On-premises
Deployment options
Section titled “Deployment options”We offer two on-premises deployment options with different operation modes and responsibilities:
- On-premises
- News Innovativ GmbH manages the operating system level as well as all services and applications
- News Innovativ GmbH pushes maXzie updates to the customer’s VM/hardware
- Connectivity is established throught a VPN, provided by us or the customer
- On-premises (self-managed)
- maXzie updates can be pulled from a Docker container registry
- documentation is provided for provisioning and maintaining maXzie
- News Innovativ GmbH does not need access to the customer’s VM/hardware
Here is a comparison of the customer’s responsibilities:
| Operation | On-premises | On-premises (self-managed) |
|---|---|---|
| VM/hardware | x | x |
| Backups | x | x |
| OS installation | x | |
| OS updates | x | |
| Database installation | x | |
| Database updates | x | |
| Application installation | x | |
| Application updates | x | |
| TLS certificates | x |
Server systems and network integration
Section titled “Server systems and network integration”Architecture
Section titled “Architecture”The customer’s IT provides an x86-64 server for the application server and the database server. This server is accesible at the agreed address.
Virtual machine
Section titled “Virtual machine”Hardware
Section titled “Hardware”The application server for maXzie is required to have:
- OS: an x86 64-bit system, compatible with Linux / Debian 11
- RAM: a minimum amount of RAM of 8GiB
- CPU: one core per 150 users
- DISK: 40GB disk space
News Innovativ GmbH and a technician from the customer’s IT department will setup maXzie in a meeting. For this purpose, an ISO image is sent to the customer’s IT, which is used to install maXzie on the virtual machine provided.
Remote maintenance by News Innovativ GmbH
Section titled “Remote maintenance by News Innovativ GmbH”News Innovativ GmbH manages the operating system level as well as all services and applications operated therein within the server provided. For maintenance, configuration and support, News Innovativ GmbH requires remote maintenance access, which is automatically set up using the installation medium provided by News Innovativ GmbH.
In order for the remote maintenance connection to function, the server set up must be able to reach the News Innovativ GmbH data center at the IP address 20.218.98.4 using UDP on ports 6407 and 6409.
Operating system
Section titled “Operating system”The application server uses Debian. The customer’s IT provides this server as a virtual machine within the customer’s IT infrastructure and installs the operating system using the installation medium provided by News Innovativ GmbH as described in Setup. News Innovativ GmbH then takes over the administration of the operating system and all services used.
Maintenance
Section titled “Maintenance”Submission of bug reports
Section titled “Submission of bug reports”In the event of an error, the maXzie installation sends an error report via HTTPS to a server operated by News Innovativ GmbH. These bug reports do not contain any sensitive information.
Backup
Section titled “Backup”The customer’s IT provides the databases and virtual machines and is solely and fully responsible for backups of the virtual machines for the application servers and the databases.
OS Level Security Update
Section titled “OS Level Security Update”Security updates of all operating system components and all installed software are carried out regularly and promptly (usually daily) by News Innovativ GmbH.
Application Update
Section titled “Application Update”Updates to the maXzie application are carried out automatically on a regular basis (usually daily).
Major OS Update
Section titled “Major OS Update”An application release update can be accompanied by an update of the Debian operating system to a new major release no more than every two years. In some cases it may be necessary to reinstall the server system. In this case, the customer’s IT and News Innovativ GmbH work together to ensure a smooth process.
SSL Certificate Renewal
Section titled “SSL Certificate Renewal”In order to enable end users to access maXzie securely, suitable SSL certificates must be set up on the application server and renewed at certain times. Setup and renewal are carried out as follows:
- News Innovativ GmbH may generate a private cryptographic key on the application servers.
- News Innovativ GmbH generates a Certificate Signing Request (CSR) and sends the corresponding
csrfile to the customer’s IT - The customer’s IT creates an SSL certificate based on the CSR and sends it to News Innovativ GmbH.
- News Innovativ GmbH sets up the certificate on the application server.