Building DocuSign’s Carrier-Grade Platform
Building the worldwide platform that runs DocuSign’s operations is no easy feat. There’s no step-by-step manual available that instructs us on how to build a truly scalable platform that can handle DocuSign’s 100+ million users, 250,000+ customers, and 950,000+ daily transactions. It takes a concerted effort from a top notch engineering team, and tireless commitment to core cloud platform tenets of scalability, reliability, and availability. To enable developers to leverage the rock-solid DocuSign platform, we also created a robust eSignature API that is used to integrate DocuSign technology with customer apps. In fact, 58% of all DocuSign transactions come through the API.
So how did we know how to build it? The answer to this question is simple in concept: Assume everything will fail. After you accept this premise, along with unwavering design principles, you can design anything. For DocuSign, the design principles that are baked into all levels of our corporate culture are security, trust, and transparency. This not only affects the platform itself, but also the way we manage all aspects of the business.
The result is unparalleled in SaaS – a platform that is highly available and always secure, with consistent performance and 99.99%+ true uptime over the past 2 years, as depicted in Figure 1.
Figure 1: DocuSign’s Carrier-Grade Platform Metrics.
We know that security is the #1 priority of our customers. However, security means different things to different people. To help customers use our platform successfully despite very diverse expectations and needs, we designed a bank-grade architecture, as shown in Figure 2, that conforms to the critically high standards for financial transactions and is governed by what we call the DocuSign Security Assurance Program.
Figure 2: DocuSign Bank-Grade Security Architecture.
The DocuSign Security Assurance Program is comprehensive. It governs not only the core platform, but also our data centers (which are SSAE 16 tested), the senders, signers, partners, and the APIs leveraged by our developer ecosystem. Finally, the Security Assurance Program also encompasses the business and operations of DocuSign itself. To ensure compliance, we are audited on each of these components, which results in our ISO 27001 certification.
All secret data is encrypted in the DocuSign cloud both in rest and in motion. Click here to read more information about DocuSign security.
Trust is a critical tenet for most businesses. In today’s challenging security environment, trust is earned over time. For more than 13 years, DocuSign has earned the trust of many of the world’s largest companies. You can view customer stories and analyst reports in the DocuSign Resource Center.
For a Software as a Service (SaaS) provider such as DocuSign, the approach to security plays an important role in building trust, but there are many more factors that contribute to trust as well. One of the main reasons our customers select DocuSign is to save time and money when signing/sending documents. Therefore, the platform must not only be secured at a bank-grade level, but also cannot compromise the high return on investment (ROI) criteria for which DocuSign was selected in the first place. To this end, we designed a platform that underscores the importance of performance, which helps build trust. More information about the DocuSign commitment to trust is available here.
The design of the DocuSign platform enables us to have no scheduled downtime. Maintenance for platform upgrades and software patches are performed using a rolling upgrade methodology, which enables these processes to operate continuously throughout maintenance to our system.
We’ve adopted a scale-out architectural model that enables us to drive incremental scalability without bounds. With this approach, we can scale dynamically to meet the need of all customers worldwide. Additionally, since we extensively monitor the performance of all of our datacenters, we dynamically route traffic to maintain consistent performance. In fact, every service on every host has logic that reacts to real-time conditions and can perform dynamic request routing based on statistical distribution of traffic.
Bullet-proof Data Integrity
Data integrity is important for trust and security, which is a critical component to ensuring legal compliance. DocuSign customers need to know that all documents stored in the cloud are secured. We do this in two ways:
- Tamper-evident documents – DocuSign tracks many data and metadata fields, including:
- Signing parties’ names
- Digital signatures
- Email addresses
- Public IP addresses
- Signing location (if provided)
- Chain of custody (sent, viewed, signed, etc.)
- X.509 signed final docs – All documents are sealed with the DocuSign platform certificate
99.99%+ True Uptime
Sometimes referred to as “4 nines,” DocuSign has achieved better than 99.99% true uptime in the past 24 months, which translates to less than one hour of unscheduled downtime per year. We achieve this unprecedented level of uptime due to a variety of factors. Our scalable architecture is key, but we’ve created a tool to monitor health in real-time. This tool aggregates more than 58 billion metrics and more than 400 million events every day. It is through deep instrumentation that we can quickly spot problems and remediate long before they become customer-facing service availability incidents.
DocuSign is committed to service uptime and total transparency into our system status. We provide a public-facing, real-time monitoring service to enable customers to gain insight into our uptime and performance characteristics in all datacenters worldwide. This is shown in Figure 3.
Figure 3: DocuSign Real-Time System Status.
Continuous Monitoring and Improvement
The work on our carrier-grade platform and infrastructure is never done. To return to the opening premise, we continue to assume that everything will fail, and to monitor and innovate accordingly, to keep improving scalability, availability, and reliability, and to ensure that our commitment to security, trust and transparency is upheld.