The Valarea™ software consumes a REST API provided by our Re Mago Meeting Server (RMS Backend layer) which is credential secured over TLS 1.2 . All communication with the REST API, and our IIS services, are over TLS (port 443) with 2048-bit asymmetric encryption and 256-bit symmetric encryption. The Hubs are authenticated on our servers using a 4 step authentication process with SASL. All inbound and outbound data from our backend layer is encrypted and transmitted over TLS with 2048-bit asymmetric encryption and 256-bit symmetric encryption using certificates from third party credited authorities. Network communication is protected using the latest in technology to secure all your video, audio and data. Using the TLS cryptography protocol, previously referred to as SSL, we provide protection using a 2048-bit asymmetric key in conjunction with a 256-bit symmetric session key. More information on ports used can be found when we within this document. The backend tier provides public services; REST API, IIS. Our customers can choose different backend options for their own deployments, on-premise or on-cloud (Azure) to provide a resilient, low latent and redundant backend:
We support HTTP connections (LAN only), but we strongly recommend encrypted HTTPS over TLS 1.2.
We do not directly tunnels any service. You can access resources only passing through our dedicated API interface and after passing a double level of authentication.
We validate client inputs, verifying the presence of security tokens inside the HTTP headers and checking the content of the client calls.
We implemented a strong custom authentication based on a double security token. The first token is released at the first call and is mandatory to retrieve the second token. The latest is verified at the beginning of each client call.
We added rate limits to the authentication attempts that a client can do in a time unit. After this number/time limit, the attacker client is blocked.
Valarea Cloud has an A rating from Qualys SSL Labs, the highest ranking possible, which means it is protected from all known attacks and follows all best practices.