Hosting FAQ

Question: How will Trial Interactive be deployed and hosted? Is there any concern with the security of customer data?

Answer: Trial Interactive is deployed and managed as both a single-tenant and a multi-tenant SaaS application, utilizing the AWS infrastructure as a services platform, providing our customers with a highly scalable and accessible platform for eTMF. Trial Interactive itself requires no client infrastructure requiring only a browser and an Internet connection to access. Trial Interactive uses a multi-tenant architecture that allows efficient sharing of application software and hardware resources, while providing complete partitioning of each customer's data. It is managed as a single code base deployed over a distributed architecture composed of multiple components, including a web server layer, application layer, database layer, content layer and file store. Each component represents a physical set of infrastructures and provides the necessary application logic, data and security to support Trial Interactive. Hosting facilities are located in Northern Virginia and Oregon, with Frankfurt and Dublin available in Europe.

Question: Why host on AWS? Why host on the Cloud?

Answer: The Cloud, specifically AWS, Google, Azure, and other large providers, has several advantages over on-premise and co-located hosting:

  • Scalability - Infrastructure as a Service allows TI to horizontally scale based on usage. As many instances (servers) may be added to a cluster as necessary, very quickly. This allows TI to provide customers the performance they require no matter what circumstance. It also allows load balancing of processing power and memory between many users, customers, and sites.
  • Standardization - Since instances can be standardized using virtual machines, all instances can be pre-configured before deployment.
  • Performance - Because of scalability, performance can be provided in a consistent way. PaaS (Platform as a Service) applications available on AWS allow TI to take advantage of global caches, global temporary file space, and global database clustering, allowing the source to be local to the destination user.
  • Maintenance - Powerful scripting tools like Chef and Puppet may be used to automate all server maintenance, so that all updates may be done without involving human operators, improving consistency of practice.
  • Deployment - Powerful scripting tools like Chef and Puppet may be used to automate all server deployments.
  • Integrations - Interoperability between systems may be accomplished using web services over TLS/SSL or VPN as needed, in addition to new technologies such as SAML for single sign on.
  • More Reliable - The ability to leverage a vast infrastructure means new instances are easy to spin up and maintain. This requires a greater degree of maintenance and careful change control, but ends with a more reliable hosting platform.
  • Ease of Upgrades - Upgrades may be scheduled and deployed with little customer effort outside of a standard UAT script, because TI takes on the burden of validating the software as part of the service.
  • Ease of Adoption - TI has some control of the ability to engender adoption. Through User Experience testing, TI can see where adoption is dropping off, and quickly correct the software. TI can also help the customer with adoption as part of the service and rollout.
  • Higher Quality - While this one is a bit tricky, it is true that TI can deploy patches faster and more safely in a Cloud environment. This comes into play with Multi-Tenant customers more clearly than Single-Tenant, however with deployment automation using Cloud tools such as Chef, Puppet, and Infrastructure deployment tools like Elastic Beanstalk, this also allows for faster patching.
  • Self-Service - SaaS software is typically focused on self-service instead of centralized. This varies on the software of course, but it can often leverage tools that are not available on-premise.
  • Secure - This is another tricky one, but it's true that Cloud providers take security more seriously than smaller shops. In this case larger does in fact mean better. An example is the Meltdown defect, which was patched by AWS months before it was officially announced.
  • Better Features, Faster - SaaS software, because of simpler deployment, can often be delivered on a tighter, more focused release cycle.

Question: Is Trial Interactive a single point of failure? What happens if Trial Interactive goes down?

Answer: TransPerfect will have all the necessary resources in place to continue to ensure a Service Level Agreement (SLA) and uptime that is acceptable, including monitoring, on-demand scalability, hot servers and mirroring, regular backups and a host of disaster recovery and management procedures in place. Trial Interactive availability is of the utmost importance to the success of our customers. Trial Interactive application services are available 99.97% twenty-four hours a day seven days a week.

Question: But really, what happens if Trial Interactive goes down?

Answer: No computer system is completely immune to failure, as illustrated by multiple outages that have occurred with Amazon Web Services, Google Mail, and other single instance application providers. Should Trial Interactive go down, we will take every means to ensure it is restored within our customer's contractual SLA, and undertake a root cause analysis (RCA) or CAPA to resolve the issue permanently. When a disaster scenario occurs the Trial Interactive cloud services environment will be re-deployed into the secondary cloud services environment using the same validated processes that were used during the deployment of the primary cloud services environment. Customers will be functional within 24 hours of the disaster being identified, with up to 30 minute data loss at most.

Question: Will TransPerfect accommodate audits by our customers to the third party being used to host Trial Interactive?

Answer: TransPerfect will ensure the appropriate level of security and privacy measures are in place at the third party through vendor audit and formal assessment procedures. As per TransPerfect audit policy, customers may visit the corporate office for formal audits of our policy and procedures. An audit of the remote hosting facility is accomplished primarily through standardized documentation such as the SSAE 16 SOC 2 assessment.

Question: What is the Trial Interactive Service Level Target and AppDex Score?

Answer: The target AppDex score for Trial Interactive is Client-Side T=2.0. This means that, on average, every page turn in the Trial Interactive application returns in two seconds or less. This is a very aggressive score, as most of the time involved in a page turn concerns network speed, browser page Document Object Model (DOM) generation, and browser page rendering time. Only a small portion of the two seconds is available for the server response.

Question: What does AppDex mean, and what do we mean by an AppDex Score?

Answer: AppDex is the application index score, which is the average client side page turn based on some number of seconds T. Required is T = 2 seconds, with and expected AppDex score of 90% and higher.

Question: Who is the hosting provider for Trial Interactive?

Answer: Trial Interactive will utilize a third party infrastructure as a service (IAAS) environment at AWS, outside of customer's local or contracted hosting environments. AWS operates a SSAE 16 SOC 2 (formerly SAS 70) environment that is configured per TransPerfect specification and requirements during the provisioning and deployment process as part of the product release cycle. TransPerfect quality representatives have performed a thorough analysis of the third party SAAS provider environment and concluded that they exceed the expectations required to ensure that Trial Interactive can deliver on customer service levels in a secure and efficient manner.

Question: What certifications does the hosting provider hold that are applicable to Trial Interactive?

Answer: AWS, the selected hosting provider, provides virtual servers in their own SSAE 16 SOC 2 (formerly SAS 70) data center that is configured per TransPerfect specification and requirements during the deployment and configuration process.

Question: How many application and web servers are used by Trial Interactive? How is availability handled?

Answer: Trial Interactive consists of a minimum of two instances in each tier of an N-tier architecture. Trial Interactive requires a web server, application business logic server, a database server for the business logic layer, a reporting data warehouse and server, a application content server, a database for the content layer, a file and document store, an index server, and a cache server as part of its N-tier architecture. Other services will be required to manage firewall and security, load balancing, and the web services gateway and mobile gateway. TransPerfect may elect to change the configuration of the Trial Interactive service at any time in order to ensure our customers the best possible service levels.

The number of instances at each layer are scaled up and down as needed to ensure optimal performance at all times, which is determined based on the real-world user score as well as measurements at each instance and database level.

All databases at minimum require a primary instance and failover instance that exists in a separate availability zone. A disaster recovery database exists in a separate region for each. Full backups are completed twice a week, and incremental backups are taken every 30 minutes or less. These backups are stored encrypted in a location available to all database instances across regions, stored in the primary, secondary, and DR availability zone/region.

Question: What kind of system load and performance testing has been done for Trial Interactive? What is the expected user, supplier, customer and transactional concurrency?

Answer: A full set of system load and performance tests are part of the development for Trial Interactive, with an eye to ensuring horizontal scalability in all components. This will allow Trial Interactive to scale to many users by simply adding more instances, and without requiring a major change to the application architecture to accommodate more customers.

Question: Is Trial Interactive horizontally scalable? How is this accomplished?

Answer: To be horizontally scalable means that Trial Interactive can scale up by adding additional nodes (servers) with no overall performance degradation noticed by end users. This is critically important for applications that may need to scale up to 100s of thousands of users quickly, and for applications whose user activity load varies widely based on time, day, month, and other variables. Trial Interactive has the ability to cluster web servers, application servers, and content servers, and is thus scalable in this way.

Question: Are Audit Trails for Trial Interactive preserved and archived?

Answer: Trial Interactive includes detailed audit logs showing the field changed, the old value, the new value, the data and time, and the reason for change. Electronic signatures are indicated in the audit trail as well.

Question: Define the Virus Prevention, Detection and Mitigation controls in place. How are they kept current?

Answer: Antivirus software is installed on all servers to check and isolate or remove any viruses including data, attachments, etc. Systems are configured to scan for malicious software and infected files on a regular basis. New files are automatically scanned upon save or download including email attachments. Updates to virus databases are downloaded automatically and distributed through an automated update process. For attachments, customers must maintain virus download protection in place to prevent any virus infection from that vector.

Question: Does TransPerfect currently have a formally approved Disaster Recovery (DR) and/or Business Continuity (BC) Plan? If yes, identify.

Answer: Yes. TransPerfect has formally, documented policies and procedures for business continuity and disaster recovery.

Question: How are performance or SLA issues handled?

Answer: All system down issues, major performance issues, faults and exceptions are classified as an incident. Incidents are identified at TransPerfect in a number of different ways – monitoring alerts, customer calls, vendor notifications or internal observations. Once an incident is encountered it TransPerfect's main focus is to resolve the issue and provide the customer with the expected service levels. Reported incidents are validated by TransPerfect support resources and a defined set of steps are executed to attempt to quickly resolve the issue. When an incident is severely interrupting service levels the incident is escalated as per the emergency response procedure. This procedure is designed to ensure ensure that resources with the correct subject management expertise are deployed and focused on finding a corrective action that will restore expected service levels. This procedure also describes the communication plan designed to provide regular updates to internal and external stakeholders. Any changes required to the production cloud services environment in order to resolve an incident are handled through the change management process.

Question: If Trial Interactive is externally hosted on a Cloud services provider, doesn’t this present configuration management issues? Is Trial Interactive hosted on dedicated Cloud servers?

Answer: Trial Interactive is deployed and managed as a multi-tenant SaaS application, utilizing the AWS infrastructure as a services platform, providing our customers with a highly scalable and accessible platform for eTMF. Configuration management is handled fully by TransPerfect from the virtual server and up, using standard ITIL practices as specified in our internal hosting policy and procedures. Each application is fully validated along with its virtual deployment through TransPerfect’s standard software development lifecycle.

Question: What types of data are stored on Trial Interactive?

Answer: The Trial Interactive Cloud Services Environment will store three broad classifications of data:

  • Public data: This data is available generally on the Trial Interactive web site and includes help files, eLearning videos and marketing materials.
  • Private data: This data classification includes all eTMF metadata and document content. This data is always encrypted at-rest and in-transit within and without the Trial Interactive application.
  • Confidential data: For Trial Interactive, this data is restricted to authentication only, and will always be encrypted at-rest and in-transit within and without the Trial Interactive application.

Data in transit and at rest are encrypted to provide optimal security. Data in transit is encrypted using secure socket layer (SSL) transmissions. Data volumes are encrypted in the production cloud services environment to ensure against any unwarranted access to customer information as it passes through Trial Interactive. Data backups are taken on a daily basis, encrypted and stored within 36 hours in the secondary cloud services environment in order to expedite recovery efforts in the case of a disaster.

Question: I need some information regarding the servers that you use. Do you only outsource the hosting to Amazon Web Services only in Europe or also in the US?

Answer: Yes, we also host with AWS in the European Union (EU). Our primary server is located in Frankfurt (EU-Central-1) and the backup / disaster recovery server is located in Ireland (EU-West-1). TransPerfect requires 45 days to set-up the environment after the contract is signed.

Question: How is Trial Interactive's performance monitored? Is it monitored globally?

Answer: Trial Interactive hosting uses many monitoring tools to ensure that clients experience good performance while using the software. All instances are constantly monitored using many tools, including Zabbix, ELK, Grafana, Cloud Watch, Cloud Trail, and Pingdom. In particular, uptime is constantly monitored, and reports are made available. Real-time user performance is also checked, using an Appdex score which measures the actual performance of each page as it loads in the user's browser. Pingdom monitoring also provides a global map showing, by country and region, the exact Appdex and real-user monitoring performance scores up to the minor. This provides our Service Desk warning and alerts in case performance becomes slow on a particular instance or network or location. With this information, the Trial Interactive Service Desk can improve the performance through scaling, failover, network re-routing, and other means.

Question: Who has access to the Trial Interactive Cloud Hosting Environment?

Answer: Trial Interactive uses Amazon Web Services as a third-party infrastructure as a service (IAAS) environment. The infrastructure as a service provider operates a SSAE 16 SOC 2 (formerly SAS 70) environment that is configured per Trial Interactive specification and requirements during the provisioning and deployment process as part of the product release cycle. TransPerfect quality representatives have performed a thorough analysis of the third party SAAS provider environment and concluded that they exceed the expectations required to ensure that Trial Interactive can deliver on customer service levels in a secure and efficient manner.

Trial Interactive's IT network perimeter is locked down by patched firewalls and Intrusion Prevention Systems and access to network resources are enforced, monitored, and audited. Our firewalls are fully redundant (at both the primary + secondary locations) and active-passive. AWS does not have backdoor access to the SAN, meaning AWS personnel see the firewall. IPS and HIDS technologies are utilized to protect critical and sensitive networks and systems. In addition to intrusion detection and vulnerability scanning, TransPerfect has 3rd party white box and black box penetration testing for AWS on an annual basis.

Trial Interactive uses double encryption (at-rest and in-transit) to provide optimal security. Data in transit is encrypted using secure socket layer (TLS) transmissions. Data volumes are encrypted in the production cloud services environment to ensure against any unwarranted access to customer information as it passes through Trial Interactive. Authentication data such as username and passwords will always be encrypted at-rest and in-transit within and without the Trial Interactive application. For data at-rest identity information (passwords) uses the SHA-512 hashing algorithm. All communication with Trial Interactive servers goes over HTTPS/SSL. The enabled protocols are TLSv1, TLSv1.1, TLSv1.2 and the enabled ciphers are the ones recommended by the latest high security settings. This can be independently verified here: https://www.ssllabs.com/ssltest/analyze.html?d=login.trialinteractive.com.

Antivirus software is installed to check and isolate or remove any viruses including data, attachments, etc. Systems are configured to scan for malicious software and infected files on a regular basis. New files are automatically scanned upon save or download including email attachments. Updates to virus databases are downloaded automatically and distributed through an automated update process. For attachments, customers should still maintain virus download protection in place to prevent any virus infection from that vector.

Access control is provided using MFA authentication and Directory Services, providing access to the secure Cloud Environment using a VPN using individually revocable keys for the purpose of oversight and management.

AWS datacenters are equipped with the latest technology to combat fire and water risks to servers, as well as other physical threats. With respect to fire, automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

Trial Interactive’s cloud disaster recovery plan for AWS is designed to manage and test the steps required to move cloud services from the primary production cloud environment to the secondary cloud services environment. As daily backups of the primary cloud services environment are completed they are stored in the secondary cloud services environment so they can be utilized in the case of a disaster and are current within a 30-minute recovery period. When a disaster scenario occurs the Trial Interactive cloud services environment will be re-deployed into the secondary cloud services environment using the same validated processes that were used during the deployment of the primary cloud services environment. Customer will be functional within 24 hours of the disaster being identified. This plan is tested annually and results are recorded to identify potential improvement points.

Question: How is backup and restore handled in Trial Interactive?

Answer: TransPerfect has implemented both business continuity and a disaster recovery plan, which addresses all elements of our technical, physical, and organizational processes in the event of a disaster. Trial Interactive’s Cloud Environment has two hosting facilities to facilitate the Production and Disaster Recovery objectives of this infrastructure. Specific to our Trial Interactive and eTMF solution, our primary Americas Cloud Environment is in Northern Virginia and our Disaster Recovery Cloud Environment is in Oregon. For European customers, our primary Cloud Environment is in Frankfurt, Germany and our Disaster Recovery Cloud Environment is in Dublin, Ireland.

TransPerfect has adopted incremental, full backup, and replication technologies for our backup and disaster recovery strategy; consequently, this also affords us the ability to adhere to any retention policy we are contractually obligated to meet. The system is backed up throughout the day, every 15 minutes via incremental backup, and twice a week via full backup. All backups are stored encrypted and are immediately verified against the original data when completed, and any failure results in a notification to allow for immediate correction.

These procedures ensure the continued delivery of services to clients in emergency situations that result in the interruption or failure of the computerized systems. Depending on the nature of the disaster, TransPerfect expects to be operational with little impact to any clients. TransPerfect has an annual verification of activities schedules, which tests the different components of our Disaster Recovery process.

Restoration Times:

  • Data restore can be achieved in less than 24 hours from backup.
  • Recovery Point Objective (RPO) is 1 hour or less.
  • Recovery Time Objective (RTO) is 24 hours or less.

Question: Who has access to the Trial Interactive Cloud Hosting Environment?

Answer: Access control is provided using MFA authentication and Directory Services, providing access to the secure Cloud Environment using a VPN using individually revocable keys.

The Access Control Matrix is below:

  • Solutions Engineers (12 support techs) – Access control is provided using MFA authentication and Directory Services, providing access to the secure Cloud Environment using a VPN using individually revocable keys for the purpose of technical support investigations, upgrades, and Network Operations Center monitoring.
  • DevOps (6 engineers) – Access control is provided using MFA authentication and Directory Services, providing access to the secure Cloud Environment using a VPN using individually revocable keys for the purpose of infrastructure changes, Network Operations Center monitoring and application deployments.
  • Technical Management (2 Managers) – Access control is provided using MFA authentication and Directory Services, providing access to the secure Cloud Environment using a VPN using individually revocable keys for the purpose of oversight and management.

Question :What does the OCR do in the bottom left corner? (first IT slide). How do you manage the error handling? Do clients get to correct the OCR accuracy, or is it "as is"Answer: The OCR and ML Automation, once enabled, is automatic and may be configured. Additionally, ML is used to optimize this capability based on the document type