article

Ben Wilson avatar image
4 Likes"
Ben Wilson posted Ben Wilson edited

Data sent to FlexSim

You might be wondering what data is collected when you use FlexSim simulation software. How is it sent to FlexSim? How is it stored? What is it used for? Can you opt out?

Below you'll read all about it, but for those who can't be bothered:

tl;dr: Our customers have complete control when deciding what data is sent to FlexSim. Any data gathering is easily circumvented, disabled, or avoided.

If that interests you, read below for the details.

Introduction

There are four ways your data may be sent to FlexSim, and there are workarounds you can implement for each to avoid sharing any data. Each link jumps to its section below:

  1. FlexSim Accounts (contact information)
  2. Licensing your software or your local license server (license and computer information)
  3. Online communications from the software (license and computer information)
  4. Support or model building services (customer-sent data)

You can also jump to the Conclusion.

FlexSim Accounts

We receive user personal contact information when someone signs up for a FlexSim account, or when an account is created for a person in order to give them a license.

  • FlexSim Account information includes required fields (name, email, organization, country) and optional fields (including title, address info, phone). These data are submitted to FlexSim through web forms. Our website is only accessible via HTTPS, with TLS 1.2 or higher enforced. FlexSim's databases are hosted in United States data centers and this data is encrypted at rest with LUKS (Linux Unified Key Setup) in default mode aes-xts-plain64:sha256 with a 512-bit key. Data is encrypted in transit with SSL.
  • FlexSim US's CRM is HubSpot, and US contacts are saved there. HubSpot ensures that your data is encrypted at rest. HubSpot's sites and services are accessed via HTTPS and we've configured our account's security settings to require TLS 1.2 or higher.
  • Contacts from outside the United States are forwarded to their regional FlexSim distributor, each of whom may use a CRM of their choice.
  • Our websites track usage information to help us improve our marketing and fix bugs. Basic web browsing logging data is collected, such as IP/location information, browser type, session duration, etc. Additionally, if you are logged in to your FlexSim account, we keep download, license, and profile logs. You can read more about the different web tools we have in place at our privacy policy.

Workaround

A FlexSim Account requires a person's contact information for convenience only. If a customer wishes, an account can be set up with a generic name, like "CompanyXYZ FlexSim Rep," and a generic email, like "[email protected]". Having a real name and email of an actual person is convenient, but also optional. As long as we have a way to communicate with a customer, that works!

Licensing

License codes in plaintext

When a client PC connects to our main license server to activate a standalone FlexSim license, it does so over plaintext HTTP. This means that license codes are transmitted in the clear. Since the time of implementing our in-software licensing, our 3rd party software licensing vendor, Flexnet, has released updates that would allow us to build in HTTPS communication for licensing actions. These features have not yet been implemented in FlexSim simulation software, but it is on our development list. The risk to a licensed user is that if your online communications are being monitored your license keys could be compromised, allowing someone else to obtain your FlexSim license keys and potentially use them to activate your FlexSim licenses and consume your seats, leaving you without the ability to activate those seats normally.

To our knowledge, this has happened exactly Zero times since we implemented Flexnet licensing in 2010.

If there is ever an issue where a license should be available but for some reason is not successfully activating, customers can contact their local FlexSim distributor for licensing support. These situations can be handled quickly.

The same situation exists when licensing a local license server - flexsimserveractutil.exe transmits the license code to FlexSim in plaintext over HTTP.

License codes are stored in plaintext in FlexSim's main Flexnet Operations server database.

Additional license history information

When a license is activated over the Internet, whether by a client PC (standalone license) or when configuring a license server (server license), FlexSim also receives the Windows username of the person logged in doing the action, and the Windows computer name where the license is being activated. When activating a standalone license this information is first AES-256 encrypted before transmission over HTTP. For a license server the username/computer name are transmitted in plaintext over HTTP. Once received by FlexSim, the Windows computer name and username are stored in our database which is LUKS encrypted at rest, and are displayed to the customer in their account's license history. The license history allows customers to track license usage and location - a useful feature requested by our customers to help manage standalone licenses shared among multiple people.

When activating a standalone license over the internet, the software also sends basic operating system and FlexSim software version information, which, like the Windows username/computername, is AES-256 encrypted before being transmitted over HTTP. This additional information is AES-256 encrypted at rest.

Workaround

We have an alternate method of licensing that applies to both standalone PCs and license servers where a user generates XML requests and manually submits them to FlexSim's website over HTTPS using TLS 1.2 or higher. Licensing by XML avoids the following potential issues:

  • License codes sent in plaintext over HTTP
  • FlexSim receiving Windows username and computer name information, and in the case of standalone licensing, additional operating system and FlexSim software version information.

Manual licensing is somewhat less convenient and more time consuming than online licensing - instead of just a button push there are several steps to follow in sequence, including generating requests, uploading requests, downloading responses, processing responses. It is up to you to decide whether easy-online or manual-XML licensing is most appropriate for your organization.

License operations, both automated/online or manual/XML are documented in our article Licensing Procedures.

Online communications

Start page

FlexSim software has a web-based start page that by default sends basic computer information to FlexSim to request introductory content to display when starting the software. This information includes FlexSim version, and general Operating System properties including Windows version, language, and country. These are used to display appropriate content to the user. For instance, we have localized versions of the start page depending on the country and language settings sent by the client PC. If a computer is licensed, the license information along with Windows username and computer name are also sent, again for a history of license use, and also in the case that FlexSim needs to display specific information only to licensed users, such as expected maintenance windows for FlexSim's main license server, etc.

The start page is enabled by default. The above-described information is AES-256 encrypted and then transmitted to FlexSim over HTTPS using TLS 1.2 or higher. The data remains AES-256 encrypted at rest.

Telemetry

A user can also enable additional telemetry as an opt-in feature. This sends additional operating system and hardware information such as CPU, RAM, screen resolution, GPU type and driver version, all of which helps us build an aggregated view of the computer capabilities of our user base. This is useful for development decisions, to make sure we target the simulation software to hardware that is generally available to a majority of our user base. This telemetry info is AES-256 encrypted, transmitted to FlexSim over HTTPS TLS 1.2 or higher, and stored in AES-256 at rest.

Workaround:

  • The start page can be disabled with an in-software setting.
  • Additional telemetry is an opt-in feature.

You can read more about online communication in our Sofware License Agreement, item 15. Online Communication. The in-software settings are configured from FlexSim simulation software's main menu > File > Global Preferences > Dynamic Content tab.

Support

In the course of using FlexSim simulation software, your simulation engineers may send models or other data to FlexSim for support via email or by posting to this online community. Your employees should only do so according to whatever applicable policies you have in place.

In this online community, questions can be asked publicly, allowing our worldwide community and partners to help solve problems and provide answers, insights, and experience. Questions can also be posed privately, where they are only visible to site moderators (FlexSim employees).

Our Answers community is a service created, hosted, and supported by AnswerHub, an IgniteTech subsidiary. FlexSim doesn't have control of the hosting or databases associated with this service. IgniteTech has their own privacy and security policies. The site is configured for communication over HTTPS and, at least for my connection, indicates it is using TLS 1.3.

Workaround

Don't post or email confidential data. If you need support but your simulation model contains proprietary/confidential/secret information, you could:

  • Pose a general question without including any attachments.
  • Post a sample model you create that demonstrates the question or issue at hand without using any confidential information.

If you have a current maintenance contract you can also contact your local FlexSim distributor for live phone or web meeting support. You could share your screen so that our support staff could help troubleshoot your issues directly on your PC. In this way you could get the help you need without ever transferring any files or data off your computer.

Conclusion

Any data that FlexSim might receive is described above, and any data gathering can be circumvented, disabled, or avoided using the provided workarounds. Our customers maintain complete control when deciding what data is sent to FlexSim.

In addition, we're happy to delete any information we may already have on your company or your users. We are responsive to our customer's requests and wish to assure you of our commitment to your privacy and security. Simply contact your local FlexSim distributor with any requests about what data we have about you or to request any deletions.

Thank you for your patience in reviewing this long article! Contact your local FlexSim distributor if you have any questions or concerns.

datasecurityencryptionprivacytransmit
5 |100000

Up to 12 attachments (including images) can be used with a maximum of 23.8 MiB each and 47.7 MiB total.

Article

Contributors

ben.wilson contributed to this article

Related Articles