Cloud Services on OutSystems 10

Already upgraded to OutSystems 11? See Cloud Services on OutSystems 11 instead.

OutSystems Cloud provides services that enables customers to develop, test, deploy, and run mobile and web applications using OutSystems, without having to worry about dealing with the administrative aspects of the platform technology. Applications built and deployed by customers are hosted directly within OutSystems Cloud infrastructure..

OutSystems Cloud benefits different types of user profiles:

  • Developers log into the OutSystems Cloud from their developer environment, to publish and test OutSystems applications;

  • SysOps log into the OutSystems web administration consoles, to configure and stage applications across environments;

  • End users access OutSystems applications that have been deployed to the Production environment;

  • Other systems use the APIs published by Outsystems applications.

Administration of the technology stack


The OutSystems team takes care of the administration of the technology stack (database, operating system, application server, and network), using heavily automated operating procedures and standards for infrastructure configuration. Both are essential to guarantee the core advantages of the OutSystems Cloud, such as monthly Availability above 99.9% for the production environment and a great support and upgrade experience.

OutSystems Cloud customers rely on the OutSystems team for the administration of the technology stack, and cannot maintain, configure, or access the technology stack themselves.

Because of the standardized approach taken by OutSystems Cloud, there is no option to request custom configurations of the technology stack.

The purpose of this article is to describe the portfolio of services included with the OutSystems Cloud offering.

Customer responsibilities


OutSystems Cloud is a highly convenient service that removes the majority of administrative tasks that would otherwise be the responsibility of the customer. However, customers are still responsible for certain tasks, including the following:

  • Developing applications, monitoring their performance, and tuning them, if needed, to meet performance and scalability requirements;

  • During an OutSystems version upgrade, modifying and testing the OutSystems applications to handle breaking changes, if they exist;

  • Plan OutSystems version upgrades, respecting the OutSystems version support policy.

  • Estimating the evolution of the application workload, and planning the associated hardware capacity and budget;

  • Ensuring application-level security, including penetration testing (if needed);

  • Managing the DNS records for their domain, and pointing them to the OutSystems Cloud servers;

  • Explicitly authorize the users who can request infrastructure changes to OutSystems, using the OutSystems Support Portal.

Services included in OutSystems Cloud


This section describes the services included in the OutSystems Cloud Enterprise Edition:

  • Provisioning
  • Scalability
  • Data Protection
  • Monitoring and High availability
  • Proactive Maintenance
  • OutSystems Software Updates
  • Manage OutSystems Environments
  • Connectivity
  • Database as a Service (Direct Database Access)
  • Manage Security
  • Teardown

For each service there is an indication of how the service is delivered, according to the legend below:

This service is delivered in self-service mode. Customer activates the service directly in OutSystems LifeTime.

Delivery of this service requires direct assistance from OutSystems Support. Customer requests activation by contacting Support.

The time between the request of service activation and delivery of service by OutSystems.

Delivery of this service requires downtime. The downtime period is scheduled between OutSystems and the customer.
Duration of downtime is indicated for SA (standard availability) and for HA (high availability) environments, where applicable.

Delivery of this service can be scheduled outside of customer business hours.
Only applies to service requiring direct assistance from OutSystems Support.

Provisioning


When a customer subscribes to the OutSystems Cloud, OutSystems will provision, install, and configure an OutSystems infrastructure in the cloud, with the number and type of environments selected by the customer.

OutSystems allocates dedicated infrastructure for each customer: virtual servers, storage, networking, operating systems, databases, and OutSystems software.

The OutSystems infrastructure is deployed on the stack selected by the customer, according to the following available combinations:

Operating System

Database

Windows Server 2012 R2 Standard Edition

MS SQL Server 2012 Standard Edition

Oracle 11 Standard Edition One

The OutSystems infrastructure is deployed in the Region selected by the customer, among the following options:

  • In Asia Pacific: Sydney, Singapore, and Tokyo

  • In Europe/Middle East/Africa: Ireland, Frankfurt, and London

  • In the Americas: United States (Northern Virginia and Oregon), and Canada

Optionally, customers can explicitly request encryption of data-at-rest in the production database. When encryption of data-at-rest is activated, database backups are also encrypted.

How it works


2 business days

OutSystems provisions the infrastructure following a Purchase Order. When completed, OutSystems communicates the cloud access points and credentials to the customer.

OutSystems assigns a DNS name in the *.outsystemsenterprise.com domain to each of the environments and configures a matching valid SSL certificate, to enable immediate start. The SSL certificate authenticates the OutSystems web servers in the cloud, enabling secure communication with end-user browsers on the internet.

Customers with their own SSL certificates will need to upload these and change the hostname.

OutSystems creates a Virtual Private Cloud (VPC) for every customer and one Elastic Load Balancer per environment.

The Elastic Load Balancer hosts the SSL certificate and routes inbound internet traffic to the front-end server(s). The Inbound internet traffic is allowed on ports 80 and 443. Additional ports are accessible to the OutSystems support team only, to support troubleshooting activities: RDP and database connection.

Customers can request encryption of data-at-rest of the production database in their initial Purchase Order. Customers may also request encryption of an existing production database at a later date - check the Manage Security section in this document.

Scalability


To meet anticipated application demand, customers can add the following resources to their dedicated OutSystems Cloud infrastructure:

  • Horizontal scalability - additional servers

  • Vertical scalability - scale up existing servers

  • Add storage.

Horizontal scalability - additional servers

60 to 90 minutes

Using OutSystems Lifetime, customers can scale infrastructure horizontally by adding a new front-end server to their OutSystems production environment, in self-service. The new front-end server is created and added to the load balancer automatically and will be available immediately after provisioning ends.

Additional front-end servers are available for Enterprise and Universal subscription levels. Additional front-end servers are a chargeable add-on, and OutSystems will start the corresponding billing process.

All front-end servers in a production environment are provisioned with same hardware specifications. If you previously upgraded the front-end server class , new front-ends will be provisioned with the upgraded server class.

Vertical scalability - scale up existing servers

5 business days  

To scale-up front-end servers or databases vertically, customers submit a new Purchase Order. OutSystems will then propose a schedule for the upgrade, subject to customer confirmation.

For environments with only 1 front-end, the front-end scale-up operation causes a downtime of approximately 30 minutes.
For production environments with 2 or more front-ends, the front-end scale-up causes a reduction of processing capacity, but there is no downtime. All front-ends are scaled up to the same server class.
The scale-up of a database causes a downtime of approximately 30 minutes.

For server upgrade options, check this article .

Add storage

less than 48 hours

Customers can request an increase of their database storage space in OutSystems Lifetime. Customers can purchase additional storage in 50 GB chunks, up to 3TB.

Additional database storage is a chargeable add-on, and OutSystems will start the corresponding billing process.

Data Protection


With OutSystems Cloud, automatic backups of the production environment database run daily and are maintained for 15 days . OutSystems Cloud databases can be restored from existing backups (automatic or ad-hoc), or to a specific point-in-time in the last 15 days. In addition, it is possible to create temporary files for storage in the front-end.

How it works


Daily backups of the production database are executed automatically, with no downtime. Backups are stored in multiple data centers within the same AWS Region of the OutSystems environment. To further minimize performance impact, the backups are executed between midnight and 2 AM, in the time zone of the AWS Region of the environment.

less than 24 hours (depends on data volume)

Customers can request the restore of the database to any point in time in the last 15 days. OutSystems restores the database to a prior point in time and, once the restore operation is complete, redirects the OutSystems environment to the new database and informs the customer that the operation was completed successfully.

Customers using direct database access will have to update their configurations to use the new database IP address.

OutSystems will make the previous database available for direct database access by the customer for 15 days.

The restore operation may take several hours and, once complete, there’s a period of downtime of about 15 minutes. If the restore is due to unexpected errors, you may request that the current database be immediately put offline - in which case the downtime will last for the whole duration of the restore. During this downtime, neither the old or the restored database are available. Any data written to the current database after the restore is started will be available only via direct database access.

As an exception, after an OutSystems major version upgrade, customers cannot restore backups to a point in time prior to the upgrade.

There is occasionally the need to create temporary files in the front-end storage, for example, if you need to generate a PDF file temporarily in order for it be downloaded by the user. This can be accomplished using the Filesystem extension. Your apps can write temporary files to a specific folder ( D:\User\). The temporary folder's capacity is 2 GB.

Temporary files in the front-end storage are removed periodically by OutSystems.

Monitoring and High Availability


OutSystems Cloud infrastructures are monitored 24/7 for critical health indicators, such as response times from sample OutSystems web pages. OutSystems Cloud includes automatic self-healing and alarms to the OutSystems Technical Support team.

Customers monitor their own applications performance, audit logs and database capacity directly in the OutSystems self-service administration console applications (Lifetime and Service Center).

The following high availability options are also available as part of the OutSystems Cloud offering:

  • High availability for the front-end server

  • High availability for the database server

  • Geographically distributed data centers (within the region selected by the customer), with automatic load balancing

In the event of a disaster, OutSystems Cloud is designed to recover any customer infrastructure from the stored backups.

How it works


OutSystems monitors 24/7 the essential health indicators. An internal service ticket is automatically created on:

  • multiple and consecutive failures of HTTP/S ping requests to Service Center and ECT applications
  • persistently high CPU utilization on the Front-Ends
  • Any OutSystems Windows Services fault
  • Front-End or Database disk space at near capacity

These indicators are monitored for all environments (production and non-production).

60 to 90 minutes

Using OutSystems Lifetime, customers can add a new front-end server to their OutSystems production environment, in self-service. The new front-end server is created and added to the load balancer automatically. Front-ends are automatically distributed evenly across the data centers in the AWS Region selected by the customer.

Using OutSystems Lifetime, customers can activate database replication for their OutSystems production environment, in self-service. Activating database replication may cause performance degradation while the database is replicating, but no downtime.

With the database replication option active, in the event of a database fault, the system automatically fails over to a “standby” replica in a different data center, quickly resuming service. The database replication option also reduces downtime in the event of database patching. In the event of a database fault, a database failover typically completes within one to two minutes. Failover time can also be affected by whether large uncommitted transactions must be recovered.

Each data center is engineered to be isolated from failures in other data centers.

High availability is available for Enterprise and Universal subscription levels . Both additional front-end servers and database replicas are chargeable add-ons, and OutSystems will start the corresponding billing process.

In the Singapore region, database replicas are available only with Oracle databases.

Proactive Maintenance


OutSystems regularly applies updates to the OutSystems Cloud software stack during scheduled maintenance windows. Updates typically include patches and minor version updates of the database and operating system.

How it works


Using OutSystems Lifetime, customers define their desired maintenance window, in self-service mode. All scheduled maintenance that may cause system downtime is executed, by default, during that window.

Scheduled maintenance operations take advantage of additional front-ends and database replicas to minimize downtime. Maintenance operations on the front-ends are conducted in sequence to avoid end-user application downtime. During front-end maintenance it is not possible to publish your applications. The database fails over to the replica during maintenance, to limit downtime to just a few minutes.

On an exception basis, maintenance operations may be required outside of this schedule. OutSystems tries to notify customers 2 business days in advance of any maintenance event.

OutSystems Software Updates


OutSystems takes care of the installation of new OutSystems versions and updates within the OutSystems Cloud.

How it works


5 biz days HA: no; SA: 4 hours ( see details )

Customers are entitled to any OutSystems software update after it is made available (revision or major version).

Customers request the installation of an OutSystems update by contacting the OutSystems Support. The installation of the OutSystems update will be performed at a mutually agreed time . OutSystems will execute a sequential upgrade for environments with multiple front-ends, therefore avoiding downtime for customer applications. Environments with a single front-end will experience an application downtime of up to 2 hours.

No applications can be deployed to the target environment, while the upgrade service is in progress.

When upgrading to a new OutSystems major version, OutSystems may also upgrade the major version of some of the technology stack software components. The upgrade of the database engine may require downtime, in which case it may be scheduled separately from the OutSystems upgrade.

Once the OutSystems software is updated, the customer is responsible for:

  • Re-deploying applications
  • Resolving any breaking changes

Optionally, the customer can request services assistance when upgrading OutSystems version by contacting the OutSystems services team or one of our partners.

Customers upgrading the OutSystems Platform are advised to read the process overview.

Manage OutSystems Environments


OutSystems Cloud includes a number of operations for managing environments:

  • Add environment;
  • Activate environment;
  • Rename environment;
  • Re-order environments.

How it works


60 to 90 minutes

Customers use OutSystems Lifetime to add the new environment to their OutSystems infrastructure, in self-service. The new environment is created automatically and will be available for use immediately after provisioning.

Additional environments are available for Enterprise and Universal subscription levels . Additional environments are chargeable add-ons, and OutSystems will start the corresponding billing process.

By default, new environments are created in the same Region. To add an environment in a different Region, Customers must instead raise a Purchase Order explicitly stating the Region where the new environment is to be created (from the list of regions that OutSystems Cloud supports).

The production environments of new infrastructures are provisioned in a stopped state. With the click of a button, customers can immediately start them.

5 business days

When creating a new infrastructure, environments are provisioned with a default name and order of staging. Both can be changed with a request to the OutSystems support team.

Connectivity


The OutSystems Cloud subscription includes 2 TB of data traffic per year.

Customers can request a Virtual Private Network connection between the OutSystems Cloud and their on-premises systems.
This secure communication channel can be used to integrate OutSystems Cloud applications with on-premises databases, web services, or authentication service providers.

To get the lowest possible network latency, customers can also establish a dedicated network connection.

How it works


The data traffic quota included with the OutSystems Cloud subscription is far more than required for most applications. Should a customer exceed the 2TB quota, OutSystems will invoice 1TB packs of additional traffic according to price list rates, which will be valid until the end of the customer’s subscription. It should be noted that no OutSystems customer has ever exceeded the traffic quota.

5 business days

The requirements to establish a VPN connection to the OutSystems Cloud vary but, at a minimum, will require that the customer has a VPN gateway with the ability to initiate a VPN tunnel. Customers initiate the process for establishing a VPN connection by filling in details in OutSystems Lifetime . The OutSystems support team will receive and validate the supplied details. OutSystems will then setup the OutSystems' end of the VPN connection and will supply the parameters that need to be configured in the customer VPN gateway and firewall.

Each OutSystems subscription includes 1 VPN connection. With Enterprise and Universal subscriptions additional VPN connections can be added. VPN connections are chargeable add-ons, and OutSystems will start the corresponding billing process.

Alternatively, customers can sign up for the AWS Direct Connect service directly with AWS, and then use that network connection with OutSystems Cloud. AWS Direct Connect is a dedicated network connection between the customer's premises and AWS, and guarantees low latency and consistent network performance.

Once the customer has its AWS Direct Connect link operational, the following steps are executed:

  1. OutSystems provide the AWS Account id.
  2. Using the AWS Direct Connect console, the Customer creates a Hosted Virtual Interface and sets the AWS Account id provided by OutSystems as owner. The Customer notifies OutSystems when this step is completed.
  3. OutSystems approves the association between the Hosted Virtual Interface and the AWS Account managed by OutSystems.

Database as a Service (Direct Database Access)


OutSystems developers visually model data-related operations, and trigger database structure changes as they deploy new versions of OutSystems applications. OutSystems allows developers to write complex SQL statements and define indexes. In addition, the OutSystems database automatically runs standard maintenance scripts to help sustain performance.

Direct database access is available for Enterprise and Universal subscription levels .

For more advanced integration scenarios and ad-hoc troubleshooting, customers can also directly access the OutSystems Cloud Database as a Service layer.

How it works


By default, the Database as a Service layer is accessible only to OutSystems support staff, who use it on the rare occasions where it is needed to troubleshoot support issues.

5 business days

Customers can request direct access to the OutSystems Cloud Database a Service layer, specifying a range of IP addresses entitled to such access. Within 5 business days, OutSystems will provision one database user account and provide the credentials to the customer.
With this database user account, customers can access the OutSystems Cloud database and leverage database clients such as TOAD, Oracle SQL Developer, or Microsoft SQL Server Management Studio.

This database user account has the following permissions:

  • Read or write data in bulk to application tables;
  • Read data from the OutSystems platform meta-model tables.

In order to protect the integrity of the OutSystems Cloud, the direct access database user account cannot perform the following tasks:

  • Write or change the internal tables and views
  • Manipulate the structure of database objects (tables/views/indexes)
  • Create database logic (such as functions, views, and procedures)

Manage security


Security is built-in with the OutSystems Cloud provisioning process, but customers can further customize some details of their security configuration, including:

  • Installing a custom SSL certificate
  • Setting a custom host name
  • Restricting HTTP access
  • Limiting application access by IP address
  • Request encryption of data-at-rest

In addition, customers can run their own penetration tests, to ensure application-level security.

How it works


Using OutSystems Lifetime, customers can define custom hostnames, and upload custom SSL certificates for each of their environments. SSL certificates are uploaded to the load balancer of the environment. Custom SSL certificates are used to authenticate the OutSystems web servers in the cloud, enabling a secure communication with the end-user browsers on the internet. Custom SSL certificates increase the user trust on the communication channel, as they carry the customer brand, rather than OutSystems'.

By default, HTTP access to applications is permitted. If this situation is not desired customers can use OutSystems Lifetime to block HTTP access to applications.

5 business days

To limit application access by IP address, customers must define their ‘internal network’ - the range of IP addresses allowed to access their most sensitive applications. Customers must submit a request to OutSystems support to set or re-configure their ‘internal network’, and then use the OutSystems developer environment to mark applications for ‘internal access only’. OutSystems console applications (Service Center and Lifetime) and development tools (Service Studio and Integration Studio) are always for ‘internal access only’.

5 business days 4 hours

Customers can request encryption of data-at-rest of the production database in their initial Purchase Order. Customers may also request encryption of an existing production database at a later date. In this case, the encryption operation will have to be scheduled with the OutSystems support team.

5 business days

To run penetration tests, customers must schedule them with OutSystems Support in advance. For details about this process and to understand what information is required, check this article.

Teardown


30 days

When your OutSystems Cloud subscription expires, the OutSystems platform will no longer be available. The OutSystems team will remove access to the servers, but keep a database backup for 30 days.

After 30 days, this last database backup is permanently deleted.

For details and Service Level commitments on delivery of Cloud Services please consult this document.