The technical services team at CMDS has over ten years of experience with operational management and support of cloud-based business applications. Keeping your system online and running smoothly involves much more than mere "web site hosting".
CMDS provides web-based software-as-a-service customer information systems, office and operations information systems, and human resource information systems to its customers (the "Service").
As part of our Service we provide various related management and support services for the underlying system including application and database hosting; hourly, daily, weekly, and monthly backups; daily security audits; daily monitoring of application usage; daily performance monitoring and tuning; scheduled deployment of new releases to Test, Prod, and Demo environments; and infrastructure maintenance and upgrades (e.g., installing and configuring updates from Microsoft to maintain current and supported versions of Windows, IIS, and SQL Server), as explained below in more detail (together, the "Standard Services"). We reserve the right to amend these Standard Services from time to time without notice.
Delivered in partnership with InSite Information Systems Corp., a hosting plan for CMDS will include these features and benefits:
1. Hosting
-
100% Canadian-Based
Our servers are located in data centres physically located in Canada. We follow all Canadian Privacy Laws and mandates concerning the governance and storage of private information.
-
Application and Database Hosting
CMDS provides infrastructure and services to host and manage your operational environment — including the web applications, automated software services, and databases that comprise your system. Our application and database management services include scheduled deployment of new releases, as well as maintenance and upkeep of the underlying software and hardware infrastructure.
-
File System Support
File system restrictions (such as disk space quotas) can be imposed, increased, decreased, or removed based on business requirements and quality of service requirements. We can manage disk quotas and file size restrictions independent of your application (i.e. on a server that is separate from your operating environment), and we can scale our infrastructure based on your expected load and usage requirements. If your requirements call for dedicated hardware and network infrastructure (e.g. upload, download, and/or streaming of large multimedia files) then we can discuss your needs to determine the best and most cost-effective solution.
2. Backups
As part of our software as a service model (SaaS), CMDS performs regular scheduled backups of your system. At any time you can request a copy of your data for offline analysis, reporting, and/or archiving, and CMDS will make a snapshot of your data available to you for secure download. Through the use of industry-leading technologies and flexible enterprise storage hardware, our backup services minimize the potential for data loss and improve your business continuity plans.
-
Backup Technology
Full backups of our Microsoft SQL Server databases are created daily, and differential transaction log backups are created hourly. We use technology from Dell and Quest Software for monitoring and management of database backups, with notification alerts to our technical staff in the event of a backup failure. In addition, to meeting the high level of demand from our customers, CMDS has partnered with R1Soft to offer a Continuous Data Protection (CDP) solution for Windows server file-system backups. This solution enables disk-based data protection, Windows disaster recovery, and bare-metal restore for servers and workstations running the Windows operating system.
-
Remote Backup (off-site)
An effective method for automated backing of data is the first step. Storing that data in a secure, off-site location that is readily accessible for a recovery is the next step. As part of our backup process, CMDS offers remote (off-site) backup services to store files in a secure location that physically separated from operational, production server environments.
With data centres located in Vancouver and Toronto, our Canadian footprint offers geographically separated locations, allowing us to configure a backup process that ensures wide separation between operational servers, online backups, and offline backups. If an online backup is unavailable for any reason then a mirrored backup from an offline location can be used to minimize recovery time.
-
Dedicated Backup Servers
Some applications require a more flexible and more customized solution for data protection and restoration. For customers requiring a larger volume including options for multiple servers, a larger amount of storage, and/or more control over the administration of backup processes, CMDS also offers dedicated backup server storage. This can provide you with complete control over backup schedules and retention policies, giving you access and control over web-based file restore processes and machine restore processes. In this configuration, your data is completely isolated from all other systems on the network and with 256 bit AES encryption you can be assured that your data is completely secure. If needed, you can even install multiple backup agents on your server to support different backup requirements.
3. Security
3.1. System Security
Security services are focused on the protection of your systems and your data. This includes safeguarding the perimeter, as well as ensuring secure access to systems and data by our own staff and by our customers (on the premises or off the premises). CMDS is constantly reviewing and improving its security policies and procedures. All of our services start with robust anti-virus, anti-spam, and anti-malware tools. We can tailor our platform to meet security requirements that are specific to your business. You may be looking to support your existing security infrastructure, or you may be looking to actively manage security-related components within your operating environment. In either case, we have the experience and the tools to keep your data safe and secure. Our system security services include:
-
Managed IPS / IDS
We provide full lifecycle management and 24x7 monitoring of network Intrusion Prevention and Detection Systems including the use of industry-leading HP Tipping Point IPS and Juniper Threat Management Gateway devices.
-
Firewall Management
We provide full lifecycle implementation and management of firewalls, including 24x7 monitoring of firewall appliances. Each firewall can be seamlessly integrated into your existing IT architecture and can be updated to meet new security requirements. We use solutions from Cisco, Juniper, Watchguard, Checkpoint, and Microsoft.
-
Web Application Firewall and Scanning
We provide full lifecycle management and 24x7 monitoring of web application firewalls to keep your business applications running smoothly while meeting corporate governance requirements. This includes URL filtering, web content filtering, and web policy enforcement to protect against inbound and outbound web-borne threats. We offer industry leading applications from Applicure, Incapsula, and Cloudflare.
-
Log Monitoring
We provide 24x7 real-time analyses of logs and alerts from security devices, network infrastructure, servers, and other key assets by certified security experts.
-
Log Retention
We provide services for the collection, archival, search, and reporting of raw log data from devices, network infrastructure, servers, and other log sources.
-
Vulnerability Management
We provide internal and external vulnerability assessments managed by internal staff and by authorized independent third-parties to identify and remediate exposures.
-
Email Security Service
We provide protection against inbound and outbound email threats, spam filtering, archival and policy-based encryption including enterprise-ready tools from Barracuda.
-
Network-Based DDOS Mitigation
Our team can respond quickly to attacks, minimizing overall downtime and minimizing potential disruptions due to the "bandwidth spikes" that often accompany such attacks.
-
Cloud Security Services
We deliver expert guidance and services to help customers integrate cloud-based services into their systems.
-
IP and Threat Management
We utilize industry-leading technology from ThreatSTOP to protect our customers IP addresses and enhance our network-based firewalls to prevent malicious IPs from entering the network.
-
Secure Socket-Layer (SSL) Encryption
Application and database environments are protected with 2048 Bit SSL Certificate Encryption to ensure that the connection between servers and customer web browsers is private and secure. Information transmitted to and from your authorized and authenticated users is encrypted and therefore totally private. SSL helps to ensure our compliance with the Canada Privacy Act (CPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA).
-
SAS70 Certified
Our data centre implements SAS 70 Type II and CICA 5970 Type B certification standards and successfully demonstrates that procedures and controls have been tested by an eligible and authorized third party. The SAS 70 Type II and CICA 5970 Type B audit provide assurance to CMDS customers that your operating environments are secure, reliable, and effective — with proper controls for Internet operations and highly available IT services. These assurances include data centre security, customer security, data storage, access and security.
3.2. Physical Security
Our data centres are located in Canada and utilize security best practices and policies defined by the SSAE 16 Type II standard.
-
Built and Constructed for Ensuring Physical Protection
The exterior perimeter walls, doors, and windows of our data centres are constructed of materials that provide Underwriters Laboratories Inc. (UL) rated ballistic protection.
-
Protection of the Physical Grounds
Our data centre has physical protection barriers that protect the facilities from physical intrusion.
-
Bullet Resistant Glass
Certain areas within the data centre are protected by bullet-proof or bullet-resistant glass.
-
24x7 Security
Our data centre security systems are functioning at all times, complete with uninterruptible power supply (UPS) for ensuring continuous operation.
-
Cages, Cabinets, and Vaults
These physical structures house our equipment to ensure there are no loose or moving components, ultimately ensuring the overall strength and rigidity of the physical hardware components that comprise our servers.
-
Man Trap
Our data centre has a man trap that allows for secure access to the data centre "floor".
-
Electronic Access Control Systems
Access to entry points into (and within) the data centre are protected by electronic access control systems which allow only authorized individuals to enter the facility. Included within this framework are biometric safeguards (such as palm readers, iris recognition, and fingerprint readers).
-
Provisioning Process
Any individual requesting access to the data centre is enrolled in a structured and documented provisioning process for ensuring the integrity of the person entering the facility.
-
Off-Boarding Process
Personnel who no longer work at the data centre (or customers who no longer utilize our facilities) are immediately removed from all mechanisms that grant access to the facility. This includes all electronic access control systems, along with access to all systems, databases, web sites, applications, and any other type of access mechanism that requires authentication and authorization.
-
Visitors
All visitors are properly identified with a current, valid form of identification and are assigned a temporary facility badge allowing restricted access to specific areas within the data centre. This process is also documented in a ticketing system.
-
Alarms
All exterior doors and sensitive areas within the facility are hard-wired with alarms.
-
Cameras
The data centre has security cameras located throughout the premises, including all critical areas, both inside and outside. This includes fixed cameras, as well as pan, tilt, and zoom (PTZ) cameras.
-
Threat Conditions Policy
Our data centre has a "threat conditions policy" in place whereby employees and customers are made aware of any change to current threat levels.
-
Badge and Equipment Checks
Periodic checks are done on employees and customers to verify badge access and equipment ownership.
-
Local Law-Enforcement Agencies
Management has documented contact information for all local law enforcement officials in case of an emergency.
-
Paper Shredding
A third-party contractor is utilized for shredding paper documents on-site, then removing them from the facility. This process is fully documented with physical sign-off.
-
Regulated Climate Control
Heating Ventilation Air Conditioning (HVAC) systems have full particle filtering and humidity control. The climate within our data centre is maintained according to ASHRAE Guidelines. This ensures mission-critical dedicated server and hardware is functioning at its best.
-
Data Centre Security Staff
Security staff perform a host of duties on a daily basis, such as monitoring intrusion security alarm systems; dispatching mobile security officers to emergencies; monitoring to prevent unauthorized access; assisting individuals who have authorized access to enter the data centre; controlling access to the data centre by confirming identity; issuing and retrieving access badges; responding to telephone and electronic communications.
4. Performance
-
Guaranteed Up-time and Recovery Time
CMDS guarantees minimum application up-time of 99.9%. We can increase this up-time guarantee based upon your request for specific hardware and network configuration. For example, with a RAID system that utilizes redundant power supplies we can guarantee 99.99% hardware up-time. We can also guarantee 99.9% network up-time, ensuring your system is online and accessible, with no failures on the data centre side.
In the event of a failure, recovery time can be difficult to predict accurately, as it depends on the type of failure, and the actual time required for a recovery is unique to each individual situation. That being said, if there is a hardware failure of any kind we guarantee to begin the recovery process within 5 minutes of receiving a downtime notification. Our data centres are staffed 24/7 and we maintain spare parts in all server cages.
-
Usage Monitoring and Reporting:
All CMDS applications are developed on an application framework that includes the instrumentation necessary to monitor and report system usage, as well as application response-time and database performance.
-
24x7x365 NOC Support
Our data centre is monitored 24x7x365 with technical and data centre personnel to keep the facilities running smoothly.
5. Application Deployments
-
Configuration Management
CMDS utilizes industry-leading version control systems from SourceGear to manage changes to the source code files used to build your system. Software configuration management involves tracking and controlling changes to software, including revision control and establishment of baselines. In addition, this ensures that our team has secure and centralized change-management repository, enabling CMDS to analyze and report on changes to source.
CMDS's configuration management services also include a rigorous process for review and enforcement of coding standards to ensure that the source files used to build your system follow consistent and cohesive guidelines with regard to naming conventions, coding style, programming language usage, framework usage, product architecture, project configuration, database schema definition, and report definition.
-
Environment Management
CMDS manages several environments for your system, each of which serves a distinct purpose:
- Local: This environment is used by developers and analysts at CMDS for development and internal programmer testing.
- Test: This environment is used by the project team (including authorized customer representatives) for review and testing of application changes requested by your business.
- Production: This is the live operational environment.
- Demo: This is an optional environment that can be used for pre-release end-user acceptance testing, training, and demonstration purposes.
-
Release Management
Effective release management is an important part of our efforts to ensure smooth deployment and ongoing operation of the systems we deliver and support. Our release management services include logistical support to the project team, creation and testing of deployment packages for setup of new releases of your system, and the installation of deployment packages to Production, Test, and Demonstration application environments.
6. Infrastructure Maintenance and Upgrades
-
Web Application Servers
CMDS servers run a licensed and commercially supported version of the Microsoft Windows Server operating system with Microsoft Internet Information Server and Microsoft ASP.NET. Our technical services team is responsible for ensuring that our servers are running the most current and most stable release of the Windows Server operating system, including critical and important patches and service packs released by Microsoft each month.
-
Database Servers
CMDS servers run a licensed and commercially supported version of the Microsoft SQL Server database management system. Our technical services team is responsible for ensuring that our servers are running the most current and most stable release of the SQL Server database management system, including critical and important patches and service packs released by Microsoft each month.
-
File and Media Servers
CMDS recognizes that your data is a critical asset to your business. You need to know that your data is secure, accessible when you need it, and — in case of disaster — quickly recoverable. Our approach to developing and delivering solutions gives you immediate access to enterprise-ready storage. This eliminates the need for you to have your own storage solutions which can be difficult and expensive to maintain and administer.