From the very beginning, we understood that we needed a small stream of system users in order for them to test the product in combat mode and give some kind of first feedback. Several purchased posts in VK bore fruit. The first registrations went.
It must be said here that it is very difficult to enter the market when your company does not have a famous name, and at the same time provide agentless monitoring functionality in which you need to enter accounts from your servers and workstations. It scares a lot of people. We understood from the very beginning that there would be problems with this and were ready for it both technically and morally. All remote connections, despite the fact that RDP and SSH are encrypted by default, are additionally encrypted by our software according to the AES standard. All data from local servers is transmitted to the cloud over HTTPS. Accounts are stored encrypted. Encryption keys for all subsystems are individual for all clients. Session encryption keys are generally used for remote connections.
All we can do in this situation to make people feel safer is to be as open as possible, work on security and not get tired of answering people’s questions that concern them.
For many, the convenience and functionality of the software outweigh the fear, and they register. Some personalities in the published posts in VK wrote that this software cannot be used because it is a collection of their passwords and generally a nouname company. I must say that not one person had such an opinion. Many simply do not understand that when they put another proprietary software on a server that works as a service, they also have full rights in the system and they do not need accounts in order to do something illegal (it is clear that you can change the user from whom the service is launched, but so here, you can enter any account). In fact, people’s fears are understandable. Installing software on the server is a familiar thing, but entering an account is already a little scary and intimate, since a good half of people have one password for all services, and it’s lazy to make a separate account even for a test. But at the moment there are a huge number of services that people trust with their credentials and not only. And we strive to become one of them.
A lot of comments were of such a plan that we stole it somewhere. We were slightly surprised by this. Well, okay, the opinion of one person, but such comments were found in various publications from different people. We didn’t know at first how to react to this. Either to be sad that some people have the opinion that in Russia no one can do anything by himself, but can only steal, or to be happy that they think that such a thing can only be stolen.
Now we have completed the procedure for obtaining an EV Code Sign Certificate. To get it, you need to pass a number of checks and send a bunch of documents about the company, some of which must be certified by a lawyer. Obtaining an EV Code Sign certificate in a pandemic is generally a separate topic for the article. The procedure was delayed for a month. And it was not a month of waiting, but of constant requests for additional documents. Maybe the pandemic has nothing to do with it, and everyone’s procedure took so long? Share it.
Some say that we will not use it because there is no FSTEC certificate. We have to explain that we can’t get it and we won’t because to get this certificate, encryption must be in accordance with GOST, and we plan to distribute the software not only in Russia and use AES.
All these comments caused some uncertainty that it is possible to promote a product in which you need to enter accounts without being heard at the same time. Even taking into account the fact that we knew that there would be those who have a very negative attitude to this. After the number of registrations exceeded a thousand, we stopped thinking about it. Especially after, in addition to the negativity of those who have not even tried the product, very pleasant reviews began to appear. I must say that these positive reviews are the biggest motivator for product development.
Adding remote access functionality for employees
One of the frequent tasks from clients is “make Vanya access to his computer from home”. We raised VPN on microtik and made accounts for users. But this is a real problem. Users are not able to watch the instructions and do it step by step to connect via VPN. Different versions of Windows. In one Windows, everything is connected well, in the other, a different protocol is needed. And in general, it was always connected with the reconfiguration of network equipment, which acted as a VPN server, and not all employees have access to it and it was inconvenient.
But we already have remote connections to servers and network equipment. Why not use a ready-made transport and make a separate small utility that you can simply give to the user to connect. I just wanted to make sure that the user did not enter anything abstruse there. Just one “connect” button. But how will this utility understand where to connect if there is only one button in it. There was an idea of online assembly of the necessary application on our servers. The system administrator clicks the “download shortcut” button, and a command is sent to our cloud to assemble an individual binary with the information on connecting to the desired server / computer via RDP. In general, it could be done. But this is a long time, the administrator would have to wait first until the binary is compiled, and then downloaded. Of course, it would be possible to add just a second file with the config, but this is already 2 files, and for simplicity, the user needs one. One file, one button and no installers. After reading a little the expanses of Google, I came to the conclusion that if you add some information to the end of the compiled “.exe”, then it does not spoil (well, almost). You can even add war and peace there, and it will work as before. It’s a sin not to use it. Now you can just unpack the application on the go right in the client itself, by the way it is called Veliam Connector, and simply add the information you need to connect to it at the end. And the app itself knows what to do with it. Why did I write “well, almost” in parentheses a little higher? Because you have to pay for this convenience by the fact that the application loses its EDS signature. But we, at this stage, believe that this is a small price for such convenience.