About Fleetwise PVBS
      Back to home
      1. Knowledge Base
      2. About Fleetwise PVBS

      Data security

      App service and data hosting

      The PVBS web application and database are hosted on Microsoft Azure in their East Australia datacentre. This is provided as part of the Azure PaaS service.

      Access controls

      All endpoints (other than those required to download and run the login screen) require authentication.

      PVBS supports both local users and externally authenticated users via integration with Azure AD. Local passwords are stored in the tenant’s database. These local passwords are salted and hashed. This prevents users with the same password having the same hashed password.

      Database hosting and backup

      Database backups use Azure read-access geo-redundant storage (RA-GRS) to provide geo-redundancy. All production sites are stored on discrete SQL Databases. By default, these have Point in Time Restore points enabled, which are created every 5 –10 minutes, and retained for 7 days.

      A backup can be restored into a new SQL database, in the event of data destruction. The databases and backups are replicated in the paired Azure region, and will therefore be accessible even in the event that the primary Australia East Azure region is offline.

      As the SQL Database backups are replicated across regions, in the event of a long-term outage at the primary region (Australia East), a second instance could be deployed to the Australia South East region, making use of a recently replicated backup.

      Security measures

      Azure defender for app service

       PVBS uses Azure Defender, which is natively integrated with App Service resources.

      • Microsoft Defender for App Service is a security service that assesses resources and generates security recommendations
      • It detects multiple types of threats by monitoring App Service instances, requests and responses, underlying App Service Plans, and internal logs.
      • It can identify attack methodologies that apply to multiple targets
      • It can detect ongoing attacks even if deployed after a web app has been exploited

      More information is available here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-appservice-introduction

      Antivirus

      Each PVBS tenants’ application is running on an app service, which is in turn hosted on an Azure App Service Plan. The underlying app service plans are protected by Microsoft Antimalware for Azure.
      More information about this is available here: https://learn.microsoft.com/enus/azure/security/fundamentals/antimalware

      DDOS protection

      Microsoft has measures in place to prevent DDOS attacks. By default, basic protection is enabled for all App Service resources.

      Each PVBS instance is hosted on discrete sets of App Service and Database resources. This prevents an attacker attempting a DDOS attack on one PVBS instance from affecting another.

      Event logging

      Each PVBS instance is integrated with an Application Insights resource. This provides near real-time information on PVBS traffic, resource utilisation, availability and exceptions. 

      Audit logging has been configured both at the SQL Server and Database level for production PVBS instances.

      Several Metric Alerts have been configured for each PVBS instance. These are configured to alert support in the event that

      • CPU / Memory / DTU utilisation exceeds 80%, and again if it exceeds 95%
      • HTTP 500 exceptions occur (excluding known issues like token expiry)

      uptime.com, which is a service outside of Azure is configured to:

      • Ping the PVBS sites at regular intervals, and send an alert is the request times out.
      • Check the SSL certificate is valid (an alert is sent when the cert is reasonably close to expiring)