Request Remote Support Access
University of Nebraska Information Technology Services (hereinafter referred to as "NU ITS") will provide BeyondTrust as a reliable and secure Remote Support tool for Information Technology staff (hereinafter referred to as "Representatives").
Representatives will follow all policies and guidelines for the acceptable use of BeyondTrust Remote Support to ensure that University users and devices are supported effectively and efficiently, without compromising the privacy or confidentiality of client data.
To obtain access to BeyondTrust Remote Support read and agree to the terms listed below. NU ITS will then contact your supervisor to approve your access request.
Representatives affiliated with the University of Nebraska Central Administration, Kearney, Lincoln, Medical Center, or Omaha shall adhere to any policy set forth by the University in regards to computers and electronic information systems. This includes, but is not limited to, the following:
- Policy for Responsible Use of University Computers and Information Systems (Executive Memorandum No. 16)
If the policy in this document at any time conflicts with University of Nebraska Medicine policy, the policy, as set forth by the governing institution, shall supersede policy as outlined in this document.
Remote Support Portals
General Support – help.nebraska.edu
The general support portal is used for everyday remote support sessions. General sessions are recorded for training and quality control purposes. Session recordings and logs will be retained for 90 days.
Confidential Support – help-confidential.nebraska.edu
The confidential support portal is used for remote support sessions that will involve confidential or regulated information. Confidential sessions are not recorded, only basic session activity will be logged for training and quality control purposes. Session logs will be retained for 90 days.
BeyondTrust Remote Support Sessions
Attended sessions are initiated by a local user that navigates to one of two online portals: help.nebraska.edu or help-confidential.nebraska.edu. At the support portal, a user selects the name of their IT Support Representative or the user types in a pre-shared session key. This method of remote support requires a user to download and install a temporary Jump Client. The user must accept a Remote Support EULA before support can start. The user is in full control of the support session and can terminate it at any time. After the session is complete, the temporary Jump Client automatically uninstalls.
A Remote Support Representative initiates an unattended session through the console on endpoints that have a pre-installed Jump Client. This method of remote support does not require a user to install anything or take any action to begin remote support. The user will be presented with a Remote Support EULA in the chat window that appears when a support session starts. A local user is in full control of the support session and can terminate it at any time. Only University issued endpoints may have permanently installed Jump Clients.
Private Access Role
This role is for accessing Unattended private institutional endpoints or one-time Attended endpoints.
A private institutional endpoint is defined as any desktop, laptop, or tablet that is assigned to a single user for their private use. Examples of private institutional endpoints are those assigned to individual Faculty, Staff, and Students.
A pre-installed Jump Client on private institutional endpoints makes remote assistance quick and easy for users by enabling a Representative to initiate a remote session after being contacted by a user for assistance. Users must be present to accept the remote session and elevate representative access. The user is in full control of the support session and can terminate it at any time.
All Private Unattended Jump Clients reside within common Jump Groups in the Remote Support Representative Console.
Open Access Role
This role is for accessing non-private institutional endpoints.
A non-private institutional endpoint is defined as any desktop, laptop, tablet, or server that is not assigned to a single user and does not contain private user data. Examples of non-private institutional endpoints include research or business workstations, lab computers, appliances, kiosks, digital signs, and servers.
A pre-installed Jump Client on non-private institutional endpoints allows Representatives to openly connect to and control these endpoints without local user presence. This role is useful for managing end-user endpoints that do not contain private or confidential information or administering servers. Open Unattended Jump Clients will not be configured to use the Confidential Portal.
Open Unattended Jump Clients are divided into separate private Jump Groups based on Representative privileges for specific IT support teams. Only one Open Unattended Jump Group will be allocated per IT support team.
This access role allows a representative to view all session recordings and logs for a specific Remote Support representative team. A representative team is comprised of all representatives that have access to a specific Jump Group. This role is leveraged by team supervisors, service managers, security staff, or internal auditors. If you need assistance in determining which team to request access to, please contact a Remote Support Administrator.
RDP & VNC
All access roles include the ability for a Representative to create and store personal RDP & VNC connections for direct access to authenticated endpoints. These sessions are recorded for training and quality control purposes. Session recordings and logs will be retained for 90 days.
Acceptable Use of Remote Support
- Remote Support may only be used by University employees in IT support and administration roles. Remote Support is not available for end users or technicians to gain remote access to their office computers.
- BeyondTrust jump clients may only be installed on institutional endpoints.
- Open Unattended Jump Clients will not be installed on private institutional endpoints, such as those issued to faculty, staff, and students. Open Unattended Jump Clients are reserved for use on non-private institutional endpoints such as workstations, labs, appliances, kiosks, digital signs, or servers. Exceptions will only be granted if the impacted College/Department has completed an Open Unattended Authorization for Private Endpoints MOU.
- Before starting a remote session with a user, it is the responsibility of the representative to ask the user if any confidential or regulated data will be visible. When confidential or regulated data is visible the Confidential Support portal will be used. In the event that confidential or regulated data becomes visible to a representative during a recorded remote session. The representative will immediately contact a Remote Support Administrator to request sanitization of the specific session log.
- Personal data may not be viewed or removed from an endpoint without the consent of the user.
- All actions taken by Representatives are logged and randomly audited for compliance. A representative can review their personal sessions at any time through the administrative web console. A supervisor or manager may request access to view all session logs for his or her representatives.
- Remote Support licensing is provided as concurrent use. Representatives will only open the console as needed to facilitate remote support, then promptly log-off when support is complete. If a representative leaves the console idle for 15 minutes, he or she will be automatically logged out. If a representative monopolizes a concurrent license, NU ITS may request that the representative purchase and maintain a license for their use.
- Understand the impact of Remote Support configuraitons, access roles, and their potential effect on end-users and endpoints. Representatives should only have access to the jump groups they need to complete their work.
- Inform Remote Support Administrators whenever access needs to be changed. Access will not be added or removed until a supervisor, or other designated official notifies a Remote Support Administrator of the change. Representatives will be added on an individual basis after completing this web form. Representatives will not have the ability to modify their access independently.