Why is InterSystems using SecureLink?
InterSystems has always believed in putting the customer first. SecureLink is the only remote support solution available that puts the customer in complete control of when to allow remote access, who gains access, and what InterSystems can access when supporting our customers. We believe SecureLink is easier to use and more secure, and will enable us to support you in a better way.
What’s the benefit of SecureLink to me?
SecureLink gives you a standardised way of allowing remote access to InterSystems. You no longer have to support modems, vendor VPN accounts, or give up control of your desktop. You control when access is granted, always know exactly who is accessing your systems and what they have access to, all without having to modify your firewall in any way. Additionally, SecureLink delivers the most detailed audit of vendor activity currently available, which can be very important for HIPAA concerns.
How can we be sure to avoid unauthorised access?
Each connection is initiated by the customer, never from an outside username and password. Essentially, you’re securely tunnelling into InterSystems to allow us to support you. Each session (by default) requires a one-time key generated by InterSystems and entered by you. This key is good for a single use, and you must authorise each session. You may disconnect a session at any time.
What if I don’t want to initiate a connection each time?
By default, for security reasons, SecureLink sessions are good for one time only. However, at your request, InterSystems can generate a Permanent Key which will be used to allow us to access your system over a specified period of time (like a critical weekend support issue) or indefinitely. You can still control who accesses your system and what they have access to, and a full audit is created for your records.
What level of access is granted to InterSystems?
The service engineer can access only services you permit, which can be defined at a very granular (port) level. For example, you can restrict access to read-only on a particular directory. For more complex issues, the service engineer may request access to additional ports, like diagnostic services and databases, but you’re always in complete control of access.
What is involved in installing SecureLink?
SecureLink only requires download of a small component to a server of your choosing.
Do we need to install the component on multiple servers?
No. The component only needs to reside on a single server. The only caveat to this is that the server should have client access to all other servers that may require support.
What sort of bandwidth does SecureLink take up?
The load is very minimal. While waiting for a connection request, the component is about 3k and runs as a very thin background service, which can be shut off if you wish. SecureLink can also be run as a Java applet. This requires no footprint, but may limit some of the auditing, and the ability to limit vendor access.
How do we initiate a SecureLink session?
A SecureLink session can be initiated with a single browser. If “Anytime” access has been enabled, initiating a SecureLink session requires no action at all. Please contact InterSystems to set up a test connection.
Do I have to poke a hole in my firewall?
SecureLink requires only basic outbound Internet access via Port 80. It is never necessary to poke a hole in your firewall to allow inbound network traffic.
How does SecureLink put me in control?
InterSystems cannot gain access until you specifically allow it using a one-time keycode. Additionally, you can determine which InterSystems engineers can access your system, and what services they have access to when supporting you. The ability to initiate a SecureLink session can even be password protected within your organisation for additional control. Finally, a detailed audit report is generated each week to let you know who accessed your systems and what was done.
What level of encryption do you use?
SecureLink uses 128-bit industry-leading encryption.
Is there an audit trail?
A full audit trail is left behind with every connection. Additionally, an active report of all activity is generated, so you can monitor InterSystems access in real time.
How does SecureLink address HIPAA or Sarbanes-Oxley compliance?
SecureLink is the only remote access method that allows you to limit access at the port level. If HIPAA deems that certain hostnames are off-limits to vendors, SecureLink would enable you to restrict access. Additionally, SecureLink enables a full audit report so you’ll always know what was done during any support request, in case there are any issues around documenting vendor access. This level of access restriction and auditing may not be available through any other method, even an internal VPN.
What if I have a problem at the desktop level?
SecureLink has desktop sharing built in, so it won’t be an issue.
How do I end a connection?
A connection is ended simply by clicking a disconnect tab created when a SecureLink session is initiated.
How is SecureLink better than desktop sharing?
Desktop sharing is great for support at the PC level. However, one of the problems with desktop sharing (in addition to being forced to give up your desktop), is that you can’t control the level of access granted. The support engineer effectively becomes you, with all the permissions and privileges therein. This might give them too much access (such as the ability to “snoop” email or format drives), or not enough access to key back-end servers. Traffic also flows through a shared server, which can be a concern for high-security environments. The SecureLink server is a dedicated server residing at InterSystems headquarters in Cambridge. Finally, using desktop sharing to access multi-server or multi-platform environments is very cumbersome and time-consuming.
How is SecureLink better than using our VPN?
Giving a vendor a VPN account may take weeks or months to accomplish. Then, you must maintain that account, making sure it’s not being used without permission, or that login details aren’t being shared inappropriately. Also, once a vendor has gained access to your system, many VPNs give them “the keys to the kingdom.” There is no way to limit access at the port level to services, ports, or hostnames. Finally, many VPNs do not create a thorough audit of what happened during a support request. In summary, VPNs are great for allowing remote access internally, but SecureLink is a better solution for allowing vendor access.
How is SecureLink better than dial-up & pcAnywhere?
Modems are slow and costly to maintain, yet still come with all the hazards of VPN and desktop sharing. There is no way to limit vendor access or monitor activity. SecureLink works over a Broadband connection and requires no infrastructure, so it is faster, less costly, and more secure.
Does SecureLink cost me anything?
As of today, SecureLink is completely free of charge to InterSystems customers.
If I also support enterprise software, can I use SecureLink to support my customers?
Sure. For more information on using SecureLink with your customers, send an email to email@example.com.
How can I enable all my vendors to access our systems using SecureLink?
Enexity, the makers of SecureLink, has an emerging program to allow users of SecureLink to standardise on SecureLink for all vendor remote access. Send an email to firstname.lastname@example.org for more information.