- For the Application Administrators, how are permissions applied to the console? Is it tied to Active Directory and is it possible to segregate into various groups? Is the console for Automata web-enabled or does it only run local on the server? Do you have to be running a local RDP session in order to get to the console or is it accessed via a web site?
The console on the server is for Server Admins only via RDP. It is not web-enabled or tied to the Active Directory. The Dashboard can be tied to the Active Directory.
- For the Azure Administrators, what permissions are required to deploy the AI/GPU Infrastructure?
The required Azure Authorization Scopes are User.Read, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All.
- For Tracking Users, the agent on the user’s laptop is typically installed using the credentials from the helpdesk, but how does the agent authenticate to the AI management server or dashboard server? Does it connect to both of them?
An encrypted configuration file is deployed alongside the tracking MSI package, which contains the server connection information. There is only 1 server which handles all requests or tracking data.
- For Database Accounts, does everything programmatically run under a DB Admin account or is it possible to implement roles with various permissions based on function?
During Deployment, the SA account is used to create the database and a unique login. Permissions granted to that login are Connect, Select, Insert, Update, Delete and Alter.
- For the authentication used in network connections, the diagram shown by the vendor here Deployment Guide – OfficeAutomata (zendesk.com) please state the authentication method used for each connection.
All authentication is done through the Encrypted Configuration files (separate packages for Tracking users and Dashboard users). Any user that connects to the system is logged/added in the User panel with default ‘User’ permissions. Additional permissions (Manager, Admin), can be set by the ‘Global Admin’ (person who deploys the system).
- For Encryption and the Data at Rest, what is the encryption used at the client workstation in terms of how it works and what kind of encryption is it? Are there any parameters or components of it that can be controlled/modified? Can encryption keys can be vaulted separately, and how will encryption key management be handled?
Encryption is AES 256 with embedded password & vector, and hash based on the LicenseID. Prior to saving or sending any data, it is encrypted. There are no modifiable parameters at this time, though we are open to the Password being moved to a client-specific location.
- Is the encryption of the SQL database supported by the vendor?
Database encryption via the SQL Server options Always Encrypted or Transparent Data Encryption can be done by the Systems Administrator. All encrypted data is stored as such, and is only decrypted via the Dashboard on specific Tasks.
- For the network diagram depicted in the Deployment Guide – OfficeAutomata (zendesk.com), what are the protocols in addition to the port numbers which are already depicted?
The default in .Net 4.6+ is TLS 1.2 (Tracker, Dashboard & Server are on .Net 4.7.2).
- For all network connections, which side initiates the connection?
Server receives all connections (Tracking, Dashboard & AI initiate). Dashboard and AI query the Database directly.
- For all the network connections on the same page, which ones have the capability to implement a secure transport mechanism? (For example, can TCP/5500 use TLS 1.2 at the transport layer?)
All connections use TLS 1.2 by default.
- For all network connections on the same page, what are the cases where the data payload is encrypted, or can potentially be encrypted?
Any value data (data typed in/copied by users, and screenshots) are encrypted at all points, and further encryption is done prior to transit (MessagePack).
For more information about OfficeAutomata's Security Features please contact us or visit the other training guides.
Non-Disclosure Disclaimer: This document and the information contained herein is confidential; This document is provided for information purposes only for the exclusive use of the recipients to whom it is addressed and the contents hereof are subject to change without notice. Whilst the information contained herein has been prepared in good faith, it is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Office Automata specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Any reproduction, retransmission, republication, translation, or other use of, all or part of this document is expressly prohibited, unless prior written permission has been granted by Office Automata. Office Automata, the Office Automata logo and other all other Office Automata trademarks, logos and service marks used in this document are the trademarks or service marks of Office Automata and its affiliates. All other marks contained herein are the property of their respective owners. Office Automata has intellectual property rights relating to technology that is described in this document.