Xerox Digital Alternatives Security and Evaluation Guide
Xerox® Digital Alternatives
Security & Evaluation Software User
Guide
October 2016
Version 2.0.xx
© 2016 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, DocuShare®, and CompleteView® are trademarks of Xerox Corporation in the United States and/or other countries. BR17760
DocuSign® is a registered trademark of DocuSign, Inc. in the United States and or other countries.
Microsoft®, Windows®, SQL Server®, Internet Explorer®, Active Directory®, and Azure™ are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
iPad® is a trademark of Apple Inc., registered in the U.S. and other countries.
iPad mini™ is a trademark of Apple Inc.
Intel® Pentium® is a trademark of Intel Corporation in the U.S. and/or other countries.
Android™ is a trademark of Google Inc.
Mac® and Macintosh® is a trademark of Apple Inc.
Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequent editions.
Revision History
Date |
Version |
Description |
|
Number |
|
October 2016 |
2.0.xx |
• After release update regarding email addresses being encrypted |
|
|
|
January 2016 |
2.0 |
• Includes Digital Alternatives 2.0 new features content |
|
|
|
May 2015 |
1.2 |
• Includes Digital Alternatives 1.2 Private Cloud deployment capability |
|
|
|
March 2015 |
1.1 |
• Major reorganization to comply with internal security documentation template |
|
|
• Updates for 1.1 Release, including introduction of cloud support. |
|
|
|
August 2014 |
1.0 |
Initial Version |
|
|
|
Table of Contents
1 |
Introduction ......................................................................... |
1 |
|
Product Overview ......................................................................................... |
1 |
|
Xerox® Digital Alternatives Local Server Deployment Methods........... |
1 |
|
How to Use This Guide ................................................................................ |
2 |
|
Intended Audience............................................................................... |
2 |
|
Limits to this Guide .............................................................................. |
3 |
|
What’s New for Release 2.0......................................................................... |
3 |
|
Digital Alternatives Document Processing Workflows ......................... |
3 |
|
Integration with DocuSign® eSignature Service................................... |
4 |
|
Integration with Xerox® DocuShare® Electronic Content Management |
|
|
System................................................................................................. |
4 |
|
New Client Application Host Platforms – Google Android and Apple |
|
|
Macintosh ............................................................................................ |
4 |
|
Software Licensing ....................................................................................... |
4 |
|
Application Compliance and Certification..................................................... |
5 |
|
Implementation - Customer IT Organization........................................ |
5 |
|
Implementation – Private Cloud .......................................................... |
5 |
|
Implementation - Authorized Xerox® Digital Alternative Service |
|
|
Provider ............................................................................................... |
5 |
|
Ongoing Operational Roles and Responsibilities ................................ |
6 |
2 |
Architecture......................................................................... |
7 |
|
System Components .................................................................................... |
7 |
|
Xerox® Digital Alternatives End User Client Application ...................... |
7 |
|
Xerox® Digital Alternatives Local Server Application ........................... |
7 |
|
Reporting Data Communicator Application ......................................... |
8 |
|
Xerox® Digital Alternatives Central Server........................................... |
9 |
|
Local Server Deployment Models .............................................................. |
11 |
3 |
Solution / Application Environments ................................. |
12 |
|
Hardware and Software Requirements ...................................................... |
12 |
|
Local Server Installation Requirements............................................. |
12 |
|
Required Resources for All Deployments.......................................... |
13 |
|
Xerox® Digital Alternatives PC Client Requirements ......................... |
14 |
|
Xerox® Digital Alternatives iPad Client Requirements ....................... |
15 |
|
Xerox® Digital Alternatives Android Client Requirements.................. |
16 |
|
Xerox® Digital Alternatives Apple Macintosh Client Requirements.... |
16 |
|
|
ii |
Xerox® Digital Alternatives Security & Evaluation Guide |
|
|
4 |
Private Cloud Considerations ........................................... |
17 |
|
Private Cloud Implementation Considerations ........................................... |
17 |
|
Establishing Business to Business (B2B) Connectivity ..................... |
17 |
|
Private Cloud Physical Security ................................................................. |
18 |
|
Private Cloud Access Management ........................................................... |
19 |
|
Private Cloud Logical Access Control ........................................................ |
19 |
|
Private Cloud Identification and Authentication.......................................... |
20 |
|
Private Cloud Data Transmissions ............................................................. |
20 |
|
Auditing and Logging.................................................................................. |
20 |
|
Application Timeout.................................................................................... |
20 |
|
Application Security.................................................................................... |
21 |
|
Business Continuity / Disaster Recovery ................................................... |
21 |
5 |
Data Management / Protection ......................................... |
22 |
|
Document Storage ..................................................................................... |
22 |
iii
Xerox® Digital Alternatives Security & Evaluation Guide
Figures
Figure 1: Onsite Implementation....................................................................................... |
10 |
Figure 2: Private Cloud Implementation............................................................................ |
10 |
Figure 3: Local Server Deployment Model........................................................................ |
11 |
iv
1 Introduction
Product Overview
Xerox® Digital Alternatives is a software service supporting the reading, annotating and sharing of documents digitally. Once a document enters a user’s Digital Alternatives client, it automatically replicates to all of the user’s PC and iPad devices on which the Digital Alternatives client is installed. Users can also share the annotated document with other users via the application as well as by email.
Xerox® Digital Alternatives is composed of five main component areas.
Component |
Description |
|
|
|
|
Xerox® Digital Alternatives |
• Performs authentication tasks |
|
Local Server |
• Replicates documents to user’s other devices and to |
|
|
other users |
|
|
|
|
End User Client Software |
• Installs on the end user’s Windows® PC, iPad® or |
|
Application |
supported Android™ tablets or Apple Macintosh® |
|
|
computer |
|
|
• Displays documents for review and annotation |
|
|
|
|
Xerox® CompleteView® |
• Transmits usage data from Digital Alternatives local |
|
Reporting Data Communicator |
server to the Digital Alternatives CompleteView® reporting |
|
|
platform hosted within Xerox. |
|
|
|
|
Digital Alternative |
• Uses Digital Alternatives usage information obtained from |
|
CompleteView Reporting |
the Xerox® Digital Alternatives Local Server to provide |
|
|
analysis of usage benefits to the customer based on |
|
|
industry standard metrics. Hosted within Xerox network. |
|
|
|
|
Internet-based Digital |
• Stores account information and licensing used by the |
|
Alternatives Central Server |
local server and clients |
|
|
|
Xerox® Digital Alternatives Local Server Deployment
Methods
Onsite Implementation
With the onsite implementation method, this component performs all authentication tasks with the client’s IT Active Directory® on behalf of the Xerox® Digital Alternatives user. The user supplies credentials through the Xerox® Digital Alternatives End User Client Application. Another main task of the Xerox® Digital Alternatives Local Server is to replicate documents to a user’s other devices as well as to other users with whom the document is being shared. The Xerox® Digital Alternatives Local Server also performs Global Address Lookup on behalf of the Xerox® Digital Alternatives End User Client Application when sharing documents with other customer Digital Alternatives users. Additionally, if a document is shared with a non-Digital Alternatives user, the Xerox® Digital Alternatives Local Server sends the document through the customer’s email
1
Xerox® Digital Alternatives Security & Evaluation Guide
server for the Xerox® Digital Alternatives End User Client Application. The Xerox® Digital Alternatives Local Server interacts with the Internet-based Central Server to provide documents upon demand to users who are outside of the client’s network infrastructure.
Private Cloud Implementation
Xerox offers the ability to host the Local Server within the Xerox® Private Cloud network on behalf of the Digital Alternatives customer. In this case, no customer onsite server software installation is necessary and the customer is no longer responsible for managing the physical server, as Xerox assumes this responsibility. With the Private Cloud deployment method, a dedicated VPN connection between the customer network environment and the Xerox® Private Cloud environment is required. Access to the customer’s Active Directory and Exchange LDAP resources from the Private Cloud application server provided securely through the established VPN connection between the two networks is also required. All Local Server functionality that exists with the onsite implemented local server is equally supported by the Private Cloud implementation method.
How to Use This Guide
This guide is designed to help Xerox or Partner presales representatives provide their prospective customer’s IT organizations with security related information on Digital Alternatives, to help in the certification of the deployment of Xerox® Digital Alternatives within the customer’s environment. Customer and Xerox personnel can use the guide as part of the presales evaluation, post-sales testing, and acceptance process. Actual test plans and acceptance criteria are dependent upon the formality or required documentation of the customer. This document contains information related to Xerox® Digital Alternatives’ potential impact to security, enterprise IT infrastructure, network traffic, resources, and required planning.
Use this guide primarily during implementation and after contract signature; it can also be used during pre-sales and evaluation activities with a non-disclosure agreement (NDA).
Intended Audience
The customer’s IT, security, and management organizations, as well as management, will use this guide. Before certifying Xerox® Digital Alternatives, customers and appropriate Xerox personnel should have a clear understanding of:
•The IT environment at the site where Xerox® Digital Alternatives will be installed,
–If the private cloud local server hosting option is going to be utilized, an understanding of the nature of the VPN connectivity and its security aspects.
•Any restrictions placed on applications that are deployed on that network,
•The Microsoft® Windows Server® operating system, and
•The Microsoft SQL Server® database system.
2
Xerox® Digital Alternatives Security & Evaluation Guide
Limits to this Guide
The Xerox® Digital Alternatives solution is highly configurable and has many features. This guide covers standard implementations and a typical customer IT. If the customer’s IT environment differs from what this guide documents, then the customer’s IT team and the Xerox representative need to identify the differences and resolve any potential concerns.
The guide’s information pertains to the Xerox® Digital Alternatives 2.0 release. Although much of this information will remain constant through the software’s life cycle, some of the data provided may be revision-specific, and will require periodic updates. IT organizations should check with the Xerox representative to obtain the appropriate version.
What’s New for Release 2.0
Digital Alternatives Version 2.0, offers a number of new capabilities.
•Several built-in document workflows enable customers to process common document workflow tasks such as document review, approval, and signing between Digital Alternatives users.
•The integration with DocuSign® eSignature service allows users to submit documents for signature using their existing DocuSign account for legally accepted digital signatures.
•Digital Alternatives now provides native integration with the Xerox® DocuShare® Content Management Platform that allows documents to be imported and exported from the DocuShare electronic content management solution.
•Additionally, the Digital Alternatives client software is now supported on two new host platforms, Google Android tablets and Apple Macintosh personal computers.
Digital Alternatives Document Processing Workflows
Digital Alternatives provides built-in document workflow management. Users can send documents within Digital Alternatives to another user for review, signing, or approval. Each workflow feature notifies the recipient of a new workflow request. Once the request recipient has completed the requested task, the processed document will automatically be returned to the request originator with a completion date stamp along with any comments from the recipient.
Workflows can be requested of someone outside of the Digital Alternatives system. In this scenario, the document will be sent as an email attachment but will not be returned within Digital Alternatives to the requester when completed.
3
Loading...