Home » Categories » Multiple Categories

Hosted Customer Sites Security Protocol

Hosted Customer Security and Downtime Protocol


This article describes the Evanced Solutions hosting environment and processes/procedures applied to a security breach or downtime scenario.

Definitions

  • Hosted Server
    • A server maintained by Evanced Solutions and provided to our customers for housing our applications (Events, Room Reserve, Summer Reader, Genealogy, Signup, Dibs, Spaces and Wandoo Reader).
  • The "Cloud"
    • Evanced Solution's current hosting hardware architecture. The "cloud" is basically a hardware environment where there is a distinct separation between the software and the hardware. The operating system is virtualized in this environment and managed by a virtual software manager. This allows for 2 major benefits: The virtual OS can be moved or copied easily allowing for complete snapshot backups which provide quick catastrophic recovery times. The hardware can be replaced or modified quickly with little impact on the running system. In reality, this type of architecture is no different than a standard server from a user's perspective, but it does have significant benefits to the administrators.
  • SSL
    • SSL is a protocol that allows for an encrypted connection between the client (end user) and the server (application). Using this protocol protects the data that is passed between the browser and the server and makes it more difficult to see that data that is passed. All Evanced Solutions servers have SSL built-in. To utilize this protocol simply change all of your starting links from "HTTP" to "HTTPS". Some features require an SSL connection, primarily online payments.

Web Site Structure

Evanced Solutions applications consist mainly of a database application and a web site application. While it is possible for both of these applications to exist on the same server (most non-hosted installations use this method) our hosted solution uses an independent server for the database. This allows us to allocate specific resources to database tasks but also helps to ensure a degree of security. The database server is configured to allow only one type of connection (a connection to the database) and only from one of our hosting servers. This is accomplished through the network configuration and a series of firewalls. This type of configuration helps to ensure that the only connection made to the database server is one that we control from our application.

Downtime Failures

While we always do our best to ensure the highest up-times possible, the inevitable is bound to occur. Evanced technitions routinely monitor (and receive automatic notifications of) situations that can potentially be a downtime situation. In the event of a downtime situation our monitoring systems will email and text a list of Evanced Solutions contacts. We will work with our hosting provider to determine the cause. If the downtime situation is isolated, we will directly notify any customers whose sites were potentially involved. If the downtime situation affects more than a few sites, a description of the situation will be posted to our blog along with updates and resolutions as they become available. This type of failure can usually be classified into one of 2 categories; Hardware Failure or Configuration Update/Error.

Hardware Failure

A Hardware Failure is the easiest to explain but the least likely to cause downtime on our current system. A Hardware Failure is the failure of a physical component (hard-drive, network cable, etc.). The "Cloud" architecture and the network redundancy currently in use in our hosting environment (the Amazon Elastic Compute Cloud) provides quick, automatic switching when a hardware failure occurs. Most failures like this will not be noticed because the switching takes place nearly simultaneously with the failure. Virtual servers with duplicate images, redundant server hardware and network paths all help to ensure that this type of failure does not normally cause a downtime situation.

Configuration Update/Error

A Configuration Update/Error is an error or downtime event caused by a change in the application environment. At Evanced Solutions we strive for update, installation and maintenance processes that cause a minimal amount of downtime. Minor updates to the server and applications are applied routinely and reviewed for performance as soon as complete. Major updates are tested in a staging environment that is a duplicate (or a portion of) the entire production environment. We will generate an advance email and blog post for updates that affect more than one library.

Security Breach

A Security Breach is a situation whereby a connection to the database or server has been made by a means outside of our normal expected operation. Evanced Solutions routinely monitors (and receives automatic notifications of) situations that can potentially be a security breach. In the event of a security issue we will work with our hosting provider to determine the cause and evaluate the potential validity of the security breach. If valid, we will take steps necessary to isolate the method the breach used and we will directly notify any customers whose sites were potentially involved.

Custom Fields
  • Applicable To: All Users
  • Attachments: No
  • Summary: Hosting Security
0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Comments Comments
There are no comments for this article. Be the first to post a comment.
Related Articles
Summer Reader Language/Text Troubleshooting
Viewed 3695 times since Wed, Jan 23, 2013
How do I add text to the landing page?
Viewed 3692 times since Thu, Oct 6, 2011
How To Room Reserve-Create a custom view
Viewed 4291 times since Tue, Sep 27, 2011
How to export and import a program’s style sheet in Summer Reader
Viewed 2492 times since Mon, Nov 21, 2011
Frequently Asked Questions About Migration to SignUp from Events
Viewed 12581 times since Wed, Sep 12, 2012
How do I generate emails for Room Reservation changes
Viewed 2583 times since Thu, Oct 6, 2011
Server Move
Viewed 9526 times since Wed, Sep 28, 2011
ILS Authentication in Events and Room Reserve
Viewed 17654 times since Mon, Oct 31, 2011
Setting up Authorize.net for Credit Card Processing
Viewed 11522 times since Wed, Sep 28, 2011
Scheduling Holiday Closings in Events and Room Reserve
Viewed 4234 times since Tue, Feb 14, 2012