First Look Review: CADVault2 Oct, 2006 By: Patrick Davis
Highly recommended tool secures both graphical and nongraphical elements in AutoCAD drawings.
As more companies share digital assets, digital rights management has become increasingly important. CADVault by CADLock is a digital rights management system that enables you to secure part or all of an AutoCAD drawing, yet still allows the recipients of your drawing to view and print it.
CADVault works by creating vault objects. Vault objects are custom AutoCAD objects that behave similarly to a block. When you create a new vault, you define a selection set of objects to be secured in the vault. Like a block, a vault object displays an image of the objects it contains. If you have the key (or
Why do you need CADVault when you could use AutoCAD's SecurityOptions command or just send a DWF or PDF? First, AutoCAD's SecurityOptions command either allows or denies access to opening the file. If the user has the password, they have full viewing and editing capabilities. There is no method to secure the objects in the drawing without restricting access to the drawing. Second, neither DWF nor PDF is a secure file format -- both can be easily converted to AutoCAD or DXF files using third-party utilities. Third, you might need to send a DWG file to someone, but you want to restrict them from editing the entire drawing or portions of the drawing.
You might also want to consider using CADVault if your company has invested time and money in creating a unique symbols library. CADVault will allow you to share drawings that contain those symbols, but prohibit anyone from using those symbols without your consent.
Installation and Tools
CADVault is very simple to install and use. After the installation, a pull-down menu and toolbar are added to AutoCAD. A wizard steps you through the process of securing a drawing. It is a straight-forward process, but the few minutes to complete the tutorial is definitely time well spent.
A CADVault wizard walks you through the process of creating a new vault.
CADVault provides various tools that allow you to restrict the use of certain AutoCAD functions or specify portions of the drawing that are not editable. You define the selection set -- a custom selection set, all objects in the drawing, the entire model or paper space objects. You then can filter the selection set further by layers.
You can define group permissions, called roles, which allow differing levels of access to different recipients, including anonymous users. You can allow permissions for viewing, copying, transforming, measuring, printing, resurrecting, nesting and adding a countersignature. Viewing is only permitted for anonymous users if you specifically authorize it. You may also include additional options that allow you to add your name, contact information and a copyright or other type of notice to your drawing. You can even create a user agreement, define an expiration date and add digital signatures. The digital signature option also supports the ability to create countersignatures that you could use for approval purposes.
Using CADVault, you can assign permissions for anonymous users.
CADVault allows you to choose between Shallow and Deep vault types. With the Shallow vault, secured content still refers to host drawing symbol table objects such as layers, linetypes and block definitions. The Deep vault secured content includes copies of all referenced symbol tables and dictionaries from the host drawing, and no links to the host remain. With the Deep vault, recipients have less control over the appearance of the drawing. Deep vault prevents the recipients from doing things such as changing colors or pen weights.
After you have set the available options in the wizard, CADVault begins to secure the drawing based on your selected settings. Depending on the number of objects in your drawing, the process of securing a drawing can take several minutes. Opening secured drawings takes additional time. For my testing, I secured all the sample drawings in the \SAMPLE folder of my AutoCAD 2007 installation. On average, it took only a few seconds to secure each drawing. Opening a secured file took about 1.25 times longer than opening the same unsecured file.
CADVault works within the AutoCAD drawing. As a result, the software does not have a batch processing option. If you wanted to secure multiple drawings at once, CADVault does have an ActiveX API (Application Programming Interface) that you could use to create a program to automate the task of creating vaults. The API is not documented in the release I tested, but it is supported. AutoLISP and VBA examples are included in the \CADVAULT FOR AUTOCAD\SAMPLES folder. CADVault also provides a method that allows you to set defaults for all the vault creation parameters that don't change from vault to vault.
Because CADVault creates custom AutoCAD objects, any computer accessing a secured drawing should have a CADVault object enabler installed. The object enabler is available free on CADLock's Web site. Without the object enabler installed, the drawing is still secured but the vault object becomes an AutoCAD proxy object. With the object enabler installed, users can access the secured drawing file and a CADVault Open Vault wizard will appear. This Open Vault wizard provides the recipient with information about the originator of the vault, contact information and available roles.
CADVault's Open Vault wizard.
CADVault provides four proxy object display modes. The Actual mode displays a graphic primitive of the secured objects. When the Actual display mode is used, recipients who do not have the CADVault Runtime installed can still view and plot the secured content. There is also a Blank option that displays nothing, Vault Name that displays the name of the vault and the Logo option that displays the CADVault logo.
If you have authorized your installation of CADVault, you are warned to make a safe backup of your master key should you lose a user key. If you are the CAD manager, then all vaults created by any instances of your authorized installation of CADVault will have a master role that can be enabled with this saved master key. If any user loses his or her user key (for example, a hard drive crash requires a complete reinstallation of the operating system), then the master key is the only way to extract the vault contents.
It is important to note that the private key component of the master key never leaves the local computer during the authorization process. During the authorization process, the CADVault authorization servers receive only the public key component, which they digitally sign and return (and this signed public key then becomes the license certificate). Furthermore, the private key component of the master key is only stored on the local computer until it is successfully exported to a password-protected file. As soon as it is exported, all traces of the private key component are removed from the local computer. The moral of the story is that the exported file is the only copy of the master key in existence at that point, and there is no practical way of recovering the private key component of the master key if it is lost.
CADLock recommends that you safely archive the original unsecured copies of all AutoCAD drawing files. It is generally desirable for trusted users to work on an unsecured version of the drawing file, if for no other reason than because working on the unsecured file is slightly faster in AutoCAD. CADLock recommends using unsecured versions of all drawing files in a safe zone of trusted users and creating a secured copy of the original file only when sending to parties outside the safe zone or when archiving a snapshot of the drawing at a certain point in time.
For example, in an average small architectural or engineering firm, the safe zone could include all employees of the firm's design department -- so this recommendation translates into keeping unsecured versions of the drawing files in a network area accessible only by engineers, designers and drafters, who would use these files for most day-to-day tasks. Secured versions would be made only when distributing a drawing file to an outside party such as a consultant or contractor (or perhaps a salesperson in a different department). When files are managed this way, it is virtually impossible for lost keys to present any real problem, but even in this case, it is always possible to fall back on the master key.
CADVault currently supports AutoCAD 2000-2007 and AutoCAD LT 2000-2007. CADVault does not officially support any of the AutoCAD verticals such as ADT (Architectural Desktop) or AutoCAD Mechanical. However, I used CADVault to secure portions of several ADT drawings with some success. I was unable to determine if the failures were with CADVault or my installation of ADT. Although CADVault does not support the verticals, a spokesman for CADLock did report that some ADT users are able to use CADVault successfully. If you use an AutoCAD vertical, I recommend downloading the demo to ensure that it works properly with your application.
CADVault is an excellent tool for securing AutoCAD drawings. It provides an effective method for securing part or all of a drawing while maintaining an option for the recipient to view and print secured drawing objects. CADVault is easy to use, and I found the product support exceptional. CADVault could be improved with a batch processing method that would allow nonprogrammers to process multiple drawings. Highly Recommended.