First, you should choose a service provider that meets your criteria for Security Availability, Processing Integrity, Confidentiality, and Privacy. This is commonly described on the service providers’ website in compliance documentation about Service Organization Control (SOC), as a result of regular external audits. You should also review their Service-Level Agreement (SLA) for the maximum guaranteed availability and the average length of downtime occurrences. Amazon Web Services, Google Cloud Platform and Microsoft Azure both provide this documentation.
To install and operate Marvin Live, you’ll need a service that gives root access to an isolated VM, meaning you share the VM with no other user, have full control over what software is installed and full control over how the VM is reachable to the outside world. Amazon Web Services offers EC2, Google Cloud Platform offers Compute Engines, while Microsoft Azure offers Virtual Machines.
Marvin Live’s hardware requirements are listed in the install guide. Typically a small instance with 1 CPU core and 1GB RAM (besides the operating system) is enough:
Windows Server 2008 R2 or newer, or Ubuntu 14.04 LTS, RHEL 6.4 or newer
Up to 1GB free RAM
50MB free space
optionally, check JChem Web Services’s requirements as well
Marvin Live’s performance is network sensitive. The lower the latency between the server and clients, the better experience it will provide. If possible, choose a data center at the optimal position between the users.
During installation, you will configure Marvin Live with a port, this needs to be configured for incoming TCP connections to let users join. Typically this is port 443 for HTTPS traffic or port 80 for HTTP (not recommended).
When configuring Marvin Live, pay special attention to the security configuration to keep your sensitive data out of unwanted hands. To prevent others from tampering with the connection, tls should be enabled with proper certificates, and a unique secret_key should be chosen. To only allow authorized parties from connecting to the application, authentication should also be enabled with an identity provider configured that contains all users of this system. TLS and use of certificates requires a DNS with a fixed IP address. Amazon EC2 and Microsoft Azure VMs both provide these options.
As this instance of Marvin Live will be outside of your company firewall, your plugins won’t have easy access to internal tools that may be useful as real time and resolver plugins. For internal services you will need to configure the plugins to authenticate themselves first.
You may also consider customizing the theme of Marvin Live to include reminders and warnings about confidentiality or the context of work. Review the theme customization guide for further details.
To automatically delete stale data and reduce the risk of leaks, you should consider enabling the deleteUnusedRooms option, which automatically and permanently deletes all data associated with an idle room from the embedded database. You may also consider setting up a backup service that frequently makes a copy of the VM to restore to in case of any issue. Amazon Web Services and Microsoft Azure both provide storage solutions for this, though a different provider/service is logically a better choice here, in case both the VM and the backup service suffer from the same issue.