Technology |
Frontend (Desktop): .NET Framework, WPF Frontend (Web): React, TypeScript Frontend (Mac): SwiftUI, React, TypeScript Backend: .NET 6, .NET Framework, Traefik, Consul Hosting: Azure (utilizing Azure VMs, Azure SQL, etc.) Monitoring: Azure Monitor, Prometheus, Grafana |
Browser support |
Chrome: Latest ✔ Safari: Latest ✔ Microsoft Edge: Latest ✔ Mozilla: Latest ✔ Internet Explorer: Not supported |
Cloud platform, |
Backend and web apps are hosted on Microsoft Azure Resources (Azure VMs, Azure SQL, etc.). Data is stored inside the Azure Platform (PaaS). Microsoft Azure is certified with ISO 27001 and PCI DSS among other. For more information on Microsoft Azure security and compliance: Microsoft Azure provides SLA of 99,95% (website and API) and 99,99% for data storage. For info on Microsoft SLA: |
Scaling |
The empower® backend is built and hosted with scalability in mind. |
Geofencing |
empower® can be hosted in all available public Azure regions. During the setup process, we work with our customers to determine the optimal region to use. Azure ensures Backups will not leave the geographical region of the tenant by employing paired data centers within the same geography: |
Data storage |
All data is stored in SQL Azure with regular backups enabling point-in-time restore if necessary. Temporary cache data is stored on Azure VMs. |
Guest and |
Isolation from other Microsoft Azure customers is managed by the Azure backend. With the exception of empower® Express, empower® uses single-tenant databases and application servers for each customer, preventing any user from accessing data from other tenants. Fine-grained access control at the level of library folders ensures that users can only perform tasks they have been authorized to. For empower® Express, a multi-tenant environment, that same robust access-control system is used to isolate customer data. |
Encryption |
All communication between backend and clients (both desktop and web apps as well as third-party integrations) is SSL encrypted (TLS version 1.2/1.3). All data at rest (both databases and VMs / disks) is encrypted by Azure platform-managed encryption at rest (AES-256 Bit). |
Open Source components |
A selection of secure and qualified Open Source components are used and are constantly monitored for patches and security vulnerabilities. |
Data Processing Agreement |
Our general data processing agreement can be found here: For the empower® Express platform the data processing agreement can be found here: |
Authentication |
Open ID Connect is supported out of the box with Microsoft Entra ID and Okta. For on-premises installations, Windows Authentication (Active Directory) using Kerberos and NTLM is also supported. |
SCIM/User Provisioning |
empower® supports SCIM for provisioning user accounts. In addition to SCIM, active synchronization of users (pulling users from the identity provider) is supported for on-premises AD, Microsoft Entra ID and Okta. |
Single Sign-On |
Microsoft Entra ID via App in Microsoft Entra ID (using Open ID Connect). Okta via App in Okta (using Open ID Connect). On-premises installations can also use Windows Authentication (Kerberos / NTLM) for SSO. |
IT security certificates of empower® as an organization |
We possess an ISO 27001 certification. |
Logging |
Successful and failed log-ins are captured by the identity provider (AD, Microsoft Entra ID, Okta, etc.) used by the customer. Last login date for individual users is also logged at the database level. Privileged administrative operations by the empower® operations team are logged within Azure and our external monitoring system. |
Ports used for communication between device and application |
HTTPS (443) port only |
Comments
0 comments
Article is closed for comments.