Distributed Disk Services (DDS) - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

Distributed Disk Services (DDS) is a secure application that brokers communication between the OnBase clients and the file server storing the OnBase Disk Groups. It provides a single point of access for OnBase to the Disk Groups.


DDS can also be used in an environment that has an OnBase Application Server. See also, Server Access.

While standard file system access to the OnBase Disk Groups is secure, DDS provides an additional layer of security:

  • A secure port employs a single access point for OnBase file retrieval.

  • DDS file servers can be kept behind a firewall. The firewall only needs access to a secure port, avoiding UNC traffic.


    Distributed services require unrestricted bidirectional network access for User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) between the client and server on the specified port.

  • To protect documents from being intercepted in a data stream, the full contents of the data stream is encrypted.

  • When Windows permissions are configured properly, users cannot browse to files using Windows Explorer.

Additionally, with DDS there is no requirement to use shared UNC paths for each workstation to access the file server containing the OnBase Disk Groups. File system permissions to the OnBase Disk Group shares only need to be granted to the single user account configured to run DDS. This also means that adding and modifying user privileges on Document Types within OnBase does not require additional changes to network rights to the Disk Group locations.


For more information on configuring DDS, see the Distributed Disk Services module reference guide.