website logo
⌘K
πŸ›ΈOverview
Welcome
Security Overview
πŸš€Release Notes
Android
iOS
Desktop
Web Console
πŸ†•Getting Started
Installing Glacier Chat
Installing Glacier Dial
Logging into Glacier
Enabling 2FA
Enterprise device setup
πŸ”’Security
Data encryption
Client Server Protocols
Profile privacy
FileSafe Security
FilePin Security
External calling
πŸ›‘οΈGlacier Security Hub
Detections
πŸ’¬Glacier Chat
Send a message
File and media sharing
Message timers
Edit your profile
Status messages
Core connection
SMS messaging
Navigating Glacier Chat
Keeping Glacier up to date
Octopus Authenticator (MFA)
πŸ“žGlacier Dial
Making a call
Call options
Disable call history
Voicemail
πŸ‘©β€πŸ’»Web Console
Getting started
Managing users
Managing teams
πŸ’Troubleshooting and FAQs
Password recovery
Network troubleshooting
Message decryption issues
Calling issues
Viewing Crash Reports
Glacier is active notification
Docs powered byΒ archbeeΒ 

Client Server Protocols

3min

Client-Server Protocol

Glacier communicates with three different types of servers. To transport chat messages, access the directory and to download/upload encrypted media files, HTTPS/TLS is used.

Chat protocol: Transports the end-to-end encrypted incoming and outgoing messages between the client and the Glacier servers over TLS 1.3. User Authentication: The clients initially authenticate to the Glacier systems through an out-of-band authentication server. This data is encrypted in transit with TLS 1.3 and ECDHE. Data within the user authentication servers are encrypted at rest in accordance with industry standards. File Upload: The file upload servers are used for temporary storage of large media data (e.g. images, videos, audio recordings). Such media is not sent directly via the chat protocol.

Data at Rest

Glacier encrypts both the boot and data volumes of each Core server. The following types of data are encrypted:

  • Data at rest inside the volume
  • All data moving between the volume and the instance
  • All snapshots and backups created from the volume
  • All volumes created from those snapshots and backups

Glacier encrypts each volume with a data key using the industry-standard AES-256 algorithm. The data key is stored on-disk with the encrypted data. Data keys never appear on disk in plaintext. For more advanced configurations, organizations can also provide a customer managed CMK.

ο»ΏLearn more about Amazon Web Services Key Management Service.

Updated 07 Apr 2023
Did this page help you?
Yes
No
PREVIOUS
Data encryption
NEXT
Profile privacy
Docs powered byΒ archbeeΒ 
TABLE OF CONTENTS
Client-Server Protocol
Data at Rest