dRofus is a CDE/BIM solution that is used on small and large building projects worldwide.
There are two main hosting models
- Hosted by dRofus (SaaS) on one of our regional data hosting providers
- Hosted by the customer. For certain high security projects this will be the only solution and it will be up to the customers to implement the physical security.
The description supplied below describes dRofus architecture and processes as they are implemented for most customers based on out SaaS solution but also for self hosted project some of the information will apply.
dRofus is a BIM software based on a client/server architecture. The program is made up of the following central components:
- Central database server
- Central report/document server
- Windows client program – dRofus
- Browser-based (web) application - dRofus web
- Model server for dRofus web (Catenda server)
- Web based adminstration tool for managing projects and users
We have currently 4 regions that hosts dRofus.
Amazone Web Services
|Norway, Oslo https://www.digiplex.com/|
Frankfurt region (only application hotsing - no data is stored here)
|US||Amazone Web Services||North Virginia and California regions https://aws.amazon.com/about-aws/global-infrastructure/|
|Canada||Amazone Web Services||Central region https://aws.amazon.com/canada/|
|APAC||Amazone Web Services||Sydney region https://aws.amazon.com/about-aws/global-infrastructure|
For information regarding physical security and security certifications, please use the providers above.
Client to server communication
Data between the dRofus client software and browser and server is always encrypted in transit. All communication uses TLS protocol or browser built int HTTPS/TLS.
All dRofus data is stored on a central server. The database system utilized by dRofus is supported versions of PostgreSQL, usually the last version. Data for different projects and clients are separated into different databases and separate access permissions are needed for each individual database. Each database is only accessible to the client or whoever they give access to. The access to the databases is wither controlled by dRofus authorized personnel or persons that are given administrative access.
Server access for technical and support personnel
Only dRofus authorized personnel have access to change the user rights on the database level. dRofus authorized support personnel have access to the customer servers for their region. In addition, central support personnel from the head office and dedicated technical personnel from the head office have access to all servers to be able to solve critical issues for the customers that cannot be solved by one office alone.
All logon to dRofus databases requires username and password. This information is encrypted during transit. When logging on through a browser, the user is issued a token during his session.
For those authorized to see this, It is possible to track who has been logged in to a database, thus knowing who has had access. It is possible to audit all object-related information that has been changed, thus enabling auditing of authorized changes to the database.
dRofus technical personnel are over-viewing and considering potential new security risks. New patches to all relevant database and operating systems software is updated immediately upon release.
Only a limited few of our technical personnel have server access rights across non-development servers. dRofus development servers are kept in a separate environment from the operational servers.
dRofus is built with mainstream technology from large commercial vendors, or supported open source software. dRofus software is developed using .Net technology from Microsoft and based upon a PostgreSQL database. Libraries from open sources are used in the development.