This document answers key questions about Veeva Network’s migration to Amazon Web Services (AWS). For any further questions, please contact your customer success manager (CSM) and/or Veeva Support.
As part of our commitment to ongoing innovation and customer success, Veeva is moving its worldwide computing infrastructure from managed data centers to the Veeva virtual private cloud (VPC) running on AWS. This move began in the second half of 2017 across all Veeva product lines.
This change brings significant benefits to our customers, many of whom are already widely adopting AWS in their operations.
Specifically, the transition to the AWS elastic infrastructure enables Veeva to:
- leverage the rapid pace of innovation in cloud infrastructure
- deliver improved security, uptime, high availability, scalability, and disaster recovery
- precisely control the region/country where the point of delivery (POD)s are located and data is stored
In addition, AWS data centers share equivalent certifications with the current Veeva data centers including SOC2 Type II, ISAE 3402 Type 2, ISO 27001, and ISO 9001.
How will the migration impact me?
The following features will be impacted for the Sandbox migration:
- Revision History: Historical Revision History data will not be provided. This is the same behavior during the Instance Cloning Process (Production to Sandbox clones). All new entity revisions will be persisted and made available. This limitation is only applicable to Sandbox PODs; Production PODs will continue to have access to all historical Revision History data.
- Veeva Network Connector for Concur: This feature will not be available for Sandbox PODs. After the Production migration on April 14th, 2018, the feature will be available for all Sandbox and Production PODs.
Where will my Network instance be located?
Network PODs will move into same geographical region as the Veeva data centers where they originated from.
To find your POD information, see the following page in the Veeva Network Online Help.
Will the POD names and IP addresses change?
No, Veeva Network POD names are not changing.
Yes, the IP address will change for every Network POD. If your corporate network restricts connections by IP address, you will need to whitelist the IP range for your new POD.
What is Veeva Network Virtual Private Cloud (VPC)?
Veeva Network VPC uses the Amazon Virtual Private Cloud (Amazon VPC). Network PODs run inside the Veeva Network VPC - logically isolated virtual networks that achieve granular control over networking, security, and more. Access to Veeva Network VPC is secured by security groups within the VPC and granularly defined AWS network access control lists (ACLs). Within a VPC, access to and between components of the POD is controlled and secured by IP restrictions and through AWS Identity and Access Management (IAM). Further, AWS IAM also controls access to specific infrastructure components within the POD for the Veeva operation team.
What are AWS regions and availability zones?
AWS services are available within AWS regions. Each AWS region is located in a separate geographical area. This allows Veeva to select the specific geographical region where our PODs and storage infrastructure is placed, thus reducing latency, improving performance, and satisfying compliance requirements. Further, each AWS region contains multiple availability zones, which comprise of multiple isolated physical data centers. Each availability zone within a region is located close to one another and connected by high-speed low-latency data connections. If an availability zone within a AWS region goes down, the other availability zones are still able to handle the work. This ensures a high level of availability that is tolerant to potential outages within a region. AWS has the industry’s most highly available infrastructure, and as a result the migrated AWS PODs will benefit from the high performance and availability.
What is the impact of AWS on Network Security?
Veeva Network users are not impacted by the migration to AWS. Since the move to AWS does change the IT infrastructure, the equivalent IT operations and controls have been developed for AWS and will documented and published through Veeva compliance documents.
Who has access to Veeva Network infrastructure in AWS?
Only select Veeva technical operations staff have access to AWS console and services for the purpose of providing system maintenance, troubleshooting, and ongoing support.
What is the impact on Veeva Network service level agreements?
After the AWS migration, the Veeva Network service level agreements for high availability and disaster recovery will not diminished.
How will this impact Veeva’s Quality Management Controls?
The addition of AWS services to the application architecture is managed by Veeva in accordance with existing process controls, including release management, configuration/change management, infrastructure monitoring, and patch management. AWS has documented its commitment to the life sciences regulated market through third party evaluations (GxP white paper) and certifications (ISO cert page).
What certifications do Amazon AWS data centers have?
AWS data centers have the following certifications:
- ISO 9001:2008 – Requirements for a quality management system. Organizations demonstrate the ability to consistently provide product that meets applicable statutory and regulatory requirements, processes for continual improvement of the system, and assurance of conformity to applicable statutory and regulatory requirements.
- ISO/IEC 27001:2013 – Requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
- ISO 27018:2014 – An addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. Based on EU data-protection laws, it gives specific guidance to cloud service providers (CSPs) acting as processors of personally identifiable information (PII) on assessing risks and implementing state-of-the-art controls for protecting PII.
- SOC2 Type II (Trust Service Principles) – Reports on the operating (Type II) effectiveness of a service organization’s controls, focusing on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
- ISAE 3402 – Reports on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.
How will customers be notified and supported during the migration?
Veeva will notify customers whose Network instance resides on affected PODs approximately 2 weeks before their migration phase is scheduled to start.
To ensure that you receive notifications, go to trust.veeva.com and subscribe to Veeva Network or to individual PODs. For more information, see https://support.veeva.com/hc/en-us/articles/115004142714-How-to-Opt-In-to-System-Availability-Notifications-.
For any further questions, please contact your Customer Success Manager (CSM) and/or Veeva Support.