Laserfiche WebLink
SOLICITATION # CH16012 <br />servers can fail without interrupting the user experience, and our database <br />servers are clustered for failover. We regularly back up customer data. <br />We have implemented a multi -tiered architecture leveraging a strategy of <br />"defense in depth" with 6 tiers of virtual networks (VLAN) for separation at <br />each delivery layer. Network traffic is logged and monitored with live <br />monitoring through an Intrusion Detection System (NIDS), and controlled <br />through a series of switches and routers whereas data must pass through <br />each tier in order to get to the next tier. <br />In addition to Physical (site) security, the logical network stratification includes <br />the following: <br />Tier 1 (External VLAN/firewall) - The first tier consists of the external network <br />and perimeter firewalls. These provide an initial layer of defense and protect <br />the following layers from unauthorized access. Note that port 443 (HTTPS for <br />web traffic) is the only port open. <br />Tier 2 (Internal VLAN/firewall) - A de -militarized zone (DMZ) exists with load <br />balancers. The DMZ provides a second line of defense while the load <br />balancers are the first layer of scalability for the service delivery. The DMZ <br />functions as a ""neutral zone"" between the network and the outside public <br />network. <br />Tier 3 (Web VLAN) - The Web tier presents the User Interface to the <br />application, and separates the application, reporting and utility servers from <br />the other tiers. <br />Tier 4 (Application VLAN) - The Application tier contains the business logic <br />and transaction servers, and is managed through clustered, high availability <br />(HA) servers. Pre -configured as "Pods", additional servers can be added as <br />needed to provide scalability and performance. <br />Tier 5 (Database VLAN) - The database tier is protected by an additional set <br />of perimeter firewalls. The database processing is executed on database <br />servers leveraging a multi -tenant, fully qualified database schema. <br />Tier 6 (Storage VLAN) - Data is persisted to disks with include a Storage Area <br />Network (SAN). Prior to store, data is encrypted by way of data appliance with <br />AES-256 bit encryption. <br />VMware <br />VMware IaaS Services <br />At the tenant level firewall services are provided via the vCloud Networking & Security Edge <br />Gateways for customers to configure and maintain. Firewall policies can be used to restrict and <br />manage public/Internet-based traffic and create DMZ zones for multi -tier applications. Firewall <br />policies can also be used to configure access policies between internal IP networks and VxLAN <br />segments. Stateful inspection firewalling can be applied on the external interface of the vCNS <br />Edge Gateway. <br />VMware architects, provisions, monitors and manages the vCloud Hybrid Service infrastructure <br />and surrounding components. As described in the AT 101 (ISO 27001) report, access points such <br />as delivery and loading areas and other points where unauthorized persons may enter the <br />premises are controlled and, if possible, isolated from information processing facilities to avoid <br />unauthorized access. The details of this control are not disclosed publicly. <br />VMware AirWatch <br />We implement multiple security measures to protect hosted servers, including physical and logical <br />controls. Due to FOIA requirements and the competitive EMM marketplace, we cannot provide <br />specific architecture details at this time. <br />carahsoft 88 carahsoft <br />