Business continuity and security
Deployment
Datacenter locations
The FA Platform uses Microsoft Azure as a cloud hosting provider. Microsoft Azure is accredited with more than 90 compliance certifications and has data centers around the world. The FA Platform is hosted in data centers that provide the required IT infrastructure. For EU clients, SaaS environments are hosted in Netherlands, while secondary recovery location is Ireland. For non-EU clients, SaaS environments can be hosted for example in UK, US and UAE.
Isolated
Customer-specific FA Platform web application environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data is stored on the customer-dedicated database server.
Isolated HA
Customer-specific FA Platform web application environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data is stored on the customer-dedicated database server.
High availability with duplicated and zonally distributed Azure Kubernetes Service worker nodes. Option to do read operations from a separate read-replica database server.
Dedicated or customized
Dedicated FA Platform web application environment with customer-specific own Azure Kubernetes Service cluster. Data is stored on the customer-dedicated database server.
High availability with duplicated and zonally distributed Azure Kubernetes Service worker nodes. Option to do read operations from a separate read-replica database server.
Option to customize the installation setup e.g. by building site-to-site VPN to FA cloud, customer-specific SFTP services for complementing the setup.
Backups
Database backups with the option to restore the situation at any point in time within the last 7 days (30 days in the Advance Plan).
Daily file system-level backups with 7 days rotation (30 days in the Advance Plan).
IP limitation
Option to have access to FA Platform applications only from pre-defined networks.
Geo-disaster recovery
The database backups can be stored in another data center that is physically located in another geographical area. These backups are accessible even when the region your server is hosted in is offline. The recovery time objective (RTO) is less than 12 hours and the recovery point objective (RPO) is less than an hour.
Encryption
Data in-transit and data-at-rest
The data transfer between the user’s browser and FA Platform and also the FA application and their databases is secured. The data in transit is secured by encrypting data-in-transit with transport layer security.
The customer-dedicated database server uses the FIPS 140-2 validated cryptographic module for storage encryption of data at rest. Data, including backups and temporary file created while you run queries, is encrypted. Encryption uses the AES 256-bit cipher on the storage level, and the keys are system-managed. Storage encryption is always on and can't be disabled.
Sensitive data in the database
It is possible to enable encryption also within selected data within the database. If this option is chosen, then the selected data is encrypted with a cipher when written to the database and decrypted when read back from the database. This makes it more difficult to read the data if you have direct access to the database.
Identity brokering (SSO) / User federation
FA Platform supports identity brokering and single sign-on (SSO) against identity providers with the following protocols:
OpenID Connect v1.0
SAML 2.0
In addition, FA Platform can federate external user databases. FA has support for LDAP and Active Directory.
Note, in some cases, the integration the counter-party (such as Microsoft AD) might be behind a firewall and requires a separate VPN to be setup. Therefore, whether these options are available, requires a case-by-case analysis with the counter-party.
Test environment
Customer-specific FA Platform web application test environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data is stored on the customer-dedicated database test server.
An ideal environment for user acceptance tests when upgrading versions of FA Platform applications. Data into the test database server can be optionally imported from production in order to try out new features with production-like data.
Document storage
FA includes document management capabilities. Respectively plans include Database allocation to store documents up to the defined level per plan. After reaching the defined Capacity limits an additional monthly fee will be applied. The current cost is €200 /month per the next 100GB of data storage.