Technical Brief 1
SupportPoint Cloud is a SaaS solution that makes it easy for people to get the information and guidance they need to navigate through complex business processes. SupportPoint Cloud Client Components SupportPoint Cloud s standard deployment provides the following clients: SupportPoint Desktop content viewer SupportPoint Manager content, user management, reporting and administration tool SupportPoint Editor content editor SupportPoint Desktop SupportPoint Desktop delivers context-sensitive information in a narrow window that runs along the right edge of the user s screen. There is a browser version of SupportPoint Desktop and an installed version. The installed version of SupportPoint Desktop is a rich web application for viewing content. It provides functionality not possible in a browser including Context Sensitivity, always on top, auto-start, launch from and minimise to the notification area and notifications in the notification area. The installed version includes an embedded HTML5 customized browser that only works with SupportPoint content. To deploy SupportPoint Desktop, there is a one-time/infrequent installation that delivers full functionality and browser independence. It s deployed via an.msi file and can be configured to meet the Standard Operating Environment (SOE) requirements of most enterprises. End users typically activate the installed version of SupportPoint Desktop by clicking the SupportPoint icon in the Windows notification area. SupportPoint Manager SupportPoint Manager is used to create and maintain content, user accounts and roles, run reports and set configuration options. Only SupportPoint users responsible for content and role management, reports and administration need access to Manager. 2
Role-Based Security Permission to perform certain operations or access specific resources is controlled by SupportPoint s end user accounts. Read, write, document ownership, and administration permissions can be set for individual end users and specific groups of users, known as SupportPoint roles. Read and write access can be set for individual documents or at the folder level. Additional SupportPoint components Content Converter The SupportPoint Content Converter allows users to create content in pre-defined Microsoft Word templates which can then be converted to the SupportPoint format. Once converted, the information is imported into SupportPoint Manager and managed by the SupportPoint Authors. Multi-language module The SupportPoint Multi-Language Module enables customers to translate documents into multiple languages. When the global content (e.g. written in English) changes, those changes flow automatically through to all translated versions. SupportPoint Protocols The viewing and management clients connect to the web tier via HTTPS. External API callers connect to the web tier. All connections between SupportPoint clients and the server are initiated by the client. Authentication The SupportPoint Business Application Server manages authentication. End users don t have server accounts or any access to the underlying server operating system. You can configure the SupportPoint Business Application Server to authenticate the identity of end users using various methods, including: Service Provider initiated Single Sign On via SAML 2.0 using an encrypted password SupportPoint uses HTTPS to ensure that all communication including authentication is secure. Stored passwords are all encrypted via a SHA-1 one-way encryption before being stored. Interoperability with other systems SupportPoint Cloud includes an initial range of pre-built connectors that help enable standards-based integration between SupportPoint and other systems including CMIS, SharePoint, Documentum, HL7, Microsoft Dynamics CRM, Salesforce and Zendesk. Other connectors are constantly being added. Context Sensitivity SupportPoint s context sensitivity is unique functionality which enables SupportPoint Desktop to find and display the information a user needs based on the state (screen) of the application they need assistance with. For SupportPoint Desktop to be context-sensitive with Java applets, the Java Access Bridge must be installed on every desktop. SupportPoint's context sensitivity may be accessed via Citrix published applications in the following environments: Citrix desktop is being used and SupportPoint Desktop is part of the desktop SupportPoint Desktop is deployed as a published application which is running in the same session as the published application that it s to be context sensitive with SupportPoint Desktop is running in different session(s) to the published application(s) that it s to be context sensitive with, provided the SupportPoint Citrix CSH agent is installed on all desktops and on the appropriate Citrix servers. 3
Client Minimum Requirements SupportPoint Desktop Operating system Windows 7 Windows 8.1 (desktop mode) Windows 10 SupportPoint Manager Windows 7 Windows 8.1 (desktop mode) Windows 10 CPU Intel Core 2 Duo Processor equivalent or greater Intel Core 2 Duo Processor equivalent or greater RAM 1GB 2GB Hard disk space 50MB free space 200MB free space Other.NET V3.5 SP1 (installed version only) WebSocket Protocol 1280 x 768 or higher screen resolution The WebSocket Protocol must be permitted 1280 x 768 or higher screen resolution Supported Browsers If SupportPoint Desktop is not installed, only the most recent stable versions of Internet Explorer and Google Chrome are supported. The installed version of SupportPoint Desktop provides Context Sensitivity, always on top, auto-start, launch from and minimise to notification area and notifications in notification area functionality. Panviva Service Centre Panviva Support operates primarily via the Panviva Service Centre, a secure support portal where customers can access the SupportPoint knowledge base, participate in the forums and log and manage support tickets. The Panviva Service Centre is accessed at http://support.panviva.com. Customer Contacts Customers are required to supply and maintain a list of nominated contact(s) for Panviva Support to notify of any existing or scheduled changes to the status of their environments. Related SupportPoint Cloud technical documents For detailed information about SupportPoint Cloud s various technical components, you can access our complete range of resources from the Panviva Service Centre. Some of the technical documents available to you include: SupportPoint Cloud Information Security Model SupportPoint Cloud Content Converter SupportPoint Cloud Quicklinks Grid User Guide SupportPoint Cloud Reports Monitoring Panviva maintains several independent monitoring services and tools to provide the Panviva Support team with a constant reference as to the status of all SupportPoint environments. 4
Process Panviva Support monitors all levels of the application. This includes: Application performance Availability/Uptime Network Cloud infrastructure Database (access, job status, performance bottlenecks and other metrics) Panviva Support receives automated notifications from the monitoring services via multiple channels when any service detects a potential status change. All events are analysed to determine if that event is normal or if it is an adverse event/incident. All incidents are logged, triaged and assigned a severity rating as defined in each customer s Support and Maintenance Services document. The severity rating determines the response and communication method and frequency. In accordance with the availability guarantee a monthly uptime report can be made available to customers. Disaster Recovery The Panviva solution leverages both the full DR abilities of Verizon, the cloud provider partner, in addition to its own internal contingency planning. Panviva has a dedicated planning team that oversees Disaster Recovery planning and policies. Disaster Recovery policies are reviewed quarterly and also following any major application or infrastructure change or after any incidents. Datacentre Verizon has multiple clusters deployed within a data centre and also across geographically dispersed data centres. SupportPoint users who must meet regulatory requirements for enhanced business continuity are encouraged to subscribe to data replication across multiple locations. Panviva can also offer backup services that include encryption of data inflight and at rest. Ultimately it is for the customer to consider if these additional services are required as part of their own Business Continuity Plan; and it should be noted that these additional services are entirely separate to the respective operational continuity plans for both the Panviva and Verizon businesses. Network Panviva keeps a complete set of network documentation. In addition, Panviva take snapshots of network configurations and this information is stored in a separate secure location. Instance/Server All servers are backed up regularly and before any major upgrades/changes. The backup schedules follow industry best practices. Application SupportPoint is designed to be horizontally scalable and as such, can be deployed to accommodate any single failure at any tier of the application (as an optional/add-on implementation requiring extra design, implementation and support effort not covered under our standard cost schedule). Database Databases are backed up regularly to redundant locations and the data can be easily retrieved in case of a database server failure. 5
Security Panviva understands the critical importance of this issue; both for its clients, but also on behalf of its clients endcustomers. By leveraging the experience gained from a global customer base across multiple industries, Panviva understands the value of data typically stored in SupportPoint, and continues to develop the system with appropriate security controls to protect against the risks that most organizations face when using this powerful tool. Panviva is committed to ensuring that appropriate levels of security can be enabled to provide its clients with the confidence that the SupportPoint platform meets, if not exceeds, its security expectations. Panviva can share with its customers an overview of security policies and procedures (under a non-disclosure agreement). Panviva performs regular vulnerability scans and penetration tests (for both the application and the network) on its environments. These tests are performed by external vendors. Panviva performs regular internal audits on its platform and applications. These tests are based on risk. Any adverse findings are reviewed and addressed by our Security, Technical and Operations teams. Application Security Our web based application is delivered over a secure connection that utilizes TLS/SSL and keys and certificates to ensure secure communication of data while in transit. Access to the SupportPoint application is limited to specific customer IP addresses. Data Security SupportPoint is architected on a role-based security model, i.e. access to resources and the permissions to act on those resources is controlled via roles. This provides a granular level of control over all the information stored on the system (at document or folder level). All customer data is completely isolated and encrypted at rest based on the TDE (Transparent Data Encryption) standard and using the ASE256 algorithm. This ensures that the data is only visible to that specific application and to the authorized users. Backups of our databases are also encrypted as per the above standards. Panviva has controls in place to protect data leakage. Network Security Panviva s cloud environments are all protected by strict access rules. In addition, the networks are further segregated into tiers with strict rules that govern the visibility of these tiers and the communications between them. Maintenance Panviva provides advance notice for any scheduled maintenance. General maintenance windows are scheduled to occur once a month, for more details please visit the Panviva Service Centre. Other upgrade windows may be needed to perform system and/or infrastructure upgrades and these will be communicated as early as possible. Any unscheduled maintenance will be communicated at the time to the nominated customer contact. Panviva provides an availability guarantee agreement. This agreement does not apply to any interruptions during Panviva s standard scheduled maintenance windows or to any other maintenance periods where Panviva has provided at least 5 business days advance notice. Maintenance periods will never be scheduled during regular Business Hours. 6