Salamander Status - Remote Access Overview

The Salamander Status Viewer now has the ability to communicate with our secure support API for enabling our support team to perform maintenance and provide support in a more convenient way.

Security Considerations

All commands are retrieved over HTTPS using a minimum level of TLS 1.2 encryption and authentication is performed by our support API to ensure that the request has come from your Status Viewer application.

Support access is only enabled when the Status Viewer is running and the Enable button has been clicked. The access will remain open as long as the Status Viewer application is not closed, and the duration of the session has not exceeded the duration selected when enabling the access.

The application must perform an initial secure registration with our support API after which the API will be able to advertise commands for the Status Viewer in a secure way that only your Status Viewer can access. Any responses to commands sent from the Status Viewer to the API are verified to have originated from your Status Viewer using asymmetrical encryption techniques. These techniques allow your Status Viewer to provide verification to the API of the origin of the request without the API knowing the private encryption key your Status Viewer is using.

The API does not persist any data exchanged during the course of a session and so no confidential data is kept by us after the session has ended. 

The communication to the API is always one-way from the Status Viewer. Each request to the API is verified using the public encryption key associated with your Status Viewer application which the API stores from the initial registration. The private encryption key is never sent to the API and so only the Status Viewer can produce the verification information that the API validates using the public key. If the public key is ever shared to a third party, they would not be able to use it to access any data or configuration information.

Registration

Before Support can be administered via the Status Viewer we must register your build with our new Support API. 

This step will likely be performed by the support team during the initial setup of the Status Viewer.

The first step is to run the Status Viewer application as an Administrator and select the Register button on the Support tab. This option won’t be available if the Status Viewer is already registered.

Upon pressing Register, you will be presented with a code. This code is random and will be different each time you press the Register button. You will need to give this code to a member of the support team and have them complete the registration with the API before the registration expires.

Once registration is completed the Support tab view will change to enable you to allow the support team to perform maintenance.

Enabling Support Access

To enable support access to your machine with a registered Status Viewer application, run the Status Viewer as an Administrator and select the Support tab.

Select the duration in the dropdown box and click Enable Support Access.
You will be asked to confirm this action before the session is enabled. 

 

The Status Viewer will now inform the API that it intends to securely check for tasks to perform from the API for the duration specified. It will also send up some initial information about the install such as names of workflows present, name of the school from the configuration file and loggers used.

Disabling Support Access

If at any point the application is closed or if you select Terminate Session, the Status Viewer will no longer be able to check for jobs to perform and support will no longer be able perform tasks on the machine. After a short period (around 10 seconds) the API will determine that the session has ended, and any data held regarding the session will be destroyed.

Copyright © 2020 SalamanderSoft Limited