Sapho deploys as a Java .war file into a Java application server such as Tomcat, which can be deployed in the internal network and managed and protected like other application servers.
Sapho stores all metadata and cached data into a SQL92 database such as MySQL, which can be isolated on the internal network like other database resources.
Sapho is accessed via HTTPS via a reverse proxy such as NGINX or Apache and mobile access can be enabled via VPN, like any other internal network resources.
Sapho authenticates users with the existing Active Directory or LDAP identity server. It authorizes use of the mobile app with the existing authorization groups based on existing Active Directory or LDAP identity servers.
All interactions are logged into either the application server or system log, which in turn are pulled into the existing log management system, so any security incidents can be remediated like any other internal application.
Private cloud deployment
When deployed in an Amazon, Azure, or Google private cloud, Sapho can use available PaaS features such as Amazon’s Beanstalk Java PaaS and RDS managed database. Like other private cloud resources, Sapho will use your IPsec backhaul to connect to internal systems.