uniFLOW Online is hosted in multiple Microsoft Azure data centers granting compliance and data sovereignty for the respective region whilst safeguarding your data’s confidentiality.
Microsoft Azure regional data centers
The Microsoft Azure data centers in use by NT-ware are distributed globally (UK, Netherlands, US, Singapore, Australia, Japan and China). Deploying uniFLOW Online into Azure ensures we are running on an incredibly robust, resilient and scalable platform. Making use of Azure’s features, uniFLOW Online can be a completely elastic solution, scalable to fit any customer’s demands. Cloud-load-balancing, automated scaling sets and local/ geo redundant storage ensures your data is safe and always available.
Data sovereignty and compliance – local data remains local
Each Microsoft Azure data center respects data sovereignty and achieves compliance by storing regional customer data within the area it is collected. This data is then subject to the laws and regulations of that specific region.
Protecting and securing your data
Microsoft Azure data centers ensure maximum security by encrypting data according to industry-standard protocols. These protocols are used to encrypt data which travels between printers and data centers as well as internally within data centers. TLS 1.2 encryption is utilized where possible. All customer data at rest is stored in Azure Storage and encrypted and decrypted transparently using 256-bit AES encryption. Microsoft-managed keys are utilized for all uniFLOW Online deployments. Microsoft is responsible for encryption key storage, key control and key rotation.
Further information on Azure Storage: Azure Storage encryption for data at rest
All customer data at rest is stored in Azure Storage. To maintain data availability and durability, Azure Storage accounts in every uniFLOW Online deployment are set up for Geo-Redundant Storage (GRS).
Data is stored in the primary Azure region of the uniFLOW Online deployment and is copied three times using Locally-Redundant Storage (LRS). LRS provides at least 99.999999999% durability for objects during a given year. As well as the copies which are stored in the primary Azure region, another three copies are stored in a paired Azure region i.e. GRS provides all the features of LRS storage in the primary Azure region, and secondary LRS data storage in the paired Azure region. GRS offers durability for storage resources of 99.99999999999999% over a given year.
Further information on Azure Storage redundancy: Azure Storage redundancy
Further information on cross-region replication in Azure: Cross-region replication in Azure
Azure data center physical security and compliance
Conditions within Microsoft Azure data centers ensure safety and reliability. Each facility is designed to run 24/7, 365 days a year, and employs various measures to protect operations from power failure, physical intrusion and network outages. The data centers comply with industry standards, such as ISO 27001, for physical security and availability. They are managed, monitored and administered by Microsoft operations personnel.
Further information on physical security of Microsoft data centers: Microsoft Physical Security of Data Centers
Further information on Microsoft compliance offerings: Microsoft Compliance offerings
Transparency – health and status monitoring
Keeping customers informed is a crucial part of the NT-ware Operations team’s management role. During any incident the possible impact for our customer is analyzed and a communication process initiated. We communicate globally through our uniFLOW Online Status Page. We know communication is key, therefore we endure to provide timely updates and important information exchange. You can subscribe to receive updates via Atom/ RSS feed (recommended) or email, instructions here.
Information as to how NT-ware Operations manage any incidents, from detection to close, can be found on the NT-ware Operations page. NT-ware will additionally manage communication to our distribution channels in order to manage local questions.
DNS and IP listing for firewall filtering
We recognize that some customers filter outbound web traffic in order to extend security measures to traffic that leaves a network. For this reason, we publish our global infrastructure IP addresses. This can also be helpful if you need to add exclusions for some proxy and packet filtering technologies. The required DNS and IP addresses for each uniFLOW Online deployment can be found here: NT-ware and uniFLOW Online DNS and IP addresses.