Security and Data Protection Modified on: Thu, 20 Dec, 2018 at 9:18 AM

dRofus is a CDE/BIM solution that is used on small and large building projects worldwide. 

There are two main hosting models

  • Hosted by dRofus (SaaS) on one of our regional data hosting providers
  • Hosted by the customer. For certain high security projects this will be the only solution and it will be up to the customers to implement the physical security.

The description supplied below describes dRofus architecture and processes as they are implemented for most customers based on out SaaS solution but also for self hosted project some of the information will apply. 

Architecture

dRofus is a BIM software based on a client/server architecture. The program is made up of the following central components:

  • Central database server
  • Central report/document server
  • Windows client program – dRofus
  • Browser-based (web) application - dRofus web
  • Model server for dRofus web (Catenda server)
  • Web based adminstration tool for managing projects and users

Hosting providers

We have currently 4 regions that hosts dRofus. 

Region
Hosting provider
Location
EMEA
dRofus
Amazone Web Services
Norway, Oslo https://www.digiplex.com/
Frankfurt region (only application hotsing - no data is stored here)
US
Amazone Web Services
North Virginia and California regions https://aws.amazon.com/about-aws/global-infrastructure/
Canada
Amazone Web Services
Central region https://aws.amazon.com/canada/
APAC
Amazone Web Services
Sydney region https://aws.amazon.com/about-aws/global-infrastructure

For information regarding physical security and security certifications, please use the providers above. 

Client to server communication

Data between the dRofus client software and browser and server is always encrypted in transit. All communication uses TLS protocol or browser built int HTTPS/TLS. 

Database Servers

All dRofus data is stored on a central server. The database system utilized by dRofus is supported versions of PostgreSQL, usually the last version. Data for different projects and clients are separated into different databases and separate access permissions are needed for each individual database. Each database is only accessible to the client or whoever they give access to. The access to the databases is wither controlled by dRofus authorized personnel or persons that are given administrative access.

Server access for technical and support personnel

Only dRofus authorized personnel have access to change the user rights on the database level. dRofus authorized support personnel have access to the customer servers for their region. In addition, central support personnel from the head office and dedicated technical personnel from the head office have access to all servers to be able to solve critical issues for the customers that cannot be solved by one office alone.

Authentication

All logon to dRofus databases requires username and password. This information is encrypted during transit. When logging on through a browser, the user is issued a token during his session.

Audit log

For those authorized to see this, It is possible to track who has been logged in to a database, thus knowing who has had access. It is possible to audit all object-related information that has been changed, thus enabling auditing of authorized changes to the database. 

Operational Security

dRofus technical personnel are over-viewing and considering potential new security risks. New patches to all relevant database and operating systems software is updated immediately upon release.

Only a limited few of our technical personnel have server access rights across non-development servers. dRofus development servers are kept in a separate environment from the operational servers.

Application

dRofus is built with mainstream technology from large commercial vendors, or supported open source software. dRofus software is developed using .Net technology from Microsoft and based upon a PostgreSQL database. Libraries from open sources are used in the development.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.