xAssets Hosted Infrastructure
xAssets hosted infrastructure is built around these design goals:
We have achieved 100% availability since we started hosting in 2003. We do this through
military grade server hardening, software hardening,
frequent differential backups, selection of the best hosting providers,
multi-tier redundancy, customer isolation,
and high frequency vulnerability and threat scanning.
xAssets uses enterprise level data center providers who are well known for their support, infrastructure,
network and power redundancy, and enterprise-grade systems.
We maintain two failover servers at different certified providers
to ensure that availability is maintained even if a major outage at the primary DC did occur.
Each data center has a current and successful audit of at least one of the following standards:
- SSAE 16
- SOC 2 type 2
All datacenters provide 24/7 support cover
This reflects in our track record - we have not had an outage since we started hosting our solutions in 2003
The US Air Force granted certification in January 2018 for all xAssets Version 7.x products to be used on the two main
US air force networks - NIPRNET and SIPRNET.
This means the product is written to the highest standards and specifications and
has passed stringent tests covering all aspects of software security in a web based environment.
This makes our products safe to use in web environments.
xAssets goes beyond these standards, so for example we never allow cookies, so data is never left behind
when a browser session is end-tasked by a hacker, and the product the latest TLS/SSL encryption.
xAssets Applications are secured using a combination of Sql Server or Maria DB, IIS and NTFS security options.
Windows Authentication and Database Authentication are supported at the IIS and database level and several SSO providers are supported.
This can enable access to an entire domain for self service or granular access based on the Active
Directory Grouping of a User.
xAssets products support single-sign-on (SSO) through Azure, OneLogin and OKTA. This allows customers
to use their existing corporate security infrastructure to authenticate into your xAssets instance.
Our servers run the latest Windows Server 2022 hardened to US DoD STIG compliance.
We harden firewalls to one SSL port and only a few ports are allowed out.
Our web communications use the latest TLS protocols for SSL encryption and our servers
have no known vulnerabilities.
Vulnerability and penetration tests are performed continuously.
Patching is done weekly and each server is scanned for changes and STIG compliance.
Data at rest is encrypted through disk encryption.
Scalability and Performance
xAssets products always perform and scale well because our databases are properly normalized and indexed,
and bandwidth is kept to a minimum. Our products are written with the latest .NET and database technology
and we use low level programming techniques for performance critical code. We utilize an architecture called "single page applications" (SPA)
which means that only parts of the page need to refresh.
We use hosting providers in the US and the UK so each customers primary server is located within their country.
This means that transatlantic bandwidth limitations do not affect the service.
The servers we host on are powerful bare metal servers, not virtual machines.
This gives the fastest possible response times.
We have looked at Virtualisation benefits, hosting VPNs and
Amazon AWS Cloud and while the business model is attractive it did not meet our
requirements on performance. We host large implementations on bare metal servers dedicated to each customer.
Target response times are 1 to 5 seconds per page refresh. Most customers enjoy response times faster than 1 second for most page transitions.
Backup and Failover
We backup databases continuously and we maintain failover mirrors at a different data center with a different hosting provider.
Backups are also moved to a third failover tier for additional security.
This enables multiple failover options and further options for remediation in the case of unexpected failures.
Failover is a manual process which we practice on every software build.
We know from experience that automated failover can be problematic and most outages are resolved
in seconds or minutes, not hours. This means we are not losing data entered for the duration of an automated failover process.
Backup copies can be copied onto a customers LAN at any time. This enables customers to restore their
database and gives the reassurance some customers need that their data is accessible, protected and secure.
Hosted servers are built to be resilient with disk mirroring, DNS failover, and constant monitoring
100% uptime is a goal we have achieved so far for all our hosting customers since we started hosting in 2003, but of course it's never guaranteed.
Any hosting provider can have an unplanned outage, regardless of the amount of money spent on avoiding that scenario.
We think we have found the best way of managing this risk, through careful choice of multiple providers and
a successful backup and failover infrastructure.