TABLE OF CONTENTS

• Background
• Related Systems
• Types of AWS accounts
  • Amazon Workspaces 
  •  Amazon Workspaces Web 
•  Process
  • Gaining access to the TC and TO DEV & Staging from within Amazon Workspaces
  • Gaining access to the TC and TO DEV & Staging from within Amazon Workspaces Web
• Change Control 

Description

This solution has been prepared to outline to staff the revised method of accessing the TeleControl (TC) and TeleOrder (TO) DEV and Staging environments now that they been isolated behind the firewall.

Background

In order to improve the security for the TeleControl (TC) and TeleOrder (TO), a change has been made to isolate the Development and Staging environments for both applications so that they are no longer internet facing.

Whilst it is acknowledged that there are no external services connecting to these endpoints, isolating them provides an additional layer of security. Previously the development and staging environments for both applications have direct and full access to their equivalent production environments. 

Another benefit of isolating them is that there may be experimental features and PHP configuration settings that inadvertently provide details about the respective environments and their setup. Isolating these would basically decrease the attack surface that we need to worry about.

With the isolation of both environments having now been completed, TeleResult staff with a JIRA account who is required to submit tickets to TeckCraft will require an AWS account. 

This will be only way to undertake testing on one of the staging environments when a change or bug has been fixed and testing is required before the change goes into production.

Related Systems

Nil

Types of AWS accounts

There are two types of AWS accounts that can be used to access the TeleControl and TeleOrder Development and Staging environments.  

These are Amazon Workspaces and Amazon Workspaces Web. In both cases, accounts need to be established by TeleResult DevOps.

Amazon Workspaces 

Amazon Workspaces allows a staff member to run specific applications and websites from within an AWS environment after having been installed on a staff member's desktop.

Whilst Amazon Workspaces provides more functionality, it is more costly for TeleResult and only loads “on demand” so can be slow to initially load when usage is required. 

AWS Workspace accounts have been established for the OSS and Reporting Teams.

 Amazon Workspaces Web 

Amazon Workspaces Web is better value for TeleResult and is a good alternative for staff only needing to access specific websites rather than applications. It allows them to continue using their PC and gain secure access to the websites hosted in AWS private network. 

Amazon Workspaces Web works by maintaining a streaming service in our AWS private network and stream the private websites to the end users. It has been linked to the TeleResult Azure (Office 365) requiring a logon to this environment as well.

 As of 31st January 2023, the following staff have been provided with access to Amazon Workspace Web: Alex Nadeau, Tom Mooney, Brian Stevens, and Viet Tu Vu.

It needs to be noted that Amazon Workspaces Web will only run from within Google Chrome.

 Process

Gaining access to the TC and TO DEV & Staging from within Amazon Workspaces

Amazon Workspaces is a desktop application with logon credentials provided by TeleResult DevOps. By clicking on the icon from your desktop, the following logon banner will appear.

After successfully logging on to Amazon Workspaces, to gain access to the TC and TO DEV and staging environments you will use an internet browser from within the application to go to the one of the following links: 

• https://dev.telecontrol.com.au/live/index.php
• https://staging.telecontrol.com.au/live/index.php
• https://dev.teleorder.com.au/
• https://staging.teleorder.com.au/

Gaining access to the TC and TO DEV & Staging from within Amazon Workspaces Web

From within a Google Chrome browser on your desktop, go to the following link: 

Workspace-web.TeleResult.com.AU, after which the following banner on the left will display: 

By clicking on "Sign in" in Amazon W, the TeleResult Microsoft 365 account logon will display. After having successfully logged on to the TeleResult Microsoft 365, the Amazon Workspaces Web Desktop will appear within Google Chrome.

A series of Managed bookmarks have been established as shown in the top left corner of the image above within the Amazon Workspaces Web Desktop.  This will allow easy access to the TC and TO DEV and Staging environments.

Change Control