TBS collocates with Level 3 Communications / Century Link in both McLean, Virginia, our Primary Hosting Center, and Atlanta, Georgia, our Secondary Hosting Center, where back-ups and disaster recovery services are performed.
TBS owns all hosting infrastructure – firewalls, routers, switches, storage appliances and servers – and only utilizes Level 3 / Century Link for cabinet space, power, and, of course, direct internet backbone access. Both Level 3 / Century Link facilities (at the Primary and Secondary Centers) are “lights out,” and TBS does NOT use Level 3 / Century Link’s “helping hands” for support.
TBS delivers via an “Owner-Platform” hosting model, in which TBS owns all its hosting infrastructure, and only utilizes TBS employees for ALL services. (ALL TBS employees are U.S. citizens.) In this way, TBS has complete security control across its ENTIRE stack – hosted infrastructure, OSes, databases, hosted software – and covering ALL TBS employees and departments: engineering, product support, development, service and sales. VERY FEW GOVCON PROVIDERS UTILIZE THIS OWNER-PLATFORM MODEL, as most others outsource their hosting services and/or utilize consultants and subcontractors for delivery.
The TBS Owner-Platform hosting model makes TBS the only GovCon Cloud provider that is comprehensively DFARS 252.204-7012, ITAR and NIST800 compliant.
All connectivity is provided via encrypted data streams over the open Internet. Individual SSL host-based VPN is available. MPLS and site-to-site VPN are not provided to preserve security for both customers and TBS.
Scalability and system growth
TBS employs a scale-out methodology for adding resources such as application service (via clustering and load balancing), file system support via a 128-bit file system, and database access via Oracle partitioning. Limitations to scalability are limited to third-party application limitations and are not associated with infrastructure.
Given that the TBS Cloud environment is platform-based, it is built to be readily scalable, providing expansive storage and performance for all users. No additional hardware or storage will be required for onboarding. The current TBS hosting platform has ample storage and application server space to accommodate prospective growth of 10% to 20% annually, which is consistent with historical TBS trends. TBS routinely monitors its current hosting infrastructure for existing and future demands, and actively enhances its platform build and capacities well in advance of projected growth.
Availability AND Performance SLAs
TBS SLAs are incorporated into all TBS contracts, and include: Hours of Support, Response Times for critical and non-critical issues, and a Defined Maintenance window.
Up-Time Guarantee for Network and Servers: 99.99% from 3:00 a.m. to 1:00 a.m.,
7 days a week, excluding scheduled maintenance times (1:01 a.m. to 2:59 a.m.)
Committed Response Time: 95% 1-2 seconds, 5% 2-5 seconds
Disaster Recovery: 48-hour disaster recovery
Any individual outage in excess of a 1-hour period or a sum of outages exceeding 6 hours per month are not considered normal service levels
TBS responds to service incidents that affect multiple users (typically more than 10) within 30 minutes, resolves the problem within 1 hour, and updates status every 30 minutes
TBS responds to service incidents that affect individual users within 60 minutes, resolves the problem within 4 hours, and updates status every 30 minutes
For non-critical inquiries (no impact on service quality), TBS responds within 90 minutes, delivers an answer within 2 hours, and updates status every 2 hours
The following system reports are available for TBS customers: Availability of Services – average rate of availability and maximum period of unavailability; Performance Metrics – application/service average response time; Incident Metrics – number of incidents and incident average response time (by level within the SLA); Change Metrics – number of upgrades and patch installations.
Availability of Services: average rate of availability, maximum period of unavailability – Standard SLA includes a 99.99 uptime guarantee excluding our service window.
Performance Metrics: application/service average response time – Response times outlined in the SLA (95% 1-2 seconds, 5% 2-5 seconds) once users reach TBS facility. Customer is responsible for Internet access and Internet performance.
Incident Metrics: number of incidents, incident average response time (by level within the SLA) – Customer support response times are outlined within SLA
Change Metrics: number of upgrades, patch installations – All Hardware, Operating System, Data Base System and Deltek Patches, Service Packs and Upgrades are governed within our security model and outlined in our annual security audit, part of the overall SOC2 Type II assurance process.
Both TBS hosting models (Custom and Standard) are designed for surge capability with automatic load balancing (dynamically allocating additional resources and cycles), and ready to accommodate such events.
The TBS Cloud environment meets all DFARS 252.204-7012 standards for non-public, non-top-secret data, and TBS compliance is assured via its annual SOC2 Type II audit. In addition, TBS offers the ONLY Cloud for Deltek that is also ITAR and NIST800 compliant.
This is due to TBS’s “Owner-Platform” hosting model, in which TBS owns all its hosting infrastructure, and only utilizes TBS employees for ALL services. (ALL TBS employees are U.S. citizens.) TBS does not use subcontractors or third-party hosting center “helping hands,” and does not utilize outsourced hosting services providers. In this way, TBS has complete security control across its ENTIRE stack – hosted infrastructure, OSes, databases, and hosted software – and covering ALL TBS employees and departments, engineering, product support, development, service and sales.
As you evaluate TBS, we encourage you to ask for SOC2 Type II audit reports from all bidders to verify DFARS 252.204-7012, ITAR and NIST800 compliance. If other providers outsource their hosting or support, they must also furnish SOC2 Type II audit reports assuring DFARS 252.204-7012, ITAR and NIST800 compliance for ALL third-party providers, consultants and subcontractors. If other providers are not also ITAR and NIST800 compliant, they cannot be DFARS 252.204-7012 compliant.
ALL TBS employees are U.S. citizens, and TBS’s SOC2 Type II audit assures this compliance, and also outlines TBS’s strict internal access policies for customer data and apps. (Only designated Engineers have such access. TBS Product Directors and other personnel never access customer resources directly, under our segregation of duties policies.) TBS performs background investigations on all prospective personnel, and all TBS employees sign annual confidentiality and security agreements. TBS also requires an auditable approval process for granting system access for all customer employees and vendors. All such access policies are tested and assured via TBS’s annual SOC2 Type II audit process.
TBS typically utilizes remote authentication over SSL to local customer AD. Most Deltek applications do NOT support SAML2, but TBS may utilize this protocol if preferred, as Deltek adds SAML2 product support.
All customer databases and data sets uniquely belong to each TBS customer and reside on their own customer-specific servers. Customer data is physically and logically separated from all other customer data sets. All TBS-hosted products are Encrypted In-Flight. The TBS-hosted Deltek Costpoint suite, as well as all TBS products such as Aspire, I.C.E., Claritas, AutoMate A/P and SkyVault, are also Encrypted At-Rest, with 256-AES encryption.
Based upon customer size and our customers’ self-identified requirements, TBS offers BOTH platform-based and single-instance hosting models. TBS generally does NOT provide multi-tenant environments for Deltek products, and instead runs all Deltek apps as single tenant with no sharing of data or applications. Costpoint 7.1.1, in particular, does NOT run well as a multi-tenant application. TBS is open to exploring multi-tenant delivery based upon customer request, however.
Many TBS competitors confuse TBS’s single-tenant platform model with multi-tenancy.
See TBS’s architectural diagram for more details.
TBS utilizes a Secondary Hosting Center in Atlanta, Georgia that is geographically remote from its Primary Hosting Center in McLean, Virginia. The Atlanta Hosting Center is utilized for all application, system and DB back-ups, and for any disaster recovery services.
Automated encrypted, off-site back-ups are created nightly and sent from the primary TBS Hosting Center to our Secondary Center. Rolling 30-day back-ups are available. All back-up policies, procedures, testing and off-site storage are included in and audited as SOC 2 Type II elements. All inflight data originating from or terminating in TBS hosting facilities is encrypted with either 128-bit SSL or 256-bit AES encryption. All data back-ups are Encrypted At-Rest.
TBS utilizes a Secondary Hosting Center in Atlanta, Georgia that is geographically remote from its Primary Hosting Center in McLean, Virginia. Both hosting centers have been designated by the Department of Homeland Security as “critical infrastructure,” and both centers sit on 2 power grids and have 4 diesel generators for back-up power. Dual factor authentication is achieved by requiring each entrant to have an NFC-enabled badge with matching biometric key (hand print). Both collocation facilities are monitored 24-7-365 by live personnel and video surveillance, and are built to Tier-4 Data Center specifications – the very highest level of integrity. As most of the telecommunications traffic in Northern Virginia also runs through the colocation facility utilized by TBS as its Primary Hosting Center, in the event of a declared disaster this facility is “first in line” for diesel fuel after the Pentagon.
The Atlanta Hosting Center is utilized for all application, system and DB back-ups, and for any disaster recovery services. All back-ups are streamed in an encrypted manner to Georgia, and all backed-up data is also encrypted at rest. Per TBS SLAs, in the event of a declared disaster (in which TBS has NO PHYSICAL AND REMOTE ACCESS to its Primary Hosting Center), ALL TBS customers will be restored from Atlanta within 72 hours. All TBS disaster recovery protocols and controls are assured annually under the SOC2 Type II audit, and TBS performs two audited DR recovery simulations each year.
TBS provides real-time data redundancy / fail over in the event of an outage. These protocols and controls are assured annually under the SOC2 Type II audit.
The underlying file systems for both application and data servers are based on a 128-bit copy-on-write file system with real-time check summing and automatic error correction. For data volumes, data is written to redundant locations in real time. The secondary locations are then snapshotted and transported to the secondary hosting center.
Restoring Business Continuity
TBS works to recover from major hardware and software failures (RPO) within 4 hours. The recover point objective for major failures is 4 hours and recovery operations are designed to support those objectives.
Database and application server file systems are snapshotted and replicated to alternative hardware and network segments every 4 hours. These snapshots remain in the Primary Hosting Center and are available to stand-up and replace the production copy in the event of a problem disabling the production environment. Those copies are also transmitted to the Secondary Hosting Center where they remain and are available to be put back in production remotely if necessary. In the event of a major incident, DNS and load balancing systems may be redirected to point to the secondary hosting center.
If you’d like to get started or to learn more about ITAR-compliant TBS Enterprise Hosting for Aspire, Jamis, Deltek or QuickBooks, please fill out the form below. We’ll be in touch straightaway. Or, call 703.444.6562, extension 1.