Technical FAQ
Question: How has Trial Interactive been architected? Please describe the technologies used.
Answer: Trial Interactive is deployed and managed as both a single and multi-tenant SaaS application, providing our customers with a highly scalable and accessible platform for eClinical and eTMF. Trial Interactive itself requires no client infrastructure requiring only a browser and an Internet connection to access. Trial Interactive uses a multi-tenant architecture that allows efficient sharing of application software and hardware resources, while providing complete partitioning of each customer's data. Trial Interactive is managed as a single code base deployed over a distributed architecture composed of multiple components, including an web server layer, application layer, database layer, content layer, and file store. Each component represents a physical set of infrastructures and provides the necessary application logic, data and security to support Trial Interactive. Users will access Trial Interactive through a browser over an HTTPS connection.
Question: What types of user authentication are supported by Trial Interactive?
Answer: Trial Interactive supports a simple email and password for authentication. Trial Interactive supports a multi-factor authentication, where a code is sent to the end-user to verify identity after the username and password are entered. Trial Interactive also supports a SAML 2.0 adapter, accessible by customers as a Service Provider (SP) to allow them to leverage their own corporate directories as an IdP (Identity Provider) to Trial Interactive. Creation and support of the SAML 2.0 IdP and assertions is the responsibility of the participating organizations.
Question: We've heard that TI is moving the platform to Alfresco. What is Alfresco, and why is it important?
Answer: Alfresco is a collection of information management software products for Microsoft Windows and Unix-like operating systems developed using Java technology. Their primary software offering, branded as a Digital Business Platform is proprietary & a commercially licensed open source platform, supports open standards, and provides enterprise scale. They also have an open source, community edition available, one that we will use as the basis for future TI.
John Newton (co-founder of Documentum) and John Powell (a former COO of Business Objects) founded Alfresco Software, Inc. in 2005. The original technical staff consisted of principal engineers from Documentum and Oracle. Because of this, Alfresco can be thought of as the natural child of both Documentum and Business Objects, two award-winning platforms that still have a heavy market presence today. Alfresco was designed also as a natural improvement and iteration on those platforms, leaving behind older technology and upgrading designs. Alfresco has been benchmarked by Unisys here:
This process showed the following results, on a typical, dual-core 2.6 MHz processor with 30 GB memory:
- Documents loaded and stored: 107 million
- Documents loaded per second: 140
- Read content: 0.34961 seconds
- Read property: 0.41976 seconds
- Response time for document operations:
- Processor Utilization: Average of approximately 20 percent on the application server and 15 percent on the database server.
And on AWS, the results are more impressive:
- ~1.1 Billion Documents split across 10,000 sites with a shallow, 2 level directory structure; 10 folders per level, 1000 documents per folder, 100kb documents on average
- 10 Alfresco repository nodes on AWS c3.2xlarge instances, 20 Alfresco indexing nodes hosted on AWS m3.xlarge instances, EBS file system storage and an Amazon Aurora database.
- Consistent ingestion rate of 86 million documents per day over 12 days - 100 documents per second per repository node
- Full indexing of all 1.1b documents in 5 days
- Load tested with 500 concurrent Alfresco Share users plus 200 concurrent CMIS API users using some of Alfresco's standard benchmark scenarios - average response times sub 4.5 seconds for even the longest operations
These numbers mean quite a lot. They indicate that the Alfresco platform is a powerful bedrock on which to build TI products. It can handle content better, by most measurements, than Documentum, OpenText, and many other similar systems. Building on this rock is the right choice when choosing a new platform for our eTMF, DMS, and other products.
Question: Is single-sign on supported? Can Trial Interactive integrate with providers like OKTA, Ping Identity, and One Login?
Answer: Yes, on Dedicated Clients only, SSO using SAML is supported. Providers such as OKTA, Ping Identity, and One Login are supported, as well as internal Corporate Directories such as Microsoft Active Directory.
SAML Authentication: This is supported in dedicated. This means that users can use their standard corporate directory username and password (or 3rd party) to sign in to Trial Interactive.
SAML Authorization: This is not supported. This would allow users to be assigned roles and access to Studies and Sites automatically through SAML. This is planned for a future release.
There are current plans to support SSO on MTI in 2018.
Question: What is SAML and how will customers ultimately use it for Single Sign on?
Answer: SAML (Security Assertion Markup Language) is an open source standard for trading both authentications and authorizations between two systems. It is quickly becoming an industry standard for providing a trusted handshake between two organizations for the purposes of single-sign on, used by Google and other large organizations for the purpose.
Question: Are there any data standards (either internal or external) in place for Trial Interactive?
Answer: Data in transit and at rest are encrypted to provide optimal security. Data in transit is encrypted using secure socket layer (SSL) transmissions. Data volumes are encrypted in the production cloud services environment to ensure against any unwarranted access to customer information as it passes through Trial Interactive. The Trial Interactive Cloud Services Environment will store three broad classifications of data:
- Public data: This data is available generally on the Trial Interactive web site and includes help files, eLearning videos and marketing materials.
- Private data: This data classification includes all TMF metadata and TMF documents. This data is always encrypted at-rest and in-transit within and without the Trial Interactive application.
- Confidential data: This data is restricted to authentication only, and will always be encrypted at-rest and in-transit within and without the Trial Interactive application.
Question: How is software testing and product verification handled for Trial Interactive?
Answer: Trial Interactive has a separate SQA team that reports to the Senior Director of Engineering. SQA has the responsibility to verify and approve the integrity of every build and explicitly approves each release before production. SQA engineers partner closely with our software developers to understand product requirements and create and execute comprehensive test plans.
Question: Please describe the SDLC used during the development of Trial Interactive.
Answer: Trial Interactive was created following standard TransPerfect SDLC policies and development procedures, using an agile approach to development and a continuous integration approach, with a daily build procedure generating each build and standard automated unit and regression tests executed to confirm success prior to further testing and development. To keep Trial Interactive is a fully validated state, TransPerfect runs every release of Trial Interactive through a complete validation workflow prior to GA in accordance with an SDLC policy, testing procedures, and validation plans. This validation includes standard IQ and OQ tests, as well as Performance tests, user acceptance, and a third-party security assessment. A full set installation of operational and performance qualification tests are executed according to an approved validation plan. Test results are summarized after the validation period and a full set of evidence and traceability are gathered and verified by Quality Assurance.
Once all tests have been successfully completed and reviewed, a TransPerfect-issued Validation Certification is signed and made available to customers. At that point in time, a new release will be made available to customers in a staging site, along with all formal qualification tests executed by TransPerfect. This staging environment contains the exact same services as the validation and production environments.
Question: Does TransPerfect have formally approved System Requirements?
Answer: Requirements are captured as user stories electronically and are approved by Product Management and Quality Assurance.
Question: For Trial Interactive, what programming and source code controls are used? What programming standards are in place for Trial Interactive?
Answer: A full set of programming standards with commercial source code control software is used for Trial Interactive.
Question: For Trial Interactive, does TransPerfect perform performance, robustness and stress testing? If so, describe the process.
Answer: Trial Interactive availability is of the utmost importance to the success of our customers. With the exception of a four-hour weekly maintenance window Trial Interactive cloud services are available 99.97% twenty-four hours a day seven days a week. Performance is also a key factor required to make our customer successful. In this light Trial Interactive has been designed to provide an average page turn of 2 seconds or less. This is measured by tracking the application index score (AppDex), which is defined as the average client side page turn based on some number of seconds T. This is a very aggressive score, as most of the time involved in a page turn concerns network speed, browser page Document Object Model (DOM) generation, and browser page rendering time.
Question: How are bugs tracked and retested for Trial Interactive?
Answer: Trial Interactive is being developed with a high level of quality; however, on occasion TransPerfect or a customer may find a defect. Software will not be released with any known critical or high severity defect. Low to medium severity defects will be repaired with each new release. If a high or critical defect is found, TransPerfect will assess the customer impact, and TransPerfect may deploy emergency patches to production without a software prerelease on the staging site. This will be communicated clearly to customers, and a risk assessment will be provided to customers for any defect fixed, and any patch released. Since defects will rarely impact the existing customer process, patches will be treated as any other release but with a low level of validation impacts.
Question: Does TransPerfect have formal processes in place that define Change Management and Change Control for hosted products?
Answer: TransPerfect has a validated process for change management used in all deployments and other modifications to the hosted environment.