EasySend Cloud Infrastructure
    • PDF

    EasySend Cloud Infrastructure

    • PDF

    Article summary

    Overview

    Learn about EasySend’s Single Tenant deployment model, two tiers of separation, and its strict access controls between infrastructure tiers (dev and production). Discover EasySend’s storage provider and different regions for Dev and Production environments.

    Single Tenant

    (See Figure 1 to Figure 3)

    EasySend's Single Tenant deployment model allocates each tenant with a dedicated instance of an application or service, as well as dedicated storage resources, ensuring exclusive access to resources like servers and databases. Our approach provides enhanced security, data isolation, and customization options tailored to the specific needs of our customers.

    While the EasySend Digital Process Builder runs in a multi-tenant environment, the EasySend Player Environments, which is the “runtime environment”, employ a single-tenant architecture. In the Player, end users interact with processes developed in the Builder and can upload sensitive personal data, whereas the EasySend Player Environment employs a single-tenant approach. This differentiation between the builder and player is important since the Builder does not store any PII/sensitive data.

    To allow maximum control over data protection and isolation in the Player environment, which handles personal customer data, EasySend offers two tiers of separation:

    • The EasySend Standard tier separates different customers’ workloads on this tier by handling network policies and credentials. Though shared instances can be used to run workloads from several customers, EasySend always uses separate containers, pods, and database schemas for each client. 
    • The EasySend Shield add-on tier upholds the highest security and data protection standards by creating separate isolated single-tenant player environments for each customer, with dedicated virtual machines, nodes, application servers, and database instances for each EasySend Shield customer. 

    In the shared approach, host resources are shared, but all pods and schemas and customers' workloads are separated, with dedicated keys per customer on the ElastiCache for Redis. The key is stored separately in the application server. EasySend offers an add-on package that features the complete separation of all resources in Production, PROD Dedicated, where all resources are separated and dedicated per customer and to them only. EasySend keeps complete separation between the Development, Staging, QA and Production environments. 

    Figure 1: DEV Environment

    Figure 2: PROD Shared

    Figure 3: PROD Dedicated

    Storage

    EasySend relies on AWS, which ensures the physical security of all storage centers and facilities. EasySend provides an independent setup for each customer, which are all single-tenant, separated by host and geographical location.

    Since all of EasySend’s main components are hosted on the AWS data center, EasySend meets all the AWS-EKS security criteria, including strictly controlled physical and information access, as well as management of environmental conditions for the servers' continuous maintenance. 

    Our databases are dedicated and exclusive for each client; each has their own security permissions, and no private information is exchanged between two different customers.

    NOTE
    You can read more about AWS here.

    Geographical Regions Separation

    EasySend currently has three different regions for Development environments, and 6 different regions for Production environments; all data from a specific location is stored in the same geo region and separated accordingly. 

    This separation allows improved performance and reduced latency, as well as compliance with local regulations, according to the unique requirements of each geographical location. All services and data remain in the same location, allowing for risk minimization. 

    EasySend maintains three dedicated IP addresses for outgoing service communication in each region; our customers may use IP whitelisting to filter communication from EasySend to bolster their security. 

    Below are the different AWS regions currently available:

    • Prod Regions:
      • Ohio - US
      • Canada Central - Canada
      • Frankfurt, Germany - EU
      • Tokyo - Japan
      • Sydney - Australia
      • Zurich, Switzerland, EU 
    • Dev Regions:
      • Frankfurt, Germany - EU
      • Tokyo - Japan
      • Zurich, Switzerland, EU

    Add-On Features

    (See Table 1)

    Table 1 displays EasySend's security offering according to the purchased package.   

    Table 1: Security Offering

    Security OfferingBaselineAddon
    Dedicated DBs & storage for user dataV
    Choose from a variety of geographical regions (PROD)V
    Choose from a variety of geographical regions (DEV)V
    Data stays in the same geo. regionV
    Single Tenant standardV
    Single Tenant "Shield"
    V

    Was this article helpful?