Payroll Data Access Specifications
Suran offers data hosting services for Payroll clients using our established hosting service.
Elements
Element | Purpose | Location | Stack | Managed By |
|---|---|---|---|---|
Payroll client app | Windows or macOS application | TS or local PC/Mac | Omnis Studio | DealerBuilt/Dealer |
Data Hosting Server | PostgreSQL hosting server | Cloud VM | PostgreSQL | Suran |
Suran Database Manager | Database on hosting server tracking available databases and ownership | Cloud VM | PostgreSQL Database | Suran |
Client Database | Database on hosting server with client data | Cloud VM | PostgreSQL Database | Client |
Ferret | Authentication web service | Cloud VM | Sinatra | Suran |
Suran User File (SUF) | Suran in-house CRM with hosting ID, passwords, hosts for all clients Note: authentication data used in this system is mirrored to ferret and to data hosting servers for optimization | Cloud VM | PostgreSQL database | Suran |
Suran API | RESTful API | Cloud VM | Ruby on Rails Redis for caching | Suran |
Engage | Responsive web app for employee data access | Cloud VM | Ember | Suran |
LightYear database | Data exchange with Payroll database to/from LightYear application | LightYear database host | PostgreSQL | DealerBuilt/Dealer |
Facilities
Cloud VMs
Services are hosted on Linode VMs managed by Suran
Suran manages the entire server
Linode manages underlying hardware
Linode provides
Redundant power
Redundant fiber
24/7/365 onsite NOC
Rotating snapshots of VMs are taken and stored with Linode
Servers are continuously monitored for uptime, resource usage, data integrity by Suran
Administrative access to servers is limited to the Suran operations and development team
Each server hosts data for multiple clients (multi-tenant) using unique database(s) per client
Suran servers offer the same disk-level Payroll database encryption as DealerBuilt-hosted database servers
Client Backups
A logical (pg_dump) backup is taken nightly of each database
Backups are uploaded to Amazon AWS' S3 service
Backups are retained for one day on the local hosting server
Backups are retained for 14 days on S3
Access to S3 is limited to:
The hosting server via API
Suran operations and development team
Client data can be loaded by by development for triage within our hosting environment and is not stored on developer workstations
Ports
Host | Port | Use |
|---|---|---|
Ferret | 443 | Authentication and lookup |
Data Hosting Server | 443 | Suran API access |
Data Hosting Server | 9566 | PostgreSQL data access |
IP Addresses
ferret.suran.com is reachable at 172.104.11.248
Hosting server IP addresses vary
Access to databases for a given client can be restricted to source IP(s) (dealer location) for additional security, if desired
Payroll Authentication and Data Access
Each client is given a unique hosting ID and password
Payroll is configured with this hosting ID and password in lieu of an IP address/port
Payroll authenticates with Ferret
A host and available databases are returned
Payroll authenticates to the host and connects to a database with the hosting ID and password using an encrypted connection
The user authenticates with their username/password stored in the Payroll database
The user logs in and uses the applications
LightYear Authentication and Data Access
DealerBuilt staff configure the LightYear databases with:
Data Hosting Server IP
Database name
API PostgreSQL user name (specific to the client)
API PostgreSQL password (specific to the client)
LightYear databases connect with the API credentials to the client database to perform direct data access
Engage Authentication and Data Access
User enters their unique Engage URL
Engage sends the unique URL to Ferret
Ferret provides a hosting server and provision code (unique ID for that database)
Engage authenticates to Suran API on the hosting server with the provision
Suran API uses the provision to connect to the client's database
Engage queries Suran API for the organization name and logo
Engage presents a branded login window
User enters their username and password
Engage authenticates to Suran API on the hosting server with the username, password, and provision
Suran API uses the provision to connect to the client's database
Suran API authenticates with the username and password stored in the client's database
Suran API returns an authentication token
Engage stores the token and provision in a browser cookie
Subsequent requests provide the token and provision for authentication
Tokens are revoked after 30 minutes of inactivity
