1099 Services Frequently Asked Questions

Here are answers to some commonly asked questions regarding the security of DP Solutions' premium 1099 services.


CLIENT ROSTER

Q. Who are some of the customers that you host?

A. Some of the current clients that we host in our data centers are: 1099 Pro, BP, Chevron, Cogent Communications, Diamond Marketing Solutions, Group Benefit Services, Infor, IRS Compliance, Marathon Oil Corporation, PWC, and Zenith American Solutions.

PHYSICAL INFRASTRUCTURE

Front-End & Middle-Tier System Platform

Q. Describe your front-end system (web servers) and middle-tier (application servers) infrastructure (hardware, operating systems, topology, cluster configuration).

A. The web and middle-tier servers are Windows 2008R2 and Windows 2012R2 running as virtual machines in an enterprise-class VMWare environment. IBM BladeCenter technology is used as a hardware solution. Both hypervisor cluster and hardware are highly-available and fault tolerant with 'N+1' component configuration.

Back-End System Platform

Q. Describe your back-end system (excluding database) infrastructure? (hardware, operating systems, topology)

A. The back-end servers are Windows 2012R2 running as virtual machines in an enterprise-class VMWare environment. IBM BladeCenter technology is used as a hardware solution. Both hypervisor cluster and hardware are highly-available and fault tolerant with 'N+1' component configuration.

Load Balancing

Q. Does your infrastructure support load balancing?

A. Industry standard load balancing mechanisms are used to accommodate multiple server farms, IIS resources, and changing capacity requirements.

DATA CENTERS

Data Center Sharing

Q. Are the computing devices used to host the application in shared room or are they physically separated and secured?

A. All equipment is in a locked and secured cabinet within Tier III, SSAE16 type2 certified datacenters.

Data Center Tech Support

Q. Is the data center technical support staff available 24x7x365?

A. Yes, the data center's Remote Hands service provides 24x7x365 support.

INTEGRATION PLATFORM

Remote Connectivity

Q. Do you support remote access connections to the application?

A. Site-to-site VPN or SSL-VPN (depends on number of users).

NETWORK ARCHITECTURE

Network Redundancy

Q. Do you support multiple peering partners for maximum network redundancy?

A. Environment uses BGP peering with multiple Tier-1 Internet Service Providers for internet connectivity.

Q. Do you implement multiple network paths for network device redundancy?

A. Network switches and firewalls are clustered and highly-available. Virtual chassis, link aggregation, rapid spanning tree, and fast convergence OSPF are utilized to provide scalability and fault tolerance.

Network Availability

Q. Are the firewalls and network access devices setup in a highly available configuration?

A. Juniper SRX (FW) chassis and stateful clustering Juniper EX4200 (Switch) use Virtual Chassis technology.

APPLICATION SERVER PLATFORM

Application Hosting Software

Q. Do you use special hosting software? (ex: Citrix, Microsoft, Salesforce. com Apex, Apprenda, etc.).

A. Microsoft Server Operating System along with Microsoft SQL Server provide the framework for the 1099Pro Application Software. Microsoft Remote Desktop Services is utilized for the presentation and user interaction within the 1099 hosted environment. VMware Enterprise Plus edition is used at the hypervisor level and is configured with Distributed Resource Schedules and High Availability options.

Application Monitoring

Q. Do you use monitoring software to monitor health of the application?

A. Monitored Metrics: CPU utilization, memory parameters, server uptime, Windows patch health, storage capacity and performance, and various other Windows system health counters.

WEB SERVER PLATFORM

Web Server

Q. What web server platform is used by the application?

A. IIS7.5

HTTPS, SFTP

Data Protocols

Q. Do the supported protocols use encryption? Do they all use encryption?

A. Protocols are encrypted with SSL.

DATABASE PLATFORM

Database High Availability

Q. Does the database support high-availability?

A. Database is HA at the server level using VMWare technologies.

Database Sharing

Q. How do you segregate data of different clients in the application database?

A. Separate MS SQL database instances, Microsoft Active Directory, and relevant Group Policy Objects for desktop presentation.

PHYSICAL CONTROLS

Physical Control Devices

Q. Are uninterruptible power supplies or backup generators used in case of power outages? Are these backup power systems maintained and tested periodically?

A. All data center systems are redundant in 'N+1' or better configuration. Each datacenter facility holds a current SSAE16 Type2 certification that outlines the redundancy and test schedule of each component.

AVAILABILITY MANAGEMENT

Monitoring & notifications

Q. Are you able to provide reports on technical metrics of the application infrastructure? (i.e. CPU levels, drive capacity etc.).

A. All Windows systems are managed and monitored with industry standard, agent-based software. The installed agents generate prioritized tickets which are handled by the DP Solutions senior engineering staff. Hardware management and monitoring is performed using manufacturer supplied monitoring tools along with industry standard external management and monitoring tools.

CONTINUITY MANAGEMENT

Backup & Recovery

Q. Do you have Data Backup and Recovery strategy?

A. Backup and Recovery functions are performed using an industry standard, VSS-aware backup solution. Snapshots of the servers and data are taken periodically throughout a 24 hour cycle to ensure the most up to date information is represented in the backup data set.

Disaster Recovery

Q. Do you have disaster recovery plan?

A. Should our primary facility become inoperative, the hosted 1099Pro platform will be activated in a secondary datacenter. The environment will remain in the secondary datacenter while the issues are assessed and remediated at the primary datacenter. Migration back to the primary datacenter will be scheduled in advance with all customers.

ADMINISTRATIVE CONTROLS

Security Awareness Program and Policies

Q. Is there an established Information Security function and policies responsible for implementing a Security Awareness Program?

A. Company security policies are documented and enforced with annual security training and awareness program.

Security Compliance

Q. What regulatory frameworks and standards do you currently support/comply with (e.g. HIPAA, PCI, Sox, ISO 17799/27001)?

A. HIPAA, PCI, Sox, SSAE16, FTC.

TECHNICAL CONTROLS
Data Center Operations Security

Operating Systems

Q. Are operating systems hardened (e.g. securely configured by removing un-needed files and disabling services that are not being used)?

A. Microsoft critical and security patches are evaluated and applied (if available) weekly. Zero-day threats are addressed immediately as risk predicates."

Q. Are systems kept current on service packs and patches?

A. Critical MS patches are applied monthly

Intrusion Detection/Anti-virus

Q. Do you perform Intrusion Detection and Protection? Are IDS signatures current?

A. Yes, Juniper SRX uses daily updated IDS database and penetration testing is done yearly by third party.

Encryption

Q. What types of data transmission encryption do you support (e.g. SSL, VPN etc)?

A. All data transmission is encrypted using industry standard mechanisms. AES128 or better is used for all IPSEC VPNs. Backup systems and information is encrypted using AES256. All other protocols are secured using public CA certificates of at least 2048 bits encryption.

Download our 1099 FAQ Flyer (pdf)

Schedule an Online Demonstration Today!

Email us for more information or call us toll free at 800-679-4377 x0