Performance features SaaS operation

Similar documents
Cloud Services Frequently Asked Questions FAQ

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Serv-U Distributed Architecture Guide

SaaS Listing CA Cloud Service Management

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Systems Support - Extended

System Business Continuity Classification

Information Services Hosting Arrangements

CSC IT practix Recommendations

State of Wisconsin. File Server Service Service Offering Definition

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Presentation: The Demise of SAS 70 - What s Next?

Installation Guide Marshal Reporting Console

HIPAA HITECH ACT Compliance, Review and Training Services

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

VCU Payment Card Policy

Service Level Agreement

Data Protection Policy & Procedure

Microsoft Certified Database Administrator (MCDBA)

System Business Continuity Classification

GUIDANCE FOR BUSINESS ASSOCIATES

expertise hp services valupack consulting description security review service for Linux

TrustED Briefing Series:

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Disk Redundancy (RAID)

How To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn

BME Smart-Colo. Smart-Colo is a solution optimized for colocating trading applications, built and managed by BME.

Instant Chime for IBM Sametime Quick Start Guide

Understand Business Continuity

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Serv-U Distributed Architecture Guide

CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY

Session 9 : Information Security and Risk

DISASTER RECOVERY PLAN TEMPLATE

SOFTWARE DEVELOPER POSITION BY RIOMED LTD. SAFE. EFFICIENT. QUALITY WORLD CLASS HEALTHCARE SOLUTION

Symantec User Authentication Service Level Agreement

Licensing Windows Server 2012 R2 for use with virtualization technologies

Description of Colocation Centre, Scope of Services

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Ensuring end-to-end protection of video integrity

Datasheet. PV4E Management Software Features

Monthly All IFS files, all Libraries, security and configuration data

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

Personal Data Security Breach Management Policy

IT Help Desk Service Level Expectations Revised: 01/09/2012

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

SMART Active Directory Migrator Requirements

Health Care Solution

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

Unified Infrastructure/Organization Computer System/Software Use Policy

MCSA: Windows 7 Boot Camp for Desktop Support Technicians

Service Request Form

Process of Setting up a New Merchant Account

Diagnostic Manager Change Log

The ADVANTAGE of Cloud Based Computing:

Internet Service Definition. SD012v1.1

THOMSON REUTERS C-TRACK CASE MANAGEMENT SYSTEM SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6

LINCOLNSHIRE POLICE Policy Document

Customer no.: enter customer no. Contract no.: enter contract no.

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Managed Firewall Service Definition. SD007v1.1

Mobilizing Healthcare Staff with Cloud Services

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

Service Level Agreement

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Integrating With incontact dbprovider & Screen Pops

Business Continuity Management Systems Foundation Training Course

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

Introduction to Mindjet MindManager Server

service description Colocation of Equipment Infrastructure as a Service

In addition to assisting with the disaster planning process, it is hoped this document will also::

Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Licensing Windows Server 2012 for use with virtualization technologies

2008 BA Insurance Systems Pty Ltd

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

This guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform

Project Startup Report Presented to the IT Committee June 26, 2012

ABELMed Platform Setup Conventions

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Communications Campaign Manager (15 Months Fixed Term Contract) Grade 4

Case Study. Portal Upgrade and Management services to a US based Fast Food Chain. Ananthakrishnan J Architect, Sonata Software

Waitemata District Health Board, 15 Shea Terrace, Takapuna

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Implementing SQL Manage Quick Guide

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Restricted Document. Pulsant Technical Specification

Merchant Processes and Procedures

Unified Communications

Nuance Healthcare Services Project Delivery Methodology

Knowledge Base Article

How To Write Insurance Quotation Software For Gthaer Vericherungen Insurance Prducts

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

State of Wisconsin Division of Enterprise Technology (DET) Distributed Database Hosting Service Offering Definition (SOD)

Captive outsourcing models

Administration of SQL Server

Transcription:

SaaS peratin Valid as f 08 April 2013

Cpyright Fabasft Distributin GmbH, A-4020 Linz, 2013 All rights reserved. All hardware and sftware names used are registered trade names and/r registered trademarks f the respective manufacturers. These dcuments are strictly cnfidential. Transmissin and presentatin f these dcuments alne des nt establish any rights t ur sftware, ur services r service results r ther prprietary rights. Any passing n, publicatin r reprductin is prhibited. Fr the sake f cnvenience this dcument des nt make use f gender-specific terms. Any terms shall refer t bth wmen and men fr the purpses f equal treatment. 2

Cntents 1 Hardware and sftware envirnment 4 1.1 Applied hardware and sftware envirnment 4 1.2 Prerequisite hardware and sftware envirnment 6 2 Service Levels 6 2.1 Security 6 2.2 Data security 8 2.3 High availability 8 2.4 Respnse time behaviur 9 2.5 Multi-client capability 9 2.6 Scalability 10 2.7 Transparency 10 3

Hardware and sftware envirnment 1.1 Applied hardware and sftware envirnment Because f high requirements n the data prcessing centre, the entire hardware and sftware envirnment is designed fr high availability, high reliability, simple scalability, high security and easy maintenance. The fllwing cmpnents, which were implemented fr the peratin f cntracted sftware prducts, are illustrated in an verview chart: Data center 1 Lad balancer... Database server Firewall Applicatin server farm File server Backup data center Internet Firewall Backup server Reference wrk statin Lad balancer... Applicatin server farm Data center 2 Database server File server The cntracted sftware prducts are perated in a ttal f three cmputer centres. Tw active cmputer centres (cmputer centre 1 and cmputer centre 2) are lcated at tw different lcatins. The backup cmputer centre is cllcated with cmputer centre 1. 4

Active cmputer centres Bth active cmputer centres are lcated at tw separate lcatins. These lcatins are separated by a distance f apprximately 2 km. Bth cmputer centres are equipped with redundant climate cntrl systems and redundant netwrk infrastructures. In the event f a pwer interruptin, the uninterruptible pwer supply at cmputer centre 1 can supply adequate pwer t the equipment fr up t 15 minutes. Cmputer centre 2 has an uninterruptible pwer supply with a cnnected diesel emergency pwer generatr, which supplies pwer t the equipment during lnger pwer interruptins. Backup cmputer centre The backup server and tape library fr securing all data are perated in the backup cmputer centre. The backup cmputer centre is equipped with its wn access cntrl, redundant climate cntrl systems and netwrk infrastructure, and emergency pwer supply. The applied cmpnents are described in the fllwing: Reference wrkstatin The reference wrkstatin is cnnected t the Internet via a netwrk cnnectin independent f saas.fabasft.cm. The availability f saas.fabasft.cm, as well as the fulfilment r nn-fulfilment f cntractual warranties in the sftware prduct infrmatin, is checked frm the reference wrkstatin. The reference wrkstatin is equipped with the fllwing hardware cnfiguratin: Intel Pentium Dual-Cre Prcessr 2.5 GH 2 GB RAM The fllwing sftware prducts are used n the reference wrkstatin: Micrsft Windws XP Prfessinal SP3 Micrsft Internet Explrer 7.0 Adbe Reader 9.1 Micrsft Office 2007 SP1 Fabasft Fli 2013 Spring Release (Fabasft Fli Plug-in) Fabasft app.telemetry 2013 Spring Release Firewall The firewall prtects the entire envirnment against unwanted access frm the Internet. Access t saas.fabasft.cm is nly permitted via HTTPS (TCP prt 443). Lad distributr The lad distributr balances incming requests acrss the applicatin servers in the applicatin server farm. Applicatin server farm The applicatin server farm cnsists f several applicatin servers. Prcessing lgic is calculated n the applicatin servers, and the display (HTML) fr the web brwser is als generated there. In additin, the applicatin server is respnsible fr frmat cnversin (with OpenOffice.rg, fr example). Special applicatin servers als perfrm user authenticatin. Database server The database server is used fr string the metadata in a relatinal database system. File server The file server is respnsible fr string cntent. 5

Backup server A current, cmplete database is kept cnstantly n the backup server. The backup server and tape drives als perfrm a backup n backup tapes. Archive system The archive system is respnsible fr write-prtected archiving f cntent and is perated at bth lcatins. Archived cntents are replicated between lcatins. 1.2 Prerequisite hardware and sftware envirnment The custmer must perate a certificatin centre fr the issuance f digital certificates. The custmer bears sle respnsibility fr the security f issued certificates and/r the certificatin centre. If there is a failure in the Internet cnnectin, firewall r lad distributr n saas.fabasft.cm, the netwrk cmpnents used by the custmer (especially prxy servers) must supprt the autmatic failver n public IP addresses that are still available. Mrever, every registered user must be prvided with a wrkstatin that cmplies with the requirements f Fabasft Fli Cmpliance (see http://www.fabasft.cm/fli/saas/spi ). 2 Service Levels 2.1 Security ISO 9001 The Fabasft Grup has been ISO 9001 certified since February 2002. ISO 9001 is an internatinal standard that prvides guidelines fr the design f prcesses within a cmpany and describes the entire quality management system n a mdel basis. This is meant t ensure that custmers receive the quality they expect. Quality in this cntext means that the custmer's requirements are met t the highest pssible degree. The nrm adheres t the fllwing eight principles: Custmer fcus Leadership Invlvement f peple Prcess apprach System apprach t management Cntinual imprvement Factual apprach t decisin making Mutually beneficial supplier relatinships At Fabasft, the intrductin f a quality management system, fllwed by annual audits by external auditrs, means transparent prcesses, faster recgnitin f weak pints, and clarity in terms f expertise and accuntability. A dynamic cntinual imprvement prcess guarantees cnstant further develpment in Fabasft's quality and security. ISO 27001 Fabasft has been ISO 27001 certified since July 2007. ISO Standard 27001 is an internatinally recgnised standard fr evaluating the security f IT envirnments. The scpe f Fabasft's certificatin specifies the requirements fr cmplete infrmatin security management regarding all IT and business prcesses and all sensitive cmpany infrmatin. Fabasft, in its capacity as a service prvider, has sensitive business-related custmer data. The cnfidentiality and accessibility f infrmatin are therefre imprtant prerequisites fr successful business peratins and frm the fundatin f cperatin based n trust. Fr ur custmers, ISO 27001 certificatin means cmpliance with clearly specified technical, security-related standards and the Fabasft cmputer centre Service Levels defined by these standards. 6

Regular internal audits, as defined by ISO 27001 prcesses and measures, are the basis fr the further develpment f internal IT security standards the cntinual adjustment t changing cntexts and tasks. The high requirements f the ISO certificatin are audited n a yearly basis and extended fr anther year if the audit is successful. The catalgue f requirements, which cnsists f apprximately 130 measures, cntains fr example instructins regarding data prtectin, infrmatin handling, backup, recvery and risk assessment. Security at the applicatin level All cmmunicatins via the Internet are encrypted. Access t saas.fabasft.cm is nly pssible via a digital certificate issued by the custmer. Data security is reflected in the applicatin itself by means f a prven ACL cncept. Security at the netwrk level T prevent attacks n unmnitred prts, the firewalls fr saas.fabasft.cm nly accept HTTPS data traffic n TCP prt 443. Netwrk security is increased further by address translatin technlgy. Physical security All cmputer centres are equipped with alarm systems that immediately alert law enfrcement if there is an unauthrised attempt t enter a facility. Cmputer centres are als equipped with vide surveillance and early fire detectin systems. Admissin t the cmputer centres is limited f curse t authrised emplyees nly. Future prspects Fabasft is planning n expanding its service fferings in the sftware-as-a-service area. As an initial step, Fabasft will therefre underg an audit fr revisin security t be cnducted by an external auditr up t the end f the financial year 2009/2010 (up t 31 March 2010). Fabasft will als underg an SAS 70 Type II certificatin prcess by the end f the financial year 2009/2010. Revisin security The term revisin security refers primarily t an audit-prf type f archiving fr electrnic archive systems. Such a system is riented twards an understanding f revisin in a business cntext, ne that pertains t data and infrmatin that must r shuld be archived. In terms f electrnic archiving, revisin security relates t bth the technical cmpnents and the entire slutin. The essential features f a revisin-safe archiving system are: Cntents are stred unchanged (in the riginal) and in a frgery-prf manner, Cntents can be fund with a search All actins in the archive are lgged fr reasns f traceability. A revisin-safe system must ffer the user the ptin f ensuring cmpliance with cmpany plicy n data security and data prtectin ver the useful life f the archive. Archive systems r sales applicatins, r dcument management systems with cnnected archive systems, are typically audited n site individually fr each cmpany in individual certificatin prcesses. An verall certificatin fr cmplete systems r cmpnents f hardware and sftware systems is nt pssible, particularly as the individual use, quality f prcesses and infrmatin, and secure peratin are all essential factrs in a certificatin. SAS 70 Type II The Statement n Auditing Standards Nr. 70 (SAS 70) is an internatinally recgnised standard develped by the AICPA (American Institute f Certified Public Accuntants). SAS 70 is a standard designed specifically fr auditing utsurcing businesses. SAS 70 results in the preparatin f a reprt n the cntrls / cntrl bjectives implemented by a service prvider. An SAS 70 reprt certifies that a business has a functining cntrl system. 7

An external auditr frm the service prvider prepares such a reprt. Because the SAS 70 reprt disclses the service prvider's cntrl systems, it is pssible fr the utsurcer t examine the service prvider's implemented methdlgies s that the utsurcer may achieve the necessary level f security and ensure that services are perfrmed with the necessary care. The SAS 70 standard differentiates between tw types f audits and the SAS 70 reprt that results frm an audit: SAS 70 Type I cnfirms the descriptin f the service prvider's internal cntrl system at a specific pint in time and cntains the summarised results frm an independent auditing firm. The bjective f SAS 70 Type II is t cmprehensively test the internal cntrl system - in additin t a pure descriptin f this system - and t evaluate its efficacy in detail. The audit takes place ver a perid f six mnths. The SAS 70 Type II reprt therefre cntains the external audit firm's pinin n the service prvider's cntrl systems, a descriptin f the cntrl pints and cntrls, infrmatin n the audit perids, a descriptin f the auditing methd, and a statement n the efficacy f the cntrls. 2.2 Data security Metadata and cntents are stred during the peratin f the cntracted sftware. Metadata The metadata are stred in a relatinal database system n database servers. The database servers are perated as a failver cluster with tw cluster ndes. There is a cluster nde in each f the tw active cmputer centres. The data n the database servers are mirrred synchrnusly between bth cmputer centres. Cntents The cntents are stred directly frm the applicatin servers t the file servers. The applicatin server writes simultaneusly t bth file servers in bth active cmputer centres. A full nline backup f the database is perfrmed nce per day. The saved data are stred n bth database servers and n the backup server. In additin, all three cmputer centres maintain a cnstant recrd f the database with "lg shipping" at intervals f 15 minutes maximum. After a full database backup, there is a daily full backup f cntents n the backup server. Once a week, the mst current backup is stred n backup tapes with the aid f tape rbts. In this prcedure (disk t disk t tape), the backup tapes serve as the secnd level f security and are stred in a secure lcatin after the backup is cmplete. All hard disk cnfiguratins are currently perfrmed n the basis f RAID 5 arrays, and ne s-called ht spare disk is used per RAID 5 array. The custmer is respnsible fr checking cntent stred in saas.fabasft.cm fr sftware viruses, wrms, Trjan hrses r ther malicius sftware cde. 2.3 High availability Fabasft perates the cntracted sftware prducts in cmputer centres in a highly available cnfiguratin. Every lad distributr has its wn public IP address. If a lad distributr, firewall r Internet cnnectin fails, the web brwser autmatically switches ver t the secnd public IP address f the lad distributr that is still available. There is at least ne peratinal lad distributr in bth active cmputer centres. The lad distributr tests the applicatin servers fr availability and functinality at regular intervals. Incming requests are nly frwarded by the lad distributr t crrectly functining applicatin servers. There is at least ne applicatin server per custmer perating in bth active cmputer centres. 8

The database servers are perated as a failver cluster with tw cluster ndes. There is a cluster nde in each f the tw active cmputer centres. The data n the database servers are mirrred synchrnusly between bth active cmputer centres. The cntents stred n the file servers are saved ne file server at each f the active cmputer centres. The cmputer centres are in peratin 7 days a week, 24 hurs a day, 52 weeks a year. There is a distinctin made between cre hurs and ff-peak hurs at the cmputer centres in terms f peratinal availability. Cre hurs are n Austrian wrkdays (Mnday t Friday) between 8:00 am and 6:00 pm; the rest f the time is cnsidered ff-peak hurs. Tw variatins are planned in terms f cmputer centre availability: 1. 99.7% availability in cre hurs per bservatin perid (quarter) and custmer 2. 99.0% availability in ff-peak hurs per bservatin perid (quarter) and custmer Annunced maintenance windws are excluded in availability calculatins. The availability f saas.fabasft.cm is measured n the reference wrkstatin. The fllwing windws f time are reserved fr maintenance peratins: 12:00 am Saturday t 7:00 am Mnday. In urgent cases and upn annuncement, maintenance will be dne in ff-peak hurs. These reserved windws f time are nly used as necessary fr maintenance wrk. If maintenance wrk is required, this will be annunced at www.fabasft.cm/fli/saas/trust. A reprt n the availability f saas.fabasft.cm is prepared fr each custmer per bservatin perid (quarter) and is prvided electrnically t the custmer at the end f the quarter at www.fabasft.cm/fli/saas/trust. 2.4 Respnse time behaviur Respnse time behaviur fr all incming queries is measured directly n the lad distributrs at saas.fabasft.cm with the aid f Fabasft app.telemetry sftware telemetry. An HTTP request that riginates frm a web brwser qualifies as a query. The size f a query refers t the ttal sum f the query size and the answer t that query. saas.fabasft.cm is designed fr the fllwing lad per user: average size f a query (HTTP request): 100 KB Maximum dcument size: 100 MB Maximum number f queries (HTTP requests) per user per week: 5,000 Fr 97 percent f queries (HTTP requests), respnse time shuld be less than ne secnd. A reprt n the respnse time behaviur f saas.fabasft.cm is prepared fr each custmer per bservatin perid (quarter) and is prvided electrnically t the custmer at the end f the quarter at www.fabasft.cm/fli/saas/trust. 2.5 Multi-client capability saas.fabasft.cm is characterised by its multi-client capability. All f ur custmers share the basic cmpnents, such as fr example the cmputer centre infrastructure, netwrk infrastructure, lad distributrs and physical servers. The applicatin servers are implemented as virtual machines, with ne applicatin server respnsible fr respnding t user queries fr ne custmer. The data stred in the database and file servers are partitined n these servers fr each custmer. A database is established fr each custmer n the database server, and the file servers stre files fr each custmer in a segregated manner. 9

2.6 Scalability All cmpnents that are necessary fr the peratin f the cntracted sftware prducts are scaled when necessary in a simple way. Lad distributrs and the applicatin server farm perfrm scaling adjustments by adding additinal lad distributrs r applicatin servers. The database and file servers als perfrm scaling adjustments by adding additinal servers and simultaneusly partitining the data. 2.7 Transparency Custmers can call up infrmatin n the usage behaviur f their registered users n saas.fabasft.cm in terms f respnse time behaviur, maintenance wrk, availability, and reprts n cmpliance with Service Levels and the custmer's utilised strage vlumes, at www.fabasft.cm/fli/saas/trust. Future prspects - data extractin It will be pssible t prvide custmer data stred in the cmputer centre t the custmer, fr an additinal fee. Metadata fr business bjects are prvided in XML frmat and dcuments are rendered in their riginal frmat. The data extractin will be prvided t the custmer n LTO4 tape drives. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information