Technology and Security Overview
Introduction The Internet is rapidly changing the way both consumers and corporations approach technical support. For support providers who service customers and/or employees, the Internet promises powerful new tools for helping end users and a welcome alternative to phone-based tech support. Consumers count on immediate results from the Internet, and they expect that e-support will solve their technical problems faster and more thoroughly than traditional call center or help desk assistance. Are support providers meeting online expectations? Statistics published by ICSA/e-Satisfy.com suggest that e-support is falling short. Although consumers expect a response to their technical support email inquiries within 24 hours, only 42 percent of support providers meet that expectation. In fact, e-support often proves ineffective and inefficient: More than half of the problems reported via email are escalated to phone support for resolution. GoToAssist realizes the promise of the Internet in unprecedented ways and raises the bar of e-support to a new level of effectiveness. GoToAssist allows technical-support representatives to remotely identify and solve users problems in real time. Using Citrix Online s proprietary screen-sharing software, support representatives no longer must waste time guessing at users computer problems; instead, representatives can remotely access users computers and take a look for themselves. In addition to its time- and cost-saving advantages, GoToAssist technology is also extremely flexible, scalable, secure, reliable and easy to use. Advantages of GoToAssist Technology Screen Sharing Screen sharing allows a support representative to remotely share control of a user s screen, mouse and keyboard. The support representative can efficiently address technical questions by sharing the user s computer all while the user looks on and participates. Support providers can resolve issues quickly and shorten call times significantly. Web-Based ASP Solution GoToAssist is an entirely Web-based solution. Users don t have to install software on their computers to get GoToAssist help, and live remote assistance is always just a few clicks away. Quick Implementation Getting up and running with GoToAssist is easy. GoToAssist s Web and application servers are hosted and maintained by Citrix Online at state-of-the-art data centers, so support providers don t have to install any hardware or software to use GoToAssist. The GoToAssist interface is so intuitive that minimal training is required before support representatives are comfortable using the tools.
Flexibility GoToAssist s suite of tools gives support representatives the flexibility they require when they are conducting remote-assistance sessions. They can use real-time Chat, File Transfer and ScreenSharing tools as needed during a session. Online Management and Report Retrieval Administrators have up-to-the-minute access to GoToAssist s advanced management and reporting tools. They can review entire chat and session logs or access daily reports to track industrystandard support metrics all through a secure online administration center hosted on Citrix Online servers. User Interaction Unlike other remote-assistance/diagnostic technologies, GoToAssist encourages user participation every step of the way. Rather than employing an invisible diagnostic tool that explores the user s computer, GoToAssist technology allows the user and the support representative to work together in real time. In fact, the user learns firsthand how to fix the computer problem while watching or taking instructions from the support representative. Tools Overview GoToAssist s portable software products have been developed in industry standard C/C++ and Java class development environments from Microsoft and Sun Microsystems. The cross-platform applications work seamlessly to enable a remote-assistance session. Creating a GoToAssist Portal Portal For each GoToAssist customer, Citrix Online creates one or more remote-assistance portals for example, a production portal and a training portal. Portals can be further broken down into remoteassistance groups, each representing a different support level or job function. Each group is composed of agents individual support representatives who are authorized to provide remote assistance to users. Management Center The GoToAssist Management Center lets portal administrators configure group and support agent settings and generate immediate real-time reports on the customer's use of GoToAssist, the performance of support representatives and remote-assistance sessions.
Initiating a GoToAssist Session SmartBox The user initiates a remote-assistance session by submitting a question in the GoToAssist SmartBox located on the support provider s Web site. The question is routed via Citrix Online Web servers to the appropriate portal and group, where the request can be handled by any online support representative. HelpAlert The support representative s HelpAlert software receives the user s question from the Citrix Online Web server and displays it in a pop-up window on the support representative s computer screen. The representative responds to the user s question, and the Web server establishes a GoToAssist session between the user and support representative. Conducting a GoToAssist Session ChatLink The dynamically downloaded ChatLink application controls the total session between the support representative and the user. A chat session begins immediately, enabling both parties to submit real-time messages to each other using Citrix Online s ChatLink technology. The user and support representative can address the technical problem in this familiar Web-chat format. CoPilot ChatLink will launch CoPilot (a module within ChatLink) whenever the support representative starts ScreenSharing or ScreenViewing. CoPilot orchestrates session activity, which includes sending screensharing data to the support representative's Viewer window; launching a Viewer window to display the support representative s computer on the user's desktop; and launching File Transfer applications as needed during the GoToAssist session. Viewer The Viewer is a native application that displays a computer s desktop. An image of the desktop is continually forwarded to the Viewer via the communications server. This data is encrypted and highly compressed using Citrix Online s proprietary compression technology. (See Security for more about this process.) During Remote ScreenSharing, the Viewer displays the user's desktop to the support representative. The support representative can manipulate any screen element or application on the user s computer with mouse and keyboard control just as if the support representative were seated in front of the user s computer. Remote ScreenViewing is also possible, where the support representative views but cannot manipulate the user's desktop. Local ScreenSharing or ScreenViewing allows the support representative's desktop to be viewed (and optionally manipulated) by the user. The support representative's ability to invoke this feature is enabled or disabled by the portal administrator.
File Transfer In addition to collaborating through ChatLink, ScreenSharing and ScreenViewing, the user and support representative can send files to each other using File Transfer. This occurs only by mutual agreement: When the sender initiates a transfer, the recipient must grant permission. GoToAssist File Transfer does not use the traditional File Transfer Protocol (FTP), but instead relies on the same secure, firewall-friendly technology that powers screen sharing. Flow control ensures that File Transfer and ScreenSharing can take place simultaneously without degradation in quality. Server Architecture and Security Citrix Online s architecture has been designed for maximum performance, reliability and scalability. The GoToAssist service is driven by industry-standard, high-capacity servers and network equipment. Redundant switches and routers are built into the architecture to ensure that there is never one single point of failure. Clustered servers and backup systems help guarantee a seamless flow of application processes even in the event of heavy load or system failure. GoToAssist clients can be confident that Citrix Online has developed a robust, secure architecture that protects data and scales easily to compensate for the demands placed upon it.
Web Servers GoToAssist s service is maintained by a cluster of high-capacity Sun V480 Web servers. Webbalancing switches monitor network flow and transparently distribute server requests among all the servers, thereby preventing overload to any individual server and ensuring an uninterrupted flow of application processes. The Web servers run a Java servlet engine and dynamically generate all Web pages in conjunction with the application server and database. The Web servers primary role is to initiate or "broker" a connection between the user and the support representative. Once a connection is established, the entire interaction between both parties takes place over communication servers. Communication Servers Communication servers mediate each GoToAssist session. The communication server facilitates three important processes during each session: 1. Screen sharing and screen viewing: The communication server relays screen outputs and mouse and key inputs between the user and the support representative. This data is highly compressed using Citrix Online s proprietary compression technology and encrypted for privacy. 2. Session Recording: For clients who purchase the optional SessionView Module, the communication server records the chat dialog and the screen-sharing data stream for future reference by the support representative. The user can save the chat dialog at any point during a chat session or at the session's end. Clients can later review the screensharing session in real-time or fast-forward modes and use GoToAssist's reporting tools to track quality and performance benchmarks. 3. Firewall Access: The communication server facilitates a firewall-friendly connection using a variety of protocols. In most cases, a connection is established without changing firewall settings at either end. (See Firewall Configuration for more details.) Database and Session Storage Servers Sun V880 database servers running Oracle provide persistent, secure storage of configuration and performance data. Session-specific statistics (but not recordings) are stored in the database, including support-representative permissions, group permissions, session time, duration and support representative and customer questions. Layers of firewalls provide redundant, filtered connectivity between database servers and other GoToAssist servers. When the recording feature is enabled, encrypted session recordings are copied from the communication server to a session storage server, where they remain for 90 days. Backups to tape prevent accidental loss, and the tapes are stored offsite for one year. Tapes are stored in locked boxes at all times to ensure physical protection. The data is always kept in two places (server/tape or tape/tape) during the year to prevent data loss. Access is protected by public-key encryption. (See Security for more details.)
Network Reliability The Citrix Online network is constantly monitored with Simple Network Management Protocol (SNMP). Critical metrics are recorded 24/7 to ensure that heavy network activity does not cripple any single component. Performance data is regularly collected on all key production systems, including the database, Web servers, communication servers and networking equipment. The data is used as a real-time measurement of performance and as a tool for future capacity planning. These sites are also monitored by the hosting facilities. Failures and other important events cause emails and pages to be sent to the appropriate operators. Software Updates All servers are generally updated monthly to the current recommended security patches. However, patching occurs first on QA (test) systems and staging machines before being applied to production machines. Security patches for correcting potential vulnerabilities detected by Citrix Online go through an expedited installation cycle. Servers are penetration-tested quarterly and system logs are continuously audited for suspicious activity. In addition, Citrix Online is certified by the TruSecure SiteSecure service, the industry-recognized security assurance and certification program that addresses all aspects of information security. Database Reliability The Oracle database operates on a cluster of V880 multi-processor servers. The cluster has multiple network interfaces, mirrored drives and redundant switches; there are no single points of failure within the cluster, and automated fail-over is always enabled. The database is remotely monitored 24/7. Load Balancing Redundant load-balancing switches monitor Web server processes and transparently direct traffic among servers within a cluster so to balance the demand to any single server. Reliable Hosting Citrix Online s hosting facilities are located in California and New York. Internet connectivity is monitored 24/7, and Citrix Online uses multiple Tier 1 Internet providers for ultimate, redundant connectivity. Routing between multiple providers is configured across two Cisco router switches, and redundant power and network feeds ensure that there are no single points of connectivity failure. Secure Administration Citrix Online's Network Operations Center is linked to the hosting facilities by private T1 and VPN allowing authenticated, encrypted remote log-in access for administering servers. To avoid opening ports and to ensure very tight access control, an intermediate server handles and authenticates all SSH connections.
Firewall Configuration GoToAssist works with leading firewalls. In most cases, remote-assistance connections are possible without any firewall reconfiguration. GoToAssist requires access to outbound ports at both ends of a connection. Occasionally, some firewalls may require port and IP adjustments to allow GoToAssist access. Reconfiguring a firewall for GoToAssist does not compromise the integrity of the client s firewall; only outgoing communications within a narrowly limited IP range are impacted. Firewall Navigation/Negotiation All Citrix Online software modules (i.e., HelpAlert and CoPilot) use identical communication code. At start-up, each module performs a series of communication initialization steps in order to find the best network path to Citrix Online s servers. In environments with firewalls and/or proxies, the challenges are two-fold: first, to detect and locate the appropriate firewall/proxy, and second, to determine the best protocols with which to speak to or through that firewall/proxy. Specifically, communication initialization consists of the following steps: 1. Collect all available proxy information and compile a list of potential proxy addresses. Proxy information is collected from: User settings in Internet Explorer and Netscape browsers Automatic proxy configuration files identified by browser settings The connections used by any currently active browser An Citrix Online Windows Registry entry containing a list of known proxies An Citrix Online software Windows registry entry used to keep track of the last known good connection method 2. Open direct connections to Citrix Online s servers and to the proxies detected in Step 1. The connections that are opened are: TCP connections to Ports 80, 443 and 8200 on Citrix Online s servers Connections to the configured ports on each of the detected proxies 3. Test each successfully opened connection by using it to send a few requests. The test depends on the module: Modules needing standard HTTP perform a few simple HTTP requests Modules needing a streaming (JEDI) connection perform a sequence of custom streaming requests When testing connections to a proxy, the proxy may return authentication requests, i.e., require that the user authenticate himself/herself to the proxy to gain access to the Internet. Citrix Online software supports both basic and NTLM proxy-authentication methods.
Determining the Connection Method For a given environment, the best connection method is determined upon communications initialization. HelpAlert and/or CoPilot software will communicate with Citrix Online servers using either HTTP or JEDI. 1. HTTP GET and POST commands are sent directly to Citrix Online servers when possible. Otherwise, these standard requests are sent to an intervening proxy. 2. Streaming (JEDI) connections are made directly to Citrix Online servers when possible. Otherwise, the HTTP/1.1 CONNECT method is used to navigate through a proxy. In the unlikely event that the proxy does not support the CONNECT method, JEDI can be tunneled through regular HTTP requests, albeit with a significant performance penalty. (See below for more details.) JEDI Protocol vs. HTTP Tunneling Protocol JEDI is the proprietary protocol used to relay GoToAssist session traffic between Citrix Online communication servers and support representatives or users. It is a lightweight protocol that operates on top of TCP. It has commands for creating, joining and closing sessions. It also performs flow control and closes sessions in the event that a transmission error is detected. An outgoing socket connection can use HTTP instead of JEDI when a proxy server blocks the JEDI protocol, although the HTTP alternative is more susceptible to failure and performs poorly when compared to using JEDI. For a reliable connection, Citrix Online recommends a configuration that allows JEDI. Connection Scenarios There are three possible connection scenarios with GoToAssist: 1. Direct Client to Server Connection In this scenario, the firewall allows outbound connections to any one of Ports 8200, 80 or 443. HelpAlert on the support representative's computer or CoPilot on the user's computer makes a direct connection to the Citrix Online server through one of these ports. Any intervening firewall must allow outbound traffic on one of these ports for maximum throughput. This is the optimum connection method for GoToAssist, and most support providers have success with this method.
2. Connection via a Proxy Server The second request-response chain involves a proxy, or caching proxy, as an intermediary. In this scenario, the client (HelpAlert or CoPilot) makes its request to the proxy rather than to the Citrix Online server. Proxies typically receive requests on Port 8080, but may listen to any arbitrary port number. Transparent proxies intercept outbound traffic to Port 80 and/or 443. In summary, if a proxy is fast and can handle HTTP requests without unreasonable delay, then a direct connection is established through the proxy to the Citrix Online servers. This configuration is the second best alternative for running GoToAssist. However, when proxies block JEDI or introduce large propagation delays, GoToAssist may not operate optimally. 3. HTTP Tunneling via a Proxy Server In this configuration, although HelpAlert and ChatLink can communicate through the HTTP proxy, ScreenSharing and File Transfer require HTTP tunneling of JEDI connections. HTTP tunneling requires each JEDI packet to be broken into 6-8 fragments; each fragment is wrapped inside a new packet, incurring about 500 bytes of added overhead. The real overhead is roundtrip time, not the extra bytes. HTTP tunneling overhead reduces network performance, and a very fast proxy is required in order for ScreenSharing or File Transfer to work properly in this configuration.
Security Security is a vital concern for all Web-based systems. Citrix Online recognizes this and uses the latest security technology to ensure that the data exchanged between users and support representatives is completely secure. Identities are scrupulously verified and protected with industry-standard authentication technology, and GoToAssist sessions are kept secure and private with the use of randomly generated session keys and advanced encryption. GoToAssist clients and their users can count on the protection of their information and identities. Log-In Passwords Portal access by support representatives and administrators is protected by password authentication. A quality check requires all passwords to be a combination of at least 8 alpha and numeric characters when this security feature is enabled. A "three strikes" rule locks out an ID after three consecutive login failures. Alternatively, this rule can be disabled or the ID can be temporarily blocked for 5 minutes. Through the Management Center, administrators can view audit reports detailing log-in failures associated with incorrect IDs or passwords. In addition, Citrix Online also has the ability to limit administrator and agent logins to certain IP ranges. Authorization and Access Control A GoToAssist customer may have several portals. Access to each portal is controlled at four levels: 1.An account manager configures each portal to enable or disable use of GoToAssist applications, establish log-in and Replay parameters and create portal administrator logins. 2.Each administrator has permission to use the Management Center to configure or view specific portals and groups of representatives. Administrators may be granted access to different Management Center menu items. For example, one might be allowed to generate support-representative and company reports, while another might access real-time monitors and view or set supportrepresentative status. 3.Individual support representatives are granted access to specific portals, software versions and GoToAssist features. Use of specific applications during GoToAssist sessions Remote and/or Local ScreenSharing, ScreenViewing, ChatLink and File Transfer can be allowed or denied. Each support representative is given a unique login and password used for HelpAlert authentication. (See Challenge/Response.) 4.GoToAssist sessions cannot be initiated by anyone but the user of the remote computer. During a GoToAssist session, the user can deny the start of any ScreenSharing or ScreenViewing session, deny the ChatLink download or refuse receipt of a transferred file. During a screen-sharing session, the user can take control of the keyboard and mouse at any time. 5.After a session is over, there is no GoToAssist software left running so it is impossible for the support representative to reconnect to the user s computer in any way.
Session Challenge/Response Passwords Support representatives are authenticated using a challenge/response exchange. Citrix Online's server generates a large random number and sends it to HelpAlert. HelpAlert then computes and returns an MD5 hash of the random number, a locally generated random number, the support representative's password and a session ID. If the HelpAlert response matches the server s own computation, access to GoToAssist is granted. Three factors make the challenge/response method one of the surest solutions for identity security: 1. The support representative's password is never transmitted over the network, so a third party cannot intercept it. 2. Digital signature algorithms like MD5 do not allow a third party to compute a password given a challenge and the corresponding response. 3. The server uses a different time-stamped challenge each time access is requested; a third party cannot simply replay a previous response because each response only works once. Digital signing is used on all communication between HelpAlert and Citrix Online servers, preventing an intruder from responding to user questions in place of the support representative. Advanced Encryption for Data in Transit Citrix Online uses state-of-the-art 128-bit Advanced Encryption Standard (AES) encryption to prevent intruder access to the information exchanged during a GoToAssist session. AES encryption is based on a shared secret" key, known only to the session end points. A new key is generated at the start of each session, based on the support representative's password, a session identifier and a random number exchanged between HelpAlert and Citrix Online's server. The server passes this key to the user's machine as part of the ChatLink software download. The download itself is protected by HTTPS using SSL when supported by the user's browser. During the GoToAssist session, HelpAlert and CoPilot encrypt all data exchanged between the user s machine and the support representative's machine. ChatLink, ScreenSharing/Viewing and File Transfer data is encrypted end to end; packets are never decrypted in transit by any Citrix Online server. Because Citrix Online implements AES in CFB mode, no third party can decrypt or inject packets without knowing both the session key and the current state of the AES engine.
Database HelpAlert login requiring a challenge/response authentication 1 Web servers/ broker 2 Broker computes AES session key HTTPS CoPilot * download AES session key included 3 Support representative running HelpAlert 2 Customer running CoPilot HelpAlert computes AES session key 4 End-to-end AES encrypted data Communication servers 4 End-to-end AES encrypted data Encrypted session data stored during session (if enabled) 4 Raid array file server Backup within 24 hours Tape backup Second tape backup Advanced Encryption for Recorded Sessions AES encryption also ensures that recorded GoToAssist sessions, stored on Citrix Online servers, are cryptographically protected. When recording is disabled, the GoToAssist session key is not kept on Citrix Online servers in any form. Thus, breaking into a server cannot reveal the key for any encrypted stream that the intruder may have captured. When recording is enabled, ChatLink, ScreenSharing and ScreenViewing data is stored in encrypted form. The session key is also stored, but it is protected with RSA public/private key encryption. A portal-specific public key is used to encrypt the session key before storage. For replay, three items are needed: the session recording, the encrypted session key and the portal's private key.
Database Raid array file server HTTPS login to Management Center 1 Web servers/ broker 2 Encrypted AES key and data 3 Portal administrator Replay viewer uses the passphrase to decrypt the AES key and the key to decrypt the session data Account managers or portal administrators may view recordings with a Replay Viewer Java applet. The Replay Viewer uses the portal's private key to decrypt the session key, which is then used to decrypt the recording. For accounts with standard portal setup, the private key is known to both Citrix Online and the portal administrator; replay access is guarded by the Management Center login/password. For accounts with premium portal setup, the private key is known only to the portal administrator and is never transmitted anywhere; neither employees at Citrix Online, nor potential intruders to Citrix Online servers can decrypt recorded sessions. Citrix Online s Proprietary Compression Technology Citrix Online has developed an incremental, loss-less technology for compressing bitmap images. During a screen-sharing or screen-viewing session, the system takes periodic screen captures of the user s computer screen and compresses the images pixel by pixel. The compression algorithm separates the background and foreground components of the user s screen and compresses each of them separately. The algorithm also uses repeating components to improve compression. When each new screen capture is recorded, the compression algorithm captures only the screen elements that have changed since the last screen capture. The communication server transmits these compressed bitmap images to the support representative s Viewer in data packets that can only be viewed by GoToAssist software. Not only is the level of compression better than any compression achieved by comparable compression algorithms, but the resulting transmission is more secure. User Privacy With GoToAssist, the support representative has unprecedented access to the user s computer to pinpoint and resolve technical issues more efficiently than ever before. Yet GoToAssist leaves the ultimate control in the hands of the user. The user actively participates in the screen-sharing process and observes every step that is taken to resolve the technical issue. At any time the user can retake control of the mouse and keyboard or end screen sharing altogether.
Once a session has ended, the support representative can no longer connect to the user s computer and the ChatLink automatically uninstalls itself from the user s machine. A log file remains for user reference, but does not reveal any information that might compromise privacy or security. The ChatLink executable is retained for future use during other GoToAssist sessions. However, future sessions must still be brokered by Citrix Online servers, generating new session keys, etc. Customer Privacy Citrix Online has a strong privacy policy that prohibits unauthorized disclosure of personal or corporate information to any third party. Citrix Online s published privacy policy is included in every service agreement. This policy identifies information gathered, how it is used, with whom it is shared and the customer s control over dissemination. Citrix Online is a TRUSTe licensee and complies with its stringent privacy policies. Citrix Online goes to great lengths to ensure that unauthorized personnel cannot access its customers private data. Servers hosting GoToAssist are physically and administratively separate from Citrix Online offices. Only key employees have access to these servers and only a few have administrative access to customer data on a need-to-know basis for the express purpose of customer support. Conclusion Citrix Online s GoToAssist technology takes the mystery out of technical support. While phonesupport representatives cross their fingers and blindly direct users where to click, GoToAssistenabled representatives don t have to play guessing games they can use Web-based remoteassistance tools to efficiently identify and resolve issues, improving first-time resolution and reducing handling time in the process. Behind the scenes, Citrix Online architecture transparently supports person-to-person collaboration by providing a scalable and reliable environment. Security promotes both ease of use and flexibility without compromising data integrity, confidentiality and user control. As an unparalleled e-support paradigm for the Internet age, GoToAssist offers support providers an easy, low-cost method for integrating Web-based technical support that will improve their bottom line.