Robin connects to Exchange using Microsoft's proprietary secure authentication protocol called "NTLM". The NTLM protocol allows us to store Exchange authentication credentials in a one-way encrypted fashion (called "hashing"), so that a user's Exchange password is never stored in raw plain-text. You can read more about how to set NTLM up in Exchange here.
Robin will connect to your on-premise Exchange service through the following IP addresses. Add them to your incoming connection whitelist to make sure the connection goes through successfully.
You can also match user agents containing "RobinAPI", which will appear similar to
For outgoing connections, you can whitelist against our DNS (e.g. *.robinpowered.com) which is signed via DNSSEC.
DNSSEC removes the need for specific IP address whitelist since the DNS record itself is secured and can be validated similar to an SSL certificate. You can confirm using this tool from Verisign.
What kind of data is synced?
Once an Exchange account is connected, the Robin cloud service will connect to your designated Exchange service and begin to synchronize its data with Robin. In doing so, a subset of your calendar events and their details will be saved to the Robin system. These details include event titles, descriptions, start and end dates/times, the specified location, and the list of attendees. We do not sync attachments.
Robin will then keep this data in sync with your Exchange service. Events booked through Robin will similarly synchronize the data back to your Exchange service, so that the Robin and connected Exchange services are 1-to-1.
How is connection information stored?
Robin accounts themselves never store any plain-text password information. Your Robin account password is similarly stored in a one-way encrypted fashion at time of registration by running your password through an industry-high-standard crypto-secure hashing algorithm called "bcrypt" with a crypto-secure randomly generated "salt".
Finally, Robin mobile and web applications always connect to the Robin web service through an encrypted, secure connection (SSL/TLS HTTPS) so that data in transfer between your phone or browser is not sent or received in plain-text. This prevents public or WiFi network "sniffers" from intercepting data in transit.
Robin is a hosted cloud service does not require any on-premise installation.