BeBanjo Infrastructure and Security Overview

Similar documents
Security and Compliance at Mavenlink

Information Security Policy

There are also a range of security and redundancy systems designed to improve the speed, reliability, stability and security of the simpro Cloud.

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

MaintMaster Technical White Paper

White Paper The simpro Cloud

Security Specification

What can the OnBase Cloud do for you? lbmctech.com

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Cloud FastPath: Highly Secure Data Transfer

CAMPUSPRESS TECHNICAL & SECURITY GUIDE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CogniFit Technical Security Details

For USA & Europe January 2018

For Australia January 2018

Cloud Services. Introduction

Developing Microsoft Azure Solutions (70-532) Syllabus

Awareness Technologies Systems Security. PHONE: (888)

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

Technical Brief SUPPORTPOINT TECHNICAL BRIEF MARCH

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Xerox Audio Documents App

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

70-532: Developing Microsoft Azure Solutions

Online Services Security v2.1

Exam : Implementing Microsoft Azure Infrastructure Solutions

Security Information & Policies

IBM SmartCloud Notes Security

Security Principles for Stratos. Part no. 667/UE/31701/004

Hosted Azure for your business. Build virtual servers, deploy with flexibility, and reduce your hardware costs with a managed cloud solution.

70-532: Developing Microsoft Azure Solutions

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Cloud Services. Infrastructure-as-a-Service

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

InterCall Virtual Environments and Webcasting

Security & Compliance in the AWS Cloud. Amazon Web Services

Layer Security White Paper

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Twilio cloud communications SECURITY

Watson Developer Cloud Security Overview

IBM Compose Managed Platform for Multiple Open Source Databases

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

How CloudEndure Disaster Recovery Works

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

RA-GRS, 130 replication support, ZRS, 130

Migration and Building of Data Centers in IBM SoftLayer

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Storage Made Easy Enterprise File Share and Sync Fabric Architecture

How CloudEndure Works

Overview of AWS Security - Database Services

This paper introduces the security policies, practices, and procedures of Lucidchart.

Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

Azure Webinar. Resilient Solutions March Sander van den Hoven Principal Technical Evangelist Microsoft

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

Developing Enterprise Cloud Solutions with Azure

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Let s say that hosting a cloudbased application is like car ownership

Amazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional.

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

WHITE PAPER. Title. Managed Services for SAS Technology

Developing Microsoft Azure Solutions (70-532) Syllabus

Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

The future of database technology is in the clouds

Managed Services Rely on us to manage your business services

The Nasuni Security Model

Deploying High Availability and Business Resilient R12 Applications over the Cloud

Welcome to the. Migrating SQL Server Databases to Azure

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Google Cloud & the General Data Protection Regulation (GDPR)

Use Case: Scalable applications

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

MQ High Availability and Disaster Recovery Implementation scenarios

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Custom hosting solutions orchastrated for your needs.

SAS SOLUTIONS ONDEMAND

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Qlik Sense Certification Exam Study Guide

Projectplace: A Secure Project Collaboration Solution

DreamFactory Security Guide

Identifying Workloads for the Cloud

Magento Commerce Architecture and Security Model Last updated: Aug 2017

TIBCO Cloud Integration Security Overview

How CloudEndure Works

Secure VFX in the Cloud. Microsoft Azure

Launching a Highly-regulated Startup in the Cloud

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

How CloudEndure Disaster Recovery Works

Carbonite Availability. Technical overview

Security. ITM Platform

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

KantanMT.com. Security & Infra-Structure Overview

RELIABILITY & AVAILABILITY IN THE CLOUD

Getting Started Guide

Transcription:

BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits to our customers. Here are some of the things we do every day to provide SaaS with top security, high performance and high availability.

Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits to our customers. It s easy to deploy to large teams in multiple locations, all users always work from the latest version of the software, our customers don t need to worry about hosting or maintenance We also recognise that business-critical applications require the highest level of security, availability and performance. BeBanjo products are aimed at enterprise customers and have been designed specifically with those concerns in mind. Here are some of the things we do at BeBanjo every day to provide Software-as-a-Service (SaaS) with top security, high performance and high availability.

Hosting Architecture The BeBanjo applications are hosted on the Amazon Web Services (AWS) cloud computing platform. Some of the world s largest enterprises and most innovative start-ups trust AWS cloud offering, e.g., Netflix, Airbnb or Slack. The AWS platform provides unrivalled scale, and sets the standards for cloud computing. AWS manages data centres in multiple locations around the world. The BeBanjo applications are hosted in several AWS data centres in Ireland. In addition, we use the Google Cloud computing platform to securely replicate data backups in multiple regions and to enable high-performance analytics using BigQuery. BeBanjo software has been developed for high-performance and high-availability, using a multi-tier architecture: Requests to the end-user interface or to the web service APIs are dispatched to application servers through a load balancer tier. Application servers in the application tier handle synchronous requests. Worker servers in the application tier handle background asynchronous jobs. Databases in the database tier persist the data for all servers. The database tier is replicated across multiple data centres. Search engine tier provides fast searches for the application tier. The search engine keeps synced with the database tier. In addition, a utility tier provides shared services to all servers (e.g., cacheing services, monitoring services, ftps, etc.) *.bebanjo.net Load balancer Standby load balancer (for fail-over) Utility Application server Search Application server Application server Search Worker Primary database Database replica Data centre 1 Data centre 2 Logical view of BeBanjo's resilient and scalable infrastructure

Performance and scalability Resilience and redundancy The architecture of the solution allows for high-performance and scalability: The computationally-expensive application tier is horizontally scalable. New application servers can be added to the pool of application servers, in order to handle the performance requirements of additional customers. The solution uses cacheing and realtime technology (e.g., Memcached, Pusher) to maximise performance The architecture intentionally separates the handling of synchronous requests from background processing jobs, in order to always provide a highly-responsive user experience. The database tier allows for the deployment of database read replicas. This enables - for instance - intensive reporting tasks without affecting user experience. Environments There is no Single Point Of Failure (SPOF) in the production environment. All components (e.g., load balancers, application servers, database servers...) are set-up using a redundant N+1 configuration, ensuring that failure of any one component cannot result in a failure of the solution. Disaster Recovery (DR) A Disaster Recovery (DR) solution is in place. Following a catastrophic failure at the primary data centre, the production environment can resume servicing customers from a secondary data centre. Every year an internal Disaster Recovery exercise takes place in order to validate this solution. The database tier being continuously replicated to the secondary data centre in near real-time, no data loss would be incurred in such an event. Additionally, we store our critical backups encrypted on multiple cloud providers and regions. Distinct environments are provided, to carry out testing activities before any software is released to production: Production environment. Pre-production environment. Staging environment. Configuration and deployment All our infrastructure configuration is managed with Chef, a Ruby-based configuration management engine, and Terraform, a Go-based infrastructure as code software, and stored under source control with GitHub. All software is deployed to Virtual Machines (VMs), through reliable scripted deployment using Capistrano. Application monitoring The availability and performance of the BeBanjo products are constantly monitored using the following tools and services: Pingdom. PagerDuty. Kibana. Monit. Librato. AWS CloudWatch. BeBanjo support staff are automatically alerted in case of any incident.

Technology Our technology stacks favours open-source components, and includes the following: Component Role Ubuntu Linux Apache Phusion Passenger HAProxy Ruby on Rails MySQL Elasticsearch Kibana Memcached Sidekiq Redis jquery Vue.js Operating system Web server Apache module for deploying Ruby apps High availability load balancer and proxy server Web application framework Database tier Search / indexing engine Data visualization interface In-memory cache Background processing for Ruby In-memory database Core Javascript library JavaScript framework for building user interfaces Service levels Encryption Performance and availability of the BeBanjo applications are backed by a Service Level Agreement (SLA). The SLA defines measurable targets, reporting mechanisms, and service credits due by BeBanjo, should the targets not be met. Physical security AWS ensures physical security of the data centres where the BeBanjo applications live. AWS has completed multiple SAS70 Type II audits. They publish a Service Organization Controls 1 (SOC 1) report, under both the SSAE 16 and the ISAE 3402 professional standards. In addition, they have achieved ISO 27001 certification. All communication with BeBanjo servers is encrypted using HTTPS. This applies to communication with both end-user browsers and with external systems integrated through the BeBanjo APIs. Any attempt to connect over plain HTTP is automatically redirected to a secure HTTPS connection. Connections use TLS 1.2 and the AES_256_CBC 256-bit encryption algorithm, with SHA1 for message authentication and RSA as the key exchange mechanism. Your credentials and data are never transmitted in the clear over the public Internet. All user passwords and system passwords are encrypted and stored as one-way hashes that cannot be decrypted, not even by BeBanjo. The data centres use state-of-the art electronic surveillance, are staffed 24x7 by trained security guards, and access is authorised strictly on a least privileged basis.

Screengrab of Pingdom: monitoring application uptime Screengrab of Kibana: monitoring application performance Screengrab of Librato: Monitoring infrastructure resources

Infrastructure-level security The BeBanjo applications live behind firewalls configured to only allow traffic through authorised ports: notably port 443 for HTTPS, and port 80 for redirection to a secure HTTPS connection. Connection to the servers for administration purposes is authenticated using RSA keys, that provide security superior to password authentication. Application-level security Our development process has security at its heart. We code against application-level vulnerabilities such as SQL injections, by using: A modern web development framework (i.e., Ruby on Rails) constantly updated by the community. The solution uses cacheing and realtime technology (e.g., Memcached, Pusher) to maximise performance. An automated test suite running on our Continuous Integration (CI) service, based on Buildkite and hosted on Google Cloud, being isolated from our application infrastructure. Security monitoring We constantly monitor independent security lists to be alerted of new vulnerabilities identified by the development community. Upon discovery of a new vulnerability that might affect our applications, we immediately deploy the relevant patch. Thanks to our redundant hosting infrastructure with no single point of failure, such emergency maintenance can usually be carried out without any interruption to the service. Centralised hosting of BeBanjo applications on a single - yet resilient - infrastructure means we can easily keep the platform up-to-date, and very rapidly close any newly found vulnerability. Third-party security audits Some of our enterprise customers (e.g., Channel 5, British Telecom) have stringent internal security processes. Before selecting our products they carried out due diligence of our security standards, sometimes using third-party tools or partners (e.g., IBM Rational AppScan). We are always looking for ways to improve our solution, and we welcome a fresh pair of eyes on our security practices. In addition, any code change made by a developer is independently checked for quality and security, by another developer, prior to release. Data segregation Our automated test suite constantly validates correct segregation of customer data. Whenever a change is made to any of the BeBanjo applications, and before any deployment can be envisaged, the automated test suite running on our Continuous Integration (CI) server checks for data segregation. It automatically validates that users (e.g., a scheduler at Channel 5) can only access the data they are entitled to (i.e., the Channel 5 schedules), and nothing else.

www.bebanjo.com About BeBanjo We are an agile company of talented developers, designers and Video On-Demand specialists and we like to take good care of our customers; that is why we focus on making easy to use, easy to learn, collaborative tools that our users love. We make Video On-Demand operations easier, faster, better, so that our customers are free to concentrate on really running their Video On-Demand business. A wide range of companies successfully operating in the on-demand space already trust us. BeBanjo was founded in 2008 and is part of Arkena.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback