We use cookies (just for analytics) on this website. If you continue we will assume you are happy with it. ok


Here are some of the things we do every day to provide Software as a Service (SaaS) with top security, high performance and high availability. We firmly believe that SaaS delivers great benefits to our customers.

Infrastructure and security


The BeBanjo applications are hosted on the Amazon Web Services (AWS) cloud computing platform. Some of the world's largest enterprises and most innovative start-ups trust AWS' cloud offering, e.g., Netflix, Airbnb or Slack. The AWS platform provides unrivalled scale, and sets the standards for cloud computing.

AWS manages data centres in multiple locations around the world. The BeBanjo applications are hosted in several AWS data centres in Ireland.

In addition, we use the Google Cloud computing platform to securely replicate data backups in multiple regions and to enable high-performance analytics using BigQuery.

Performance and scalability

The architecture of the solution allows for high-performance and scalability:

  • The computationally-expensive application tier, based on last generation Intel® Xeon® Platinum processors, is horizontally scalable. New application servers can be added to the pool of application servers, in order to handle the performance requirements of additional customers.
  • The solution uses cacheing technology and query optimizations (e.g., Memcached, Elasticsearch) to maximise performance.
  • The architecture intentionally separates the handling of synchronous requests from background processing jobs, in order to always provide a highly-responsive user experience.
  • The database tier allows for the deployment of database read replicas. This enables, for instance, intensive reporting tasks without affecting user experience.

Configuration and deployment

All our infrastructure configuration is managed with Chef, a Ruby-based configuration management engine, and Terraform, a Go-based infrastructure as code software, and stored under source control with GitHub. All software is deployed to servers running on a Virtual Private Cloud (VPC), through reliable scripted deployment using Capistrano.

Disaster recovery

A Disaster Recovery solution is in place. Following a catastrophic failure at the primary data centre, the production environment can resume servicing customers from a secondary data centre. Every year an internal Disaster Recovery exercise takes place in order to validate this solution. The database tier being continuously replicated to the secondary data centre in near real-time, no data loss would be incurred in such an event. Additionally, we store our critical backups encrypted on multiple cloud providers and regions.


Our technology stack favours open-source components, and includes the following:

Component Role
Ubuntu Linux-based operating system
Apache Web server
Phusion Passenger Apache module for deploying Ruby apps
HAProxy High availability load balancer and proxy server
Ruby on Rails Web application framework
MySQL Database tier
Elasticsearch Search / indexing engine
Kibana Data visualization interface
Memcached In-memory cache
Sidekiq Background processing for Ruby
Redis In-memory database
ES6 Language for the front-end
Vue.js JavaScript framework for building user interfaces


All communication with BeBanjo servers is encrypted using HTTPS. This applies to communication with both end-user browsers and with external systems integrated through the BeBanjo APIs. Any attempt to connect over plain HTTP is automatically redirected to a secure HTTPS connection. Connections use TLS 1.2 and the AES_256_CBC 256-bit encryption algorithm, with SHA1 for message authentication and RSA as the key exchange mechanism.

Your credentials and data are never transmitted in the clear over the public Internet.

All user passwords and system passwords are encrypted and stored as one-way hashes that cannot be decrypted, not even by BeBanjo.

Data segregation

Our automated test suite constantly validates correct segregation of customer data. Whenever a change is made to any of the BeBanjo applications, and before any deployment can be envisaged, the automated test suite running on our Continuous Integration (CI) server checks for data segregation. It automatically validates that users (e.g., a scheduler at Channel 5) can only access the data they are entitled to (i.e., the Channel 5 schedules), and nothing else.

Third-party security audits

Some of our enterprise customers (e.g., Channel 5, British Telecom) have stringent internal security processes. Before selecting our products they carried out due diligence of our security standards, sometimes using third-party tools or partners (e.g., IBM Rational AppScan). We are always looking for ways to improve our solution, and we welcome a fresh pair of eyes on our security practices.


BeBanjo software has been developed for high-performance and high-availability, using a multi-tier architecture:

  • Requests to the end-user interface or to the web service APIs are dispatched to application servers through a load balancer tier.
  • Application servers in the application tier handle synchronous requests.
  • Worker servers in the application tier handle background asynchronous jobs.
  • Databases in the database tier persist the data for all servers. The database tier is replicated across multiple data centres.
  • Search engine tier provides fast searches for the application tier. The search engine keeps synced with the database tier.

In addition, a utility tier provides shared services to all servers (e.g., cacheing services, monitoring services, ftps, etc.)


Distinct environments are provided, to carry out testing activities before any software is released to production.

  • Staging environment
  • Pre-production environment
  • Production environment

Resilience and redundancy

There is no Single Point Of Failure (SPOF) in the production environment. All components (e.g., load balancers, application servers, database servers...) are set-up using a redundant N+1 configuration, ensuring that failure of any one component cannot result in a failure of the solution.

Application monitoring

BeBanjo support staff are automatically alerted in case of any incident. The availability and performance of the BeBanjo products are constantly monitored using the following tools and services:

Services we use

Service levels

Performance and availability of the BeBanjo applications are backed by a Service Level Agreement (SLA). The SLA defines measurable targets, reporting mechanisms, and service credits due by BeBanjo, should the targets not be met.

Physical security

AWS ensures physical security of the data centres where the BeBanjo applications live. AWS has completed multiple SAS70 Type II audits. They publish a Service Organization Controls 1 (SOC 1) report, under both the SSAE 16 and the ISAE 3402 professional standards. In addition, they have achieved ISO 27001 certification.

The data centres use state-of-the art electronic surveillance, are staffed 24x7 by trained security guards, and access is authorised strictly on a least privileged basis.

Infrastructure-level security

The BeBanjo applications live behind firewalls configured to only allow traffic through authorised ports: notably port 443 for HTTPS, and port 80 for redirection to a secure HTTPS connection.

Connection to the servers for administration purposes is authenticated using RSA keys, that provide security superior to password authentication.

Application-level security

Our development process has security at its heart. We code against application-level vulnerabilities such as SQL injections, by using:

  • A modern web development framework (i.e., Ruby on Rails) constantly updated by the community. The solution uses cacheing technology and query optimizations (e.g., Memcached, Elasticsearch) to maximise performance.
  • An automated test suite running on our Continuous Integration (CI) service, based on Buildkite and hosted on Google Cloud, being isolated from our application infrastructure.

In addition, any code change made by a developer is independently checked for quality and security, by another developer, prior to release.

Security monitoring

We constantly monitor independent security lists to be alerted of new vulnerabilities identified by the development community. Upon discovery of a new vulnerability that might affect our applications, we immediately deploy the relevant patch. Thanks to our redundant hosting infrastructure with no single point of failure, such emergency maintenance can usually be carried out without any interruption to the service. Centralised hosting of BeBanjo applications on a single - yet resilient - infrastructure means we can easily keep the platform up-to-date, and very rapidly close any newly found vulnerability.

Internal security assessments

Periodically, we perform internal assessments that help us improve the security and compliance of our infrastructure, networks and applications based on security industry standards. We use Amazon Inspector to analyze every server and network configuration, and all running resources in our AWS Virtual Private Cloud, producing a list of relevant findings with security vulnerabilities or suggestions. We process this list of findings, creating actionable work that we integrate into our regular workflow, improving the shape of our platform internals incrementally.

Do you need to print this webpage? We have a print-ready version Download PDF (524 KB)

Ready for a demo?

Our Technical Account Managers will help you find out if our products are a good fit for use your case. Risk-free!

Contact us

or give us a call (+34) 914 58 37 37


Manage the editorial side of VoD business across multiple platforms, devices, business models and countries.

Learn more


Keeps you in complete control of every step of your VoD workflow so you can focus on doing the work.

Learn more


Reporter makes it easy to query data with the reporting tool of your choice. Query, slice and dice to your heart’s content.

Learn more