1. Knowledge Base
  2. About Fleetwise PVBS

Data security

App service and data hosting

The PVBS web application and database are hosted on Microsoft Azure in their East Australia datacentre. This is provided as part of the Azure PaaS service.

Access controls

All endpoints (other than those required to download and run the login screen) require authentication.

PVBS supports both local users and externally authenticated users via integration with Azure AD. Local passwords are stored in the tenant’s database. These local passwords are salted and hashed. This prevents users with the same password having the same hashed password.

Database hosting and backup

Database backups use Azure read-access geo-redundant storage (RA-GRS) to provide geo-redundancy. All production sites are stored on discrete SQL Databases. By default, these have Point in Time Restore points enabled, which are created every 5 –10 minutes, and retained for 7 days.

A backup can be restored into a new SQL database, in the event of data destruction. The databases and backups are replicated in the paired Azure region, and will therefore be accessible even in the event that the primary Australia East Azure region is offline.

As the SQL Database backups are replicated across regions, in the event of a long-term outage at the primary region (Australia East), a second instance could be deployed to the Australia South East region, making use of a recently replicated backup.

Security measures

Azure defender for app service

 PVBS uses Azure Defender, which is natively integrated with App Service resources.

  • Microsoft Defender for App Service is a security service that assesses resources and generates security recommendations
  • It detects multiple types of threats by monitoring App Service instances, requests and responses, underlying App Service Plans, and internal logs.
  • It can identify attack methodologies that apply to multiple targets
  • It can detect ongoing attacks even if deployed after a web app has been exploited

More information is available here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-appservice-introduction

Antivirus

Each PVBS tenants’ application is running on an app service, which is in turn hosted on an Azure App Service Plan. The underlying app service plans are protected by Microsoft Antimalware for Azure.
More information about this is available here: https://learn.microsoft.com/enus/azure/security/fundamentals/antimalware

DDOS protection

Microsoft has measures in place to prevent DDOS attacks. By default, basic protection is enabled for all App Service resources.

Each PVBS instance is hosted on discrete sets of App Service and Database resources. This prevents an attacker attempting a DDOS attack on one PVBS instance from affecting another.

Event logging

Each PVBS instance is integrated with an Application Insights resource. This provides near real-time information on PVBS traffic, resource utilisation, availability and exceptions. 

Audit logging has been configured both at the SQL Server and Database level for production PVBS instances.

Several Metric Alerts have been configured for each PVBS instance. These are configured to alert support in the event that

  • CPU / Memory / DTU utilisation exceeds 80%, and again if it exceeds 95%
  • HTTP 500 exceptions occur (excluding known issues like token expiry)

uptime.com, which is a service outside of Azure is configured to:

  • Ping the PVBS sites at regular intervals, and send an alert is the request times out.
  • Check the SSL certificate is valid (an alert is sent when the cert is reasonably close to expiring)