BeBanjo Infrastructure and Security Overview



Similar documents
OCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105

Secure Data Hosting. Your data is our top priority.

SHARPCLOUD SECURITY STATEMENT

WALKME WHITEPAPER. WalkMe Architecture

BMC s Security Strategy for ITSM in the SaaS Environment

Autodesk PLM 360 Security Whitepaper

Securing the Service Desk in the Cloud

Building Energy Security Framework

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

THE BLUENOSE SECURITY FRAMEWORK

Enterprise level security, the Huddle way.

SECURITY DOCUMENT. BetterTranslationTechnology

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

SaaS Security for the Confirmit CustomerSat Software

Our Key Security Features Are:

Leveraging the Cloud for Data Protection and Disaster Recovery

IBX Business Network Platform Information Security Controls Document Classification [Public]

SysAid Cloud Architecture Including Security and Disaster Recovery Plan

White Paper The simpro Cloud

Live Guide System Architecture and Security TECHNICAL ARTICLE

Web Application Deployment in the Cloud Using Amazon Web Services From Infancy to Maturity

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Security Information & Policies

IT SERVICE MANAGEMENT FAQ

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Acano solution. Security Considerations. August E

Hosting as a Service (HaaS) Playbook. Version 0.92

TECHNOLOGY WHITE PAPER Jan 2016

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Security in the Sauce Labs Cloud

An Agile and Scalable Mobile Workplace

Anypoint Platform Cloud Security and Compliance. Whitepaper

Web Application Security Assessment and Vulnerability Mitigation Tests

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Zend and IBM: Bringing the power of PHP applications to the enterprise

Famly ApS: Overview of Security Processes

Cloud Portal Office Security Whitepaper. October 2013

Primex Wireless OneVue Architecture Statement

Ebook Review - NOVA Time 4000 SaaS

Alliance Key Manager Solution Brief

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Automated Cloud Migration

Paxata Security Overview

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Mirantis OpenStack Express: Security White Paper

TECHNOLOGY WHITE PAPER Jun 2012

w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper

The Elite Workforce Management Solution. Driven by People and Technology

How To Create A Walkme.Com Walkthrus.Com Website And Help With Your Website Or App On A Pc Or Mac Or Ipad (For Pc) Or Mac (For Mac) Or Ipa (For Ipa) Or Pc

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Time to Value: Successful Cloud Software Implementation

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Attachment D System Hardware & Software Overview & Recommendations For IRP System

We employ third party monitoring services to continually audit our systems to measure performance and identify potential bottlenecks.

UDiMan. Introduction. Benefits: Name: UDiMan Identity Management service. Service Type: Software as a Service (SaaS Lot 3)

Projectplace: A Secure Project Collaboration Solution

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Database as a Service (DaaS) Version 1.02

Connectivity to Polycom RealPresence Platform Source Data

Premier Services Program (PSP) Tools: Security Overview

KeyLock Solutions Security and Privacy Protection Practices

Apteligent White Paper. Security and Information Polices

Cloud Computing for SCADA

Software Performance, Scalability, and Availability Specifications V 3.0

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Amazon Elastic Beanstalk

SaaS-Based Employee Benefits Enrollment System

Security and Information Policies

SafeNet Authentication Service Security Considerations

ProjectManager.com Security White Paper

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

CA Cloud Overview Benefits of the Hyper-V Cloud

White Paper How Noah Mobile uses Microsoft Azure Core Services

<cloud> Secure Hosting Services

PATCH MANAGER what does it do?

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Casper Suite. Security Overview

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida

Learning Management Redefined. Acadox Infrastructure & Architecture

Media Shuttle s Defense-in- Depth Security Strategy

Things You Need to Know About Cloud Backup

PipeCloud : Using Causality to Overcome Speed-of-Light Delays in Cloud-Based Disaster Recovery. Razvan Ghitulete Vrije Universiteit

Cloud Security: An Independent Assessent

Helping people make better decisions DATA SECURITY POLICY. Kiilakiventie 1, Oulu, Finland tel:

CLOUD FRAMEWORK & SECURITY OVERVIEW

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

How To Use Arcgis For Free On A Gdb (For A Gis Server) For A Small Business

Reliable Data Tier Architecture for Job Portal using AWS

AN IN-DEPTH VIEW. Cleo Cleo Harmony - An In-Depth View

Enterprise Architecture Review Checklist

WINDOWS AZURE EXECUTION MODELS

MIGRATIONWIZ SECURITY OVERVIEW

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

Security from a customer s perspective. Halogen s approach to security

Transcription:

BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits to our customers. Here are some of the things we do every day to provide SaaS with top security, performance and availability.

Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits to our customers. It s easy to deploy to large teams in multiple locations, all users always work from the latest version of the software, our customers don t need to worry about hosting or maintenance We also recognise that business-critical applications require the highest level of security, availability and performance. BeBanjo products are aimed at enterprise customers and have been designed specifically with those concerns in mind. Here are some of the things we do at BeBanjo every day to provide Software-as-a-Service (SaaS) with top security, performance and availability.

Hosting Architecture The BeBanjo applications are hosted on the Amazon Web Services (AWS) cloud computing platform. Some of the world s largest enterprises and most innovative start-ups trust AWS cloud offering, e.g., Adobe, Netflix, Pinterest The AWS platform provides unrivalled scale, and sets the standards for cloud computing. AWS manages data centres in multiple locations around the world. The BeBanjo applications are hosted in several AWS data centres in Ireland. BeBanjo software has been developed for high-performance and high-availability, using a multi-tier architecture: Requests to the end-user interface or to the web service APIs are dispatched to application servers through a load balancer tier. Application servers in the application tier handle synchronous requests. Worker servers in the application tier handle background asynchronous jobs. Databases in the database tier persist the data for all servers. The database tier is replicated across multiple data centres. In addition, a utility tier provides shared services to all servers (e.g., messaging services, cacheing services...) *.bebanjo.net Load balancer Standby load balancer (for fail-over) Utility Application server Application server Application server Application server Utility Worker Primary database Database replica Data centre 1 Data centre 2 Logical view of BeBanjo's resilient and scalable infrastructure

Performance and scalability Resilience and redundancy The architecture of the solution allows for high-performance and scalability: The computationally-expensive application tier is horizontally scalable. New application servers can be added to the pool of application servers, in order to handle the performance requirements of additional customers. The solution uses cacheing technology (e.g., memcached) to maximise performance The architecture intentionally separates the handling of synchronous requests from background processing jobs, in order to always provide a highly-responsive user experience. The database tier allows for the deployment of database read replicas. This enables - for instance - intensive reporting tasks without affecting user experience. There is no Single Point Of Failure (SPOF) in the production environment. All components (e.g., load balancers, application servers, database servers...) are set-up using a redundant N+1 configuration, ensuring that failure of any one component cannot result in a failure of the solution. Disaster Recovery (DR) A Disaster Recovery (DR) solution is in place. Following a catastrophic failure at the primary data centre, the production environment can resume servicing customers from a secondary data centre. The database tier being continuously replicated to the secondary data centre in near real-time, no data loss would be incurred in such an event. Environments Application monitoring Distinct environments are provided, to carry out testing activities before any software is released to production: Production environment. Pre-production environment. Staging environment. Configuration and deployment The availability and performance of the BeBanjo products are constantly monitored using the following tools and services: Pingdom. PagerDuty. New Relic. Monit. Librato. AWS CloudWatch. BeBanjo support staff are automatically alerted in case of any incident. All our infrastructure configuration is managed with Chef, a Ruby-based configuration management engine, and stored under source control. All software is deployed to Virtual Machines (VMs), through reliable scripted deployment using Capistrano.

Technology Our technology stacks favours open-source components, and includes the following: Component Role Ubuntu Linux Apache Phusion Passenger Ruby (Enterprise) Ruby on Rails MySQL Sphinx Memcached RabbitMQ JQuery Backbone Operating system Web server Apache module for deploying Ruby apps Development language Web application framework Database tier Search / indexing engine In-memory cache Message queue Core JavaScript library MVC framework for rich JavaScript apps Service levels Encryption Performance and availability of the BeBanjo applications are backed by a Service Level Agreement (SLA). The SLA defines measurable targets, reporting mechanisms, and service credits due by BeBanjo, should the targets not be met. Physical security AWS ensures physical security of the data centres where the BeBanjo applications live. AWS has completed multiple SAS70 Type II audits. They publish a Service Organization Controls 1 (SOC 1) report, under both the SSAE 16 and the ISAE 3402 professional standards. In addition, they have achieved ISO 27001 certification. All communication with BeBanjo servers is encrypted using HTTPS. This applies to communication with both end-user browsers and with external systems integrated through the BeBanjo APIs. Any attempt to connect over plain HTTP is automatically redirected to a secure HTTPS connection. Connections use TLS 1.1 and the AES_256_CBC 256-bit encryption algorithm, with SHA1 for message authentication and RSA as the key exchange mechanism. Your credentials and data are never transmitted in the clear over the public Internet. All user passwords and system passwords are encrypted and stored as one-way hashes that cannot be decrypted, not even by BeBanjo. The data centres use state-of-the art electronic surveillance, are staffed 24x7 by trained security guards, and access is authorised strictly on a least privileged basis.

Screengrab of Pingdom: monitoring application uptime Screengrab of New Relic: monitoring application performance Screengrab of AWS CloudWatch: monitoring infrastructure resources

Infrastructure-level security The BeBanjo applications live behind firewalls configured to only allow traffic through authorised ports: notably port 443 for HTTPS, and port 80 for redirection to a secure HTTPS connection. Connection to the servers for administration purposes is authenticated using RSA keys, that provide security superior to password authentication. Application-level security Our development process has security at its heart. We code against application-level vulnerabilities such as SQL injections, by using: A modern web development framework (i.e., Ruby on Rails) constantly updated by the community. Our own specific tools, e.g., the automated test suite running on our Continuous Integration (CI) server. In addition, any code change made by a developer is independently checked for quality and security, by another developer, prior to release. Security monitoring We constantly monitor independent security lists to be alerted of new vulnerabilities identified by the development community. Upon discovery of a new vulnerability that might affect our applications, we immediately deploy the relevant patch. Thanks to our redundant hosting infrastructure with no single point of failure, such emergency maintenance can usually be carried out without any interruption to the service. Centralised hosting of BeBanjo applications on a single - yet resilient - infrastructure means we can easily keep the platform up-to-date, and very rapidly close any newly found vulnerability. Third-party security audits Some of our enterprise customers (e.g., Channel 5, British Telecom) have stringent internal security processes. Before selecting our products they carried out due diligence of our security standards, sometimes using third-party tools or partners (e.g., IBM Rational AppScan). We are always looking for ways to improve our solution, and we welcome a fresh pair of eyes on our security practices. Data segregation Our automated test suite constantly validates correct segregation of customer data. Whenever a change is made to any of the BeBanjo applications, and before any deployment can be envisaged, the automated test suite running on our Continuous Integration (CI) server checks for data segregation. It automatically validates that users (e.g., a scheduler at Channel 5) can only access the data they are entitled to (i.e., the Channel 5 schedules), and nothing else.

www.bebanjo.com About BeBanjo We are an agile company of talented developers, designers and Video On-Demand specialists and we like to take good care of our customers; that is why we focus on making easy to use, easy to learn, collaborative tools that our users love. We make Video On-Demand operations easier, faster, better, so that our customers are free to concentrate on really running their Video On-Demand business. A wide range of companies successfully operating in the on-demand space already trust us. BeBanjo was founded in 2008 and is part of Arkena.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information