DSI® Cloud Management Policy

This document contains information related to management of the DSI Cloud platform implementation including data retention, privacy and backup policy, restoration policy, disaster recovery, business continuity, and availability policy, change management policy, emergency change management in the cloud, and the alert policy.

Data Retention/Privacy and Backup Policy

Backups are an essential part of the operation of the DSI Cloud environment. DSI has provided the general policies listed below in relation to the use of backups with the DSI Cloud environment.

   Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.

What is being backed up?

DSI shall backup four (4) main data areas as set forth herein. They are each listed below and provide a description of the type of data, and how it is related to the overall solution. These data areas will be updated if any solution changes to the architecture are completed.

 

Table 1: Storage Type Definitions

 

Storage Type Description Highly Available
Amazon S3 This is a highly available data storage which holds the bulk of data in a MEP instance, changing frequently. This data is replicated across all availability zones in an Amazon Region Yes / Replicated across multiple Availability Zones
Amazon RDS This technology is commonly referred to as database storage. DSI uses this data area to store each of the databases a customer would use within their tenant instance. This would include system databases for MEP system specific tables, along with middle-tier databases (one per environment defined in the instance). Yes / Replicated across multiple Availability Zones
Amazon EC2 / EBS Each Amazon EC2 instance is the equivalent of a server. DSI uses Microsoft Windows Operating Systems on our EC2 instances that generally consist of 2 EBS drives. Each of these drives are backed up regularly. Yes / Multiple servers load balanced across multiple Availability Zones
MEP Instance Folder The MEP instance folder contains the executables and DLL files for MEP, along with some instance configuration data. Yes1

 

1The executables and DLL files are replicated during a maintenance window when the system applies patches or service packs. This data does not change on a daily basis.

 

How often is the data being backed up?

As each of the data areas are unique in how they operate, the appropriate backup frequency is different for each area. DSI shall backup that data in accordance with the frequencies and objectives listed in the table below.

 

Table 2: Backup Frequency

 

Storage Type Frequency Type Recovery Point

Objective (RPO)

Recovery Time

Objective (RTO)

Amazon S3 Daily Full 24 Hours 15 Minutes
Amazon RDS Daily Full 24 Hours Up to 2 Hours
Amazon RDS Continuously Incremental 5 Minutes Up to 2 Hours
Amazon EC2 / EBS Maintenance Windows Only Full N/A N/A
MEP Instance Folder Maintenance Windows Only Full N/A N/A

 

 

How long will DSI maintain the backups?

DSI believes that, in most cases, 7 days or 7 backups of all data is sufficient for recovery of data. The following table outlines the number of days or backups that DSI shall keep in relation to each storage type.

 

Table 3: Storage type retention day policy

 

Storage Type Backup Retention Period
Amazon S3 7 Days
Amazon RDS 7 Days
Amazon EC2 / EBS 4 Maintenance Windows

 

 

Does DSI provide an extended data retention period for customers?

DSI will work with every customer to design a custom upon request data retention solution to meet their business needs. Additional charges for a custom data retention policy may apply.

 

What is the data retention period for application analytics?

DSI provides a cloud-hosted data warehouse to support application analytics for both cloud and on-premises deployments of DSI Platform. DSI will retain application and system events within the application analytics data warehouse for a period of twelve (12) months. Extended retention periods are available. Additional charges apply.

 

How does DSI Cloud support compliance and data residency requirements?

DSI employs a regional data center model for customers that have specific regional compliance or data residency requirements. DSI Cloud data hosting is based upon AWS Regions. A customer may select a preferred AWS Region for hosting their data; additional fees may apply and will be set forth in the order. DSI will not move or replicate customer content outside of the selected region except as formally requested by the customer, or as legally required.

 

 

Restoration Policy

Almost as important as the backup of the data is the way in which the data is stored and potentially restored. As such, DSI has provided the following information about the restoration of the data.

 

 

What triggers DSI to restore data?

There are several events listed below which could trigger a restore of all of the storage data types which have been backed up, or just a portion of those storage data types.  DSI shall restore data types which have been backed up in accordance with the following tables listed below.

 

Table 4: Triggered Restoration

 

Event Type Restoration Type Recovery

Time

Alert
Change to system (MEP or AWS) which causes impact to multiple customers Restore of S3, MEP Instance, or Snapshot data, or a combination of all 3 1 hour or less Alerts will be sent out to master list of instance administrators for every instance affected
Catastrophic failure of virtual server architecture Generate new Servers 4 hour or less Alerts will be sent out to master list of instance administrators for every instance affected
Database server architecture experiences a catastrophic failure Restore database(s) to last known good configuration 4 hour or less Alerts will be sent out to master list of instance administrators for every instance affected

 

Table 5: Customer Requested Restoration

 

Event Type Information

Required From

Customer

DSI Operations

Restoration

Actions

Recovery Time

Objective (RTO)

Alert
Customer requested

restore of database

Point in time for

restoration +/- 5 minutes

Restore based

on customer specification

24 hours or less Alerts sent to

customer who requested restoration

Customer requested

restore of deleted application

IDs of Application

Studio objects to be restored

Retrieval &

delivery of deleted file to customer

24 hours or less Alerts &

requested file(s) sent to customer who requested restoration

 

 

Does DSI offer an off-site storage solution for customer specific data?

DSI has an offering to allow for off-site storage by leveraging AWS Glacier Storage. This can be configured to address the specific business requirements of the customer. Additional fees may apply.

 

 

Disaster Recovery, Business Continuity, and Target System Availability

Disaster Recovery is a term used in association with a catastrophic loss of the system being used, and how that system is restored to a working state. In order to provide a better understanding of the policy, we will go through the different areas of the system and provide information about the recovery process. Business Continuity is extremely important to the customers of DSI.

   Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.

 

 

What is the target system availability for the DSI Cloud environment?

DSI works to meet an availability level of 99.5% monthly for the production DSI Cloud service in each deployment region.

 

Disaster Recovery and the DSI Cloud

Disaster Recovery operations are meant to provide a method in which the system in use (DSI Cloud) can be brought back to a functional state after a disaster has occurred.

 

What qualifies as a disaster?

DSI considers any event which forces the main data center for the Amazon Web Services (AWS) Region into a non- functional state as a disaster.

 

What is DSI’s primary recovery mechanism in the event of a disaster?

DSI shall leverage AWS technologies to replicate dynamically changing data generated in the normal operating environment across AWS Regions. The current plan is an implementation of the warm site model, where production data is continuously read-replicated to a separate AWS Region, and minimal configuration is required to restore full functionality to the DSI Cloud environment.

 

What is DSI’s Recovery Time Objective (RTO)?

DSI shall implement and maintain a disaster recovery solution that utilizes multiple layers and leverages the Amazon Web Services technologies to provide for an RTO of 4 hours.  DSI shall recover the entire DSI Cloud operating environment within 4 hours.  If the recovery time will be longer than 4 hours, DSI shall promptly notify Customer thereof, and DSI’s Executive Management and Cloud Operations teams will consult and work with Customer to bring the DSI Cloud back to a functional state as soon as reasonably possible.

 

What is DSI’s Recovery Point Objective (RPO)?

While each customer has unique requirements for their RPO, DSI shall recover customer data to a point in time no less than 15 minutes prior to the disaster occurring. This RPO is achieved based on the current backup strategy.

 

Which data is part of the DSI Cloud environment and covered under the Disaster Recovery plan?

DSI shall backup three (3) main data areas as set forth in herein. They are each listed below along with a description of the type of data and how it is related to the overall solution. These data areas will be updated if any solution changes to the architecture are completed.

 

Table 6: Data Types included in DR Plan

 

Storage Type Description Replication Technology
Amazon S3 (Dynamic) This is a highly available data

storage holding the bulk of data in a MEP instance, which changes on a frequent basis. This data is replicated across all availability zones in

an AWS Region within the DSI Cloud environment.

AWS Cross-Region

replication for S3.

Amazon RDS (Dynamic) This technology is commonly

referred to as database storage. DSI uses this data area to store each of the schemas a customer would use within their tenant instance. This would include the system schema for MEP system tables along with middle-tier schemas (one per environment defined

in the instance).

AWS Cross-Region Read

replicas for RDS

Amazon EC2 / EBS (Static) Each Amazon EC2 instance is

the equivalent of a server. DSI uses Microsoft Windows Operating Systems on our EC2 instances that generally consist of 2 EBS drives. Each of these drives are backed up regularly.

Replicated via Cross-

Region Snapshot Copy

 

What would activate the Disaster Recovery Plan for DSI?

The decision to invoke the disaster recovery plan is the responsibility of DSI Executive Management, who will be receiving briefings from Cloud Operations team. If DSI reasonably believes the system will be operational in less than four (4) hours, based on information from AWS, then the Disaster Recovery Plan may not need to be invoked.

 

When does DSI switch back to the primary operation environment?

DSI shall revert back to the primary operation environment at the next normal maintenance window, unless there is an issue impacting a customer’s production status for which the solution would involve returning to the primary operation environment, in which case DSI shall use all its reasonable commercial efforts to revert back to the primary operation environment as soon as reasonably possible.

 

 

Change Management Policy

This section outlines the policies used by DSI to handle Change Management in association to the cloud environment.

   Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.

 

 

What is Change Management?

Change management within the scope for the DSI Cloud environment pertains to the following areas and will be provided at no additional charge to customers.

 

  • DSI Base Product Updates
    • Major Releases
    • Service Packs
    • Hotfixes
  • Database Updates
    • Major Database Software version updates
    • Schema modifications
  • Table structures
  • Trigger structures
  • View structures
  • Operating System Updates & Modifications
    • Patches
    • Service Packs
  • AWS System Changes which require a change to the DSI Cloud environment architecture
  • Alerting modifications
  • Backup/Restore system modifications
  • Disaster Recovery system modifications
  • Policies (as defined in this document)

 

How is Change Management controlled within the DSI Cloud environment?

  • Changes made to any of the areas discussed in the previous section would need to be requested through the DSI Global Support Center.
  • The DSI Global Support Center maintains access control over the entire DSI Cloud environment
  • Most changes made to the DSI Cloud environment are handled manually.
  • DSI Global Support has a team of dedicated and authorized personnel to make changes, once they have been requested and approved.
  • DSI maintains a test system where all changes are tested PRIOR to any of the following:
    • DSI Base Product Updates
    • Database Updates related to structure of certain objects
    • Operating System Updates
    • AWS System changes which require a change to the DSI Cloud environment architecture

 

 

Is there a normal maintenance window for change management?

DSI will publish a schedule to all customers utilizing the DSI Cloud environment as soon as scheduled maintenance is required (“Scheduled Maintenance”). Scheduled Maintenance windows will be scheduled on Saturday nights (in the United States, Central Standard Time). Scheduled Maintenance does not occur every Saturday night. It is only scheduled as required and in accordance with the terms herein.

  • Minimum scheduled notification time is three (3) weeks prior to the expected Scheduled Maintenance window.
  • Scheduled Maintenance windows will never occur at the end of the month.

 

How long will an outage occur during Scheduled Maintenance?

DSI works to keep the Scheduled Maintenance windows as small as possible. Any Scheduled Maintenance window shall not exceed sixty (60) minutes.

 

Does DSI have a system of record for Change Management?

DSI Global Support uses a ticketing system to record all changes made to the DSI Cloud environment. This system is leveraged for both Scheduled Maintenance, and unplanned maintenance due to an emergency.

 

What is the method of notification that DSI uses to communicate maintenance in the system?

DSI utilizes email heavily for notification purposes. The notifications would go out to the administrators of the tenant instances hosted in the DSI Cloud environment. The notifications will include the following information:

 

  • Scheduled Maintenance Date/Time (Time Zone specific)
  • Expected outage window (duration)
  • Description of the maintenance taking place
  • Information related to any changes necessary on a customer-based system which might need to occur prior to, or after, maintenance to the DSI Cloud environment.
    • Gateway Server Updates
    • Mobile Client Updates

 

If a change to a related system is required, where does one get those required files or changes?

DSI will include the location of any required updated files or changes to a customer portion of the DSI Cloud environment in the notification email. This is communicated to any customers PRIOR to the maintenance window, and documentation on how to update said customer systems will be provided.

 

 

Emergency Change Management in the Cloud

This type of change management outlines steps which may need to be taken in the event of an emergency update to the DSI Cloud environment. DSI goes to every effort to test any and all changes in a test system prior to making changes to the production system.

   Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.

 

 

What qualifies for emergency change management?

  • DSI Base Product Updates (Application) which are required for the production system to stay operational
  • Database Updates (Required Databases) which are required for the production system to stay operational
  • Communication Port changes related to overall operation of the system
  • Anything not specifically covered by the points above that prevents the production system from operating normally

 

What does not qualify for emergency change management?

  • Operating System Updates
  • Notification Updates

 

What is the notification method for emergency change management?

DSI shall notify customers of emergency change management by both email and phone as set forth below.

Method 1:

DSI utilizes email heavily for notification purposes. The notifications would go out to the administrators of the systems hosted in the DSI Cloud environment. The notification would include the following information:

 

  • Outline what is wrong with the system right now and why it warrants fixing immediately
  • Expected outage window
  • Information related to any changes necessary on a customer-based system which might need to occur after this maintenance window to the DSI Cloud environment.
    • Gateway Server Updates
    • Mobile Client Updates

 

Method 2:

DSI Global Support will make phone calls to instance administrators registered in the system with DSI and provide the following information verbally.

 

  • Outline what is wrong with the system right now and why it warrants fixing immediately
  • Expected outage window
  • Information related to any changes necessary on a customer-based system which might need to occur after this maintenance window to the DSI cloud environment.
    • Gateway Server Updates
    • Mobile Client Updates

 

How is the emergency change documented?

DSI will use the same ticketing system used for Scheduled Maintenance windows to document any emergency changes to the DSI Cloud environment.

 

Who authorizes emergency changes in the system?

DSI Cloud operations staff will communicate to the Executive Management over Global Services and Support along with Senior Management over Development for authorization.

 

 

Alert Policy

This policy defines the different events that will trigger alerts to the DSI Cloud operations team and what those alerts will trigger within the operations team.

   Note: DSI Reserves the right to change this policy in accordance with the DSI Cloud Services Terms and Conditions.

 

Alert Types

  • MEP Specific Alerts – Alerts related to the DSI MEP components in use within the solution
  • AWS EBS Alerts – Alerts related to the storage volumes attached to the EC2 instances
  • AWS RDS Alerts – Alerts related to the relational database instance(s)
  • AWS S3 Alerts – Alerts related to the highly available storage solution
  • AWS EC2 Instance Alerts – Alerts related to the Windows Virtual Servers

 

Configured Alerts

  • Platform Specific Alerts (MEP)
    • Push notifications using a DSI developed application
    • Push notifications utilizing third-party monitoring service
  • Infrastructure Specific Alerts
    • Push notifications utilizing AWS Cloud Watch technology
    • Push notifications utilizing third-party monitoring service

 

What is the delivery mechanism for the configured alerts?

DSI leverages multiple technologies to deliver alerts including SMTP, SMS and phone. These alerts are delivered to our Global Support Center which operates twenty-four (24) hours a day, seven (7) days a week, 365 days a year. Depending on the alert type, appropriate action is taken by the Global Support Center.