Infrastructure

Cloud

By default Kademi is offered as SaaS software in any of our multi-tenant instances located in Amazon AWS data centres around the world.

Kademi integrates with AWS to provide simple and centralised management of otherwise complex capabilities, including:

• Domain purchasing and DNS management via Route 53
• High speed Content delivery network (CDN) via Cloudfront
• Fast and efficient video delivery with Elastic Transcoder
• Auto-scaling and self healing with Elastic Load Balancing
• Robust and fast database with AWS Relational Database Service
• Highly secure communications with Amazon Certificate Manager
• High availability and elastic content storage with S3 and Elastic Block Service

On premise

Thanks to Kademi’s pluggable architecture, the platform can be deployed to a customer’s own server infrastructure almost as easily.

This makes it possible to ensure data sovereignty and to leverage an existing IT investment.

Some peripheral services are unavailable in a non-AWS environment such as

• DNS purchasing and management
• Integrated issuance of TLS Security Certificates (TLS/SSL is still available, just not the ability to self-provision certificates)
• Content delivery network (custom integrations may be possible on request if needed)

Other services may require customisation to implement to a customer’s requirements:

• Network load balancing, ie with Nginx or Fortigate.
• Storage, either through integration with http services or NAS

Security

Kademi has been built from the ground up with consideration given to OWASP concerns, and includes using some OWASP code artefacts.

Kademi supports latest secure connection technology, including TLS1.2+, and support for additional headers such as “HTTP Strict Transport Security” and X-Frame-Options.

Kademi is constantly reviewing and monitoring our service for security weaknesses, and taking action to mitigate any possible vulnerabilities. 

The Kademi application stack includes an advanced Intrusion Detection and Prevention (IDP) framework will allows all requests to be inspected and a rules based policy to be applied. These policies can consider a variety of factors to assess risk, such as geolocation, implausible changes of a user’s geolocation, abnormal rate of response codes, etc. And a variety of actions can be taken as appropriate for the level of risk, presented by such activity, such as dropping a connection, grey-listing an IP, black-listing, admin notifications and locking out user accounts.