(Legacy Help) Technical Specifications – Cloud
Contents
Introduction
Gimmal Physical is a web-based application that is offered as either a cloud-based or on-premises solution. The technical specifications in this document for the following sections are specific to cloud installations.
The Gimmal Physical web application and data will be stored on the Microsoft cloud computing platform known as Azure. Azure is a top-rated cloud provider with 99.9% uptime and is responsible for cloud security, data backup, and cloud uptime and availability. This arrangement gives you all the features provided in Gimmal combined with the security resources provided by Microsoft Azure.
Application Architecture
By architecture design, the Gimmal Physical web application and database run fully on Azure where each solution is isolated by the customer, with no multitenancy, and no shared resources other than the Azure platform.

Application Architecture Components
Gimmal Physical application architecture includes the following components.
- Azure DNS to resolve CNAME mapping to dedicated Azure Cloud Service URL. 
- Azure Resource Group groups the following components per client. - Azure Cloud Service which runs a dedicated virtual machine hosting the Gimmal Physical web application. Cloud Service connections to all other components within Azure leverage TLS for secure encrypted connection. 
- Azure SQL Elastic Pool or Azure SQL Database, depending on the client data load, the client database will be hosted either on a dedicated SQL Elastic Pool or SQL Database. 
- Azure Storage Blob stores all electronic files created by the Gimmal Physical web application. The Digital Content module relies on the Storage Blob to store electronic records. 
- Azure Cache (Redis Cache) is used for session management and cache scenarios to improve performance within the Gimmal Physical web application. 
 
- SendGrid SMTP Gateway is used to send transactional emails from the Gimmal Physical web application. Connection to SMTP gateway can be either thru port TCP 25 (unencrypted) or port TCP 587 (encrypted via TLS). 
Data Centers
Gimmal Physical utilizes the following Azure data centers: East US, Canada Central, and US Gov Virginia.
Security
Service Organization Controls Standards
Microsoft covered cloud services are audited at least annually against the SOC reporting framework by independent third-party auditors. The audit for Microsoft cloud services covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service. Microsoft has achieved SOC 1 Type 2, SOC 2 Type 2, and SOC 3 reports.
Certificates
Secure Sockets Layer (SSL) and Code Signing certificates are provided and managed by the client with assistance provided by the Gimmal System Engineer Team.
Information Protection and Encryption
- Transport Layer Security TLS (Encryption-in-transit) 
 SQL Database secures customer data by encrypting data in motion with Transport Layer Security. SQL Server enforces encryption (SSL/TLS) at all times for all connections. This ensures all data is encrypted "in transit" between the client and the server.
- Transparent Data Encryption (Encryption-at-rest) 
Transparent Data Encryption (TDE) for Azure SQL Database adds a layer of security to help protect data at rest from unauthorized or offline access to raw files or backups. Common scenarios include data center theft or unsecured disposal of hardware or media such as disk drives and backup tapes. TDE encrypts the entire database using an AES encryption algorithm, which doesn’t require application developers to make any changes to existing applications.
In Azure, all newly created SQL databases are encrypted by default and the database encryption key is protected by a built-in server certificate. Certificate maintenance and rotation are managed by the service and require no input from the user.
Identity Management Integration and Single Sign On (SSO)
Gimmal Physical can integrate with the following Identity Management/Single Sign On (SSO) technologies:
- Okta 
- Azure Active Directory (AD) 
- Microsoft Active Directory Federation Services (ADFS) 
- SAML2-based Identity Providers (IdP) 
Vulnerability Scans
Gimmal Physical performs vulnerability scans monthly and performs a scan for every new client build.
Disaster Recovery
Gimmal provides robust backup and disaster recovery based on Microsoft Azure SQL Database, including Recovery Point Objective (RPO < 24 hours), Recovery Time Objective (RTO < 12 hours), and Point In Time Restore (PITR backup retained for 14 days).
Patch Management
System maintenance, outside of application bug fixes/patches, is provided by the Microsoft Azure platform. Patches applied to the Gimmal Physical web application are governed by the Gimmal Change Management process.
Installation Components
| Component | Description | Deployment Unit | 
| Gimmal Physical Web Access | Software to access the Gimmal Physical application. | Modern Web Browser | 
| Gimmal ScannerConnect (optional) | A standalone application that provides an interface for the Zebra DS4608/4278 barcode scanners. | Client Workstation | 
| Email Notifications | Software to send email messages from the Gimmal Physical application. | SendGrid | 
| Gimmal PortableConnect (optional) | A standalone application that provides an interface for the Zebra TC5x barcode scanner. Supports Android OS versions 10, 11, 13 and 14 | Client Mobile Scanner | 
Additional Supporting Applications
Optional Software:
- Gimmal FileConnect: a Windows service that interfaces with Gimmal Physical web services to push data from network file shares or local folders to Gimmal Physical for storage. A UI is provided to configure the service. 
- Gimmal ScannerConnect: a standalone application that allows users to transfer items in Gimmal Physical. Used for tethered or wireless scanner devices. 
- Gimmal PortableConnect: An Android application that allows most Zebra TC5x barcode scanners to collect scans and perform transfers into Gimmal Physical. Supports Android 10, 11, 13 and 14. 
Gimmal Physical REST API
An extensive library of REST-based web services is available for consumption. Please
Device Hardware
Supported Devices:
| Device | Description | Specifications | 
| Zebra TC5x (Mobile Scanner) (not including TC51 or its variants) | This scanner is often used in a warehouse, office building, or campus environment to both check in and out items, as well as reconcile the Gimmal Physical database with where items are located. Uses the Gimmal PortableConnect application to interface with Gimmal Physical. | 
 | 
| Zebra LI4278 (Wireless Scanner) | A quick way to check in and out items using the Gimmal ScannerConnect application. Normally used at a file room check-point. The base is connected to the computer and the scanner has a limited range. | 
 | 
| Zebra DS4608 (Tethered Scanner) | A quick way to check in and out items within the Gimmal ScannerConnect application, normally used at a file room check-point. | 
 | 
