Frequently Asked Questions on HTTPS Usage Reporting
25/05/2019 Cliff Hobbs
This article contains the answers to Frequently Asked Questions (FAQs) relating to http usage reporting for Cloudhouse Compatibility Containers™.
Q: What is a token?
A token enables the Container to establish a connection to our reporting service and submit usage data. The data is linked to the partner and customer for billing purposes. Prior to deployment, the token is a plain text file with a .token extension. Once the Container has been deployed, it is encrypted using Microsoft's Data Protection API (DPAPI) and given the extension .stoken
Q: What types of token are there?
There are two types of token:
- Evaluation - This may be used for training, product evaluation, proof of concepts with customers, etc.
- Regular - This type of token is allocated to a partner who:
- is implementing the solution for a customer who has purchased the Cloudhouse license.
- has purchased and owns the license on behalf of one or more customers. The customer name is the name of the partner.
Q: How do I get a token?
You will receive a token from a Cloudhouse representative. You should only accept tokens you receive via our secure file transfer service.
Q: What do I need to use HTTPS Reporting?
Each Container requires a unique token issued to the partner/customer.
Q: What data is collected?
The following data is collected:
UTC_TimeStamp, UsageId, PackageId, Event, Operating_System, CPU_Core_Count, Deploytype, UserSidHash, MachineSidHash
Q: Is the data secure?
Yes, all data is sent securely over HTTPS, via Port 443.
Q: Is there data privacy?
Yes for sensitive information the machine and user names are both hashed using SHA256 - GDPR classes this as the pseudonymization of data.
Q: Where does the data go?
Q: What if the token is missing from the Container?
If the token is missing or corrupt the Container will not deploy.
Q: How is the Container's token secured when it is deployed on a machine?
The token is encrypted using Microsoft's Data Protection API (DPAPI), which uses the machine SID for machine deployments, or the user's SID for user-based deployments.