Here are some answers to some basic questions that you may have about your information as it’s stored in our network.
Who owns the data in the user group’s site?
Technically the data is owned by Denny Cherry & Associates Consulting (DCAC), as the information is stored in a server that is paid for by DCAC. That said, no one from DCAC is going to be looking at the data within the database unless asked to by the person who runs the user group. And then only for troubleshooting.
Is my information protected?
Yes, to the best of the abilities of WordPress to protect it (which is better than most Enterprise systems that your data is in).
Is SSL supported?
Yes, we use Let’s Encrypt to secure this website and it is set up to automatically refresh itself automatically before it expires using whatever domain names are configured on the Azure WebApp which is hosting this network of websites.
How are things like passwords stored in the database?
If it’s the WordPress password, that’s hashed. How that’s done is up to WordPress, but they are using a hash. If your user group leader has installed a plugin that stores usernames and passwords for something then it’s up to how that plugin was developed. You’d have to check with your user group leader, or the plugin’s developer (no we won’t look in the database to find out for you, see the first item above).
Can user group leaders install their own plugins and themes?
Sort of. Because we are using the WordPress “network” feature which allows us to host as many domains as we want on a single config we have to work within its limits. If a user group leader wants a specific plugin or theme installed we’ll happily do it for them as quickly as possible. We do reserve the right to say no if the theme or plugin is crap and will hurt the environment.
Are there plugins that are required?
Yes. They are mostly security-related. We have one to log out IP addresses that repeatedly cause problems logging in which is enabled on all sites. As is Akismet (SPAM protection), JetPack (stats), the ability to login with your username or email address (very handy), and SendGrid for sending emails in Azure. That’s it. There’s a bunch of plugins that are already installed which are available to the user group leaders as they configure their sites for whatever they’d like to use. If what they want isn’t installed they can request that it be installed and we’ll be happy to do it.
What’s the infrastructure behind the sites?
We’re all geeks, so here it is.
Everything is hosted in Windows Azure. The website portion is hosted within a WebApp (DCAC is a Gold Cloud Platform Partner so we’re pretty good at setting this stuff up). The database is hosted within the Azure SQL Database for MySQL service. The database is setup with Geo-Replication which is replicating the data from US Center (where the production database is) to West Europe for DR purposes.
As the requirements grow we’ll look at spreading the workload to sites in other regions. Which regions will depend on where the user groups we are hosting are based.
If we got a bunch in the EU for example we’d stretch our Website config to there. The same applies to Asia, India, and Australia. It just really depends on where the groups are that want to use the site.
How big can a user group get before you charge them?
We haven’t had a user group that large join our network yet. If it happens we’ll worry about it then.
What’s the SLA for the service?
The site and the database are configured for 99.95% uptime (you’ll notice that that’s the same SLA that Microsoft offers for Azure). As the system becomes more popular we’ll spread the workload across multiple sites so that’ll give us even higher availability. Our guarantee? If it goes down beyond that we’ll refund that month’s fees to the user group (this service is free for the user group). 🙂
Are backups taken?
Of course, they are. We’re DBAs. We back up the database daily and export the backup to another region (another city in the US) within Azure.
Can I use my own top-level domain name?
Yes, you can. Just contact us and we’ll get it set up on our side. You’ll need to make some DNS changes to your domain’s DNS to make this work. We just need to coordinate the changes to make it happen.