Request Screen Recording

Screendesk Technical Architecture and Flow Documentation

Introduction

Screendesk's architecture combines secure helpdesk integration, sophisticated recording capabilities, and robust cloud infrastructure to deliver a seamless support experience. This document details the technical flows and security measures that enable secure communication and data handling throughout the platform.

Core Recording Technologies

Screen Recording Workflow

At the heart of Screendesk's functionality lies a sophisticated screen recording system that operates entirely through web browsers. When a support agent initiates a recording request, the system generates a secure short link through our helpdesk integration. This link serves as a secure gateway for end customers to access the recording interface.

The recording process leverages the browser's MediaRecorder API, enabling high-quality screen and audio capture without requiring software installation. This client-side approach significantly enhances security and user adoption by eliminating the need for external applications or plugins. The captured content flows directly through encrypted channels to our web infrastructure, ensuring data security from the moment of capture.

Video Conferencing Integration

Parallel to screen recording, our video conferencing capabilities are powered by Whereby's real-time communication platform. The integration maintains end-to-end security while enabling direct video recordings storage to our S3 infrastructure. This architecture eliminates intermediary storage points, reducing potential security vulnerabilities and ensuring immediate availability of recorded sessions.

Infrastructure Components

Web Service Layer

Our web infrastructure, hosted on Render.com, employs a horizontal scaling approach with multiple web servers operating in parallel. These servers handle incoming requests from both helpdesk integrations and direct recording submissions. A Web Application Firewall (WAF) sits in front of this tier, providing an additional security barrier against potential threats.

The web tier maintains direct connections to our Redis cache system, optimizing performance for frequent operations while ensuring session data remains secure. This caching layer plays a crucial role in managing user sessions and temporary data storage, all while operating within our encrypted environment.

Processing Layer

Background operations are managed by our worker tier, which consists of multiple processing servers designed to handle asynchronous tasks. These workers manage critical operations such as recording processing, storage management, and data cleanup routines. The worker tier maintains secure connections to both our database and S3 storage systems, ensuring that all data transformations occur within our secured infrastructure.

Data Storage Architecture

Our data storage strategy employs a multi-layered approach:

• A PostgreSQL database cluster provides our primary data store, with all data encrypted at rest and point-in-time recovery capabilities enabled

• Amazon S3 storage handles all media content, including screen recordings and video conference recordings

• Regional deployment options (EU/US) ensure compliance with data sovereignty requirements

• Redis provides temporary storage for session management and performance optimization

Security Implementation

Authentication Framework

Access control begins with our comprehensive authentication layer, which supports multiple secure authentication methods:

• SAML 2.0 integration enables enterprise-grade single sign-on capabilities

• SCIM protocols facilitate automated user management

• Multi-factor authentication adds an essential security layer

• Additional security measures for administrative access include IP whitelisting and Google Workspace SSO

Administrative Access Control

Internal system access follows a hierarchical security model:

• Support administrators access the admin dashboard through strong MFA verification

• Engineering administrators require additional security clearance through IP whitelisting and Google Workspace SSO

• CTO-level access includes full infrastructure control with quarterly security reviews

Data Protection Measures

Every aspect of data handling incorporates security measures:

• All communications utilize TLS 1.2+ encryption

• HTTPS-only protocols ensure secure data transmission

• Regional data storage options respect data sovereignty requirements

• Strict data deletion policies ensure complete removal within five days

• Client-side recording eliminates the need for software installation while maintaining security

Operational Flows

Helpdesk Integration Process

Integration with customer helpdesk systems occurs through our dedicated Screendesk application, which establishes secure communications via HTTPS/TLS 1.2+ protocols. This integration enables support agents to initiate recording requests and video calls directly from their familiar helpdesk environment.

Recording Request Flow

1. Support agents trigger recording requests through the helpdesk interface

2. Our system generates secure, validated short links

3. End customers receive and access these links

4. Browser-based recording captures screen and audio content

5. Captured content transmits directly to our web tier

6. Processing occurs in our worker tier

7. Final storage in encrypted S3 buckets

Administrative Operations

Administrative functions follow strictly controlled paths:

• Support operations flow through the admin dashboard

• Cloud service access requires multiple security validations

• Infrastructure modifications undergo careful access control

• All administrative actions are logged and monitored

This architecture ensures secure, efficient operation while maintaining the flexibility needed for customer support interactions. Regular security audits and continuous monitoring maintain the integrity of all system components.