Architecture

IBM® TRIRIGA® SaaS Standard Architecture
  • TRIRIGA SaaS Standard provides two (2) environments by default: PROD an NON-PROD
  • IT Administration for these environments is managed by the IBM SRE team
  • TRIRIGA Application and Database Servers are provisioned on dedicated servers as shown in the diagram below
  • Client has a total of four (4) Servers: (1) App and (1) Database server for PROD; (1) App and (1) Database Server for NON-PROD
  • Only IBM DB2® database is supported in IBM TRIRIGA SaaS Standard. If Oracle database is desired, customer must order IBM TRIRIGA SaaS Flex
  • Additional environments (DEV, QA, etc) are available at an added cost
  • Clients access the system via the TRIRIGA browser GUI over HTTPS
  • IBM TRIRIGA SaaS is an internet based offering that runs over HTTPS. There is no private cloud or direct connect option for TRIRIGA SaaS.
  • Clients can use native TRIRIGA GUI tools to configure the application
  • SFTP and IPsec site-to-site VPN connectivity options are available. See Integration & Data Migration Options for details
  • Disaster recovery for the production environment including local HA and a secondary DR site with lower RTO & RPO is available at an added cost
Mobile Applications Security
The IBM TRIRIGA SaaS offering provides no native mobile applications. Instead we provide the TRIRIGA Perceptive Applications. These are screen size aware HTML5 based applications, with offline data support, accessible over HTTPS via the device browser.
CSP Certification
The IBM TRIRIGA SaaS offering is ISO27001 and SOC2 certified. Details and certificates available from our wiki: Security
Audit Assurance & Compliance
SOC2 report is available on request. IBM’s Product Transformation Center (PTC) conducts “black box” penetration testing on Maximo® and TRIRIGA SaaS annually. An executive summary report can be provided to customers on a per-request basis.
Secrets Management
All encryption keys are managed by the IBM SRE team internally, except those for SFTP and OpenVPN accounts, which are provided to end customer(s). IBM SRE follows an established Key Lifecycle Management Security Policy that is compliant with ITSS (IBM Corporate) requirements and ISO standards 27001, 27017 and 27018. Key access is specified via a dedicated access control group only accessible to SRE system admin and database admin teams. Segregation of duties procedure is in place and monitored internally; specifics of the policy and procedures key management are IBM Confidential.