Skip to main content
Add-ons are optional platform capabilities that customers can enable to extend the core Grand Central iPaaS offering. These features address specific requirements around high availability, connectivity, security, and compliance that go beyond the standard platform configuration.

Available add-ons

DDoS network protection

Grand Central includes application-layer (Layer 7) DDoS protection by default through the Web Application Firewall (WAF), which guards against threats such as HTTP floods, Slowloris, and DNS query floods.This add-on extends protection to Layer 3 and Layer 4 with network-level DDoS mitigation, defending against infrastructure-level attacks that target the network below the application layer.What it protects against:
  • Volumetric attacks: UDP floods, ICMP floods, amplification attacks
  • Protocol attacks: SYN floods, SYN-ACK floods, ACK floods
How it works: Traffic patterns are continuously monitored using machine learning to establish your normal baseline. When anomalous patterns are detected, malicious traffic is automatically diverted to scrubbing centers while legitimate traffic flows through uninterrupted.Benefits:
  • Always-on monitoring with 24/7 traffic analysis
  • Adaptive tuning that learns your traffic baseline
  • Real-time attack metrics, analytics, and alerting

VPN Gateway

Grand Central supports secure site-to-site VPN connectivity to customer backend systems. VPN gateways are provisioned per environment based on your requirements:
  • Non-production: Shared gateway for development, test, and staging environments
  • Production: Dedicated gateway for production workloads
  • Disaster recovery: Dedicated gateway for DR environment
What it provides:
  • Encrypted tunnels: IPSec site-to-site connectivity between Grand Central and customer networks
  • Network isolation: Private, dedicated connectivity without exposing traffic to the public internet
  • Multi-environment support: Separate gateways per environment for network segmentation
How it works: VPN gateways establish encrypted IPSec tunnels between Grand Central and the customer network. Traffic is routed through these tunnels, ensuring all data in transit remains encrypted and isolated from the public internet.Active-Active configurationFor higher availability, VPN gateways can be deployed in an Active-Active configuration with redundant instances across separate availability zones and BGP-based routing. This eliminates the gateway as a single point of failure.Active-Active benefits:
  • Automatic failover without requiring full DR activation
  • Survives a full availability zone failure
  • Higher aggregate throughput across two active instances
  • No connectivity disruption during planned maintenance
Requirements:
  • Customer-side network must support BGP (Border Gateway Protocol) for Active-Active configuration

Requesting an add-on

Contact your Backbase account team to discuss add-on availability and enablement for your environment.