Aeon Hosted Server Security Policies and Procedures

Follow

Atlas provides a hosted solution for Aeon. When your server is hosted, setup files are also hosted at Atlas. Atlas will also take care of backups and updates.

Server Setup and Maintenance

Server Setup and Monitoring

  • The hosted server consists of a Web Server and an SQL Server.
  • All services are installed by default.
  • The Web Server and SQL Server times are synchronized with a central server.
  • Automated monitors are set up to notify Atlas staff by email and phone when services are down or the hard drive is nearing capacity. On-call staff responds to any notifications outside of normal business hours.

Server Maintenance

  • The SQL Database is backed up to a local file on a regular basis.
  • Backups are run nightly on the SQL Database, configuration files, and web pages (including pdf files). Files are backed up to a RAID and tape library. Tapes are stored off-site.
  • Windows Updates are installed on a regular basis (as needed).

Security

Physical Server Security

  • All Atlas hosted servers are located in a bunker-style facility operated by a commercial internet service provider.
  • All servers have a direct connection to the ISP’s internet backbone.
  • Physical access to Atlas hosted servers is limited to Atlas support staff.
    • A security code is required to gain access to the parking lot.
    • A security pass is required to gain access to the building.
    • A key is required to gain access to the server rack.
    • A log is kept of each visit.
  • Emergency generators maintain power in the event of a power outage.

Network Security

  • Ports
    • In order to allow access to your hosted server and its various components, the following ports are required to be open on your site’s firewall:
      • 1433 TCP outbound to your hosted SQL Server.
      • 389 for LDAP or 636 for LDAP SSL (optional) between your hosted Web Server and your LDAP server.
      • 4500 for Innopac PatronAPI (optional) between your hosted Web Server and your Innopac PatronAPI server.
    • If you plan on using Z39.50 to search your local OPAC, you will need to verify that the workstations on which you will be running Atlas client software have access to the Z39.50 server over that port. This port differs from OPAC to OPAC so you will need to check the value.
    • Further details on port configurations are covered in Atlas product documentation.
  • Firewall
    • All hosted servers are located behind a firewall, which is configured to allow access only through the necessary ports.
    • SQL ports are restricted by IP address.
  • Anti-virus software definitions are updated regularly.
  • Remote access to the server is restricted to Atlas support staff, each of whom has a unique username and password.

Product Web Interface Security

  • SSL is used to securely transfer confidential user information to the Web Server.
  • The setup (installation files) directory is restricted by IP address.
  • The login information is given to your site contact; you may pass this information on to whoever needs it.
  • Anonymous FTP access is disabled.

Access

  • You have access your hosted server via the following protocols:
    • FTP access to upload web page modifications.
    • FTPS access can be set up to upload sensitive data.
    • HTML access via the product web interface to view and use the product.
    • SQL access via the product client applications. If desired, Atlas can configure an ODBC connection with a read-only login so that you can use external applications like Microsoft Access to retrieve and manipulate data.

Support Contacts

  • Contact Atlas at 1-800-567-7401 ext. 1 or service@atlas-sys.com if you have questions or are having trouble with your hosted server. Please let us know if you:
    • Have questions about using the software.
    • Have questions about modifying the web pages.
    • Are ready to 'Go Live' with your product implementation (please give us at least 48 hours notice)
    • Would like to schedule an upgrade (please give us at least 48 hours notice).
    • Are experiencing critical problems, such as:
      • You can’t open the client (SQL errors).
      • You can’t access your product web interface via the web (Web Server errors).
      • For such emergencies, you will be given instructions on how to contact on-call Atlas support staff for service outside of normal business hours.
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.