Transcription
WHITE PAPERGoToAssistCitrix GoToAssist CorporateSecurity White PaperGoToAssist Corporate providesrobust end-to-end data securitymeasures that address both passive andactive attacks against confidentiality,integrity and availability.www.gotoassist.com
WHITE PAPERGoToAssistScope and audienceThis guide is for Citrix GoToAssist Corporate customers and otherstakeholders that need to understand how GoToAssist impacts informationsecurity risk and compliance in their environment.IntroductionGoToAssist Corporate is a hosted service that provides a way to deliver remotesupport to PC and Mac computers. GoToAssist Corporate allows a user torequest support from a support representative and then allows that representative to view and optionally control the end user’s computer remotely. This document focuses on the information security features of GoToAssist Corporate.The reader is assumed to have a basic understanding of the product and itsfeatures. Additional materials on GoToAssist Corporate may be found online atwww.gotoassist.com or by contacting a Citrix Online representative.GoToAssist Corporate servicedelivery architectureThe diagram below provides a schematic overview of all major GoToAssistCorporate service delivery components and communication paths.Citrix Online Hosted InfrastructureService Rep’s PCHelpAlertManager’s PCReplay ViewerPassphrase ChangerCustomer’s PCChatLinkBrowserEndpointGatewayGoToAssistWeb SiteGoToAssistService BrokerMulticastCommunication Server2
WHITE PAPERGoToAssistDefinitionsHelpAlertWin32 executable that resides on the service representative’s computer andenables the representative to receive and reply to incoming customer queries.ChatEndpoint application that facilitates text-based communication between acustomer and a service representative.BrowserStandard Internet web browser, such as Firefox, Internet Explorer, etc.Replay ViewerEndpoint application that allows company managers, team managers andrepresentative managers to replay recorded GoToAssist Corporate sessions.Replay viewer can replay remote screen sharing, local screen sharing, chatand remote diagnostics.Passphrase ChangerEndpoint application that facilitates the changing of the passphrase used toprotect cryptographically-enforced access to session recordings.GoToAssist WebsiteWeb application that provides access to the GoToAssist website and webbased internal and external administration portals.GoToAssist Service BrokerWeb application that realizes GoToAssist Corporate account and servicemanagement, persistent storage and reporting functions.Multicast Communication ServerOne of a fleet of globally distributed servers used to realize a variety of highavailability unicast and multicast communication services.Endpoint GatewayA special-purpose gateway used by endpoint applications to securely accessthe GoToAssist Service Broker for a variety of purposes using remote procedure calls.3
WHITE PAPERGoToAssistApplication securityGoToAssist Corporate provides access to a variety of resources and servicesusing a role-based access control system that is enforced by the variousservice delivery components. The roles and related terms are defined in thetable below:Roles4Administrator (or admin)The Citrix Online employee who createsGroups and Portals in a company’sGoToAssist Corporate ManagementCenter. Admins can create, modify anddelete GoToAssist Corporate accounts,portals, company managers andteam managers; modify subscriptionand pricing data; and perform otheradministrative functions.CompanyGoToAssist Corporate customer forwhom portals are set up.Company ManagerA client company’s employee that hasaccess to its GoToAssist CorporateManagement Center. Allowed tomodify accounts, portals teams andrepresentatives associated with hisaccount.CustomerThe person requesting support fromthe client company via GoToAssistCorporate.Group/TeamCollection of representatives that areassigned to a particul
An essential part of GoToAssist Corporate's security is its permission-based access control model for protecting access to the customer's PC and the data contained therein. First, all GoToAssist Corporate sessions must be initiated by the remote customer. GoToAssist Corporate is not designed for unattended support scenarios.
