DHIS2 Hosting Proposal

Transcription

1

2 1 Table of Contents 2 Cloud Consulting & Hosting Cloud Consulting & Hosting includes DHIS2 Hosting features Best-practice installation Uptime and support Reliable backup of database and application Managed upgrade of application versions Updates and patching of operating system and middleware HelpDesk Server resource scaling SSL (encryption) setup Database-level data encryption Application and resource monitoring Global cloud infrastructure for scalability Replication for high availability Scope of Cloud Hosting Services Out of Scope SLAs for Resolution and Response Times Method of assignment and communication Cost Dependencies/Assumption Common Questions for DHIS KNOWARTH Technologies Pvt. Ltd. 2

3 2 Cloud Consulting & Hosting KNOWARTH Cloud Consulting offers customized application and infrastructure management by setting up a secure and scalable cloud platform geared for high-performance. Our Open Source and Managed Cloud services helps organizations develop private, public, or hybrid cloud platforms with accelerated reduction in total cost of ownership (TCO) and complexity associated with the set-up of traditional IT infrastructure. KNOWARTH Cloud Services offers a planned approach to develop, deploy, and manage a cloud platform that addresses IT infrastructure needs such as security, scalability, availability, monitoring, disaster recovery, clustering and replication, automatic and on-demand backups, scheduled and on-demand maintenance. 2.1 Cloud Consulting & Hosting includes Define application architecture and deployment requirements for the web application Initial sizing of hardware/software requirements for cloud hosting Setup the production, staging, QA, and development sites Application and data migration from in-house IT infrastructure to managed infrastructure Setup clustering and replication Go-live support On-going monitoring, backup, and application support as per Service Level Agreements (SLAs) Each environment will be managed by a team of certified engineers. You and your team will benefit from: Ticketing system Single point of contact for escalations System uptime and alerts A team of IT network and application experts A global staff working around the clock 24/7 Certified application and network experts Immediate and proactive response to tickets and monitoring alerts Fast resolution time DHIS2 Installation as per best practices % uptime 24X7 Monitoring 9X5 or 24X7 Support (based on the selected support plan) Reliable backup of database and application Upgrade to newer version of the application Updates & Patch installation Helpdesk Support 2016 KNOWARTH Technologies Pvt. Ltd. 3

4 SSL Encryption setup Database Level Encryption 2.2 DHIS2 Hosting features Best-practice installation Setting up DHIS2 the right way involves installation and configuration of a range of components. Getting this right is time-consuming and requires staff with strong skills in Linux, database systems, web servers and more: With a managed DHIS2 instance from KNOWARTH you will get a DHIS2 instance installed and configured according to best practices Uptime and support The hosting plans come with 24/7 monitoring and support, meaning that if your DHIS2 instance goes down or there is a problem, we are there to help you. We ensure that your system is available, well-performing and that no unnecessary down-time is inflicted on your users Reliable backup of database and application Know the how it feels to lose critical data? The backup service makes sure that your data is always backed up in a secure place - both on your server for easy access as well as on a server located physically somewhere else in case something goes wrong. Choose between backing up your database or the whole server image. Backup files are easy to download from the application console Managed upgrade of application versions DHIS2 is released 4 times per year and adds a lot of useful features every time. The upgrade service makes sure that your instance always runs the latest DHIS2 version. When upgrading it is essential to test and verify that your existing forms, reports and charts continues to work. The backup service enables you to enjoy the latest DHIS2 features without worrying about any issues that might arise in the upgrade process Updates and patching of operating system and middleware The managed DHIS2 instances run on rock-solid Linux operating systems. However, as time goes by it is essential to keep the operating system, Java version and middleware like the web server, servlet container and database up-to-date with the latest security patches. Ignoring to patch your environment will make your system vulnerable for malicious attacks HelpDesk When operating a sophisticated software like DHIS2 it is comforting to know you can rely on KNOWARTH to help you if you get stuck. The help desk service provides you with assistance on technical matters related to your server and DHIS2 software instance. KNOWARTH staff has many years of experience of DHIS2 hosting and configuration KNOWARTH Technologies Pvt. Ltd. 4

5 2.2.7 Server resource scaling Often you will start with a small DHIS2 instance where you build and test your system. When system adoption increases you will need more server resources to handle the load. The resource scaling service lets you scale when you need it and pay for only what you need SSL (encryption) setup In today's Internet environment setting up SSL (as in HTTPS and encryption) is an absolute must for applications like DHIS2 which requires users to log in with a username and password. The SSL service provides your server with a trusted SSL certificate which will keep the private information of your users secure Database-level data encryption When dealing with sensitive and personally identifiable information in the DHIS2 tracker component, keeping the data secure and the maintaining data confidentiality is of outmost importance. The database-level data encryption service provides a strong last line of defense against attacks, meaning data will not be compromised even if someone gains access to your database Application and resource monitoring Monitoring resource utilization, application performance and operational health is essential for keeping your system running smoothly Global cloud infrastructure for scalability Deploying large organizations with operations in many countries on several continents comes with a few challenges. The global could infrastructure service helps you to provide your users with high availability in multiple time zones and high scalability to cater for increased load which follows improved adoption of the system Replication for high availability Want to make sure your system can handle high loads and constant up-time? We can set up your DHIS2 instance with web-server replication, meaning that if one server goes down, your instance is still available. It also means that we can add new servers to increase capacity during periods where demand is high KNOWARTH Technologies Pvt. Ltd. 5

6 2.3 Scope of Cloud Hosting Services KNOWARTH will cover following areas for Cloud Consulting Services: Defining deployment architecture includes installation and configuration of DHIS2 Setup of Development, QA, and Production servers Setup Clustering, Replication Setup CDN (if required) Code deployment on Production servers Go-Live Support Server and Application hosting and upgrade support, as directed by Client Monitoring of servers/applications related to infrastructure through Monitoring System Managing of servers/applications related to infrastructure Patch installation for packages used for servers Auto backup of Server, Application & Database Daily with Retention of 7 days Optimization of Server, Application and Database for better performance Helpdesk Services including Ticketing System Global Cloud Infrastructure for Scalability SSL (encryption) setup SSL certificate has to be purchased by Client separately Database-level encryption (if required) 2.4 Out of Scope The following are out of scope for Cloud Hosting Services: Application Maintenance/Development/Enhancements. DBA activities Data Migration, Validation & Cleaning Troubleshooting of any Third-party application, Interfaces etc. Issues found with application when production deployment is carried out or rolled back 2016 KNOWARTH Technologies Pvt. Ltd. 6

7 3 SLAs for Resolution and Response Times While there are no hard and fast ways to accurately pinpoint the resolution times as they range from 2 hours to 2 weeks, KNOWARTH can offer the following as a guideline: (Mail Support) IST Business Hours (10:00am to 6:00pm) Severity Acknowledgement Receipt (1) Target Resolution (2) Final Resolution (3) Critical 2 Hours 1 Business day 5 Business day High 4 Hours 2 Business day 10 Business day Medium 4 Hours 3 Business day 15 Business day Low 4 Hours 4 Business day 30 Business day (Phone Support) 24/7 For Critical Issues Severity Acknowledgement Receipt (1) Target Resolution (2) Final Resolution (3) Critical 4 Hours 1 Business day 5 Business day 1) Acknowledge Receipt means the time by which KNOWARTH must respond to the Incident reporter acknowledging receipt of the Incident. 2) Target Resolution means the target time for KNOWARTH to resolve the Incident and or deliver a temporary patch/fix KNOWARTH Technologies Pvt. Ltd. 7

8 3.1 Method of assignment and communication Initial Assignment will always be via . It can be on phone for critical issues. Assignment shall contain the following necessary information to adequately process and prioritize issue handling: Detailed Problem Description Environment in which encountered Application Information Application Name, URL etc. Error message Item Priority per the priorities defined elsewhere in this document Other useful information (Screenshot, Logs, etc.) 4 Cost Details Cost/Month Remarks ($) Shared GB HDD Space, 4 GB Ram, 2 core, 1 DB Schema, 1 site Dedicated (Option1) GB HDD Space, 4 GB Ram, 2 core, Unlimited Schema, Unlimited Sites Dedicated (Option2) GB HDD Space, 8 GB Ram, 2 core, Unlimited Schema, Unlimited Sites 4.1 Dependencies/Assumption Any Software cost would be bared by Client KNOWARTH Team will work from off-shore office in Ahmedabad SSL Certificate purchase Domain Name Admin Access to required servers/systems/services as and when required to carry out smooth operations 2016 KNOWARTH Technologies Pvt. Ltd. 8

9 5 Common Questions for DHIS2 For each question, we have responded with one of the following answers: Included ( Incl ) Available at an additional cost to be arranged ( Add ) Not available (Unavailable) This is the responsibility of the organization, not the provider, but it is possible to do within the features of the shared hosting price (Possible) And of course Yes or No, or details where applicable. Security question Data Collection 1. What, if any, data is collected by 3rd parties (e.g., via cookies, plug-ins, ad networks, web beacons etc.)? Network Operations Center Management and Security 1. Does the provider perform regular penetration testing, vulnerability management, and intrusion prevention? 2. Are all network devices located in secure facilities and under controlled circumstances (e.g. ID cards, entry logs)? 3. Are backups performed and tested regularly and stored offsite? 4. How are these backups secured? Disposed of? 5. Are software vulnerabilities patched routinely or automatically on all servers? Data Storage and Data Access 1. Where will the information be stored and how is data at rest protected (i.e. data in the data center)? 1. Will any data be stored outside Canada? 2. Is all or some data at rest encrypted (e.g. just passwords, passwords and sensitive data, all data) and what encryption method is used? 2. How will the information be stored? If the cloud application is multi-tenant (several districts on one server/instance) hosting, how is data and access separated from other customers? Responses 1. ( Incl ) DHIS2 uses cookie to store user session, permission and organization data in browser. We cannot ensure the security of such data in scenarios when third party plugins are installed on the user browser. 1. ( Incl ) Done when initial setup is done. 2. ( Incl ) Done when initial setup is done. For more details, (aws.amazon.com/security/) 3. ( Incl ) We would take backup of 3 days. Restoration testing would be done once in a month. Backup would be available across various zones of US. 4. ( Incl ) Security & Disposing are part of administration. 5. ( Incl ) All infrastructure level patches will be done on monthly cycle for minor patches. For major patches it would be informed to customer before patching it Not available (Unavailable). It will be hosted & stored in N. Virginia. 2. ( Incl ) All data will be encrypted by changing one configuration of application. 2. We wouldn t suggest multi-tenant solution as it has security flaws. 3. This is the responsibility of the organization, not the provider, but it is possible to do within the features of the shared hosting price (Possible) 4. a) ( Incl ) It will be taken care for Hosting & Support team KNOWARTH Technologies Pvt. Ltd. 9

10 3. Are the physical server(s) in a secured, locked and monitored environment to prevent unauthorized entry and/or theft? 4. How does the provider protect data in transit? e.g. SSL, hashing? 5. Who has access to information stored or processed by the provider? 1. Does the provider perform background checks on personnel with administrative access to servers, applications and customer data? 2. Does the provider subcontract any functions, such as analytics? (this includes Google Analytics) 3. What is the provider s process for authenticating callers and resetting access controls, as well as establishing and deleting accounts? 6. If client or other sensitive data is transferred/uploaded to the provider, are all uploads via SFTP or HTPPS? Data and Metadata Retention 1. How does the provider assure the proper management and disposal of data? 1. The provider should only keep data as long as necessary to perform the services to the organization. 2. How will the provider delete data? 1. Is data deleted on a specific schedule or only on termination of contract? Can your organization request that information be deleted? What is the protocol for such a request? 3. You should be able to request a copy of the information maintained by the provider at any time. 4. All data disclosed to the provider or collected by the provider must be disposed of by reasonable means to protect against unauthorized access or use. 5. Upon termination of the contract, the provider should return all records or data and properly delete any copies still in its possession Development and Change Management Process 1. Does the provider follow standardized and documented procedures for coding, configuration management, patch installation, and change b) DHIS2 platform allows various integration like Google Maps. Limited data is being exposed to such parties when using/leveraging features implemented in such platforms. c) Support team will have super user credentials. So, based on request, L1 support staff will be able to use super admin credentials to manage users account. 5. This is the responsibility of the organization, not the provider, but it is possible to do within the features of the shared hosting price (Possible) 1. Yes. Upon termination of services data would be deleted depending on requirement of backup to be transferred Generally, it happens to be on termination of contract. Until without prior written approval from business owner hosting team never deletes data. 3. Until without prior written approval from business owner hosting team can provide copy of data anytime. 4. Yes. Policy can be setup for the process to dispose. 5. Yes 1. Yes, for configuration management, patch installation & change management of server. We will follow DHIS2 coding standard. 2. Yes, on quarterly basis KNOWARTH Technologies Pvt. Ltd. 10

11 management for all servers involved in delivery of contracted services? 2. Are practices regularly audited? 3. Does the provider notify the organization about any changes that will affect the security, storage, usage, or disposal of any information received or collected directly from the organization? Availability 1. Does the provider offer a guaranteed service level? 2. What is the backup-and-restore process in case of a disaster? 3. What is the provider s protection against denialof-service attack? Audits and Standards 1. Does the provider provide the organization the ability to audit the security and privacy of records? 2. Have the provider s security operations been reviewed or audited by an outside group? 3. Does the provider comply with a security standard such as the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standards (PCI DSS)? Test and Development Environments 1. Will 'live' client data be used in non-production (e.g. test or development, training) environment? 2. Are these environments secure to the same standard as production data? Data Breach, Incident Investigation and Response 1. What happens if your online service provider has a data breach? 2. Do you have the ability to perform security incident investigations or e-discovery? If not, will the provider assist you? For example, does the provider log end user, administrative and maintenance activity and are these logs available to the organization for incident investigation? 3. Yes it would be informed where security, storage, usage or disposal policy & process are updated or affected. 1. Yes. 99.9%. It would also depend on hosting provider which we may might not be guarantee. 2. Yes - There wold be hot-cold disaster where from backup systems can be restore, with chances of losing data up to certain hours. 3. Yes We would have two different modules in web server to take care of this Yes Can be worked out depending on the details to be audited Yes Can be done Not available (Unavailable) However it is available from the hosting provider. 1. Depending on client agreement and setup, it varies. We strongly suggest to have production environment different from staging, QA and dev instance. 2. Yes. Might have to temporary allow access to debug in case of issues. 1. It can be rectified; however, we would suggest to have third party security testing done so both parties are on same page based on report. 2. Yes. We can provide assistance for security incidents if happened including application logs if for administrative and maintenance activities, if application supports KNOWARTH Technologies Pvt. Ltd. 11