Apttus Intelligent Cloud on Microsoft Azure – FAQs regarding Technical Architecture

The Apttus Intelligent Cloud™ (“AIC”) is a suite of SaaS applications that can be run on a number of different online platforms, including Microsoft Azure (“Azure”). If Azure is selected as the underlying hosting platform, AIC is deployed into Apttus’ instance of Azure and managed using Azure Cloud Services – standard Microsoft terms and conditions apply. Apttus’ customers will then be given access to the functionalities of AIC on Azure.

As a mental model, you could imagine that the Azure platform is a city or town, with many neighborhoods, blocks, and buildings. Azure then rents a city block or a building to Apttus to host the AIC. Apttus in turn allocates or sublets individual apartments in that building to its customers. Most customers rent an apartment in Apttus’ main building – a shared property for multiple customers (“multi-tenant environment”), where certain infrastructure components such as HVAC, plumbing, etc. are shared for the sake of efficiency, optimization, and cost savings. In technical terms, this means that multiple customers could share the same physical hardware (such as CPU and memory). This architecture allows for the most efficient use of resources, the highest delivery quality, and the easiest access to new functionality. Regarding storage, each customer has their own Azure storage account. This method allows the underlying Azure infrastructure to efficiently manage the separation of data between different accounts. Apttus can also accommodate a customer’s desire for a standalone building with no shared infrastructure (“single-tenant environment”) when special circumstances are present.


Architecture and Deployment Options


How does Apttus Intelligent Cloud use my data?

The customer data that will be processed by AIC resides in the customer’s (online or on-premise) instance of Microsoft Dynamics CRM (“Dynamics”). Customers will need their own licenses for Dynamics. Plugins that communicate with AIC are implemented as CRM Ribbon Actions into the customer’s unique Dynamics instance. In order to launch the AIC user interface and perform its functionalities, the users log into Dynamics and, from there, via plugins, have access to the AIC user interface. When a user processes the customer data by running AIC, the respective customer data is sent from Dynamics to AIC on Azure, where it is processed, then sent back to customer’s instance of Dynamics, where it continues to be stored.


Does Apttus Intelligent Cloud run on my own Azure instance?

We run AIC on our own Azure account (our “instance”).  The customer doesn’t need to procure their own Azure, and we do not run on the customer’s Azure instance.  AIC will be deployed in different geographic locations, depending on customer need.


Does Apttus store my data? Am I able to specify where my data is stored?

CRM data, such as account objects, is stored in the customer’s CRM instance. Contract documents can be stored either in the customer’s storage (such as Sharepoint or the customer’s Azure Blob Storage), or in Apttus’ Blob storage, located on one of multiple Azure locations. Azure Blob storage is a service that stores unstructured data (such as documents) in the cloud. Customers will be able to select whether to store contract documents on their own storage or which Apttus storage location to use.  If a customer chooses their own storage, then no customer data is stored by Apttus. Certain features of AIC (such as, for instance, Smart Search) require that customer data is cached and stored by Apttus.


How is my data protected on Azure?

Using the mental model from above, while Azure as the “Landlord” is responsible for providing general security in town, as well as basic infrastructure services such as e.g. HVAC and plumbing, Apttus is responsible to secure the individual buildings and apartments that it leases from Azure, for instance by providing door locks to the apartment doors, and interior fittings (which, in this model, would be AIC).

No customer data is transmitted in an unencrypted state over a public network. For the general security architecture of Azure or Dynamics, we fully defer to the applicable security standards provided and published by Microsoft.