# Request Screen Recording {% @mermaid/diagram content="flowchart TB %% Customer Side subgraph CustomerUsers\["Customer Users"] CustAgent\["Support Agent"] CustAdmin\["Workspace Admin"] EndUser\["End Customer"] end ``` subgraph HelpdeskIntegration["Helpdesk Integration"] HelpdeskApp["Screendesk App in\nCustomer Helpdesk"] HTTPS1["HTTPS/TLS 1.2+"] end subgraph RecordingFlow["Screen Recording Flow"] RecordLink["Short Link Generation"] Browser["Browser Recorder\nMediaRecorder API"] ScreenCapture["Screen + Audio Capture"] end subgraph Authentication["Authentication Layer"] AuthMethods["Authentication Methods"] SAML["SAML 2.0 Integration"] SCIM["SCIM User Management"] MFA["Multi-Factor Auth"] end %% Screendesk Internal Users subgraph InternalUsers["Screendesk Internal Users"] SupportAdmin["Support Admin\n(Admin Dashboard Access)"] EngineerAdmin["Engineering Admin\n(Cloud Services Access)"] CTO["CTO\n(Full Infrastructure Access)"] end %% Application Layer subgraph AppInfra["Application Infrastructure (Render.com)"] direction TB subgraph WebTier["Web Tier"] Web1["Web Server 1"] Web2["Web Server 2"] WebN["Web Server N"] end subgraph WorkerTier["Worker Tier"] Worker1["Worker 1"] Worker2["Worker 2"] WorkerN["Worker N"] end Redis["Redis Cache"] subgraph DBTier["Database Tier"] DB["PostgreSQL\nEncrypted at Rest\nPoint-in-Time Recovery"] end WAF["Web Application Firewall"] end %% Cloud Services subgraph CloudServices["Cloud Services"] subgraph S3Storage["Screendesk S3 Storage"] S3["Amazon S3\nScreen & Video Recordings\nEncrypted at Rest"] end subgraph VideoService["Video Conferencing Service"] Whereby["Whereby\nReal-time Video"] RecordingHandler["Recording Handler"] end end %% Admin Access Controls subgraph AdminAccess["Admin Access Security"] IPWhitelist["IP Whitelisting"] GoogleSSO["Google Workspace SSO"] AdminMFA["Strong MFA"] end %% Encryption Layer subgraph EncryptionLayer["Security & Encryption"] TLS["TLS 1.2+ Encryption"] HTTPS2["HTTPS Only"] end %% Screen Recording Flow CustAgent --> HelpdeskApp HelpdeskApp --> RecordLink RecordLink --> EndUser EndUser --> Browser Browser --> ScreenCapture ScreenCapture --> |"Submit Recording"|WebTier %% Standard Access Patterns HelpdeskApp --> HTTPS1 HTTPS1 --> AuthMethods CustAdmin --> AuthMethods AuthMethods --> SAML AuthMethods --> SCIM AuthMethods --> MFA %% Admin Access Patterns SupportAdmin --> AdminMFA SupportAdmin --> |"Admin Dashboard"|WebTier EngineerAdmin --> AdminMFA EngineerAdmin --> IPWhitelist EngineerAdmin --> GoogleSSO EngineerAdmin --> |"Cloud Services Access"|CloudServices CTO --> AdminMFA CTO --> IPWhitelist CTO --> GoogleSSO CTO --> |"Full Infrastructure Control"|AppInfra %% Application Flow WAF --> TLS TLS --> WebTier WebTier --> WorkerTier WebTier --> Redis WebTier --> DB WorkerTier --> DB WorkerTier --> S3 %% Video and Recording Flow HelpdeskApp --> |"Initiate Video Call"|Whereby Whereby --> |"Real-time Video"|EndUser Whereby --> |"Recording"|RecordingHandler RecordingHandler --> |"Direct Storage"|S3 %% Notes classDef note fill:#e6f3ff,stroke:#2d5986,stroke-width:2px; note1["Data deletion:\nHard deletes only\nMax 5 days retention"] note2["Horizontal scaling\nfor performance"] note3["EU/US Region Selection\nper customer"] note4["All communications\nencrypted with HTTPS/TLS 1.2+"] note5["Client-side recording\nNo installation needed"] note6["Secure link generation\nand validation"] class note1,note2,note3,note4,note5,note6 note;" %} ``` ## Screendesk Technical Architecture and Flow Documentation ### Introduction Screendesk's architecture combines secure helpdesk integration, sophisticated recording capabilities, and robust cloud infrastructure to deliver a seamless support experience. This document details the technical flows and security measures that enable secure communication and data handling throughout the platform. ### Core Recording Technologies #### Screen Recording Workflow At the heart of Screendesk's functionality lies a sophisticated screen recording system that operates entirely through web browsers. When a support agent initiates a recording request, the system generates a secure short link through our helpdesk integration. This link serves as a secure gateway for end customers to access the recording interface. The recording process leverages the browser's MediaRecorder API, enabling high-quality screen and audio capture without requiring software installation. This client-side approach significantly enhances security and user adoption by eliminating the need for external applications or plugins. The captured content flows directly through encrypted channels to our web infrastructure, ensuring data security from the moment of capture. #### Video Conferencing Integration Parallel to screen recording, our video conferencing capabilities are powered by Whereby's real-time communication platform. The integration maintains end-to-end security while enabling direct video recordings storage to our S3 infrastructure. This architecture eliminates intermediary storage points, reducing potential security vulnerabilities and ensuring immediate availability of recorded sessions. ### Infrastructure Components #### Web Service Layer Our web infrastructure, hosted on Render.com, employs a horizontal scaling approach with multiple web servers operating in parallel. These servers handle incoming requests from both helpdesk integrations and direct recording submissions. A Web Application Firewall (WAF) sits in front of this tier, providing an additional security barrier against potential threats. The web tier maintains direct connections to our Redis cache system, optimizing performance for frequent operations while ensuring session data remains secure. This caching layer plays a crucial role in managing user sessions and temporary data storage, all while operating within our encrypted environment. #### Processing Layer Background operations are managed by our worker tier, which consists of multiple processing servers designed to handle asynchronous tasks. These workers manage critical operations such as recording processing, storage management, and data cleanup routines. The worker tier maintains secure connections to both our database and S3 storage systems, ensuring that all data transformations occur within our secured infrastructure. #### Data Storage Architecture Our data storage strategy employs a multi-layered approach: * A PostgreSQL database cluster provides our primary data store, with all data encrypted at rest and point-in-time recovery capabilities enabled * Amazon S3 storage handles all media content, including screen recordings and video conference recordings * Regional deployment options (EU/US) ensure compliance with data sovereignty requirements * Redis provides temporary storage for session management and performance optimization ### Security Implementation #### Authentication Framework Access control begins with our comprehensive authentication layer, which supports multiple secure authentication methods: * SAML 2.0 integration enables enterprise-grade single sign-on capabilities * SCIM protocols facilitate automated user management * Multi-factor authentication adds an essential security layer * Additional security measures for administrative access include IP whitelisting and Google Workspace SSO #### Administrative Access Control Internal system access follows a hierarchical security model: * Support administrators access the admin dashboard through strong MFA verification * Engineering administrators require additional security clearance through IP whitelisting and Google Workspace SSO * CTO-level access includes full infrastructure control with quarterly security reviews #### Data Protection Measures Every aspect of data handling incorporates security measures: * All communications utilize TLS 1.2+ encryption * HTTPS-only protocols ensure secure data transmission * Regional data storage options respect data sovereignty requirements * Strict data deletion policies ensure complete removal within five days * Client-side recording eliminates the need for software installation while maintaining security ### Operational Flows #### Helpdesk Integration Process Integration with customer helpdesk systems occurs through our dedicated Screendesk application, which establishes secure communications via HTTPS/TLS 1.2+ protocols. This integration enables support agents to initiate recording requests and video calls directly from their familiar helpdesk environment. #### Recording Request Flow 1. Support agents trigger recording requests through the helpdesk interface 2. Our system generates secure, validated short links 3. End customers receive and access these links 4. Browser-based recording captures screen and audio content 5. Captured content transmits directly to our web tier 6. Processing occurs in our worker tier 7. Final storage in encrypted S3 buckets #### Administrative Operations Administrative functions follow strictly controlled paths: * Support operations flow through the admin dashboard * Cloud service access requires multiple security validations * Infrastructure modifications undergo careful access control * All administrative actions are logged and monitored This architecture ensures secure, efficient operation while maintaining the flexibility needed for customer support interactions. Regular security audits and continuous monitoring maintain the integrity of all system components. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://security.screendesk.io/screendesk-security-architecture/architecture-and-security/request-screen-recording.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.