Skip to main content
All CollectionsPrivacy & Security
Medallia Concierge Architecture & Security
Medallia Concierge Architecture & Security

A high-level overview of Medallia Concierge's architecture, security, and network requirement.

Updated over a year ago

Client Network & System Requirements

Medallia Concierge is a fully cloud-based platform with no on-premise software nor servers required. As such, the system requirements to allow usage of Medallia Concierge are rather simple.

Network Requirements

Medallia Concierge’s Team Inbox requires a modern web browser (supported versions viewable here ) and the ability to access Medallia Concierge’s systems using standard HTTPS over port 443 with TLS 1.1 or higher.

The domains used by Medallia Concierge’s system are:

  • app.zingle.me

  • api.zingle.me

  • d.zingle.me (if using leased Medallia Concierge printers)

  • services.zingle.me

To provide maximum system availability, Medallia Concierge uses AWS Elastic Load Balancers (ELB). ELBs do not support static IP addresses and as such Medallia Concierge is unable to provide blocks of IP addresses for firewall whitelisting. If you are unable to whitelist the domains listed above please contact your Medallia Concierge account manager for possible workarounds.

Infrastructure

Hosting

All of Medallia Concierge’s infrastructure is hosted with Amazon AWS. Our primary infrastructure resides in AWS’ Oregon data center. Medallia Concierge has redundant storage of all customer data in multiple AWS regions with snapshots saved to secure AWS S3 buckets four times per day.

Environment Separation

Medallia Concierge’s engineering staff utilizes local development environments (on their own computers) which contain nor have access to customer data. Medallia Concierge’s testing and staging environments also do not contain nor have access to customer data. These environments are hosted with AWS but are sandboxed in Virtual Private Clouds (VPC) that have no network access to the production environment.

Data Storage

Medallia Concierge uses three systems for data storage: MySQL (primary data store), ElasticSearch (message and contact indexing), and Redis (cache, queue, and session management). None of these systems are directly accessible from the public internet. Access to these systems is only allowed from other internal segments within Medallia Concierge’s production Virtual Private Cloud (VPC) Only AWS-hosted Medallia Concierge application servers have access to Medallia Concierge data stores.

Encryption

All production Medallia Concierge data stores encrypt data at-rest using disk encryption mechanisms provided by AWS. All encryption keys are managed by AWS’ Key Management Service. All data in transit is encrypted using TLS 1.1+. This includes data transmission between clients (customers) and Medallia Concierge’s systems as well as data transmission between Medallia Concierge systems within the production VPC. The only exceptions to this policy are integrations with 3rd-party systems on behalf of customers that do not support encryption. For example, Oracle Opera is able to send room-ready messages but not using HTTPS, therefor we allow this information to be transmitted to us by Opera unencrypted, but only when this functionality is demanded by a customer. Integration with such 3rd-party systems is optional and only enabled upon customer request.

Security Patches

Operating system and software security patches are installed on all Medallia Concierge system regularly. Systems approaching end-of-life (due to removal of vendor support) are upgraded or removed prior to vendor support being terminated

Vulnerability Scanning

Automated dynamic vulnerability scans are carried out nightly against the QA environment (to ensure that coming releases do not introduce security issues) and weekly scans are carried out against the production environment. These scans check for known general security vulnerabilities (including OWASP Top 10) as well as possible security vulnerabilities in the languages and frameworks used by Medallia Concierge’s platform.

Did this answer your question?