- 1 Add a call to action to your Glance Screen Share solution
- 2 Change the Color of the Glance Screen Share Box
- 3 Integrate a single Glance Screen Share address into your website
- 4 Integrate multiple Glance Screen Share addresses into your website
- 5 System Architecture and Security Overview
- 6 Security Overview
- 7 Defining roles and restricting privileges
- 8 Remote Support
- 9 Firewalls and Proxies
- 10 Auto Reconnects
- 11 Data Encoding and Streaming
- 12 Encryption
- 13 Call Detail Records
- 14 Hosted Infrastructure
You can customize Screen Share in the following ways:
You can have guests join Glance Screen Share sessions on a web page that Glance hosts, but looks like your website. To learn how, check out this article.
Optionally, when your guest’s session ends, you can have another page be displayed that you can customize with a Call to Action and links to your web site or landing pages.
Please note, if you would like to implement this option, there is a $199 one-time setup fee. Call us for details.
You can easily modify the color of the Glance Screen Share box to match your website’s color scheme. To do so, please follow the steps below.
After completing this how-to you will have …
Paint the box with colors that complement your website
To change the color of the Glance Screen Share box to something that compliments your website, add the HTML text below.
<script>GlanceJoinRadio("style: background-color: #eeffdd; border-color: #66cc00; border-width: 3px",
Match the page’s background color
To make the Glance Screen Share box match the page’s background color (which makes the box invisible), add the HTML below.
<script>GlanceJoin("style: background-color: #ffffff; border-color: #ffffff",
Guests can always connect to Glance Screen Share sessions by visiting your personal Glance web page, which comes with your subscription.
You can also have them connect right from your company’s web site, as well as personalize the look and feel of Glance Screen Share. To accomplish these goals, follow the steps below.
To integrate a single Glance Screen Share address into your website:
- Paste the following two lines of HTML into any web page, replacing yourname.glance.net with your own Glance Address.
- The page now includes a Glance box that looks like this:
- Tell guests to enter your Session Key and click the Glance button. Moments later, they will see your screen.
Note: The Glance box uses an HTML form. Make sure not to put it within another form on your web page.
You can integrate multiple Glance Screen Share addresses into your website in a number of different ways.
If you have multiple Glance Screen Share addresses, paste the first line of HTML once on the web page and use the second line for each Glance Address. This example uses a simple HTML table.
For a live web demo of our product, please call us at 800-123-4567.<br>
John or Jane will give you a personalized tour.
You can use a Glance Screen Share box that lists a name for each Glance Screen Share Address in a pull-down menu.
You can use a Glance Screen Share box that lists options alongside radio buttons.
Apply a Glance box with stacked names
You can apply a Glance Screen Share box that stacks long names with HTML <br> tags.
System Architecture and Security Overview
Complex forms. Instant demos. Documentation. All this and more can reside outside a browser, yet you may need to share it with your customers. With Glance Screen Share, you can demo products, provide onboarding, upsell, teach and help customers, and more by securely sharing views outside of any browser.
Glance Screen Share allows customers and agents to see the same thing and collaborate in real time, instantly reducing frustration, increasing clarity, and building confidence.
The Glance Screen Share Architecture and Security Guide provides an overview of Glance Screen Share’s architecture, user experience, connection methods and security features. It is written for technical experts responsible for the privacy and security of their company’s and customers’ networks and data.
Every business communication tool can present security risks. Understanding a tool’s technical design, capabilities and preferred use cases lets the company craft the guidelines it needs to harvest productivity benefits without compromising security.
Glance Screen Share, which shares live screen content with people outside the company, addresses a number of business and technical requirements:
- Be simple and intuitive, to limit the chance of “pilot error”
- Be dependable
- Provide easy ways to manage and restrict privileges
- Avoid leaving unwanted software on customer’s computers
- Maintain secure connections using standard network protocols
- Protect customer data
This guide addresses those requirements.
Defining roles and restricting privileges
During a session, a participant’s privileges are constrained by role: Host, Guest or Presenter. Additionally, each Glance user belongs to a group, which has at least one Administrator.
Only Glance users with a valid subscription can start (or host) a session.
The Host’s privileges include:
- Deciding who joins the session, by verbally inviting them during a phone call or sending a link to the session by email, chat, Twitter or Facebook
- Making the session’s 4-digit key be random (for private on-the-fly sessions), assigned (for scheduled sessions), fixed (for convenience) or not required (for instantly joining non-private sessions)
- Choosing what contact info (name, email, phone) might be requested when a Guest joins a session, and whether the data is required or optional
- Controlling which monitor is shown (so private content can be kept out of view on another screen)
- Hiding the screen (to view something privately)
- Sharing control of the Host’s mouse and keyboard with all participants (but always retaining priority)
- Starting a session to view or optionally control the first Guest’s computer (for remote tech support)
- Allowing Guests to show their screens
- Ending the session for everyone
Whenever the Host starts a session, at least one guest must join within 10 minutes. Otherwise the session expires,
limiting the chance the Host unwittingly leaves it running.
The Host can end a session at any time. It also ends when the last remaining Guest leaves, like a phone call.
All other session participants are Guests. They join the session using their favorite browser, from any PC, Mac or mobile
device. (Guests on mobile devices connect instantly, without having to download an app.)
With permission, a Guest can:
- View the Presenter’s screen
- Remotely share control of the Presenter’s mouse and keyboard
Guests may leave a session at any time.
A Presenter is the person (Host or Guest) currently showing his screen.
Any session participant (on a PC or Mac) who installed Glance software before joining a session can (with the Host’s permission) become a Presenter. The software is free and can be download here. Presenting participants do not need a Glance subscription.
With the Host’s permission, a Presenter’s privileges include:
- Showing (or hiding) his or her screen at any time
- Controlling which monitor to show (so private content can be kept out of view on other screens)
- Sharing the mouse and keyboard with all participants (while always retaining priority)
Presenters may leave a session at any time.
Every Glance user belongs to a group. A group’s Administrator determines which privileges are granted to all group members.
These privileges include:
- Letting session Guests show their screens
- Letting Presenters share their mouse and keyboard with Guests (for remote pointing and technical support)
- Letting users start “View guest’s screen” sessions (for remote tech support and training)
- Mandating what contact info (if any) Guests must provide before joining a session
- Allowing keyless sessions (so Guests can browse directly into a session)
- Forcing all sessions to be encrypted (Glance 2.7 and above)
For example, a company might assign inside sales people to a group that can start keyless sessions, while placing tech support agents in a separate group that requires keys and makes each Guest provide an email address.
Administrators can also add/change/drop users and update account billing information.
Glance session participants authenticate with the Glance service in different ways, depending upon their role.
Anyone hosting a session needs to install Glance’s thin client software beforehand on his PC or Mac. (Glance sessions cannot be hosted today from mobile devices.) The download is about 1.5 MB. The PC version includes a standard uninstaller. When running, the software places a “G” icon in the computer’s system tray (PCs) or menu bar (Macs). It connects to the Glance service only during a session.
Each Glance user has a personal Glance Address (URL) name.glance.net and password. The user must supply both (via SLL) before he can host a session. Users can be constrained to choose passwords that match criteria describable by a regular expression.
The Host’s computer locally stores an encrypted version of the password. Subsequent sessions can then start with just a click. The Host’s computer silently authenticates its login credentials with the Glance service (via SSL), which confirms the credentials, assigns the session to a Glance server and allows Guests to join.
If a person wants to use a different Glance Address to host a session, the person must provide its associated password.
A user who as forgotten a password can reset it by clicking a link in an email sent by Glance to the account’s associated email address. An Administrator can also set and change passwords for the group’s users.
The Host can adjust how much “friction” Guests experience when joining a session.
Often the Host just verbally invites people to browse his or her Glance Address and enter the session’s four-digit key.
Alternatively, the Host can send invitees a session link in an email, text message or calendar invite, or post it to followers and friends on Twitter or Facebook. The four-digit key can be random (default behavior), assigned by the Host (so it can be announced ahead of time), fixed (for convenience) or not required (for even faster joining).
The Host can also specify what contact info (name, email, phone) each Guest is asked to provide and whether it is required or optional. The data becomes a part of the call detail record of attendees, which the Host cannot alter.
The Host (or his Administrator) can view or download Guest contact info by logging into Glance’s “My Account” area. Additionally, each Glance for Salesforce implementation automatically uploads attendee contact info into the session’s corresponding Salesforce Activity record, and optionally creates Lead objects for unrecognized participants.
Many companies use Glance Screen Share for remote technical support.
An agent can start a session to view a person’s screen or view and control the person’s screen. In either case, Glance uses an ActiveX control, browser plug-in or Java to install a thin client (download is under 1.5 MB) on the Guest’s PC or Mac. Guests typically do not need Administrative privilege to install the client.
While connecting, Glance Screen Share asks the Guest to allow the session’s Host to view (or control) his computer screen. (Refusing the request terminates the session and uninstalls the client.) Once connected, Glance then posts a prominent “Leave” button so the Guest can confidently end the session at any time.
A person must be present at the remote computer to grant access and join each support session. Glance Screen Share cannot auto- reconnect after a Guest reboot, nor can it be used for unattended remote access.
During remote control
During remote control, the Guest retains priority over his or her mouse and keyboard. The Guest can also click a G-icon that appears to control other aspects of the session.
The agent can coach the Guest by taking turns showing his own screen. If needed, the agent can escalate the case, inviting other technicians to join the session and share remote control.
Ending the remote control session
Glance Screen Share auto-uninstalls after each remote support session to a PC, unless the Guest chooses otherwise. Keeping the software lets a returning Guest connect instantly, by skipping the brief download step.
Regardless, Glance Screen Share never leaves icons on the Guest’s desktop, system tray, Dock or menu bar.
Firewalls and Proxies
Glance Screen Share automatically senses and works with most proxy server and firewall configurations, without needing adjustments by technical staff, by identifying the best protocol for each participant’s network environment. Nearly anyone who can surf the web should be able to connect.
Each participant reaches the Glance Screen Share service with an outward-bound connection, using TCP/IP to destination port 5500 (or 5501 with TLS). If that attempt is denied or times out, Glance Screen Share tunnels HTTP to port 80 (or HTTPS to 443). Since TCP is more efficient than HTTP, a company that blocks ports 5500 and 5501 might consider adding a rule to their firewall policy that allows outbound connections to those ports at glance.net.
Glance Screen Share does not use peer-to-peer technology.
Some Glance Screen Share participants may have slow or unreliable Internet connections, due to a weak wireless signal, spotty mobile service, an unresponsive proxy server or an interfering network security device.
If the connection drops or times out, Glance Screen Share automatically attempts to reconnect. Should the problem persist, Glance Screen Share tunnels over HTTP/HTTPS.
Data Encoding and Streaming
Glance Screen Share’s client software captures and transmits screen content using pixel-based methods. Screen changes are digitally compressed using a proprietary patent-pending codec that minimizes bandwidth and latency, while preserving sharpness. The compressed data is encapsulated in a proprietary messaging format and forwarded to each session participant.
Glance ensures each participant enjoys the best possible viewing experience, regardless of session size and network condition. Glance continuously optimizes each participant’s data stream to the instantaneous speed of his or her network connection. Guests with fast connections receive as many screen updates as their networks allow. Those on slower links may need more time to receive updates, but they never fall behind.
To minimize path latency, Glance provisions each session on a server that is geographically close to the Host. All session data flows through that server. If the session is encrypted, Glance uses TLS/SSL to secure all connections between participants and server.
All Glance Screen content is live
All content is live. Presenters do not upload documents or presentations beforehand. No document or file transfer is allowed. No executable code from participant computers is sent. No session content is recorded.
During remote control, the remote (controlling) computer sends its pointer’s relative position, mouse actions and keystrokes to the current Presenter’s computer, which interprets that data locally. Clipboard commands only use each local computer’s clipboard content. Clipboard content cannot be shared.
When a session ends, any transient data cached in the Glance service’s virtual memory is de-allocated. Only call detail records (CDRs) and log files (for debugging) persist. Neither contain session screen data.
All audio is communicated live by phone. Participants may use either their own service provider or the free Glance phone conferencing service, which is fulfilled by a Glance partner, iotum, over the Public Switched Telephone Network.
Glance adds the ability to encrypt all session traffic between each participant and the Glance service using IETF industry-standard Transport Layer Security and Secure Sockets Layer (TLS/SSLv3) technology.
Each participant’s computer or mobile device uses TLS to negotiate the connection’s CypherSuite and key length. Glance also sends each participant a digital certificate, signed by DigiCert or Thawte. The participant’s browser can pass it to a certificate authority to validate Glance’s identity before proceeding. Each connection is then encrypted using the strongest method the corresponding participant supports. SSLv2 is not allowed.
Any participant that cannot establish a secure connection to an encrypted session is denied entry. Encryption can be enabled on a session-by-session basis by the Host. Alternatively, the Administrator can mandate that all sessions hosted by the group’s users be encrypted.
Call Detail Records
Glance archives various metrics about each session:
- Each participant’s IP address and inferred geographic location
- Each participant’s entry and departure times, and total duration
- Guest’s contact info (name, email address, phone), when supplied
The session Host or his group’s Administrator can view or download these records in CSV format by logging into the “My Account” area. These metrics cannot be edited or altered. All “My Account” browser sessions are secured by HTTPS.
Glance session load is spread across two data centers, located near Boston, MA and Oakland, CA, and several remote nodes, including London, Paris, Singapore, Taipei and Sao Paulo. Each session is assigned to a server geographically close to the session’s Host, to minimize path latency. Sessions at each location are balanced across its pool of available servers.
Glance’s distributed architecture ensures there is no single point of failure. Should one server or even an entire data center drop offline, the remaining infrastructure assumes the load. Sessions that were running on a failed server will drop, but Hosts typically can restart them within a minute or so.
Glance’s two main data centers are managed by Internap.com. Internap connects the Glance service directly to multiple major ISPs and avoids network bottlenecks by dynamically assigning each connection to the lowest latency route. Physical access to the Glance servers is restricted to authorized personnel (photo and biometric IDs required) and is monitored 24×7 by archived video and on site security personnel.
All production servers are hardened. Non-essential services are disabled and security patches applied as appropriate. Remote management is by secure SSH only, from pre-authorized IP addresses.