Difference between revisions of "Startup FAQ"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 34: Line 34:
* IP address of callers
* IP address of callers


==== Authentication ====
Single sign on integration is included for
Single sign on integration is included for
* ADFS
* ADFS
* LDAP (and AD)
* LDAP (and AD)
* Google, Azure, Facebook, LinkedIn
* Google, Azure, Facebook, LinkedIn
==== Anonoumous users (option) ====
External user can acces data via the following methods
* Create new records: Use public link, with CAPTCHA option
* Edit existing records: Specific expirable link sent to user


=== Authorization ===
=== Authorization ===

Revision as of 11:53, 19 February 2020

Data handling

Storage and backup

You can choose between

  • On premisis (customer location)
  • Cloud hosting

Cloud hosting will be handled on Amazon Web Services Europe (AWS) datacenters in either Ireland or Sweden.

Backup is done to segregated triple redundant storage

  • Nightly for 2 months
  • Monthly for 2 years

Access and ownership

Data in the systems belongs to exclusively to the customer.

TS support will in some cases need to access data under non-disclosure obligations.

GDPR compliance and retention

The platform contains everything needed for GDPR compliance in your systems.

Using workflow automation automatic deletion or anonymization can be set up: This should be configured in accordance with your data retention and privacy policy.

A data processing agreement will be issued to your organization automatically.

Security

Authentication

Authentication is based on username/password.

Optionally 2-factor authentication can be set up using af mix of

  • SMS sent to phone
  • IP address of callers

Authentication

Single sign on integration is included for

  • ADFS
  • LDAP (and AD)
  • Google, Azure, Facebook, LinkedIn

Anonoumous users (option)

External user can acces data via the following methods

  • Create new records: Use public link, with CAPTCHA option
  • Edit existing records: Specific expirable link sent to user

Authorization

User permissions are granted via inheritable group membership

Authorization schemes

  • Field level control
  • State model
  • Data ownership

Additionally special roles can be assigned

  • Administrator (backend)
  • Bulk operations

Encryption

Transport encryption is based on SSL via HTTPS policies

  • Cloud hosting includes option for free SSL certificates

Storage encryption is best handled via operating system measures

  • Linux: LUKS
  • Windows: Bitlocker

Passwords are hashed using BCrypt algorithm.

Protection

Platform complies with all requirements in OWASP level 2

  • Hacking: SQL injection, XSS, CSRF
  • Password policies

Requirements

Languages

Frontend can run multiple languages simultaneously.

  • Preconfigured languages
    • English
    • Danish
  • Other languages can be setup in the backend

Backend language is English

Software

User clients

A modern browser is needed

  • Chrome
  • Mozilla firefox
  • Microsoft edge

To use certain features an office suite will be needed (any version later than 2010)

Servers (option)

Cloud hosting servers will not require any additional software

On premises installations will need

  • Java 7+
  • MySQL 5+
  • Servlet engine

Technical skills

Normal user

Users will need no special training for basic usage.

Some users may require ½ day training, for learning advanced features such as:

  • Reporting and personal views
  • Bulk data handling (import/export)

Developer (option)

This role is optional for customers wanted to develop solutions inhouse.

In order to build and maintain applications 1 day of training is needed.

Administrators (option)

This role is optional for customers using on premisis hosting.

Perfom platform maintenance upgrade requires very little skill, as the software is self-upgrading

  1. Stop service
  2. Copy archieve
  3. Start service

Licenses

Normal users

Only active users are paid for, down to a minimum of 5.

A service can be configured in order to automatically deactivate inactive users.

Anonoumous users

Anonymous users are paid for per active interface (access to a solution):

  • All users using a specific interface is counted as a single user license (1 SUL).
  • Solutions can support multiple anonymous users via multiple interfaces

Light users

Some users will only cost a fraction of a normal user license (1/4 SUL)

  • Only read access
  • Infrequent users
  • Simple solutions