Australian Data Center
Terra Dotta provides hosting services using servers and data center facilities provided by Amazon Web Services (AWS). Our APAC clients are housed in the AWS ap-southeast-2 region, which utilizes data centers in Sydney, Australia. AWS is a worldwide leader in providing scalable, fully-redundant, and secure cloud computing infrastructure to provide highly reliable services to businesses.
Terra Dotta utilizes a variety of services/infrastructural components from AWS, including but not limited to:
- Application load balancers
- Elastic Compute Cloud (EC2) Instances (virtualized servers)
- Security Groups (providing hardware level firewalling capabilities)
- S3 storage for fully AES256 encrypted backups
Information regarding AWS and thier security and compliance posture may be found at: https://aws.amazon.com/compliance/data-center/controls/.
Terra Dotta’s hosted solution operates in a multi-layered architecture that ensures that data is segregated into different firewalled zones to maximize the controls that govern access to our clients data. Database processing operates on separate servers from the application and web servers with strict firewall rules governing access between the layers. Similar controls are utilized in other cases where data flow is required for the operation of Terra Dotta Software (TDS).
Administrative access to the server environment is provided through a multi-layered access policy, which includes:
- VPN access to the Terra Dotta corporate network is required as the initial authorization step
- One VPN access is established, administrators must log into a bastion server protected through the use of multi-factor authentication (provided by Duo Security) using local credentials.
- From the bastion server, administrators must then authenticate to an internal domain that allows role-based access to individual devices and resources within the environment
Server Technical Specifications
Multiple web application servers running in load balanced pairs are used to provide service to our APAC clients. All web/application servers in this environment run Windows Server 2012 R2, Internet Information Services (IIS) 8.5, and ColdFusion 2016 Enterprise.
Database services are provided through the use of servers running Windows 2012 R2 and Microsoft SQL Server 2012 Enterprise.
Software and Data Storage Configuration
Each Hosted customer is set up with separate a database (or data account in the case of SaaS) and file-system storage in a shared server environment. The web application is instantiated from a common code root. Customer information is segregated in application memory. No server-level access is granted to any customer except in separate, protected file directories over an SSH connection via SFTP or SCP (no shell access provided).
Backup, Recovery and Availability
Terra Dotta's hosted systems are backed up nightly, including database, user media files and application code, and a weekly backup is shipped to secure cloud storage (Amazon S3) outside of our data center. Recovery procedures will vary depending on the nature and severity of any critical event involving loss of data or hardware.
The Software and the Site will be available for normal use at least 99.7% of the time, 24 x 7 x 365, excluding scheduled maintenance.
Data Transfer Security
Though technically sites for Terra Dotta clients that are hosted on our systems are available over HTTP, Terra Dotta uses HTTPS redirection to ensure that all communications are encrypted in transit either using a Terra Dotta wildcard SSL certificate or SSL certificates provided by the customer (by customer request).
Transfer of data files to and from Terra Dotta servers for student information systems (SIS), human resources (HR), or other data integration purposes is achieved via using Secure File Transfer Protocol (SFTP) or Secure Copy (SCP), which are industry-standard protocols for secure file transfer. Uploaded data files are accessed, processed and then deleted from the client-specific SSH receiving folders through automated processes that have limited access to our client’s data.
Terra Dotta requires that our clients utilize public private key pairs for authentication to our SFTP servers and further requires that the keys be of sufficient strength to adequately protect the client data that flows between campus information systems and Terra Dotta servers. Currently the required strength of the key pairs is set at a minimum of RSA 4096 bit keys.
Terra Dotta Hosting uses Microsoft SQL Server 2012 database software. If your institution currently has an installation of TDS on housed on your campus that uses a different database platform (e.g., Oracle or MySQL), it will need to be converted to Microsoft SQL Server before it will be able to be migrated to Terra Dotta’s hosted systems. Terra Dotta’s Professional Services Team can provide assistance with such a migration as an added service.
Terra Dotta is responsible for performing all software installations and updates to hosted servers. This includes the server operating systems, database software, ColdFusion, Terra Dotta software and all hotfixes, patches and version upgrades.