Skip to content

SmrtHub Support Operations

Support operations revolve around three workflows:

  1. Keep the signed evidence surfaces healthy (Storage Guard, retention configs, legal holds).
  2. Capture sanitized Support Bundles on demand from HubWindow’s tray menu.
  3. Hand bundles to SmrtRun support without leaking secrets or violating retention policy.

This guide explains how administrators stage policies in ProgramData, how day-to-day operators trigger exports, and what to verify before sending evidence off the workstation.

Who Owns What

Role Responsibilities
Platform/IT Admin Push canonical templates to %ProgramData%/SmrtHub/Config, approve retention/legal hold changes, ensure Storage Guard service is running.
Local Operator Initiate Support Bundle exports, confirm redaction scopes, hand resulting archives to Support.
Support Engineer Consumes the bundle, validates signatures, requests follow-up bundles if retention windows changed.

Admins typically run elevated PowerShell to copy templates into ProgramData; end users only touch %AppData%/SmrtHub when collecting bundles.

Evidence Layout & Templates

  • ProgramData (%ProgramData%/SmrtHub) – canonical home for shared configs. Templates for retention policies, legal holds, and storage-guard secrets are copied here during provisioning so every signed artifact reflects enterprise-approved values.
  • LocalAppData (%LocalAppData%/SmrtHub) – fallback path used on developer workstations when ProgramData is unavailable. Operators should prefer ProgramData on production boxes.
  • AppData (%AppData%/SmrtHub) – per-user logs and configs. Support Bundles read these folders plus ProgramData when assembling evidence.

Provisioning checklist:

  1. Copy the retention template from SmrtApps/src/Smrt.Retention/Templates/RetentionConfiguration.json (example path) into %ProgramData%/SmrtHub/Config/retention/retention-configuration.json.
  2. Copy the legal hold template into the same folder, even if no holds exist; the validator expects the file.
  3. Run Storage Guard once (service start or CLI) so system-info/storage-guard.json and .sig exist before the first bundle.
  4. Confirm Supervisor can read the new configs (check retention log folder for validation success events).

Launch Points for Support Bundles

UI surface Status Notes
HubWindow tray menu → Support Bundle Available now Opens a dialog that wraps SupportBundleExporter. Prompts for optional time window and module filters.
Tray menu sub-menu (future) Planned Keep verbiage generic (“app tray menu”) so the same instructions apply when the menu expands.
Settings Panel → Advanced → Support Bundle Planned Documented here so operators know another entry point is coming; behavior will mirror the tray menu.

Regardless of entry point, the exporter performs the same steps:

  1. Query Supervisor for component state, restart counters, and quarantine notes.
  2. Traverse Operational Data Policy paths for logs and configs.
  3. Copy Storage Guard snapshot + signature, retention evidence, and recent verification logs.
  4. Run sanitization/redaction pipelines.
  5. Package everything into a signed zip under %AppData%/SmrtHub/SupportBundles (exact folder is shown in the UI).

Operators should wait for the final toast that includes the bundle path before closing the tray menu dialog.

Retention Policies

Retention rules live in %ProgramData%/SmrtHub/Config/retention/. Administrators edit these JSON files with elevated rights, then restart Supervisor or Storage Guard to pick up the change.

Key fields:

  • RetentionDays – window per provider. Shorten only when Storage Guard reports enough free space.
  • MinimumCopies – ensures at least n artifacts remain before a sweep removes anything.
  • FreeSpaceFloorPercent – Storage Guard raises a warning if the disk falls below this percentage.
  • EmergencyPurgeAllowed – keep false unless Compliance explicitly approves a purge script.

Validation happens through Smrt.Retention. If a change fails, Storage Guard writes the error to SmrtHub/Logs/system-info/storage-guard-service/ and continues using the previous config. Fix the JSON, re-copy it into ProgramData, and restart the service.

Legal holds override retention windows. Each hold specifies:

  • Scope (path glob or provider label)
  • Reason and Tickets metadata
  • Optional expiry date

To add a hold:

  1. Duplicate the hold template in %ProgramData%/SmrtHub/Config/retention/legal-holds.json.
  2. Populate the metadata fields and set IsSystemHold to false unless directed otherwise.
  3. Run the Retention verification helper (SmrtApps/tools/Retention/VerifyRetention.ps1, placeholder) or restart Storage Guard to validate.
  4. Notify operators that bundles will include the updated holds automatically.

While a hold is active, retention sweeps skip matching artifacts and Support Bundles list the hold in their report so Support understands the compliance posture.

Scrubbing & Redaction

Support Bundles never include raw secrets or extraction source material:

  • Sanitizer targets DataClassFlags for credentials, tokens, host info, and PII.
  • Patterns derive from the Asset Policy; updates apply to both C# and Python exporters simultaneously.
  • Redaction counts show up in the bundle’s HTML report (ReviewReport.html) so auditors see exactly what data was scrubbed.

Operators can reduce bundle size by filtering modules (Logs, Diagnostics, Config, Retention) in the tray dialog, but redaction always runs regardless of scope.

Storage Guard & Signatures

Storage Guard is the trust anchor for every bundle. Before submitting evidence, verify:

  1. storage-guard.json timestamp is recent (default cadence is 10 minutes).
  2. storage-guard.sig exists beside the JSON.
  3. Support Bundle report shows “Storage Guard verification: OK”.

If Storage Guard is unhealthy, restart the SmrtStorage Guard Windows service. Persistent failures usually mean the shared secret under %ProgramData%/SmrtHub/Config/storage-guard/storage-guard-secret.json is missing; rerun the provisioning script to regenerate it.

Export Checklist

  1. Confirm retention/legal hold configs are current in ProgramData.
  2. Ensure Storage Guard snapshot + signature exist.
  3. Trigger the Support Bundle from the app tray menu.
  4. Wait for the completion toast and note the output path.
  5. Optionally open the HTML review to confirm redaction counts and Storage Guard validation.
  6. Transfer the signed zip to Support over the approved channel.

Troubleshooting

Symptom Resolution
Tray menu option missing Ensure HubWindow is running under Supervisor and that the user has local session rights. Restart HubWindow if the menu cache is stale.
Export fails immediately Check SmrtHub/Logs/smrthub-support/ for validation errors (missing ProgramData configs, bad JSON). Fix the config and retry.
Bundle lacks Storage Guard evidence Confirm the service emitted storage-guard.json recently; rerun the service and recreate the bundle.
Redaction count is zero even with sensitive data Update to the latest SmrtHub build; older trays might be using deprecated sanitization libraries.

Document these steps in runbooks so on-call staff can collect bundles quickly even before the full settings panel ships.