Author: Eric Vasbinder
ERPs Applicable:
Vista
ProContractor
Spectrum - See Spectrum specific section
Backups Across Multiple Datacenters and Availability Regions
Another, powerful part of our backup strategy is that we leverage multiple datacenters and availability regions in Microsoft Azure, a world-class datacenter provider with operations throughout North America and Australia. Ergo, at any one point in time your data will be backed up in our hardened business continuity infrastructure in three Azure datacenters within the same region, known as Zone Redundant Storage (ZRS).
In addition, we have detailed processes and capabilities provided by Microsoft within Azure to allow us to recover even from worst-case scenarios (e.g. asteroid hitting the datacenter). For example, as mentioned above, data is replicated amongst multiple datacenters in the same region. In addition, due to the distributed nature of Azure blob storage, additional recovery options are available in the event that an entire region in Azure goes offline for any reason.
Isolated Backups from Production Network Group
Critically, all backups are isolated from the enterprise network where a customer's Viewpoint products operate, stored in a separate Azure blob storage container. This provides another layer of cyber defense versus the determined threat actors of today. As such, customer backups are isolated and located in separate Azure blob storage containers from those used by day-to-day operations.
Immutable Backup Solution In Use
As a related item, backups of customer data in our cloud are stored using an immutable backup solution, ensuring that accidental situations or nefarious intent do not remove those backups.
Annual Business Continuity (Disaster Recovery) Testing and Evaluations
Viewpoint performs an annual disaster recovery process test and evaluation as part of our annual SOC 2 Type 2 (SOC 2/2) certification renewal.
One of the most mission-critical areas of business operations is ERP: if your financial data and operations is impacted, your ability to do business is almost immediately impacted. To alleviate these concerns, Viewpoint has designed our ERP Cloud to provide a solid, stable foundation that not only adheres to, but goes beyond industry best practices for business continuity.
Frequent Backups
The following mechanisms are used to back up your data:
Every hour: Database transaction log backups
5 and 15 min DB transaction log backups are under consideration
Daily: SQL Database differential backups AND Full Disk snapshots (Monday through Friday) created for operational disks in each customer's single tenant environment
35 Days: We store 35 daily disk snapshots on a rotating basis
The following mechanisms are used to back up your data:
Every 30 minutes: Database transaction log backups
See here for RPO / RTO Information
Daily: Full Disk snapshots (Monday through Friday) created for operational disks in each customer's single tenant environment
35 Days: We store 35 daily disk snapshots on a rotating basis
Spectrum data is backed up today into either East, West, or Canada Azure zones and the containers used have Zone Redundant Storage (ZRS), similar to Vista ERP containers.
Oftentimes customers will, to satisfy internal or external compliance requirements, need to have the ability to obtain regular backups of their cloud databases for Vista, Vista Web, and various reporting solutions. To that end we have a couple of options that can be used to provide access to backups of your cloud environment:
Option A - Automated Backups to Azure Blob Storage Container (Highly Preferred)
Option B - Manual SQL File Database Backups through SSMS and IPSEC VPN or TLS Database Endpoint (TLS VPN)
With this method, our team takes a static, public IP address from the customer's IT and then pre-approves (i.e. whitelists) it for access to SQL backups. Once that is complete, your IT will be provided with connection string to use in Azure Storage Explorer. You can then use that connection string to connect to the blob container from any machine behind that pre-approved IP. You will then be able to download the backups at your leisure.
Here are the steps for this option in order:
Customer IT: Submit cloud engineering support case with the IP address that you would like to be pre-approved for access to your cloud backups.
Trimble Viewpoint: Whitelist IP address sent in case and provide connection string needed to connect to Azure Storage container for backups.
Customer: Install Azure Storage Explorer on a local machine behind the whitelisted IP. This FAQ article has details on Storage Explorer which might be helpful here: Uploading Data Into The Cloud with Azure Storage Explorer
Customer: Use the connection string to connect to the blob storage container and then download the .BAK file backups at your convenience.
With this method, you can use an already existing TLS Database Endpoint (TLS VPN) or IPSEC VPN connection to connect to Vista's database server. You will need to have a pure SQL authentication account already set up as per this cloud FAQ: https://sites.google.com/trimble.com/vista-cloud-faq/home/integration-technology/creating-sql-accounts
Once you have connected to the server over SSMS, you can choose a location on to which you'd like to have the backups stored. Note, these backups will be tables and data as .SQL files (use option "A" for full .BAK file backups). This also allows for automated backups from external scheduled jobs. Customers also have full access to the Vista database, including custom stored procedures, UD tables, etc. In order to do this, you will need to have an IPSEC VPN (or our new TLS Whitelist Database link) stood up between your network and Vista in our cloud. Once that is done, you will have full access to the Vista database tables, as well as the databases of associated components like our HR Portal, Financial Controls, and Field Management, just as you did on premise.
REMINDER
As customers do not have full admin (SA) rights to databases in our cloud, you will be unable to use SSMS to backup full databases in Option B above: with DBO access, you can access and export your data using SSMS over the IPSEC VPN as mentioned above. However, full SQL server database file backups (.BAK) cannot be obtained using this method.
To obtain full .BAK file backups of your Vista, PCC, or Spectrum records and Attachments DBs, please use Option A, detailed above.
Given all of the above, with Viewpoint's Cloud, our customers can rest assured knowing that risks are minimized and that their data is highly available.
changelog
Friday, 15 November 2024 at 11:16AM:
Moved ERPs Applicable section to be above TOC.
Monday, 20 May 2024 at 01:29PM:
Significant refactoring to call out the logic of some items being applicable to all ERP clouds and some specific to each type of ERP. Also detailed backup access steps in much more detail.
Wednesday, 10 April 2024 at 10:56AM:
Updated Spectrum section to show that we have upgraded the transaction log backups to be every 30 minutes instead of once every two hours, improving RPO. In addition, Spectrum cloud backups are now stored with ZRS on, improving resiliency for Spectum customers.
Thursday, 08 February 2024 at 12:22AM:
Updated to have separate section for Spectrum ERP data and included the addition of SQL differential backups for Vista and PC ERPs.
Wednesday, 31 January 2024 at 10:51PM:
Clarified the extent of data that can be backed up using SSMS over the IPSEC VPN and added information on how to obtain full .BAK backups using Azure Storage Explorer.
Friday, 19 January 2024 at 03:11PM:
Called out that we use an immutable backup solution.
Tuesday, 02 May 2023 at 10:56AM:
added reference to blob storage for backups and Microsoft tools for recovery in the event of massive natural disaster.
Thursday, 13 April 2023 at 11:44AM:
Changed the VM references to be more specific to "disk" snapshots.
Tuesday, 26 April 2022 at 08:03AM
Small grammatical changes (removed too many "in addition" phrases). In addition, called out how critical it is that we back up customer data to a separate, isolated blob storage from operations.
Tuesday, 07 December 2021 at 10:19PM
included information about separate and segmented storage for backups
Monday, 01 November 2021 at 08:03AM
Included reference to TLS Database Endpoint (TLS VPN)