynapspro agents use a Push/Pull process to communicate with the server, which ensures that all changes are transferred immediately. There is no client polling, which significantly reduces the network load. Only the machines of those users, whose access rights have been changed, will be contacted and updated.

Secure Permission Management
Permissions to external devices and applications will be controlled by the kernel driver. Systems that are disconnected from the network can receive changes to access permissions via a secure TAN.

Sophisticated Rights Management
Rights Management can be user centered, machine centered or a combination of both. Flexible inheritance structures allow the transfer of group rights to users and the exemption of individual users or devices. Permissions may be assigned to Active Directory Groups that are automatically synchronized or to individually generated groups, which substantially reduces the management overhead. In addition, user permissions may be defined for different scenarios, i.e. users may have different online or offline rights.

Content Header Filter
In addition to devices or ports, transmission of data can be allowed or blocked according on file types, file names or size. By filtering Content Header, cynapspro ensures that rules cannot be bypassed by a simple change of the file ending.

Complete Offline Support
Even disconnected systems remain manageable. Unblocking codes can be uses to temporarily or permanently change user rights. CryptionPro Mobile allows the encryption and decryption of data on mobile devices anytime and anywhere, e.g. when working from unmanaged computers.

Integration into 3rd Party Applications
The XML interface allows the allocation of access permissions from an existing customer Helpdesk or Service Desk implementation in a fully automated way, leveraging existing processes, approval workflows, notifications and management reports. There will be no need for service desk workers to use an additional console.