General System Description
Planview IdeaPlace SaaS enables you to harness the collective intelligence of your employees, customers, and partners to solve today’s problems, maximize tomorrow’s opportunities, and accelerate innovation.
The IdeaPlace platform is backed by proprietary crowd science algorithms and a proven methodology that together deliver bottom line business results. IdeaPlace’s ideation management platform enables organizations to create and manage a pipeline of ideas to drive new business strategies, product development, operational efficiencies, and employee engagement.
Using IdeaPlace, business leaders find the best ideas, make the right decisions, and foster a culture of innovation. IdeaPlace's designers believe that ideation is a systematic process that can and should be managed. IdeaPlace replaces the siloed and often one-off pursuits of the next “big idea” by managing ideation as a business-critical function across the entire organization. Ideation in companies is often ad-hoc, high-risk, and hard to value.
IdeaPlace introduces a structured process that’s predictable, scalable, engaging, and transparent. This new model is built around powerful patented algorithms and industry-proven methodology that replace guesswork with science. IdeaPlace enables the collective intelligence of a company’s “crowd” – employees, customers, and partners – to accelerate innovation. In turn, IdeaPlace allows companies to create fully predictable ideation processes that produce measurable, bottom line business results.
SaaS System Components and Architecture
IdeaPlace is deployed as a software as a service (SaaS) hosted in one of several dedicated Rackspace Tier 3 ISO 27001 certified data centers. This allows you to select your hosting location from a choice of United States, United Kingdom, Hong Kong, or Australia. Your choice of location is primarily driven by being closest to the location of your intended users, and influenced by regulatory considerations. Each data center location can serve a global organization.
The SaaS environment is CentOS (Linux) based and uses Hewlett Packard enterprise class servers, enterprise class SSD storage configured in fault tolerant RAID 10 configurations with full disk encryption (AES256), high availability Cisco network switches, high availability Cisco firewalls, and both security and vulnerability monitored by Alert Logic intrusion detection (IDS), intrusion prevention (IDP), Threat Manager, and log management (SEIM) systems. Only ports 80 and 443 are open to the Internet, and port 80 is redirected to port 443. All other ports are blocked.
Each customer is deployed on shared or dedicated servers (depending upon option ordered) in a customer dedicated application instance and database to provide secure segregation of the customers’ data and operation. The application itself is written in Java and uses Apache web server, Apache Tomcat application server, Shibboleth SP for SAML integration, Apache SOLR search server, Thumbor image server, Sophos malware file scanning, and MariaDB.
IdeaPlace is designed to use our Shibboleth SAML SP service to integrate with customer SSO services that support SAML 2.0.
External Third-party Components
IdeaPlace uses Power BI's business analytics system to provide best in class reporting and dashboards. Power BI workspaces are hosted in the United States and EU. IdeaPlace uses Amazon Web Services S3 for offsite storage of customer specific data backups that have been fully encrypted (using AES256 encryption) prior to their secure online transfer to S3.
IdeaPlace utilizes transport layer security (TLS) for all API and user communications between the users’ browser and the application using strong Diffie Hellman ciphers and SSL digital certificates with RSA 4096 bit key strength. Currently IdeaPlace supports the use of TLS 1.2. Upon customer request, access to their IdeaPlace instance can be further restricted to specific IP ranges (typically the customer’s Internet gateway(s)) or via VPN using IPsec.
IdeaPlace application notifications via email that require TLS transport are signed, and use DKIM authentication and DMARC.
IdeaPlace provides SSO and/or application authentication depending upon the customer’s preference and intended application usage. If using application authentication, the password policy is configured for the specific customer’s requirement. If using SSO, using a SAML 2.0 compliant identity provider is IdeaPlace’s preferred approach. Common identity providers in use include ADFS, LDAP, Okta, Ping Identity, and Google Auth.