Architecture - x360Sync

Written By Tami Sutcliffe (Super Administrator)

Updated at March 16th, 2023

x360Sync is a software platform that enables online file synchronization, sharing, and backup for businesses. With a focus on security, reliability, and integration, x360Sync provides IT professionals with a solution to the universal access, sharing, and file-recovery problems that plague businesses. Simply put, x360Sync is the most advanced file-based cloud-synchronization platform for businesses.

The platform is comprised of two services: server and agent. 

  • The server service can be hosted within a company’s internal infrastructure or may be provided by x360Sync’s hosted cloud infrastructure
  • The agent can be deployed to a multitude of endpoints, including desktops, laptops, servers, and mobile devices. Policies and management controls are administered by the user.

AES.png


Technology

The x360Sync server and agent were built using C++ to maximize the use of machine resources and to provide cross-platform support. The x360Sync server brokers the sync events among agents and stores files as encrypted and compressed binaries. File meta-data such as filename, modified date, and revision information are abstracted and stored in SQLite databases for purposes of scalability and rapid-access. Policy and account information are stored in a PostgreSQL database. Accounts are provisioned and policies are governed through a web interface powered by Apache.

Note: The x360Sync team is currently working to migrate SQLite databases to PostgreSQL for improved performance.



System requirements

The full description of all x360Sync system requirements can be reviewed here.



Integration options

x360Sync is committed to providing partners with advanced integration options, allowing MSPs and other service providers to manage x360Sync while leveraging familiar tools and systems.  Administrative integration options include:

End users can also integrate with the applications they know and use on a daily basis. End user integration options include:



Load-testing considerations

Server

In-lab load-testing has identified that x360Sync installed on a Windows 2008 R2 Server that meets the recommended system requirements can concurrently handle the following load without incident:

  • 5,000 simultaneous connected agents each syncing files up and down
  • 1,200 simultaneous Apache web requests

Desktop Client

Because of the use of an rsync-derived algorithm and a file-queuing mechanism on the desktop client, there is no logical limit to the number or size of files that can be backed-up by the x360Sync desktop client. File size and count limitations are determined by the file-systems in use, not the x360Sync desktop client.


Revision capture

x360Sync employs an rsync-derived algorithm that only sends and stores a file’s deltas (changes), compressed and encrypted, from revision to revision. This algorithm detects byte-level changes and, unlike block-level algorithms, will not re-upload an entire file even if all data within a file shifts as the result of a block being inserted at its beginning.


Security

Security is a core component of the x360Sync platform. If a device is compromised, administrators have the ability to remotely wipe x360Sync data from affected machines. No passwords or confidential information are stored in plain-text in the database. Additionally, our hosted solution operates in an SSAE16 and SAS-70 Type II compliant datacenter.

Data is protected using 256-bit AES (Advance Encryption Standard), both in transit and at rest.

When syncing data to the server, the desktop client encrypts data using 256-bit AES. This data is then sent over TLS to the server, which receives the encrypted binary data and stores it in its encrypted format at rest.

When the desktop client requests data from the server, the data is received over TLS; the desktop client then decrypts the data upon receipt before turning it into the original file. When a file is requested through the web, mobile apps, or through the API, the server will decrypt the data and then present the full file to these clients.

The Apache configuration includes TLS ciphers that successfully mitigate the risks of the POODLE  vulnerability, as well as potential BEAST server-side attacks. Additionally, to protect against brute force and dictionary attacks, browsers are prevented from logging in for 30 minutes after 5 failed login attempts.

The following password-complexity requirements are enforced across the x360Sync system:

  • The password is at least eight characters long.
  • The password does not contain three or more characters from the user's account name.
  • The password contains characters from at least three of the following five categories:
  1. English uppercase characters (A - Z)
  2. English lowercase characters (a - z)
  3. Base 10 digits (0 - 9)
  4. Non-alphanumeric (For example: !, $, #, or %)
  5. Unicode characters

For hosted solutions, partners must provide their own SSL certificate.


High availability and reliability for Private Cloud partners

For partners planning on hosting their own x360Sync platform, there are several configurations which support high-availability. By default, the x360Sync Server Installer installs a single application server, web server, and database server on one machine. Alternatively, partners may want to configure a high availability (HA) environment where the Apache server and PostgreSQL database server are installed on separate machines and x360Sync is replicated on multiple machines. Ultimately, this eliminates a single-point of failure at the x360Sync level and allows for distribution of load across multiple x360Sync servers.

Note: The high availability configuration is for the x360Sync server only; it is not for the Apache or PostgreSQL server. While HA configuration allows partners to place Apache or PostgreSQL on the server of their choice within the high availability cluster, it does not replicate the Apache or PostgreSQL servers. The system will only recognize one instance of the Apache server and one instance of the PostgreSQL server. Instead, both Apache and PostgreSQL can be set up on a host either with VM or HyperV. 


Raw binary data 

We recommend that the volumes allocated for the storage of raw-binary data be configured in a RAID-array or other highly-reliable, healable storage format. 


SQLite DBs

SQLite databases take up a relatively miniscule percentage of storage compared to the raw binary data. x360Sync recommends that SQLite databases be backed up regularly using standard file or disk backup applications.



SUPPORT | 720-204-4500 | 800-352-0248

1401