What are the hardware components of the Dividat Senso?
The Dividat Senso consists of a input device (plate), computer and a screen
What are the specifications of the computer that is used with the Dividat Senso?
The computer that is to be used with Dividat Senso will be made available by Dividat. The computer has the following hardware specifications:
- TERRA MiniPC V3 Black (Barebone)
- CPU Intel Core i3-7100 / LGA1151 / Tray
- RAM SO-DIMM DDR4 4GB / PC2400 /UB/ Samsung
- SSD Flare 2.5" 60GB Patriot S11 SATA 3
- Operating System: Linux (NixOS-based)
- 24 hours on premise service for 24 months
At what web address can Dividat Play be found?
Which Internet services are contacted by the application?
For normal functionality the Play application (i.e. the interface where the games run) needs to be able to communicate with the following addresses:
- play.dividat.com via HTTPS (TCP port 443): Resources of the web application
- api.dividat.com via HTTPS (TCP port 443): Database server
- rooms.dividat.com via HTTPS (TCP port 443): WebSocket server
In addition to the Play application, a small driver application runs as a proxy between Play and hardware. Play accesses the driver through a local connection (TCP ports 8380 and 8382) on the loopback address (127.0.0.1).
The driver application and the PlayOS operating system additionally access the following addresses:
- dist.dividat.com via HTTP and HTTPS (TCP ports 80 and 443): automatic updates
- log.dividat.com via AMQPS (TCP port 5671): automatic notification of errors
In some networks, PlayOS can more easily identify Internet access if it can access the following addresses:
- captive.dividat.com via HTTP (TCP port 80): Detecting captive portals when connected via wifi
- ipv4.connman.net via HTTP (TCP port 80): Online check
How is remote maintenance handled?
To take care of manual configurations/updates or to manually fix errors, we installed a management system that bases on ZeroTier (https://www.zerotier.com/). Because of the Peer-to-Peer nature of ZeroTier we cannot define which sites may be unlocked. The system can be deactivated/blocked without any influence on the game play. In the next months (when we have more confidence in sound functioning of all the systems) we will deactivate the system by default.
What kind of software is running on the computer system supplied with the Senso?
The operating system is based on Linux/NixOS and includes our hardware drivers. The sources of these components are published under an open source license:
Security Cloud Software
Why is the Dividat software a cloud product?
Our web-based applications are easily accessible on both touch and desktop devices, requiring only an Internet connection and modern browser. In this way, staff can access and work with training data from their desks. Other than the dedicated computer used alongside the Senso hardware, no special hardware or software setup is needed. By delivering the applications through the Internet, we can continuously work on extending, improving and securing them in an economical manner, reducing both cost and maintenance effort for our customers. We believe this is crucial for enabling a large portion of our customers to securely operate the software.
What kind of customer data is processed and what does Dividat do with it?
The core of the personal data processed by our software is a history of each individual's training progress, comprising of exercise time and results. Beyond this, personal information (such as name, sex and date of birth) can but don't need to be stored in the system. Our software also offers aids for performing various assessments, the results of which are then stored for correlation with exercise results. All of this personal data is stored and processed exclusively to serve the customer's needs and is not passed on to third parties or used to mine information. During the operation of the client and server software, logs are collected for monitoring the health of the instances and ensuring proper functioning. Logs relate to events in the servers, software and data bases, and do not contain information about individuals. After a period of 60 days, all logs are deleted from our servers. Aggregate, non-personal information about organizations may be accessed by Dividat to support in the use of the software. Upon customer request, Dividat employee may also access individual data to analyse or resolve customer issues.
How is the data stored?
The personal data at the heart of the software is stored in Swiss datacenters operated by Nine Internet Solutions AG, where various physical measures against data theft and loss are in place. Additional server infrastructure is operated in Switzerland and Germany, but does not handle any data that is directly relatable to any person. The passwords of customers are stored in hashed and salted form. Access to our core backend servers is limited to selected Dividat employees and requires hardware tokens for authentication. The configuration of the servers is subject to version control and repeatable ("infrastructure as code"), patches are applied on an ongoing basis. Recovery backups are created nightly and removed after a period of 7 days.
How is the data secured in transit?
Both our clients and backends require HTTPS, using TLS 1.0 to 1.2. Where TLS 1.0 is still being offered, additional MitM mitigation mechanisms are in place. Authentication endpoints are subject to rate limiting to prevent brute force attacks.
What are the availability expectations of the Dividat software?
Our services' availability is continuously monitored. Both current and past availability can be viewed at status.dividat.com. The status website is operated by a third party and should still be accessible in case our services become unavailable.
Our goal is to make our services available to you at each hour of every day. We have designed our systems so that ordinary updates do not cause any downtime. On rare occasions it may be necessary to take the system offline for routine or emergency maintenance. If we believe that an operation might cause noticeable downtime, we will aim to schedule it outside of peak usage hours. In this case, we will give advance notice via email. In the case of an unexpected downtime, our hosting provider and monitoring service will alert our engineering team.
According to our monitoring service Pingdom our web services have had a yearly availability above 99.99 % since their start in 2016. This includes the backend server at
api.dividat.com, as well as our user-facing websites at
How is the Dividat software developed and deployed?
The software Dividat develops undergoes peer review and is subject to version control. Continuous integration (CI) is in place to automatically run tests each time the software is changed. We use multiple channels for publishing the software, such that new releases can be tested first internally, then with select partner organizations, and only then be made generally available.