The SIMSAnywhere Server

  • Server OS: Windows Server 2016 Standard (64-bit)
  • Application: SIMSAnywhere is an ASP.NET 4.0 application written in C#. JavaScript, jQuery and jQuery Mobile are also used heavily throughout the web appication.
  • Database: Microsoft SQL Server 2017 (64-bit). Each customer's data are stored in a separate database.
  • Encryption: Data in transit are are encrypted using a 128-bit AES SSL connection. Identifiable data at rest are encrypted with 256-bit AES.
View Network Diagram

Our Datacenter

The SIMSAnywhere server is housed in a SSAE-16 & HIPAA / HITECH compliant datacenter. This means our datacenter has had an in-depth audit of its control activities conducted by an independent third-party service auditor that includes a thorough review of all its controls over information technology and related processes. Passing this audit demonstrates that adequate controls and safeguards have been established in hosting your data and IT infrastructure. The following are some of the measures in place to protect your data:

  • Security.  Our datacenter is manned 24/7/365, with site entrances controlled by an electronic perimeter access card system and secured by mantraps with interlocking doors. The facility is monitored by a 3rd party security company with CCTV security cameras covering the inside, outside and all entrances.
  • Firewall.  The SIMSAnywhere server is equipped with a Cisco hardware firewall to block unnecessary ports, greatly increasing the security of the server.
  • Brute force detection.  The SIMSAnywhere server is equipped with a brute force detection engine to block attempts by hackers to gain user level access to your database.
  • Network monitoring.  State-of-the-art traffic profiling and anomaly detection capabilities are used to manage and secure networks, pinpoint and troubleshoot network attacks, monitor servers and applications, and analyze network security performance issues within the datacenter.
  • Security updates.  The SIMSAnywhere server is updated regularly with the latest security releases.

User Account Security and Authentication

  • Accounts can only be created and managed from within SIMS.  This means a malicious user would never be able to create, modify or remove a user account via the simsanywhere.com website.
  • Account permissions, including access to SIMSAnywhere, can only be granted by a SIMS administrator.
  • Accounts must have complex passwords.  Complex passwords make the odds of a successful brute-force password cracking attempt extremely unlikely. Password complexity requirements are as follows:
    • Passwords must be at least six characters in length.
    • Passwords must contain at least one character from three of the following four categories:
      • English uppercase characters (A through Z)
      • English lowercase characters (a through z)
      • Base 10 digits (0 through 9)
      • Non-alphabetic characters (for example, !, $, #, %)
  • Account lockouts.  Consecutive logon attempts that are unsuccessful due to an invalid password will cause a user’s account to be locked. This will occur upon the 4th consecutive failed attempt.
  • Shut-off switch.  You can disable simsanywhere.com access for all user accounts at once from within SIMS.

Browser Security

  • SSL requirement.  The SIMSAnywhere server requires a 128-bit Secure Sockets Layer (SSL) connection from your browser. This connection is made automatically by your browser, and ensures that any information transmitted between your browser and the server is encrypted. Non-SSL connections to simsanywhere.com are not possible.
  • Inactivity timeout.  You will be automatically logged out of simsanywhere.com after 20 minutes of inactivity.

SIMSAnywhere Synchronization Service (SASS) Security

  • SSL connection.  SASS uses a 128-bit SSL connection when transmitting and receiving data from the SIMSAnywhere server, ensuring all data are encrypted while in transit.
  • Administrator requirement.  In order to configure SASS to synchronize a database, the user name and password of a SIMS administrator account is required.

Frequently Asked Questions

  • What firewall technology is used?
    Cisco ASA 5506-X hardware firewall with proprietary rules.
  • How do you keep up on security vulnerabilities, and what is the policy for applying security patches? 
    Our server management team is tasked with maintaining awareness of vulnerabilities that may affect our environment. Required updates are applied accordingly, and reboots done as necessary during off peak hours.
  • How do I unlock a locked SIMSAnywhere user account?
    User accounts must be unlocked from within SIMS:
    1. Select Tools/Security/Settings from the SIMS menu.
    2. Select the Users folder, and double-click the affected user account on the right.
    3. Select the SIMSAnywhere tab and click the Check online account status link.
    4. Answer “Yes” to the prompt to unlock the account.
    5. You may also want to reset the user’s password from the Security window, by right-clicking the user account and choosing “Set Password”.

Our Policy on Compliance Documents

We have attempted to provide any information above that might be required by your organization. In the event you require technical information that is not provided in this document, we will attempt to answer your specific questions to the extent possible. If your organization requires the completion of forms by FlanTech, you will be charged $85/hr for the completion of the forms, with a $85 minimum charge. New customers must pay the $85 minimum in advance of our completion of the documents.