Terra Dotta provides hosting services using servers and data center facilities provided by Amazon Web Services (AWS). Our Canadian clients are housed in the AWS ca-central-1 region, which utilizes data centers in Montreal, Canada. AWS is a worldwide leader in providing scalable, fully-redundant, and secure cloud computing infrastructure to provide highly reliable services to businesses.
Terra Dotta utilizes a variety of services/infrastructural components from AWS, including but not limited to:
- Application load balancers
- Elastic Compute Cloud (EC2) Instances (virtualized servers)
- Security Groups (providing hardware level firewalling capabilities)
- S3 storage for fully AES256 encrypted backups
Information regarding AWS and their security and compliance posture may be found at: https://aws.amazon.com/compliance/data-center/controls/.
Administrative access to the server environment is provided through a multi-layered access policy, which includes:
- VPN access to the Terra Dotta corporate network is required as the initial authorization step
- One VPN access is established, administrators must log into a bastion server protected through the use of multi-factor authentication (provided by Duo Security) using local credentials.
- From the bastion server, administrators must then authenticate to an internal domain that allows role-based access to individual devices and resources within the environment
Server Technical Specifications
Software and Data Storage Configuration
Backup, Recovery and Availability
The Software and the Site will be available for normal use at least 99.7% of the time, 24 x 7 x 365, excluding scheduled maintenance.
Data Transfer Security
Transfer of data files to and from Terra Dotta servers for student information systems (SIS), human resources (HR), or other data integration purposes is achieved via using Secure File Transfer Protocol (SFTP) or Secure Copy (SCP), which are industry-standard protocols for secure file transfer. Uploaded data files are accessed, processed and then deleted from the client-specific SSH receiving folders through automated processes that have limited access to our client’s data.
Terra Dotta requires that our clients utilize public private key pairs for authentication to our SFTP servers and further requires that the keys be of sufficient strength to adequately protect the client data that flows between campus information systems and Terra Dotta servers. Currently the required strength of the key pairs is set at a minimum of RSA 4096 bit keys.