Introduction
------------------

Its hard to keep up with all the new technology this days. There are many new security threats that we should know about and should not affect our work. There is a common set of tools we use to do our work. We wanted a system that will have our tools, and they are secured, and disable all other software that we don't use.
For this reason we developed our own system. The system consists of several servers, three in our case. The servers are distributed in Melbourne and Sydney. Every server can run many virtual machines. Every machine can run on any server. We can divide our system on three parts:

1. Keeping Documents safe and accessible
2. Secured Remote Desktop
3. Application Servers

Remote Desktop
------------------------

Each user connects first to vpn that runs on the servers. All communication is encrypted.
For each user we are running a virtual machine with windows installed. The machine works in isolated environment and has access to the documents. The user files are stored not on the machine but on a special drive on the document machine. They are also replicated between servers. This mean that the user can login to his virtual machine on a different server and not notice any difference on the desktop.
The windows machines are de-bloated from all the unnecessary software.
All the necessary security and work tools are installed and finally we make sure many - hundreds of thousands of websites can't be accessed from with in the system.

Application Servers
-----------------------------

We run our custom applications on our own application servers. Our old mail can be accessed using special software roundcube and keeping our old mail server in a virtual environment.
We run Availon - our custom insurance management software again on a specialised application server that is integrated with the document servers. Our software depends on database servers that run on different virtual machines.

Summary
-------------

The core of the work -The documents and the databases are always synced between the servers. We keep the application servers and document servers very secure firstly by limiting the access to them to only the necessary documents.
The windows machines are secured in a similar manner. We keep backups of all machines for all useres. Even in case of a malicious software install on windows we can revert back to previous states before certain updates took place. All machines are updated carefully only when necessary always with possibility to revert back to previous states.