Security [FAQ]

 Area:Installation / Configuration

Are there any differences between the reports generated by a deployed SELECTserver and those transmitted to Bentley?

The reports are essentially the same, although no proprietary account information is transmitted from the account to Bentley's Web Services. Instead, machine or user names generally viewable from an account's administrative pages are replaced by hashed values using a multi-pass, one-way encryption (SHA1) technique. This one-way hash provides a means for Bentley to uniquely identify a machine or a user. An encrypted machine or user name cannot be reverse engineered to produce its original name.

Does SELECTserver perform any encryption on network transmissions or data?

SELECTserver obscures machine and user names in the processing of transmitted reports to Bentley, but does no other encryption on any other data. SELECTserver relies on Microsoft IIS and SSL to encrypt network transmissions. All network communications are standard network protocols and, as such, can be routed through any standard network security mechanism.

What information is transmitted by a client to SELECTserver?

The following attributes are communicated by client machines to Bentley's hosted SELECTserver (i.e. or to a deployed SELECTserver:

What information is transmitted by a deployed SELECTserver to Bentley?

There is no proprietary or personal information in usage data transmitted to Bentley. SELECTserver supports the Secure Socket Layer (SSL), so all transmissions are configurable to be secure. Communications
License Request for a Deployed SELECTserver

Usage Data reported from Deployed SELECTserver

Note: The machine and user names are hashed to provide only unique identifiers for both to Bentley.

What network protocols will be used, and what ports will need to be open?

SELECTserver uses HTTP and HTTPS.

The Bentley applications do not determine the internet communication ports. By default the ports are 80 ( normal internet traffic) and 443 (Secure Socket Layer “SSL). These ports can be different but if they are please check with your IT department. That would be an internal configuration and it is not controlled by the SELECTServer application.

The information below defines the specific Bentley communication sites. At worst case the IT team will be able to make exceptions for the Bentley site or just TRUST *

Connecting to the Bentley servers through Firewalls and Proxy Servers  

What Bentley (DNS) domains does my deployed (i.e. in-house) SELECTserver need to have access to?
(for SELECTserver or earlier) (for SELECTserver Gateway only)

What Bentley (DNS) domains must be accessible to access Bentley's hosted SELECTserver (i.e. SELECTserver Online)?

What is the IP address for SELECTserver Online?

Previously, SELECTserver supported a static IP address.  That is no longer possible, so it is recommended to avoid defining firewall rules based on IP Address.

What port does the SELECTserver Gateway use for communication with clients?

The SELECTserver Gateway still uses a proprietary protocol on port 3998 to communicate with pre-XM applications.

In all cases Bentley applications will initiate the communications with the SELECTserver. Data flows from the client machine to SELECTserver; from SELECTserver it is summarized and usage logs are transmitted via secure web services to Bentley.

Who has access to the administrative pages for my company's Sites on SELECTserver Online?

Only those SELECT Online subscribers who have "License Administration Rights", as defined by Bentley's CRM system, have access to the administration pages of their site(s) on SELECTserver OnLine.

Does Bentley remotely access SELECTservers at a user's site?

No, all communication between a deployed SELECTserver and Bentley's Web Services are controlled by the account.

Can I obtain a fail-over license to prevent against catastrophe?

There will be no need to replace redundant licenses that have been issued for the purposes of fail-over or redundancy. SELECTserver is built on standard Microsoft technologies that are well-suited for clustering or other techniques used to safeguard application servers. In addition, because of the implementation of TRUST licensing SELECTserver is no longer a real-time license server, so if a connection is lost, licensed applications are still able to run in full-functioning "disconnected" mode for up to 30 days until service is restored.

I can't connect my SELECTserver to the Internet! How do I manually transmit my usage logs to and update my license from Bentley?

SELECTserver includes alternate, manual procedures for transmitting usage reports to Bentley and downloading license updates. You must set SELECTserver to transmit application usage logs manually on the Server Settings administrative page. Logs need to be prepared and sent to Bentley monthly in order to keep SELECTserver activated. A number of alternatives exist for transmitting the reports, including:

* Upload the file(s) via the web
* Email the file(s)
* Mail the files on CD to Bentley

An Acknowledgment File will need to be processed each time a report is transmitted in order to reset SELECTserver.

See Also

Bentley Cloud Services Portal and CONNECTION Client FAQ

Other Language Sources


 Original Author:Bentley Technical Support Group