• Home|
  • Service Descriptions – Flow Connect
Digital solution for Rejmes KPI management, image by Novacura..
Novacura Flow Connect

Service Description

#FlowConnect

1. FLOW CONNECT

Novacura Flow Connect is a fully managed, cloud-native SaaS platform that combines low- code application development with secure integration capabilities. Delivered as an evergreen service, it enables customers to extend ERP and enterprise systems without core modifications and to integrate with external systems. Flow Connect abstracts away infrastructure complexity and focuses on performance, security, and manageability.

Key benefits include:

  • Accessibility: Access Flow Connect from anywhere, anytime, providing ultimate flexibility.
  • Seamless integration: Connect reliably to external systems (e.g. APIs, cloud services, databases, and equipment) via directly supported built-in connectors.
  • Enhanced security: Includes safeguards to maintain customer data security.
  • Scalability: Highly scalable design supports business growth without software limitations.
  • Collaboration: Multi-tenant design environment enables teams to work together in real time.
  • Time to value: Faster innovation, reducing time from idea to production deployment.

Core service components:

  • Design: Visual low-code designer for apps and workflows.
  • Runtime: Secure multi-tenant execution environment.
  • Administration center: Administration of apps, environments, users, and integrations.
  • Managed service: Novacura operates the full stack, including monitoring, security, updates, backups, and scaling.
    • Cloud Agents/Connector Agents are not part of the Flow Connect core service. It can either be hosted by the customer or ordered as a separate managed service from Novacura.
#ServiceOverview

2. SERVICE OVERVIEW

Flow Connect is a modern, cloud-native SaaS platform delivered as an evergreen service. All customers run on the latest release, with updates rolled out through a continues delivery designed for zero or minimal downtime.

  • Design: Visual low-code designer for apps.
  • Runtime: Secure multi-tenant execution environment.
  • Administration Center: Administration of apps, environments, users, integrations, and access control.
  • Managed service: Novacura operates the full stack – monitoring, security, updates, backups, and scaling.
  • Evergreen updates: All customers run on the latest release through a global, staged rollout with zero/low downtime for application microservices.
#ScopeofService

3. SCOPE OF SERVICE

Flow Connect provides customers with a complete SaaS application platform, combining low-code design, secure runtime, and managed operations.

  • Included: Multi-tenant runtime with Dev/Test/QA/Prod installations, design tools, connector catalog, secure edge, monitoring, backups, and business-hours support.
    • Support scope: End-user (how-to) support is handled via the Customer Support Portal; infrastructure/platform incidents are managed by Novacura operations.
  • Options: Extended support coverage (24/7/365). Private connectivity (VPN, Private Link), can be ordered as a separate service.
  • Out of scope: Dedicated single-tenant infrastructure; customer-specific code development (customers design their own apps).
#PlatformOverview

4. PLATFORM OVERVIEW (CLOUD-NATIVE, MULTI-TENANT)

Flow Connect is built on a microservices architecture that provides scalability, resilience, and logical isolation between customers tenants.

  • Architecture: Stateless, autoscaling containers with built-in redundancy.
  • Zero/low-downtime releases: Rolling deployments for microservices; shared edge components (e.g., identity, global LB/WAF) may require planned maintenance windows (see Section 5).
  • Tenant isolation: Customer data and applications are logically isolated within shared infrastructure, both in storage and during execution.
  • Lifecycle: Standardized installations for Development, Test/QA, and Production.
  • Release management: Continuous delivery with staged rollouts. Microservices are continuously deployed with zero or minimal downtime. Shared edge components (e.g., identity, global load balancing, WAF) may require planned maintenance windows (see Section 5). Releases follow industry-standard DevOps practices with automated and manual testing (including regression and non-functional testing).
#ServiceAvailability

5. SERVICE AVAILABILITY & SLA

Flow Connect is delivered as a highly available SaaS service with clear commitments to reliability and performance.
The service targets 99.8% uptime per calendar month, measured at the Connection Point, excluding planned maintenance, third-party outages, and force majeure events.

Core application microservices are deployed continuously and designed with built-in redundancy to achieve zero-to-low downtime. Certain shared infrastructure components (e.g., identity provider, global load balancing, security edge) may occasionally require scheduled maintenance windows.

Availability commitment

  • Availability: 99.8% uptime per calendar month, measured at the public Connection Point.
  • Exclusions: Planned maintenance, force majeure, and outages caused by third-party providers or customer networks.
  • Credits: Service credits apply if monthly availability falls below the committed target, as defined in the General Terms & Conditions.

How availability is measured

  • Connection Point (definition): The documented public service endpoint used for SLA measurement.
  • External health checks: Availability is continuously measured using synthetic probes from multiple geographic regions that test the public Connection Point. Probes verify endpoint reachability and response (HTTP 200).
  • Unavailability criteria: The service is considered unavailable when three or more of five probes fail concurrently for 60 seconds or longer.
  • Scope: Measurement reflects platform availability at the Connection Point. Customer-specific integrations, private connectivity (e.g., VPN/Private Link), and customer network issues are out of scope.
  • Authentication: An inability to authenticate to Flow Connect (e.g., IdP outage) is counted as unavailable time.
  • Time basis: Availability is calculated over the calendar month.
  • Future improvements: Extended functional probes validating authentication and runtime workflows may be introduced in future iterations to improve measurement accuracy.

Planned Maintenance Policy

  • Notice: At least 14 days in advance for maintenance that may impact availability.
  • When: Scheduled outside standard business hours for the primary hosting region (currently EU), wherever feasible.
  • Duration: Each window ≤4 hours (actual downtime typically shorter).
  • Frequency: Typically ≤1 window per quarter for shared infrastructure changes.
  • Impact examples: During identity-provider or platform updates, authentication may be temporarily unavailable and users may need to re-authenticate after completion.
  • Emergency maintenance: For urgent security or stability fixes, Novacura will provide as much advance notice as practicable and communicate progress through established channels. (Emergency maintenance is excluded from SLA calculations.)
  • Future regions: When additional hosting regions are introduced, maintenance windows will be aligned to minimize impact in each affected region.

Status & Customer Communication

  • Real-time status: Incidents and planned maintenance are posted in the Support Portal.
  • Updates: During Priority 1 (critical) incidents, Novacura provides regular updates until resolution (see Section 6). Restoration work for Priority 1 or disaster recovery (DR) scenarios continues outside business hours to meet the defined Recovery Time Objective (RTO) ≤ 8 hours. Customer communications follow the contracted support coverage.

Reporting

  • Monthly availability report: Summary of measured uptime and incidents is provided to customers. Additional reports may be available by agreement.

Orientation (minutes per 30-day month)

  • 99.8%86 minutes max downtime
  • 99.9%43 minutes max downtime
#Support
#Security

7. SECURITY & COMPLIANCE

Flow Connect is designed with security and compliance at its core, protecting customer data in a shared SaaS environment. Controls are governed by Novacura AB’s ISO/IEC 27001:2022-certified ISMS; the Flow Connect service and Novacura R&D follow this ISMS and its applicable controls (they are not independently certified).

  • Encryption: Customer data stored or processed by the service is encrypted at rest; all communication is encrypted in transit (TLS 1.2 or higher).
  • Identity & access: Authentication via Microsoft Entra ID (Azure AD) with role-based access control (RBAC); service-to-service access uses managed identities and least-privilege principles where supported.
  • Customer Tenant isolation: Logical isolation of each customer’s data and execution layers prevents cross-tenant access.
  • Edge protection: Global load balancing with a web application firewall (WAF).
  • Auditability: Administrative activity and configuration changes in the Azure environment are logged and retained for traceability.
  • Compliance: Operated under Novacura AB’s ISO/IEC 27001:2022 ISMS and aligned with GDPR. Flow Connect is built on Microsoft Azure, which maintains independent certifications and attestations (e.g., ISO, SOC); Flow Connect itself does not claim those provider certifications.
  • Security testing: Flow Connect undergoes regular third-party penetration testing. Findings are triaged and remediated under the ISMS; executive summaries can be shared under NDA. Customer-initiated security testing is supported by prior written approval and agreed rules of engagement.
  • Breach notification: Novacura notifies affected customers without undue delay and within 72 hours of becoming aware of a personal-data breach (GDPR Art. 33).
  • Sub-processors: Flow Connect relies on a small set of sub-processors (e.g., Microsoft Azure and support tooling). The current list is available on request and may be updated with 30 days’ notice per the DPA.
#DataHosting

8. DATA HOSTING & RESIDENCY

Data is hosted securely within Azure data centers and current region is Azure West Europe.

  • Default region: EU
  • Data management: Novacura only store application meta data in Azure. Customer business data are processed but never stored in Azure. Customer data is always encrypted both in transit and rest.
  • Residency: All data remains under Novacura control within Azure.
  • Retention & deletion: Data retained per policy and securely deleted at termination.
#Backup

9. BACKUP & DISASTER RECOVERY

Flow Connect provides built-in resilience and recovery capabilities to protect customer data and minimize disruption. Backups are automated, encrypted, and regularly tested to ensure recovery objectives can be met.

  • Objectives: RPO ≤ 4h, RTO ≤ 8h (platform-level).
  • Backups: Automated, encrypted backups of configurations, workflows, and service data; standard retention ≥ 7 days. Point-in-time restore is available within service limits (e.g., relational up to 14 days, NoSQL up to 7 days, where supported).
  • Resilience: Zone-redundancy in the primary region.
  • Testing: Restore/DR procedures are exercised at least annually; a summary is available under NDA.
  • Automated backups: Configurations, workflows, and data are backed up daily and encrypted.
  • Retention & restore: Standard retention of 7 days; point-in-time restore up to 14 days (relational) and 7 days (NoSQL).
  • Recovery objectives: RPO ≤ 4h, RTO ≤ 8h.
  • Testing: Restore procedures are regularly validated.
  • Resilience: Zone redundancy included.
#IntegrationCapabilities

10. INTEGRATION CAPABILITIES

Flow Connect enables seamless integration with enterprise systems, APIs, and industrial environments.

  • Connectors: Flow Connect currently have the following connectors:
    • IFS10
    • IFS Cloud
    • Infor M3
    • MSSQL (database)
    • Oracle (database)
    • REST (APIs: OAuth2, API keys.
    • EMAIL
    • File System (read/write from disk where the agent is installed).
#Observability&Monitoring

11. OBSERVABILITY & MONITORING

The platform is proactively monitored to ensure reliability.

  • Monitoring: Service health, latency, capacity, error rates, and job execution.
  • Alerts: Routed to Novacura operations; major incidents communicated via the Support Portal.
#Performance&Scalability

12. PERFORMANCE & SCALABILITY

Flow Connect is designed to scale with customer demand while maintaining consistent performance.

  • Elastic scaling: Horizontal autoscaling of workloads.
  • Performance targets: Typical API response under 500–1000 ms under normal load.
  • Fair use: Rate limits and concurrency protections ensure platform stability.
#ChangeManagement&Roadmap

13. CHANGE MANAGEMENT & ROADMAP

The service evolves continuously and follows a release process designed for multi-tenant SaaS environment. New features, improvements and security updates undergoes automated and manual testing before deployed in production, including regression and NFR testing to safeguard performance and reliability.

Release notes are continuously updated here: https://docs.novacura.com/flow-connect/this-is-flow-connect/whats-new/change-log

The feature roadmap is available here: https://docs.novacura.com/documentation/

#CustomerResponsibilities

14. CUSTOMER RESPONSIBILITIES & FAIR USE

Customers play an active role in ensuring the effective use of the service.

  • Manage users and roles responsibly.
  • Design, test, and validate applications before production deployment.
  • All customer-managed dependencies (networks, firewalls, VPN’s, external API’s or integrated systems) must be operational and supported.
  • Respect fair-use protections to safeguard shared platform stability.
#Termination&DataHandling

15. TERMINATION & DATA HANDLING

Customer data is handled securely and transparently at termination.

  • Deletion: Data securely deleted within 30 days following executed termination, adhering to Azure’s secure wipe standards.
  • Compliance: Meets GDPR “right to be forgotten” requirements.
#LinkedPolicies&References

16. LINKED POLICIES & REFERENCES

Additional policies and documentation support this Service Description.