All Categories
Home » Categories » Multiple Categories

Hosted Customer Sites Security Protocol
Article Number: 140 | Rating: Unrated | Last Updated: Tue, Apr 30, 2024 at 11:09 AM

Hosted Customer Security and Downtime Protocol

This article describes the Evanced Solutions hosting environment and processes/procedures applied to a security breach or downtime scenario.

Definitions

  • Hosted Server
    • A server maintained by Evanced Solutions and provided to our customers for housing our applications (Events, Room Reserve, Genealogy, Signup, Dibs, and Spaces).
  • The "Cloud"
    • Evanced Solution's current hosting hardware architecture. The "cloud" is basically a hardware environment where there is a distinct separation between the software and the hardware. The operating system is virtualized in this environment and managed by a virtual software manager. This allows for 2 major benefits: The virtual OS can be moved or copied easily allowing for complete snapshot backups which provide quick catastrophic recovery times. The hardware can be replaced or modified quickly with little impact on the running system. In reality, this type of architecture is no different than a standard server from a user's perspective, but it does have significant benefits to the administrators.
  • SSL
    • SSL is a protocol that allows for an encrypted connection between the client (end user) and the server (application). Using this protocol protects the data that is passed between the browser and the server and makes it more difficult to see that data that is passed. All Evanced Solutions servers have SSL built-in. To utilize this protocol simply change all of your starting links from "HTTP" to "HTTPS". Some features require an SSL connection, primarily online payments.

Web Site Structure

Evanced Solutions applications consist mainly of a database application and a web site application. While it is possible for both of these applications to exist on the same server (most non-hosted installations use this method) our hosted solution uses an independent server for the database. This allows us to allocate specific resources to database tasks but also helps to ensure a degree of security. The database server is configured to allow only one type of connection (a connection to the database) and only from one of our hosting servers. This is accomplished through the network configuration and a series of firewalls. This type of configuration helps to ensure that the only connection made to the database server is one that we control from our application.

Downtime Failures

While we always do our best to ensure the highest up-times possible, the inevitable is bound to occur. Evanced technitions routinely monitor (and receive automatic notifications of) situations that can potentially be a downtime situation. In the event of a downtime situation our monitoring systems will email and text a list of Evanced Solutions contacts. We will work with our hosting provider to determine the cause. If the downtime situation is isolated, we will directly notify any customers whose sites were potentially involved. If the downtime situation affects more than a few sites, a description of the situation will be posted to our blog along with updates and resolutions as they become available. This type of failure can usually be classified into one of 2 categories; Hardware Failure or Configuration Update/Error.

Hardware Failure

A Hardware Failure is the easiest to explain but the least likely to cause downtime on our current system. A Hardware Failure is the failure of a physical component (hard-drive, network cable, etc.). The "Cloud" architecture and the network redundancy currently in use in our hosting environment (the Amazon Elastic Compute Cloud) provides quick, automatic switching when a hardware failure occurs. Most failures like this will not be noticed because the switching takes place nearly simultaneously with the failure. Virtual servers with duplicate images, redundant server hardware and network paths all help to ensure that this type of failure does not normally cause a downtime situation.

Configuration Update/Error

A Configuration Update/Error is an error or downtime event caused by a change in the application environment. At Evanced Solutions we strive for update, installation and maintenance processes that cause a minimal amount of downtime. Minor updates to the server and applications are applied routinely and reviewed for performance as soon as complete. Major updates are tested in a staging environment that is a duplicate (or a portion of) the entire production environment. We will generate an advance email and blog post for updates that affect more than one library.

Security Breach

A Security Breach is a situation whereby a connection to the database or server has been made by a means outside of our normal expected operation. Evanced Solutions routinely monitors (and receives automatic notifications of) situations that can potentially be a security breach. In the event of a security issue we will work with our hosting provider to determine the cause and evaluate the potential validity of the security breach. If valid, we will take steps necessary to isolate the method the breach used and we will directly notify any customers whose sites were potentially involved.
Custom Fields
  • Applicable To: All Users
  • Attachments: No
  • Summary: Hosting Security
Posted - Wed, Sep 28, 2011 at 3:00 PM. This article has been viewed 5470 times.
Filed Under: Frequently Asked Questions, Frequently Asked Questions
0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Comments Comments
There are no comments for this article. Be the first to post a comment.
Icon Add Comment
Name
Email (Required, but not published)
Comment
Security Code Security Code
 
Related Articles
Room Reserve - Reservation Limits
Viewed 4304 times since Wed, Sep 28, 2011
Events and Room Reserve Scheduled Task Setup for Email Notifications
Viewed 16704 times since Tue, Nov 8, 2011
Why do I get a warning message, about removing my event’s attendees information, when I try to edit a recurring event
Viewed 13006 times since Thu, Oct 27, 2011
Evanced Application Hosting FAQ
Viewed 7358 times since Mon, Jun 8, 2015
Staff-side Session Timeout in Events and Room Reserve
Viewed 12045 times since Wed, Sep 28, 2011
How To Events-Change the list of locations
Viewed 6164 times since Tue, Sep 27, 2011
Scheduling Holiday Closings in Events and Room Reserve
Viewed 12660 times since Tue, Feb 14, 2012
Room Reserve to Spaces Feature Comparison
Viewed 17659 times since Mon, Dec 8, 2014
Room Reserve - Credit Card Processing
Viewed 3689 times since Wed, Sep 28, 2011
How do I generate emails for Room Reservation changes
Viewed 4263 times since Thu, Oct 6, 2011
Powered by PHPKB (Knowledge Base Software)