xAssets Hosted Infrastructure
xAssets hosted infrastructure is built around the design goals listed below:
- Reliable Data Centers with certifications including HIPAA and SSAE 16
- Fast response times
- Scalable to the largest enterprises
- Continuous backup and failover capability
- Customers can copy backups onto their own network
- Service Level Agreements exceeded
- 100% Uptime
xAssets only uses enterprise level data center providers who are well known for their support, infrastructure, network and power redundancy, and enterprise-grade systems.
We maintain failover servers outside of our main providers at other certified providers,
to ensure that availability is maintained even if a major outage at the primary DC did occur.
By choosing certified data centers we can be confident that our servers are less likely to fail, and that a rapid response is available if a failure occurs
Each data center has a current and successful audit of at least one of the following standards:
- SSAE 16
- SOC2 type 2
All datacenters provide 24/7 support cover
This is reflects in our track record — we have not had an outage since we started hosting our solutions in 2003
The US Air Force granted certification in January 2018 for all xAssets Version 7.x products to be used on the two main
US air force networks - NIPRNET and SIPRNET.
This means the product is written to the highest standards and specifications and
has passed stringent tests covering all aspects of software security in a web based environment.
This means that the products are safe to use in web environments and best practises have been deployed.
xAssets goes beyond these standards, so for example we never allow cookies, so data is never left behind
when a browser session is end-tasked by a hacker, and the product requires high encryption SSL to function
thus disallowing low security communication protocols. Despite this there is no compromise on the end user.
xAssets Applications are secured using a combination of Sql Server or Maria DB, IIS and NTFS security options.
Windows Authentication and Database Authentication are supported at the IIS and database level and several SSO providers are supported.
This can enable access to an entire domain for self service or granular access based on the Active
Directory Grouping of a User.
Security can also be an issue for Discovery processes. Hosted implementations (and Onsite Implementations)
can use one or more local Collection Servers, placed at strategic network points, to facilitate the discovery
of local assets using specific sets of credentials.
Scalability and Performance
xAssets products always perform and scale well because our databases are properly normalized and indexed,
and bandwidth is kept to a minimum. Our products are written with the latest .NET and database technology
and we use low level programming techniques for performance critical code. We utilize an architecture called "single page applications" (SPA)
which means that only parts of the page need to refresh.
We use hosting providers in the US and the UK so each customers primary server is located within their country.
This means that transatlantic bandwidth limitations do not affect the service.
The servers we host on are powerful bare metal servers, not virtual machines.
This gives the fastest possible response times.
We have looked at Virtualisation benefits, hosting VPNs and
Amazon AWS Cloud and while the business model is attractive it did not meet our
requirements on performance. We host large implementations on bare metal servers dedicated to each customer.
Target response times are 1 to 5 seconds per page refresh. Most customers enjoy response times faster than 1 second for most page transitions.
Backup and Failover
We backup databases continuously and we maintain failover mirrors at a different data center with a different hosting provider.
Backups are also moved to xAssets LAN in the UK. From there backups are stored encrypted on tape and kept at a secure facility.
Backup copies can be copied onto a customers LAN at any time. This enables customers to restore their
database and gives the reassurance some customers need that their data is accessible, protected and secure.
We run failover servers in the US and UK, and we also restore backed up databases onto VM's on the xAssets Corporate LAN.
This enables multiple failover options and further options for remediation in the case of unexpected failures.
Failover is a manual process, we know from experience that automated failover can be problematic and most outages are resolved
in seconds or minutes, not hours. This means we are not losing data entered for the duration of an automated failover process.
Hosted servers are built to be resilient with disk mirroring, DNS failover, and constant monitoring
100% uptime is a goal we have achieved so far for all our hosting customers since we started hosting in 2003, but of course it's never guaranteed.
Any hosting provider can have an unplanned outage, regardless of the amount of money spent on avoiding that scenario.
We think we have found the best way of managing this risk, through careful choice of multiple providers and
a successful backup and failover infrastructure.