As requested we are offering a new service to our Business Partners: Direct Database Access. This is for Partners who are hosting their ARCHIBUS On Demand projects in ASC-HS’ Cloud.
This is a new partner-based service, which means that it is not tied together with a single project but with the Business Partner. If requested, we can migrate all the Partner’s projects to this direct database access solution.
How does it work?
- Business Partner developers will be given personalized accounts and VPN software, which they will need to install onto their computers in order to access ASC-HS’ internal databases.
- ASC-HS will give instructions on how to install and configure the VPN software.
- When the VPN software is installed and configured, the developer makes the VPN connection using her/his private credentials (username/password/phone SMS) towards ASC-HS internal network.
- After a successful connection, the developer must use their own development tools (for example SQL Server Management Studio) to login to the correct database (username/password provided by ASC-HS). RDP/SSH, Powershell are not allowed.
- When the database connection is made, all necessary tasks can be performed without the help of ASC-HS.
- When the work is done, the Development tools and VPN connection must be logged off/terminated.
What about security and auditing?
The VPN connection is encrypted and requires MFA using a phone number. This means that all the accounts are personalized. An authentication request requires the developer to have his/her personal account credentials and their telephone with him/her.
The developer must have uptodate antivirus software installed and activated on their machines before and during the use of the service.
All the activities in the databases will be audited. If there will be performance issues, we will track the audit log in cooperation with the developer, who was behind the tasks. If needed, ASC-HS will restore/restart the database(s).
It is the Business Partner’s responsibility to notify ASC-HS about the developer(s) who has no need to access the services anymore (eg. Leaving the job) so that ASC-HS can terminate the access.
Bear in mind that unsecured machines and/or actions can result in database downtime or even destruction of the database.
Supported Systems and Versioning
The VPN client supports all widely known laptop/personal computer operating systems: Windows, Mac, Linux.
MFA requires a mobile phone (Android/iOs).
The SQL servers will use MS SQL 2017 version, which is officially supported by Archibus v24.1. If Your installations use version 23 Archibus and are stable, we also recommend moving them to v 2017 although the Archibus support matrix does not state that.