Gimmal Physical is a web-based application that is offered as either a cloud-based or on-premises solution. The technical specifications in this document for the following sections are specific to cloud installations.
The Gimmal Physical web application and data will be stored on the Microsoft cloud computing platform known as Azure. Azure is a top-rated cloud provider with 99.9% uptime and is responsible for cloud security, data backup and cloud uptime and availability. This arrangement gives you all the features provided in Gimmal combined with the security resources provided by Microsoft Azure.
By architecture design, the Gimmal Physical web application and database run fully on Azure where each solution is isolated by customer, no multitenancy, no shared resources other than the Azure platform.
Application Architecture Components
Gimmal Physical application architecture includes the following components.
Azure DNS to resolve CNAME mapping to dedicated Azure Cloud Service URL.
Azure Resource Group groups the following components per client.
Azure Cloud Service which runs a dedicated virtual machine hosting the Gimmal Physical web application. Cloud Service connections to all other components within Azure leverage TLS for secure encrypted connection.
Azure SQL Elastic Pool or Azure SQL Database, depending on client data load, client database will be hosted either on a dedicated SQL Elastic Pool or SQL Database.
Azure Storage Blob stores all electronic files created by the Gimmal Physical web application. Digital Content module relies on Storage Blob to store electronic records.
Azure Cache (Redis Cache) is used for session management and cache scenarios to improve performance within the Gimmal Physical web application.
SendGrid SMTP Gateway is used to send transactional email from the Gimmal Physical web application. Connection to SMTP gateway can be either thru port TCP 25 (unencrypted) or port TCP 587 (encrypted via TLS).
Gimmal Physical utilizes the following Azure data centers: East US, Canada Central and US Gov Virginia.
Service Organization Controls Standards
Microsoft covered cloud services are audited at least annually against the SOC reporting framework by independent third-party auditors. The audit for Microsoft cloud services covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service. Microsoft has achieved SOC 1 Type 2, SOC 2 Type 2, and SOC 3 reports.
Secure Sockets Layer (SSL) and Code Signing certificates are provided and managed by the client with assistance provided by the Gimmal System Engineer Team.
Information Protection and Encryption
Transport Layer Security TLS (Encryption-in-transit)
SQL Database secures customer data by encrypting data in motion with Transport Layer Security. SQL Server enforces encryption (SSL/TLS) at all times for all connections. This ensures all data is encrypted "in transit" between the client and the server.
Transparent Data Encryption (Encryption-at-rest)
Transparent Data Encryption (TDE) for Azure SQL Database adds a layer of security to help protect data at rest from unauthorized or offline access to raw files or backups. Common scenarios include datacenter theft or unsecured disposal of hardware or media such as disk drives and backup tapes. TDE encrypts the entire database using an AES encryption algorithm, which doesn’t require application developers to make any changes to existing applications.
In Azure, all newly created SQL databases are encrypted by default and the database encryption key is protected by a built-in server certificate. Certificate maintenance and rotation are managed by the service and requires no input from the user.
Identity Management Integration and Single Sign On (SSO)
Gimmal Physical can integrate with the following Identity Management/Single Sign On (SSO) technologies:
Azure Active Directory (AD)
Microsoft Active Directory Federation Services (ADFS)
SAML2-based Identity Providers (IdP)
Gimmal Physical performs vulnerability scans monthly and performs a scan for every new client build.
The Microsoft Azure platform boasts near 100% uptime and supports robust backup and disaster recovery including Recovery Point Objective (RPO < 5 minutes), Recovery Time Objective (RTO < 12 hours), and Point In Time Restore (PITR up to 35 days). Longer PITR times can be purchased.
System maintenance, outside of application bug fixes/patches, is provided by the Microsoft Azure platform. Patches applied to the Gimmal Physical web application are governed by the Gimmal Change Management process.
Gimmal Physical Web Access
Software to access the Gimmal Physical application.
Modern Web Browser
Gimmal ScannerConnect (optional)
A standalone application that provides an interface for the Zebra DS4608/4278 barcode scanners.
Software to send email messages from Gimmal Physical application.
Gimmal PortableConnect (optional)
A standalone application that provides an interface for the Zebra TC52 barcode scanner.
Supports Android OS
Additional Supporting Applications
Gimmal FileConnect: a Windows service that interfaces with Gimmal Physical web services to push data from network file shares or local folders to Gimmal Physical for storage. A UI is provided to configure the service.
Gimmal ScannerConnect: a standalone application that allows users to transfer items in Gimmal Physical. Used for tethered scanner devices.
Gimmal PortableConnect: An Android application that allows the Zebra TC51/TC52 barcode scanners to collect scans and perform transfers into Gimmal Physical. Supports Andrioid 7,8,9,10 and 11.
Gimmal Physical REST API
An extensive library of REST-based web services is available for consumption. Please
This scanner is often used in a warehouse, office building, or campus environment to both check in and out items, as well as reconcile the Gimmal Physical database with where items actually are located. Uses the Gimmal PortableConnect application to interface with Gimmal Physical.
A quick way to check in and out items using the Gimmal ScannerConnect application. Normally used at a file room check-point. The base is connected to the computer and the scanner has a limited range.
A quick way to check in and out items within the Gimmal ScannerConnect application, normally used at a file room check-point.