Introduction, Scope, and Purpose
Worldwide, a large and growing number of businesses and government agencies rely on ScreenMeet Support Software-as-a-Service (SaaS) to streamline business processes for customer support.
ScreenMeet Support makes security the top priority in the design, deployment, and maintenance of our network, platform, and applications. Consequently, ScreenMeet Support is prepared to operate in even the most stringent and secure computing environments.
Understanding the security and design parameters of ScreenMeet Support and the underlying communications infrastructure is an important component.
The following document provides detailed information on the security infrastructure for ScreenMeet Support support sessions from the agent browser, to the cloud infrastructure, and to the end-user desktop. In addition, it describes the oauth process as well as data storage and retention policies.
In accordance with best security and functionality practices, please ensure your network is configured properly, and install and maintain the most up-to-date version of your browser and OS.
Network Configuration
Important: In order to ensure Screenmeet/ScreenMeet Remote Assist works per specification, the following network configurations are needed:
-Whitelist “*.screenmeet.com” and “*.scrn.mt” for port 443 via TCP and UDP
You may check your network configuration with our validation tool available here.
Supported Browsers (Agent)
ScreenMeet Support supports the following browsers and versions for Agent use in support sessions:
Chrome: 72+
Firefox: 65+
Edge: 17+
Safari: 12+
Supported OS (User)
The ScreenMeet Support client supports the following OS and versions on end user devices:
Windows: 7, 8 , 10, 10S
MacOS: 10.10+
Linux: Ubuntu 18.04.3+, Redhat 7.6+
iOS: 12.3.x+
Android: 5.0+
Windows Server: Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
ScreenMeet Support Cloud Infrastructure
Globally deployed across multiple cloud hosting providers, ScreenMeet Support uses docker for simple and scalable deployment operations.
Least Busy Architecture
ScreenMeet Support is designed to utilize the scalability and geographic distribution of its architecture. This means that as Edge servers are brought on-line, the multitenant ScreenMeet Support architecture scales logically. Sessions are assigned to the geo-located least busy resource. Session data from the end-user’s device is routed to the agent’s browser instantly across this architecture and deleted promptly after transmission.
Data Centers
ScreenMeet Support uses standard server instances across multiple cloud providers. ScreenMeet Support is hosted in AWS data centers around the world in North America, Europe, Asia, India, and Australia. ScreenMeet Support does not have physical access to these sites.
Remote Access Policy
ScreenMeet Support maintains a process for remote access which is a privileged access management solution on systems containing customer assets. ScreenMeet Support access management solution includes:
- Encryption of authentication credentials when stored or transmitted at all times
- Passwords for user-level accounts are not shared between multiple individuals
- Passwords are changed immediately whenever it is believed that an account may have been compromised
- Passwords are not communicated via email messages or other forms of electronic communication, other than one-time use passwords
- Passwords for individual user accounts are not given to, or shared with, someone other than the account owner
- A user’s identity is verified before their password is reset and an email is sent to notify the user that their password was reset
- Procedures exist for tracking and provisioning privileged accounts
- Procedures exist for prompt notification or termination of access or rights in response to organization change
Data Security/Encryption
All data throughout operation of the ScreenMeet Support application is SSL encrypted using TLS 1.2 transport security with AES-256-bit encryption. This covers all data transmitted from the remote device to our web servers and from our web servers to the Agent browser and conversely.
Further, each session is assigned a unique, 1 time key used to bridge the gap between the Agent and the end user. Finally, on PCs, the application auto-deletes after each session so there is no possibility for further access without the end users’ consent and intent.
During a ScreenMeet Support session, data is temporarily written to memory, then sent to the remote Agent’s browser and then deleted. No data is permanently stored or retained on the end user or Agent’s device.
Encryption Key Management
ScreenMeet Support's strong encryption key management practices include:
- Equipment used to generate, store, and archive cryptographic keys is physically protected
- ScreenMeet Support has standards and procedures in place to support all aspects of the key management policy (including recovery, backup, and destroying of keys)
Transport Layer Security
All session data is transported as SSL encrypted using TLS 1.2 transport security with AES-256-bit encryption. Rather than using firewall port 80 (standard HTTP Internet traffic) to pass through the firewall, ScreenMeet Support uses firewall port 443 (HTTPS traffic).
Firewall Compatibility
All application traffic uses a secure connection over HTTPS (port 443). There is no firewall configuration that is required for any user.
Post Session Data/File Storage
No session information is retained on the end user’s computer or by ScreenMeet Support. All relevant data is written to the CRM/ITSM platform. Also, any files that are transferred or recordings that are made are also written to the CRM/ITSM platform’s cloud storage.
SSO/OAUTH
ScreenMeet Support lets you use your existing CRM/ITSM platform credentials. You can oauth in via the relevant platform app.