×
Created with ZedIndex

Hosting

Last updated: February 5, 2023

You can use our software both on-premise or in our Microsoft Azure Cloud. As a Microsoft Silver Partner, CE-iT offers two types of hosting:

  • Shared: a shared virtual server with separate databases for individual customers.
  • Dedicated: private virtual servers that are not shared with other customers.

This pages describes the default setup. Microsoft Azure is a near infinite platform regarding options and so is our cloud. Please contact in case of specific requirements.

Platform basics

  • Hosting is based on Microsoft Azure Cloud Solution Provider (CSP) network.
  • We use Microsoft Remote Desktop Services for delivery.

Azure setup

The below diagram displays our default setup. Customer data is separated either per Azure blob (completely isolated disk) or per our regular user right and policy system. It guarantees that a customer can only access its own data.

Diagram of the CE-iT cloud in Microsoft Azure.

It’s not possible to access data directly from the internet due to the separate layer. The RDS gateway server accesses this for the user, after logging in on the RDS gateway’s secured web login.

E-mail

E-mails are sent out using our SMTP services or Microsoft Exchange Web Services. In the event of regular SMTP we support SPF and DKIM (=DMARC compliance). For sending with your own domain we require a SPF record for our mail servers.

More information about signing e-mails: Sending secure e-mails with SPF and DKIM.

Security

  • The application data and its database component are stored in a protected layer within the Microsoft Azure cloud.
  • The application is streamed to the client from another layer.
  • All communications to the cloud originate and are received by a RDS gateway server residing in a DMZ (de-militarized zone) layer.
  • All users that have access to the network are managed on a CE-iT Active Directory server that resides in our whole Azure cloud but serves the customer’s network per protected Active Directory O.U. (Organizational Unit)
  • The connecting client’s traffic is encrypted (2048 bits RSA encryption) from the RDS gateway’s web login and encapsulated any further traffic within this stream.
  • By default we allow HTTPS and sFTP traffic. Additional ports or services can be added for individual customers.

Backups

There are several backups that run in the background with different intervals. These are stored on a redundant Azure storage pool in different Azure Region.

Shared vs Dedicated hosting

Shared environment

  • User accounts exists within an Active Directory that is shared with other customers. Separation occurs through Organizational Units that are protected by WRM (Windows Right Management) and policies.
  • Both traffic and server load are shared between all customer’s yet separated in their own applications and client streams.
  • Our clouds are dynamically scalable through Microsoft Azure bursting. This means that high load by another customer doesn’t effect performance in your session(s).

Dedicated environment

  • The diagram stays the same with the difference that the whole cloud is owned by the customer.
  • No shared resources exist and the management server is also dedicated to one customer.
  • The option for more custom settings based on customer requirements.