Hosting Environment
Terra Dotta provides hosting services using servers and data center facilities provided by Amazon Web Services (AWS). Our APAC clients are housed in the AWS AP-Southeast-2 Region, which utilizes data centers in Australia. AWS is a worldwide leader in providing scalable, fully redundant, and secure cloud computing infrastructure to provide highly reliable services to businesses.
Terra Dotta utilizes a variety of services/infrastructural components from AWS, including but not limited to:
- Application load balancers
- Elastic Compute Cloud (EC2) Instances (virtualized servers)
- Security Groups (providing hardware-level firewalling capabilities)
- S3 storage for fully AES256 encrypted backups
Information regarding AWS and their security and compliance posture may be found at: https://aws.amazon.com/compliance/data-center/controls/.
Technical Configuration
Terra Dotta’s hosted solution operates in a multi-layered architecture that ensures that data is segregated into different firewalled zones to maximize the controls that govern access to our client's data. Database processing operates on separate servers from the application and web servers with strict firewall rules governing access between the layers. Similar controls are utilized in other cases where data flow is required for the operation of Terra Dotta.
Administrative access to the server environment is provided through a multi-layered access policy, which includes:
- VPN access to the Terra Dotta corporate network is required as the initial authorization step
- Once VPN access is established, administrators must log into a bastion server protected through the use of multi-factor authentication (provided by Duo Security) using local credentials.
- From the bastion server, administrators must then authenticate to an internal domain that allows role-based access to individual devices and resources within the environment.
Server Information
Multiple web application servers running in load-balanced pairs are used to provide service to our APAC clients. All web/application servers in this environment are hardened, monitored, and maintained to ensure we provide a secure and resilient platform for our clients.
Software and Data Storage Configuration
Each Hosted customer is set up with a separate database (or data account in the case of SaaS) and file-system storage in a shared server environment. The web application is instantiated from a common code root. Customer information is segregated in application memory. No server-level access is granted to any customer except in separate, protected file directories over an SSH connection via SFTP or SCP (no shell access provided).
Backup, Recovery, and Availability
Terra Dotta's hosted systems are backed up nightly, including database, user media files, and application code, and a weekly backup is shipped to secure cloud storage (Amazon S3) outside of our data center. Recovery procedures will vary depending on the nature and severity of any critical event involving loss of data or hardware.
The Software and the Site will be available for normal use at least 99.7% of the time, 24 x 7 x 365, excluding scheduled maintenance.
Data Transfer Security
Though technically sites for Terra Dotta clients that are hosted on our systems are available over HTTP, Terra Dotta uses HTTPS redirection to ensure that all communications are encrypted in transit either using a Terra Dotta wildcard SSL certificate or SSL certificates provided by the customer (by customer request).
Transfer of data files to and from Terra Dotta servers for student information systems (SIS), human resources (HR), or other data integration purposes is achieved via using Secure File Transfer Protocol (SFTP) or Secure Copy (SCP), which are industry-standard protocols for secure file transfer. Uploaded data files are accessed, processed, and then deleted from the client-specific SSH receiving folders through automated processes that have limited access to our client’s data.
Terra Dotta requires that our clients utilize public-private key pairs for authentication to our SFTP servers and further requires that the keys be of sufficient strength to adequately protect the client data that flows between campus information systems and Terra Dotta servers. Currently, the required strength of the key pairs is set at a minimum of RSA 4096 bit keys.
Software Support
Terra Dotta is responsible for performing all software installations and updates to hosted servers. This includes the server operating systems, database software, ColdFusion, Terra Dotta software, all hotfixes, patches, and version upgrades.