Website logo
⌘K
🛸Overview
Welcome
Security Overview
🚀Release Notes
Android
iOS
Desktop (Beta)
Web Console
🆕Getting Started
Installing Glacier Chat
Installing Glacier Dial
Logging into Glacier
Enabling 2FA
Enterprise device setup
🔒Security
Data encryption
Client Server Protocols
Profile privacy
FileSafe Security
FilePin Security
External calling and SMS
🛡️Glacier Security Hub
Detections
Core connection
Secure DNS (Beta)
💬Glacier Chat
Send a message
File and media sharing
Message timers
Edit your profile
Status messages
Navigating Glacier Chat
Keeping Glacier up to date
Octopus Authenticator (MFA)
📲Glacier Phone (Beta)
What is Glacier Phone?
Managing Numbers
Making a call
SMS messaging
📞Glacier Dial
Making a call
Call options
Disable call history
Voicemail
👩‍💻Web Console
Getting started
Managing users
Managing teams
💁Troubleshooting and FAQs
Password recovery
Network troubleshooting
Message decryption issues
Calling issues
Viewing Crash Reports
Glacier is active notification
Docs powered by Archbee
Security

Client Server Protocols

2min

Client-Server Protocol

Glacier communicates with three different types of servers. To transport chat messages, access the directory and to download/upload encrypted media files, HTTPS/TLS is used.

Chat protocol: Transports the end-to-end encrypted incoming and outgoing messages between the client and the Glacier servers over TLS 1.3. User Authentication: The clients initially authenticate to the Glacier systems through an out-of-band authentication server. This data is encrypted in transit with TLS 1.3 and ECDHE. Data within the user authentication servers are encrypted at rest in accordance with industry standards. File Upload: The file upload servers are used for temporary storage of large media data (e.g. images, videos, audio recordings). Such media is not sent directly via the chat protocol.

Data at Rest

Glacier encrypts both the boot and data volumes of each Core server. The following types of data are encrypted:

  • Data at rest inside the volume
  • All data moving between the volume and the instance
  • All snapshots and backups created from the volume
  • All volumes created from those snapshots and backups

Glacier encrypts each volume with a data key using the industry-standard AES-256 algorithm. The data key is stored on-disk with the encrypted data. Data keys never appear on disk in plaintext. For more advanced configurations, organizations can also provide a customer managed CMK.

Learn more about Amazon Web Services Key Management Service.

Updated 07 Apr 2023
Did this page help you?
PREVIOUS
Data encryption
NEXT
Profile privacy
Docs powered by Archbee
TABLE OF CONTENTS
Client-Server Protocol
Data at Rest
Docs powered by Archbee