uniFLOW Online is hosted in multiple Microsoft Azure data centers granting compliance and data sovereignty for the respective region whilst safeguarding your data’s confidentiality.
Microsoft Azure regional data centers
The Microsoft Azure data centers in use by NT-ware are distributed globally (UK, Netherlands, US, Singapore, Australia and Japan). Deploying uniFLOW Online into Azure ensures we are running on an incredibly robust, resilient and scalable platform. Making use of Azure’s features, uniFLOW Online can be a completely elastic solution, scalable to fit any customer’s demands. Cloud-load-balancing, automated scaling sets and local/ geo redundant storage ensures your data is safe and always available.
uniFLOW Online deployment | Azure region (primary region) | Azure region pair (secondary region) |
---|---|---|
Canada | Canada Central (Toronto) | Canada East (Quebec City) |
Europe | West Europe (Amsterdam, Netherlands) | North Europe (Dublin, Ireland) |
UK | UK South (London, England) | UK West (Cardiff, Wales) |
Japan | Japan East (Tokyo, Saitama) | Japan West (Osaka) |
Australia | Australia Southeast (Victoria) | Australia East (New South Wales) |
Singapore | Southeast Asia (Singapore) | East Asia (Hong Kong) |
USA | East US (Virginia) | West US (California) |
Data sovereignty and compliance – local data remains local
Each Microsoft Azure data center respects data sovereignty and achieves compliance by storing regional customer data within the area it is collected. This data is then subject to the laws and regulations of that specific region.
Protecting and securing your data
Data in transit
Microsoft Azure data centers ensure maximum security by encrypting data according to industry-standard protocols. TLS 1.2 protects data in transit between Microsoft cloud services, and TLS 1.2 is the minimum protocol for all uniFLOW Online deployments and the components involved in the solution. TLS 1.3 with Perfect Forward Secrecy (PFS) is used for Canon imageRUNNER devices and browser connections where supported.
An additional layer of encryption is provided at the infrastructure layer in Microsoft Azure data centers. Whenever Microsoft Azure customer traffic moves between data centers, like in a Geo-Redundant Storage (GRS) Azure Storage Account scenario, a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards is applied from point-to-point across the underlying network hardware. This prevents physical ‘man-in-the-middle’ or snooping/wiretapping attacks.
Data at rest
All uniFLOW Online customer data at rest is stored in Azure Storage Accounts and is encrypted and decrypted transparently using 256-bit AES encryption. Microsoft-managed keys are utilized for all uniFLOW Online deployments. Microsoft is responsible for encryption key storage, key control, and key rotation. Further information on Azure Storage: Azure Storage encryption for data at rest
Data redundancy
All customer data at rest is stored in Azure Storage Accounts. To maintain data availability and durability, Azure Storage accounts in every uniFLOW Online deployment are set up for Geo-Redundant Storage (GRS).
Data is stored in the primary Azure region of the uniFLOW Online deployment and is copied three times using Locally-Redundant Storage (LRS). LRS provides at least 99.999999999% durability for objects during a given year. As well as the copies stored in the primary Azure region, another three copies are stored in a paired Azure region i.e., GRS provides all the features of LRS storage in the primary Azure region and secondary LRS data storage in the paired Azure region. GRS offers durability for storage resources of 99.99999999999999% over a given year.
Please look at the first drop-down of this page, ‘Microsoft Azure regional data centers’ for Microsoft Azure primary and secondary regions for the uniFLOW Online deployments.
Further information on Azure Storage redundancy: Azure Storage redundancy
Further information on cross-region replication in Azure: Cross-region replication in Azure
Azure data center physical security and compliance
Conditions within Microsoft Azure data centers ensure safety and reliability. Each facility is designed to run 24/7, 365 days a year, and employs various measures to protect operations from power failure, physical intrusion and network outages. The data centers comply with industry standards, such as ISO 27001, for physical security and availability. They are managed, monitored and administered by Microsoft operations personnel.
Further information on physical security of Microsoft data centers: Microsoft Physical Security of Data Centers
Further information on Microsoft compliance offerings: Microsoft Compliance offerings
Transparency – health and status monitoring
Keeping customers informed is a crucial part of the NT-ware Operations team’s management role. During any incident the possible impact for our customer is analyzed and a communication process initiated. We communicate globally through our uniFLOW Online Status Page. We know communication is key, therefore we endure to provide timely updates and important information exchange. You can subscribe to receive updates via Atom/ RSS feed (recommended) or email, instructions here.
Information as to how NT-ware Operations manage any incidents, from detection to close, can be found on the NT-ware Operations page. NT-ware will additionally manage communication to our distribution channels in order to manage local questions.
DNS and IP listing for firewall filtering
We recognize that some customers filter outbound web traffic in order to extend security measures to traffic that leaves a network. For this reason, we publish our global infrastructure IP addresses. This can also be helpful if you need to add exclusions for some proxy and packet filtering technologies. The required DNS and IP addresses for each uniFLOW Online deployment can be found here: NT-ware and uniFLOW Online DNS and IP addresses.