Here are some answers to some basic questions that you may have about your information as it’s stored in our network.
Who owns the data in the user groups site?
Technically the data is owned by Denny Cherry & Associates Consulting (DCAC), as the information is stored in a server which is paid for by DCAC. That said, no one from DCAC is going to be looking at the data within the database unless asked to by the person who runs the user group. And then only for troubleshooting.
Is my information protected?
Yes, to the best of the abilities of WordPress to protect it (which is better than most Enterprise systems that your data is in).
Is SSL Supported?
Yes, we paid a small fortune for a wildcard SSL certificate to over all possible subdomains. We have installed plugins which force anyone who is logged into the site to use SSL, which includes the login page automatically taking you to an SSL version of the page. The is done to ensure that you are protected online.
How are things like passwords stored in the database?
If it’s the WordPress password, that’s hashed. How that’s done is up to WordPress, but they are using a hash. If your user group leader has installed a plugin that stores usernames and passwords for something then it’s up to how that plugin was developed. You’d have to check with your user group leader, or the plugins developer (no we won’t look in the database to find out for you, see the first item above).
Can user group leaders install their own plugins and themes?
Sort of. Because we are using the WordPress “network” feature which allows us to host as many domains as we want on a single config we have to work within its limits. If a user group leader wants a specific plugin or theme installed we’ll happy do it for them as quickly as possible. We do reserve the right to say no if the theme or plugin is crap and will hurt the environment.
Are there plugins which are required?
Yes. They are mostly security related. We have one to log out IP addresses that repeatedly cause problems logging in which is enabled on all sites. As is Akismet (SPAM protection), JetPack (stats), the ability to login with your username or email address (very handy), and SMTP (which configures SMTP to work in Azure). That’s it. There’s a bunch of plugins which are already installed which are available to the user group leaders as they configure their sites for whatever they’d like to use. If what they want isn’t installed they can request that it be installed and we’ll be happy to do it.
What’s the infrastructure behind the sites?
We’re all geeks, so here it is. Everything is hosted in Windows Azure. The website portion is hosted within a couple (we’ll scale this out as needed) of Azure VMs (DCAC is a Gold Cloud Platform Partner so we’re pretty good at setting this stuff up). The database is hosted within two Linux VMs (which have no holes in the firewall from the Internet) which are setup in a Replication pair so that the data is always available. That’s pretty much it. The Databases are on pretty small VMs, because we don’t need that much CPU power. The website is also setup on small VMs in the central US. As the requirements grow we’ll look at spreading the workload to sites in other regions. Which regions will depend on where the user groups we are hosting are based. If we got a bunch in the EU for example we’d stretch our MySQL config to servers there and setup a web farm in the EU as well for both DR and regional performance. The same applies for Asia, India, and Australia. It just really depends on where the groups are that want to use the site.
How big can a user group get before you charge them?
We haven’t had a user group that large join our network yet. If it happens we’ll worry about it them.
What’s the SLA for the service?
The site and the database are configured for 99.95% up time (you’ll notice that that’s the same SLA that Microsoft offers for Azure). As the system becomes more popular we’ll spread the workload across multiple sites so that’ll give us even higher availability. Our guarantee? If it goes down beyond that we’ll refund that months fees to the user group (this service is free for the user group). 🙂
Are backups taken?
Of course they are. We’re DBAs. We backup the database daily and export the backup to another region (another city in the US) within Azure.
Can I use my own top level domain name?
Yes you can. Just contact us and we’ll get it setup on our side. You’ll need to make some DNS changes to your domain’s DNS to make this work. We just need to coordinate the changes to make it happen.