Skip to main content

Business continuity and security

Deployment

Isolated

Customer-specific FA Platform web application environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data stored on customer dedicated MariaDB database server.

Isolated HA

Customer-specific FA Platform web application environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data stored on customer dedicated MariaDB database server.

High availability with duplicated and zonally distributed Azure Kubernetes Service worker nodes. Option to do read operations from a separate read-replica MariaDB database server.

Dedicated / customized

Dedicated FA Platform web application environment with customer-specific own Azure Kubernetes Service cluster. Data stored on customer dedicated MariaDB database server.

High availability with duplicated and zonally distributed Azure Kubernetes Service worker nodes. Option to do read operations from a separate read-replica MariaDB database server.

Option to customize the installation setup e.g. by building site-to-site VPN to FA cloud, customer-specific SFTP services for complementing the setup.

Backups

Database backups with the option to restore the situation at any point in time within the last 7 days (30 days in the Advance Plan).

Daily file system-level backups with 7 days rotation (30 days in the Advance Plan).

IP limitation

Option to have access to FA Platform applications only from pre-defined networks.

Geo-disaster recovery

The database backups can be stored in another data center that is physically located in another geographical area. These backups are accessible even when the region your server is hosted in is offline. The recovery time objective (RTO) is less than 12 hours and the recovery point objective (RPO) is less than an hour.

Encryption

Data in-transit and data-at-rest

The data transfer between the user’s browser and FA Platform and also the FA application and their databases is secured. The data in transit is secured by encrypting data-in-transit with transport layer security.

The Azure Database for MariaDB service uses the FIPS 140-2 validated cryptographic module for storage encryption of data-at-rest. Data, including backups, are encrypted on disk, with the exception of temporary files created while running queries. The service uses the AES 256-bit cipher included in Azure storage encryption, and the keys are system managed. Storage encryption is always on and can't be disabled.

Sensitive data in the database

It is possible to enable encryption also within selected data within the database. If this option is chosen, then the selected data is encrypted with a cipher when written to the database and decrypted when read back from the database. This makes it more difficult to read the data if you have direct access to the database.

Identity brokering (SSO) / User federation

FA Platform supports identity brokering and single sign on (SSO) against identity providers with the following protocols:

  • OpenID Connect v1.0

  • SAML 2.0

In addition, FA Platform can federate external user databases. FA has support for LDAP and Active Directory.

Note, in some cases, the integration counter-party (such as Microsoft AD) might be behind a firewall and requires a separate VPN to be setup. Therefore, whether these options are available, requires a case by case analysis with the counter-party.

Test environment

Customer-specific FA Platform web application test environment with secure namespace isolation hosted on Azure Kubernetes Service cluster. Data stored on customer dedicated MariaDB database test server.

An ideal environment for user acceptance tests when upgrading versions of FA Platform applications. Data into the test database server can be optionally imported from production in order to try out new features with production-like data.

Document storage

FA includes document management capabilities. Respectively plans include Database allocation to store documents up to the defined level per plan. After reaching the defined Capacity limits an additional monthly fee will be applied. The current cost is €200 /month per the next 100GB of data storage.