OX Cloud is a managed and hosted delivery platform that combines OX App Suite with an IMAP backend. The OX Cloud platform will be operated by Company under a defined service level agreement and contains the required software, infrastructure components, and services to operate the solution (in the following referred to as the “Service”). The main component of the Service is OX App Suite, a modular, web-based communication and collaboration platform which delivers cloud‐based services including secure email, personal and team organization, cloud storage, and online office features. OX Cloud comes with a Basic Package (defined under Section 2 below) and the two separately priced add-ons Productivity (defined under Section 3.1 below) and Advanced Security (defined under Section 3.2 below). OX Cloud offers four basic modules that provide personal information manager (PIM) functionalities through OX Mail, OX Address Book, OX Calendar and OX Tasks. Moreover, an integrated dashboard called OX Portal lets users configure specific functionalities and views in order to have important information in one place. Additionally, the two add-ons, which are available on request, are Productivity and Advanced Security. The Productivity add-on consists of OX Drive cloud storage, the modules OX Text, OX Spreadsheet and OX Presentation that provide word processing, presentation and spreadsheet capabilities and the Email Undelete Feature. The Advanced Security add-on consists of OX Guard that provides users with a flexible email and file encryption solution, Safe Unsubscribe for an efficient unsubscribing of any marketing emails and Time-of-Click anti-phishing for the additional analyzation of URLs at the time of click to identify phishing.
2. Email Essentials
The Email Essentials Package provides the following web-based applications and is compatible with the accompanying mobile apps described below.
2.1. OX Mail
OX Mail is a web-based email solution including:
A unified inbox, importing social and business accounts into one view
Folders and tabbed inbox to organize emails
Feature-rich sorting, searching, and flagging functionality
Attachment view for a quick overview of all received and sent email attachments
The Email Essentials Package includes anti-spam, anti-virus and anti-abuse protection for incoming and outbound emails. Moreover, users can individually train the anti-spam system.
2.2. OX Address Book
OX Address Book is a centralized contact management module including:
Shared and public address books with full permission control
Automatic collection of contact data from emails
Synchronization with other devices’ contact lists via CardDAV
Shared and private mailing lists and appointments accessible directly from contacts view
2.3. OX Calendar
OX Calendar is a time and resource management module including:
Personal, shared, and public calendars
Time-zone integration and visualization
Synchronization with other devices via CalDAV
2.4. OX Tasks
OX Tasks is a task management module including:
Scheduling and creation of tasks
A progress overview
T o-do lists
Synchronization with other devices via CalDAV
2.5. OX Portal
OX Portal is a personal dashboard including:
A user-configurable widget-based portal
Widgets for email inbox, appointments, tasks, and files
2.6. OX Sync
The Service is compatible with the companion OX Sync App which is a native mobile phone app built for Android users who also have a valid account within the Service. OX Sync enables users to securely synchronize contacts, calendar and tasks on their Android devices which do not have native CalDAV and CardDAV implementations. OX Sync is a native app available for Android smartphones and tablets in Google Play Store.
The following add-ons rely on the Basic Package and contain the functionality described below.
The Productivity add-on enables a web-based office solution within OX Cloud, containing the following modules:
3.1.1. OX Drive
OX Drive is a cloud storage solution including:
File handling and management
Compatibility with synchronization clients for macOS, Windows, Android, and iOS
File and folder sharing
Integration with other cloud storage accounts The Service is compatible with the companion OX Drive App which enables users to store and synchronize files between a variety of devices. The OX Drive App is a native app available for iOS, Android, OS X and Windows in the official app stores.
3.1.2. OX Text
Document processing – creation, sharing, and collaboration including:
Online word processing
Availability of commonly used office features and functions
Collaboration at any time, anywhere, across devices
Compatibility with docx, odt, fodt and ott files
3.1.3. OX Spreadsheet
A spreadsheet processor – creation, sharing, and collaboration including:
Import of cell styles and formatting from Excel documents
Availability of all commonly used MS Office features and functions
Support for an extensive set of formula
Collaborative spreadsheet sharing with exclusive editing rights
Compatibility with xlsx, ods, fods and sdc files
3.1.4. OX Presentation
Presentation processor – creation, sharing, and collaboration including:
Online creation and editing of slides
Use of existing templates or creation of new ones
Drag-and-drop operations between the desktop and web pages
Compatibility with pptx, odp, fodp and sdd files
3.1.5. OX Presenter
View and present presentation slides directly from OX Cloud
Presentations viewable directly from OX Drive
Present slides for up to 100 viewers
Accessible to external users
Compatibility with pptx and pdf files
3.1.6. Email Undelete
Restore a user’s permanently deleted emails for up to 30 days
Additional Trash Folder for emails
Recover deleted emails within the UI in 3 steps
3.2. Advanced Security
The Advanced Security add-on enables the web-based email and file encryption solution within OX Cloud, an efficient unsubscribing of any marketing emails and the additional analyzation of URLs at the time of click to identify phishing.
3.2.1. OX Guard
OX Guard is a security add-on to OX Cloud that provides users with an email and file encryption solution including:
PGP-based security, with advanced options for power users available
PGP certificate and key management
Single-click encryption for email
Sending of encrypted mail to internal and external users
Encryption for both email and files
Viral user acquisition with automatic guest account usage
3.2.2. Safe Unsubscribe
An efficient unsubscribing of any marketing emails
Intelligent and safe unsubscribe feature
Triggers complex, remote & safe unsubscribe system
Fills in forms for user, send emails etc., until unsubscribed safely
3.2.3. Time-of-Click anti-phishing
Analyzation of URLs at the time of click to identify phishing
Scans URL at the time of click to block obfuscated phishing URLs
More advanced than sandboxing – real-time analysis, with no latency for users
4. Technical Details
The Service is subject to the following limitations and features, which may change from time to time due to varying demands, standards and/or requirements in favor of the stability of the platform.
4.1. Service Limitations
The Service is subject to the following limitations:
Concurrent IMAP connections per mailbox per source IP
Size of emails
Size of email attachments
< 25 MB
Size of email attachments using Drive Mail
< 1 GB
Size of email attachments to calendar and contacts
< 25 MB
50 / mailbox
4 / mailbox
200,000 / mailbox
Emails for peak 0.1 % of the mailboxes
700,000 / mailbox
250,000 / context
250,000 / context
250,000 / context
250,000 / context
250,000 / context
This list is not exhaustive and change requests will be communicated duly in advance. Additional limits to prevent platform abuse are set forth under Annex G – Acceptable Use Policy.
4.2. Supported Standards
4.2.1. Available Languages
The OX Cloud user interface is provided in a variety of internationalizations. Customer chooses the default language for its users. Subsequently, each user may change his/her language settings using the settings panel. Details about supported languages are documented here: http://oxpedia.org/wiki/index.php?title=AppSuite:Available_Translations
4.2.2. Browser Support
4.2.3. Device Compatibility
OX Cloud works with a web-based responsive interface on a variety of different screen resolutions. It supports the three standard categories of devices: Smartphone, Tablet and PC. However, not all functions are relevant to all devices; therefore, some minor functions or details may not be available or appear differently on specific devices. Details about supported versions are documented here: http://oxpedia.org/wiki/index.php?title=AppSuite:OX_System_Requirements
The Service’s MTA server provides SMTP (Port 25) and SMTP-Auth (Ports 587,465) access for incoming and outgoing mails. The SMTP servers accept connections from clients and other email servers.
4.2.5. IMAP and POP
The Service allows users to access their email via POP and IMAP clients. The platform allows access via IMAP (Port 143), IMAPS (Port 993), POP3 (Port 110) and SPOP (Port 995). Both IMAP and POP support TLS, the network protocol and successor to SSL. Server-side filtering with SIEVE language is supported and can be configured independently by each user through web UI.
The Service supports TLS on all Internet-Facing Protocols. Within an individual data center (Intra-Data Center Protocols), data communication between server nodes is currently not encrypted.
5.1. Data Backup and Recovery
Data backup and recovery is handled differently depending on the type of application and data.
The user repository is backed up daily
The database containing contacts, calendar and tasks data is backed up daily
Mailbox data is fully stored in the object storage system and thus benefits from replication
OX Cloud data centers are SAS 70 and/or ISO 27001 compliant and available in Europe and the US. Also, Company’s internal processes, including the full stack of the Service operations are certified under ISO 27001.
The Service provides a built-in authentication service without the need for custom integrations. However, Company offers assistance for integrating with an SSO system. This is subject to prior alignment with Company in order to verify compatibility with the Service’s OIDC and SAML 2.0 implementation. The documentation is available here:
The UI can be configured according to Customer’s branding. Dynamic theming for the Service is available only via provisioning calls. Details about the branding capabilities are documented here: https://confluence-public.open-xchange.com/display/OASC/OX+Cloud+hands- on+theming
6.3. Snapshot API
The Snapshot API provides the Customer with an archive containing a Maildir++ structure of a user’s email folders at the time the API call is executed.
6.4. Domain Registration
The Service is registered under the domain appsuite.cloud and the respective endpoints for IMAP, POP, SMTP and CalDAV/CardDAV sharing functionality are registered as subdomains thereunder. Subject to availability, Customer may obtain an exclusive subdomain under *.appsuite.cloud.
6.5. Custom Endpoints
Subject to additional fees and dependent on Customer’s delivery of security certificates and third-party API keys for external storage access, Customer may alternatively order registration of the Service under its own domain(s) like e.g. customer-mail.com
OX Cloud requires the following pre-requisites to be available in order to make use of the Service. Customer is responsible for procuring, making available and fulfilling all requirements under this Section 7.
7.1. OX Provisioning API
To provision users for the different modules of the Service, the Customer needs to integrate its own provisioning system and a control panel for user and license management. The Service provides a SOAP OX Provisioning API to connect with the Customer’s provisioning system. On request, Open-Xchange can provide additional training and support on provisioning system integration for Customer’s teams, subject to additional fees. Details about the API are documented here: https://confluence-public.open- xchange.com/display/OASC/OX+Cloud+Provisioning+101
7.2. Customer onboarding
Customer must follow Company’s onboarding process in order to enable the provision of the OX Cloud Platform. OX provides login credentials to an onboarding portal prompting for the required information and data. Customer is required to provide the following information:
Customer’s Contact details
Contact email addresses for contractual and operational notifications (e.g. technical announcements, abuse warnings, support)
Whitlelist IP Addresses that are granted access to the Provisioning API
If and as far Customer chooses to use customization options like Custom Endpoints, Domain Registration and Authentication:
SSL/SAN Certificate for Customer’s login page domain
Custom endpoints for the server names (IMAP, SMTP, POP3, DAV, Guest User)
API keys for each integration of a third-party cloud storage service in OX Drive
Login page design assets: logo, product name, colors, favicon and home icon
imprint/impressum URL and privacy URL
optional “Learn More” hyperlink target URL pointing to Customer’s own product landing page (otherwise, OX’s standard landing page is targeted)
8. Platform Delivery Measures
The Service will be operated and managed following ITIL v3 best practices. Company updates the Service to new product versions following the product roadmap. As technology evolves, Company reserves the right to adjust the Service according to new trends in the market or newer technology available.
Company maintains one production environment and one staging environment. The staging environment is a smaller replica of a production environment for testing purposes which receives newer software versions before they are being rolled out to the production environment. It may be used by the Customer to test and ensure interoperability with other systems. The staging environment is only for internal use and not subject to any SLA. The Customer may not use the staging environment for production use.
All components of the Service are monitored using an internal toolchain and are also monitored externally from the internet (details are defined in the SLA). In case of failure, the monitoring system triggers alerts that inform Company personnel and provides statistical data for further analysis.