Preliminary

BizCloud SaaS
PDC’s BizCloud concept is intended to give you a fully managed and secure environment for running your
PDC applications as a SaaS.

You access your PDC application hosted in the cloud and then run them as if it runs on your own desktop
just as if it were installed on your local machine.
PDC designs, configures, monitors, and maintains and run the entire hosted environment for you as a
service.

PDC BizCloud are hosted and runs the entire environment in cooperation with Sentia, https://Sentia.com.

Sentia is a professional Cloud supplier with many certifications and compliance. Sentia has based their
security program on the ISO 27001 certification and are supporting it with several certifications and
assurance reports such as ISAE3000 and ISAE3402 type 2.

It is recommended to consult Sentia homepage for further general information about Sentia and the
environment which host PDC BizCloud.
You find the information outlined here:
https://sentia.com/solutions/application-control/security-compliance

ISO27002 controls are currently being implemented in PDC and The PDC BizCloud Concept.

Architecture
Where most of the SaaS Solutions are based on a multitenant architecture, it is not the case with PDC’s
SaaS Solutions.
PDC’s SaaS Solutions is designed specific for the client giving much larger flexibility and will at the same
time have the advantages of having a single and proven concept and configuration (hardware, network,
operation system, monitoring, auditing, and security approach).

The increased flexibility in a customized SaaS Solution, makes it possible to design the setup to the client’s
requirements and needs.
BizCloud Configuration

The Cisco Firewall is Cisco5585 and will be configured with dedicated firewall rules for every client.
Access with HTTPS, legacy systems may require RDP, and it is recommended to upgrade to Windows 10.
During 2021 access with legacy system will be closed.

It is an option for every client to have access restricted selected WANIP addresses used by the client.
Alternatively access can be configured through a S2S VPN tunnel.

All access to systems through Cisco Firewall, and secondary through the Microsoft Gateway for all RDS
application, or Microsoft Proxy for all web applications

All new servers are based on Windows 2016 or newer, and all existing applications running on older
versions will be upgraded in 2021.

All Servers are locally with Microsoft firewall, and all applications servers are dedicated the purpose of
client’s applications solely.

The client can only access the applications. Only whitelisted software runs on the servers.
Every client will be dedicated a cluster of virtual computers, and the number of computers depends on
number of users accessing the applications. The diagram above is for illustration only.

Clients access the systems utilizing Windows Authentication using strong password encryption. Client
specific Microsoft password policy is an option.

Backup.
All data on the SQLServer is backed up with a RPO of 5 mins. All SQL backups are replicated to secondary
secure backup location.

RTO as outlined in contract.

All servers are running in a virtual environment and backup with Veeam daily.

SLA as defined in contract.

Backups are stored with PDC and will be delivered to the Data Owner according to License and Service
agreement.

Recovery Point Objective (RPO) generally refers to the amount of data that can be lost within a
period most relevant to a business, before significant harm occurs, from the point of a critical
event to the most preceding backup.
Recovery Time Objective (RTO) often refers to the quantity of time that an application, system
and/or process, can be down for without causing significant damage to the business as well as
the time spent restoring the application and its data.

Requirements
For accessing The PDC BizCloud environment it is recommended to use Windows 10 with latest revision and
updates. Legacy system requiring RDP access will be terminated in 2021.

It is recommended to have a good Internet connection, with quality over bandwidth (speed). A fibre
connection is always to be preferred.

For more detailed information we recommend Microsoft Desktop Protocol (RDP) bandwidth requirements.
See https://docs.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth

Cloud Security
Before talking about Cloud Security, we must define how we understand Cloud Security.
Cloud computing is the delivery of hosted services, including software, hardware, and storage, over the
Internet. The benefits of rapid deployment, flexibility, low up-front costs, and scalability have made cloud
computing virtually universal among organizations of all sizes, often as part of a hybrid/multi-cloud
infrastructure architecture.

Cloud security refers to the technologies, policies, controls, and services that protect cloud data,
applications, and infrastructure from threats.

Cloud Security is a Shared Responsibility

Cloud security is a responsibility that is shared between the cloud provider and the customer. There are
basically three categories of responsibilities in the Shared Responsibility Model:

1. responsibilities that are always the provider’s,

2. responsibilities that are always the customer’s,
3. responsibilities that vary depending on the service model:
a. Infrastructure as a Service (IaaS),
b. Platform as a Service (PaaS),
c. Software as a Service (SaaS).

The security responsibilities that are always the providers are related to the safeguarding of the
infrastructure itself, as well as access to, patching, and configuration of the physical hosts and the physical
network on which the compute instances run, and the storage and other resources reside.

The security responsibilities that are always the customer’s include managing users and their access
privileges (identity and access management), the safeguarding of cloud accounts from unauthorized access,
the encryption and protection of cloud-based data assets and managing its security posture (compliance).

PDC’s BizCloud runs PDC’s Applications as Software as a Service (SaaS) reducing the customers
responsibilities to a minimum, taking care of all maintenance and security headaches. However, it is
required that the customers keep PDC updated on the current user status.

For more information about Cloud Security see PDC BizCloud Cloud Security Document.

Compliance
PDC’ compliance builds on the basis given from our Cloud Service Provider. PDC is currently implementing
ISO27002 controls and will achieve assurance report ISAE3402.

Located in Europe/EU, PDC is by law obligated to be compliant with GPDR.