English | Français

Association Management | Membership Management | Event Management | CMS

RallyCat - Technical Info

pagetitle
Share/Bookmark

What does your IT department need to know about RallyCat? 

Below are the key technical details of the RallyCat solution.

Software-as-a-service (SaaS) Solution

RallyCat is a "pay-as-you-go" or SaaS solution. It has a fixed feature set with upgrades rolled out on a quarterly basis. If the RallyCat feature set doesn't meet your association's needs, Exware offers RallyCat Premium (see Upgrade Path below)

Upgrade Path

If you outgrow the SaaS model, RallyCat Premium allows you to run your own stand-alone instance of the system.  Premium systems run on private databases, and can also be hosted on private servers, in our data centre or yours.  Premium systems can be highly customized to your organization's specific business rules.  The system is highly extensible through standard or purpose-built software plug-ins.

E-commerce & PCI Compliant

RallyCat clients can select from one of our e-commerce gateways (Authorize.net, PayPal, Beanstream, Moneris, Google Checkout). Credit Card information will not be stored nor even handled by the RallyCat system or servers. RallyCat servers are subject to a PCI compliance review before all e-commerce systems are enabled. The client shall be notified of compliance approval.

Support & Hosting

As a SaaS solution, RallyCat includes support & hosting in the monthly subscription fee. Support & Hosting includes:

  • Emergency IT support
  • RallyCat admin support
  • RallyCat upgrades
  • shared hosting
  • back-ups
  • web stats
  • email & web mail

Service Termination

RallyCat is a "pay-as-you-go" service. If you choose to terminate your service, we require 30-days written notification. Within 1 week, Exware will provide you with an Excel export of your membership data and HTML files.

Data Security & Privacy

No client data is ever shared with third parties or contractors. Only a limited number of RallyCat employees will have access.

Software Platform

RallyCat runs on the popular, secure, and stable LAMP platform (Linux, Apache, MySQL, Perl)

Server Security & Back-ups

  • No shell-level access to server, except by RallyCat staff, who can connect through encrypted sessions (ssh) only.
  • The only Internet services that can connect to the webservers are Web (http, https), Email (POP, SMTP), Domain Name Service (DNS), and Secure Shell (ssh). All other services are disallowed, including FTP.
  • SSL (https) is supported for secure websites. A generic secure website (secure.binarylock.com) is available for websites that do not have their own SSL certificates.
  • No PHP or untrusted 3rd-party applications are permitted on the webserver.
  • The servers are standardized on Ubuntu Linux LTS, and are protected by a Firewall as well as an intrusion prevention system.
  • Our servers are monitored 24/7 from two independent monitoring stations, with real-time alerts for RallyCat staff.
  • The servers monitor their own traffic to detect DOS (denial-of-service) attacks, and regulate access to web executables to prevent such attacks from consuming excessive system resources. For those sites under attack, this can result in occasional 404 errors (page not available) on some pages, but this situation will normally only persist for two or three minutes.
  • Servers are backed up daily. Backups are stored off site. Website owners can obtain copies of their own backups through the web administration panel.

Database Security

  • The database server is accessible only on a private subnet, not accessible from the Internet.
  • Web applications can only see their own private databases, not those of other sites.
  • No direct access to database, except by RallyCat staff.
  • Database access tools have additional security layers to control access to individual tables, rows, and columns.

Application Security

  • No sensitive financial data such as credit card numbers are handled or stored by your web applications. All credit card processing is outsourced to 3rd-party payment gateways.
  • Multiple levels of administrator access for web-based site management.

Physical Security

  • The servers are kept in a locked cage in a datacentre, which is protected by a mantrap with two locked doors requiring passkeys.
  • The building has 24/7 on-site security.

Privacy and Data Protection

Exware is a Canadian company with servers based on Canadian soil, and designs its systems to conform to Canadian privacy legislation.  That means your data is secure from snooping by foreign ISPs who must adhere to their local security laws.  Furthermore, Exware recommends Canadian payment gateways for all e-commerce transactions, which means sensitive financial information is similarly protected, and securely stored separately from your system data, keeping your liability to a minimum.


Schedule a Demo!

Indicates required field
Office use only:
    

© 2013Exware Solutions Inc. Site Map | Privacy Policy | Terms of Use | Contact Us