SmartAsset Deployment Configuration
The document is directed at network or system administrators and outlines the customer setup requirements to have the SmartAsset application running within an organisation when deployed in a cloud/cloud hybrid environment. SmartAsset has several deployment options all of which require specific setup in order to run correctly. Please review the following information prior to installing any client-side software or accessing the application via the SmartAsset browser or Mobile app.
The SmartAsset browser is a web-based application which is made up of two parts. The SmartAsset browser UI (user interface) and the SmartAsset API (Application Programming Interface). For the sake of this document moving forward we will refer to both (API and UI) as the SmartAsset Browser. This SmartAsset browser can be deployed in two methods
The SmartAsset browser can be hosted by SmartAsset. This is our preferred method as all updates are handled by our development team automatically. This also makes support and application monitoring streamlined. Security and application backups are also managed by SmartAsset Software.
Alternatively, the SmartAsset application can be deployed to an IIS web server running locally within an organisations network. This method requires additional configuration and the security requirements are handled by the customer. Depending on the client's requirements the browser can be run on an intranet or exposed to the internet. SmartAsset can assist with this configuration.
Regardless of the deployment option nominated above the SmartAsset browser uses the same authentication process.
We use Auth0 as the main primary security parameter for our browser and mobile app. All the practices we follow, follows theirs. https://auth0.com/security
Without an authorisation token the SmartAsset Browser cannot be accessed and this is a combination of the way OAuth2 works and how we have configured our application.
For the browser to work within the 'on site' environment (option 2 above) the application web server must allow secure access to the following:
We minimise the amount of data stored in Auth0. All private information is stored within the SmartAsset database. Auth0 purely contains the single originator (SmartAsset User) code for each registered user accessing the browser. These codes are then bundled into the Auth0 tokens and used as a final validation step during authentication.
Supported Internet Browsers
Supported internet browsers are, Chrome, Firefox, Edge and Safari.
Note: Internet explorer is supported where required but is not included by default.
Browser firewall permissions
For clients to access the SmartAsset browser they must have internet access to the supplied domain e.g. https//:customername.smartasset.com.au
This domain will be supplied to the customer at time of deployment.
The SmartAsset mobile app can be downloaded from the app store or via the link on our website.
The SmartAsset Mobile app requires iOS 12 and Android 5.0 lollipop or later and is designed to run on both phone and tablets.
The SmartAsset client is a windows application installed on any required users PC. We also offer Microsoft Office COMM Add-ins for Outlook, Excel and Projects.
For the SmartAsset client to communicate with the database stored in cloud the customer is required to configure the following:
Static IP Address
In order to connect a client network to a SmartAsset hosted database, SmartAsset need to know the clients static IP (IP Range). SmartAsset will then create firewall rules to enable SmartAsset access via the clients network.
Data Connection from Client Network
Depending on the client network topology and firewall settings the following two options need to be considered.
URL based firewall
The client must allow SQL port 1433 to the SmartAsset SQL Azure instance smartasset.database.windows.net
IP based firewall
If URL provisioning stated in the step above is not achievable, please place a request to firstname.lastname@example.org in order to obtain a list of all IP addresses provisioned for our datacentre. In this circumstance the client will need to provision SQL port access to our data centre IP addresses.
The SmartAsset client-side application allows users to view and upload documents. In order to upload/download files (print job tickets) from the client-side system the client firewall must enable the SmartAsset application to access ports http/https 80/443 to the supplied storage container. This container details can be provided on request.
Certain functionality of the SmartAsset client interacts with the SmartAsset Auth0 portal. For data to process any administrator using SmartAsset will need access to the following
Data Connection SmartAsset Firewall
As a final security layer, we only allow database access to client certified IP ranges. To achieve this SmartAsset need to know the client static IP (or Range) in order to allow access through our firewall. This IP (range) must be provided to SmartAsset for the application to connect and run.
The following image outlines how the SmartAsset architecture is deployed.