Screendesk's architecture combines secure helpdesk integration, sophisticated recording capabilities, and robust cloud infrastructure to deliver a seamless support experience. This document details the technical flows and security measures that enable secure communication and data handling throughout the platform.
At the heart of Screendesk's functionality lies a sophisticated screen recording system that operates entirely through web browsers. When a support agent initiates a recording request, the system generates a secure short link through our helpdesk integration. This link serves as a secure gateway for end customers to access the recording interface.
The recording process leverages the browser's MediaRecorder API, enabling high-quality screen and audio capture without requiring software installation. This client-side approach significantly enhances security and user adoption by eliminating the need for external applications or plugins. The captured content flows directly through encrypted channels to our web infrastructure, ensuring data security from the moment of capture.
Parallel to screen recording, our video conferencing capabilities are powered by Whereby's real-time communication platform. The integration maintains end-to-end security while enabling direct video recordings storage to our S3 infrastructure. This architecture eliminates intermediary storage points, reducing potential security vulnerabilities and ensuring immediate availability of recorded sessions.
Our web infrastructure, hosted on Render.com, employs a horizontal scaling approach with multiple web servers operating in parallel. These servers handle incoming requests from both helpdesk integrations and direct recording submissions. A Web Application Firewall (WAF) sits in front of this tier, providing an additional security barrier against potential threats.
The web tier maintains direct connections to our Redis cache system, optimizing performance for frequent operations while ensuring session data remains secure. This caching layer plays a crucial role in managing user sessions and temporary data storage, all while operating within our encrypted environment.
Background operations are managed by our worker tier, which consists of multiple processing servers designed to handle asynchronous tasks. These workers manage critical operations such as recording processing, storage management, and data cleanup routines. The worker tier maintains secure connections to both our database and S3 storage systems, ensuring that all data transformations occur within our secured infrastructure.
Our data storage strategy employs a multi-layered approach:
A PostgreSQL database cluster provides our primary data store, with all data encrypted at rest and point-in-time recovery capabilities enabled
Amazon S3 storage handles all media content, including screen recordings and video conference recordings
Regional deployment options (EU/US) ensure compliance with data sovereignty requirements
Redis provides temporary storage for session management and performance optimization
Access control begins with our comprehensive authentication layer, which supports multiple secure authentication methods:
SAML 2.0 integration enables enterprise-grade single sign-on capabilities
SCIM protocols facilitate automated user management
Multi-factor authentication adds an essential security layer
Additional security measures for administrative access include IP whitelisting and Google Workspace SSO
Internal system access follows a hierarchical security model:
Support administrators access the admin dashboard through strong MFA verification
Engineering administrators require additional security clearance through IP whitelisting and Google Workspace SSO
CTO-level access includes full infrastructure control with quarterly security reviews
Every aspect of data handling incorporates security measures:
All communications utilize TLS 1.2+ encryption
HTTPS-only protocols ensure secure data transmission
Regional data storage options respect data sovereignty requirements
Strict data deletion policies ensure complete removal within five days
Client-side recording eliminates the need for software installation while maintaining security
Integration with customer helpdesk systems occurs through our dedicated Screendesk application, which establishes secure communications via HTTPS/TLS 1.2+ protocols. This integration enables support agents to initiate recording requests and video calls directly from their familiar helpdesk environment.
Support agents trigger recording requests through the helpdesk interface
Our system generates secure, validated short links
End customers receive and access these links
Browser-based recording captures screen and audio content
Captured content transmits directly to our web tier
Processing occurs in our worker tier
Final storage in encrypted S3 buckets
Administrative functions follow strictly controlled paths:
Support operations flow through the admin dashboard
Cloud service access requires multiple security validations
Infrastructure modifications undergo careful access control
All administrative actions are logged and monitored
This architecture ensures secure, efficient operation while maintaining the flexibility needed for customer support interactions. Regular security audits and continuous monitoring maintain the integrity of all system components.