Preamble
This article is intended to describe the technical specifications of the hosting infrastructure, along with the services offered by Holy-Dis within Timesquare On Demand.
The main features of the offer are:
- The user accesses Timesquare via the Internet.
- The platform is hosted by our partner KDDI (Telehouse) at their datacenter in Paris.
- The production environment is shared and virtualized.
- Holy-Dis is responsible for solution maintenance and availability.
- Our hosting provider KDDI (Telehouse) is responsible for platform security and connectivity. Any question or request concerning this part of the architecture, however, is necessarily processed by Holy-Dis.
Platform physical security within the datacenter
KDDI (Telehouse), our certified hosting partner
The technical partner chosen by Holy-Dis to set up Timesquare On Demand is KDDI (Telehouse), through the subsidiary company KDDI France, whose head office is in Paris. The company has specialized in server hosting and outsourcing for over 20 years. The data of its customers are only hosted in France.
KDDI France is a sister subsidiary company of the KDDI group which has a network of 46 sites in 24 strategic locations worldwide. The KDDI company is not subject to the Patriot Act.
The operating servers and backup solutions are exclusively hosted in France. For security reasons, the two servers are not hosted at the same datacenter. The datacenter used to host the operating servers for Timesquare is TH3, located 1 rue Pablo Picasso 78114 Magny-Les-Hameaux, near Paris (France). Data backups are partly located at the TH3 site and partly at the TH2 site at 137 Boulevard Voltaire 75011 Paris.
Both were built according to Tier 3 industrial standard to classify datacenters, ensuring the best power availability and heat regulation. The certification is used to screen datacenters to check the level of resilience, energy efficiency or building safety. Currently, Tier 3 certification is an important factor for many datacenter operators who use it to validate the quality of their infrastructure (for further information: https://uptimeinstitute.com/tier-certification).
The company was audited by Bureau Veritas and obtained in May 2024 and for a period of validity of 3 years, the ISO 27001 certification for the implementation and ongoing improvement of its Information Security Management System (ISMS). In addition, KDDI France (Telehouse) has no exclusion in its “Statement of Applicability” and its reference appears on its ISO 27001 certificate. For confidentiality reasons imposed by the Security Policy of the KDDI France Group (Telehouse) and that of Holy-Dis, this document is not communicated.
In May 2024 and for a validity period of one year, it also obtained the PCI-DSS (Payment Card Industry Data Security Standard) certification for improvements to the physical and logical security of information systems. And in May 2021 for a validity period of 3 years, the ISO 9001 certification for its commitment to quality. This certification, as stated in the certificate, covers the consultancy, project management, equipment supply, engineering and maintenance, including system and network administration of critical customers’ IT solutions.
In November 2022 and for a period of validity of 3 years, KDDI (Telehouse) has been ISO 50001 certified for its IaaS cloud and IT equipment hosting business by BSI. The ISO 50001 standard, which recognizes infrastructure that contributes to better energy efficiency, certifies the continuous improvement processes implemented by KDDI (Telehouse).
In 2022 and for a period of validity of 3 years, the company also certified ISO 14001, in harmony with the programs that respect the environment.
Finally, in 2022 and for a period of validity of 3 years, the company is HDS certified, for compliance with the requirements and controls related to the hosting of health data.
KDDI (Telehouse) has an innovative approach characterized by the integration of environmental criteria from the design phase of a product or service. The challenge is to reduce their environmental impacts throughout the life cycle (from extraction of raw materials to end of life). In addition, KDDI (Telehouse) has an AlpEnergie certificate for the use of renewable sources of electricity.
Site physical security: access, fire and water
A team takes turns to provide 24/7 datacenter site monitoring. The building is protected from the outside by cameras, gates and alarms and the entire site is under video surveillance. Contractors and stakeholders are required to comply with strict access procedures and rules. The company pays special attention to staff awareness through specific training courses and adopting a security culture.
Many existing procedures ensure a full-time monitoring. To prevent fire hazards, a class A Fire Safety System, the highest level, has been installed with detection in suspended ceiling, raised floor and the room itself, along with an automatic triggering mechanism. Where necessary, fire extinguishing is performed without power failure.
In the hypothesis of a 100-year floodplain of the Seine, like the one in 1910, KDDI (Telehouse)’s Paris site is located outside the flood areas as set out in Paris flood-prevention plan.
Electrical installations
Concerning electricity, the datacenters are equipped as follows:
- EDF Power supply: incoming 10 MW lines for TH2 and 15 MW lines for TH3
- Generators: Six 2MVA MTU generators
- Every equipment is reinforced with an additional component to compensate for any failing component. This is known as redundancy and N+1 configuration
- Electrical protection: protection device by lightning conductors and surge suppressor (at the high voltage supply station and transformers) to avoid indirect accidents due to lightning strikes on the power cables
Many existing procedures ensure a full-time monitoring and regular verification of each component. A team is ready to respond if necessary.
Cooling installation
A constant temperature is maintained in the rooms thanks to six cooling units arranged in a redundant configuration.
Connectivity
The hosting rooms are connected to all major telecom operators (BGP4 protocol), thanks to very high-speed connections that use an internal grid and multiple secure routes. Access to the local Parisian grid is at the foot of the building, via the main network system. The site has a terrace dedicated to antennas. It supports a 250 Kg/m² permanent load. This is the key hub for 80% of direct internet traffic in France.
Platform technical specifications
The Timesquare platform provided within Timesquare On Demand is virtualized and shared. Its security and connectivity are provided by our hosting partner KDDI (Telehouse).
Technical infrastructure of the Holy-Dis platform
The diagram below shows the technical infrastructure related to a customer’s environment. It shows the infrastructure scalability, i.e. its ability to adapt to rising workloads to maintain its features and performance in case of high demand. It also shows data partitioning with respect to the environment of other clients, given the shared configuration proposed by Holy-Dis.
Technical infrastructure, scalability and partitioning of the client environment
Type of shared hosting
The shared hosting provided within Timesquare On Demand is purely technical. Only technical resources are shared but in no case is the solution shared.
Each client works in its own environment. Each environment is connected with its own database instance.
The data is partitioned through service-specific (client) accounts as well as permissions to access storage directories (NTFS permissions).
Finally, a secured FTP space (SFTP encryption protocol) is allocated to each environment in order to perform internet file transfers.
It is imperative to have a fixed public IP address (request from the customer's Internet access provider) for the site in order to ensure communication with the SFTP server.
Platform redundancy
Timesquare platform has redundancy mechanisms for:
-
Power supply:
- Power lines from two separate stations.
- The power lines are backed up by generators in N+1 configuration. This delivers the same electrical power as the one provided by regular KDDI (Telehouse) energy suppliers to power its sites at full load.
- UPS batteries.
- Racks with double power distribution.
- Cooling: Redundancy of cooling units in N+1 configuration.
-
Network:
- Multiple network connections allowing the diversification of operator arrival lines.
- Multi-operator Internet access (four separate operators in BGP mode).
-
Physical architecture: Physical hosts / Hypervisors. Virtualized computer clusters are built to achieve the best compromise in terms of performance and redundancy. Every hypervisor that constitutes KDDI (Telehouse) clusters has similar characteristics to guarantee consistent performance across the infrastructure, regardless of the position of the virtual machine hosted within the cluster. The hypervisor clusters offer the following features:
- Hot moving of virtual machine without interruption.
- High availability: if a hypervisor fails, the impacted virtual machines automatically restart on existing and operational hypervisors.
- Automatic load balancing: dynamic and hot moving of virtual machines based on load.
-
Storage: The SAN storage racks connected to the hypervisors (by cluster) benefit from the following redundancy mechanisms:
- Double controller.
- Double attachment to the disk rack.
- Double NVRAM cache (non-volatile memory).
- Double parity of stored data blocks/segments.
Platform accessibility
The platform is accessible 24/7 with 99% application service availability rate.
The solution does not include any mechanism for setting up access restrictions for a customer’s employees, over a defined time range.
For further information on the availability rate calculation, please refer to the Service availability section.
Integration with client IT services
The instance made available to a customer may require integrating with the customer’s IT systems, especially if LDAP or SSO authentication is used, or if deploying the Datamart module. In this case, it is necessary to contact Holy-Dis to size the platform to the needs identified during the commercial proposal.
Type of access to the platform
By default, the platform is accessible through the Internet. Therefore, the customer must have access to the Internet from all the sites concerned. Holy-Dis recommends a minimum 1Mbps ADSL connection for client computers.
The final choice of the network infrastructure provider lies with the customer but should consider recommendations made by Holy-Dis. It is especially important to check the backup option offered by the provider by setting up a parallel line in the event of network disruption.
Technical requirements of the user station
Timesquare
Timesquare meets the standards of flexible web design. The solution adapts to the diversity of display environments. Items change shape and position without compromising the integrity of the overall page design.
Therefore, Timesquare is multi-devices: it can be equally displayed on PC or tablet (in landscape mode).
Here is the list of components required by Timesquare:
-
Web browser: A modern browser with HTML 5 and Javascript ES2015 support at a minimum is required. Holy-Dis supports access to its software through Edge, Firefox, Chrome and Safari browsers as long as regular maintenance (excluding extended maintenance) is provided by their publishers. Insofar as the updates of these browsers are generally done automatically, Holy-Dis recommends the use of major versions of these solutions.
- Spreadsheet and PDF reader: For reporting tables in XLSX format and editions in PDF format. Timesquare is compatible with Microsoft Excel and Adobe Acrobat for viewing/reading documents produced by the solution as long as regular maintenance (excluding extended maintenance) is provided by their respective publishers.
- SMTP server internal to your company: In order to configure email notifications, it is necessary to use an SMTP server internal to your own infrastructure. The configuration can be carried out by your IT team or by Holy-Dis (charged option). The table below details the properties settings:
Key | Value |
---|---|
tsq.mail.collab.active | Email notification for Collab (example: true) |
spring.mail.host | Mail server host (example: smtp.holydis.com) |
spring.mail.username | Sending email account (example: tsq@holydis.com) |
spring.mail.password | Sending account password (example: ****) |
spring.mail.properties.mail.transport.protocol | Protocol (example: smtp) |
spring.mail.properties.mail.smtp.port | Mail server port (example: 25) |
spring.mail.properties.mail.smtp.auth | YES / NO authentication (example: true) |
spring.mail.properties.mail.smtp.starttls.enable | Activate StartTLS protocol YES / NO (example: true) |
spring.mail.properties.mail.smtp.starttls.required | StartTLS mandatory protocol YES / NO (example: true) |
The minimum configuration required is indicated in the table below.
Operating System | Microsoft / Linux / Apple OSX |
---|---|
Processor | 4 CPU |
Memory | 8 Go |
Display resolution | 1280 x 768 and beyond |
Note: Regarding screen resolution, it is important to note that the "Retina" technology available in some Apple brand devices multiplies the number of pixels for a similar resolution on a standard screen. Thus, for a higher number of pixels, there is a lower resolution. This is why the display of Timesquare on these media may not be optimized.
"Javascript" and "Files downloading" options must be activated.
To access the Help Center, which is hosted by Zendesk, a SaaS solution external to Timesquare servers, you need to have an internet connection.
A customized URL like https://customername.saas2.timesquare.fr/tsq/login is included in the offer.
Regarding the processor and memory required, this information is provided as a guide. In any case, display performance is also dependent on browser load, as well as overall usage of the working environment.
My Timesquare
My Timesquare is the solution dedicated to employees. It meets the standards of responsive design. It automatically adjusts the display of the web page to the size of the terminal screen used.
Therefore, My Timesquare is multi-devices: it can be equally displayed on a PC, a tablet (in portrait or landscape mode) or a smartphone.
Here is the list of components required by My Timesquare:
-
Web browser: A modern browser with HTML 5 and Javascript ES2015 support at a minimum is required. Holy-Dis supports access to its software through Edge, Firefox, Chrome and Safari browsers as long as regular maintenance (excluding extended maintenance) is provided by their publishers. Insofar as the updates of these browsers are generally done automatically, Holy-Dis recommends the use of major versions of these solutions.
-
Spreadsheet and PDF reader: For reporting tables in XLSX format and editions in PDF format. Timesquare is compatible with Microsoft Excel and Adobe Acrobat for viewing/reading documents produced by the solution as long as regular maintenance (excluding extended maintenance) is provided by their respective publishers.
Mobile mode is automatically activated for resolutions below 992px horizontally, so for a smartphone or tablet in portrait mode for example.
The technical requirements of Desktop mode are identical to those of the Timesquare solution.
Mobile mode is suitable for regular smartphones on the market running IOS or Android with a minimum resolution of 375 x 600px. iOS12 and earlier versions are not supported.
A customized URL like https://customername.saas2.timesquare.fr/tsq/login (same as Timesquare solution URL) is included in the offer to access My Timesquare.
Note: Regarding screen resolution, it is important to note that the "Retina" technology available in some Apple brand devices multiplies the number of pixels for a similar resolution on a standard screen. Thus, for a higher number of pixels, there is a lower resolution. This is why the display of Timesquare on these media may not be optimized.
Integration of the Time Management module with time attendance terminals
In gray, the clocking terminals of each customer are connected to the Ternet by an HTTPS flow which passes through port 443. This is the only flow to be authorized by the customer.
Ternet thus centralizes the flows from the various customers. It contains technical files allowing in particular the customization of the use of clocking terminals.
In blue, the Ternet is supervised using a Tnview.exe and Config.exe tool connected by a closed, private UDP port. A VPN is required to access it.
In orange, the Ternet is connected in real time to the SaaS server by a Web Services interface and goes through a GTA proxy, in order to upload the pointings live with the MALT format in the Timesquare client base.
It is imperative to have a fixed public IP address (request from the customer's Internet access provider) for the site in order to ensure the data feedback from the clocking terminals.
Logical security and personal data protection
As a software publisher, Holy-Dis guarantees the compliance of Timesquare On Demand with the General Data Protection Regulation (GDPR). In this context, the offer meets the requirements in terms of personal data protection and process security by implementing a strict data management policy in the form of suitable technical and organizational measures. These measures may relate to technical aspects or the organization implemented by the solution’s hosting partner.
Holy-Dis has an email address to receive your requests concerning data protection and has the right to access, change, restrict or delete data: rgpd@holydis.com.
Platform security
-
Network:
- Internet access with protection against DDoS (Distributed Denial of Service) attacks distributed by access providers, based on an ARBOR solution (TMS: Threat Management System) intended for level 4 packet headers (TCP/UDP). This 24/7 protection is implemented at the operator level, with no impact on KDDI (Telehouse) infrastructures, thus allowing a continuous analysis of network packets. It can generate alerts for KDDI (Telehouse) Support. Mitigation is automatic, based on the thresholds defined jointly with the operators. Traffic corresponding to unusual behaviors is diverted to allow only legitimate flows. All the infrastructure elements are supervised 24/7 by the hosting provider.
- Core network architecture based on switch stacks allowing dual network attachment for compatible equipment.
-
Firewall:
- Hardware firewall protection, upstream of the IAAS platform, in active/passive mode.
- HA supervision port and configuration synchronization through two ports and separate path.
- Firewall cluster that, among other things, allows the maintenance of TCP sessions in case of toggle.
Note: KDDI (Telehouse) subscribes to various mailing lists covering everything related to security monitoring.
Supervision of the platform security
The Telecloud infrastructure is constantly supervised by a solution relying on STACK ELK. It enables aggregation, analyze and virtualization of data coming from event logs gathered from the equipment featuring in the infrastructure.
Example: Source and destination IPs displayed on a world map
A supervision system ensures alerts/notifications via e-mail based on given thresholds.
Today, there is no EDR (Endpoint Detection and Response) in the strict sense, but the following measures are implemented:
- Administration network isolated from external networks
- Access to administration network through an authentication bastion
- Daily update follow-up of antivirals, application and security for workstations and servers
- Proxy filtering of internet access for malicious content protection
Moreover:
- Regular scans / pen tests of network vulnerability for KDDI (Telehouse)’s tools accessible from external network
- Internet access multi-homed (BGP multi operator), with DDoS protection at operator level (combination of statistic, threshold and signature patterns/templates)
- Regular audit of KDDI (TELEHOUSE) IT systems in compliance with 27001 certificate
Decommissioning of a VM
As soon as the data retention period is exceeded, all unused servers are destroyed, following a procedure in accordance with ISO 27001 certification. Data deletion covers all the equipment concerned, namely production (storage arrays) and back-ups.
When Holy-Dis decommission a VM, KKDI (Telehouse) is able to provide Holy-Dis with a data erasure and destruction certificate (“write 0” type method allowing data to be overwritten before erasing them).
Steps for decommissioning a VM:
- VM shutdown by Holy-Dis
- VM decommissioning order by Holy-Dis to the host KKDI France (Telehouse)
- Removal of the VM by KKDI France (Telehouse)
- Deletion of image backups by KKDI France (Telehouse) *
- Removal of granular backups by KKDI France (Telehouse) *
- Delivery of a deletion certificate by the host KKDI France (Telehouse) to Holy-Dis
(* if no details are mentioned, the deletion of image or granular backups is done by default automatically once the retention period has expired.)
Security of data exchanged with the solution
TLS protocol for data exchange
Holy-Dis uses the TLS 1.2 protocol for the exchange of data between the client workstation and the solution. For customers who use Web Services, it is recommended to have solutions compatible with TLS 1.2.
Managing user sessions
Timesquare is in "Stateless" mode, including, security. User access is managed by the OAUTH2 protocol with JWT type token. No classic sessions and everything is managed by a Restful and Stateless API system.
Available authentication modes
Timesquare supports multiple authentication modes that allow users to access the solution modules..
Authentication using an account base internal to the solution
This is the default authentication mode offered by Holy-Dis. In this case, user access logins are stored in the solution database with pre-encrypted passwords.
SAML2 authentication
This authentication, which allows single sign-on (SSO) across multiple domains, is offered as an option. It can be used with an IdP (Identity Provider) compatible with the SAML2 protocol. Timesquare delegates responsibility for authentication to the client IdP via the SAML2 protocol.
If this operating mode is chosen, this chargeable service is run by Holy-Dis and requires implementing an interaction channel between Timesquare RP (Resource Provider) and the customer IdP.
Concerning the simultaneous connection to Timesquare and My Timesquare by a single user potentially having the roles of employee, manager and / or manager, there are different types of secure connection at the time of authentication with the client's IdP:
- For the user on Timesquare
- For the employee on My Timesquare
- For the manager on My Timesquare
- For the manager on My Timesquare
Authentication by reading an LDAP database
This authentication is offered as an option. It can be used with a directory (e.g. Active Directory) that supports requests in LDAP protocol format. Timesquare validates that the identification checks entered on the portal are correct before granting access to the solution.
If this operating mode is selected, the client's LDAP server must be published on the internet. It is recommended to use LDAPs mode.
A service is offered by Holy-Dis to configure the data exchange between the Timesquare On Demand server and the LDAP directory.
General LDAP authentication principles in Timesquare On Demand
SFTP protocol for file exchanges
Holy-Dis secures file exchange using Timesquare’s own SFTP (Secure File Transfer Protocol) over a secure, encrypted connection using the SSH protocol. As standard, a user ID and password are used.
It is possible to set up encrypted authentication using an SSH key (optional service) instead of a login and password. This is only possible on Timesquare's own SFTP and cannot be done with a third-party SFTP.
Thus, on the client side, using an SFTP compatible client, it is possible to safely:
- Delete and create files
- Send and receive files
- Move and rename files
For authentication, a user ID and password are used to connect to the SFTP server.
SFTP needs only one port (2200 for the SaaS platform), which implies a simple configuration for a firewall. This unique SFTP port is used for all communications, i.e. initial authentication, all issued commands and all transferred data.
It is imperative to have a fixed public IP address (request from the customer's Internet access provider) for the site in order to ensure communication with the SFTP server.
Data storage security
KDDI (Telehouse) data storage security
Timesquare collects data that is subsequently stored by KDDI (Telehouse).
The operating servers are located at the TH3 site in Magny-Les-Hameaux near Paris, France. Data storage is carried out on VMs themselves contained in SAN racks. Machines hosting Timesquare instances are equipped with a high-performance anti-virus solution.
The VMs are backed up daily as a snapshot in the TH3 site. At the same time, an encrypted / hashed copy is transferred to another granular backup solution in the TH2 site, relying on separate networks that cannot be exploited in the event of theft.
More precisely, on TH3, the VMs are backed up on a daily basis by a technology based on the snapshot of the entire VM. A copy is then made to another separate storage array. After the copy is made, the snapshot is deleted from the VM. Each copy has a retention period of 7 days. The data is stored in proprietary formats.
In parallel, the VMs have an agent for backing up data (files) to another site, TH2. The data saved in this way is not just a copy of a file, but relies on a complex, multi-level proprietary "hash" system.
The data stored in this way is therefore not stored “unencrypted” in the backup arrays. The data is segmented into blocks of varying sizes (for an average size of 10 kb). From these blocks, are determined "atomic hashes" and "composite hashes" in order to create unique fingerprints. This created data forms a complex file system or multi-level “hash”.
The 2 backup technologies used are carried out exclusively through separate and private network communication channels.
The distribution and mode of distribution of data (VM or backup) are stored on separate computer architectures with their own storage system.
All of the data is split up and distributed over multiple physical disks, making it difficult to identify information in the event of a hard disk being stolen (provided that the malicious person has been able to cross the security access to the site). These “hashes” are sent after compression to the granular backup solution located in its TH2 datacenter located in Paris (on-the-fly encryption for transport) and stored in “data stripes” and “index stripes” only if the information does not already exist. These “stripes” are therefore formed by several pieces of data “hashed” at several levels and coming from the various backed up servers.
For further information on data backup, please refer to the Data backup and restore methods section.
Holy-Dis data storage security
Subject to an express contractual stipulation, Timesquare data may be brought back to Holy-Dis offices for analysis purposes, as part of the technical support provided to customers.
Once the analysis is completed, the data collected from a Timesquare backup is deleted from the information system network disks, once the usual period for retaining data, as set out in our back-up policy, has expired. Moreover, the data collected and printed to paper is destroyed.
For further information on the data back-up policy, please refer to the Data backup and restore methods section.
The applicable security policy for Holy-Dis stations/users is that defined by the Holy-Dis IT team:
- Configurable user session locking
-
Rules regarding passwords:
- Minimum length of 8 characters with incentive to use longer ones
- Presence of at least 3-character types (upper case, lower case, numbers and special characters)
- Strong incentive to change passwords should any suspicion arise
The Holy-Dis IT team has also implemented:
- Professional anti-virus protection on all workstations that handle personal data from Holy-Dis customers. An annual review of tools and applications dedicated to strengthening and securing the individual (stations and terminals) and collective network at Holy-Dis.
- A policy to update Microsoft patches to address security flaws (Windows Update).
- An anti-spam solution to filter potentially dangerous emails, advertisements, etc. from the Holy-Dis network.
Finally, the Holy-Dis IT department has implemented security awareness actions in the form of training actions and memos for all employees on a bimonthly basis.
For further information on infrastructure access by Holy-Dis teams, please refer to the Platform security section.
Building access security
KDDI (Telehouse) building access security
KDDI (Telehouse) datacenters are equipped with an access control solution allowing access to authorized persons only (combined with HID badges).
The sites have 24-hour surveillance staff assigned to security and access.
Moreover, the surroundings of the buildings and offices are permanently covered by CCTV.
Holy-Dis building access security
Holy-Dis head office where the teams handle the machines that host Timesquare instances, are equipped with an access control solution combined with badges allowing only authorized staff members to enter them.
- The site is completely closed off (electric gates) before 6am and after 8:30pm, on weekends and public holidays.
- The site is equipped with a security center operating 24 hours a day.
- Incoming laptops and related equipment are subject to a technical responsibility awareness process in the form of an IT charter.
- Access to the server rooms is restricted to Holy-Dis IT staff and management.
Organizational measures
Certifications
KDDI (Telehouse) was audited by Bureau Veritas and obtained in May 2024 the ISO 27001 certification for the implementation and ongoing improvement of its Information Security Management System (ISMS).
Audits and vulnerability scans
To ensure the protection of data transiting the servers, Holy-Dis, along with the RSSI hosting partner, is committed to regularly reviewing the security of its system. The objective is to check the vulnerability of the infrastructure to internal or external attacks and highlight any security flaws.
If any vulnerabilities involving server action or application correction are detected, Holy-Dis undertakes to schedule the necessary patches or upgrade the version of the solution depending on the criticality.
Le dernier audit de sécurité (qui comprend un audit et un contre-audit) a
The last security audit (that includes an audit and a counter-audit) was conducted on Timesquare V2 in March 2024 by XMCO, a qualified Provider of the Audit of the Security of Information System approved by the French Network and Information Security Agency, ANSSI. The audit consists of application intrusion tests in a black box (with no account information) and in a gray box (with a user account). This audit resulted in an audit certificate as well as an indication of Timesquare's security level (10/10).
The April 2023, February 2023, June 2022, March 2022 and March 2021 audit certificates are also available.
The audit consists of an application penetration test whose methodology is as follows:
- System and network mapping: This first step provides a first level of information on server exposure. The security level of the system and network layers is evaluated manually (as performed in external and internal penetration tests) or automated (thus highlighting the main flaws related to configuration faults and lack of updates).
- Application mapping: The analysis is completed by an application mapping to get information on the publication service currently in place.
- Test of the authenticated session: The security level of the authenticated part is validated in order, for example, to confirm the robustness of the authentication form or to validate the proper management of user sessions.
- Analysis of site features: A check of all the features accessible on the site is carried out in order to test the presence of application vulnerabilities on the various parameters.
The tests cover the TOP 10 of the OWASP.
IMPORTANT: For confidentiality reasons, Holy-Dis does not release the results of its audits as this would represent a breach.
Subject to the express stipulation provided in the contract, Holy-Dis undertakes to allow audits to be conducted, including inspections, at the customer’s own expense, by an independent auditor, not a direct or indirect competitor of Holy-Dis, empowered by the customer.
The contract will specify the number of audits per year, the type of audit, the auditor, the communication of the report and any post-audit actions to be undertaken.
In all cases, audit completion must be preceded by a notice period of fifteen business days, along with communication within the same period of the specific arrangements and any consequences of the audit procedure. In any case, the operations must not disrupt Holy-Dis activities, beyond the constraints inherent to an audit.
Holy-Dis is committed to contributing to these audits at a later stage.
Any unavailability potentially generated by the audits (intrusion tests, etc.) will not be considered when calculating monthly platform availability.
Before any security audit, the customer will fill-in a vulnerability test request form that must be drafted and signed by each party (customer/auditor/Holy-Dis/hosting partner).
The customer and the auditor undertake to respect the confidentiality of any information, means and tools that they become aware of during the audit procedure at Holy-Dis.
Important: No prospect or customer may enter the other party’s information systems without their permission. If this were to arise, it would be an intrusion that could be a source of litigation and prosecution, including criminal action.
Platform administration
Holy-Dis staff authorized to connect to Timesquare On Demand platform machines are made up of a a restricted team permitted to perform this task. Holy-Dis carefully selects the staff who administer the platform before they entrust them with any activity.
Members of this team rely on a VPN network line to the hosting center to connect to platform machines.
The infrastructure access rights are checked and updated in the event of a change in staff assignment, internal mobility or departure.
Moreover, Holy-Dis regularly checks its processes in terms of maintenance, availability, technical infrastructure security, so as to make any necessary changes to correct them.
Traceability
The Timesquare solution and its associated technical architecture centralize - for internal use - the traceability of all types of events and keep customer access logs on the technical platform (source public IP address, destination public IP address, URL accessed) over the last 30 days. These logs concern system activities as well as application activities of the solution. These logs rely on dedicated event providers for systems, firewalls, Timesquare services, etc. Holy-Dis uses a log analyzer to monitor logs in the well. To do this, Holy-Dis relies on the following solutions:
- OSSEC (Open Source HIDS SECurity): Host-based intrusion detection system that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerts and an active response.
- Prometheus: software that records real-time metrics in a database. These metrics can then be queried using a simple query language (PromQL) and can also be used to generate alerts.
- Loki: multi-tenant log aggregation system that uses data collected by Fluentd, etc.
- Grafana: Central management dashboard and integration with third-party alert systems such as email, Teams, etc.
- Teams: Instant messaging application used to alert Devops teams in real time in the event of a threshold being exceeded on the indicators observed on the previously mentioned devices.
All application logs, OS, networks, etc. are archived in the central log repository. BBD logs are not enabled for performance reasons.
Right to reversibility
To meet the right to reversibility, Holy-Dis allows customers equipped with Timesquare to retrieve their planning data. To do this, Holy-Dis performs a dump (raw SQL export) of the data from the database.
Incident management process
Holy-Dis has a dedicated incident management procedure that ensures an optimum solution availability.
Our partner KDDI (Telehouse) also has a procedure for handling platform-related security incidents. This procedure describes the specific procedures for managing security incidents so that the appropriate actions are triggered and the right persons are contacted within Holy-Dis.
In all cases, should any structural malfunction arise, Holy-Dis will necessarily be the customer’s sole interlocutor.
For further information on incident management, please refer to the Incident management, DRP and recovery time section.
Solution technical and application management
Platform technical monitoring
The SOC (Security Operations Center) for the IaaS part is provided by our hosting partner KDDI (Telehouse). Our partner KDDI (Telehouse) is responsible for the technical monitoring of the platform. This monitoring consists of ensuring that the IT equipment and software (except for the applications) are working properly and running the recovery procedures in the event of a malfunction, in order to provide a maximum service availability rate.
Note: In all cases, should any structural malfunction arise, Holy-Dis will necessarily be the customer’s sole interlocutor.
Platform monitoring is provided 24/7.
Solution application monitoring
The SOC (Security Operations Center) for the application part of the Timesquare On Demand offer is provided by Holy-Dis. This management consists of regularly checking that the Timesquare solution is available for each of the customers of the offer, thanks in particular to a set of tools and technologies which are: OSSEC, Fluentd, Prometheus, Loki, Grafana, Teams, email, etc.
Holy-Dis is in charge of solution monitoring of Timesquare On Demand. This monitoring consists in regularly checking that Timesquare is available for every customer of the solution.
This monitoring is provided five days a week, during business hours, in metropolitan France.
Data backup and restore methods
Data is backed-up by KDDI (Telehouse) and copied to a separate storage rack under the conditions defined below:
- Daily backup, retained for 7 days
- Weekly backup, retained for 4 weeks
- Monthly backup, retained for 3 months
If necessary, data can be restored based on a daily back-up. Restoration is carried out at the TH3 site.
Maintenance and update operations
Concerning solution updates, Holy-Dis uses the "Canary" deployment model. The SaaS v2 platform is made up of 3 separate technical areas:
- GA (General Availability) - Production zone: for all customers with confirmed technical / functional solutions.
- Canary - "Canary Deployment" zone: for new products requiring an observation phase with a limited number of customers affected.
- Staging Zone: to confirm behavior in real production conditions before deployment in the Canary or GA zone.
Therefore, for each new version, Holy-Dis chooses a sample of customers "candidates" for "Canary deployment" and then proceeds to mass deployment in the GA or Canary zone if no major regression is observed.
Platform update operations requiring a service shutdown are performed during a dedicated monthly maintenance period. This maintenance is not systematic and, wherever possible, takes place outside working hours.
The date and time are communicated by Holy-Dis to a contact defined with the customer, within a reasonable notice period.
The update operations are performed only during working hours after informing the customer involved and receiving their permission. They cause a shutdown of Timesquare services.
Service availability
The service level agreement (SLA) for Timesquare over one rolling year is 99%.
SLA is calculated annually:
60 minutes per hour x 24 hours a day x 30 days a month x 12 months = 518,400 minutes a month
Example: 99% = 1% downtime = 1%*518400 minutes = 5184 minutes of downtime per year.
Incident management, DPR and recovery time
In accordance with Timesquare On Demand architecture:
- KDDI (Telehouse) is responsible for platform security and connectivity.
- Holy-Dis is responsible for solution maintenance and availability, as well as personal data protection.
Incident affecting the infrastructure
In the event of a structural failure (Internet connection, network and electrical infrastructure, machines, etc.), KDDI (Telehouse) has a security incidents management procedure.
Any request for support from Holy-Dis will cause KDDI (Telehouse) to open an incident ticket to ensure rigorous follow-up of the intervention until the incident is resolved. This ticket is used to list all the actions taken to handle the incident (opening time, type of request, possible escalation, intervention duration, closing time). This ticket is closed in agreement with Holy-Dis once the intervention is completed or the incident closed.
KDDI (Telehouse) is committed to a 4-hour response time. The maximum admissible Recovery Time Objective (or RTO) for the platform is 24 hours.
In all cases, should any structural malfunction arise, Holy-Dis will necessarily be the customer’s sole interlocutor. Security patches are applied by Holy-Dis.
Incident affecting the solution
By default, Timesquare does not have a proper Disaster Recovery Plan (DRP). If the solution fails, activity will be recovered with the best possible quality of service. Timesquare RTO is less than one day. The maximum admissible data loss or RPO for Timesquare is one day.
In the event of an incident, Holy-Dis has a communication management procedure based on email messages sent out by the Holy-Dis support team.
This email-based communication is only for customers experiencing a service outage or disruption.
In this case, the email communication is sent when the incident is detected and at the end of the incident.
Incident affecting data security, confidentiality, loss and breach
Holy-Dis undertakes to take all necessary precautions to preserve the confidentiality and security of personal data, in particular to prevent them from being distorted, damaged or released to unauthorized third parties. However, if despite these technical and organizational measures, any personal breach was to occur, Holy-Dis undertakes to notify the customer as soon as possible and, if possible, no later than 72 hours after being made aware of it.
Frequently asked questions
What specific features are included in the offer or are chargeable options?
The policy of Holy-Dis is that all our users benefit from the latest news available. Update operations are carried out at least twice a year, after a notice period of five working days.
The following table specifies for each scenario if the feature is included in the offer or if it is a chargeable option.
Included in the offer | Chargeable option | |
---|---|---|
Testing environment |
X | |
Versioning production environment different from standard | X | |
Datamart (may need a secure tunnel) | X | |
Secure tunnel (SSH tunnel) | X | |
Standard interfaces for import / export from the solution with access to SFTP server (for depositing / collecting interface files) | X | |
API / Web Services offered in the catalog (excluding any support services) | X | |
Specific interfaces / Holy-Dis partners | X | |
Interface with Time and Attendance Module of Suite Planexa | X | |
LDAP Authentication | X | |
SAML2 Authentication | X | |
Using a third party SFTP | X | |
Authentication with an SSH Key on the SFTP | X | |
Standard Help Center | X | |
Customized Help Center | X | |
New terminology / dictionary | X | |
Professional services (during operation): Modification of the granularity | X | |
Professional services (during operation): Modification of the first day of the week | X | |
Professional services (during operation): Modification of the planning workflow | X | |
Professional services (during operation): Creation of specific reports | X |
Annexes
The certifications of our partner KDDI (Telehouse), through the subsidiary company KDDI France, whose head office is in Paris, are sometimes common to the KDDI group whose European head office is in London. It is important to remember that Holy-Dis's partner is located in France and not in the United Kingdom.
9001 Certification - KDDI (Telehouse)
50001 Certification - KDDI (Telehouse)
14001 Certification – KDDI (Telehouse)
27001 Certification – KDDI (Telehouse)
HDS Certification – KDDI (Telehouse)
PCI Certification – KDDI (Telehouse)
Attestation AlpEnergie 2021 - KDDI (Telehouse)
Attestation AlpEnergie 2020 - KDDI (Telehouse) Magny-les-Hameaux Site
Attestation AlpEnergie 2020 - KDDI (Telehouse) Paris Voltaire Site
Timesquare XMCO Audit Certificate - 03/2024
Attestation de contre-audit de XMCO sur Timesquare - 03/2024
Timesquare XMCO Audit Certificate - 04/2023
Timesquare XMCO Audit Certificate - 02/2023
Timesquare XMCO Audit Certificate - 06/2022
Timesquare XMCO Audit Certificate - 03/2022
Attestation d’audit de Advens sur Timesquare 03/2021
Glossary
Availability rate
Ratio between the minimum time during which the service is available and 100% of the guaranteed service range.
Backup and Restore
Process of creating copies of data (backups), to allow data recovery to its initial state in the event of loss or corruption.
Canary deployment
Pattern which allows you to test the last modifications made to a limited segment of the population before carrying out a general deployment of this version.
CLOUD Act (Clarifying Lawful Overseas Use of Data Act)
Law adopted by the United States in 2018 concerning the access to communication data (personal data), in particular operated in the Cloud. It allows the courts to compel service providers established in the territory of the United States to provide data relating to electronic communications, stored on servers, whether they are located in the United States or in foreign countries.
Datacenter
Physical site consisting of computer installations (servers, routers, switches, hard disks) responsible for storing and distributing data through an internal network or through an internet access.
DRP (Disaster Recovery Plan)
Formalization of processes to ensure the recovery of activities, whether from a logistical, human or computer system point of view. A precisely defined and documented action plan to be followed when an incident occurs, that especially includes key staff, resources, services and tasks that need to be activated to roll out the incident management process.
GDPR (General Data Protection Regulation)
European directive and reference text concerning the protection of personal data.
Hardware redundancy
Device allowing to associate multiple iterations of the same equipment or the same process to benefit from very high availability access to the service with optimal performance while reducing the risk of failure.
IdP (Identity Provider)
Authority that provides Single Sign On (SSO) user authentication to access other websites. See SAML2.
Infrastructure
Working environment that includes computers, storage, network, related components and sites required for Cloud computing and Software as a Service.
IT decommissioning
Physical and logical withdrawal of a system / service / server from the production environment, by uninstalling its rights, applications, functionalities, data, with the aim of replacing it and / or no longer using it.
Reversibility
Ability for the customer to recover his data when the contract comes to an end, or more generally, the option to recover, at the end of a contract, the exploitation of data or software, as part of a migration to another software editor, system manager or IT systems infrastructure (datacenter).
RPO (Recovery Point Objective)
Maximum time of data recorded that is acceptable to lose in case of failure.
RTO (Recovery Time Objective)
Maximum admissible interruption time. This is the maximum acceptable time that an IT system resource (server, network, computer, application) may be out of service following a major service outage.
SaaS (Software as a Service)
Provision of a hosted application. This term covers software installed on remote servers rather than on the user’s machine. Customers pay for the service online, usually as a subscription. This type of solution avoids installing and maintaining solutions that are often complex, costly and time-consuming when installed on their internal infrastructure.
SAML2 (Security Assertion Markup Language 2.0)
XML protocol for the secure exchange of identity information (authentication and authorization) between security domains. It uses security tokens containing assertions to send data to an end user between a SAML authority called the Identity Provider (IdP) and a SAML consumer, called the service provider. SAML 2.0 enables Single Sign On (SSO) across multiple Web-based domains, thereby reducing the administrative burden of distributing multiple authentication tokens to the user.
SAN rack
Network specifically designed to interconnect storage resources in block mode with servers.
Shared installation
Colocation hosting service to share resources while maintaining physical control over the servers.
SLA
See availability rate.
SOC (Security Operations Center)
Platform allowing the supervision and administration of information system security through collection tools, event correlation and remote intervention.
SSO (Single Sign On)
Method that allows a user to access multiple IT applications (or secure websites) by performing only one authentication.
Tier 3 certification
Industrial standard to classify datacenters, guaranteeing the best availability in terms of electrical and heat regulation.
TLS (Transport Layer Security)
Protocol to secure data exchanges on the Internet using a client / server mode.
US Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act)
Law adopted by the United States in 2001. Basically, this Act of Congress allows US security services to access computer data held by individuals and businesses without prior authorization and without notifying users.
Virtualization
Process of creating a software (or virtual) version of a physical entity. Virtualization may apply to a virtual machine, applications, servers, storage and networks.
VPN
Virtual Private Network, system for creating a direct link between remote computers, by isolating this traffic from the rest of the Internet.
Vulnerability scan
Ability to identify safety weaknesses in an application, an operating system or a network.
Comments
0 comments
Please sign in to leave a comment.