Cloud infrastructure

Hosting provider AWS

General Cloud hosting architecture

We use Amazon Web Services (AWS) as a cloud service provider and its highly available data center facilities in multiple regions worldwide. Each AWS region is a separate geographical location with multiple, isolated, and physically-separated groups of data centers known as Availability Zones (AZs).

We utilize AWS compute, storage, network, and data services to develop our products and platform components. This allows us to take advantage of the redundancy capabilities provided by AWS, including availability zones and regions.

Availability zones

Each availability zone is intentionally isolated from failures in other zones. It also ensures cost-effective, low-latency network connectivity to other AZs within the same region. This multi-zone high availability serves as the primary defense against geographic and environmental risks, enabling services in multi-AZ deployments to withstand AZ failure.

Jira and Confluence utilize the multi-AZ deployment mode for Amazon RDS (Amazon Relational Database Service). In this deployment, Amazon RDS sets up and maintains a synchronous standby replica in a different AZ within the same region to offer redundancy and failover capability. The AZ failover process is automated and typically completes within 60-120 seconds, allowing database operations to quickly resume without requiring administrative intervention.

Data location

Our main region is AWS eu-central-1 in Frankfurt, Germany.

We plan to add more regions later this year. You’ll find more information about the available regions and the scope in our data residency concept.

Data backups

Specifically referring to you and your application data, we use the snapshot feature of Amazon RDS (Relational database service) to create automated daily backups of each RDS instance.

Amazon RDS snapshots are retained for 30 days with support for point-in time recovery and are encrypted using AES-256 encryption. Backup data is not stored offsite but is replicated to multiple data centers within a particular AWS region. We also perform quarterly testing of our backups.

Data center security

AWS maintains multiple certifications for the protection of their data centers. These certifications address physical and environmental security, system availability, network and IP backbone access, customer provisioning and problem management. Access to the data centers is limited to authorized personnel only, as verified by biometric identity verification measures. Physical security measures include: on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.

 

yasoon Cloud platform architecture

Multi-Tenant Isolation

While our customers share a common cloud-based infrastructure when using our cloud products, we have measures in place to ensure they are logically separated so that the actions of one customer cannot compromise the data or service of other customers.

Change Management

While actively embracing a DevOps culture, we maintain highly restricted access to the Cloud infrastructure. Developers are limited to read-only access. The infrastructure is scripted using AWS CDK, and all modifications undergo thorough review and comparison with policies to ensure compliance.

Updates and deployments

The backend Cloud services are updated every morning 9 am CET or as needed with zero downtime.

The user interfaces have mutiple update channels: fast and stable

By default, small customer instances are automatically assigned to the fast update channel that do get updates first. With a week delay, the changes will then get deployed for the stable update channel

Â