Skip to main content
Skip table of contents

Technical Specifications – Cloud

Contents

Introduction

Gimmal Physical is a web-based application that is offered as either a cloud-based or on-premises solution. The technical specifications in this document for the following sections are specific to cloud installations.

The Gimmal Physical web application and data will be stored on the Microsoft cloud computing platform known as Azure. Azure is a top-rated cloud provider with 99.9% uptime and is responsible for cloud security, data backup and cloud uptime and availability. This arrangement gives you all the features provided in Gimmal combined with the security resources provided by Microsoft Azure.

Application Architecture

By architecture design, the Gimmal Physical web application and database run fully on Azure where each solution is isolated by customer, no multitenancy, no shared resources other than the Azure platform.

Application Architecture Components

Gimmal Physical application architecture includes the following components.

  1. Azure DNS to resolve CNAME mapping to dedicated Azure Cloud Service URL.

  2. Azure Resource Group groups the following components per client.

    1. Azure Cloud Service which runs a dedicated virtual machine hosting the Gimmal Physical web application. Cloud Service connections to all other components within Azure leverage TLS for secure encrypted connection.

    2. Azure SQL Elastic Pool or Azure SQL Database, depending on client data load, client database will be hosted either on a dedicated SQL Elastic Pool or SQL Database.

    3. Azure Storage Blob stores all electronic files created by the Gimmal Physical web application. Digital Content module relies on Storage Blob to store electronic records.

    4. Azure Cache (Redis Cache) is used for session management and cache scenarios to improve performance within the Gimmal Physical web application.

  3. SendGrid SMTP Gateway is used to send transactional email from the Gimmal Physical web application. Connection to SMTP gateway can be either thru port TCP 25 (unencrypted) or port TCP 587 (encrypted via TLS).

Data Centers

Gimmal Physical utilizes the following Azure data centers: East US, Canada Central and US Gov Virginia.

Security

Service Organization Controls Standards

Microsoft covered cloud services are audited at least annually against the SOC reporting framework by independent third-party auditors. The audit for Microsoft cloud services covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service. Microsoft has achieved SOC 1 Type 2, SOC 2 Type 2, and SOC 3 reports.

Certificates

Secure Sockets Layer (SSL) and Code Signing certificates are provided and managed by the client with assistance provided by the Gimmal System Engineer Team.

Information Protection and Encryption

  • Transport Layer Security TLS (Encryption-in-transit)
    SQL Database secures customer data by encrypting data in motion with Transport Layer Security. SQL Server enforces encryption (SSL/TLS) at all times for all connections. This ensures all data is encrypted "in transit" between the client and the server.

  • Transparent Data Encryption (Encryption-at-rest)

Transparent Data Encryption (TDE) for Azure SQL Database adds a layer of security to help protect data at rest from unauthorized or offline access to raw files or backups. Common scenarios include datacenter theft or unsecured disposal of hardware or media such as disk drives and backup tapes. TDE encrypts the entire database using an AES encryption algorithm, which doesn’t require application developers to make any changes to existing applications.
In Azure, all newly created SQL databases are encrypted by default and the database encryption key is protected by a built-in server certificate. Certificate maintenance and rotation are managed by the service and requires no input from the user.


Identity Management Integration and Single Sign On (SSO)

Gimmal Physical can integrate with the following Identity Management/Single Sign On (SSO) technologies:

  • Okta

  • Azure Active Directory (AD)

  • Microsoft Active Directory Federation Services (ADFS)

  • SAML2-based Identity Providers (IdP)


Vulnerability Scans

Gimmal Physical performs vulnerability scans monthly and performs a scan for every new client build.

Disaster Recovery

The Microsoft Azure platform boasts near 100% uptime and supports robust backup and disaster recovery including Recovery Point Objective (RPO < 5 minutes), Recovery Time Objective (RTO < 12 hours), and Point In Time Restore (PITR up to 35 days). Longer PITR times can be purchased.

Patch Management

System maintenance, outside of application bug fixes/patches, is provided by the Microsoft Azure platform. Patches applied to the Gimmal Physical web application are governed by the Gimmal Change Management process.

Installation Components

Component

Description

Deployment Unit

Gimmal Physical Web Access

Software to access the Gimmal Physical application.

Modern Web Browser

Gimmal ScannerConnect (optional)

A standalone application that provides an interface for the Zebra DS4608/4278 barcode scanners.

Client Workstation

Email Notifications

Software to send email messages from Gimmal Physical application.

SendGrid

Gimmal PortableConnect (optional)

A standalone application that provides an interface for the Zebra TC52 barcode scanner.

Supports Android OS
versions 7, 8, 9,10 and 11

Client Workstation

Additional Supporting Applications

Optional Software:

  • Gimmal FileConnect: a Windows service that interfaces with Gimmal Physical web services to push data from network file shares or local folders to Gimmal Physical for storage. A UI is provided to configure the service.

  • Gimmal ScannerConnect: a standalone application that allows users to transfer items in Gimmal Physical. Used for tethered scanner devices.

  • Gimmal PortableConnect: An Android application that allows the Zebra TC51/TC52 barcode scanners to collect scans and perform transfers into Gimmal Physical. Supports Andrioid 7,8,9,10 and 11.

Gimmal Physical REST API

An extensive library of REST-based web services is available for consumption. Please

Device Hardware

Supported Devices:

Device

Description

Specifications

Zebra TC52

(Mobile Scanner)

This scanner is often used in a warehouse, office building, or campus environment to both check in and out items, as well as reconcile the Gimmal Physical database with where items actually are located. Uses the Gimmal PortableConnect application to interface with Gimmal Physical.

Zebra LI4278

(Wireless Scanner)

A quick way to check in and out items using the Gimmal ScannerConnect application. Normally used at a file room check-point. The base is connected to the computer and the scanner has a limited range.

  • USB port

  • Direct-to-Serial cable for the scanner, with a COM-to-USB adapter

  • Driver for the adapter; PC to recognize the scanner as a COM port connection

  • 80-foot range

  • Gimmal ScannerConnect application

Zebra DS4608

(Tethered Scanner)

A quick way to check in and out items within the Gimmal ScannerConnect application, normally used at a file room check-point.

  • USB port

  • Direct-to-Serial cable for the scanner, with a COM-to-USB adapter

  • Driver for the adapter; PC recognize the scanner as a COM port connection

  • 6ft range tethered scanner

  • Gimmal ScannerConnect application

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.