Hosting FAQ

Question: How will Trial Interactive be deployed and hosted? Is there any concern about the security of customer data?

Answer: Trial Interactive is deployed and managed as both a single-tenant and a multi-tenant SaaS application, utilizing the AWS infrastructure as a services platform, providing our customers with a highly scalable and accessible platform for eTMF. Trial Interactive itself requires no client infrastructure requiring only a browser and an Internet connection to access. Trial Interactive uses a multi-tenant architecture that allows efficient sharing of application software and hardware resources while providing complete partitioning of each customer's data. It is managed as a single code base deployed over a distributed architecture composed of multiple components, including a web server layer, application layer, database layer, content layer, and file store. Each component represents a physical set of infrastructures and provides the necessary application logic, data and security to support Trial Interactive. Hosting facilities are located in Northern Virginia and Oregon in the US, and Sweden in the Europian Union.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Why host on AWS? Why host on the Cloud?

Answer: The Cloud, specifically AWS, Google, Azure, and other large providers, has several advantages over on-premise and co-located hosting:

  • Scalability - Infrastructure as a Service allows TI to horizontally scale based on usage. As many instances (servers) may be added to a cluster as necessary, very quickly. This allows TI to provide customers the performance they require no matter what circumstance. It also allows load balancing of processing power and memory between many users, customers, and sites.
  • Standardization - Since instances can be standardized using virtual machines, all instances can be pre-configured before deployment.
  • Performance - Because of scalability, performance can be provided in a consistent way. PaaS (Platform as a Service) applications available on AWS allow TI to take advantage of global caches, global temporary file space, and global database clustering, allowing the source to be local to the destination user.
  • Maintenance - Powerful scripting tools like Chef and Puppet may be used to automate all server maintenance, so that all updates may be done without involving human operators, improving consistency of practice.
  • Deployment - Powerful scripting tools like Chef and Puppet may be used to automate all server deployments.
  • Integrations - Interoperability between systems may be accomplished using web services over TLS/SSL or VPN as needed, in addition to new technologies such as SAML for single sign on.
  • More Reliable - The ability to leverage a vast infrastructure means new instances are easy to spin up and maintain. This requires a greater degree of maintenance and careful change control but ends with a more reliable hosting platform.
  • Ease of Upgrades - Upgrades may be scheduled and deployed with little customer effort outside of a standard UAT script because TI takes on the burden of validating the software as part of the service.
  • Ease of Adoption - TI has some control of the ability to engender adoption. Through User Experience testing, TI can see where adoption is dropping off, and quickly correct the software. TI can also help the customer with adoption as part of the service and rollout.
  • Higher Quality - While this one is a bit tricky, it is true that TI can deploy patches faster and more safely in a Cloud environment. This comes into play with Multi-Tenant customers more clearly than Single-Tenant, however with deployment automation using Cloud tools such as Chef, Puppet, and Infrastructure deployment tools like Elastic Beanstalk, this also allows for faster patching.
  • Self-Service - SaaS software is typically focused on self-service instead of centralized. This varies on the software of course, but it can often leverage tools that are not available on-premise.
  • Secure - This is another tricky one, but it's true that Cloud providers take security more seriously than smaller shops. In this case larger does in fact mean better. An example is the Meltdown defect, which was patched by AWS months before it was officially announced.
  • Better Features, Faster - SaaS software, because of simpler deployment, can often be delivered on a tighter, more focused release cycle.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Is Trial Interactive a single point of failure? What happens if Trial Interactive goes down?

Answer: TransPerfect will have all the necessary resources in place to continue to ensure a Service Level Agreement (SLA) and uptime that is acceptable, including monitoring, on-demand scalability, hot servers, and mirroring, regular backups and a host of disaster recovery and management procedures in place. Trial Interactive availability is of the utmost importance to the success of our customers. Except for a four-hour weekly maintenance window Trial Interactive application services are available 99.5% twenty-four hours a day seven days a week.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: But really, what happens if Trial Interactive goes down?

Answer: No computer system is completely immune to failure, as illustrated by multiple outages that have occurred with Amazon Web Services, Google Mail, and other single instance application providers. Should Trial Interactive go down, we will take every means to ensure it is restored within our customer's contractual SLA, and undertake a root cause analysis (RCA) or CAPA to resolve the issue permanently. When a disaster scenario occurs the Trial Interactive cloud services environment will be re-deployed into the secondary cloud services environment using the same validated processes that were used during the deployment of the primary cloud services environment. Customers will be functional within 24 hours (Recovery Time Objective) of the disaster being identified, with up to 30-minute data loss at most (Recovery Point Objective).

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Will TransPerfect accommodate audits by our customers to the third party being used to host Trial Interactive?

Answer: TransPerfect will ensure the appropriate level of security and privacy measures are in place at the third party through vendor audit and formal assessment procedures. As per TransPerfect audit policy, customers may visit the corporate office for formal audits of our policy and procedures. An audit of the remote hosting facility is accomplished primarily through standardized documentation such as the SSAE 16 SOC 2 and SOC 3 assessments.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: What is the Trial Interactive Service Level Target and AppDex Score?

Answer: The target AppDex score for Trial Interactive is Client-Side T=2.0. This means that, on average, every page turn in the Trial Interactive application returns in two seconds or less. This is a very aggressive score, as most of the time involved in a page turn concerns network speed, browser page Document Object Model (DOM) generation and browser page rendering time. Only a small portion of the two seconds is available for the server response.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: What does AppDex mean, and what do we mean by an AppDex Score?

Answer: AppDex is the application index score, which is the average client-side page turn based on some number of seconds T. Required is T = 2 seconds, with an expected AppDex score of 90% and higher.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Who is the hosting provider for Trial Interactive?

Answer: Trial Interactive will utilize a third party infrastructure as a service (IAAS) environment at AWS. AWS operates an SSAE 16 SOC 2 (formerly SAS 70) environment that is configured per TransPerfect specification and requirements during the provisioning and deployment process as part of the product release cycle. TransPerfect quality representatives have performed a thorough analysis of the third party SAAS provider environment and concluded that they exceed the expectations required to ensure that Trial Interactive can deliver on customer service levels in a secure and efficient manner.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: What certifications does the hosting provider hold that are applicable to Trial Interactive?

Answer: AWS, the selected hosting provider, provides virtual servers in their own SSAE 16 SOC 2 (formerly SAS 70) data center that is configured per TransPerfect specification and requirements during the deployment and configuration process. In addition to that, AWS holds many certifications, the details of which may be found here:https://aws.amazon.com/compliance/programs/

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: How many applications and web servers are used by Trial Interactive?

Answer: Trial Interactive requires a web server, application server, a database server or service, a reporting database and server, a content server, a file and document store, an index server, and a cache server as part of its N-tier architecture. Other services will be required to manage firewall and security, load balancing, and the web services gateway and mobile gateway. TransPerfect may elect to change the configuration of the Trial Interactive service at any time in order to ensure our customers the best possible service levels.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: What kind of system load and performance testing has been done for Trial Interactive? What is the expected user, supplier, customer and transactional concurrency?

Answer: A full set of system load and performance tests are part of the development for Trial Interactive, with an eye to ensuring horizontal scalability in all components. This will allow Trial Interactive to scale to many users by simply adding more instances, and without requiring a major change to the application architecture to accommodate more customers.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Is Trial Interactive horizontally scalable? How is this accomplished?

Answer: To be horizontally scalable means that Trial Interactive can scale up by adding additional nodes (servers) with no overall performance degradation noticed by end-users. This is critically important for applications that may need to scale up to 100s of thousands of users quickly, and for applications whose user activity load varies widely based on time, day, month, and other variables. Trial Interactive has the ability to cluster web servers, application servers, and content servers, and is thus scalable in this way.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Are Audit Trails for Trial Interactive preserved and archived?

Answer: Trial Interactive includes detailed audit logs showing the field changed, the old value, the new value, the data and time, and the reason for change. Electronic signatures are indicated in the audit trail as well.

–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Question: Define the Virus Prevention, Detection and Mitigation controls in place. How are they kept current?

Answer: Antivirus software is installed on all servers to check and isolate or remove any viruses including data, attachments, etc. Systems are configured to scan for malicious software and infected files on a regular basis. New files are automatically scanned upon save or download including email attachments. Updates to virus databases are downloaded automatically and distributed through an automated update process. For attachments, customers must maintain virus download protection in place to prevent any virus infection from that vector.