23.07.2024
Reading Time: 5 Minutes

Secure document distribution – How does the Web Portal work?

In this Article
    In the age of advancing digitization, paper is a secure but relatively slow and resource-intensive way of transmitting documents.

    Distribute documents securely? No problem with the SEAL Systems web portal! You can share digital documents of any kind in a secure and traceable way with registered users or recipients of a corresponding access link. Notify the recipients by e-mail and send them an access link to the share containing the documents. The recipients are either registered users / groups who must authenticate themselves to access the documents. Or ad hoc recipients who receive a specific, temporary URL for one-time access to the share.

    Users can preview the documents (common file formats are supported) and download them individually or as a whole as a ZIP file. You can track access to the documents by recipients both via email notification and via the REST API. This allows you to share documents in almost unlimited numbers and sizes. By default, we use an Amazon S3 bucket or an S3-compatible storage system; we can connect other backends on request.

    Use cases

    The web portal can be linked directly to our customers’ business processes via the PLOSSYS® Distribution Engine. This gives our integrations for SAP® solutions in particular an additional output channel. For example, you can automatically collect all documents for a production order, a purchase order or a maintenance order in the SAP® software. They are then made available electronically along with the corresponding routing slips, order forms or work instructions. So you can distribute documents securely!

    In combination with the PLOSSYS® Distribution Engine, you can convert the documents into a standardized document format, such as PDF/A, before distribution, so that they can be accessed securely by the recipient.

    Architecture

    The SEAL Systems web portal is a web application in cloud-native technology, i.e. it is based on microservices and follows the principles of a 12-factor app. Furthermore, it is based on the modular SEAL Systems client framework, which consists of a server part (also called “operator”) with a RESTful API and a user interface for the web application. SEAL Systems offers several client applications based on the same framework, which you can combine and connect depending on the application scenario. The framework provides basic and overarching functions, while the application-specific functions of the web portal are implemented as a server module (also known as a “service”) and as a UI app. The services can be provided together with the core service or with a backend system. The server core and the modules communicate via HTTPS using the same RESTful API.

    SEAL Systems Client Framework

    Übersicht SEAL Systems Client Framework

    The portal and the underlying framework are designed for both cloud cluster operation (supports K8s and OpenShift) and server installation under Windows, SuSE or RHEL. A distributed multi-cluster layout with load balancing and failover is possible for extremely high availability.

    Architecture

    Übersicht Web-Portal Architektur

    You can send notification e-mails (based on templates) using the mail dispatch function, which is integrated in the web portal. Use of the integrated notification service is optional. You can also create and distribute notifications independently, for example to integrate the notification into more complex processes or other messaging procedures. The web portal provides all the necessary data via REST API. SEAL System offers suitable tools for creating more complex communications on a web portal basis.

    Security

    Both the web portal and the client framework make no compromises when it comes to security. Login and access control are based on OAuth2/OIDC and are compatible with common IDPs such as AzureAD (Entra ID), Keycloak or Auth0. This also ensures support for multi-factor authentication. If login information is required to access external systems, it can be stored in an integrated keystore, which then enables transparent SSO authentication.

    Data in transit is TLS-encrypted, bulk data at rest can be secured by encrypting the storage services. If required, operating data can be protected by database encryption. For applications with high security requirements, the web portal can be used as a confidential computing application within an IBM Hyper Protect environment. This shields the entire runtime environment cryptographically and data in memory (data in use) is encrypted, providing FIPS 140-2 Level 4 security.

    SEAL Systems places a strong focus on software security throughout the entire development process. We test both the client framework and the web portal application in extensive automated security tests in a dedicated test environment. Each build process includes automatic updates of upstream libraries with known security issues, and SEAL Systems uses Software Supply Chain Management (SBOM) for components of the client framework.

    Your benefits

    • Easy to use – Seamless integration into your business processes via the PLOSSYS® Output Engine or the PLOSSYS® Distribution Engine
    • Your contribution to environmental protection – Significant savings in paper
    • Speed – Make your documents available to internal and external recipients at the touch of a button
    • Flexibility – Access from the workplace in the office, at home or with mobile devices
    • Secure – By using the latest security standards, you can distribute your sensitive and confidential documents securely
    • Easy to implement – We can provide you with the web portal as software as a service. However, it can also be implemented quickly in your environment.

    Factsheet Web-Portal

    You can find out more details about which applications the SEAL Systems web portal is particularly suitable for and how exactly it works from a sender and receiver perspective in our factsheet.