Technical overview

Industry leading security.

Innovation that doesn't compromise: our digital recognition software, redefining security for seamless and trusted experiences.

tenancy

Our Technology

Dedication to performance and security is one of the foundational principles of Rocket Alumni Solutions. That's why we've designed our software and infrastructure to follow industry-leading standards in security and availability from day one.

account_tree

Infrastructure

Rocket Alumni Solutions’ infrastructure runs exclusively on AWS. Rocket Alumni Solutions’ workloads are only hosted in the US on data centers that are SOC 2 and ISO 27001 certified. Using AWS ensures the physical and network security of Rocket Alumni Solutions servers and guarantees our hardware and software are always updated with the latest patches. 

horizontal_split

Tech Stack

We use Cloudfront as our CDN for distributing our static assets including our website, which is built using VueJS. Our API is written in NodeJS and runs as Docker containers on ECS for maximum redundancy, flexibility and scalability.

public

Networking

Rocket Alumni Solutions’ deployment is spread across multiple availability zones to ensure uptime. All compute resources and databases exist within private subnets unreachable from the internet. Dedicated networking is configured between API workloads and database clusters to minimize the amount of traffic traveling over the internet. All access to the private subnet is via an application load balancer. All requests to the load balancer require HTTPS. All unencrypted (HTTP) requests are rejected.

save

Data Storage

MongoDB is our database of choice. Our clusters run as replica sets that are distributed across three availability zones to provide maximum redundancy and availability. All data is encrypted at rest and in transit over the internet. Our databases are backed up multiple times a day with dynamic retention windows to ensure maximum historical coverage. Additionally, one backup is exported daily to an S3 bucket using the write once, read many (WORM) model where it is retained for 30 days. This model helps protect against possible ransomware scenarios.

encrypted

Authentication

Rocket Alumni Solutions uses Auth0 (an Okta company) to provide authentication services and user management. Auth0 is the industry leader in authentication and allows single-sign on (coming soon) with multi factor authentication and password policy enforcement. When accessing integrated data sources Rocket Alumni Solutions respects the RBAC of the user accessing that data.

sync_lock

Secure Development

We are committed to best practices for secure software development. Infrastructure is deployed as code using the Amazon CDK. This enables us to cleanly separate encrypted secrets from the source code and to audit infrastructure changes as we would code changes.

vital_signs

Monitoring

Application and infrastructure logging is centralized in AWS and ingested by Datadog to alert and detect anomalous usage. Audit logs are stored for analysis.

deployed_code

Deployment

Integration tests and deployments are automated via Github. You cannot push to the mainbranch directly and all PRs must be reviewed and improved before any code is allowed to enter the CI/CD pipeline. This means no single user can push new code and there's a clear audit trail for all changes. Our source code and dependencies are automatically scanned for security vulnerabilities on commit by Snyk.

verified_user

Verification

Rocket Alumni Solutions performs regular in house assessments and penetration tests. 

It's time to go digital

Our interactive touchscreen technology makes it easy to build a museum-quality touchscreen awards display – rendering awards plaques, overstuffed trophy cases and record boards obsolete.

Turn old plaques into a modern digital touchscreen wall of honor