Cloud Computing Platform

The visionapp Cloud Computing Platform infrastructure was built according to the specifications of Microsoft's Hosted Messaging and Collaboration Solution. The operating system currently used to run the services required to operate the hosting platform is Microsoft Windows 2003. These services include, for instance, terminal services, web services and database services as well as the Hosted Messaging and Collaboration Solution (HMC 4.0) from Microsoft. The HMC strategy allows operating and automating Microsoft services such as SharePoint, Live Communication Server and, most importantly, exchanging in a shared environment. The key component of the HMC solution is the Microsoft Provisioning System (MPS). This system includes a set of providers which, for instance, allow automatically setting up new users in the Active Directory and creating a corresponding mailbox on the Exchange server. visionapp has extended this set of providers to enable the automation of additional services and applications such as terminal server and web solutions. The platform now includes the following complementary services:

• Portal technology for the access portal
• Comprehensive IAM (Identity and Access Management)
• Two-factor authentication
• Database/file/print services
• Reporting and billing services

Security comes first — modern multi-stage security concept
Originally, visionapp's basic technology was developed for the banking sector. Relying on professional routing and firewall technology, the security concepts implemented on the platform thus meet the highest standards as regards security in general and network security in particular.

In addition, the platform provides logical security at VLAN level. The entire architecture features a two-stage design, consisting of a DMZ (Demilitarized Zone) and a back-end area. All zones are separated from each other by firewalls. In each of the zones, a distinction is made between functionality, server role or customer area. The entire traffic between zones or areas is channeled through firewalls. In the event of problems, this ensures that only specific areas or subareas are affected. In the next stage, the entire external traffic (from the Internet or customer network) is systematically terminated in the DMZ. Direct access to back-end systems or application systems in the DMZ is not permitted.

Customer access to the infrastructure can be implemented through both standard login methods (user name and password) and, if higher standards are required, two-factor authentication with access via a VPN tunnel.

All data is retained in our high-security data center.

• High-security data center
• High availability through service level agreements
• Standardized professional tools for operation, delivery, customer management, data management and business processes
• Customizable and flexible front-end access components
• Comprehensive standard software combined with dedicated solutions
• Professional consulting and support services

Modern Data Center
The platform infrastructure is operated from a high-availability data center that meets the high security standards originally set by major German banks.

The data center has a number of separate F90-class fire protection areas. Each area features fully redundant connections to cooling, power supply, fire alarm and fire extinguishing systems, intrusion detection systems as well as the building supply systems. Altogether, the data center covers a floor space of approx. 17,000 m2, of which some 10,000 m2 are used for racks and telecommunications alone.


TÜV Certifications / Alarms
The following data center components and elements have been successfully checked and certified by TÜV, VDS or independent approved experts:

• Ventilation / fire protection system: TÜV-certified expert
• Technical building fire detection: VDS
• Data center fire detection: TÜV
• Argon fire extinguishing system: VDS
• Lightning protection equipment: TÜV
• Grounding: TÜV-certified expert
• Network equipment: TÜV-certified expert
• Security lighting: TÜV-certified expert
• Electric equipment: TÜV-certified expert
  
  

Safeguarding and Access to Data Center
The video surveillance equipment (about 86 cameras) covers outside areas as well as all areas within the data center and the supply building. The TV technology used is CCTV (Closed Circuit TV) with tapes recorded in 24-hour cycles. The video signals are permanently monitored by a dedicated 24x7x365 security team.

Uninterruptible Power Supply
The uninterruptible power supply (UPS) is ensured by nine big 16-cylinder diesel engines rated at 1.6 MW each and implemented as n+2 redundant system. This is a more elaborate solution than traditional UPS systems and offers virtually unlimited grid independence provided diesel supply is ensured.

Entirely battery-free design: In the event of a power failure a flywheel delivers the energy required to run a generator, which is then powered by the diesel engines. The benefits of this design include a very good performance, the lack of need to replace a battery as well as an ideal waveform with no interferences or phase shifts.


Fully Air-conditioned Server Rooms with Redundant Climate Control
A constant ambient temperature and humidity is ensured in all of the rooms. Climate control is implemented as n+1 redundant system and additionally safeguarded through backup power supply equipment.

The ultra high double floor with bottom air cooling for each individual rack ensures a high-quality rack cooling rather than simple room cooling. This also enables individual supply of cooling air to specific racks via appropriate deflectors.

Fire Protection Equipment
In case of emergency, a sensor-based system triggers a state-of-the-art redundant argon fire extinguishing system. Argon is modern and efficient fire extinguishing agent, which ensures that any equipment not directly destroyed or otherwise affected by a fire continues to run without damage. All rooms meet the requirements of fire resistance class F90.

Telecommunication Providers and Internet Access
The data center features double building inlets for telecommunications supplies. The inlets are routed into four different carrier rooms (currently well over ten carriers) of the data center, from where a redundant pre-cabling infrastructure allows to access all areas of the data center. Thus, simple patch cables allow to conduct through-connections from all carriers into the rack.

Availability guaranteed through service level agreements
As our platform is fully automated and very efficient, we are in the position to offer excellent service level agreements. Thus, when it comes to availability and service quality, you can always be sure of being on the safe side.

Service level agreements (SLA) are a key instrument for balanced service quality control. A clear definition of service levels is essential, as it helps to avoid ambiguity and disagreements as to contractual obligations. Please note that the stricter service levels are defined, the higher service costs will be.

Examples for service level agreements:
"Software availability using Internet access = 95%"
"Correction of errors within three hours following error notification"

The following aspects are set in SLAs:

• Exact description of the service, in accordance with main agreement
• System availability in percent per year (see example above)
• Performance
• Availability of support, helpdesk
• Recovery times (see example above)
• Support escalation stages
• Access to services
• Security concept
• Reporting (set reporting mode)
• Contractual penalties for non-performance of SLA (e.g. damage assessment penalties)

Additional aspects to be regulated:

• Copyright issues, e.g. for software licenses
• Remuneration schemes, e.g. monthly rental fees for software or flat rates for customizing
• Privacy policies, e.g. protection of customer data, in particular in the context of a migration
• General terms and conditions
  
  

Our standardized and automated expert tools make it possible: You get powerful and modern technology at reasonable cost.

Automated Operation — High Profitability and Security
The key component used for managing the complex infrastructure is visionapp Application Delivery Management Suite 2008. This tool allows setting up terminal server farms or infrastructure machines in the shortest of times. This mechanism is also used for patch management.
For further details on visionapp Application Delivery Management Suite 2008 click here.

visionapp Application Center (vAC) — Web-based Access to Applications
Reliable and standardized access to centralized applications is achieved through a web-based portal, from where users can start or customize the applications they are authorized to use. With all application data and configuration settings stored at a central location, consistent and secure access to Windows, Unix or web applications via a network connection is ensured at any time — at the workplace, at home or from anywhere else via a mobile connection.

Another plus for major customers and resellers: visionapp Access Portal can be fully customized to your own corporate design.
For further details on visionapp Access Portal click here.
 

SelfService — Easy Administration without IT Skills
The highly automated visionapp Service Delivery Platform can be managed through a SelfService feature integrated in the access portal. The administrator uses this feature to set and control which services each user is authorized to use. This also includes creating users as well as assigning applications and email packages — all with an easy-to-use, intuitive and very logical user interface.

Billing & Reporting Engine — Sophisticated Business Processes and Logics
Besides a wide range of technological possibilities, the visionapp Service Delivery Platform is also used to map complex business processes and logics. Using standard reports and interfaces, resellers are in a position to generate sophisticated usage reports or create direct accounting processes.

Define Own Articles and Prices
The platform's business logic allows reseller partners  to define their own article descriptions and prices without having to compromise the common shared services and their benefits. It is also possible to assign individual articles to a freely selectable trial period, for instance in the context of a sales promotion campaign.

visionapp Application Center
For a secure, reliable and standardized access to centralized applications visionapp provides a web-based application access portal as a cost-efficient and highly flexible alternative to the standard desktop. With such a portal, users are able to start and even customize the applications they have access to. With all application data and configuration settings stored at a central location, consistent and secure access to Windows, Unix or web applications via a network connection is ensured at any time — at the workplace, at home or from anywhere else via a mobile connection. The portal is the key to secure and consistent application access in a centralized environment.

Registration Wizard
The Registration Wizard is used for a fully automated creation of new customers. This includes recording all relevant customer data such as address, payment information and the desired application. After having been verified, the information is forwarded to the visionapp Service Delivery Platform and the new customer automatically created. Once this process is complete, the new customer is sent a confirmation email that contains his login data. The access password is provided in a separate email. The account has administrative rights, i.e. the customer has access to various management features, for instance to add further users and/or applications.

SelfService — Easy Administration without IT Skills
Another key module of the platform is the access portal with the integrated SelfService feature for end users. This portal allows end users to access his data and applications from anywhere and any end device. All he needs to do so is an Internet browser. The integrated SelfService feature in turn allows the customer to perform all administrative tasks on his own in a most convenient and cost-efficient way. Any changes or orders initiated by the customer are executed automatically and logged. To this end, the portal provides its own article management and business logic.

Comprehensive Standard Software Combined With Dedicated Solutions

Software Portfolio — Standard and Custom
The visionapp Service Delivery Platform architecture consists of a common (shared) part and a dedicated (customized) part. The shared part provides Hosted Messaging as well as other basic services. This also includes standard applications that can be used through Citrix (terminal server) or web.
In addition, it is very easy to set up dedicated services, which allows responding to customer needs and requirements in the most flexible way. All applications are packaged and automatically made available on the application servers by way of standard methods.
For details on the application and service portfolios click here (vivio portfolio).

Professional Consulting and Support Services
Intelligent outsourcing solutions from visionapp not only include advanced technologies bust also offer continued and comprehensive support. Our customers benefit from both current know-how and long-standing experience. Our team includes specialists from all relevant IT fields, who will accompany you through all planning and implementation stages as well as during running operation.
To make sure that your project will be successful right from the beginning, we provide your with a personal project manager who will specifically deal with your project. Where required, he may consult experts from various technical teams, among which, for instance, experts for databases, terminal servers, platform management or portal technology.

During operation, our Service Center is available to customers up to 24 hours a day, 7 days a week.