Annex A – Product Definition – OX Cloud Easy
1. Product Description
OX Cloud is a managed and hosted delivery platform that combines OX App Suite with an IMAP backend. The OX Cloud platform will be operated by Company under a defined service level agreement and contains the required software, infrastructure components, and services to operate the solution (in the following referred to as the “Service”).
The main component of the Service is OX App Suite, a modular, web-based communication and collaboration platform which delivers cloud‑based services including secure email, personal and team organization, cloud storage, and online office features.
OX Cloud comes with a Basic Package (defined under Section 2 below) and the two separately priced add-ons Productivity (defined under Section 3.1 below) and Advanced Security (defined under Section 3.2 below).
OX Cloud offers four basic modules that provide personal information manager (PIM) functionalities through OX Mail, OX Address Book, OX Calendar and OX Tasks.
Moreover, an integrated dashboard called OX Portal lets users configure specific functionalities and views in order to have important information in one place.
Additionally, the two add-ons, which are available on request, are Productivity and Advanced Security. The Productivity add-on consists of OX Drive cloud storage, the modules OX Text, OX Spreadsheet and OX Presentation that provide word processing, presentation and spreadsheet capabilities and the Email Undelete Feature.
The Advanced Security add-on consists of OX Guard that provides users with a flexible email and file encryption solution, Safe Unsubscribe for an efficient unsubscribing of any marketing emails and Time-of-Click anti-phishing for the additional analyzation of URLs at the time of click to identify phishing.
2. Basic Package
The Basic Package provides the following web-based applications and is compatible with the accompanying mobile apps described below.
2.1 OX Mail
OX Mail is a web-based email solution including:
- A unified inbox, importing social and business accounts into one view
- Folders and tabbed inbox to organize emails
- Feature-rich sorting, searching, and flagging functionality
- Attachment view for a quick overview of all received and sent email attachments
The Basic Package includes anti-spam, anti-virus and anti-abuse protection for incoming and outbound emails. Moreover, users can individually train the anti-spam system.
2.2 OX Address Book
OX Address Book is a centralized contact management module including:
- Shared and public address books with full permission control
- Automatic collection of contact data from emails
- Synchronization with other devices’ contact lists via CardDAV
- Shared and private mailing lists and appointments accessible directly from contacts view
2.3 OX Calendar
OX Calendar is a time and resource management module including:
- Personal, shared, and public calendars
- Time-zone integration and visualization
- Synchronization with other devices via CalDAV
2.4 OX Tasks
OX Tasks is a task management module including:
- Scheduling and creation of tasks
- A progress overview
- To-do lists
- Synchronization with other devices via CalDAV
2.5 OX Portal
OX Portal is a personal dashboard including:
- A user-configurable widget-based portal
- Configurable appearance
- Widgets for email inbox, appointments, tasks, and files
2.6 OX Sync
The Service is compatible with the companion OX Sync App which is a native mobile phone app built for Android users who also have a valid account within the Service.
OX Sync enables users to securely synchronize contacts, calendar and tasks on their Android devices which do not have native CalDAV and CardDAV implementations.
OX Sync is a native app available for Android smartphones and tablets in Google Play Store.
The following add-ons rely on the Basic Package and contain the functionality described below.
The Productivity add-on enables a web-based office solution within OX Cloud, containing the following modules:
3.1.1 OX Drive
OX Drive is a cloud storage solution including:
- File handling and management
- Compatibility with synchronization clients for macOS, Windows, Android, and iOS
- File and folder sharing
- Integration with other cloud storage accounts
The Service is compatible with the companion OX Drive App which enables users to store and synchronize files between a variety of devices.
The OX Drive App is a native app available for iOS, Android, OS X and Windows in the official app stores.
3.1.2 OX Text
Document processing – creation, sharing, and collaboration including:
- Online word processing
- Availability of commonly used office features and functions
- Collaboration at any time, anywhere, across devices
- Compatibility with docx, odt, fodt and ott files
3.1.3 OX Spreadsheet
A spreadsheet processor – creation, sharing, and collaboration including:
- Import of cell styles and formatting from Excel documents
- Availability of all commonly used MS Office features and functions
- Support for an extensive set of formula
- Collaborative spreadsheet sharing with exclusive editing rights
- Compatibility with xlsx, ods, fods and sdc files
3.1.4 OX Presentation
Presentation processor – creation, sharing, and collaboration including:
- Online creation and editing of slides
- Use of existing templates or creation of new ones
- Drag-and-drop operations between the desktop and web pages
- Collaboration functionality
- Compatibility with pptx, odp, fodp and sdd files
3.1.5 OX Presenter
View and present presentation slides directly from OX Cloud
- Presentations viewable directly from OX Drive
- Present slides for up to 100 viewers
- Accessible to external users
- Compatibility with pptx and pdf files
3.1.6 Email Undelete
Restore a user's permanently deleted emails for up to 30 days
- Additional Trash Folder for emails
- Recover deleted emails within the UI in 3 steps
3.2. Advanced Security
The Advanced Security add-on enables the web-based email and file encryption solution within OX Cloud, an efficient unsubscribing of any marketing emails and the additional analyzation of URLs at the time of click to identify phishing.
3.2.1 OX Guard
OX Guard is a security add-on to OX Cloud that provides users with an email and file encryption solution including:
- PGP-based security, with advanced options for power users available
- PGP certificate and key management
- Single-click encryption for email
- Sending of encrypted mail to internal and external users
- Encryption for both email and files
- Viral user acquisition with automatic guest account usage
3.2.2 Safe Unsubscribe
An efficient unsubscribing of any marketing emails
- Intelligent and safe unsubscribe feature
- Triggers complex, remote & safe unsubscribe system
- Fills in forms for user, send emails etc., until unsubscribed safely
3.2.3 Time-of-Click anti-phishing
Analyzation of URLs at the time of click to identify phishing
- Scans URL at the time of click to block obfuscated phishing URLs
- More advanced than sandboxing - real-time analysis, with no latency for users
4. Technical Details
The Service is subject to the following limitations and features, which may change from time to time due to varying demands, standards and/or requirements in favor of the stability of the platform.
4.1 Service Limitations
The Service is subject to the following limitations:
Concurrent IMAP connections per mailbox per source IP
Size of emails
Size of email attachments
< 25 MB
Size of email attachments using Drive Mail
< 1 GB
Size of attachments to calendar and contacts
< 25 MB
50 / mailbox
4 / mailbox
200000 / mailbox
Emails for peak 0,1% of the mailboxes
700000 / mailbox
250000 / context
250000 / context
250000 / context
250000 / context
250000 / context
This list is not exhaustive and change requests will be communicated duly in advance. Additional limits to prevent platform abuse are set forth under Annex J – Acceptable Use Policy.
4.2. Supported Standards
4.2.1 Available Languages
The OX Cloud user interface is provided in a variety of internationalizations. Customer chooses the default language for its users. Subsequently, each user may change his/her language settings using the settings panel. Details about supported languages are documented here:
4.2.2 Browser Support
4.2.3 Device Compatibility
OX Cloud works with a web-based responsive interface on a variety of different screen resolutions. It supports the three standard categories of devices: Smartphone, Tablet and PC.
However, not all functions are relevant to all devices; therefore, some minor functions or details may not be available or appear differently on specific devices.
Details about supported versions are documented here:
The Service’s MTA server provides SMTP (Port 25) and SMTP-Auth (Ports 587,465) access for incoming and outgoing mails. The SMTP servers accept connections from clients and other email servers.
4.2.5 IMAP and POP
The Service allows users to access their email via POP and IMAP clients. The platform allows access via IMAP (Port 143), IMAPS (Port 993), POP3 (Port 110) and SPOP (Port 995). Both IMAP and POP support TLS, the network protocol and successor to SSL. Server-side filtering with SIEVE language is supported and can be configured independently by each user through web UI.
The Service includes analytics functionality allowing the processing of user data for the improvement of the OX Cloud performance and features as well as for the development of additional functionality. The user data is being derived from the productive server in pseudonymized form and aggregated under a user and context identifier for the aforementioned analytical purposes.
The Service supports TLS on all Internet-Facing Protocols. Within an individual data center (Intra-Data Center Protocols), data communication between server nodes is currently not encrypted.
5.1 Data Backup and Recovery
Data backup and recovery is handled differently depending on the type of application and data.
- The user repository is backed up daily
- The database containing contacts, calendar and tasks data is backed up daily
- Mailbox data is fully stored in the object storage system and thus benefits from replication
OX Cloud data centers are SAS 70 and/or ISO 27001 compliant and available in Europe and the US. Also, Company’s internal processes, including the full stack of the Service operations are certified under ISO 27001.
The Service provides a built-in authentication service without the need for custom integrations. However, Company offers assistance for integrating with an SSO system. This is subject to prior alignment with Company in order to verify compatibility with the Service’s OIDC and SAML 2.0 implementation. The documentation is available here:
6.2 Dynamic Theming
The UI can be configured according to Customer’s branding. Dynamic theming for the Service is available only via provisioning calls.
Details about the branding capabilities are documented here:
6.3 Snapshot API
The Snapshot API provides the Customer with an archive containing a Maildir++ structure of a user’s email folders at the time the API call is executed.
6.4 Domain Registration
The Service is registered under the domain appsuite.cloud and the respective endpoints for IMAP, POP, SMTP and CalDAV/CardDAV sharing functionality are registered as subdomains thereunder.
Subject to availability, Customer may obtain an exclusive subdomain under *.appsuite.cloud.
6.5 Custom Endpoints
Subject to additional fees and dependent on Customer’s delivery of security certificates and third-party API keys for external storage access, Customer may alternatively order registration of the Service under its own domain(s) like e.g. customer-mail.com
OX Cloud requires the following pre-requisites to be available in order to make use of the Service. Customer is responsible for procuring, making available and fulfilling all requirements under this Section 7.
7.1 OX Provisioning API
To provision users for the different modules of the Service, the Customer needs to integrate its own provisioning system and a control panel for user and license management. The Service provides a SOAP OX Provisioning API to connect with the Customer’s provisioning system. On request, Open-Xchange can provide additional training and support on provisioning system integration for Customer’s teams, subject to additional fees. Details about the API are documented here:
7.2 Customer onboarding
Customer must follow Company’s onboarding process in order to enable the provision of the OX Cloud Platform. OX provides login credentials to an onboarding portal prompting for the required information and data. Customer is required to provide the following information:
- Customer’s Contact details
- Contact email addresses for contractual and operational notifications (e.g. technical announcements, abuse warnings, support)
- Whitlelist IP Addresses that are granted access to the Provisioning API
- If and as far Customer chooses to use customization options like Custom Endpoints, Domain Registration and Authentication:
- SSL/SAN Certificate for Customer’s login page domain
- Custom endpoints for the server names (IMAP, SMTP, POP3, DAV, Guest User)
- API keys for each integration of a third-party cloud storage service in OX Drive
- Login page design assets: logo, product name, colors, favicon and home icon
- imprint/impressum URL and privacy URL
- optional “Learn More” hyperlink target URL pointing to Customer’s own product landing page (otherwise, OX’s standard landing page is targeted)
8. Platform Delivery Measures
The Service will be operated and managed following ITIL v3 best practices. Company updates the Service to new product versions following the product roadmap.
As technology evolves, Company reserves the right to adjust the Service according to new trends in the market or newer technology available.
Company maintains one production environment and one staging environment. The staging environment is a smaller replica of a production environment for testing purposes which receives newer software versions before they are being rolled out to the production environment. It may be used by the Customer to test and ensure interoperability with other systems. The staging environment is only for internal use and not subject to any SLA. The Customer may not use the staging environment for production use.
All components of the Service are monitored using an internal toolchain and are also monitored externally from the internet (details are defined in the SLA). In case of failure, the monitoring system triggers alerts that inform Company personnel and provides statistical data for further analysis.