If Exasol Support has access to your cluster with a VPN connection, like that which is needed for Monitoring Services, the following describes the process that Exasol Support uses to connect to your cluster. The only people who are able to connect to your cluster are members of the Support Team.
Exasol's Engineers must connect to their Exasol VPN before they are able to access any support hosts. This authentication is done using their Active Directory Credentials. This ensures that even when Engineers are working from home, the connection to your cluster and any data is secure.
Exasol Support can connect to your support host (jump server) using 2-factor authentication: AD password + yubikey
Once in the support host, Exasol Support can connect to your support host via the site-to-site VPN that is configured between the cluster and Exasol. This VPN must pass through the both the Exasol and Customer's Firewall.
The passwords to connect to the cluster (if allowed) are stored in a secure password safe within the Exasol network. Only authorized support engineers have access to this password safe and they must be in the Exasol VPN and authenticate with their AD password.
With these methods in place, we ensure that only authorized personnel have access to your cluster and all data is transmitted securely.