Infrastructure, security & privacy
Brief overview of the infrastructure used by the Apogee StoreFront and Asanti StoreFront web-to-print solutions
This technote describes how user account data as well as order-related data are handled within StoreFront. Print service providers who use Apogee StoreFront or Asanti StoreFront can use this information to inform their customers about the security, privacy, and confidentiality aspects of using the web-to-print service.
StoreFront is a hosted e-commerce service. The service is provided by Agfa who both develops the software and manages the servers that host the web-to-print stores. Agfa develops, produces, and distributes an extensive range of imaging systems and IT solutions, mainly for the printing industry and the healthcare sector. The company is commercially active worldwide through more than 40 wholly-owned sales organizations. It has production facilities around the world, with the largest production and research centers in Belgium, the United States, Germany, and China. Agfa is an Adobe Gold Partner and a Microsoft Gold Certified Partner.
The StoreFront service is hosted from two data centers located in Mortsel, Belgium – within physically separate Agfa facilities. Access to the Agfa premises is monitored by the company’s security services. Access to the data centers themselves is limited to authorized personnel only. The data centers are manned 24×365 and outfit with video surveillance equipment. Both facilities are protected against fire & water damage. Agfa has its own fire brigade. Two gas turbine driven generators guarantee independence from the public power grid.
The server environment consists of multiple HP servers that each handle specific tasks and assure scalability as well as redundancy. All subsystems run on a VMware vSphere virtualized platform. All data storage is on separate storage arrays. Database and order data are backed up hourly. Daily backups are used for all other data.
Security is an essential requirement of all e-commerce systems – both for the print service provider who offers the service and for the customer who uses it.
The customer’s data is compartmentalized and can only be accessed by users authorized by the customer. The secure HTTPS protocol is used for all the data exchange between users and the StoreFront servers. Only TLS 1.2 (and later) encryption is supported.
Depending on the requirements of the customer, the ordering process may involve online payment. Within Apogee StoreFront and Asanti StoreFront several payment gateway options are available. These services are typically PCI-DSS compliant and meet the industry’s highest security standards, with support for 3-D Secure and sophisticated anti-fraud management systems. Since all online transactions are fully handled by the payment gateway service, no credit card data are stored on the StoreFront servers.
For European users a separate technote is available documenting GDPR-compliancy.
Agfa may use tracking technology to monitor and analyze the traffic to the StoreFront service. This is done in order to improve the service and its performance. Such data are not accessible to print service providers.
Depending on the requirements of the customer a web-to-print storefront is either public or private.
- A publicly accessible storefront can be visited by anyone with internet access, without the need for identification. A user account only needs to be created when the first purchase is made. Such storefronts are also accessible by search bots that may index the content of the site and include its content in their search results. The print service provider can block indexing by defining the appropriate meta tags in the store setup.
- Access to private stores is limited to users who have an account and password. Users can only see their own account details and purchase history. They can change their password, which needs to contain at least 8 characters. The list of users can be managed by both the customer and the print service provider. A private storefront will not be indexed by search bots. It also isn’t accessible to site scrapers. User sessions are automatically closed after 60 minutes.
Agfa is committed to providing quality service. This is achieved by combining a state of the art hosting facility using top of the line hardware and components with a rigorous set of monitoring procedures.
The StoreFront system is mirrored in the two separate data centers that host the service. Each data center has redundant internet connections and a backup power supply. The status of the service is continuously monitored at the application level, operating system level, hardware level, and network level. Automated functional and benchmark tests are continuously run against the service.
Agfa strives to minimize the time during which the StoreFront service will be unavailable. Information about scheduled system updates that impact the availability of the StoreFront service is shared with the print service provider ahead of time through notifications posted in the StoreCenter web site and a newsletter they can subscribe to. A log documenting system availability is available on the Support page.