Security

Data backup and restoration

Documeet uses Amazon Relational Database Service (Amazon RDS) to manage its databases reliably and in a secure fashion. Amazon RDS automatically backups databases and keeps database software up to date with the latest version. Documeet benefits from the flexibility of being able to easily scale the compute resources or storage capacity associated with relational database instances. In addition, Amazon RDS makes it easy to use replication to enhance database availability, improve data durability, or scale beyond the capacity constraints of a single database instance for read-heavy database workloads.
 

RDS features that Documeet use for:

Availability

Automated Backups and Point-in-time Restores. The feature regularly automatically performs a full daily snapshot of customer data and captures transaction logs. Amazon RDS automatically creates the DB instance snapshots that can be used to restore the database at any time. This backup occurs every day. Documeet has a notification system that helps the DBA keep track of the backup process.

 

Multi-AZ deployments. Documeet benefits from enhanced database availability when running Multi-AZ deployments. It provides enhanced availability and durability for database instances, making them a natural fit for production database workloads. Amazon RDS synchronously replicates data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, so that Documeet can resume database operations as quickly as possible without administrative intervention.

 

Automatic host replacement. Amazon RDS will automatically replace the compute instance powering deployment in the event of a hardware failure.

 

Security

Encryption at rest and in transit. Documeet encrypts customer data using AWS Key Management Service (KMS). AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2.  On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

 

Network isolation. Database instances use different virtual networks (VPC), which allows Documeet to isolate databases in it’s own virtual networks and to connect to on-premises IT infrastructure using industry-standard encrypted IPsec VPNs. Documeet uses network firewall settings and controls network access to database instances.

 

Resource-level permissions. Amazon RDS is integrated with AWS Identity and Access Management (IAM) and provides Documeet the ability to control the actions that AWS IAM users and groups can take on specific Amazon RDS resources, from database instances through snapshots, parameter groups, and option groups.

 

Manageability

Monitoring and metrics.  Documeet’s DBA uses the RDS Management Console to view key operational metrics, including compute/memory/storage capacity utilization, I/O activity, and instance connections.

 

 

Restore Process

When initiating a point-in-time recovery, transaction logs are applied to the most appropriate daily backup in order to restore DB instances to the specific requested time. DBA can initiate the point-in-time restore and specify any second during retention period, up to the Latest Restorable Time.