Previous steps: GDPR - Data Protection Guide
Total Synergy follows Azure reference architecture to run a web application in multiple Azure regions for high availability.
A detailed diagram of the reference architecture is available here.
This article will walk through the architecture and cover the following:
In general, Synergy cloud follows this architecture with subtle differences as follows:
1. Synergy cloud uses a separate DNS provider and not Azure DNS to comply with Synergy DNS architecture.
2. Synergy Cloud uses ‘Azure Cloud Service’ instead of ‘Azure Function Apps’. Our usage of ‘Azure Cloud Service’ has proven reliable and cost-effective over the last seven years of usage.
3. Synergy Cloud uses Azure SQL Database. Cosmos DB is not used by our solution.
4. We plan to use Azure Search in the future.
5. All components of Synergy Cloud use either Azure Standard components or Azure Premium components to achieve high availability and high redundancy.
a. All components used have an uptime SLA of no less than 99.9%
b. All customer data is geo-replicated and backed up (see details below).
Data availability and monitoring
Backup and disaster recovery
1. Synergy Cloud database (business data).
a. The Synergy Cloud database uses multiple technologies for backup.
i. Point-in-time restore is supported for the last 35 days of operation. We can restore the database to any point within the last 35 days
ii. Long term backup[ii] is used to back up the database in the following frequencies:
1. 15 x weekly backups are stored
2. 12 x monthly backups are stored
3. 8 x yearly backups are stored
b. When restore is required (extremely rare)
i. A new environment is built.
ii. This environment is restored to a historical time as required.
iii. Data can then be inspected or even fixed for one or multiple tenants by querying the data from the restored database and comparing it to the data in the production database.
iv. A restore takes between 2-4 hours
2. Synergy Cloud ‘blobs’ (files)
Blobs host files uploaded to the cloud.
a. A blob versioning solution is implemented in code to make sure files are never deleted. Any new file created gets a new version and the original file is stored and made available to the user as an old versioned file.
b. For additional safety, soft delete is used to prevent data loss even if a blob is accidentally deleted. A retention policy of 200 days is used to prevent data loss for blobs accidentally being deleted.
Customer on-premises backup
1. We believe that customers own their data.
2. Synergy Cloud provides a built-in tool to manually extract a full backup of a customer database into an excel file.
3. Our roadmap includes automation of this tool to export a customer backup weekly to an FTP site/email. This allows customers to automate downloading their backup to an on-premises backup.
Synergy Cloud data is stored in Azure using platform-as-a-service (PaaS) components with built-in high availability.
This solution involves several levels of protection to ensure high availability.
1. Synergy Cloud database
a. The Synergy database uses Azure SQL PaaS solution which guarantees availability (even when the machine running the SQL database fails). Microsoft guarantees 99.99%[iii] availability for this solution[iv].
b. The Synergy database is also geo-replicated (read-only replica) between two Azure regions. This guarantees availability in case of complete site failure.
2. Synergy Cloud blobs (files)
a. Synergy Cloud uses geo-redundant storage to guarantee availability in case of a complete site failure. Microsoft guarantees 99.99999999999999% (16 9's) durability of objects over a given year for Geo-redundant storage[v]. This solution replicates data between multiple disks in multiple Azure regions to guarantee data availability.
3. Synergy application components (web app and cloud services)
a. The synergy application components use a standby region technology to provide fault tolerance. A standby app server is available in a separate Azure environment to become primary in case of a fault scenario.
1. Synergy Cloud is monitored using a combination of the following items:
a. Application insights[vi] is used to continuously monitor for system exceptions, performance behaviour and anomalies
b. Azure Alerts[vii] are used to monitor the environment. Alerts are emailed to the team and are monitored proactively.
c. Pingdom is used to monitor the environment availability. SMSs are used to alert downtime and immediately deal with it.
The set of three monitoring technologies, in addition to our ‘follow the sun’ support model, enables us to proactively reduce platform risks and achieve high availability.
Tenancy model and scale
Synergy Cloud is multi-tenanted. There are multiple articles on the internet comparing multi-tenant vs single-tenant solutions:
The key reasons for choosing a multi-tenant solution:
1. Multi-tenancy reduces the cost per seat/user due to efficiencies achieved by sharing hardware between different tenants.
2. Multi-tenant solutions provide better performance over single-tenant solutions.
3. Multi-tenancy allows Synergy Cloud to be upgraded as a whole application for all users. As an agile, fast delivery organization, we release new software monthly and make sure all tenants get the update on the same day, providing critical business value to all of them.
4. On-boarding of new customers and software trial periods are simpler in a multi-tenant solution. This enables us to provide a free trial and multiple trials for new and existing customers.
5. Multi-tenancy is simpler and faster to support, allowing us to offer a better customer experience.
6. Our API and integration vision (building an ecosystem of connected open apps) is scalable with a multi-tenant solution.
7. Our BI vision fits well with a multi-tenant solution.
To ensure data isolation between tenants, Synergy Cloud uses a special data access layer that verifies the tenant correctness for each entity loaded from the database. This ensures data isolation is maintained between our tenants.
Automatic code testing verifies our data isolation to make sure future code cannot break data isolation.
Scaling the environment:
Synergy Cloud uses the following scaling strategy:
1. Azure SQL Server is scaled up (vertical scaling) based on the system load. The system is scaled up when the experienced load is more than 60 per cent of the environment capacity.
a. Azure elastic pool is used to achieve shared utilization between multiple databases.
b. Sharing and partitioning will be used (future) as required to achieve higher scale when a single database size overgrows the Azure database capacity.
2. Azure Web Apps are scaled out (horizontal scaling) automatically when load is higher than 70 percent for more than five minutes.
a. In general, we never run above 60% of utilization (but when it does happen, the web apps will auto-scale automatically)
b. An alert is sent on these occasions.
1. Network security
a. The Synergy Cloud internal data is not exposed to external networks. All data is secured behind a firewalled network and uses strong passwords to prevent unauthorised access.
b. Azure Vnets are used to separate internal Synergy Cloud components from externally exposed components [viii]
2. Infrastructure / operating system security
a. Synergy Cloud is deployed on PaaS environment (no IaaS is used). Our PaaS services are hardened by Microsoft as part of the Azure hardening process.
b. Synergy Cloud is deployed on the Azure Web Apps service. Azure Web Apps are hardened and secured by Microsoft as part of the web app platform release cycle[ix].
3. Synergy Cloud security
a. Synergy Cloud supports the following login models:
i. Username/Email and password
ii. Social login - (gmail / LinkedIn / Microsoft live account)
iii. Microsoft Active Directory accounts
iv. Customers can enforce their organization to require active directory login. This feature can be combined with multi-factor authentication to provide a highly secured and integrated environment.
b. Captcha is used to prevent brute force password attacks
c. The Synergy Cloud APIs are protected using Oauth 2. This is documented in the developer integration guide.
4. Synergy Cloud follows the GDPR ‘secure by design principles:
a. All team members are trained on GDPR compliance.
b. All internal and third-party components are checked for GDPR compatibility.
c. All private data usage is governed by our see https://app.totalsynergy.com/Content/pdf/Synergy_Subscription_Agrement.pdf
For securing credit cards, Total Synergy complies with PCI SAQ A. https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf
This means that Total Synergy doesn’t store credit cards – all credit cards are stored and secured by Stripe. This highly reduces risks for customers as even if there is a data breach, Synergy doesn’t have the customer credit card.
Total Synergy have choosen Stripe as a payment gateway as stripe is one of the top 10 payment gateways globally, is highly known and respected in the industry
Stripe is PCI Service Provider Level 1, this is the most stringent level of certification available in the payments industry. Please review the stripe security details at https://stripe.com/docs/security
Synergy has hundreds of customers worldwide. This includes customers in
United Kingdom and other European countries
In general, a standard business grade internet connection suffices for Synergy.
A rough recommendation is specced below – these scenarios highly depend on business usage and the exact location of customers.
Recommended NBN speed
Fibre 1000 Mbps
Synergy supports and recommends the following browsers:
Chrome - recommended
Safari - recommended
Edge – low adoption
Other browsers may work, but these are used at your own risk as we do not test using other browsers.