The Remote Support Service and access to the Nasuni Edge Appliance
The Remote Support Service allows authorized Nasuni Technical Support personnel to access a Nasuni Edge Appliance remotely and securely. This can help Nasuni Technical Support to diagnose and resolve any issues with the Nasuni Edge Appliance quickly and proactively.
This service is disabled by default and is strictly opt-in. The customer can enable or disable this service at any time. The customer can also enable this service for a specific period of time. Enabling this service allows Nasuni to offer a higher level of service and support.
Details of Access
The Remote Support Service provides SSH access to the entire Nasuni Edge Appliance. When connecting to a Nasuni Edge Appliance through Remote Support, the Nasuni Customer Support Engineer can see data in the local cache. However, it is standard Nasuni policy that no Customer Support Engineer accesses any data unless 1) there is a specific problem that requires investigation and 2) even then, only when the customer authorizes such access. Generally, the investigation of a problem with data focuses on the permissions associated with the data, not on the actual data itself.
Control of Access
First, the customer controls all access to a Nasuni Edge Appliance. The customer must grant Remote Support access to a Customer Support Engineer through the Nasuni Edge Appliance user interface. After the customer grants access, the customer can use the Nasuni Edge Appliance user interface to see when a Customer Support Engineer is connected using the Remote Support Service. Customers can limit access to a specific time window. Customers also have the option to end access at any time.
Customers receive an Informational notification whenever the Remote Support Service is enabled or disabled.
Nasuni strictly controls access to Remote Support. Customer Support Engineers typically must wait 4-6 months (depending on their technical aptitude and expertise with Nasuni technology) before being granted access to the Remote Support Service. The VP of Services and the Principal Support Engineer reviews the Customer Support Engineer before they are granted access to the Remote Support Service.
After a Customer Support Engineer has been granted authority to use the Remote Support Service, they can only access it through their individual, company-assigned computer. An SSH certificate must be installed on their computer to enable access.
After a customer grants access to their Nasuni Edge Appliance through the Remote Support Service, the Customer Support Engineer must perform multiple security authentication steps. First, they must log onto their assigned computer with their personal, secure password. Next, they must log into the Remote Support Service with a personal SSH certificate. Then, they must log into the Nasuni Edge Appliance using a special one-time support password that changes every 2 hours. Only after completing all these steps successfully is the Customer Support Engineer allowed to access a customer’s Nasuni Edge Appliance.
Nasuni also tracks all access done using the Remote Support Service. A logging mechanism captures the user information, all the commands executed, the amount of time spent on the Nasuni Edge Appliance, and the time when the Customer Support Engineer logged off.
A former Nasuni employee cannot access a customer’s data. A Nasuni employee's access to all Nasuni corporate resources ends the instant they leave the company.