Table of content
uniFLOW Online system architecture
More information on our uniFLOW Online system architecture and protocols in use can be found here:
Microsoft Azure regional data centers
The Microsoft Azure data centers used by NT-ware are distributed globally, as listed below. Deploying uniFLOW Online to Microsoft Azure ensures we run on an incredibly robust, resilient, and scalable platform. By leveraging Microsoft Azure’s features, uniFLOW Online can be a fully elastic solution that scales to meet any customer’s demands. Cloud load balancing, automated scaling sets, and local/geo-redundant storage ensure your data is safe and always available.
| uniFLOW Online deployment | Azure region (primary region) | Azure region pair (secondary region) |
|---|---|---|
| Australia (AU) | Australia Southeast (Victoria) | Australia East (New South Wales) |
| Canada (CA) | Canada Central (Toronto) | Canada East (Quebec City) |
| Europe (EU) | West Europe (Amsterdam, Netherlands) | North Europe (Dublin, Ireland) |
| Japan (JP) | Japan East (Tokyo, Saitama) | Japan West (Osaka) |
| Singapore (SG) | Southeast Asia (Singapore) | East Asia (Hong Kong) |
| United Kingdom (UK) | UK South (London, England) | UK West (Cardiff, Wales) |
| United States (US) | East US (Virginia) | West US (California) |
Microsoft data center sites are strategically selected to minimize risk from factors such as floods, earthquakes, hurricanes, and other natural disasters. Microsoft strives to ensure a minimum distance of 300 miles (483 kilometers) between Microsoft Azure data centers. This geographic separation and careful site selection ensure that business-critical equipment is segregated from areas with a high probability of environmental risk events, thereby enhancing resilience and availability. Please see Datacenter environmental safeguards - Microsoft Service Assurance | Microsoft Learn for further information.
Data sovereignty and compliance – local data remains local
Each Microsoft Azure data center respects data sovereignty and complies by storing regional customer data within the region where it is collected. This data is then subject to the laws and regulations of that specific region.
Protecting and securing your data
Data in transit
Microsoft Azure data centers ensure maximum security by encrypting data in accordance with industry-standard protocols. TLS 1.2 protects data in transit between Microsoft cloud services, and TLS 1.2 is the minimum protocol for all uniFLOW Online deployments and the components involved in the solution. TLS 1.3 with Perfect Forward Secrecy (PFS) is used for Canon imageRUNNER and Canon imageFORCE devices and browser connections where supported.
An additional layer of encryption is provided at the infrastructure layer in Microsoft Azure data centers. Whenever Microsoft Azure customer traffic moves between data centers, such as in a Geo-Redundant Storage (GRS) Azure Storage Account scenario, a data-link-layer encryption method using the IEEE 802.1AE MAC Security Standards is applied point-to-point across the underlying network hardware. This prevents physical "man-in-the-middle" attacks or snooping/wiretapping.
Data at rest
All uniFLOW Online customer data at rest is stored in Azure Storage Accounts and is transparently encrypted and decrypted using 256-bit AES. Microsoft-managed keys are utilized for all uniFLOW Online deployments. Microsoft is responsible for encryption key storage, key control, and key rotation. Further information on Azure Storage: Azure Storage encryption for data at rest
Data redundancy
All customer data at rest is stored in Azure Storage Accounts. To maintain data availability and durability, Azure Storage accounts in every uniFLOW Online deployment are set up for Geo-Redundant Storage (GRS).
Data is stored in the primary Azure region of the uniFLOW Online deployment and is replicated three times using Locally Redundant Storage (LRS). LRS provides at least 99.999999999% durability for objects during a given year. In addition to the copies stored in the primary Azure region, three copies are stored in a paired Azure region; i.e., GRS provides all the features of LRS storage in the primary Azure region and secondary LRS storage in the paired Azure region. GRS offers 99.99999999999999% durability for storage resources over a given year.
Please look at the first drop-down of this page, "Microsoft Azure regional data centers", for Microsoft Azure primary and secondary regions for the uniFLOW Online deployments.
Further information on Azure Storage redundancy and cross-region replication in Azure.
Azure data center physical security and compliance
Conditions within Microsoft Azure data centers ensure safety and reliability. Each facility is designed to run 24/7, 365 days a year, and employs various measures to protect operations from power failure, physical intrusion, and network outages. The data centers comply with industry standards, such as ISO 27001, for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.
Further information on the physical security of Microsoft data centers and Microsoft compliance offerings.
Transparency – health and status monitoring
Keeping customers informed is a crucial part of the NT-ware Operations team’s management role. During any incident, the possible impact on our customers is analyzed, and a communication process is initiated. We communicate globally through our
Information as to how NT-ware Operations manages any incidents, from detection to closure, can be found on the NT-ware Operations page. NT-ware will also manage communication with our distribution channels to address local questions.
DNS and IP listing for firewall filtering
We recognize that some customers filter outbound web traffic to extend security measures to traffic leaving a network. For this reason, we publish the IP addresses of our global infrastructure. This can also be helpful if you need to add exclusions for specific proxy and packet-filtering technologies.
The required DNS and IP addresses for each uniFLOW Online deployment can be found here: