Azure Migration
Our migration to Azure is a major milestone in completing one of the many investments into the YourCause product offerings. By hosting CSRconnect in Microsoft Azure, we are assuring the platform is built, serviced, and supported by modern, secure technology so you can focus on your company’s social good impact.
A few benefits of migrating to Azure include:
- A more scalable and robust infrastructure that will improve consistency and uptime of CSRconnect
- Enhanced security with the introduction of a new web application firewall
- A larger offering of tools and capabilities that give us a powerful platform for future product improvements
- Improved performance by brining all parts of the application into a single high-performance cloud environment
FAQs
-
The following are updated IP addresses for our User-Acceptance Testing and Production sites. (For your IT team’s reference: these include all application and SFTP IPs for firewalls or SFTP exceptions):
UAT
Prod
207.120.32.0/20 and 209.160.100.0/22
207.120.32.0/20 and 209.160.100.0/22
52.232.204.61
20.122.54.202
20.97.237.69, 52.232.204.39
20.122.53.253
52.232.204.39
20.122.55.16
52.232.204.82
20.122.54.41
52.232.204.51
20.122.54.200
52.232.204.69
20.122.55.241
20.97.237.69,52.255.155.182
20.242.35.73, 20.115.117.245
52.232.204.61, 52.255.155.182
20.122.54.202, 20.115.117.245
Connect with your IT team and/or the IT team of your vendors who work with us for file exchanges (HR, payroll) and direct them to this page. They have two actions to take:
1. Accept the new SFTP fingerprint. The server’s fingerprint identifies that you’re connecting to the correct server. With our move to Azure, the server fingerprint will change.
There are two options for acceptance:
- After the migration. This new fingerprint will need to be manually accepted by your file transfer team or your file vendors for HR and payroll file exchanges. This should be an easy task and, in most cases, will simply be the click of a button.
- This is the only option if your FTP client does not support multiple host key fingerprints.
- Prior to the migration. Please note that this will require your IT teams or your vendors’ IT teams to complete the installation. Our team will not be able to provide installation support.
- This is an option if your FTP client does support multiple host key fingerprints.
- For this option, provide the following info to your IT team:
- Host Key Algorithm: SSH-RSA
- Host Key Bit Strength: 1024
- SHA-256: 0pojQpUrxBKppZKiYtLiellxwbI2wxboHCKMU9Plq2I=
- MD5: 98:44:12:3c:0d:f8:71:18:4e:83:a3:9b:e8:86:60:4b
2. Provide our new Prod IP address for the SFTP to your IT teams or vendors IT teams. If your file transfer systems connect to our server by IP address or if you must allow traffic from specific IPs before a connection can be established, this will need to be updated. This is uncommon, but should be verified.
- Action: Provide the IP address 20.122.53.253 and the FQDN ycsecureftp.yourcause.com to your IT team and the IT teams of your vendors who work with us for file exchanges. They will be able to determine if action is needed, which is uncommon.
Please note: we are unable to provide installation support for a fingerprint or IP exceptions. Please connect with your IT team or FTP provider for assistance.
When will the current host key be removed?
Update once migration date and time confirmed. New key takes effect in that moment.
What error message returns in the Blackbaud SFTP log?
Because SFTP host key validation is completed client-side, we are unable to monitor and report on host key validation errors. Please ask your IT team to check the logs and/or configuration of your FTP client.
- After the migration. This new fingerprint will need to be manually accepted by your file transfer team or your file vendors for HR and payroll file exchanges. This should be an easy task and, in most cases, will simply be the click of a button.
-
No, this migration will not impact any SSO configuration or set-up.
-
Microsoft Azure is a best-in-class cloud service provider that has won numerous industry accolades for security and scale.
-
Moving to Azure will increase the reliability, scalability, and security of the CSRconnect platform. Our migration to Azure will be a key milestone in evolving CSRconnect into a more dependable and robust platform as part of the additional investments Blackbaud is making into the YourCause portfolio.
-
Product Reliability – 99.9% uptime commitment supported by physical, operational, and software measure for 24/7 monitoring.
Enhanced Security – With its Federal Risk and Authorization Management Program (FedRAMP) High authorization—which includes 18 Azure services— more than 70 compliance coverings, and commitment to the General Data Protection Regulation (GDPR) requirements, it’s the most trusted cloud.
Scalability – A larger offering of tools and capabilities that give us a powerful platform for future product improvements
-
The targeted migration date & time is Saturday, June 11th beginning at 12:01am EST. Our goal is to have the migration completed Saturday, but there is a possibility the migration will continue into Sunday, June 12th. During this time, CSRconnect will be unavailable to access.
-
Yes- data is moving from our private datacenter in Colorado to the East US 2 Region of Azure. Data will be both hosted and stored in the East US 2 Region.
-
A cross functional team of CSRconnect subject matter experts were pulled together to ensure a seamless transition to our product hosted within Azure. This included ensuring all existing processes and functionality were all in working order through all of our environments.
-
Migrating to Azure is going to increase the cybersecurity of the CSRconnect platform because it is a best-in-class, industry leading cloud provider. We’ve already updated our security documentation to reflect the positives changes we will recognize across our security infrastructure as part of this migration. If your internal Security or IT teams have any questions, please direct them to these resources:
Cloud Security Alliance Registry
Blackbaud Cloud Whitepaper
Additional Technical FAQs
-
Yes – Blackbaud uses various strong encryption mechanisms across our environments and products, including TLS 1.2, AES 256, RSA 1024 and other FIPS140-2 encryption algorithms
-
Our products are multi-tenant solutions. Tenants (clients) are logically separated using a Tenant ID in the data stores.
-
Blackbaud maintains protocols and standards to help protect Customer Data (meaning the data consisting of Customers’ confidential information, including constituent data) contained in Blackbaud solutions. Customer Data doesn’t include aggregated or anonymized data or data about a customer, like current or prospective customer contact information held in our internal customer management system. Blackbaud will only collect, process, and store Customer Data that is necessary to fulfill contractual obligations with customers. Blackbaud retains Customer Data throughout the full term of the contract for such solution.
Upon cancellation of a solution, Blackbaud maintains a standard process to remove Customer Data in accordance with industry standards. Typically, after a customer leaves Blackbaud entirely or cancels a particular solution, Customer Data with respect to that solution/s is
decommissioned/removed from applicable infrastructure, and then associated backups of that Customer Data are retained (offsite) for 90 days before being automatically purged. In some instances, Customer Data will be maintained to comply with legal and regulatory obligations.Blackbaud may also keep Customer Data to assist with fraud monitoring, detection, and prevention activities and to comply with tax, accounting, and financial reporting obligations. Additionally, Blackbaud is required to retain certain Customer Data through contractual commitments to financial partners, and where data retention is mandated by the payment method(s) utilized by the customer. In all cases where Customer Data is retained, it is done in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
-
We commit that the production version of your solution will be available at least 99.9% of the time calculated on a monthly basis, excluding planned and critical maintenance. We will monitor performance indicators on the systems and network infrastructure to gauge overall performance and will take reasonable steps to address systems and network infrastructure as required to maintain application performance. We will use an internal system to measure whether the solution is available.
-
Blackbaud’s Disaster Recovery plan is built around the necessity to restore services within 72 hours of a major catastrophic event that puts our primary datacenter out of service.
-
Blackbaud will manage your cloud solution end-to-end with world-class performance and reliability. With redundancies throughout the network infrastructure and strict data backup guidelines, Blackbaud provides a high level of assurance that your applications and data are always available for your users. The three steps we take to ensure your files are backed up are as follows:
Redundancy
Blackbaud has taken a layered approach in our daily operations to support data backup and restoration to ensure your data remains available and accessible 24/7. The first step is to provide redundancy at the database server, which is accomplished through “clustering.” Failover clustering in Microsoft SQL Server provides high-availability support for an entire SQL Server instance. For example, you can configure a SQL Server instance on one node of a cluster to migrate to another node in the cluster during a hardware failure, operating system failure, or a planned operating system or Microsoft SQL Server upgrade.
Backup and Recovery
The second step to ensuring data availability is to adhere to a strict backup schedule. Backups and restoration are essential safeguards in the protection of your organization’s data. Backups are encrypted at rest and in transit.
- Backup Frequency Transaction Log: 15 minutes
- Full: Weekly Backup Retention/Recoverability
- Point-in-time: 7 days offsite (georedundant) End of week: 4 weeks offsite (georedundant)
- End of Month: 6 months offsite (georedundant)
- Our offsite backup storage is geo-redundant, and file restoration is tested daily for each file server.
Creating backups allows Blackbaud to help your organization recover your data in the event of: Media failure User errors (e.g. deleting a record or table by mistake) Hardware failures (e.g. a damaged disk drive or permanent loss of a server)
You may also request a copy of the backup be made available on a monthly basis for you to download and retain.
Blackbaud’s final step in ensuring the availability of your data is to implement a validation process to verify backups have completed accurately and on-time.
Automation continually monitors our infrastructure, including scheduled tasks such as database backups, and we use system/service monitors that log the successful completion of jobs, such as SQL backups and Data Domain® data transfers. These monitors will alert us of any failures. Additionally, we periodically refresh various customer production databases to mitigate the risk of backup data corruption.
With redundancy, consistent backups, and database restoration, Blackbaud can assure your organization that your data is in great hands.
-
Please contact your Customer Success Manager if you have additional questions.