SaaS Infrastructure Details

Important

We’ll talk about our own infrastructure security policies in the next parts of this document, therefore they’re irrelevant if you choose the On-Premise option.

Hosting Policies

Toucan Toco SaaS applications are all hosted on dedicated bare metal servers provided by Iliad.

The datacenter center DC3 is physically located in Vitry (France) and respects all hosting standards (security, network, client isolation):

All the details of our infrastructure provider are described in its official public documentation.

Please also note our hosting providers never get access to our servers, logs or your data. They are only an hardware and services suppliers.

Infrastructure Security Policies

DDOS prevention

All our servers come with a standard DDOS protection, including automatic mitigation from common attacks with a geographic based database.

All the details of the DDOS protection implementation are described in its official public documentation.

Network filtering

From Internet

We respect the usual good practices for SaaS hosting:

  • We only expose HTTPS, HTTP (which is automatically redirected to the HTTPS) and SSH services.
  • We do not expose management interfaces directly on Internet. We require a VPN connection first, using a strong 2-factor authentication (certificate and credentials).

Between instances

On our cloud offer, we ensure that each of our client data are very well isolated from any other client’s one. Each client runs different private containers for:

  • its application server (API)
  • its database (MongoDB)
  • its cache (Redis) Containers are operated by Docker, linked using Docker networks and exposed only to the necessary other containers (e.g.: Redis container is not linked to MongoDB container).

Thus, only the container API is able to reach the associated database container.

We ensure isolation between clients with different docker networks.

Of course with dedicated SaaS mode, all your stack will be isolated by design because you will get your own dedicated server in the Toucan Toco infrastructure.

System Security

OS hardening

We apply this policy to ensure our servers stay safe anytime:

  • fail2ban on HTTPS, SSH and on the Toucan app (on failed logins) to prevent brute-force
  • management interface password access disabled
  • management interface root access disabled
  • management interface login gracetime
  • management interface auto-logout on inactivity
  • IPv6 disabled

We enforce standard SSL transport by authorizing only strong cipher suites. You can audit this by checking our SSL-Labs test results.

Rights management

Our containerized infrastructure prevent any malicious propagation if a container is compromised.

Containers communicates on a private network and can’t access to resources from other containers except from explicitly defined ones on selected ports.

Furthermore, all files uploaded by users are never stored in a file system (but in a database), preventing malicious files to be executed remotely.

Accounts management

Secrets and credentials like:

  • database accounts
  • API secrets (JWT signature) are unique for each of our clients, and strong enough not to be brute-forced (complexity and length).

We deactivate the use of system passwords on management interfaces.

Nevertheless, we make sure they’re never stored in plain text on file systems.

SSH access is only available for Toucan Toco’s administrators.

Only PubkeyAuthentication is allowed and key should respect the following requirements:

  • keys should be RSA
  • with a size of 4096 bits
  • protected by a passphrase

Admin privileges and SSH keys are automatically managed by our Ansible playbooks. The management is a fully automated process with no manual actions of Toucan Toco’s administrators.

Partition Encryption

System or data partitions are not encrypted. But as explained earlier in this doc, even in a case of mutual instances, everything is containerised and isolated by design thanks to Docker.

Moreover, keys, application and databases’s passwords are dedicated and different for each instance/project.

Multiple Environments

We operate separated staging, preprod and production environments, that are exactly the same with the same backup and monitoring policy.

We considered our demo as a separate customer that would be us! Testing and auditing it will give you the same results as if it was your own instance.

LoadBalancer and Failover

Currently the whole front-end stack is fully redundant with a round robin loadbalancer system.

We can lost the half of our front-end stack without any disruption. The recovery process is fully automated and the convergence time is less than 1 minute.

Disaster Recovery Plan - DRP

If our datacenter is the victim of a major and critical issue and we lost all our production servers our service will be degraded during the recovery time.

We currently don’t have a fully automated datacenter fallback process. However we have reserved ressources in another Online Datacenter where we can redeploy our full infrastructure and data with our automated scripts (thanks to our Infrastructure as Code policy).

By design the DRP of a production client stack is just a basic migration process (redeploy, backup restoration and potential DNS changes) and each step is fully automated.

We use our migration procedure at least one time a month. Our DRP is the same approach but for all our production and client instances and it’s is fully automated.

If we need to restore from scratch our infrastrcture, we will continue to respect our SLA.

General Data Protection Regulation - GDPR

Toucan Toco has already filed a statement with the CNIL (Declaration Number: 2129004 v 0). Legal notices on the use of data collected via the website are also available on the Toucan Toco website.

The new requirements of the GDPR are paramount and our team is working diligently to adjust the processes in place to comply with these requirements.

This involves:

  • continue to invest in our security infrastructure
  • ensure that the appropriate contractual conditions are in place

Please check our dedicated public note about it for more details and informations.

Service Level Agreement - SLA

Our SLA includes the following points:

  • Clients are able to connect to the Toucan Toco application 24/7 all year long, excepting during maintenance or infrastructure operations. When these operations produce downtimes, they are scheduled out of business hours, and the Toucan Toco ops team will warn the clients by mail with details about the downtime period.
  • Toucan Toco applications got an uptime of 99% over a calendar month.
  • The whole infrastructure is monitored and backuped 24/7 all year long.