| Technology |
Frontend (Desktop): WPF Frontend (Web): React, TypeScript Backend: .NET 6, .NET Framework, Traefik, Consul Hosting: Azure (utilizing Azure VMs, Azure SQL, AKS, etc.) Monitoring: Azure Monitor, Prometheus, Grafana |
|
Browser support (2020/Q1 Releases) |
Chrome: Latest ✔ Mozilla: Latest ✔ Safari: Latest ✔ Internet Explorer: Not supported Microsoft Edge: v. 81 + ✔/ below v. 81 (partially supported) |
|
Cloud platform, |
Backend and web apps are hosted on Microsoft Azure Resources (Azure VMs, Azure SQL, AKS, etc.). Data is stored inside the Azure Platform (PaaS). Microsoft Azure is certified with ISO 27001 and PCI DSS among other. For more information on Microsoft Azure security and compliance: Microsoft Azure provides SLA of 99,95% for Kubernetes (website and API) and 99,99% for data storage. For info on Microsoft SLA: |
|
Scaling |
The empower® backend is built and hosted with scalability in mind. For geographically distributed or high load environments, multi-region tenants are possible. |
|
Geofencing |
empower® can be hosted in all available public Azure regions. During the setup process, we work with our customers to determine the optimal region to use. Azure ensures Backups will not leave the geographical region of the tenant by employing paired data centers within the same geography: This also means tenants hosted in the EU will have their backups stored in a different region also inside the EU. |
|
Data storage |
All data is stored in SQL Azure with regular backups enabling point-in-time restore if necessary. Temporary cache data is stored on Azure VMs or AKS disks. |
|
Guest and |
Isolation from other Microsoft Azure customers is managed by the Azure backend. With the exception of empower® Express, empower® uses single-tenant databases and application servers for each customer, preventing any user from accessing data from other tenants. Fine-grained access control at the level of library folders ensures that users can only perform tasks they have been authorized to. For empower® Express, a multi-tenant environment, that same robust access-control system is used to isolate customer data. |
|
Encryption |
All communication between backend and clients (both desktop and web apps as well as third-party integrations) is SSL encrypted. All data at rest (both databases and VMs / disks) is encrypted by Azure platform-managed encryption at rest. |
|
Open Source components |
A selection of secure and qualified Open Source components are used and are constantly monitored for patches and security vulnerabilities. |
| Data Processing Agreement |
Our general data processing agreement can be found here: For the empower® Express platform the data processing agreement can be found here: |
| Authentication |
Open ID Connect is supported out of the box with Azure AD and Okta. Other OIDC providers including proprietary ones can be used on request. For on-premises installations, Windows Authentication (Active Directory) using Kerberos and NTLM is also supported. |
| SCIM / User Provisioning |
empower® supports SCIM for provisioning user accounts. In addition to SCIM, active synchronization of users (pulling users from the identity provider) is supported for on-prem AD, Azure AD and Okta. |
|
Single Sign-On |
Azure AD via App in Azure AD (using Open ID Connect) On-Premises installations can also use Windows Authentication (Kerberos / NTLM) for SSO. |
| IT security certificates of empower® as an organization |
We possess an ISO 27001 certification. |
|
Logging |
Successful and failed log-ins are captured by the identity provider (AD, Azure AD, Okta, etc.) used by the customer. Last login date for individual users is also logged at the database level. Privileged administrative operations by the empower® operations team are logged within Azure and our external monitoring system. |
| Ports used for communication between device and application |
HTTPS (443) port only |
Sign in
Comments
0 comments
Article is closed for comments.