The SIMSAnywhere Server

  • Server OS: Windows Server 2012 (64-bit)
  • Application: SIMSAnywhere is an ASP.NET 4.0 application written in C#. JavaScript, jQuery and jQuery Mobile are also used heavily throughout the web appication.
  • Database: Microsoft SQL Server 2012 (SP1) Standard Edition (64-bit). Each customer's data are stored in a separate database.
  • Encryption: Data in transit are are encrypted using a 128-bit AES SSL connection. Identifiable data stored in the database are encrypted with 256-bit AES.
View Network Diagram

Our Datacenter

The SIMSAnywhere server is housed in a SSAE 16 certified datacenter. This certification recognizes that a datacenter has had an in-depth audit of its control activities conducted by an independent third-party auditor that includes a thorough review of all its controls over information technology and related processes. Passing a SSAE 16 audit demonstrates that adequate controls and safeguards have been established in hosting your data and IT infrastructure. The following are some of the measures in place to protect your data:

  • Security.  Access to our datacenter is protected 24 hours a day. In order to gain entry into the data center all guests must pass through two-factor authentication barriers. A proximity security badge is required for entry/exit on all datacenter doors in the facility. Shifts patrol the datacenter and facility area regularly, and motion-sensitive cameras throughout the facility track all datacenter activity.
  • Network monitoring.  State-of-the-art traffic profiling and anomaly detection capabilities are used to manage and secure networks, pinpoint and troubleshoot network attacks, monitor servers and applications, and analyze network security performance issues within the datacenter.
  • Firewall.  The SIMSAnywhere server is equipped with a firewall to block unnecessary ports, greatly increasing the security of the server.
  • Brute force detection.  The SIMSAnywhere server is equipped with a brute force detection engine to block attempts by hackers to gain user level access to your database.
  • Nightly security updates.  The SIMSAnywhere server is updated nightly with the latest security releases.

User Account Security and Authentication

  • Accounts can only be created and managed from within SIMS.  This means a malicious user would never be able to create, modify or remove a user account via the simsanywhere.com website.
  • Account permissions, including access to SIMSAnywhere, can only be granted by a SIMS administrator.
  • Accounts must have complex passwords.  Complex passwords make the odds of a successful brute-force password cracking attempt extremely unlikely. Password complexity requirements are as follows:
    • Passwords must be at least six characters in length.
    • Passwords must contain at least one character from three of the following four categories:
      • English uppercase characters (A through Z)
      • English lowercase characters (a through z)
      • Base 10 digits (0 through 9)
      • Non-alphabetic characters (for example, !, $, #, %)
  • Account lockouts.  Consecutive logon attempts that are unsuccessful due to an invalid password will cause a user’s account to be locked. This will occur upon the 4th consecutive failed attempt.
  • Shut-off switch.  You can disable simsanywhere.com access for all user accounts at once from within SIMS.

Browser Security

  • SSL requirement.  The SIMSAnywhere server requires a 128-bit Secure Sockets Layer (SSL) connection from your browser. This connection is made automatically by your browser, and ensures that any information transmitted between your browser and the server is encrypted. Non-SSL connections to simsanywhere.com are not possible.
  • Inactivity timeout.  You will be automatically logged out of simsanywhere.com after 20 minutes of inactivity.

SIMSAnywhere Synchronization Service (SASS) Security

  • SSL connection.  SASS uses a 128-bit SSL connection when transmitting and receiving data from the SIMSAnywhere server, ensuring all data are encrypted while in transit.
  • Administrator requirement.  In order to configure SASS to synchronize a database, the user name and password of a SIMS administrator account is required.

Frequently Asked Questions

  • What firewall technology is used?
    Windows Server Firewall with proprietary rule sets.
  • How do you keep up on security vulnerabilities, and what is the policy for applying security patches? 
    Our server management team is tasked with maintaining awareness of vulnerabilities that may affect our environment. Required updates are applied accordingly, and reboots done as necessary during off peak hours.
  • How do I unlock a locked SIMSAnywhere user account?
    User accounts must be unlocked from within SIMS:
    1. Select Tools/Security/Settings from the SIMS menu.
    2. Select the Users folder, and double-click the affected user account on the right.
    3. Select the SIMSAnywhere tab and click the Check online account status link.
    4. Answer “Yes” to the prompt to unlock the account.
    5. You may also want to reset the user’s password from the Security window, by right-clicking the user account and choosing “Set Password”.

Our Policy on Compliance Documents

We have attempted to provide any information above that might be required by your organization. In the event you require technical information that is not provided in this document, we will attempt to answer your specific questions to the extent possible. If your organization requires the completion of forms by FlanTech, you will be charged $75/hr for the completion of the forms, with a $75 minimum charge. New customers must pay the $75 minimum in advance of our completion of the documents.