Re: Making remedy available to general public
Well, the first thing you will have to do is put your web server outside of your firewall. Then secure the heck out of it, and make sure you control tightly the pipeline to your AR Server, which will be inside of your firewall. You might consider having your web programmers build the screen and collect the data, and then use a Web Service or API call to generate the Remedy request. Rick On Sep 18, 2015 7:48 AM, "Isabel Irving"wrote: > Hello! > > We have a Remedy system which is used internally by a call centre to log > calls on behalf of the general public. > > We are now thinking about whether it would be possible to allow the > general public to log their own requests. > > What would you recommend in terms of authentication and security? Would > this need a 3rd party app on the front end? > > We would want to make it easy for the general public to submit a > request(and maybe to see updates or cancel a request they have raised) but > we would also want to be sure we are not inviting hackers. > > I've had a search around BMC and the ARS List and haven't found any > obvious answers - I guess there are a lot of different options out there. > We'd be looking for something that is easily set up and that would mean we > can add categories, business rules etc to Remedy without having to also > update the rules and categories in a 3rd party app. > > Any tips? > Thanks! > Isabel > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
Isabel, Have you looked at or considered using Service Request Management (SRM) and/or MyIT as the customer facing interface? (That is of course, after providing external access to your AR System.) Thank you, Sandra -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Isabel Irving Sent: Friday, September 18, 2015 10:48 AM To: arslist@ARSLIST.ORG Subject: Making remedy available to general public Hello! We have a Remedy system which is used internally by a call centre to log calls on behalf of the general public. We are now thinking about whether it would be possible to allow the general public to log their own requests. What would you recommend in terms of authentication and security? Would this need a 3rd party app on the front end? We would want to make it easy for the general public to submit a request(and maybe to see updates or cancel a request they have raised) but we would also want to be sure we are not inviting hackers. I've had a search around BMC and the ARS List and haven't found any obvious answers - I guess there are a lot of different options out there. We'd be looking for something that is easily set up and that would mean we can add categories, business rules etc to Remedy without having to also update the rules and categories in a 3rd party app. Any tips? Thanks! Isabel ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" smime.p7s Description: S/MIME cryptographic signature
Re: Making remedy available to general public
You beat me to it Tim! As much as I hate email integrations (well ok, they have a place but I don't like as the first option) we used this method when there was a need for patients to report issues with our patient portal. It is quick to setup and you do not need to expose any of your Remedy infrastructure to the world. Of course that was only for submitting. Viewing and updating requests would take a little more work/integration. One tip... We did have an instance where thousands (if not 10's of thousands) of incidents were created when somebody found a SQL injection vector in the patient portal. Spending a few extra development cycles to put a check/throttle on the Remedy side might pay off if you go this route. Jason On Fri, Sep 18, 2015 at 9:00 AM, Timothy Powell < timothy.pow...@pbs-consulting.com> wrote: > ** > > Expanding on what Candace said, you can also have a hybrid solution that’s > easy on the user and more secure for you. > > Your external web site could have all the fields you need to create the > ticket and be user friendly. Then when the users “submits” the request on > the external web site, the data posts to an email instead of a database. > The post to email can be formatted as you want it to be and then sent to > the remedy system. Then since you defined the formatting, parsing it on the > email engine side should be easy. > > > > HTH, > > Tim > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] *On Behalf Of *Candace DeCou > *Sent:* Friday, September 18, 2015 11:41 AM > *To:* arslist@ARSLIST.ORG > *Subject:* Re: Making remedy available to general public > > > > ** > > Isabel - another possibility I have seen used at a previous employer is to > set up some sort of email address (on or more) that can be used by external > people outside of the system. When emails are sent to that address from > your 'public' requester's, it can hit the system and get put through some > filters to send it to the correct support queue or group. This worked very > well for us with a number of different external emails that we needed to be > able to manage inside a restricted ARS environment. The only requirement > here is that the incoming email address must route to the Remedy Email > Engine and not get filtered out by some other environmental constraints. > Once it hits, set up filters looking for specified strings to tell it what > to do from there. > > Hope this helps as a possible solution. > > Candace > > > > On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving < > isabel.irv...@access.uk.com> wrote: > > Hello! > > We have a Remedy system which is used internally by a call centre to log > calls on behalf of the general public. > > We are now thinking about whether it would be possible to allow the > general public to log their own requests. > > What would you recommend in terms of authentication and security? Would > this need a 3rd party app on the front end? > > We would want to make it easy for the general public to submit a > request(and maybe to see updates or cancel a request they have raised) but > we would also want to be sure we are not inviting hackers. > > I've had a search around BMC and the ARS List and haven't found any > obvious answers - I guess there are a lot of different options out there. > We'd be looking for something that is easily set up and that would mean we > can add categories, business rules etc to Remedy without having to also > update the rules and categories in a 3rd party app. > > Any tips? > Thanks! > Isabel > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > > > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _ARSlist: "Where the Answers Are" and have been for 20 years_ > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
O yeah, we didn't allow any public users to actually interact with their submissions. They were all handled individually by real people in the various affected groups who would either respond directly back to them via email or call, snail mail or otherwise handle it directly. I'm glad I never got any of those darn SQL injection vectors - would've had to bring out the heavy duty bug spray I think. ROFLOL On Fri, Sep 18, 2015 at 9:45 AM, Jason Miller <jason.mil...@gmail.com> wrote: > ** > You beat me to it Tim! As much as I hate email integrations (well ok, > they have a place but I don't like as the first option) we used this method > when there was a need for patients to report issues with our patient > portal. It is quick to setup and you do not need to expose any of your > Remedy infrastructure to the world. Of course that was only for submitting. > Viewing and updating requests would take a little more work/integration. > > One tip... We did have an instance where thousands (if not 10's of > thousands) of incidents were created when somebody found a SQL injection > vector in the patient portal. Spending a few extra development cycles to > put a check/throttle on the Remedy side might pay off if you go this route. > > Jason > > On Fri, Sep 18, 2015 at 9:00 AM, Timothy Powell < > timothy.pow...@pbs-consulting.com> wrote: > >> ** >> >> Expanding on what Candace said, you can also have a hybrid solution >> that’s easy on the user and more secure for you. >> >> Your external web site could have all the fields you need to create the >> ticket and be user friendly. Then when the users “submits” the request on >> the external web site, the data posts to an email instead of a database. >> The post to email can be formatted as you want it to be and then sent to >> the remedy system. Then since you defined the formatting, parsing it on the >> email engine side should be easy. >> >> >> >> HTH, >> >> Tim >> >> >> >> *From:* Action Request System discussion list(ARSList) [mailto: >> arslist@ARSLIST.ORG] *On Behalf Of *Candace DeCou >> *Sent:* Friday, September 18, 2015 11:41 AM >> *To:* arslist@ARSLIST.ORG >> *Subject:* Re: Making remedy available to general public >> >> >> >> ** >> >> Isabel - another possibility I have seen used at a previous employer is >> to set up some sort of email address (on or more) that can be used by >> external people outside of the system. When emails are sent to that >> address from your 'public' requester's, it can hit the system and get put >> through some filters to send it to the correct support queue or group. >> This worked very well for us with a number of different external emails >> that we needed to be able to manage inside a restricted ARS environment. >> The only requirement here is that the incoming email address must route to >> the Remedy Email Engine and not get filtered out by some other >> environmental constraints. Once it hits, set up filters looking for >> specified strings to tell it what to do from there. >> >> Hope this helps as a possible solution. >> >> Candace >> >> >> >> On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving < >> isabel.irv...@access.uk.com> wrote: >> >> Hello! >> >> We have a Remedy system which is used internally by a call centre to log >> calls on behalf of the general public. >> >> We are now thinking about whether it would be possible to allow the >> general public to log their own requests. >> >> What would you recommend in terms of authentication and security? Would >> this need a 3rd party app on the front end? >> >> We would want to make it easy for the general public to submit a >> request(and maybe to see updates or cancel a request they have raised) but >> we would also want to be sure we are not inviting hackers. >> >> I've had a search around BMC and the ARS List and haven't found any >> obvious answers - I guess there are a lot of different options out there. >> We'd be looking for something that is easily set up and that would mean we >> can add categories, business rules etc to Remedy without having to also >> update the rules and categories in a 3rd party app. >> >> Any tips? >> Thanks! >> Isabel >> >> >> ___ >> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org >> "Where the Answers Are, and have been for 20 years" >> >> >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
Expanding on what Candace said, you can also have a hybrid solution that’s easy on the user and more secure for you. Your external web site could have all the fields you need to create the ticket and be user friendly. Then when the users “submits” the request on the external web site, the data posts to an email instead of a database. The post to email can be formatted as you want it to be and then sent to the remedy system. Then since you defined the formatting, parsing it on the email engine side should be easy. HTH, Tim From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Candace DeCou Sent: Friday, September 18, 2015 11:41 AM To: arslist@ARSLIST.ORG Subject: Re: Making remedy available to general public ** Isabel - another possibility I have seen used at a previous employer is to set up some sort of email address (on or more) that can be used by external people outside of the system. When emails are sent to that address from your 'public' requester's, it can hit the system and get put through some filters to send it to the correct support queue or group. This worked very well for us with a number of different external emails that we needed to be able to manage inside a restricted ARS environment. The only requirement here is that the incoming email address must route to the Remedy Email Engine and not get filtered out by some other environmental constraints. Once it hits, set up filters looking for specified strings to tell it what to do from there. Hope this helps as a possible solution. Candace On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <isabel.irv...@access.uk.com <mailto:isabel.irv...@access.uk.com> > wrote: Hello! We have a Remedy system which is used internally by a call centre to log calls on behalf of the general public. We are now thinking about whether it would be possible to allow the general public to log their own requests. What would you recommend in terms of authentication and security? Would this need a 3rd party app on the front end? We would want to make it easy for the general public to submit a request(and maybe to see updates or cancel a request they have raised) but we would also want to be sure we are not inviting hackers. I've had a search around BMC and the ARS List and haven't found any obvious answers - I guess there are a lot of different options out there. We'd be looking for something that is easily set up and that would mean we can add categories, business rules etc to Remedy without having to also update the rules and categories in a 3rd party app. Any tips? Thanks! Isabel ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <http://www.arslist.org> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
Isabel - another possibility I have seen used at a previous employer is to set up some sort of email address (on or more) that can be used by external people outside of the system. When emails are sent to that address from your 'public' requester's, it can hit the system and get put through some filters to send it to the correct support queue or group. This worked very well for us with a number of different external emails that we needed to be able to manage inside a restricted ARS environment. The only requirement here is that the incoming email address must route to the Remedy Email Engine and not get filtered out by some other environmental constraints. Once it hits, set up filters looking for specified strings to tell it what to do from there. Hope this helps as a possible solution. Candace On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irvingwrote: > Hello! > > We have a Remedy system which is used internally by a call centre to log > calls on behalf of the general public. > > We are now thinking about whether it would be possible to allow the > general public to log their own requests. > > What would you recommend in terms of authentication and security? Would > this need a 3rd party app on the front end? > > We would want to make it easy for the general public to submit a > request(and maybe to see updates or cancel a request they have raised) but > we would also want to be sure we are not inviting hackers. > > I've had a search around BMC and the ARS List and haven't found any > obvious answers - I guess there are a lot of different options out there. > We'd be looking for something that is easily set up and that would mean we > can add categories, business rules etc to Remedy without having to also > update the rules and categories in a 3rd party app. > > Any tips? > Thanks! > Isabel > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
The solution Tim provided is also the way that you can insure that the License agreement is met. If you review your SRM licenses they are for Named users and not generic users. This is outside of the Fixed/Floating concept since it relates to the User form and not the People form. -Original Message- From: Timothy Powell <timothy.pow...@pbs-consulting.com> To: arslist <arslist@ARSLIST.ORG> Sent: Fri, Sep 18, 2015 12:01 pm Subject: Re: Making remedy available to general public ** Expanding on what Candace said, you can also have a hybrid solution that’s easy on the user and more secure for you. Your external web site could have all the fields you need to create the ticket and be user friendly. Then when the users “submits” the request on the external web site, the data posts to an email instead of a database. The post to email can be formatted as you want it to be and then sent to the remedy system. Then since you defined the formatting, parsing it on the email engine side should be easy. HTH, Tim From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Candace DeCou Sent: Friday, September 18, 2015 11:41 AM To: arslist@ARSLIST.ORG Subject: Re: Making remedy available to general public ** Isabel - another possibility I have seen used at a previous employer is to set up some sort of email address (on or more) that can be used by external people outside of the system. When emails are sent to that address from your 'public' requester's, it can hit the system and get put through some filters to send it to the correct support queue or group. This worked very well for us with a number of different external emails that we needed to be able to manage inside a restricted ARS environment. The only requirement here is that the incoming email address must route to the Remedy Email Engine and not get filtered out by some other environmental constraints. Once it hits, set up filters looking for specified strings to tell it what to do from there. Hope this helps as a possible solution. Candace On Fri, Sep 18, 2015 at 7:47 AM, Isabel Irving <isabel.irv...@access.uk.com> wrote: Hello! We have a Remedy system which is used internally by a call centre to log calls on behalf of the general public. We are now thinking about whether it would be possible to allow the general public to log their own requests. What would you recommend in terms of authentication and security? Would this need a 3rd party app on the front end? We would want to make it easy for the general public to submit a request(and maybe to see updates or cancel a request they have raised) but we would also want to be sure we are not inviting hackers. I've had a search around BMC and the ARS List and haven't found any obvious answers - I guess there are a lot of different options out there. We'd be looking for something that is easily set up and that would mean we can add categories, business rules etc to Remedy without having to also update the rules and categories in a 3rd party app. Any tips? Thanks! Isabel ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Making remedy available to general public
I would recommend looking at Kinetic Request. http://www.kineticdata.com/products/request/ Works with Remedy out of the box… Works with Remedy and many other solutions too. 100% configuration based solution (so you don’t need to modify your Remedy system). (This is important for an external customer facing solution … if you find an issue — you don’t want to wait for a change mgmt window so you can update a filter or active link) We have worked with a number of TELCOs (in a variety of ways) (All with Remedy behind the scenes) TELUS, Brighthouse, Vodafone, ATT, Comcast… (Just had Brighthouse in our offices this week — some smart people) A couple samples here: (under screenshots) http://kiosk.kineticdata.com/products/request/ You will like Kinetic. Very highlevel … BMC gives you a library of 100 things to start — 100 enabled — and you have to “turn off” 95. Kinetic gives you a library of 100 things to start — 0 enabled — and you turn on 5. You do not give external customers 80 things … (options, wizards, bells, etc…) … you keep in very minimal very straightforward and simple. Kinetic allows you to release the system you envision, vs releasing the system the vendor envisions. -John On Fri, Sep 18, 2015 at 9:47 AM, Isabel Irvingwrote: > Hello! > > We have a Remedy system which is used internally by a call centre to log > calls on behalf of the general public. > > We are now thinking about whether it would be possible to allow the > general public to log their own requests. > > What would you recommend in terms of authentication and security? Would > this need a 3rd party app on the front end? > > We would want to make it easy for the general public to submit a > request(and maybe to see updates or cancel a request they have raised) but > we would also want to be sure we are not inviting hackers. > > I've had a search around BMC and the ARS List and haven't found any > obvious answers - I guess there are a lot of different options out there. > We'd be looking for something that is easily set up and that would mean we > can add categories, business rules etc to Remedy without having to also > update the rules and categories in a 3rd party app. > > Any tips? > Thanks! > Isabel > > > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > -- *John Sundberg* Kinetic Data, Inc. "Your business. Your process." 651-556-0930 I john.sundb...@kineticdata.com www.kineticdata.com I community.kineticdata.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"