How client data is protected

For better security and data protection ServerSuit is going to utilize:

  1. "SYSTEM" account credentials are auto generated and never shown to anyone.
  2. All the information pertained to access to managed servers to be encrypted.
  3. Access to client servers from a secure internal server network hidden behind NAT.

Here is a bit more details about particular implementation.

ServerSuit data storage is spread among multiple nodes (Node Servers). Access to each NS is available only via firewall protected API that limits set of IP addresses from which the servers can be accessed. The key for reading encrypted data can be obtained only from the one of WAS (Web Application Servers).

After credentials are decoded a SSH connection is created between an NS and a managed server, and scripts that needs to be executed are transferred directly to the managed server. Once transfer is finished the client is launched using “SYSTEM” account.

While script is running on the client's server, callback is performed periodically to provide information about scripts execution status to a WAS. Callback data contains temporary 256-bit encrypted key identifying the server and executed script as well as process information.   On WAS data is decoded and the execution status on the dashboard is updated. Once it happens the key is destroyed.

Connectivity Protection

All the connections to the managed servers is conducted via SSH, which provides high level of protection. Callback work via HTTPS which uses a valid 256 bit SSL.