Re: Making remedy available to general public

2015-09-18 Thread Rick Cook 
Well, the first thing you will have to do is put your web server outside of
your firewall.  Then secure the heck out of it, and make sure you control
tightly the pipeline to your AR Server, which will be inside of your
firewall.

You might consider having your web programmers build the screen and collect
the data, and then use a Web Service or API call to generate the Remedy
request.

Rick
On Sep 18, 2015 7:48 AM, "Isabel Irving" 
wrote:

> Hello!
>
> We have a Remedy system which is used internally by a call centre to log
> calls on behalf of the general public.
>
> We are now thinking about whether it would be possible to allow the
> general public to log their own requests.
>
> What would you recommend in terms of authentication and security?  Would
> this need a 3rd party app on the front end?
>
> We would want to make it easy for the general public to submit a
> request(and maybe to see updates or cancel a request they have raised) but
> we would also want to be sure we are not inviting hackers.
>
> I've had a search around BMC and the ARS List and haven't found any
> obvious answers - I guess there are a lot of different options out there.
> We'd be looking for something that is easily set up and that would mean we
> can add categories, business rules etc to Remedy without having to also
> update the rules and categories in a 3rd party app.
>
> Any tips?
> Thanks!
> Isabel
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread Hennigan, Sandra, CTR, DSS 
Isabel,

Have you looked at or considered using Service Request Management (SRM) and/or 
MyIT as the customer facing interface? (That is of course, after providing 
external access to your AR System.)

Thank you,

Sandra


-Original Message-
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Isabel Irving
Sent: Friday, September 18, 2015 10:48 AM
To: arslist@ARSLIST.ORG
Subject: Making remedy available to general public

Hello!

We have a Remedy system which is used internally by a call centre to log calls 
on behalf of the general public.

We are now thinking about whether it would be possible to allow the general 
public to log their own requests.

What would you recommend in terms of authentication and security?  Would this 
need a 3rd party app on the front end?

We would want to make it easy for the general public to submit a request(and 
maybe to see updates or cancel a request they have raised) but we would also 
want to be sure we are not inviting hackers.

I've had a search around BMC and the ARS List and haven't found any obvious 
answers - I guess there are a lot of different options out there.  We'd be 
looking for something that is easily set up and that would mean we can add 
categories, business rules etc to Remedy without having to also update the 
rules and categories in a 3rd party app.

Any tips?
Thanks!
Isabel

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers 
Are, and have been for 20 years"

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"


smime.p7s
Description: S/MIME cryptographic signature

Re: Making remedy available to general public

2015-09-18 Thread Jason Miller 
You beat me to it Tim!  As much as I hate email integrations (well ok, they
have a place but I don't like as the first option) we used this method when
there was a need for patients to report issues with our patient portal. It
is quick to setup and you do not need to expose any of your Remedy
infrastructure to the world. Of course that was only for submitting.
Viewing and updating requests would take a little more work/integration.

One tip...  We did have an instance where thousands (if not 10's of
thousands) of incidents were created when somebody found a SQL injection
vector in the patient portal. Spending a few extra development cycles to
put a check/throttle on the Remedy side might pay off if you go this route.

Jason

On Fri, Sep 18, 2015 at 9:00 AM, Timothy Powell <
timothy.pow...@pbs-consulting.com> wrote:

> **
>
> Expanding on what Candace said, you can also have a hybrid solution that’s
> easy on the user and more secure for you.
>
> Your external web site could have all the fields you need to create the
> ticket and be user friendly. Then when the users “submits” the request on
> the external web site, the data posts to an email instead of a database.
> The post to email can be formatted as you want it to be and then sent to
> the remedy system. Then since you defined the formatting, parsing it on the
> email engine side should be easy.
>
>
>
> HTH,
>
> Tim
>
>
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *Candace DeCou
> *Sent:* Friday, September 18, 2015 11:41 AM
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: Making remedy available to general public
>
>
>
> **
>
> Isabel - another possibility I have seen used at a previous employer is to
> set up some sort of email address (on or more) that can be used by external
> people outside of the system.  When emails are sent to that address from
> your 'public' requester's, it can hit the system and get put through some
> filters to send it to the correct support queue or group.  This worked very
> well for us with a number of different external emails that we needed to be
> able to manage inside a restricted ARS environment.  The only requirement
> here is that the incoming email address must route to the Remedy Email
> Engine and not get filtered out by some other environmental constraints.
> Once it hits, set up filters looking for specified strings to tell it what
> to do from there.
>
> Hope this helps as a possible solution.
>
> Candace
>
>
>
> On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <
> isabel.irv...@access.uk.com> wrote:
>
> Hello!
>
> We have a Remedy system which is used internally by a call centre to log
> calls on behalf of the general public.
>
> We are now thinking about whether it would be possible to allow the
> general public to log their own requests.
>
> What would you recommend in terms of authentication and security?  Would
> this need a 3rd party app on the front end?
>
> We would want to make it easy for the general public to submit a
> request(and maybe to see updates or cancel a request they have raised) but
> we would also want to be sure we are not inviting hackers.
>
> I've had a search around BMC and the ARS List and haven't found any
> obvious answers - I guess there are a lot of different options out there.
> We'd be looking for something that is easily set up and that would mean we
> can add categories, business rules etc to Remedy without having to also
> update the rules and categories in a 3rd party app.
>
> Any tips?
> Thanks!
> Isabel
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>
>
>
> _ARSlist: "Where the Answers Are" and have been for 20 years_
> _ARSlist: "Where the Answers Are" and have been for 20 years_
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread Candace DeCou 
O yeah, we didn't allow any public users to actually interact with
their submissions.  They were all handled individually by real people in
the various affected groups who would either respond directly back to them
via email or call, snail mail or otherwise handle it directly.  I'm glad I
never got any of those darn SQL injection vectors - would've had to bring
out the heavy duty bug spray I think.
ROFLOL

On Fri, Sep 18, 2015 at 9:45 AM, Jason Miller <jason.mil...@gmail.com>
wrote:

> **
> You beat me to it Tim!  As much as I hate email integrations (well ok,
> they have a place but I don't like as the first option) we used this method
> when there was a need for patients to report issues with our patient
> portal. It is quick to setup and you do not need to expose any of your
> Remedy infrastructure to the world. Of course that was only for submitting.
> Viewing and updating requests would take a little more work/integration.
>
> One tip...  We did have an instance where thousands (if not 10's of
> thousands) of incidents were created when somebody found a SQL injection
> vector in the patient portal. Spending a few extra development cycles to
> put a check/throttle on the Remedy side might pay off if you go this route.
>
> Jason
>
> On Fri, Sep 18, 2015 at 9:00 AM, Timothy Powell <
> timothy.pow...@pbs-consulting.com> wrote:
>
>> **
>>
>> Expanding on what Candace said, you can also have a hybrid solution
>> that’s easy on the user and more secure for you.
>>
>> Your external web site could have all the fields you need to create the
>> ticket and be user friendly. Then when the users “submits” the request on
>> the external web site, the data posts to an email instead of a database.
>> The post to email can be formatted as you want it to be and then sent to
>> the remedy system. Then since you defined the formatting, parsing it on the
>> email engine side should be easy.
>>
>>
>>
>> HTH,
>>
>> Tim
>>
>>
>>
>> *From:* Action Request System discussion list(ARSList) [mailto:
>> arslist@ARSLIST.ORG] *On Behalf Of *Candace DeCou
>> *Sent:* Friday, September 18, 2015 11:41 AM
>> *To:* arslist@ARSLIST.ORG
>> *Subject:* Re: Making remedy available to general public
>>
>>
>>
>> **
>>
>> Isabel - another possibility I have seen used at a previous employer is
>> to set up some sort of email address (on or more) that can be used by
>> external people outside of the system.  When emails are sent to that
>> address from your 'public' requester's, it can hit the system and get put
>> through some filters to send it to the correct support queue or group.
>> This worked very well for us with a number of different external emails
>> that we needed to be able to manage inside a restricted ARS environment.
>> The only requirement here is that the incoming email address must route to
>> the Remedy Email Engine and not get filtered out by some other
>> environmental constraints.  Once it hits, set up filters looking for
>> specified strings to tell it what to do from there.
>>
>> Hope this helps as a possible solution.
>>
>> Candace
>>
>>
>>
>> On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <
>> isabel.irv...@access.uk.com> wrote:
>>
>> Hello!
>>
>> We have a Remedy system which is used internally by a call centre to log
>> calls on behalf of the general public.
>>
>> We are now thinking about whether it would be possible to allow the
>> general public to log their own requests.
>>
>> What would you recommend in terms of authentication and security?  Would
>> this need a 3rd party app on the front end?
>>
>> We would want to make it easy for the general public to submit a
>> request(and maybe to see updates or cancel a request they have raised) but
>> we would also want to be sure we are not inviting hackers.
>>
>> I've had a search around BMC and the ARS List and haven't found any
>> obvious answers - I guess there are a lot of different options out there.
>> We'd be looking for something that is easily set up and that would mean we
>> can add categories, business rules etc to Remedy without having to also
>> update the rules and categories in a 3rd party app.
>>
>> Any tips?
>> Thanks!
>> Isabel
>>
>>
>> ___
>> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
>> "Where the Answers Are, and have been for 20 years"
>>
>>
>>
>> _ARSlist: "Where the Answers Are" and have been for 20 years_
>> _ARSlist: "Where the Answers Are" and have been for 20 years_
>>
>
> _ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread Timothy Powell 
Expanding on what Candace said, you can also have a hybrid solution that’s easy 
on the user and more secure for you.

Your external web site could have all the fields you need to create the ticket 
and be user friendly. Then when the users “submits” the request on the external 
web site, the data posts to an email instead of a database. The post to email 
can be formatted as you want it to be and then sent to the remedy system. Then 
since you defined the formatting, parsing it on the email engine side should be 
easy.

 

HTH,

Tim

 

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Candace DeCou
Sent: Friday, September 18, 2015 11:41 AM
To: arslist@ARSLIST.ORG
Subject: Re: Making remedy available to general public

 

** 

Isabel - another possibility I have seen used at a previous employer is to set 
up some sort of email address (on or more) that can be used by external people 
outside of the system.  When emails are sent to that address from your 'public' 
requester's, it can hit the system and get put through some filters to send it 
to the correct support queue or group.  This worked very well for us with a 
number of different external emails that we needed to be able to manage inside 
a restricted ARS environment.  The only requirement here is that the incoming 
email address must route to the Remedy Email Engine and not get filtered out by 
some other environmental constraints.  Once it hits, set up filters looking for 
specified strings to tell it what to do from there.

Hope this helps as a possible solution.

Candace

 

On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <isabel.irv...@access.uk.com 
<mailto:isabel.irv...@access.uk.com> > wrote:

Hello!

We have a Remedy system which is used internally by a call centre to log calls 
on behalf of the general public.

We are now thinking about whether it would be possible to allow the general 
public to log their own requests.

What would you recommend in terms of authentication and security?  Would this 
need a 3rd party app on the front end?

We would want to make it easy for the general public to submit a request(and 
maybe to see updates or cancel a request they have raised) but we would also 
want to be sure we are not inviting hackers.

I've had a search around BMC and the ARS List and haven't found any obvious 
answers - I guess there are a lot of different options out there.  We'd be 
looking for something that is easily set up and that would mean we can add 
categories, business rules etc to Remedy without having to also update the 
rules and categories in a 3rd party app.

Any tips?
Thanks!
Isabel

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org 
<http://www.arslist.org> 
"Where the Answers Are, and have been for 20 years"

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread Candace DeCou 
Isabel - another possibility I have seen used at a previous employer is to
set up some sort of email address (on or more) that can be used by external
people outside of the system.  When emails are sent to that address from
your 'public' requester's, it can hit the system and get put through some
filters to send it to the correct support queue or group.  This worked very
well for us with a number of different external emails that we needed to be
able to manage inside a restricted ARS environment.  The only requirement
here is that the incoming email address must route to the Remedy Email
Engine and not get filtered out by some other environmental constraints.
Once it hits, set up filters looking for specified strings to tell it what
to do from there.

Hope this helps as a possible solution.

Candace

On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving 
wrote:

> Hello!
>
> We have a Remedy system which is used internally by a call centre to log
> calls on behalf of the general public.
>
> We are now thinking about whether it would be possible to allow the
> general public to log their own requests.
>
> What would you recommend in terms of authentication and security?  Would
> this need a 3rd party app on the front end?
>
> We would want to make it easy for the general public to submit a
> request(and maybe to see updates or cancel a request they have raised) but
> we would also want to be sure we are not inviting hackers.
>
> I've had a search around BMC and the ARS List and haven't found any
> obvious answers - I guess there are a lot of different options out there.
> We'd be looking for something that is easily set up and that would mean we
> can add categories, business rules etc to Remedy without having to also
> update the rules and categories in a 3rd party app.
>
> Any tips?
> Thanks!
> Isabel
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread Roger Justice 

The solution Tim provided is also the way that you can insure that the License 
agreement is met. If you review your SRM licenses they are for Named users and 
not generic users. This is outside of the Fixed/Floating concept since it 
relates to the User form and not the People form. 
 
 
-Original Message-
From: Timothy Powell <timothy.pow...@pbs-consulting.com>
To: arslist <arslist@ARSLIST.ORG>
Sent: Fri, Sep 18, 2015 12:01 pm
Subject: Re: Making remedy available to general public


**   
  
Expanding on what Candace said, you can also have a hybrid solution that’s easy 
on the user and more secure for you.
  
Your external web site could have all the fields you need to create the ticket 
and be user friendly. Then when the users “submits” the request on the external 
web site, the data posts to an email instead of a database. The post to email 
can be formatted as you want it to be and then sent to the remedy system. Then 
since you defined the formatting, parsing it on the email engine side should be 
easy.
  
 
  
HTH,
  
Tim
  
 
  
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Candace DeCou
Sent: Friday, September 18, 2015 11:41 AM
To: arslist@ARSLIST.ORG
Subject: Re: Making remedy available to general public
  
 
  
** 
  
   

 
Isabel - another possibility I have seen used at a previous employer is to set 
up some sort of email address (on or more) that can be used by external people 
outside of the system.  When emails are sent to that address from your 'public' 
requester's, it can hit the system and get put through some filters to send it 
to the correct support queue or group.  This worked very well for us with a 
number of different external emails that we needed to be able to manage inside 
a restricted ARS environment.  The only requirement here is that the incoming 
email address must route to the Remedy Email Engine and not get filtered out by 
some other environmental constraints.  Once it hits, set up filters looking for 
specified strings to tell it what to do from there.


Hope this helps as a possible solution.
   
   
Candace
  
  
   
 
   

On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <isabel.irv...@access.uk.com> 
wrote:

 
Hello!

We have a Remedy system which is used internally by a call centre to log calls 
on behalf of the general public.

We are now thinking about whether it would be possible to allow the general 
public to log their own requests.

What would you recommend in terms of authentication and security?  Would this 
need a 3rd party app on the front end?

We would want to make it easy for the general public to submit a request(and 
maybe to see updates or cancel a request they have raised) but we would also 
want to be sure we are not inviting hackers.

I've had a search around BMC and the ARS List and haven't found any obvious 
answers - I guess there are a lot of different options out there.  We'd be 
looking for something that is easily set up and that would mean we can add 
categories, business rules etc to Remedy without having to also update the 
rules and categories in a 3rd party app.

Any tips?
Thanks!
Isabel

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

   
   
 
  
  
_ARSlist: "Where the Answers Are" and have been for 20 years_ 
 
 _ARSlist: "Where the Answers Are" and have been for 20 years_


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Making remedy available to general public

2015-09-18 Thread John Sundberg 
I would recommend looking at Kinetic Request.
http://www.kineticdata.com/products/request/

Works with Remedy out of the box…

Works with Remedy and many other solutions too.
100% configuration based solution (so you don’t need to modify your Remedy
system). (This is important for an external customer facing solution … if
you find an issue — you don’t want to wait for a change mgmt window so you
can update a filter or active link)

We have worked with a number of TELCOs (in a variety of ways) (All with
Remedy behind the scenes)
TELUS, Brighthouse, Vodafone, ATT, Comcast…
(Just had Brighthouse in our offices this week — some smart people)

A couple samples here: (under screenshots)
http://kiosk.kineticdata.com/products/request/

You will like Kinetic.

Very highlevel …
BMC gives you a library of 100 things to start — 100 enabled — and you have
to “turn off” 95.
Kinetic gives you a library of 100 things to start —  0 enabled — and you
turn on 5.

You do not give external customers 80 things … (options, wizards, bells,
etc…) … you keep in very minimal very straightforward and simple.

Kinetic allows you to release the system you envision, vs releasing the
system the vendor envisions.

-John





On Fri, Sep 18, 2015 at 9:47 AM, Isabel Irving 
wrote:

> Hello!
>
> We have a Remedy system which is used internally by a call centre to log
> calls on behalf of the general public.
>
> We are now thinking about whether it would be possible to allow the
> general public to log their own requests.
>
> What would you recommend in terms of authentication and security?  Would
> this need a 3rd party app on the front end?
>
> We would want to make it easy for the general public to submit a
> request(and maybe to see updates or cancel a request they have raised) but
> we would also want to be sure we are not inviting hackers.
>
> I've had a search around BMC and the ARS List and haven't found any
> obvious answers - I guess there are a lot of different options out there.
> We'd be looking for something that is easily set up and that would mean we
> can add categories, business rules etc to Remedy without having to also
> update the rules and categories in a 3rd party app.
>
> Any tips?
> Thanks!
> Isabel
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>



-- 

*John Sundberg*
Kinetic Data, Inc.
"Your business. Your process."

651-556-0930 I john.sundb...@kineticdata.com
www.kineticdata.com I community.kineticdata.com

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"