Skip to Content

 Back to Index

Technical Documentation

ArchitectureMaintenanceVersioningAvailabilityPrivacy policyTerms and conditionsSecurityAuthenticationBackupsLoggingCORS Instructions

Architecture

6DPlanner is implemented on top of AWS (Amazon Web Services) cloud architecture and infrastructure. The servers and data are located in AWS data centers close to users, depending on user's region. 

The service is based on a modern "serverless" cloud architecture, where processes are started as needed in parallel, which theoretically enables unlimited scalability based to the usage needs. For example, importing hundreds of models are processed parallel, which is significantly faster than reading in one model after the other.

High performance en user experience on client devices has been implemented with unique intelligent multi-resolution object level web sreaming CesiumJS technology, which enables dynamic loading of data based on the viewer's location. This makes it possible to process theoretically infinitely large datasets even with light devices like mobile phones. The technilogy used is widely used, constantly developing and brings new features all the time, bringing much more end user benefits than any self-developed and maintained Web3D engines. CesiumJS is future proof technolgy backed by large global industry organizations and an open source community of thousands of users.

Maintenance

Service maintenance can only be done by a few known reliable named persons. Maintenance access is limited by IP whitelisting, meaning access can be done only from pre-defined IP addresses. All maintenance account authentication is using strong two-factor authentication (MFA), as well as strong password rules. This prevents access to the service very limited and highly secure. 

Maintenance hours are limited to least used service usage hours per region. For example in Europe the maintenance hours are 4:00 - 7:00 AM CET (Central European Time). 

Versioning

As the service is a cloud based SaaS service, all users are running the same latest version, and versions are updates to all users at same time. Service versikon updates are seamingless and transparent so that end users don't need to make any actions to start using the new version. There is no version specisif configurations and any data that needs updating between versions is done internally, automatic, without any end user action needs. 

Service version number can be found in the system menu under pressing the "6D" logo. 

Version specific information can be found in Release Notes

Availability

The service has been 99.9% available without security issues for several years. The biggest breaks in uptime are service maintenance updates, which causes an average of 1-2 hours downtime during maintenance hours, and only about 4-8 times a year.

Privacy policy

The link to service's latest Privacy policy can be found in service system menu by clicking "6D" logo and selecting "Privacy policy" link.


Terms and conditions

The link to service's latest Terms and conditions can be found in service system menu by clicking "6D" logo and selecting "Terms and conditions" link.

Security

The service security management has been implemented by following the best practices in the industry. The service is based on the highly secure and globally leading Amazon AWS cloud platform, which offers much better security than many smaller local operators can offer. The service immediately alerts about service disruptions and information security deviations, and automatically blocks most of the risks.

Following security practises have been implemented:

Protection against unauthorized access

Sata is protected from unauthorized access through strong authentication, access control mechanisms, and encryption.

Protection against accidental and intentional data leaks

Policies and procedures have been implemented to prevent accidental or intentional data breach. No data is made publicly available without end user actions. Only users with manager rights can share and publish data.

Data integrity and reliability

Accuracy, consistency and reliability of the data stored in the system is maintained by using validation, error checking and periodic audits. All data is stored in highly secure storage services and daabases, with automated backups.

Compliance with legal, regulatory, and contractual requirements

Security measures with applicable laws, regulations, contractual obligations, and compliance with standards has been implmeneted using industry best practices.

Data transfers

All data strasfers are using secure HTTPS conections. 

Data accessibility

Only authorized users can access data when needed. All data is accessible 27/7 except during the maintenance hours. Data redundancy, backups, and disaster recovery plans have been implemented to maximize accessibiliuty.

Continuous security monitoring

Security of the service is maintained and monitored both manually and with automated tools, such as the Amazon AWS platform and third-party security monitoring tools like:

  • Health monioring – monitors service performance and alerts you to service failures
  • Security audits - automated security reviews with notifications of update needs and security risks
  • Vulnerability scanning - automated vulnerability and accidental network exposure scanning
  • Security breach analysis - automated analysis for potential security breaches 
  • Security risk detection - AI/ML-based security risk detection tools
  • Security standards - Continuous security monitoring in relation to industry best practices and security standards like:
    • AWS Foundational Security Best Practices v1.0.0 (FSBP) – Developed by AWS and industry professionals, FSBP is a compilation of best practices for organizations regardless of sector or size.
    • Center for Internet Security (CIS) AWS Foundations Benchmark – Provides configuration guidelines for AWS resources.
    • National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 – Generally applies to federal agencies or organizations that work with federal agencies or federal information systems.
    • Payment Card Industry Data Security Standard (PCI DSS) – Applies to organizations that store, process, or transmit cardholder data.
    • AWS Resource Tagging Standard – Helps you keep track of tags that you apply to your AWS resources.
    • Service-Managed Standard: AWS Control Tower – Applies to users of Security Hub and AWS Control Tower who want to enable proactive and detective controls.
  • DDoS attack protection -  protection against common network and transport layer DDoS attacks, blocking of bot attacks and service overload attacks
  • Virus scanners - scan all data files for potential viruses to block any further spreading of viruses in uploaded files

Security updates

Service operating systems and sub-services are maintained on the latest versions based on security fixes. Service maintenance team follows each service's security newsletters, and update the services when seen necessary to maintain service high security. 

Security issue detection

Service interruptions, overloads and data security incidents are automatically alerted by the above-mentioned services, or if the anomaly is detected by the service itself.

Security issue corrections

If an issue is detected in the service, the maintenance team process is as follows:

  1. Identify and acknowledge the exception
  2. Report the exception to security responsible persons and IT department
  3. Investigate the issues and assess its severity
  4. Assess the impact of the event on relevant services
  5. Immediately notify the affected organisations about: 
    1. What period of time the issue occurred
    2. Which users have been affected by the issue
    3. Which projects have been affected by the issue
    4. What data have been affected by the issue
  7. Find out the root cause and make corrective action; The ssue will be corrected immediately, primarily so that the use of the service is not interrupted. Possible measures include:
    1. Block the issue source from accessing the service any more, for example freezing the user account, blocking the IP address
    2. Restore potentially corrupted data from backups
    3. Restart the service if needed (causes a service interruption of about 5 minutes)
    4. In extreme cases, restoring the entire service from backups
  9. Prepare a report and document the corrective actions
  10. Archieve proper documentation of the issue and conrrective measures

Authentication

The service follows strong password policies for end user authentication security. 

SSO authentication has been implemented using the OAuth standard, which enables the integration of new authentication sources into the system. Authentication with corporate accounts have been implemented for Microsoft Azure AD accounts.

The user management is based on an idea of unlimited number of users per organization or project. Organization administrators can manage their users, projects and access by themselves immediately, without any need to wait for support from 6DPlanner. Project users are managed by the project administrators. Both can invite users to join an organization or project without restrictions, meaning users can be anyone, from any organization.

Backups

End user data and system backups are implemented on several different levels:

  • Daily backup of the entire service – can restore the situation of the previous day
  • Revision history of uploaded data – can restore the previous version of a single data source

Backups are tested periodically to confirm potential data restore workflows.

Logging

The 6DPlanner logging system is based on Amazon AWS infrastructure monitoring and the application's own monitoring. The log data is stored in a database on a separate servers from the main service. 

Organization and project administrators can view, search and filter the log data based on their access rights. The organization administrator can view all organization logs, the project administrator can view all project logs, etc. Log tools can be found under Organization Management and Project Settings tools.

Log data to be stored

In general, all user actions are recorded in logs to track what the user has done, where, and when. Things that are logged include:

  • User sign-in (successful and failed)
  • Add, edit, view, and delete users
  • Add, edit, view, and delete projects
  • Add, edit, view, and delete data
  • Add, edit, view, and delete content in tools
  • Log views

Each log items contain:

  • Times and duration
  • Action method (read, write, ...) and result (success, fail, ...)
  • Organization
  • Project
  • User
  • User's IP address
  • Action details like user id, target object id, action name, and other action specific information

More log items and information elements can be added according to customer requirements.

CORS Instructions

6DPlanner uses external data sources like 3DTiles from 3rd party servers. These servers or links need to be configured to allow CORS access for all *.6dplanner.com web domains.