IBIS Technology

There are 2 configuration options for your IBIS server. The most common scenario is to have your system hosted on the IBIS servers, but you can also choose to host your server onsite at your business. You can learn more about the different options available in this article and also find out about how to secure access to your online reporting using two-factor authentication.

TABLE OF CONTENTS

• Hosted by IBIS
• Installed onsite at your business
• Two-factor authentication

Hosted by IBIS

Hosted in our secure server farm, with the server running under IIS. Clients use http/s to connect over standard http/s ports in your firewall. We look after all backups of server databases and maintenance of the server, ensuring that your data is protected.

Your data is safe with IBIS

Our co-location facilities at Oxygen IT are specifically designed to provide a secure and safe hosting environment. Oxygen IT Ltd is privately owned, providing professional computer network, security, project management and consultancy services.

Oxygen's Christchurch datacentre is a T1 level facility accessed only by authorised, police vetted, Oxygen IT technicians. It provides 3 fibre channels (FX, Vodafone, Spark) and a Wireless channel (private), 4 upstream bandwidth sources, underfloor climate control, centralised UPS, autostart diesel generator backup power supply, and specialist support available. Their Palmerston North datacentre is a T2 level facility, with restricted access only by Oxygen IT technicians. It has 2 Fibre channels (FX, Vodafone), and a diesel generator onsite.

Oxygen IT core: Cisco, Allied Telesis, IBM Blade and Flex nodes and some HP.

Our Australian hosted servers on Microsoft Azure Dedicated Host are also secure by design.

All servers in NZ and Australia are protected by strict firewall rules allowing remote access only from specified locations. Remote access requires a username and password, then to log on to any server a Windows username and password are required.

A username and password are also required to access any database stored on the IBIS servers. Strong passwords are used in all situations.

Database Security and Backups

For customers in New Zealand, your database is stored within the Christchurch datacentre on IBM SAN's and IBM Nodes and replicated nightly using Veeam software to Palmerston North on Oxygen's secure link.

For customers in Australia, your database is stored within the Microsoft Azure platform on a dedicated host server, with backups as per the below specification.

As a further measure, IBIS perform additional backups, enabling us to ensure a high level of data security, quickly restore databases if required and easily copy a database for testing and maintenance purposes.

• Log shipping to Azure-hosted server is carried out every 15 minutes to minimise data loss and to provide an additional failover platform in the event of server failure
• A full backup is captured every night and stored on the Amazon S3 platform
• We are notified immediately if the backup has not worked
• Your backups are stored for 3 months before deleting
• IBIS can access the latest backup copy of your database at any time for technical support and maintenance purposes
• In the event your database is compromised in any way IBIS can help you restore a backup quickly and easily 

Data stored in Amazon S3 is secure by default; only bucket and object owners have access to the Amazon S3 resources they create. Amazon S3 supports multiple access control mechanisms, as well as encryption for both secure transit and secure storage at rest. With Amazon S3’s data protection features, your data is protected from both logical and physical failures, guarding against data loss from unintended user actions, application errors, and infrastructure failures. The various data security and reliability features offered by Amazon S3 are described in detail here: http://aws.amazon.com/s3/details/#security. Azure is also very secure, further details can be found on the Azure website https://azure.microsoft.com.

Installed onsite at your business

IBIS is a Microsoft technology solution that follows standard Microsoft architecture practices. It is a client/server solution. The server consists of an SQL Server database and IIS web service application.

This option requires a dedicated server computer (or virtual server) that meets the specifications detailed in the Recommended Hardware article under the heading Server Computer Specifications.

It also requires IBIS engineers to access the server for maintenance, achieved by using TeamViewer or Remote Desktop across a VPN.  In addition, we must be able to run your IBIS application from outside your network either using https or across a VPN. Firewall configuration must allow clients to browse to ibisnz.com and ibis.co.nz internet addresses.

IBIS employ stringent security measures to make sure your data is safe, however, you are responsible for database backups unless you contract us to do them on your behalf. You are also responsible for maintaining your server with updates and security patches.

Two-factor authentication

Two-factor authentication can be enabled on IBIS Online to require your team to enter username, password and authentication code before they can access the IBIS system. We recommend this is enabled to provide greater security for your data.