MYOB Advanced Data Centre Architecture

Data Centre and Architecture

 

Where is MYOB Advanced?

The MYOB Advanced suite is hosted on Amazon Web Services (AWS). MYOB has made a strategic choice to operate MYOB Advanced on the world’s leading cloud IT infrastructure provider who provides a high performing, robust and secure application set to make clients’ business life easier

 

Why is MYOB using Amazon Web Services?

In deciding how to provide the highest quality service to our clients, MYOB evaluated several options for hosting of Advanced including; in-house and external provider options and chose Amazon Web Services (AWS) for hosting MYOB Advanced. AWS are globally acknowledged leaders in Cloud IT infrastructure services and bring the expertise, investment and solid track-record for users of MYOB Advanced allowing MYOB to focus its efforts in its area of core strength – producing business software.

AWS provides highly reliable and scalable infrastructure to support computing power, database management, load balancing, data storage, backup and other related services. They have established data centres around the globe including Australia, the US, Europe, Brazil, Singapore and Japan and within those locations multiple physical locations for full redundancy. In addition there is a rich and vibrant ecosystem of 3rd party tools and value-added services for managing AWS deployments that MYOB can also use to ensure that MYOB Advanced is a reliable and robust service that our clients can depend on to run their business.

 

Where is MYOB Advanced physically hosted?

MYOB Advanced is hosted in the AWS Sydney Datacentre which has been in operation since 2012. The Sydney datacentre is the eighth global datacentre and is based on the successful design of other datacentres that stretches back to 2008. For our clients in New Zealand and Australia, this means that your data is regionally hosted and provides the fastest connection times and lowest response times compared to services hosted outside Australia such as the US or Europe.

 

How does the hosting of MYOB Advanced operate?

The hosting of MYOB Advanced is architected to maximise uptime and ensure that system performance is consistent irrespective of the number of clients and users utilising MYOB Advanced.

Infrastructure

MYOB Advanced utilises AWS services to ensure that a high redundancy, high availability infrastructure is in place for our clients. This is essential in being able to provide a service that can seamlessly cope with any number of potential infrastructure issues so that MYOB Advanced is available whenever you need it.

We use AWS servers (EC2 and RDS) across multiple availability zones (AZ) within the Australian region. Availability zones are isolated from each other by ensuring that each zone uses different providers and connections. This means that a problem with a utility provider would only affect a single zone leaving other zones to continue to operate thereby not impacting a client’s use of MYOB Advanced.

Application servers

MYOB Advanced runs on a number of application servers which comprise of the latest high memory and high CPU technologies in a load balanced, multiple-availability zone configuration. Servers are configured such that requests are balanced across multiple servers within and across availability zones in the Australian AWS data centre.

This balanced approach means that requests are evenly distributed across zones and servers to ensure a consistent system response time experience for all clients. In addition should there be problems in one zone, AWS can automatically and transparently stop using that zone with no outage or downtime for our clients. The other advantage in using this approach is to be able to apply some system upgrades without any downtime for our clients by taking a zone temporarily offline, applying the upgrade then bringing it back online before upgrading the alternative zone.

Database servers

The MYOB Advanced database resides on the latest Amazon Relational Database Service (RDS) again in a multi-availability zone configuration. Individual client databases are isolated from each other within RDS instances and data is automatically replicated between availability zones. Therefore any problems with a RDS instance, storage or network within the primary database zone will initiate an automatic failover to the secondary zone automatically with no data loss.

Non-database file storage

Data that sits outside the transactional database such as documents, invoices and payslips are stored on Amazon S3 storage. Like the application and database servers, data on S3 is redundantly stored across multiple devices across multiple facilities with automatic cutover in the event of any issues. Amazon S3 storage is designed for high durability (99.999999999% in fact) with an expected data loss of 1 object (file) in every 10,000 files every 10,000,000 years.

Scalability

Utilising Amazon Web Services, MYOB has the ability to scale systems and services to ensure that application performance is consistent irrespective of the number of clients and users of MYOB Advanced. As system load increases our monitoring tools can automatically add more servers capacity to adjust to higher demands. Conversely as load falls (say at night time), we can reduce server capacity to optimise hosting costs – these efficiencies are a major contributor to the overall subscription price to our clients.

 

How safe is my data in MYOB Advanced?

MYOB are committed to protecting our client’s data from loss that’s why all data is stored across multiple devices in multiple availability zones. Databases are replicated in real time between multiple availability zones and non-database information is stored on Amazon S3 storage which is replicated across multiple zones to guarantee high availability and redundancy.

The hosting of MYOB Advanced has been designed to cope with a potential failure of key elements necessary to provide the service to our clients. In the event of an issue, failover of one or more elements to the secondary zone will occur automatically and in most cases transparently to end users.

 

Is my data backed up in some way?

As MYOB Advanced data is replicated across multiple availability zones, there is a high degree of robustness in the retention of data to guard against failure of any one component. As an additional safety measure, MYOB Advanced data is also backed up nightly. These backups can be used by MYOB to restore the operation of MYOB Advanced should a complete system failure occur.

 

Can my backed up data be restored?

MYOB Advanced data is backed up at a whole-of-system level for use in the event of a major catastrophe. If clients wish to back-up their specific data, this can be achieved using the snapshot feature described below.

 

Can I do my own backups?

Whilst MYOB Advanced is a highly redundant and secure service that guards against data loss, we understand that clients may feel even more secure keeping a copy of their MYOB Advanced data in a location of their choice. With MYOB Advanced you can “snapshot” your data and download it, then store wherever you choose. Snapshots can be subsequently uploaded back into your MYOB Advanced database. In addition to snapshots, MYOB provides a full data export to Excel that allows clients to have a copy of their data in a nontechnical format.

 

What plans are in place in the event of a system disaster?

Should there be a complete failure or disaster in the AWS Sydney datacentre, MYOB can move hosting of the MYOB Advanced product to one of the other seven global AWS datacentres. Depending on the specifics of the disaster, it may be possible to resume operation with minimal data loss or in the worst case, restart from the last backup.

 

How secure is MYOB Advanced?

MYOB Advanced hosting has also been designed with security in mind to ensure that only authorised persons have access to the hosting service.

Physical security

As the MYOB infrastructure is housed in the Amazon Web Services data centres, there physical access is highly secure. Amazon’s data centres use state-of-the-art electronic surveillance and multi-factor access control systems. Data centres are staffed 24x7 by trained security guards and access is restricted to authorised personnel.

Network security

Not only are your applications and data protected by highly secure AWS facilities and infrastructure, but they’re also protected by Amazon’s extensive network and security monitoring systems. These systems provide basic but important security measures such as distributed denial of service (DDoS) protection and password brute-force detection on AWS Accounts.

Access to the AWS infrastructure that MYOB Advanced utilises is secured by multi-factor authentication as well as being network IP address locked so that access is only possible from one of the MYOB offices. In combination, this level of security ensures that only authorised MYOB staff have access to managing the hosting infrastructure.

Monitoring

MYOB utilises multiple monitoring systems for availability, intrusion detection and malicious traffic attempts. Unauthorised attempts to access the systems or any of its services are blocked and all access attempts are logged and audited into our centralised SIEM (Security Information and Event Management System) and are subsequently investigated.

All systems, components & services are continuously monitored and logs routed through our logging management systems. These are continuously managed by our operations teams and any changes to our network parameters cause alarms to our operations team 24x7.

Application security

MYOB Advanced has been designed to ensure that only authorised persons can access the information as specified by the account administrator.

Data encryption and storage

All data transmitted to and from the MYOB Advanced application is encrypted using industry standard HTTPS protocol. This means that the information can only be viewed by the end user’s computer and the MYOB Advanced application. Data is never stored on an end-user’s computer. All data remains within the MYOB Advanced data centre and only the data that is actively in use by a user is displayed in the web browser.

Application accessibility

Only users that have been approved by the client’s account administrator are able to access your MYOB Advanced account and data therein. This includes 3rd parties such as your partner and MYOB whose access must be specifically approved and is controlled by the client.

Role level security

MYOB Advanced provides you with fine grained control over who can access information, perform actions, access files or produce reports. Access to every screen, action, report, look up or enquiry can be defined within a security role that is configurable by you. Users can be assigned to one or more roles. For example, an accounts clerk may have access to see purchase orders but not pay them whereas the financial controller as an additional role will be able to process payments for approved order.

Data level security

In addition to role level security, MYOB Advanced provides additional capabilities to control access at the data level. System entities such as particular creditor and customer accounts, general ledger accounts, sub-account segment values, and budget articles, can use data level restriction groups. You can create any number of restriction groups and users assigned to one restriction group can only view the objects assigned to that group and nothing else.

Application logging

All access to MYOB Advanced is audited so you have the confidence of knowing who accessed your account, when that was and what actions a user performed. The level and control of logging is up to you and access reporting is available from within the application. You can also setup auditing on any screen in MYOB Advanced and control auditing on access to the screen and events (such as adding, deleting or modifying entities) within a screen.

Password Policies

MYOB Advanced supports complex password rules to ensure your users adhere to enterprise password polices. In order to assist in keeping the system secure, MYOB highly recommends that user names and/or passwords are not shared in any way with persons other than the one who has been assigned that login. You can define password options such as the length and complexity of the password and the expiration of a password. Accounts are locked out after several unsuccessful password attempts and you can control how long before they can try again.

Verifying our Security

We know that security is highly important to our clients and as such we engage a range of external, 3rd party security consulting organisations to audit our systems and processes to rigorously ensure that your data is safe. We use organisation such as BAE Systems and App Secure to perform architectural security reviews, penetration security tests and code analysis testing to ensure data security is at the highest level.

 

 

 

 

 

 

 

Did this help? If not, try contacting us Submit a request

Comments