System Security

Some companies using proxy servers that restrict access to some sites may also block PlanetTogether.

Exceptions should be created for PlanetTogether URLs such as:

http://[server name]:[port]/ServerManager.soap
http://[server name]:[port]/PTBroadcaster.soap
http://[server name]:[port]/PTInterface.soap
http://[server name]:[port]/UpdateFileManager.soap

Additionally, the following measures should be taken to avoid security conflicts:

  • On the Server
    • Allow incoming and outgoing PlanetTogether communication through the firewall. Ports 7991 and say 8001 through 8020 (for 4 instances). Note: Port 7991 is the most secure port to use. 
    • Administrator rights for installing ServerManager and Enterprise Client are required.
    • Administrator rights are also required for using the Enterprise Client.
  • On the Clients
    • Allow incoming and outgoing PlanetTogether communication through the local firewall.
    • Note: The Clients are installed in the user's directory, so no permission changes are required.
  • General
    • Allow communication through any proxy servers.
    • Depending on settings, may need to be added to trusted zones.
    • Internet Options --> Internet Security --> .NET reliant component --> Run components signed with Authenticode should be enabled.

Note: Port 7990 is hosted if the "Enable Compatibility Connections" is checked in the instance manager. However, this port should not be used for new installations. Port 7991 is the most secure port. 

User-Related Security

Although the different user types automatically lock certain features based on their level of scenario access, the following options can be assigned to the users regardless of scenario access:

  • Control:
    • Administrator: This user can maintain users and permissions. 
    • Scenario Access Level: Master Scheduler, View All, ViewPublished, etc.
  • Scheduling:
    • Can Lock: This user can lock and un-lock jobs. 
    • Can Anchor: This user can anchor and un-anchor jobs.
    • Can Expedite: This user can expedite jobs. 
    • Can Change Job Status: Marks the user for future deletion.
    • Can Hold Jobs: This user can hold and un-hold jobs. 
    • Can reserve CTPs in Live Scenario: This user can create CTPs with reservations in the Live scenarios. In addition, all users with What-If access can create What-If CTOs and reserve CTPs in What-If scenarios.
    • Can Reschedule Purchases: This user can reschedule purchases using the Dock Schedule Board.
    • Can Schedule Plant: This will affect UI actions and visibility.
    • Can View Jobs: If not enabled, this will hide jobs from this plant from the jobs grid and the activity grid.
    • Can View Inventory: If not enabled, this will hide inventory from the inventory plant and CTP. 
    • Can Set Priorities: Permits changing of priorities for jobs, manufacturing orders, and customers.
  • Data:
    • Can Undo ERP Actions: If true, then ERP actions can be undone and redone by the user. 
    • Can Maintain Forecasts: Permits access to forecast functions. 
    • Can Maintain Jobs: Permits access to job maintenance functions. 
    • Can Maintain Resources: Permits access to maintenance functions for plants, resources, calendars, cells, and capabilities. 
    • Can Maintain Inventory: Allows access to purchase orders, sales orders, and the items grid.
    • Can Maintain Scenarios: Allows converting scenarios to the Live scenario, managing system-wide options, and viewing certain logs. 
    • Can Maintain Interface: Permits access to the Interface Wizard to modify interface settings. 
    • Can Maintain Customers: Permits access to customer maintenance functions. 
    • Can Run Interface: Permits execution of the interface to import data. 

Connection String Security

In Instance Manager Versions 12.0.50 and later, connection strings are not shown in plain text to avoid displaying the database password.

The connection string can be created and edited but will not be displayed.

PlanetTogether to Database Encryption

The SQL Server encryption settings are used for communicating to SQL Server if 'Encrypt' is checked in the Connection String Builder.


Passwords can be set for users when they log into the client portal. These are case-sensitive and only required if they have been entered for the specific user. Any number of failed login attempts is permitted.

Note: Password saving can be disabled for increased security. To do this:

  1. Open the instance manager settings. Then, go to the "Clients" tab.
  2. In the Active Directory section, uncheck the "Allow Password saving" checkbox.


  1. Set "AllowPasswordSaving" to "false" in the Client.exe.config file stored in the Program Data files on the Server. (Setting it locally will only work temporarily until the next client session when the Client Updater overwrites the local file.)
  2. Restart the Client Updater Service on the Server so that the updated config file is loaded into memory. Failing to do so will cause the old settings to continue to be used by clients. 

Password Reset

Users can reset their own passwords by selecting "Reset My Password" from the user drop-down menu in the upper-right corner of the main screen. 


Administrators can also require the following regarding passwords:

  • Require Passwords To Be Changed Periodically: If enabled, password changes will occur at the specified time interval.
  • Password Complexity Configuration: This option allows you to enable the password complexity rules and configure the preferred level of complexity for user passwords. The configuration options allow you to set a password length and specify whether users require uppercase letters, lowercase letters, digits, and/or special characters.
  • Maximum Number of Failed Login Attempts: This specified the number of times a user can enter an incorrect password before they get locked out. There is no time factor to the failed attempts, and an administrator can unlock a user if they accidentally get locked out.
  • Auto Logoff Users: If enabled, users who have been inactive for the amount of time specified in the 'Auto Logoff Timeout' field will be logged off.
    • Auto Logoff Timeout: Admins can specify the number of minutes users must be inactive for before logging off. Inactive users will receive a message that they are being signed out due to inactivity and can decide to remain logged in.
    • The Timeout Period is reset when the user changes tabs, acts (Clock Advance, Import, Publish, Optimize, MRP, etc.), or another action that causes a popup window to open.

Note: These User Security settings can be found in Settings | System Options | User Security.

  • Require Password Reset at Next Login: When new users are created, an administrator can check this box in the user dialog to require that they reset their password on their next login. 

User Windows Authentication 

Logging in with windows credentials can also increase the security of the system.


  • Select the "Use Active Directory" checkbox on the client login window. 
  • Specify the Active Directory Type:
    • Specify Credentials: This option allows you to log in with any valid user account.
    • Use Current Credentials: This option will use the account currently logged in. 

Note: To use the active directory, go to the Clients tab of the instance manager setting and check the "Use Active Directory" checkbox. The default is set to deny (the box is unchecked).