Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Security Information: FAQ

            Modified on Thu, 20 Feb at 1:59 PM

            Data Centre Locations

            Data centres can be in any location where Microsoft Azure houses data centres.  Currently, there are two data centres (one in the UK and one in the US).


            There is no data centre in Canada.  The master storage (where all uploaded assets eventually reside) is located in Canada, but the data will be uploaded to the local storage in the country where the 2 data centres reside first.  Data is never stored in only one country.  Similarly, the database is replicated between data centres as well.


            Should the client wish to have data reside in one country, they will need to utilise the SparkOPS product and then they can choose where the data centre resides.


            Encryption

            Data is encrypted at rest using AES-256.  Data on the wire is encrypted using TLS 1.2.


            We currently do not support TLS 1.3, but it is on the roadmap.


            The HoloLens can also be encrypted using BitLocker (which is also AES-256).


            Certifications

            Kognitiv Spark currently holds two certifications: Cyber Secure Canada and Cyber Essentials UK.   Audits are conducted annually.  If a client wishes to see the reports, they can be requested.


            Kognitiv Spark does not conduct penetration tests against Azure.


            Microsoft conducts regular audits and penetration tests against their infra structure.


            Kognitiv Spark does not have a SOC 2 report.  Should the client wish a SOC 2 report from Microsoft, they can request one from Microsoft.   It is illegal for KS to download the SOC2 report from MS and pass it along.


            Any questions pertaining to Microsoft certifications and standards can be found here:


            Azure Compliance Documentation


            Microsoft does have ISO 27001 and NIST-800 designations.


            Incident Response

            Kognitiv Spark does have an Incident Response Plan.  The Incidence Response team meets annually to update the plan.


            Customers will be notified within 24 hours should a breach of their data be detected.  The Customer Success Team will handle all notifications.


            Authentication

            There are two types of accounts used with RemoteSpark: RemoteSpark account and Microsoft account.

            The RS account is only username and password, there is no muti factor authentication MFA.  These accounts should be used for testing purposes only.


            Microsoft accounts are the same accounts many clients use to log into their computers.  This is called Entra ID (Formally Azure Active Directory).   An organization cannot use Active Directory (note the missing Azure).


            Using Entra ID, the organization can use all of the authentication restrictions they currently employ in their Entra ID tenant including passwordless authentication, MFA and login restrictions.


            Mobile Device Management (MDM)

            MDM allows an organization to control their devices to patch and push out security settings and software.   A common MDM used by enterprises is Entra Endpoint (formerly Intune)  PC’s, HoloLens and the Digilens Argo can all be controlled using Entra Endpoint.


            Entra Endpoint can also be used to push the client software onto PC’s and headsets.


            COTURN / JANUS

            COTURN is a service that runs on a Ubuntu virtual machine in Azure.  Commonly referred to STUN and TURN.  STUN stands for Session Traversal Utilities for NAT and TURN stands for Traversal Using Relay around NAT.


            NAT stands for network address translation.  NAT means that many users can have unique IP addresses internally and a single public IP address.  For example, my machine could have an IP address of 10.0.0.2 and my coworker could have an internal IP address of 10.0.0.3.  However, when we use the internet, the internet would see both of our external IP addresses as 98.X.Y.Z.  NAT can make it difficult to connect the expert and the lens wearer, hence the need for COTURN.


            STUN is simple and is used 90% of the time.  It allows a peer-to-peer call.  Quick and easy, no traffic touches the COTURN server as expert and client are connected to each other.


            Should a peer-to-peer connection not be possible (some organisations block peer to peer traffic), the client would need to use TURN and relay the call through the COTURN server.   


            This can result in a slightly slower call as the client and the expert are relaying through the COTURN server instead of peer to peer.  When relaying the traffic is encrypted by single use keys that the COTURN server generates.  Kognitiv Spark cannot view the contents of the call.


            COTURN is ONLY used for making the call.


            JANUS runs on the same Ubuntu server and its only use is to facilitate multi-party calls.


            Ports 

            Ports that RemoteSpark requires to be open are:

            1. 443 TCP
            2. 3478 UDP/TCP
            3. 8089 UDP/TCP

            It is also recommended to whitelist *.kognitivspark.net if possible, to avoid confusion and make it easier to access the RemoteSpark service.  Full document for rules is available:


            Firewall Rules & Network Requirements (2.2.x) : Kognitiv Spark


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0