Log on Impersonation and Integrated Security

When the DS‑Client is installed and deployed on the Windows platform, it uses the Log on Impersonation feature. This feature allows DS‑Client to perform backup/restore activities under the security context of that particular user account. Several such activities can be performed simultaneously, each under a different (or the same) user account, connecting to a different (or the same) network resource. This feature is especially valuable (and sometimes even essential) when connecting to resources on a Microsoft Windows Network.


Log on Impersonation.	Microsoft Developer Network's definition of Impersonation is: "... the ability of a thread to execute in a security context different from that of the process that owns the thread ... [thereby allowing] ... the server thread to act on behalf of that [process] to access objects or validate access to its own objects." Log on impersonation is the DS‑Client's ability to run under a different security context for each backup set, as specified in the "Connect As" field (Sets Menu > Backup Sets > Properties > Share Tab).
Connecting with integrated security.	When the 'from' value is something other than <None> (e.g. represents a server or a domain), the DS‑Client will perform user account authentication and log on impersonation before connecting to the network resource. This allows the network server to see the incoming connection as if it were established by that user account. This is essential to successfully connect to network resources such as Microsoft SQL server and Microsoft Exchange server that use integrated security to validate user access.
Connecting without integrated security.	When the 'from' value is <None>, the DS‑Client performs log on impersonation of the user account under which the DS‑Client service is running (this is necessary to allow simultaneous connections to the same network server). Then, the DS‑Client connects to the network resource with the supplied credentials.