In this section we briefly describe our current software stack. We make use of a carefully compiled set of open source software (you may inspect the source code, generally published on the official website of the particular software package), but do not publish our operational strategy (in other words, how we use the set of software to create value for our customers).
A quick note on security
We are open for ethical hackers testing our systems and reporting vulnerabilities in order to continuously improve security and privacy for our customers. We're putting a great effort in securing our systems, but also acknowledge the reality that even the Titanic sunk.
Depending our your scenario, critical data could be stored on hardware you control yourself, we control, or one of our supplier controls. Refer to our GDPR statement for a full list of possible suppliers.
Generally, using our expertise to safeguard data at a custom location, is much safer then using AWS buckets or OneDrive storage.
Ultimately security comes down to risk management, which is unique to your situation and will most likely result in security measures at different levels in your organisation.
There's not much to say about hardware, as this depends solely on the customer needs and preference. We are able to deploy our software to a wide range of hardware systems, from a family pc to a swarm of virtual servers in a distant datacenter, as long as it supports our principal operating system.
Our basis for our stack is the Debian GNU/Linux operating system. It's an extremely stable and reliable operating system that fits a wide range of scenario's. Because of it's longer development cycle, with a strong focus on security and privacy, it is the perfect match for our setup.
To make sure your cube communicates safely with the internet, we make use of Dnsmasq to manage DNS traffic through and from your networks. Since DNS is a very privacy sensitive protocol, you can use your cube as a DNS "shield" for your colleagues, that protects you from adversaries that try to follow your internet habbits. Very soon we'll implement encrypted DNS traffic between your cube and the upstream dns provider.
The next stage is managing the access to the organization's network for your team. For customers who require this option, we provide a solid implementation of OpenVPN, to set up a virtual network between your cube and colleagues, so that unauthorized devices cannot stumble upon your cube on the open internet. OpenVPN uses a crypto keypair to authorize devices on its network, which is less likely to be cracked than a normal password.
When the access to the network is succesful, we use OpenLDAP as the directory service that stores all the information about your team members. Their 'card' in this database is consulted by all higher level applications to determine access permissions. This way, your team members only have to remember one strong password for all the company's applications.
Depending on the scenario, we use NFS or Samba to manage the storage capabilities of your cube. They have both unique features that the other package cannot provide, so you could even opt for a combination.
On top of this solid foundation, we install Nextcloud, so that end-users are able to interact with the services (email, documents) through a modern browser or compatible application.
By default, it is possible to use only a browser on any device to interact with the cube. Good browsers are Mozilla Firefox or Opera. Browsers that are known to explicitely violate your privacy are Edge or Chrome. Although they are eperienced as fast and pretty, we would not recommend these last two.
However, we can guarantee that the best way to interact with the cube is by using native apps for your device. They are optimized for their intended use, and generally faster then using a web browser. A simple illustration when reading email:
Web browser -> speaks 'HTTPS' -> cube web portal -> speaks 'IMAP' -> the mail software on your cube
Mail app -> speaks 'IMAP' -> the mail software on your cube
You immediately see that you eliminate a layer of software when using native apps, thus speeding up your operations. Since your cube is equiped to communicate with standardized protocols (HTTPS, ..) a lot of apps are compatible with your cube. If you extend your cube, more apps will become available.
Here's a small list with recommended apps to get you started:
Laptop / Desktop ( windows, mac and linux)
Android phone / tablet
iPhone / iPad
return to previous page