Using symmedia Hub and getting Help




Using the symmedia Hub Platform Documentation


Following this link, you will find the symmedia Hub Knowledge Base:

symmedia Hub Service Desk Knowledge Base




Use the search function to find what you are looking for:

  • Type in a key word and click on the proposed links or click enter to find a full list of search results.

Use the tree navigation to find help for each symmedia Hub function:

  • Click on an entry in the left hand tree navigation to find help for the respective symmedia Hub function that you are using.

The documentation navigation mirrors the navigation within the symmedia Hub interface.

Read the symmedia Hub release blog for new functions, features and bug fixes.




Customer / End User Service Desk Portal Usage


Log In/ Sign in of customers

If a customer has an existing symmedia Hub Service Desk account, the log in is done via email. Depending on the group/ organization, a single sign on is possible.

If a customer does not have an existing symmedia Hub Service Desk account, he or she will create an account by clicking “Sign up”. The customer will have to type in an email address. A verification email is end afterwards.


After verifying the email personal information are filled in. This step includes:

  • The full name

  • Secure password

The registered customer will then appear in the Jira symmedia Hub Service Desk Project - Customers.




Service Desk Landing Page - FAQ


The landing page is connected to the Service Desk Knowledge Base. Displayed are the created categories for Knowledge Base articles.

These are explained when clicked on and show the collection of articles related to the category topic. These categories can function as FAQ’s for customers.




Knowledge Base-Backed Search Mechanism


Displayed at the top of the symmedia Hub Service Desk is the search bar. It allows registered customers to search for an article before requesting help through issuing a service ticket. Knowledge Base articles can also be labeled which will respond to the search words. The article is displayed in the platform when clicking on it.

In case the article helped solving the issue, a Service Request is avoided. A “Was this article helpful” question is included at the end of the article and has a “YES or NO” answer option. The Satisfaction Report can be accessed in the Jira Service Desk Project.

In case the article did not help in solving the issue, the customer can contact the service team by clicking on “Need to raise a request? Contact us.”. From there, the customer is directed to the request forms.

The customer will be asked to provide feedback at the end of the displayed article.




Service Request - Service Ticket


In case an article did not help solve an issue, the customer can file for a Service Request. The customer can find four request types on the landing page of the symmedia Hub Service Desk (shown in the picture below).

To request any type of service, report a bug, licensing questions or other questions, the customer selects the related wizard by clicking on it and is asked to fill in information for the service team in order to solve the request.

  1. Technical support - requires a summary and a description. Customers have the option to attach widgets as well. A optional product or component (Jira or public website) selection can also be chosen.

  2. Licensing and billing questions - requires a summary only. Description and attachments are optional.

  3. Other questions - Requires a summary only. Description and attachments are optional.

  4. Report a bug - Requires a summary and a description of the symptom. Customers have the option to attach widgets as well.

The customer receives and automated email confirmation that the service team has received his/her request.


Once a customer has filed for a service ticket, he or she can view their tickets under “Requests” in the top right hand corner. The customer can view the ticket status, comments by the customer or the service team. Once the ticket status changes, the customer will be notified via email. A ticket can also have the status “Waiting for customer” in case the customer, e.g., needs to approve a step in the service process.

Ticket Status include:

  • Waiting for customer

  • In progress

  • Escalated

  • Pending

  • Canceled

  • Resolved

(see also: https://symmedia.atlassian.net/wiki/spaces/OPS/pages/9425130990 )

The customer can also select several filter settings to gain a better overview or use the search option for a specific ticket.

The workflow remains the same for each Service Request types.

SLA’s can not be viewed in the symmedia Hub Service Desk.

When a ticket has been filed in the past, the Service Request type will appear at the bottom of the symmedia Hub Service Desk landing page under “Recently used forms”.




symmedia Hub Security


Reporting security vulnerabilities found in the Secure Service Hub

 

Starting from  , customers and security researchers alike will be able to submit security vulnerabilities, discovered in the symmedia Hub, by using symmedia's existing Service Desk Portal at: https://symmedia.atlassian.net/servicedesk/customer/portal/1

symmedia follows a responsible disclosure policy, in which we aim to fix verified vulnerabilities as quickly as possible. We ask you not to share your findings publicly before symmedia releases a patch for the vulnerability. We aim to get back to you to verify the vulnerability as early as possible after submitting the report, usually within a week.

How does it work?

  1. Visit: https://symmedia.atlassian.net/servicedesk/customer/portal/1
  2. Instead of "Support" or "Technical Support" requests, select "Reporting a vulnerability"
  3. Please provide as much information as possible about what needs to be done in order to replicate the vulnerability and where and how you encountered it initially (i.e. include screenshots, code snippets etc. that will help us to reproduce the behavior).
  4. Your submission will be forwarded to our security team. In case of questions or feedback it would be very helpful for our security team to be able to contact you, so please provide a means of communication (i.e., email address)




Security Considerations


Security Context

The Security Context describes assumptions made by symmedia about the operating environment

symmedia Hub Cloud Platform

  • We assume that the customers' identity provider is configured securely, receives regular updates and observes current best practices.

  • We assume that customers train and educate their staff to observe security principles such as ‘least privilege’ when configuring remote access.

  • The symmedia Hub cloud platform runs in a managed cloud environment, which offers a variety of security controls.

  • When using the mobile app with an existing tenant, we assume the phone not to be rooted and uncompromised.

  • The users of the symmedia Hub cloud platform can be located anywhere and use different ways (browser, mobile, tablet etc.) to access the application.

  • We assume that IT/OT equipment running symmedia applications (i.e., the Tunnel Client) to be protected through endpoint security and professional administrative staff.

    • This applies to all equipment irrespective of form factor (i.e., desktop computer, laptop, mobile phone, tablet and everything in between)

    • symmedia Hub can not safeguard data if the customer using already compromised devices to access the application.

Edge Device

  • The Edge Device is connected to the operator’s shopfloor network.

  • The shopfloor network is itself isolated from other networks (i.e., local enterprise networks, WANs such as the internet or other network based communication channels)

  • The Edge Device is physically protected against harm (physical damage and access)

  • Physical access to the Edge Device is restricted to people working on the operators' shopfloor.

  • Some Edge Devices offer an optional Wifi-Network Access Point.

  • The Edge Device is running the latest version of the operating system image.

  • It is the operator’s duty to keep the Edge Device’s operating system image up to date.

  • The Edge Device runs third party applications inside containers.

symmedia Hub Cloud Platform

General

The symmedia Hub Cloud Platform enables user to access the symmedia Hub application in their browser. Thus, the usual security considerations regarding the secure operating systems and browsers should be observed. Such as:

  • Secure IT equipment

    • Please bear in mind that there is little on the Cloud side that can protect against a compromised computer on the client side

    • Please observe the usual it hygiene tasks, such as:

      • Keep operating systems up to date

      • Limit privileges of user account (“Least Privilege Principle”)

      • Deploy EDR solutions

      • Educate users about information security

  • Keep the browser up to date to benefit from the latest security patches

  • Be mindful about browser extensions and their security implications

  • Check the URL in the browser address bar

    • symmedia Hub will only use TLS encrypted connections

    • If your browser shows the connection to be unencrypted → Stop! This might be a phishing attempt :warning:

Managing Users

The symmedia Hub uses a Role Based Acces Control (RBAC) approach. Roles define what permissions a user has, while Scope defines the set of assets a user can exercise their permissions on. For a more detailed overview, please consult: https://symmedia.atlassian.net/wiki/spaces/SSH/pages/17320312870

When setting up users for your tenant, consider these security guidelines:

  • Apply the principle of least privilege

    • Only add roles and scopes for users which are required for them to do their work on the symmedia Hub

    • Observing this will limit the capabilities of an attacker in case a user account is compromised

  • Enforce Multi-Factor Authentication on your identity provider

    • symmedia Hub uses the customer’s identity provider to authenticate user, thus the security of the your accounts depend in part on its security settings

  • Delete users from the symmedia Hub if they are not longer needed

    • Only users who need to use the symmedia Hub should have an account

    • Disabling users who no longer require access helps reduce the attack surface

      • i.e., in case company accounts become compromised

  • Do not share accounts with multiple users

    • Every person working with the symmedia Hub should use their own account

    • Sharing accounts / passwords makes it hard to attribute actions and undermines account security

  • Only invite AD managed accounts to the platform

    • Avoid using microsoft accounts that are not managed by an AD and professional it staff

    • Do not use temporary accounts using non-AD-managed accounts

Managing Remote Connections

“With great power comes great responsibility”

Remote Connections are a powerful tool to enable remote service on machines while they are on the shopfloor. At the same time, they potentially allow attackers to bypass other established security controls.

Please consider these best practices when managing remote connections:

  • Do not use “always on” remote connections

    • Remote Connections are meant to be used to help a service technician do support work only while the technician requires access to the machine

  • Configure the Edge Device’s firewall

    • Make sure that the edge device has sensible firewall rules in place to limit access to the machine and/or the shopfloor network

  • Observe general security considerations on the shopfloor such as:

    • Segment and segregate local networks, i.e., make sure that access from the machine or shopfloor network to other internal networks is forbidden or severely limited in accordance with your security guidelines

    • Physical access to the shopfloor should be limited to the required personnel to limit physical access to the machines and edge devices

Edge Device

General

Edge Devices are the endpoints for symmedia Hub remote connections on the customer’s shopfloor. They also allow you to install apps from third parties to enhance their capabilities. These apps are executed locally on the edge device and thus have access to everything the edge device has access to.

OS Security

  • Keep the Edge Device’s operating system up to date

    • Check for updates regularly and consult update documentation

Firewall Security

  • Configure the local firewall

    • If Wifi-Access is not required, make sure to deny all traffic from the Wifi network (BLUE interface)

    • Only open required ports into the shopfloor or machine network

    • Review allowed ports regularly and remove if no longer required

App Security

  • Only install required apps to the edge devices.

  • Be mindful of information collected by/entered into third party applications

    • If the apps require backend infrastructure, information might be sent to the third party’s backend for processing

    • The same is true for all information the app might gather as part of its execution

  • Remove unused applications

  • Keep installed applications up-to-date

    • Check the “Applications” view in the symmedia Hub Cloud Platform regularly