OutSystems Cloud Services

The information below applies to OutSystems 11.

OutSystems Cloud enables customers to develop, test, deploy, and run mobile and web applications using OutSystems, without having to worry about dealing with the administrative aspects of the platform technology. Applications built and deployed by customers are hosted directly within OutSystems Cloud infrastructure.

OutSystems Cloud benefits different types of user profiles:

  • Developers log into the OutSystems Cloud from their developer environment, to publish and test OutSystems applications;

  • SysOps log into the OutSystems web administration consoles, to configure and stage applications across environments;

  • End users access OutSystems applications that have been deployed to the Production environment;

  • Other systems use the APIs published by OutSystems applications.

Administration of the technology stack


The OutSystems team takes care of the administration of the technology stack (database, operating system, application server, and network), using heavily automated operating procedures and standards for infrastructure configuration. Both are essential to guarantee the core advantages of the OutSystems Cloud, such as monthly Availability above 99.5% for the production environment and a great support and upgrade experience.

OutSystems Cloud customers rely on the OutSystems team for the administration of the technology stack, and cannot maintain, configure, or access the technology stack themselves.

Because of the standardized approach taken by OutSystems Cloud, there is no option to request custom configurations of the technology stack.

The purpose of this article is to describe the portfolio of services included with the OutSystems Cloud offering.

Customer responsibilities


OutSystems Cloud is a highly convenient service that removes the majority of administrative tasks that would otherwise be the responsibility of the customer. However, customers are still responsible for certain tasks, including the following:

  • Developing applications, monitoring their performance, and tuning them, if needed, to meet performance and scalability requirements;

  • During an OutSystems version upgrade, modifying and testing the OutSystems applications to handle breaking changes, if they exist;

  • Plan OutSystems version upgrades, respecting the OutSystems version support policy.

  • Estimating the evolution of the application workload, and planning the associated hardware capacity;

  • Ensuring application-level security, including penetration testing (if needed);

  • Managing the DNS records for their domain, and pointing them to the OutSystems Cloud servers;

  • Explicitly authorize the users who can request infrastructure changes to OutSystems, using the OutSystems Support Portal.

Services included in OutSystems Cloud


This section describes the services included in the OutSystems Cloud Enterprise Edition:

For each service there is an indication of how the service is delivered, according to the legend below:

This service is delivered in self-service mode. Customer activates the service directly in OutSystems LifeTime.

Delivery of this service requires direct assistance from OutSystems Support.

The time between the request of service activation and delivery of service by OutSystems.

Delivery of this service requires downtime. The downtime period is scheduled between OutSystems and the customer.
Duration of downtime is indicated for SA (standard availability) and for HA (high availability) environments, where applicable.

Delivery of this service can be scheduled outside of customer business hours.
Only applies to service requiring direct assistance from OutSystems Support.

Provisioning


When a customer subscribes to the OutSystems Cloud, OutSystems will provision, install, and configure an OutSystems infrastructure in the cloud, with the number and type of environments selected by the customer.

OutSystems allocates dedicated infrastructure for each customer: virtual servers, storage, networking, operating systems, databases, and OutSystems software.

The OutSystems infrastructure is deployed on the stack selected by the customer, according to the following available combinations:

Operating System Database

Windows Server 2016 Standard Edition

MS SQL Server 2016 Standard Edition

Oracle 12 Standard Edition

The OutSystems infrastructure is deployed in the Region selected by the customer, among the following options:

  • In Asia Pacific: Sydney, Singapore, Tokyo, Hong Kong, Mumbai, Bahrain, Seoul, and Jakarta

  • In Europe/Middle East/Africa: Ireland, Frankfurt, London, and Cape Town

  • In the Americas: United States (Northern Virginia, Ohio, and Oregon), Canada, and São Paulo

Optionally, customers can explicitly request encryption of data-at-rest in the production database. When encryption of data-at-rest is activated, database backups are also encrypted.

When a customer upgrades its subscription to OutSystems Sentry, OutSystems will make the necessary infrastructure upgrades. 

How it works


2 business days

OutSystems provisions the infrastructure following a Purchase Order. When completed, OutSystems communicates the cloud access points and credentials to the customer. OutSystems can reset these credentials for you later, if you need it.

OutSystems assigns a DNS name in the *.outsystemsenterprise.com domain to each of the environments and configures a matching valid SSL certificate, to enable immediate start. The SSL certificate authenticates the OutSystems web servers in the cloud, enabling secure communication with end-user browsers on the internet.

Customers with their own SSL certificates will need to upload these and change the hostname.

OutSystems creates a Virtual Private Cloud (VPC) for every customer and one Elastic Load Balancer per environment.

The Elastic Load Balancer hosts the SSL certificate and routes inbound internet traffic to the front-end server(s). Inbound internet traffic is allowed on ports 80 and 443. Additional ports are accessible to the OutSystems support team only, to support troubleshooting activities: RDP and database connection.

Customers can request encryption of data-at-rest of the production database in their initial Purchase Order. Customers may also request encryption of an existing production database at a later date - check the Manage Security section in this document.

After receiving a Purchase Order for the upgrade to Sentry, OutSystems Support will contact the customer to schedule the various interventions that may require downtime or impact system performance. According to the agreed schedule, OutSystems will deploy redundant servers for high-availability, scale-up servers, encrypt resources, install Sentry-specific components and security software, and activate extended security monitoring.

Scalability


To meet anticipated application demand, customers can add the following resources to their dedicated OutSystems Cloud infrastructure:

  • Horizontal scalability - additional servers

  • Vertical scalability - scale up existing servers

  • Add storage.

Horizontal and vertical scalability

  Up to 5 business days  (see details in text)  

OutSystems scales customer environments horizontally with the addition of more front-end servers, or vertically, scaling-up existing databases or front-end servers.

In either case, customers should submit a reasoned request to OutSystems support, which will respond according to the request priority and respective SLAs.

For horizontal scaling requests, the new front-end server is created and added to the load balancer automatically, becoming immediately available after provisioning ends.

For vertical scaling of front-end servers or databases, upon customer request, OutSystems will propose a schedule for the upgrade, subject to customer confirmation.

For environments with only one front-end, the front-end scale-up operation causes a downtime of approximately 30 minutes.

For production environments with two or more front-ends, the front-end scale-up causes a reduction of processing capacity, but there is no downtime. All front-ends are scaled up to the same server class.

Add storage

OutSystems adds database storage as needed, depending on the customer’s subscription.

Data Protection


With OutSystems Cloud, automatic backups of the production environment database run daily and are maintained for 15 days. OutSystems Cloud databases can be restored from existing backups (automatic or ad-hoc), or to a specific point-in-time in the last 15 days.

Backups can also be restored to an alternate temporary database, accessible via direct database access, allowing developers to selectively retrieve overwritten data while avoiding the implications of a full database restore.

In addition, it is possible to create temporary files for storage in the front-end.

How it works


Daily backups of the production database are executed automatically, with no downtime. Backups are stored in multiple data centers within the same AWS Region of the OutSystems environment. To further minimize performance impact, the backups are executed 3 hours before the defined maintenance window to avoid any impact on the scheduled activities, in the time zone of the AWS Region of the environment.

less than 24 hours (depends on data volume)

Customers can request a restore of the database to any point in time in the last 15 days. OutSystems restores the database to a prior point in time and, once the restore operation is complete, redirects the OutSystems environment to the new database and informs the customer that the operation was completed successfully.

OutSystems will make the previous database available for direct database access by the customer for 15 days.

The restore operation may take several hours and, once complete, there’s a period of downtime of about 15 minutes. If the restore is due to unexpected errors, you may request that the current database be immediately put offline - in which case the downtime will last for the whole duration of the restore. During this downtime, neither the old or the restored database are available. Any data written to the current database after the restore is started will be available only via direct database access.

As an exception, after an OutSystems major version upgrade, customers cannot restore backups to a point in time prior to the upgrade.

For the rare scenarios where there is a need to investigate potential data corruption issues, customers can request the restore of a backup to an alternate temporary database, describing the reasons for the request. The option to restore to an alternate temporary database is designed for exceptional and justified use, and not for regular business or administrative processes. Therefore, OutSystems will evaluate the request, and confirm or decline it. 

When the request is confirmed, OutSystems will trigger the restore and, once the restore is complete, provide access credentials to this new temporary database. The temporary database is automatically deleted after 1 week.

There is occasionally the need to create temporary files in the front-end storage, for example, if you need to generate a PDF file temporarily in order for it be downloaded by the user. This can be accomplished using the Filesystem extension. Your apps can write temporary files to a specific folder (D:\User\). The temporary folder's capacity is 2 GB.

Temporary files in the front-end storage are removed periodically by OutSystems.

Monitoring and High Availability


OutSystems Cloud infrastructures are monitored 24/7 for critical health indicators, such as response times from sample OutSystems web pages. OutSystems Cloud includes automatic self-healing and alarms to the OutSystems Technical Support team.

Customers monitor their own applications performance, audit logs and database capacity directly in the OutSystems self-service administration console applications (Lifetime and Service Center).

The following high availability options are also available as part of the OutSystems Cloud offering:

  • High availability for the front-end server

  • High availability for the database server

  • Geographically distributed data centers (within the region selected by the customer), with automatic load balancing

In the event of a disaster, OutSystems Cloud is designed to recover any customer infrastructure from the stored backups.

How it works


OutSystems monitors 24/7 essential health indicators. An internal service ticket is automatically created on:

  • Multiple and consecutive failures of HTTP/S ping requests to Service Center and ECT applications
  • Persistently high CPU utilization on the Front-Ends
  • Any OutSystems Services fault
  • Front-end or Database disk space at near capacity

These indicators are monitored for all environments (production and non-production).

Database replication is automatically activated for the Production environment(s) as customers subscribe to High Availability.

With the database replication option active, in the event of a database fault, the system automatically fails over to a “standby” replica in a different data center, quickly resuming service. The database replication option also reduces downtime in the event of database patching. In the event of a database fault, a database failover typically completes within one to two minutes. Failover time can also be affected by whether large uncommitted transactions must be recovered.

Each data center is engineered to be isolated from failures in other data centers.

Proactive Maintenance


OutSystems regularly applies updates to the OutSystems Cloud software stack during scheduled maintenance windows. Updates typically include patches and minor version updates of the database and operating system.

How it works


Using OutSystems Lifetime, customers define their desired maintenance window, in self-service mode. All scheduled maintenance that may cause system downtime is executed, by default, during that window.

Scheduled maintenance operations take advantage of additional front-ends and database replicas to minimize downtime. Maintenance operations on the front-ends are conducted in sequence to avoid end-user application downtime. During front-end maintenance it is not possible to publish your applications. The database fails over to the replica during maintenance, to limit downtime to just a few minutes.

On an exception basis, maintenance operations may be required outside of this schedule. OutSystems tries to notify customers 2 business days in advance of any maintenance event.

OutSystems Software Updates


OutSystems takes care of the installation of new OutSystems versions and updates within the OutSystems Cloud.

How it works


5 biz days HA: see details below; SA: 4 hours ( see details )

Customers are entitled to any OutSystems software update after it is made available (revision or major version).

Customers request the installation of an OutSystems update by contacting the OutSystems Support. The installation of the OutSystems update will be performed at a mutually agreed time . OutSystems will execute a sequential upgrade for environments with multiple front-ends, therefore avoiding downtime for customer applications. Environments with a single front-end will experience an application downtime of up to 2 hours.

No applications can be deployed to the target environment, while the upgrade service is in progress.

When upgrading to a new OutSystems major version, OutSystems may also upgrade the major version of some of the technology stack software components. The upgrade of the database engine may require downtime, in which case it may be scheduled separately from the OutSystems upgrade.

Once the OutSystems software is updated, the customer is responsible for:

  • Re-deploying applications
  • Resolving any breaking changes

Optionally, the customer can request services assistance when upgrading OutSystems version by contacting the OutSystems services team or one of our partners.

Customers upgrading the OutSystems Platform are advised to read the process overview.

Manage OutSystems Environments


OutSystems Cloud includes a number of operations for managing environments:

  • Add environment;
  • Activate environment;
  • Rename environment;
  • Re-order environments.

How it works


Additional environments are automatically provisioned upon subscription.

By default, new environments are created in the same Region.  

The production environments of new infrastructures are provisioned in a stopped state. With the click of a button, customers can immediately start them. 

Connectivity


Customers can request a Virtual Private Network connection between the OutSystems Cloud and their on-premises systems.
This secure communication channel can be used to integrate OutSystems Cloud applications with on-premises databases, web services, or authentication service providers.

To connect to other resources on AWS, customers can attach the OutSystems Cloud VPC to the AWS Transit Gateway.

To get the lowest possible network latency, customers can also establish a dedicated network connection using AWS Direct Connect.

For customers with either a VPN or an AWS Direct Connect link, OutSystems Cloud includes a DNS service to allow bi-directional communication by DNS name (rather than IP address) between the OutSystems Cloud and the customer’s on-premises systems.

Connectivity options vary based on the customer's subscription.

How it works


 

To establish a VPN connection to the OutSystems Cloud customers need a VPN gateway with the ability to initiate a VPN tunnel. The setup of the VPN is executed in self-service in OutSystems Lifetime

Customers can also request the deactivation of the VPN connection when no longer needed.

Additional VPN connections can be added, up to a total of 5.

VPN connections can take advantage of the Border Gateway Protocol (BGP) to simplify configuration. Alternatively, customers may configure static routing to up to 16 network address ranges. E.g. a customer with 10 ranges configured in one VPN can configure only up to 6 ranges on a second VPN.

Alternatively, customers can sign up for the AWS Direct Connect service directly with AWS, and then use that network connection with OutSystems Cloud. AWS Direct Connect is a dedicated network connection between the customer's premises and AWS, and guarantees low latency and consistent network performance.

Once the customer has its AWS Direct Connect link operational, the following steps are executed:

  1. OutSystems provide the AWS Account id.
  2. Using the AWS Direct Connect console, the Customer creates a Hosted Virtual Interface and sets the AWS Account id provided by OutSystems as owner. The Customer notifies OutSystems when this step is completed.
  3. OutSystems approves the association between the Hosted Virtual Interface and the AWS Account managed by OutSystems.

To access the on-premises systems from the OutSystems applications in the Cloud using server names (rather than IP addresses), customers must provide, via a Support ticket:

  • their set of internal domain names and the corresponding IP addresses of their internal DNS servers.

To access the OutSystems Cloud applications from on-premises systems via the VPN, customers need to configure their internal DNS servers to delegate the resolution of the outsystemsenterprise.com domain to the OutSystems Cloud DNS server.

Database as a Service (Direct Database Access)


OutSystems developers visually model data-related operations, and trigger database structure changes as they deploy new versions of OutSystems applications. OutSystems allows developers to write complex SQL statements and define indexes. In addition, the OutSystems database automatically runs standard maintenance scripts to help sustain performance.

Direct database access availability varies by edition.

For more advanced integration scenarios and ad-hoc troubleshooting, customers can also directly access the OutSystems Cloud Database as a Service layer.

How it works


By default, the Database as a Service layer is accessible only to OutSystems support staff, who use it on the rare occasions where it is needed to troubleshoot support issues.

5 business days

Customers can request direct access to the OutSystems Cloud Database a Service layer, using either temporary or permanent database users.

Temporary database users can be obtained in self-service, via Lifetime.

For permanent database users, customers send the the request specifying a range of IP addresses entitled to such access. Within 5 business days, OutSystems will provision one database user account and provide the credentials to the customer.

Customers can change the range of IP addresses entitled to such access at any time, again with an SLA of 5 business days.

With this database user account, customers can access the OutSystems Cloud database and leverage database clients such as TOAD, Oracle SQL Developer, or Microsoft SQL Server Management Studio.

This database user account has the following permissions:

  • Read or write data in bulk to application tables;
  • Read data from the OutSystems platform meta-model tables.

In order to protect the integrity of the OutSystems Cloud, the direct access database user account cannot perform the following tasks:

  • Write or change the internal tables and views
  • Manipulate the structure of database objects (tables/views/indexes)
  • Create database logic (such as functions, views, and procedures)

Manage security


Security is built-in with the OutSystems Cloud provisioning process, but customers can further customize some details of their security configuration, including:

  • Installing a custom SSL certificate
  • Installing client-side certificates
  • Add a root Certification Authority certificate to the trusted root store
  • Setting a custom host name
  • Restricting HTTP access
  • Limiting application access by IP address
  • Request encryption of data-at-rest

In addition, customers can run their own penetration tests, to ensure application-level security.

How it works


Using OutSystems Lifetime, customers can define custom hostnames, and upload custom SSL certificates for each of their environments. SSL certificates are uploaded to the load balancer of the environment. Custom SSL certificates are used to authenticate the OutSystems web servers in the cloud, enabling a secure communication with the end-user browsers on the internet. Custom SSL certificates increase the user trust on the communication channel, as they carry the customer brand, rather than OutSystems'.

 5 business days

OutSystems applications may consume web services that require client-side authentication. To enable the consumption of these web services customers need to ask OutSystems to install the certificate(s) on the OutSystems front-end servers.

OutSystems applications may also consume web services that are not exposed to the internet, via the VPN connection. To enable secure communication in this scenario, customers can supply their root Certification Authority certificate to the OutSystems team, who will install it on the trusted root store on the customer’s behalf.

By default, HTTP access to applications is permitted. If this situation is not desired customers can use OutSystems Lifetime to block HTTP access to applications.

5 business days

To limit application access by IP address, customers must define their ‘internal network’ - the range of IP addresses allowed to access the OutSystems consoles and their most sensitive Traditional Web applications. Customers must submit a request to OutSystems support to set or re-configure their ‘internal network’, and then use the OutSystems developer environment to mark applications for ‘internal access only’. Setting an 'internal network' controls also the access to the OutSystems environment from the OutSystems development tools (Service Studio and Integration Studio)..

5 business days 4 hours

Customers can request encryption of data-at-rest of the production database in their initial Purchase Order. Customers may also request encryption of an existing production database at a later date. In this case, the encryption operation will have to be scheduled with the OutSystems support team.

5 business days

To run penetration tests, customers must schedule them with OutSystems Support in advance. For details about this process and to understand what information is required, check this article.

Teardown


30 days

When your OutSystems Cloud subscription expires, the OutSystems platform will no longer be available. The OutSystems team will remove access to the servers, but keep a database backup for 30 days.

After 30 days, this last database backup is permanently deleted.