Administrative Guide 13.1. Enterprise Licensing

Administrative Guide 13.1 Enterprise Licensing

TABLE OF CONTENTS Bomgar Administrative Interface 4 Login to the Administrative Interface 5 Status 6 Information: View Bomgar Software Details 6 Representatives: View Logged In Reps and Send Messages 7 What's New: See Software Release Details 8 My Account: Change Password and Username, Download the Representative Console and Other Software 9 Configuration 11 Options: Manage the General Queue, Record Sessions, Monitor License Usage, Set Up Text Messaging 11 Issues: Manage Support Issues 13 Support Teams: Group Representatives into Teams 14 Skills: Route Issues to Representatives 16 Access Sponsors: Create Groups of Privileged Users 18 Jumpoint: Set Up Unattended Access to a Network 19 Jump Clients: Manage Settings and Install Jump Clients for Unattended Access 26 Bomgar Buttons: Deploy Bomgar Buttons for Quick Session Start 28 Canned Messages: Create Messages for Chat 31 Canned Scripts: Create Scripts for Command Shell Sessions 32 Special Actions: Create Custom Special Actions 33 Users and Security 34 User Accounts: Add User Permissions for a Representative or Admin 34 Embassy: Create an Embassy for Vendor Access 35 Rep Invite: Create Profiles to Invite External Representatives to Sessions 38 Security Providers: Enable LDAP, Active Directory, RADIUS, and Kerberos Logins 39 Group Policies: Apply User Permissions to Groups of Users 40 Settings and Field Details: User Permissions 43 Kerberos Keytab: Manage the Kerberos Keytab 52 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 2

Reports: Report on Session and Presentation Activity 53 Public Portals 55 Public Sites: Customize the Support Portal 55 HTML Templates: Customize the Web Interface 57 Customer Notices: Create Messages for the Customer Notification System 58 File Store: Upload Resource Files 61 Apple ios: Add Apple Configuration Profiles 62 Exit Surveys: Enable the Customer Exit Survey and Representative Exit Survey 64 Customer Client: Modify the Invitation Email, Display Options, Connection Options 65 Presentation: Modify the Invitation Emails and Display Options 69 Localization 71 Languages: Manage Available Languages 71 Search: View Customized Text in Enabled Languages 72 Management 73 Software Management: Download a Backup, Upgrade Software 73 Security: Manage Security Settings 74 Site Configuration: Set HTTP Ports 77 Email Configuration: Configure the Software to Send Emails 78 Outbound Events: Set Events to Trigger Messages 79 Cluster: Configure Atlas Technology for Load Balancing 81 Failover: Set Up a Backup Appliance for Failover 83 Support: Contact Bomgar Support 85 Ports and Firewalls 86 Disclaimers, Licensing Restrictions and Tech Support 87 CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 3

Bomgar Administrative Interface As a tour of /login, this guide is designed to help you administer Bomgar users and your Bomgar software. The Bomgar Appliance serves as the central point of administration and management for your Bomgar software and enables you to log in from anywhere that has internet access in order to download the representative console to virtually support your end-users. Use this guide only after an administrator has performed the initial setup and configuration of the Bomgar Appliance as detailed in the Bomgar Appliance Hardware Installation Guide. Once Bomgar is properly installed, you can begin supporting customers immediately. Should you need any assistance, please contact Bomgar support at www.bomgar.com/support. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 4

Login to the Administrative Interface The user administrative interface enables administrators to create representative accounts and configure software settings. Log into the user administrative interface by going to your appliance s public URL followed by /login. Although your appliance s URL can be any registered DNS, it will most likely be a subdomain of your company s primary domain (e.g. support.example.com/login). Default Username: admin Default Password: password Because Bomgar is licensed by concurrent users, you can set up as many accounts as you need, each with unique usernames and passwords. If Kerberos has been properly configured for single sign-on, you can click the link to use integrated browser authentication, allowing you to enter directly into the web interface without requiring you to enter your credentials. Note: For security purposes, the administrative username and password used for the /appliance interface are distinct from those used for the /login interface and must be managed separately. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 5

Status INFORMATION: VIEW BOMGAR SOFTWARE DETAILS The main page of the Bomgar /login interface gives an overview of your Bomgar Appliance statistics. An administrator can select the appropriate time zone from a dropdown, setting the correct date and time of the appliance for the selected region. You also can restart the Bomgar software remotely. Additionally, view the number and type of Bomgar clients connected. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 6

REPRESENTATIVES: VIEW LOGGED IN REPS AND SEND MESSAGES View a list of representatives logged into the representative console, along with their login time and whether they are running support or presentation sessions. You also can terminate a representative's connection to the representative console. Send a message to all logged-in representatives via a pop-up window in the representative console. You also may view representatives who have extended availability mode enabled. Enabling extended availability mode does consume a license. You may disable a representative's extended availability in order to free up a license. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 7

WHAT'S NEW: SEE SOFTWARE RELEASE DETAILS Easily review Bomgar features and capabilities newly available with each release. Learning about new features as they become available can help you make the most of your Bomgar deployment. The first time you log into the administrative interface after a Bomgar software upgrade, the What's New page will receive focus, alerting you that new features are available on your site. You must be an administrator to view this tab. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 8

My Account: Change Password and Username, Download the Representative Console and Other Software From the My Account page, you can download the Bomgar representative console. The file type will default to the appropriate installer for your operating system. For system administrators who need to push out the representative console to a large number of systems, the Microsoft Installer can be used with your systems management tool of choice. In your command prompt, when composing the command to install the representative console using an MSI, change to the directory where the MSI was downloaded and enter the command included on the My Account page. You can include optional parameters for your MSI installation. INSTALLDIR= accepts any valid directory path where you want the representative console to install. RUNATSTARTUP= accepts 0 (default) or 1. If you enter 1, the representative console will run each time the computer starts up. ALLUSERS= accepts or 1 (default). If you enter 1, the representative console will install for all users on the computer; otherwise, it will install only for the current user. If you install for only the current user, you can choose to have the representative console automatically update each time the site is upgraded by entering SHOULDAUTOUPDATE=1; a value of 0 (default) will not auto-update, and the representative console will need to be manually reinstalled when the site is upgraded. If you install the representative console for all users, it will not auto-update. You can download a session recording viewer to view recorded sessions from your desktop rather than only on the web. In unusual scenarios where video driver performance is slowing down screen refresh rates, downloading the display driver on the target system can greatly improve screen sharing speed. The display driver must be installed on the computer whose screen is to be viewed, either the remote computer for a support session or the representative's computer for a presentation. The display driver works only on Windows XP and higher and Server 2003 and higher. Enable or disable Extended Availability Mode by clicking the Enable/Disable button. Extended Availability Mode allows you to receive email invitations from other representatives requesting to share a session when you are not logged into the representative console. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 9

You can change your email settings for Extended Availability Mode, including preferred language for the emails. You can change your password and display name, and nonadministrators may change the security question and answer. Bomgar recommends changing your password regularly. You can choose to have a public display name, for use with customers, and a private display name, used for all internal communications between representatives, on chat transcript reports, team activity reports, and so forth. By default the two fields are in sync, so anything you type in the Private Display Name field is copied automatically to the Public field. To change your public display name type in the name you want your customers to see. To put the fields back in sync, simply make them identical again. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 10

Configuration OPTIONS: MANAGE THE GENERAL QUEUE, RECORD SESSIONS, MONITOR LICENSE USAGE, SET UP TEXT MESSAGING The option Enable the General Queue is selected by default and creates a queue in the representative console that includes all logged-in representatives. If deselected, representatives will see only their personal and team queues, and they will be unable to communicate with any representatives outside their teams. Disabling the general queue is helpful for companies with a large support center where representatives do not need to interact outside their teams. Note: Disabling the general queue does not prevent representatives from transferring sessions to other teams. This permission is configured per user from the User Accounts page. See "User Accounts: Add User Permissions for a Representative or Admin" on page 34. If you check Require Closed Sessions on Logout or Quit, then representatives will be unable to log out of the representative console until their personal queues are empty. There are five rules for when a representative s connection to a session is lost or terminated. (1) If the session is shared, it transfers to the representative who has been sharing the session the longest. If not shared, it transfers to (2) the last queue it was in, (3) the queue in which it entered, or (4) the general queue. This second set of rules can be turned on or off for normal sessions (attended), Jump sessions (unattended), or both. (5) Finally, if no representative is found, the session ends. Note: If the session is in a persistent queue, the above logic will not apply. For more information about persistent queues, see "Support: Contact Bomgar Support" on page 85. If General Queue Routing Algorithm is set to Least Busy, Equilibrium will be enabled so that a session in the general queue will be assigned to the least busy representative who is allowed to participate in the general queue. If it is set to Skills Match, Least Busy, then if a session has needed skills marked and is transferred to the general queue, that session will be assigned to the representative with the best skills match. The representative has as long as is set in General Queue Alert Timeout to either accept or reject the session. If the representative rejects the session or fails to respond before the timeout, the session will be reassigned to the next best matched representative who is allowed to participate in the general queue. When a session is assigned, the representative receives an alert. If Show Session Information is checked, all session assignment alerts, both for the general queue and for any other queues using Equilibrium, will display the support request information. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 11

Choose if you want screen sharing sessions, Show My Screen sessions, and/or command prompts to be recorded in Flash video format (FLV). Set the resolution at which to view playback. Note that all recordings are saved in raw format; the resolution size affects playback only. You can automatically pull the remote computer s system information to be available in the session report details. When supporting mobile platforms, choose Standard to pull a small set of data or Extended to pull all available information. You can also choose to record presentations. You can request to be alerted should your Bomgar license usage exceed a certain number of logged-in representatives at the same time. This is helpful in monitoring your teams license usage in order to keep your representatives adequately supplied. If you choose to be alerted, enter the contact email address and set when and how often you wish to be alerted. This feature requires valid SMTP configuration for your appliance, set up on the Email Configuration page under the Management tab. You may enter a custom link that will appear as a button in the representative console during a support session. One example use of this link is to associate sessions with external programs such as customer relationship management systems (CRM). The variable %EXTERNAL_KEY% inserts the session's external key into the URL. If, for instance, the external key matches the unique identifier of a case in your CRM system, clicking the session's custom link button could pull up the associated case in this system. You may enter a secure SMS Gateway URL from your ISP or third-party gateway provider to give reps the option to send support access keys via SMS text messages. Send support messages via SMS to a mobile device from within the representative console. SMS messages sent in this manner to other mobile devices will still receive a session link. The SMS communication is not logged in the appliance. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 12

ISSUES: MANAGE SUPPORT ISSUES Create support issues to streamline your customers' experience when requesting support on the public portal. Issues created may be configured to appear on the dropdown menu of the issue submission form and comprise a list of the support problems most likely to be experienced by your customers. Note: Since support issues need to be routed to Support Teams (see "Support Teams: Group Representatives into Teams" on page 14), you need to create teams before you create support issues. If you wish to associate skills with that issue, you need to create them first as well (see "Skills: Route Issues to Representatives" on page 16). Click Add New Support Issue to create a new issue. Give it a title and a code name. Then use the Route To dropdown menu to have that issue routed to a specific team. Set the issue's priority to High, Medium, or Low, depending on how you want the issue to be handled by the system. The default is Medium. Next, check the box if you want to allow representatives to request help for this support issue while in a session. If checked, the issue is listed in the Request Help flyout window of the representative console when the Session Sharing option is selected. Issues can be associated with the skills needed to best resolve them. Skills can be More Preferred, Less Preferred, or Ignored, depending on the level of knowledge required to resolve a given issue. This will determine how support requests are routed and handled by the system. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 13

SUPPORT TEAMS: GROUP REPRESENTATIVES INTO TEAMS Grouping support representatives into teams aids efficiency by assigning leadership within groups of representatives as well as by helping to direct customers to the representative best suited to solve a given problem. Assign the team a name and set comments to help identify the purpose of this team. If Persistent Queue is checked, support sessions will remain in this team s queue even if no representatives are available. A session transferred to this team s queue will remain in the queue indefinitely until a team member or API operation handles the session. This option provides additional flexibility for custom session routing management. When adding a team, you can reserve a minimum number of licenses for that team via the Reserved Slots field. This option guarantees that at least the specified number of licenses will be available for members of this support team. Effective license usage management helps to avoid license lockout situations wherein a license is needed but none is available, thereby ensuring that the most critical issues can be addressed by reserving licenses for the most crucial support teams. Note any group policies which assign members to this team. Click the link to go to the Group Policies page to verify or assign policy members. From the list of available representatives, select one or more users and click the arrow to move them into the team. You can set each member s role as a Team Member, Team Lead, or Team Manager. These roles play a significant part in the Dashboard feature of the representative console. Team members who share membership through one or more group policies are listed for you, along with a link to the Group Policies configuration page. Under the Equilibrium Settings section, if Routing Algorithm is set to Least Busy, a session in this team queue will be assigned to the least busy representative who is a member of this team. If it is set to Skills Match, Least Busy, then if a session has needed skills marked and is in this queue, that session will be assigned to the representative in this team with the best skills match. The representative has as long as is set in Alert Timeout to either accept or reject the session. If the representative rejects the session or fails to respond before the timeout, the session will be reassigned to the next least busy representative who is a member of this team. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 14

If enabled in the Dashboard Settings section of the main page, a Team Lead or Manager can monitor team members from the dashboard. Choose a selection to Disable the ability to monitor, restrict monitoring to Only Representative Console, or allow a Team Lead or Manager to monitor a team member's Entire Screen. Monitoring affects Team Leads and Managers for all teams on the site. To display a monitoring icon in the team member's representative console, select the checkbox Enable Monitor Indicator. A Team Lead can also take over or transfer a team member s sessions if the Enable Session Transfer checkbox is selected. Similarly, a Team Manager can monitor and administer both team members and Team Leads. Within a team, a representative can administer only others with roles lower than his or her own. Note, however, that roles apply strictly on a team-by-team basis, so a representative may be able to administer another representative in one team but not be able to administer that same representative in another team. Once you have saved your changes, you can modify a team by clicking Edit Team or remove a team entirely by clicking Delete Team. Deleting a team does not delete those representative accounts, only the team with which they are associated. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 15

SKILLS: ROUTE ISSUES TO REPRESENTATIVES Skills are the areas of expertise covered by your representatives. As an administrator, you need to create a list of these skills, which are ranked in broad categories according to their importance. These root skills can be assigned a number of sub-skills. For instance, the root skill for "Antivirus"can contain a list of common antivirus programs, each a particular sub-skill necessary to properly address a customer support issue dealing with antivirus-related problems. Representatives associated with a given skill are listed on the right. If no representative is associated with a skill, click on the Users page link to configure skills for each user. CREATING SKILLS Note: In order to be able to create and edit skills, this permission has to be set per user. Go to Users and Security > User Accounts, scroll down to the Permissions section, and make sure Allowed to Edit Skills permission is checked. Administrators are automatically granted this permission. To begin, you need to create a list of skills. To start, add a few general categories, or root skills. On the Configuration > Skills page, click New Root Skill, then enter a display name and a code name. The code name is for internal use only. Next add skills under the new root skill. The new root skills and their sub-categories display in the Skills tree. You can use the orange arrows to expand or collapse each section. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 16

Root skills are ranked sequentially from more critical to less critical. When Equilibrium is enabled, the system will try first to match all the root skills, but if that is not possible, it will begin to peel away lower ranking skills first, one at a time, until a match is found. If you need to change a root skill's rank, click on Change Ranking and you will now be able to drag and drop skills into their new positions. Once created, skills can be assigned to representatives from the User Accounts page. See "User Accounts: Add User Permissions for a Representative or Admin" on page 34 BULK IMPORT When dealing with a larger number of representatives and/or skill sets, it may be easier to assign skills to representatives using bulk import. Use Import User Skills to upload a CSV file with the usernames and associated skills. The CSV file should use the following format: "username1", "skill_code_name" "username1", "skill_code_name2" "username2", "skill_code_name" Please note that the skills listed for a given representative on the import file will override any skills already associated with that user. If you need to remove all associated skills with a particular user, leave the skill code name empty ( username3, ). CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 17

ACCESS SPONSORS: CREATE GROUPS OF PRIVILEGED USERS Create access sponsor groups to enable a representative with restricted permissions to request a more highly privileged representative to perform certain actions on his or her behalf, such as elevating a customer client to administrative rights or entering credentials for a remote system. First, name the group and add a brief description. Then, add lower-privileged representatives as requesters to this group, and higher-privileged representatives as sponsors. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 18

JUMPOINT: SET UP UNATTENDED ACCESS TO A NETWORK Bomgar's Jump Technology enables a representative to support both attended and unattended computers on a remote network without having to pre-install software on every machine. Simply install a single Jumpoint agent at any network location to gain unattended access to every PC within that network. At the bottom of the Jumpoint page is the option to Enable network browsing. If checked, permitted representatives can view and select systems from the network directory tree. If unchecked, representatives can access a system through a Jumpoint only by entering the system's hostname or IP address. Either way, the representative must provide valid credentials to the remote system before gaining access. At the top of the page, click Add New Jumpoint. Give this Jumpoint a name that will help users identify it when they need to start a session with a computer on the same network as this Jumpoint. If you want representatives to be able to connect to SSH-enabled and Telnet-enabled network devices through this Jumpoint, check Enable Shell Jump Access. Authorize at least one representative to use this Jumpoint. After the Jumpoint has been created, you can also grant access to groups of representatives from Users & Security > Group Policies. Once you click the Add Jumpoint button, your new Jumpoint should appear in the list of configured Jumpoints, along with a link to download the 32-bit or 64-bit Jumpoint installer. Click on a link to install the Jumpoint agent on a single system in the remote network you wish to access. This system will serve as the initiation point for Jump sessions with other computers on the remote network. As such, it is important that the host system NOT be a system already in use as a server, such as a file server, email server, or print server. For security purposes, a Jumpoint must close any active network connections to the computer it needs to access before it can attempt a Jump to that machine. Therefore, if the host system is being used as a server, the Jumpoint may be unable to complete a Jump because some other software is actively using a critical network connection which the Jumpoint is unable to close, causing the Jump to fail. Instead, Bomgar recommends deploying the Jumpoint agent to a virtual system as the ideal setup scenario. If a virtual system is unavailable, you can deploy the Jumpoint agent to its own dedicated server or even a normal client PC, provided that the host system has high availability. On the host system, run the Jumpoint installation wizard to configure further settings and start the service. To change the configuration after installation, locate the Bomgar folder in the Windows All Programs menu, open the site subfolder, and run Bomgar Jumpoint Configuration. Once the Jumpoint is active, any representative with privileges to access that Jumpoint can start a Bomgar session with any accessible device on that network, provided that the representative has valid credentials on the system he or she is attempting to access. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 19

PROXY SETTINGS For a Jumpoint to be deployed on a remote network that is behind a proxy, appropriate proxy information may be necessary for the Jumpoint to connect back to the Bomgar Appliance. From dropdown on the Proxy tab, select Basic or NTLM to configure proxy settings. Enter the Proxy Host, Proxy Port, Username and Password. The Jumpoint will supply this proxy information whenever Jumping to another system on the remote network, providing the credentials necessary to download and run the customer client on the target system. You also can set up this Jumpoint to function as a proxy itself by selecting Jump Zone Proxy Server from the dropdown on the Proxy tab. With Jump Zone Proxy Server selected, this Jumpoint can be used to proxy connections for clients on the network that do not have a native internet connection, such as POS systems. Using a Jumpoint as a proxy will route traffic only to the appliance. A Jumpoint can also be used to proxy Jump Client connections. Note: In order for a Jumpoint to function as a Jump Zone Proxy Server, its host system cannot reside behind a proxy. The Jumpoint must be able to access the Internet without having to supply proxy information for its own connection. Enter the hostname to use at the listening interface, and set which port to use. IMPORTANT! Host and port fields should be set carefully since any Jump Client deployed using this Jumpoint as a proxy server will use the settings available to it at the time of deployment and will not be updated should the host or port change. If the host or port must be changed, the Jump Client would need to be redeployed. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 20

Set whether to allow all IP addresses or to limit the IPs that can connect through this proxy. If allowing or denying access, enter one IP address or CIDR subnet range per line. Note: It is a best practice to make an exception in the Windows firewall for the port which the proxy server will listen on for the process which will be accepting connections. INTEL VPRO SETTINGS Using Intel Active Management Technology, privileged representatives can support fully provisioned Intel vpro Windows systems below the OS level, regardless of the status or power state of these remote systems. Configure this Jumpoint to enable vpro connection by going to the Intel vpro tab and checking Enable Intel vpro. Under Authentication, designate how the Jumpoint should attempt to authenticate to vpro-provisioned computers. Regardless of the authentication method, the provided credentials must match the authentication settings in the AMT firmware on the vpro systems. To require representatives to provide credentials each time they connect to a vpro computer, select Basic Digest Password and then Prompt Representative for credentials. Prompting for credentials is useful if the vpro systems on this network do not share a common username and password. However, since the vpro AMT firmware is entirely separate from any user accounts on the computer, administrators frequently provision all vpro systems to have the same credentials. Additionally, note that there is little security risk in storing credentials in the Jumpoint. To use vpro support, a representative must have not only the vpro user account privilege but also access to the vpro-enabled Jumpoint. Therefore, prompting for credentials may be an unnecessary measure. If the same credentials are used for all vpro systems on the network, you can select Basic Digest Password and then Use the following credentials for all connections. With this configuration, representatives are never prompted for vpro credentials; the Jumpoint automatically supplies the stored username and password for all vpro connections. If you select Kerberos, the Jumpoint supplies the credentials for its own host system account when authenticating to vpro systems. This configuration assumes that the account hosting the Jumpoint uses the same credentials as all vpro systems on the network. With this configuration, representatives are never prompted for vpro credentials. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 21

On the Encryption tab, set how the Jumpoint encrypts vpro network traffic. If the remote vpro systems are provisioned not to use TLS encryption, simply select No Encryption. Otherwise, you must define the path to the Base 64- encoded CER file which contains the certificates used during the provisioning of the remote vpro systems. Under Disk Redirection, specify the folder location of any ISO or IMG disk images you would like to make available for mounting in a vpro session. Representatives can use these files for IDE-R, booting the remote vpro system to a disk image rather than the hard drive. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 22

SHELL JUMP SETTINGS The Shell Jump tab determines how this Jumpoint can be used to connect to SSH-enabled and Telnet-enabled network devices. Note: Shell Jump must also be enabled on the Configuration > Jumpoint page of the administrative interface. For a representative to use Shell Jump, he or she must be granted access to a Jumpoint with Shell Jump enabled and must have the user account permission Allowed to Use Shell Jump enabled. On the Policy tab, if Open Access is selected, permitted representatives can Shell Jump to any remote device by entering its hostname or IP address or by selecting it from a list of provisioned devices. If Limited Access is selected, representatives can Shell Jump to provisioned devices or can enter a device's hostname or IP address provided that it falls within the parameters set by the host list on the Limited tab. If Provisioned Only is selected, representatives can Shell Jump only to provisioned devices. If limited access is enabled on the Policy tab, the Limited list accepts IP addresses and CIDR subnet masks to which Shell Jump access will be limited. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 23

Configure access to provisioned Shell Jump targets by going to the Provisioned tab and clicking Add. Enter a Name that will help representatives to identify this device when starting a Shell Jump session with it. Enter the device's hostname or IP address.choose the Protocol to use, either SSH or Telnet. Port automatically switches to the default port for the selected protocol but can be modified to fit your network settings. Select the Terminal Type, either xterm or VT100. If you are using SSH, you can choose to use Public Key Authentication. If you choose to do so, select a Private Key to use. Private keys are configured from the Private Keys tab. Representatives Shell Jumping to this provisioned device may connect only with the Username you provide. You can also select to Send null packets to keep idle sessions from ending. Enter the number of seconds to wait between each packet send. If you are going to be using SSH, you can upload a key file to use by going to the Private Keys tab and clicking Add. Give this key a Name and browse to the key file you wish to use. Keys must be in PuTTY format (PPK). PuTTYgen can be used to generate a PPK file if needed. If a Password is required, you can store the key file password for all representatives to use, or you can require representatives to enter the key file password each time they connect to a provisioned device using this key. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 24

You can add SSH Host Keys prior to a representative's Jumping to that host. If no host key is cached, the representative will receive a message alerting him or her that the server's host key is not cached and that there is no guarantee that the server is the computer he or she thinks it is. Caching a server's host key prior to connection can help prevent confusion. Enter the hostname or IP address. Enter the Port the device uses. The server will then return its host key, which you should verify. Clicking Update will poll the device for its host key and will let you know if it has changed. TTL SETTINGS A date and time can be set to specify when the Jumpoint should become active and when it should automatically uninstall. Setting these delimiters determines the duration of time for which representatives can access the remote network through this Jumpoint. Note: Jumpoint is only available for Windows systems. Jump Clients are needed for remote access to Mac or Linux computers. To Jump to a Windows computer without a Jump Client, that computer must have Remote Registry Service enabled (disabled by default in Vista) and must be on a domain. If you need to access remote computers via Jumpoint when no user is available, make sure your account permissions are set either to disable prompting or to default to Allow. You cannot Jump to a mobile device, though Jump Technology is available from mobile representative consoles. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 25

JUMP CLIENTS: MANAGE SETTINGS AND INSTALL JUMP CLIENTS FOR UNATTENDED ACCESS The Mass Deployment Wizard enables administrators and privileged representatives to deploy Jump Clients to one or more remote computers for later unattended access. From the dropdown, select whether to pin the Jump Client to your personal queue, to a team queue, or to the general queue. Pinning to your personal queue means that only you can access this remote computer through its Jump Client. Pinning to a team queue allows all members of that team to access this computer through its Jump Client, while pinning to the general queue allows access to all representatives. Adding a Group Name helps to organize your Jump Clients into categories within the representative console. Set the Connection Type to Active or Passive for the Jump Clients being deployed. If you have one or more Jumpoints set up as proxies, you can select a Jumpoint to proxy these Jump Client connections. That way, if these Jump Clients are installed on computers without native internet connections, they can use the Jumpoint to connect back to your Bomgar Appliance. The Jump Clients must be installed on the same network as the Jumpoint selected to proxy the connections. Add Comments, which can be helpful in searching for and identifying remote computers. Note that all Jump Clients deployed via this installer will have the same comments set initially. Select the Prompting Rule for control over access to the Jump Client. Selection is either Follow Rep Permission or Never, to allow reps access according to their user prompting permissions, or to access and perform all actions without prompting. The installer will remain usable only as long as specified by the This Installer is Valid For dropdown. If someone should attempt to run the Jump Client installer after this time, installation will fail, and a new Jump Client installer will have to be created. This time can be set for anywhere from 10 minutes to 1 year. This time does NOT affect how long the Jump Client remains active. If Attempt an Elevated Install if the Client Supports It is selected, the installer will attempt to run with administrative rights, installing the Jump Client as a system service. If the elevated installation attempt is unsuccessful, or if this option is deselected, the installer will run with user rights, installing the Jump Client as an application. This option applies only to Windows and Mac operating systems. Note: For Windows and Mac computers, a Jump Client pinned in user mode is available only when that user is logged in. In contrast, a Jump Client pinned in service mode, with elevated rights, will allow that system to always be available, regardless of which user is logged in. If Prompt for Elevation Credentials if Needed is selected, the installer will prompt the user to enter administrative credentials if the system requires that these credentials be independently provided; otherwise, it will install the Jump Client with user rights. This applies only if an elevated install is being attempted. By selecting Start Customer Client Minimized When Session Is Started, the customer client will not take focus and will remain minimized in the taskbar or dock when a session is started through one of these Jump Clients. You can also set a Password for these Jump Clients. If a password is set, this password must be provided to modify or use any one of these Jump Clients. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 26

Once you click Deploy, you can download and install the Jump Client immediately if you are at the computer that you need to later access. You can also email the installer to one or more remote users. Multiple recipients can install the Jump Client from the same link. The Platform option will default to the appropriate installer for your operating system. For system administrators who need to push out the Jump Client installer to a large number of system, the Windows executable, Windows MSI, or Linux executable can be used with your systems management tool of choice. You can include an optional parameter for the installation. -install-dir <install directory> (for the Windows and Linux executables) and INSTALLDIR= (for the Windows MSI) accept any valid directory path where you want the Jump Client to install. When defining a custom install directory, ensure that the directory you are creating does not already exist and is in a location that can be written. Note that, unlike the representative console, Jump Clients installed from an MSI do auto-update. An administrator can choose which statistics to view for all Jump Clients on a site-wide basis. These statistics are displayed in the representative console and include operating system, uptime, console user, CPU, disk usage, and a thumbnail of the remote screen. The Active Jump Client Statistics Update Interval determines how often these statistics are updated. Managing which statistics are viewed and how often can help to regulate the amount of bandwidth used. The more active Jump Clients you have deployed, the fewer the statistics and the longer the interval may need to be. Also set the maximum number of Jump Clients to upgrade at the same time. Note that if you have a large number of Jump Clients deployed, you may need to limit this number to regulate the amount of bandwidth consumed. You may further regulate the bandwidth used during upgrades by setting Maximum bandwidth of concurrent Jump Client upgrades. Note: Neither of these settings affects Console upgrades or Bomgar Button deployments. Allow simultaneous representative access to a single Jump Client provides a way for multiple representatives to gain simultaneous access to the same Jump Client without having to be invited to join an active support session by another representative. The first representative to access the Jump Client maintains ownership of the session. Representatives in a shared Jump session will see each other and be able to chat. Restrict Local Uninstall/Disable of Jump Clients limits the remote user s ability to uninstall or disable Jump Clients from the rightclick context menu, reducing the need to reinstall Jump Clients that should not have been uninstalled. If this option is enabled, only users with appropriate privileges on the target machine may uninstall the Jump Client via the host system's "uninstall programs" mechanism. Set whether ad-hoc Jump Clients pinned during a session should by default be active or passive. The Passive Jump Client Port specifies which port a passive Jump Client will use to listen for a "wake up" command from the appliance. Ensure that firewall settings allow inbound traffic on this port for your hosts with passive Jump Clients. Once awake, Jump Clients always connect to the appliance on port 80 or 443 outbound. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 27

BOMGAR BUTTONS: DEPLOY BOMGAR BUTTONS FOR QUICK SESSION START Deploying a Bomgar Button on your customer's computer installs a customer client on their machine, providing a quick, seamless method of starting support sessions. The Bomgar Button does NOT maintain a connection to the Bomgar Appliance, but rather provides a customer-initiated method of requesting support. Depending on the configuration of the Bomgar Button and the support site, clicking the Bomgar Button will connect the customer to a previously defined representative or team, allow the customer to enter a session key, or allow the customer to submit an issue submission form. Bomgar Buttons can be installed on Windows, Mac, and Linux computers, as well as BlackBerry Smartphones. To mass deploy a Bomgar Button, first enter a user-friendly name for the Description. This will be helpful when managing deployed Bomgar Buttons. Next, select the Public Portal through which this Bomgar Button will start support sessions. Set the Profile to either the default Bomgar Button profile or a custom profile as created below. Select the Language which this Bomgar Button should use. Next, specify whether starting a session from this Bomgar Button should place the customer in your personal queue or a team queue. Set the lifespan of the button. The customer can use this button to start sessions for only as long as specified here. If the customer clicks this button after it has expired, an invalid session key message will display, and the browser will refresh to your support portal. This time does NOT affect how long the installer remains active or how long a session can last. Finally, choose whether to install the Bomgar Button for a single user or for all users on the remote system. Deploying a Bomgar Button for all users is available only for Windows platforms. Also, if you make any changes to a Bomgar Button profile, a single-user Bomgar Button will automatically incorporate those changes the next time it connects, while an all-user Bomgar Button will have to be redeployed in order to receive those changes. For the best experience, redeploy all-user Bomgar Buttons each time you upgrade your Bomgar software. Note that all-user Bomgar Buttons may not be removed from within the representative console; they must be uninstalled from Programs and Features or Add or Remove Programs. Once you have set the parameters, click Create and then choose to download the Bomgar Button onto the local computer or to email it to one or more recipients. The Platform option will default to the appropriate installer for your operating system. Select BlackBerry MDS from the Platform dropdown to deploy the Bomgar Button via the BlackBerry Enterprise Server. For system administrators who need to push out the Bomgar Button to a large number of systems, the MSI option can be used with your systems management tool of choice. In your command prompt, when composing the command to install the Bomgar Button using an MSI, change to the directory where the MSI was downloaded and enter the command included on the Bomgar Button page. Note that, unlike the representative console, Bomgar Buttons installed from an MSI do auto-update. Note: Because some browsers require that the installer be saved before it can be run, there may be some confusion about when the Bomgar Button is fully installed. The downloaded bomgar-scc-{uid}.exe file is not the button itself but rather the installer for the button. This executable file must be run to complete the installation. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 28

Customize the Bomgar Button using Bomgar Button Profiles. Multiple Bomgar Button profiles can be added and used. Click Add New Profile to create a new profile, or edit an existing profile. While you can edit the default Bomgar Button profile, you cannot delete it. First, enter a user-friendly name for the Bomgar Button profile. Upload the file containing the customized button icon; the file must be a PNG file, no larger than 150KB and with a minimum height and width of 128 pixels. The height and width must be equal. Enter the Title of the profile. This title is used as the desktop title. Next, enter the Short Title, which is used when the customer s operating system limits the title length. Select where the Bomgar Button should be deployed, whether to the desktop or the menu. The menu option is only supported on Windows, Mac, and Linux systems. Now, select if the customer can use the Bomgar Button to connect directly to a specified queue. Click Add Bomgar Button Profile. Your new Bomgar Button profile is now available to deploy. Use the Embedded Bomgar Button Registry File Generator to create registry files which will embed the Bomgar Button into the title bar of an application. An embedded Bomgar Button gives support providers the ability to streamline the support path for specific applications. For example, if your support team frequently handles issues with Microsoft Outlook, you can embed a Bomgar Button within Outlook. You can configure this embedded Bomgar Button to point to a specific issue so that when a customer clicks the button, a session will immediately start with the team best suited to handle Outlook problems. Embedded Bomgar Buttons are a Windows-only feature. To create an embedded Bomgar Button, a Bomgar Button must first be deployed on the remote system. You may wish to define the Bomgar Button profile so that neither the desktop shortcut nor the menu shortcut is created. Select the Install Mode, either All Users or Single User. Then enter the name of the program in which you want to embed a Bomgar Button. Do not include the file path. Optionally, select an issue that will be associated with sessions started from this embedded Bomgar Button. You can alternatively select No Issue Assigned. Checking Show Front End Survey will prompt the customer to describe his or her issue before starting a session; if this option is unchecked, the session will start immediately, without any further customer input. You can add an External Key to assign to sessions started from this embedded Bomgar Button. To add multiple applications to one registry file, click Add Registry Entry and enter the information for another application. When you have finished adding executables in which you want to embed Bomgar Buttons, click Create Registry File. This will prompt you to save a registry file to your system. Using Active Directory or a deployment tool, deploy the registry file to all remote systems which should use these embedded Bomgar Buttons. After running the registry file, the remote user will have to log off and back on for the Bomgar Button registry entry to be created. Note: It is a best practice to save a copy of any generated registry files. Registry file information is not saved on the Bomgar Appliance. Now, when one of the designated applications is run, a Bomgar Button will appear in the top right corner, beside the minimize button. Clicking this embedded Bomgar Button will start a session as defined by its profile and its registry file settings. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 29

To edit an embedded Bomgar Button's functionality, you can import the registry file and modify its entries. When complete, click Create Registry File. Running the registry file will overwrite the existing registry entries. Note: Running a Bomgar Button registry file on a system that already has Bomgar Button registry entries will overwrite the original registry entries. Therefore, if you have embedded a Bomgar Button in one application and you wish to embed it in another, the new registry file must contain both executable names. If the new registry file contains only the new executable name, then the embedded Bomgar Button will appear only in the new application and not in the previous application. To remove an embedded Bomgar Button from a specific application without adding it to another application, you must edit the registry. Using Notepad or a similar editor, open the registry file you initially deployed and insert a hyphen in front of each registry key you wish to delete. Save the registry file and redeploy it to remove the registry entry. An example of a registry entry marked for deletion is presented below. [-HKEY_LOCAL_MACHINE\Software\Test] For more information about registry entries, see http://support.microsoft.com/kb/310516. Note: Uninstalling the Bomgar Button will remove it from all embedded programs but will not delete the registry entries. Thus, if another Bomgar Button is installed for the same site, it will inherit the previous registry entries and will appear embedded in the same programs. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 30

CANNED MESSAGES: CREATE MESSAGES FOR CHAT Create canned messages to be used in chat sessions. Using canned messages can decrease response time and help to standardize communication between representatives and customers. Filter your view of canned messages by selecting a category or team from the dropdown at the top of the page. The first step in managing canned messages is to create categories by which to organize your messages. Click Add New Category. Then enter a name for the category, optionally selecting a parent category. Once the category has been created, editing it will show you its child categories and messages. To create a new message, click Add New Canned Message. Enter a name for the message and the text that will display in the chat. Although HTML tags are not allowed, you can use BBCode to do some low level formatting, such as adding bold, colors or hyperlinks. Clicking on Supported BBCode Formatting displays a list of codes and their resulting applications. Select the category under which this message should appear, and then select which support teams should be able to use this canned message. Note: Messages should be relatively short so they can be viewed without much scrolling in the customer client windows. This applies to both the native client and clickto-chat modes. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 31

CANNED SCRIPTS: CREATE SCRIPTS FOR COMMAND SHELL SESSIONS Create custom scripts to be used in command shell sessions. The script will be displayed in the command shell interface as it is being executed. Filter your view of canned scripts by selecting a category or team from the dropdown at the top of the page. The first step in managing canned scripts is to create categories by which to organize your scripts. Next, add any resource files you want to access from within your scripts. You may upload up to 100 MB to your resource file directory. When creating a script, first name the script and then add a brief description of what the script is intended to do. This description is displayed on the prompt to confirm that the representative wants to run the selected script. Next, write the command sequence. Scripts must be written in command line format, similar to writing a batch file or shell script. Note that only the last line of the script may be interactive; you cannot prompt for input in the middle of the script. Select which support teams should be able to run this script, and then select the categories under which this script should appear. Finally, you may select a resource file to be associated with this script. Within the script itself, reference the resource file using "%RESOURCE_FILE%", making sure to include the quotation marks. Please note that the command sequence is case sensitive. You can access the resource file s temporary directory using %RESOURCE_DIR%. When you run a script with an associated resource file, that file will be temporarily uploaded to the customer s computer. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 32

SPECIAL ACTIONS: CREATE CUSTOM SPECIAL ACTIONS Create custom special actions to speed your support processes. Custom special actions can be created for Windows, Mac, and Linux systems. To create a special action, click Add New Custom Special Action. Assign this action a name to help representatives identify it while in a support session. In the Command field, enter the full path of the application you wish to run. Do not use quotation marks; they will be added as necessary. Windows systems may make use of the macros provided. If the command cannot be located on the remote system, then this custom special action will not appear in the representative's list of special actions. If the provided command will accept command line arguments, you may enter those arguments next. Arguments may use quotation marks if necessary, and arguments for Windows systems may use the provided macros. For help with Windows arguments, search for "command line switches" on msdn.microsoft.com. If you check the Confirm box, then representatives will be prompted to confirm that they want to run this special action before it will execute. Otherwise, selecting the custom special action from the menu during a session will cause that special action to run immediately. Checking the Run Elevated box will cause this special action to appear only when the customer client is running in elevated mode. When you run a custom action in elevated mode, you will be prompted either to run it as the system user or to provide credentials for another valid user on the remote system. When complete, click Add Special Action. If you want to enable the default special actions provided by Bomgar, check Show Built-In Special Actions. Otherwise, to enable only your custom special actions, deselect this option. Note: The Windows Security (Ctrl-Alt-Del) special action cannot be disabled. Also, disabling the built-in special actions will not disable the default special actions for mobile devices. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 33

Users and Security USER ACCOUNTS: ADD USER PERMISSIONS FOR A REPRESENTATIVE OR ADMIN View information about all users who have access to your Bomgar Appliance, including local users and those who have access through security provider integration. Search user accounts based on username and display name. Click on a column heading to sort accounts. Click Show Details to see more information or Hide Details to return to the normal view. Edit enables you to change individual account settings (see "Settings and Field Details: User Permissions" on page 43). Delete removes representatives from the system. You cannot delete your own account. Click Create New User to add more representatives to your local system. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 34

EMBASSY: CREATE AN EMBASSY FOR VENDOR ACCESS Use Bomgar not only to provide support but also to receive support or extend your range of support. Create Embassy teams to grant limited access to trusted third-party vendors for the purpose of receiving remote support or using the vendor s resources in supporting customers. When creating an Embassy, first provide a name and then add comments about the purpose of this Embassy. Next, assign Embassy Members, described in the section below. Configure privileges that should apply to this Embassy (see "Settings and Field Details: User Permissions" on page 43). Note that settings defined for the entire Embassy override settings defined for the individual Embassy user. In the Equilibrium Settings section, set session assignment rules. Use the dropdown menu to select the appropriate algorithm, depending on how you want sessions to be routed. Options are: None: no algorithm is selected and session requests go into the queue the in order submitted. Least Busy: session is assigned to the least busy representative. Skills Match, Least Busy: session is assigned by selecting the representative with the most appropriate skill set match necessary to handle the issue, as well as being the least busy of all qualified representatives. (See "Skills: Route Issues to Representatives" on page 16.) The Alert Timeout dropdown determines how long the session will remain in the representative s queue before it is assigned to the next representative. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 35

As you create users who will be assigned to Embassies, note that regular representative user accounts and Embassy user accounts do not overlap. Only Embassy users may be assigned to an Embassy, and Embassy users may not be assigned to regular support teams. For local Embassy users, you may assign privileges per user, per Embassy, or a mixture of both. For users added via configured security providers, privileges are assigned per Embassy only, and users will not appear in the Embassy Users list. For authentication, an Embassy member must be assigned to a single Embassy. Embassy permissions are defined in the Embassy. Embassy membership overrides your security provider's default group policy permissions. Note: Take thought when assigning a default group policy to a security provider if that provider's members are to be added to an Embassy. Should that Embassy be deleted, the users added from the security provider will automatically be granted the permissions defined by the default group policy and can operate as normal, non- Embassy users. If a security provider is to be used to authenticate Embassy users, it is recommended not to assign that provider a default group policy. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 36

To assign members to an Embassy, edit the Embassy and click the Add button to open a select box. You can select members from your local system or from configured security providers, thereby authenticating users against existing LDAP, RADIUS, or Kerberos servers. (See "Security Providers: Enable LDAP, Active Directory, RADIUS, and Kerberos Logins" on page 39.) At the top of the select box is a dropdown list of unassigned local Embassy users and all configured User and Group security providers. From the selected list, click the user or group name to add. To remove, select the user or group name in the Embassy Members list and click Remove. Click Save Changes to retain your changes. Once the Embassy has been created, you may assign issues to this Embassy from the Configuration > Issues page. If this Embassy's issues are shown on a public site, a customer selecting one of these issues will be directed to that Embassy queue. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 37

REP INVITE: CREATE PROFILES TO INVITE EXTERNAL REPRESENTATIVES TO SESSIONS With rep invite, a privileged user can invite an external representative to join a session one time only. When the user makes the invitation, he or she will select a security profile to determine what level of privileges the external representative should be granted. These security profiles are configured by administrators on this page. You may edit the email invitation which will be sent to external representatives when you invite them to join a session. You can include macros to dynamically add the inviting representative's name, the session key and its unique URL, and the public site URL. When creating a security profile, you can create a new profile from scratch or can copy an existing profile. Give this profile a name and description that will help users identify it when making invitations. For reporting purposes, you can associate this profile with an Embassy. Then assign a limited set of privileges to this profile. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 38

SECURITY PROVIDERS: ENABLE LDAP, ACTIVE DIRECTORY, RADIUS, AND KERBEROS LOGINS You can configure your Bomgar Appliance to authenticate users against existing LDAP, RADIUS, or Kerberos servers, as well as to assign privileges based on the pre-existing hierarchy and group settings already specified in your servers. Kerberos enables single sign-on, while RSA and other multifactor authentication mechanisms via RADIUS provide an additional level of security. Click Configure New Provider to add a user or group server, and enter the appropriate information for your server connection. Due to the technical complexity involved in properly integrating security providers with your Bomgar Appliance, the exact configuration is not discussed in this guide. For detailed instructions, please see the complete security provider configuration guides provided at www.bomgar.com/docs. Once your security providers are set up, click Configure New Provider to set up clustered relationships. Clusters can operate in Failover mode for redundancy or Random Selection mode for load balancing. From the list of available providers, select which servers to cluster. Once you save your changes, the servers you have clustered will appear indented beneath their parent. Drag and drop security providers to set their default priority. You can drag and drop servers within a cluster; clusters can be dragged and dropped as a whole. For more complex configuration, click on the Edit button of a server or cluster. For three scenarios If the user is not found, If the provider is unreachable, or If authentication fails you can choose to try the next server in the list, try a specific server, or deny login. If authentication succeeds, you can choose simply to allow login or to look up the user s group settings within a defined group server. To associate users with groups, you must first set up the user servers and group servers separately and then enable group lookup from the Edit page of the user provider. IMPORTANT: Each user that authenticates against a security provider must be a member of at least one group policy that has at least one setting defined in order to log into Bomgar. A default group policy can be set for all users in a security provider. Preexisting groups can also be assigned group policies from the Group Policies page. User providers and group providers must be linked in order for groups to be properly recognized and applied. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 39

GROUP POLICIES: APPLY USER PERMISSIONS TO GROUPS OF USERS The Group Policies page enables you to set up groups of users who will share common privileges. To create a new group policy, click Create New Policy. Alternatively, to expedite the creation of similar group policies, click Copy to create a new policy with identical members and permissions. You can then edit this new policy to meet your specific requirements. Assign users to the group, selecting from your local system or from configured security providers. If your security providers are properly configured, you can also add entire groups to simplify the process. To add users, click the Add button beneath the Policy Members field, select the appropriate provider from the drop down and click on the desired users or groups. To add users/groups from external directory and/or authentication services such as LDAP or RADIUS, configure the necessary providers as described in the "Security Provider Configuration" guides. Once these are configured, they will appear in the provider drop down when adding Policy Members as described above. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 40

For each setting, select whether it should be defined in this policy or left available for configuration for individual users. If it is defined, you will be unable to modify that privilege for an individual user from his or her user account page. If you have a policy that defines a permission and you do not want any policy to be able to replace that permission, then you must select that the permission cannot be overridden, and the policy must be a higher priority than other policies that additionally define that setting. Say, for instance, that your Administrators group is allowed to edit the public template and that this policy is first in priority and prevents override. Even if users in the Representatives group are defined as unable to edit the public template and override is also prevented, users who are in both the Administrators and Representatives groups will have the privileges of the Administrators group because it is a higher priority level. However, if the Administrators group permissions are set to allow override and the Representatives group permissions are not, then the Representatives group permissions will have precedence, even if they are a lower priority. For management purposes, the recommended order of priority is to define policies for more specific user groups as a higher priority (preventing override) and to move your way down from there, setting broader groups as lower priority. To set priority, click Change Order on the main page and then drag and drop group policies. Click Save Order for prioritization changes to take effect. Click Save Policy to put the policy into effect. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 41

Additionally, you can export a group policy from one site and import those permissions into a policy on another site. Edit the policy you wish to export and scroll to the bottom of the page. Click Export Policy and save the file. Note: When exporting a group policy, only the policy name, account settings, and permissions are exported. Policy members, support team memberships, and Jumpoint memberships are not included in the export. You may now import those policy settings to any other Bomgar site that supports group policy import. Create a new group policy or edit an exiting policy whose permissions you wish to overwrite, and scroll to the bottom of the page. Browse to the policy file and then click Import Policy. Once the policy file is uploaded, the page will refresh, allowing you to make modifications; click Save Policy to put the group policy into effect. Note: Importing a policy file to an existing group policy will overwrite any previously defined permissions, with the exception of policy members, support team memberships, and Jumpoint memberships. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 42

SETTINGS AND FIELD DETAILS: USER PERMISSIONS Bomgar gives administrators granular control over user permissions. This table details the permission settings and fields available to Bomgar administrators. 1 Username Unique identifier used to log in. Permission User Embassy Embassy User 2 Display Names Representative's name as shown on the public site, in chats, etc. Representatives can use a public display name, for use with customers, and a private display name, for use in all internal communications. 3 Display Number Type a unique ID number or leave this field blank to automatically select the next available number. This number affects the order in which representatives are listed on the public site. 4 Password Password used with the username to log in. 5 Must Reset Password at Next Login Forces a password change the next time the representative logs in. 6 Password Expires On Causes the password to expire after a given date or to never expire. 7 Security Question Enables a representative to reset a forgotten password after correctly answering the security question. 8 Security Answer Provide a secret answer to the security question. 9 Email Address Enables a representative to set an email address by which he or she will receive an email notification that another representative wishes to share a session. 10 Preferred Email Language Enables a representative to set a language format preference from the enabled languages for email notifications sent to him or her while Extended Availability Mode is enabled. 11 Embassy/Profile/Policy Name Create a friendly name for this Embassy, rep invite security profile, or group policy. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 43

Permission User Embassy Embassy User 12 Persistent Queue Allows support sessions to remain in this embassy's queue even if no representatives are available. A session transferred to this embassy queue will remain in the queue indefinitely until a team member or API operation handles the session. 13 Embassy Users/Policy Members Add users to this Embassy or group policy. Local users can be added individually, or users who authenticate against a security provider can be added individually or in groups. 14 Memberships Listing of the policies to which the user belongs, linking to the Group Policy page or the policies themselves. 15 Account Expires On Causes the account to expire after a given date or to never expire. 16 Account Disabled Disables the account so the representative cannot log in. Disabling does NOT delete the account. 17 Comments/Description Add comments about the account or policy. 18 Embassy Association Associate the profile with an Embassy for reporting purposes. 19 Is Administrator Grants the representative full administrative rights. 20 Allowed to Edit Jumpoints Enables the representative to create or edit Jumpoints. This option does not affect the representative's ability to access remote computers via Jumpoint, which is configured per Jumpoint or group policy. 21 Allowed to Change Display Names Enables the representative to change his or her display names. 22 Allowed to View Reports Enables the representative to run reports on session activity, viewing only sessions in which he or she was the primary representative, only sessions in which one of his or her teams was the primary team or one of his or her teammates was the primary representative, or all sessions. 23 Allowed to View Support Session Recordings Enables the representative to view Flash video recordings of screen sharing sessions, Show My Screen sessions, and command shell sessions. 24 Allowed to Use Reporting API Enables the representative's credentials to be used to pull XML reports via the API, following the rules set above. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 44

Permission User Embassy Embassy User 25 Allowed to Use Command API Enables the representative's credentials to be used to issue commands via the API. 26 Allowed to Edit Public Site Enables the representative to create and modify public site configurations, edit HTML templates, view the translation interface, etc. 27 Allowed to Edit Customer Notices Enables representatives to create and edit messages used to notify customers, as they are requesting support, of broadly impacting IT outages. 28 Allowed to Edit File Store Enables the representative to add or remove files from the file store. 29 Allowed to Edit Canned Messages Enables the representative to create or edit canned chat messages. 30 Allowed to Edit Support Teams Enables the representative to create or edit support teams. 31 Allowed to Edit Issues Enables the representative to create and edit issues. 32 Allowed to Edit Skills Enables the representative to create and edit skills. 33 Allowed to Edit Bomgar Button Profiles Enables the user to edit the default button or a customized Bomgar Button. 34 Allowed to Edit Canned Scripts Enables the user to create or edit canned scripts for use in command shell sessions. 35 Allowed to Edit Access Sponsors Enables the user to create or edit access sponsor teams. 36 Allowed to Show on Public Site Displays the representative's name on all public sites that have the representative list enabled. 37 Allowed to Edit ios Profiles Enables the representative to create, edit and upload Bomgar Apple ios Profile content for distribution to ios device users. 38 Allowed to Provide Remote Support Enables the representative to use the representative console in order to run support sessions. If support is enabled, options pertaining to remote support will also be available. This option is always enabled for rep invites. Disable setting for presentation-only representatives. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 45

Permission User Embassy Embassy User 39 Allowed to Generate Session Keys for Support Sessions Enables the representative to generate session keys to allow customers to start sessions with him or her directly. 40 Allowed to Generate Access Keys for Sending ios Profiles Enables the representative to generate access keys to offer ios content to ios device users. 41 Allowed to Participate in the General Queue Enables the representative to interact with other representatives in the general queue. 42 Allowed to Manually Accept Sessions from a Team/Embassy Queue Enables the representative to select and start sessions that are in one of his or her team queues. 43 Allowed to Transfer Sessions to Teams Which They Do Not Belong To Enables the representative to transfer sessions to teams other than his or her own. If disabled, representative interaction is restricted solely to the representative's assigned teams. 44 Allowed to Transfer Sessions to Embassies Enables the representative to transfer sessions to third-party Embassy team queues. 45 Allowed to Share Sessions with Teams Which They Do Not Belong To Enables the representative to invite a less limited set of representatives to share sessions, not only their team members or Embassy team members. Combined with the extended availability permission, this permission expands session sharing capabilities. 46 Allowed to Share Sessions with Embassies Enables the representative to share support sessions with one or more members of a third-party Embassy team. 47 Allowed to Invite External Support Representatives Enables the representative to invite a third-party representative to participate in a support session one time only. 48 Allowed to Use the Get Next Session Feature Enables the representative to start supporting the oldest queued session from all of his or her teams simply by clicking a button. 49 Allowed to Enable Extended Availability Mode Enables the representative to receive email invitations from other representatives requesting to share a session even when he or she is not using the Bomgar Representative Console. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 46

Permission User Embassy Embassy User 50 Allowed to Edit the External Key Enables the user to modify the external key from the session info pane of a session within the representative console. 51 Allowed to Opt Out of Session Assignments Enables the representative to mark himself or herself as unavailable for sessions to be assigned using Equilibrium. 52 Do Not Assign Sessions If the Representative is Participating In Sets the least number of sessions the representative must be supporting before sessions will no longer be automatically assigned using Equilibrium. 53 Do Not Assign Sessions If the Representative Has been Idle For Sets the least amount of time the representative must have been idle before sessions will no longer be automatically assigned using Equilibrium. 54 Prompt Customer for Approval of these Actions in Attended Sessions In an ad-hoc support session, asks the customer for permission to use any of the remote support features in the Representative Permissions section. 55 Prompt Customer for Approval of these Actions in Unattended Sessions In a Jump session, asks the customer for permission to use any of the remote support features in the Representative Permissions section. This setting may be overruled on a per- Jump Client basis, allowing permissions without prompting. 56 During Unattended Sessions, Answer Prompts After Selection Set the timing for permissions approval prompts in unattended sessions, after which the default answer set below is given. Selections range from one second to one minute. 57 During Unattended Sessions, Answer Defaults to Deny or Allow Set the default answer for remote support permissions requests in unattended sessions to Deny or Allow. 58 Allowed to Use Screen Sharing Disallow the use of screen sharing, allow viewing only, or also allow control of the remote system. 59 When Screen Sharing Requested Set the prompt to ask for a combination of View Only access to the desktop, Full Control of the screen sharing session, or Full Access of the entire computer with no additional prompts. Cancel is always available as an option. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 47

Permission User Embassy Embassy User 60 Application Sharing Behavior Determines if a request for screen sharing should never or always prompt the customer to select applications to share, or if the representative can choose whether to prompt for application sharing or not. 61 Allowed to Restrict Customer Interaction Enables the representative to suspend the remote user's mouse and keyboard input. The representative may also prevent the remote user from seeing the active desktop. 62 Allowed to Show His/Her Screen to the Customer Enables the representative to share his or her screen during a support session. 63 Allowed to View the Customer's Browser in Browser Sessions Enables the representative to browse the same web page the customer is viewing without having control or seeing other applications. 64 Allowed to Use Annotations Enables the representative to use annotation tools to draw on the remote user's screen. 65 Allowed to Download Files Using File Transfer Interface Enables the representative to download files from the remote system to his or her local system. 66 Allowed to Upload Files Using File Transfer Interface Enables the representative to upload files from his or her local system to the remote system. 67 Allowed to Send Files Using the Chat Interface Enables the representative to send files via the chat interface. Even if the representative is disallowed from sending files, the customer can still request to send files to the representative. 68 Allowed Paths on the Customer's File System Enables the representative to transfer files to or from any directories on the remote computer or only specified directories. 69 Allowed Paths on the Representative's File System Enables the representative to transfer files to or from any directories on his or her local computer or only specified directories. 70 Allowed to Request Elevation Enables the representative to attempt to elevate the customer client to run with administrative rights on the remote system. 71 Allowed to Use the Customer's Command Shell Enables the representative to issue commands on the remote computer through a virtual command line interface. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 48

Permission User Embassy Embassy User 72 Allowed to Use Canned Scripts Enables the representative to run canned scripts that have been created for his or her teams. 73 Allowed to Pull System Information Enables the representative to see a snapshot of the remote computer's system information. 74 Allowed to Send Chat Messages within a Support Session Enables the representative to chat with the end-user. 75 Allowed to Push URLs to the Customer's Web Browser using the Chat Interface Enables the representative to enter a URL into the chat area and then click the Push URL button to automatically open a web browser to that address on the remote computer. 76 Allowed to Control a Computer Using Intel vpro Technology Enables the representative to support a provisioned vpro computer below the operating system level. 77 Allowed to Deploy and Manage Bomgar Buttons in Personal Queue Enables the representative to deploy and manage personal Bomgar Buttons. 78 Allowed to Deploy Team Bomgar Buttons Enables the representative to deploy team Bomgar Buttons for teams they are a member of. 79 Allowed to Manage Team Bomgar Buttons Enable the representative to modify the Bomgar Buttons deployed to teams they are a member of. If the representative is a team lead or manager, they can modify the personal Bomgar Buttons of any team members as well. 80 Allowed to Start Sessions from Jump Clients Enables the representative to Jump to computers with Jump Clients installed. 81 Allowed to Start Sessions from all Jump Clients within the system Enables the representative to Jump to remote computers on all team and embassy queues. 82 Allowed to Deploy, Remove and Modify Jump Clients in the Following Queues Enables the representative to pin sessions, set groups, and add comments to Jump Clients only for his or her personal queue; for team and team members' queues; or for all queues, including those deployed to teams and embassies to which the user does not belong as well as to any representative's personal queue. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 49

Permission User Embassy Embassy User 83 Allowed to Set Passwords on Jump Clients Enables the representative to password-protect Jump Clients. Users with permission to modify all Jump Clients, regardless of team membership, can override passwords on individual Jump Clients. 84 Allowed to Modify, Remove, and Start Sessions from Jump Clients without Entering a Password Enables the representative to access password-protected Jump Clients without needing to know the password. 85 Allowed to Use Shell Jump Enables the representative to Shell Jump into a network device, provided that user also has access to a Jumpoint with Shell Jump enabled. 86 Allowed to Jump on the Local Network without a Jumpoint Enables the representative to Jump to an unattended system in the same LAN/VPN. 87 Allowed to Give Presentations Enables the representative to give presentations to one or more attendees. 88 Allowed to Grant Control to a Presentation Attendee Enables the representative to grant control of his or her computer to an attendee during a presentation. This setting affects only presentations and does not impact the Show My Screen feature of a support session. Only one attendee at a time can have control. The representative always maintains overriding control. 89 Idle Timeout Set how long the representative can be idle before being logged out of the representative console. This permission can use the site-wide setting or can override that setting. 90 Skills Designates the skills assigned to this representative. When using skills match for Equilibrium, sessions will be assigned to the representative best skilled to handle a particular issue. 91 Login Schedule Create schedules to define when representatives can log into the console. If, for instance, the time is set to start at 8 am and end at 5 pm, a representative can log in at any time during this window but may continue to work past the set end time; he or she will not, however, be allowed to log back in after 5 pm. If stricter access control is required, check Force logout to force the representative to log out at 5 pm. In this case, the representative will receive recurring notifications 15 minutes prior to the automatic logout, and any owned sessions will follow the session fallback rules. Multiple time windows can be configured and set for any time zone. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 50

Permission User Embassy Embassy User 92 Support Teams Designates the teams to which representatives in this group should be added. If a representative is in another group that adds representatives to a team but you do not want representatives in this group to be on that team, set this policy to remove representatives from that team. Representatives added manually to a team cannot be removed via group policy. 93 Jumpoints Designates Jumpoints to which representatives in this group have access. If a representative is in another group that gives access to a Jumpoint but you do not want representatives in this group to have access to that Jumpoint, set this policy to remove representatives from that Jumpoint. Representatives added manually to a Jumpoint cannot be removed via group policy. Rep Invite Group Policy CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 51

KERBEROS KEYTAB: MANAGE THE KERBEROS KEYTAB Bomgar supports single sign-on functionality using the Kerberos authentication protocol. This enables users to authenticate to the Bomgar Appliance without having to enter their credentials. Kerberos authentication applies both to the /login web interface and to the representative console. To integrate Kerberos with your Bomgar Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows: You must have a working Key Distribution Center (KDC) in place. Clocks must be synchronized across all clients, the KDC, and the Bomgar Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this. You must have a Service Principal Name (SPN) created on the KDC for your Bomgar Appliance. Export the keytab for this SPN from your KDC and upload it to the Bomgar Appliance via the Import Keytab section of this page. Once the keytab is uploaded, the Configured Principals section will list all of the available SPNs for each uploaded keytab. You can now configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the Bomgar Appliance via Kerberos. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 52

Reports: Report on Session and Presentation Activity Administrators and privileged users can generate broad, comprehensive reports and also apply specific filtering to customize reported information based on clear-cut needs. Generate activity reports according to four separate Report Types: Session, Summary, Customer Exit Survey, and Representative Exit Survey. In addition, filter reports by such criteria as Session ID or Sequence Number, Date Range, Customer, Representative, Team or Embassy, Public Site, or External Key. Apply filtering options as needed to derive more customized reports from the four basic report types. If you have an external ticketing system or CRM integration, quickly filter by Session ID or Sequence Number. You may also report on sessions handled within a specific team, or by all representatives within a team including sessions that were never associated with the specified team. Reports can be further limited either by a specified number of days or by a start and end date. FILTERS Enable one or more filters as you wish, but only sessions that match all filters selected will be shown. Session ID or Sequence Number this unique identifier requires that you specify the ID (LSID) or sequence number for the single session you seek. You cannot combine this filter with others. Date Range select the beginning date and the end date or duration. Customer specify Name, Company Name, Public IP, or Private IP. Representative use the dropdown to choose the type of representative participation you want to include. Team/Embassy use the dropdown to choose the type of team or Embassy participation you want to include. Public Site filter to focus your reporting on a specific public site. External Key filter to report sessions that used the same specific external key. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 53

Session reports detail a record of the full chat transcript, the number of files transferred, and the permissions requested and granted. Other information includes the public site through which the session was run, session duration, local and remote computer names and IP addresses, and remote system information (if enabled). Reports can be viewed online or downloaded into a CSV file, easily transferable to Excel. If session recording is enabled, view a Flash video playback of individual sessions, including annotation of who was in control of the mouse and keyboard at any given point during the session. Similarly, if Show My Screen recording is enabled, view and download videos of the representative's system during a Show My Screen session. If command prompt recording is enabled, you can also view a recording of all command shells run during the session. If presentation recording is enabled, reports run on presentations will also include a Flash video of the presentation. All recordings are stored on the Bomgar Appliance in a raw format and are converted to FLV when viewed or downloaded. Summary reports provide an overview of activity over time, categorized by representative, team, or public site. Statistics include the total number of sessions run, the average number of sessions per weekday, and the average duration of sessions. Customer and Representative Exit Surveys allow you to view reports of answers to your custom exit surveys, delimited by public site. A column will be added for each question you include on your surveys and will be titled according to the name designated in the Report Header field. For multiple-choice questions, the Logged Value will be displayed as the answer. The Team/Embassy Activity section allows you to choose dates and duration, specified by team or Embassy. From the Presentation page, run reports on presentations that have been given. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 54

Public Portals PUBLIC SITES: CUSTOMIZE THE SUPPORT PORTAL Configure one or more public sites for your Bomgar Appliance. A public site is a web site where your customers can start a session and through which all session traffic will be directed. Each site must have at least one DNS or IP address that resolves to your Bomgar Appliance. Multiple hostnames can direct to one site, but one hostname cannot be used for multiple sites. First, either select Add New Site or edit the default site. Then, enter Site Addresses; these addresses can be DNS names or IP addresses. Next, choose which Bomgar Button Profile to use for this public site, either the default profile or a customized profile. The button profiles are configured from the Bomgar Buttons page. (See "Bomgar Buttons: Deploy Bomgar Buttons for Quick Session Start" on page 28.) Next, configure the page design and layout by selecting a public web template, configured from the HTML Templates page. (See "HTML Templates: Customize the Web Interface" on page 57.) Choose which session initiation options are available for this support portal, selecting whether each option should be enabled for the public site and the API, enabled for the API but hidden on the public site, or disabled. Set whether to display help text for each option. Also, choose whether sessions started with this method should begin with click-to-chat, starting as web-based chats using Flash technology rather than with the full customer client. The representative list displays the names of all logged-in representatives, sorted according to display number. When a customer clicks a name and runs the customer client, a session will immediately appear in that representative s personal queue. Note: A representative giving a presentation will by default be removed from the representative list, although this exclusion from the representative list can be overridden by selecting Showing on Representative List from the representative console. Similarly, the presentation list displays active presentations. For a presentation to be listed here, the representative must have started the presentation and selected to show the presentation on the public site. When a customer clicks a presentation name and runs the client, he or she will immediately join that presentation. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 55

You can generate a session key for a support session or presentation and give it to your customer beforehand, requesting him or her to submit it on your public site. Running the customer client from a session key places the customer in the queue with the representative who generated the key. Checking the option to prompt the customer requires the remote user to confirm that he or she would like to start a support session or join a presentation before beginning the Bomgar client download. If this option is unchecked, the client download begins as soon as the customer submits the session key or follows the session key link. Alternatively, your customer can fill out an Issue Submission Survey to request support. If you set the survey to display common issues, your customer can select the type of problem he or she is experiencing. Then he or she will be placed in queue for the team that owns the selected issue. Select Display Issues for All Teams to list all configured issues, or select the teams whose issues you want to display on this site. If you set the survey to list available representatives, your customer will be placed in the selected representative s personal queue. Note that all representatives are displayed, regardless of team membership. You can also display a company code field, which can be helpful with issue tracking. Note: Another support session type is collaborative browser sharing, which allows your customer to click a link from a website to enable you to view and annotate only the remote web browser. Collaborative browser sharing must be configured using the Bomgar API. See the API Programmer's Guide for detailed instructions. Choose per site whether to display a customer exit survey on the Bomgar landing page, to redirect your customer to an external URL, or not to send your customer to any landing page. If you enable the Bomgar landing page, select which questions should appear in this site's survey. You also may choose to provide the customer with links to download the chat transcript or the video recording of the session. You also can choose to display a representative exit survey, selecting which questions to display. Questions for both the customer and the representative exit surveys are configured on the Exit Surveys page. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 56

HTML TEMPLATES: CUSTOMIZE THE WEB INTERFACE Customize your public site s HTML to be consistent with the rest of your web site. At the top of the page, select an existing template that you want to edit or select Add New Template to create a new template. When creating additional templates, give each a unique name to identify it for further editing or to apply it to a public site. Macros replace real-time data such as the session initiation options and the language selection drop-down. This enables you to position these elements anywhere on the page. Bomgar recommends leaving the public site unaltered unless you have a working knowledge of HTML format. After customizing the site, you can return the public site to its original state by clicking Revert to Factory Default HTML at the bottom of the coding window. You can upload a new image to serve as the help icon on the public portal. To restore Bomgar s original help icon for a template, click the Restore to Factory Default Icon button. Note: Changing the style sheet for your site is not recommended except for advanced web developers experienced in CSS. If you do need to edit the style sheet, look in the head of the HTML template and locate the Bomgar CSS file you want to edit. Download this file and modify the values to your specifications; then upload the saved CSS to your Bomgar file store. From the HTML template, modify the appropriate link to point to the updated CSS, following the style sheet URL with the query?view=1 to ensure that strict CSS browsers such as Firefox and Safari will honor the new style sheet (e.g. <link href="/files/screen.css?view=1" rel="stylesheet" type="text/css" />). CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 57

CUSTOMER NOTICES: CREATE MESSAGES FOR THE CUSTOMER NOTIFICATION SYSTEM Notify customers, as they are requesting support, of broadly impacting IT outages to avoid flooding your Bomgar representatives. These messages can be set to expire at a predetermined time and applied to one or more public portals. Administrators and authorized representatives can create up to 10 messages per portal, with each message allowed up to 1,020 characters. Although messages are not configurable per language, you can create different messages for the languages supported on the same portal. Administrators can create and edit customer notices and also can grant this right to representatives without administrative privileges. The Customer Notices page offers a centralized location from which you can create, edit and manage all customer notices. CREATING A CUSTOMER NOTICE To create a new customer notice click Add New Customer Notice. Enter a name for the notice and the text that will display on the public portal or the customer chat window. Although HTML tags are not allowed, you can use BBCode to do some low level formatting, such as adding bold, colors or hyperlinks. Clicking on Supported BBCode Formatting displays a list of codes and their resulting applications. Enter a date for the notice expiration. If you select Never Expires the notice will remain on your site until it is manually deleted. Expired notices are automatically deleted 24 hours after their expiration date. Finally, if you have more than one public site, select which ones will display the notice. You can select multiple portals. Note: Messages should be relatively short so they can be viewed without much scrolling in the customer client windows. This applies to both the native client and click-to-chat modes. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 58

Once created, customer notices can be displayed either in the public portal, so that customers get the information they need before even attempting to initiate a session, or in the customer client chat window, so they appear at the beginning of a session. CUSTOMER CLIENT NOTICES To display the notices in the chat window, go the Public Portals > Customer Client page and select Display Customer Notices in Customer Client. The notices will display when the session begins or when a notice is specifically sent, giving customers the chance to leave the session if they are experiencing the problem described therein. Customers leaving the session in this manner are not taken to the Exit Survey page, since no service was actually provided by a representative. In the session log, the reason for leaving the session does not affect negatively the survey metrics, since the customer leaves the session because no assistance is needed. It is also possible to push a customer notice to the customer client chat window even when a session is already in progress. To do this, select or create a new message and click Send. PUBLIC SITE NOTICES Alternatively, you can opt to display customer notices on the public site. On the Public Portals > Public Sites page, select Display Customer Notices. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 59

If this option is selected, the notices are displayed on the public portal, warning customers of potential problems they may be experiencing and for which no support may be needed at this time. This way customers never enter the support queue, thus allowing representatives to dedicate their attention to customers who need assistance. Note: The same customer notice can be used across several sites, or on a custom portal. The XML for the public portal contains a section where all current notifications are shown. This ensures that messages are always in sync across several sites. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 60

FILE STORE: UPLOAD RESOURCE FILES Use the online file store to save files you need to reference from your HTML template, such as image files and style sheets. You can also use the file store as a central point of access for files frequently needed during support sessions. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 61

APPLE IOS: ADD APPLE CONFIGURATION PROFILES Bomgar supports distribution of Apple ios configuration profiles, allowing support representatives to offer public and private, administrator-configured profiles to ios device users for downloading to their iphone, ipad and ipod touch devices. To administer Apple ios settings, ensure that you have enabled ios permissions settings. Two ios permission settings exist for administrative representative configuration: Allowed to Edit ios Profiles and Allowed to generate access keys for sending ios profiles. In the /login administrative interface, select Users & Security > User Accounts and/or Group Policies. See "User Accounts: Add User Permissions for a Representative or Admin" on page 34 and "Group Policies: Apply User Permissions to Groups of Users" on page 40 for more information. After setting up and exporting a configuration profile from Apple s free iphone Configuration Utility, use the /login administrative interface in Bomgar to make the profile available. You may find the iphone Configuration Utility on Apple's iphone Support web site. On the administrative interface's Apple ios page, click Add New Profile to add a public or private ios configuration profile in Bomgar. Upload, name, and describe the Apple ios Profile you created with the iphone Configuration Utility software. This Bomgar profile name should help the user select the right profile when browsing your support portal. Check the Public checkbox to make the profile appear in a list visible to any ios user that browses your public portal. Note that the ios users will not see a traditional representative list or issue submission dialog when browsing the public portal. Leaving the Public checkbox unchecked allows you to restrict access to the ios Profile you created. To download private profile content, users must enter an access key you generate in the representative console. In the Apple ios :: Configuration Profiles section, each configured ios profile appears as a public or private profile. You can edit or delete the profiles from this section. Note that the underlying Apple ios Profile must be altered to change the contents of the ios device profiles you wish to distribute to ios device users. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 62

With Enterprise licensing, you are allowed to enable or disable the ios portal and configure different localizable messages for each public site you have defined on the Public Sites page. The Apple ios :: Settings section contains a dropdown list for you to select the public site you want to configure. In the Apple ios :: Settings section, check ios Configuration Profiles Page Enabled to cause Apple ios devices that access the public portal to be redirected to an ios-specific page. This page displays any public profiles you have available, and it provides a text entry box where customers can submit an access key their representative has provided, directing the customers to a private configuration profile. If the ios Configuration Profiles Page Enabled checkbox is not checked for a certain public site, ios device users visiting that public site will not be redirected to an ios-specific portal; they will see the traditional portal. If none of your public sites has the ios Configuration Profiles Page Enabled checkbox selected, then the Generate Apple ios Profile Access Key option will not be visible on the Support menu in the representative console. The Apple ios :: Portal section allows you to provide the localized title and instruction you want displayed on your ios portal for the selected public site. The Invitation Email section allows you to customize the email message you can send ios customers to direct them to your support portal. You may edit the email subject and body, using placeholders for the representative name, the public site URL, the access key, and the access key URL. This message can be localized and is unique per public site. The message can be generated and sent to an ios user from the Access Key Generated dialog in the representative console. The representative console will attempt to create the message in the representative's default email client. To ensure that configuration profiles are downloaded to ios devices over an encrypted HTTPS connection, you must check the Force Public Site to Use SSL checkbox on the Management > Security page of the /login administrative interface. Otherwise, profile downloads will occur over unencrypted HTTP connections. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 63

EXIT SURVEYS: ENABLE THE CUSTOMER EXIT SURVEY AND REPRESENTATIVE EXIT SURVEY Configure questions to implement in customer and representative exit surveys, useful in monitoring satisfaction levels and incident resolution rates. Questions are assigned to a support site s surveys from the Public Sites page. (See "Public Sites: Customize the Support Portal" on page 55.) Choose from several types of questions, including radio buttons, check boxes, dropdown menus, text boxes, and text areas. Enter the question text as you would like it to appear on the survey. Then assign it a name for internal formatting and a header to identify it on your survey reports. You may also define CSS styles and classes and an HTML ID for each question. These options are provided for web development. Users unfamiliar with HTML and CSS are recommended to leave these fields blank. Choose the order in which you would like the question to appear on the survey. If you select Appear on Default Public Site, this question will automatically be added to the survey for your default support site. Because only ten questions can appear on any given survey, you will receive an error if you attempt to save a question that would exceed this limit on your default site survey. To create a question for use on another survey, deselect the check box and then save. Add multiple options to a radio button group, a check box group, or a drop down menu by clicking the Add Option button. For each option, assign a display value that will appear to the customer and a logged value that will be saved in the exit survey reports. You can also choose to have an option selected by default and can set the order in which these options will appear below the question. For a drop down menu, you can choose to allow multiple selections. For a text box or text input area, set the size of the text entry field. You may also insert default text into the field. For representative surveys, set if the representative should be required to answer the question before closing the session. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 64

CUSTOMER CLIENT: MODIFY THE INVITATION EMAIL, DISPLAY OPTIONS, CONNECTION OPTIONS From the dropdown at the top of the page, select the public site for which you want to create this customer client configuration. INVITATION EMAIL The Invitation Email allows you to create a custom email message with unique instructions for each public site, in each supported language. You can include macros to dynamically add the representative's name, the session key and its unique URL, and the public site URL. DISPLAY OPTIONS Set the customer client to start with the chat area minimized or expanded. You also can choose to unobtrusively start the customer client minimized and without taking focus in attended sessions, Jump Client sessions, or sessions started via Jumpoint. Each of the following messages can be configured in multiple languages, depending upon which language packs are enabled on your Bomgar Appliance. To revert a message to the default text, delete the text from the field and then save the blank message. Customer Agreement You may enable an agreement that the customer must accept before entering a support session. Separate agreements can be configured for full client sessions and for click-to-chat sessions. If the customer does not accept the agreement within the set Acceptance Timeout, the session will end. Customer Notices If Display Customer Notices in Customer Client is checked, then until the session is accepted, the customer client will display both customer notices already active when the session was requested as well as customer notices created and sent. Following each notice will be a link to end the session if the notice addresses a known problem for which the customer was CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 65

requesting support. For information on configuring and sending notices, see "Customer Notices: Create Messages for the Customer Notification System" on page 58. Customer Greeting and On-Hold Message The customer greeting appears within the chat window once the session is in queue, and the on-hold message displays at intervals until a representative accepts the session. Let customers know their session status by providing them with feedback regarding their position in queue and estimated wait time. Providing customers with this information creates a better chance they will stay in the queue and get the service they need. Wait time and position are calculated per queue. A customer's position in queue is determined by the age of the session on a first come, first served basis. The wait time is estimated using the most recent sample of sessions that came through the queue and were answered by a representative. A minimum of five sessions is needed to provide enough data for a reliable wait time calculation. Messages are configured using macros. Copy the %POSITION_IN_QUEUE% and %ESTIMATED_WAIT_TIME% macros into the Display Customer Greeting Session and Display On-Hold Message text boxes. Depending on which boxes you select, the messages will appear in either the initial customer greeting, a repeating message appearing at pre-set intervals, or both. Note: The macros expand into full sentences describing the customer's position in the queue, as well as the estimated amount of time the customer has to wait. There are two fields that affect customer experience: On Hold Message Interval sets the time between message displays. Maximum Estimated Wait Time sets the maximum time to display as the expected wait time for a customer's session to be accepted by a representative. If the average wait time is longer than this number, the message will read, "Your estimated wait time is more than x minutes". Click-to-Chat Elevation Prompt When elevating from a click-to-chat session to the full customer client, the customer must accept a prompt. Customize the text to display, notifying the customer of the need to run an application and of the additional functionality of the full customer client. Orphaned Session Message If a customer requests a session when no representatives are available, an orphaned session message can be displayed. Optionally, the customer's web browser then can be automatically opened to a specified URL, such as a knowledge base or contact page. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 66

Options Choose to display a semi-transparent message on the remote screen to indicate that the computer is being supported. You also may show or hide your public site hostname in the customer client title bar. CHAT WINDOW BANNER Upload an image banner for the customer client chat window. This image must be a 256-color (8-bit) Windows Bitmap file (BMP) and must be 480 pixels wide. The recommended image height is 40 pixels. As soon as you upload a new banner or revert to the default, all new sessions will use that image. Currently running sessions will not be affected. POST-SESSION BEHAVIOR After a session is complete and if a Jump Client is not installed, customers will be notified that the Bomgar software has been uninstalled. Customize this uninstall message in all available languages. To revert the message to the default text, delete the text from the field and then save the blank message. CONNECTION OPTIONS Determine how long a disconnected customer client should attempt to reconnect. Additionally, if the session connection is lost, the remote user's mouse and keyboard input can be temporarily disabled, resuming either when the connection is restored or when the session is terminated. If unable to reconnect within the configured time you have set, the Session Termination Behavior rules set below will apply. These rules do not apply to browser sharing sessions. To prevent an end-user from accessing unauthorized privileges after an elevated session, set the customer client to automatically log the end user out of the remote Windows computer at session end, or simply lock the remote computer. You can also allow a representative to override this session termination setting from the Summary tab in the representative console during a session. MISCELLANEOUS OPTIONS From the Automatic Elevation dropdown, select how to handle elevation of the customer client on a remote Windows system. If Never attempt to elevate is selected, the customer client will never attempt to run with administrative rights unless the representative expressly requests elevation. If you have selected Attempt to elevate only if doing so will not prompt the customer, then the customer client will attempt to run as an administrator, but only if doing so will not prompt the remote user for permission. If Always attempt to elevate is selected, then the customer client will always attempt to run as an administrator; at the beginning of a session, the remote customer may receive a prompt to allow elevation. If you choose to allow the customer to limit applications shared, your customer will have the option to define which applications you can or cannot view during a screen sharing session. If this option is deselected, customers will receive this option only if the representative specifically requests or is only allowed to request limited control. When supporting Windows Vista or above, the representative may attempt to override a customer s disabled Secure Attention Sequence injection policy in order to send a Ctrl-Alt-Del command. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 67

Additionally, you may permit the customer client to detect when a video card driver is causing very high CPU usage on the remote computer; if so detected, the customer client may temporarily disable hardware acceleration during screen sharing to speed the remote support connection. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 68

PRESENTATION: MODIFY THE INVITATION EMAILS AND DISPLAY OPTIONS The Scheduled Presentation Invitation Email allows you to create a custom email message to invite attendees to a presentation in the future. The email can be configured in each supported language. The In Progress Presentation Invitation Email allows you to create a custom email message to invite attendees to a presentation already in progress. The email can be configured in each supported language. Choose which messages should display to your attendees during a presentation. The Attendee Agreement is displayed before the Bomgar client download to ensure that your attendee is aware of the program s screen-sharing functionality. The Greeting welcomes your attendee, requests him or her to wait until the presentation begins, and provides audio conference details if you have configured them in the representative presentation sidebar. Should the presenter fail to be online when the presentation is supposed to begin, the Expiration Timeout determines the length of time the attendee will be allowed to wait before being disconnected and shown the Orphaned Session Message. You can configure each message in each language available on your appliance. To revert to the original Bomgar message, delete the text from the field and then save the blank message. You also may show or hide your public site hostname in the attendee client title bar. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 69

You can upload an image banner to integrate the attendee client chat window with your company s brand. This image must be a 256-color (8-bit) Windows Bitmap file (BMP) and must be 480 pixels wide. The recommended image height is 40 pixels. As soon as you upload a new banner or revert to the default, all new sessions will use that image. Currently running sessions will not be affected. At the end of the presentation, your attendee will be notified that Bomgar has been uninstalled. You can configure this message in each language available on your appliance. To revert to the original Bomgar message, delete the text from the field and then save the blank message. Note: Currently, only one presentation attendee client configuration is available. Presentation attendee clients cannot be configured per public site. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 70

Localization LANGUAGES: MANAGE AVAILABLE LANGUAGES Bomgar currently supports English, German, Latin American Spanish, EU Spanish, EU French, Italian, Dutch, Brazilian Portuguese, EU Portuguese, Swedish, Turkish, Japanese, Simplified Chinese, and Traditional Chinese. Bomgar supports international character sets. In addition to English, you can install one language package with Standard licensing or multiple language packages with Enterprise licensing. If the Enabled box is checked, that language will be available from the dropdown in the administrative interface, the representative console, and the public site. You can also select a language to be displayed by default. Note: Because of translation scheduling, language packs trail slightly behind the English release of any new software version. Also note that for some features localization is limited to 1-byte characters. The use of 2-byte characters (certain language packs) may change expected behavior of some features. The Bomgar Jumpoint Configuration interface is not available in translation at this time. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 71

SEARCH: VIEW CUSTOMIZED TEXT IN ENABLED LANGUAGES View all customizable messages on one page. Enter a word or phrase in the search box to narrow the field. Click on the message you wish to modify to see it displayed in all enabled languages. Each message can be modified individually from this page. The Default String cannot be changed and is meant only as a reference for your custom messages. Should you need to revert a message to its original text, delete all of the text from that message box and save the empty message. The default text in that language will reappear. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 72

Management SOFTWARE MANAGEMENT: DOWNLOAD A BACKUP, UPGRADE SOFTWARE Save a secure copy of your software configuration. Choose if you want your backup to be password protected, and then click the Download Backup button. If you do choose to set a password, you will be unable to revert to the backup without providing the password. It is an important disaster recovery best practice to save a backup copy of your software settings regularly. Bomgar recommends backing up your Bomgar Appliance configuration each time you change its settings. In the event of a hardware failure, a backup file will speed time-to-recovery and, if necessary, allow Bomgar to provide you access to temporary hosted services while retaining the settings from your most recent backup. Should you need to revert to a backup, browse to the latest backup file that you saved. If applicable, enter the backup password and then click Upload Backup. Note: Restoring the site backup does not revert the help icon to the image present at time of backup (see "HTML Templates: Customize the Web Interface" on page 57), nor does it remove any files added since backup. Not all files are backed up, only the first 50 files under 200KB in size. Use Upload Software Update to manually upload new software packages from Bomgar. You will be asked to confirm that you wish to upload the software package. The Uploaded Update section displays additional information to verify your uploaded package. Click Install if you wish to complete the installation process, or Delete Update if you wish to clear the update staging area. If your update package only contains additional licenses, you can install the update without restarting the appliance. After confirmation that you wish to install, the page will display a progress bar to notify you of the overall installation progress. Updates made here will automatically update all sites and licenses on your Bomgar Appliance. Note: Your Bomgar Appliance administrator can also use the Check for Updates feature of the /appliance web interface to automatically search for and install new software packages. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 73

SECURITY: MANAGE SECURITY SETTINGS Set rules for local user accounts regarding the length and complexity of passwords, how often passwords expire, and whether a forgotten password can be reset after correctly answering a security question. Allow or disallow the representative console to remember a user s credentials, and set the number of times an incorrect password can be entered before the account is locked out. If a support representative tries to log in with an account already in use, a checked Terminate Session box will disconnect the previous connection in order to allow the new login. You can also set the length of time after which an inactive representative will be logged out to free the license for another representative. The option Remove Representative from Session After Inactivity effectively pushes a representative out of a support session after the period of inactivity you select. This helps Bomgar customers meet compliance initiatives with inactivity requirements. The representative will be notified 1 minute prior to removal and may reset the timeout. A representative is considered active in a session if any files are being transferred, whether through the file transfer tab or the chat interface, or if he or she clicks the mouse or presses a key in the session tab. Mouse movement by itself does not count as activity. As soon as activity stops, the inactivity timer begins. Maximum Session Key Timeout sets the longest time for which a session key may remain valid. From the representative console, a representative can set the lifetime of each generated session key up to but no longer than the time defined on this page. If the customer does not use the session key within the allotted time, the key will expire, and the representative will need to issue a new session key in order to run a session. Choose if the representative console should be able to open the default email program to allow representatives to send session keys and presentation invitations to customers. If this option is deselected, the Email URL and Email Invitation buttons will not be available in the representative console. When supporting a customer with multiple monitors, Show Multi-Display Thumbnail View in the Bomgar Representative Console allows the representative to see thumbnail images of all available displays. These thumbnail images are not recorded in session recordings. Uncheck this box to show rectangles rather than thumbnails. You can allow representatives to capture screenshots of the remote desktop from the representative console. Allow Representatives to Control the Customer Client Window helps strengthen security by preventing representatives from interacting with the customer client while screen sharing. Representatives may still move or minimize the client but may not type in the chat area or interact with links or buttons without this permission enabled. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 74

Clipboard Synchronization Mode determines how support representatives are allowed to synchronize clipboards within a screen sharing session. The available settings are as follows: Not Allowed The representative cannot access or modify the customer's clipboard. Allowed to Manually Send Clipboard From Rep to Customer The representative can click a button to copy the contents of the local clipboard to the remote computer's clipboard. Allowed to Manually Send Clipboard in Either Direction The representative can click a button to copy the contents of the local clipboard to the remote computers clipboard or can copy the contents of the remote clipboard to his or her local clipboard. Automatically Send Clipboard Changes in Both Directions The contents of both the local and remote clipboards automatically remain the same. You MUST restart the software on the status page for this setting to take effect. Additional security can be obtained with Force Public Site to Use SSL (https). Using HTTPS forces the internet connection to your public support portal to be SSL-encrypted, adding an additional layer of security to prevent unauthorized users from accessing accounts. You can also require SSL Certificate Validation to force Bomgar software including representative consoles, customer clients, presentation clients, and Jump Clients to verify that the certificate chain is trusted, that the certificate has not expired, and that the certificate name matches the Bomgar Appliance hostname. If the certificate chain cannot be properly validated, the connection will not be allowed. If certificate verification has been disabled and is then enabled, all consoles and clients will automatically upgrade the next time they connect. Note that LDAP connection agents are not automatically upgraded but must be reinstalled for this setting to take effect. When SSL Certificate Validation is enabled, security checks in addition to Bomgar s built-in security are performed to validate the SSL certificate chain being used to secure communications. It is highly recommended that you do enable SSL validation. If certificate validation is disabled, a warning message will appear on your administrative interface. You can hide this message for thirty days. Note: To enable SSL certificate validation, you must provide your SSL certificate to Bomgar so that the certificate can be embedded within your Bomgar software. Additionally, you can choose to enable the Bomgar XML API, allowing you to run reports and issue commands such as starting or transferring sessions from external applications, as well as to automatically back up your software configuration. Note: Only the Command, Reporting, and Client Scripting API calls are enabled/disabled by this setting. Other API calls are configured under Public Portals. See the Bomgar API Guide for more details. By default, access to the API is SSL-encrypted; however, you can choose to allow unencrypted HTTP access. It is highly recommended that HTTP access be disallowed as a security best practice. In Days to Keep Logging Information, you can set how long logging information should be stored on the appliance. This information includes the session reporting data and recordings. Enable or disable representatives to request customers to enter login credentials to be used during a reboot by clicking Allow Reboot With Cached Login Credentials. Enter a password in the Inter-appliance Communication Pre-shared Key field to establish a trusted relationship between two appliances. Matching keys are required for two or more appliances to be configured for enterprise features such as failover or clustering. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 75

You can also determine which IP networks should be able to access your Bomgar Appliance and set the ports through which it can be accessed. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 76

SITE CONFIGURATION: SET HTTP PORTS Experienced network technicians operating in non-standard network environments can change the ports through which Bomgar traffics. These port settings should be adjusted only in the case where ports other than the standard 80 and 443 are used for web access. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 77

EMAIL CONFIGURATION: CONFIGURE THE SOFTWARE TO SEND EMAILS Configure your Bomgar Appliance to work with your SMTP relay server in order to send automatic email notifications of certain events. On this page, you also can view the email address from which automatic messages from your Bomgar Appliance will be sent. Enter one or more email addresses to which these alerts should be sent. If you wish to receive an immediate test email to verify that your SMTP settings are accurately configured, check the Send a test email box before clicking the Save Changes button. You can also have the Bomgar Appliance send a daily notification to ensure that alert communication is working correctly. Note: If an appliance is designated as a backup appliance or a traffic node, the email configuration for that appliance will be overwritten with the email configuration defined on the primary master appliance. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 78

OUTBOUND EVENTS: SET EVENTS TO TRIGGER MESSAGES You can configure your Bomgar Appliance to send messages to an HTTP server or to an email address when different events are triggered. Triggers for messages to both HTTP servers and email recipients can be any of the following: Support session end Customer exit survey is completed Representative exit survey is completed In addition to the above triggers, HTTP recipients also have these triggers available for messages: Support session start Support session ownership changes Someone joins a support session Someone leaves a support session Within the Email Recipients section, the Current Status displays a brief status message from the SMTP relay server. As long as the appliance is able to send messages to the relay server, the status will show OK. Otherwise, review your SMTP relay server settings. Also, if an event continues to retry and fail, set how long it should continue to retry before being dropped. HTTP RECIPIENTS The variables sent by the Bomgar Appliance arrive as an HTTP POST method and can be accessed by calling the method used to retrieve POST data in your coding language. If the server does not respond with an HTTP 200 to indicate success, the Bomgar Appliance will re-queue the current event and retry it later. When configuring an outbound event handler, create a friendly name for the handler and enter the destination URL. If you are operating over an HTTPS connection, you can upload your CA certificate in order to maintain a secure connection. Set how often to retry a failed attempt. If an event continues to retry and fail, set how long it should continue to retry before being dropped. Enter one or more email addresses to which notification should be sent if an error should occur. Set how long after an error the email should be sent; if the problem is resolved before this time is reached and the event succeeds, no error notification will be sent. You can also set how often error emails should be sent if a failed status should continue. For a detailed look at the different variables that can be sent, please see the Outbound Events Reference Guide, available at www.bomgar.com/docs. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 79

EMAIL RECIPIENTS Before you set up your Bomgar Appliance to send event messages to an email address, verify that your Bomgar Appliance is configured to work with your SMTP relay server. Go to the Email Configuration page to verify settings. Create a friendly name for the event handler and enter the email address to receive notice of the selected event(s). You can configure up to 10 email addresses, separated by commas. Use the Disabled checkbox to quickly stop the emails for the event handler you set up, as in the event of planned integration testing, for instance. Configure event emails for Support Session End, Customer Exit Survey is Completed, and Representative Exit Survey is Completed. For each event email, select from listed macros you may use to customize the content of the email for your purposes. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 80

CLUSTER: CONFIGURE ATLAS TECHNOLOGY FOR LOAD BALANCING Large-scale geographic deployments benefit from Bomgar Atlas Cluster technology, establishing a single Bomgar site across multiple appliances, which are termed nodes in a cluster. The master appliance/primary master node is the site of most administration tasks. The traffic node is a Bomgar Appliance that participates in effectively routing your support traffic. Find more information about Atlas in the Bomgar Atlas Technology Guide, available at www.bomgar.com/docs. First, go to /login > Management > Security and be sure all nodes have identical Inter-appliance Communication Preshared Keys. Next, configure the nodes. On the primary master node, go to /login > Management > Cluster. From this page you will configure both the primary master itself and the traffic nodes. The Cluster :: Status section at the top of the page confirms the role of the site instance from which you accessed the page, and it displays buttons to Sync Now and to Disband Cluster. A toggle allows you to show or hide the Status History records. To configure, first locate the Master Node Configuration section and enter the following information in the fields: Name: Enter a name that you will use to remember this node in the cluster. Public Address: a. Enter the hostname you set up in DNS for this node. b. Enter the port over which clients will communicate with the node. Internal Address: This can be the same as the public address. Advanced configurations can optionally set this to a different hostname for inter-appliance communication. Click the Create New Cluster button to establish your primary master node. After a primary master node is set up, edit the settings and then click Update Primary Node. The Master Node Configuration section also contains a setting for Maximum Client Fallback to Master, allowing the number of clients you set to fall back to using the master for traffic control if necessary. Next, remaining on the primary master node Cluster page, locate the Cluster :: Traffic Nodes section. Any existing traffic nodes and settings appear here. Locate the dropdown selector for Method for Choosing Traffic Nodes. This selector is used to define how a traffic node is chosen for a representative or customer client connection. The available methods for defining the connection are Random, A Record Lookup, SRV Record Lookup, IP Anycast, and Timezone Offset. Your choice of connection method is highly dependent upon your network infrastructure, among other complex considerations. Please refer to the Methods for Choosing Traffic Nodes section in the Bomgar Atlas Technology Guide for details. Click the Add New Traffic Node button. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 81

Next, enter the following information on the Cluster :: Add Traffic Node page you now see displayed. Name: Enter a name that you will use to remember this node in the cluster. This name must be unique among all nodes in the cluster. Public Address: a. Enter the hostname you set up in DNS for this node (See Prerequisites in the Bomgar Atlas Technology Guide). b. Enter the port over which clients will communicate with the node. Internal Address: This can be the same as the public address. Advanced configurations can optionally set this to a different hostname for inter-appliance communication. A link message appears to allow you to use the public address without entering a hostname. Accepting New Client Connections: Be sure this is checked; otherwise, clients will not be able to use the traffic node. Network Address Prefixes: You may leave this blank. See more information in the Bomgar Atlas Technology Guide. Timezone Offset: Used only if Method for Choosing Traffic Nodes is set to Timezone Offset. This process involves detecting the time zone setting of the host machine and using that setting to match the appropriate traffic node that has the closest time zone offset. The time zone offset is derived from the customer time zone setting relative to Coordinated Universal Time (UTC). Click the Add Traffic Node button to add the traffic node to your cluster. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 82

FAILOVER: SET UP A BACKUP APPLIANCE FOR FAILOVER Note: This topic assumes you have set up failover. If you have not set up failover, please refer to the Bomgar Failover Configuration Guide, available at www.bomgar.com/docs. If you are on the primary appliance, you will see Failover page sections indicating Failover :: Primary Site Instance. If you are on the backup appliance, you will only see Failover page sections indicating Failover :: Backup Site Instance. The Failover :: Backup Settings section refers to settings enabled only when the site instance you are on is the backup site instance. On the primary appliance s Failover page, the top of the page displays the address and status of the host/primary site and the peer/backup site, as well as the date and time of the last status check. Select Status History to expand or collapse a table of status events that have occurred. From the primary site's Failover page, you may change the backup appliance settings, manually force a data sync, force a failover for planned maintenance or a known failover event, break the failover relationship, and select the failover shared IP address. From Failover :: Primary Site Instance Status you first see text confirming that you are either on the primary or backup site instance for your host site. You have access to three command buttons on this page: Sync Now, Become Primary, and Break Failover Relationships. Select the checkbox adjacent to the Become Primary button before clicking the Become Primary button to synchronize data from the peer appliance prior to completing the swap. If the checkbox is selected, all users on the existing primary appliance will be disconnected during the data sync and no other operations will be available until the swap is complete. From Failover :: Primary Site Instance Configuration, control the shared IP address the site instance uses in the event of a failover by selecting the checkbox for the failover IP address. If you change the relationship between the sites, the IP addresses displayed will disable when a primary site becomes a backup, and will enable when a backup becomes a primary site. You should manually mirror the setting on the peer site, as the setting is not shared. Select Save Changes when finished. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 83

When on the primary site instance, select Backup Settings > to expand or collapse the page displaying the configuration fields. From Failover :: Backup Settings, configure backup settings for the primary and backup site instances. The settings you configure here will be enabled only when the site instance you are configuring is in a backup role. Backup Settings allows you precise control over backup operations. Enable or disable site backups. You can control the timing details of the Automatic Data-Sync Interval, set bandwidth parameters for data-sync, quickly enable or disable automatic failover, and set how long the primary site must be unreachable before failing over. You also may enter IP addresses for the backup site to check to determine whether the backup's inability to reach the primary is because the primary is offline or the backup has lost its network connection. For recommended settings, see our best practices in the document Configuring Failover. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 84

SUPPORT: CONTACT BOMGAR SUPPORT The support page provides contact information should you need to contact a Bomgar support technician. In the event that a Bomgar support representative should need access to your appliance, he or she will provide you with support, access, and override codes to enter on this page to create an applianceinitiated, fully encrypted support tunnel back to Bomgar for quick resolution of complex issues. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 85

Ports and Firewalls Bomgar solutions are designed to work transparently through firewalls, enabling a connection with any computer with internet connectivity, anywhere in the world. However, with certain highly secured networks, some configuration may be necessary. Ports 80, 443, and 8200 need to be open for outbound TCP traffic on the customer s and representative s firewalls. The diagram shows a typical network setup; more details can be found in the Bomgar Appliance Hardware Installation Guide. Internet security software such as software firewalls must not block Bomgar executable files from downloading. Some examples of software firewalls include McAfee Security, Norton Security, and Zone Alarm. If you do have a software firewall, you may experience some connection issues. To avoid such issues, configure your firewall settings to allow the following executables, wherein {uid} is a unique identifier consisting of letter and numbers: bomgar-scc-{uid}.exe bomgar-scc.exe bomgar-pac-{uid}.exe bomgar-pac.exe For assistance with your firewall configuration, please contact the manufacturer of your firewall software. Note: Port 8200 is used as a rollover for port 443 and, although not required, is recommended. If you should still have difficulty making a connection, contact Bomgar support at www.bomgar.com/support. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 86

Disclaimers, Licensing Restrictions and Tech Support DISCLAIMERS This document is provided for information purposes only. Bomgar Corporation may change the contents hereof without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Bomgar Corporation specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. The technologies, functionality, services, and processes described herein are subject to change without notice. BOMGAR, BOMGAR BOX, mark B, JUMP and UNIFIED REMOTE SUPPORT are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners. LICENSING RESTRICTIONS One Bomgar license enables one support representative at a time to troubleshoot an unlimited number of remote computers, whether attended or unattended.* Although multiple accounts may exist on the same license, two or more licenses (one per concurrent support representative) are required to enable multiple support representatives to troubleshoot simultaneously. *Starter Service accounts are limited to 25 Jumpoints and/or Jump Clients per site. Starter Service accounts do not provide screen or command prompt recordings. TECH SUPPORT At Bomgar, we are committed to offering the highest quality service by ensuring that our customers have everything they need to operate with maximum productivity. Should you need any assistance, please contact Bomgar Support at www.bomgar.com/support. Technical support is provided with annual purchase of our maintenance plan. CONTACT BOMGAR info@bomgar.com 866.205.3650 (US) +44 (0) 1628 480 210 (UK/EMEA) BOMGAR.COM 87