| 1.6.05 Technology Architecture: | | Applications are implemented using the most professional infrastructure architecture to deliver: | | 1. Business Continuity, | | 2. Security and Privacy |
| 1. Business Continuity: | | Applications have a key objective to deliver continual availability - every opportunity has been taken to eliminate downtime. | | Our Business Continuity Plan (BCP) percolates every hardware, software and network decision taken - where multiple servers are needed to eliminate a single point of failure, then that is cost justified. | | Backup, recover and restart are obsolete techniques that have been upgraded to Replicated Databases connected with encrypted Message Queues between multiple secure remote data centers. | | The BCP policy is that where at least six copies of all data is securely stored in remote data centers, the possibility of loosing any data is very small. As the number of data copies increase towards ten, the possibility of loosing any data decreases towards zero. |
| Message Queue: | | Applications operate across multiple secure remote data centers that are connected with encrypted message queuing technology - each change of data in one data center is automatically replicated in other data centers. | | Message queuing is asynchronous, so any transient network delay does not impact on any operational transaction. As a change is made to a database, that change is queued to be sent to other data centers in the next few seconds or minutes. Different types of data have different message queuing strategies ranging from one second to one day. |
| Replicated Databases: | | Applications are built on the back of mirror databases in multiple secure remote data centers - purpose built secure Internet backbone locations in different parts of the UK. | | As a database is updated, the update transaction is automatically propagated to mirror databases in other remote data centers. | | Each data center has its own massive database server that is a mirror of the database servers in other data centers. The Message queue delivers insert-update transactions that are logged and applied by an application server, just like locally processed transactions. As a policy, no delete transactions are ever processed on any database, other than by bespoke archive utilities operating in accordance with Data Protection Act regulation to archive data after at least seven years if it has exceeded its life cycle. |
| 2. Security and Privacy: | | Applications implement the most professional policies and infrastructure that it takes to prevent loss of data, corruption of data or overtyping of data. | | Three Tier Architecture is used with web servers, application servers and a database server connected via independent network switches so only the web servers are connected to the Internet firewall and all other servers are beyond the reach of hackers. | | Web servers operate in parallel from a load balancing firewall - as the amount of traffic increases, the number of web servers increase to maintain an acceptable processing time. The only services enabled on a web server are HTTP and HTTPS - these machines simply format HTML pages from data provided by an application server that is connected via a separate local network connection. | | Application servers operate in parallel from web servers switches - as the amount of traffic increases, the number of application servers increase to maintain an acceptable processing time. The only services enabled on an application server are COM - these machines request data from the database and process logic rules in accordance with the application requirement. | | Database Management Server is connected via a local network switch to the application servers - no physical access or other network access is permitted. The only thing that a DBMS can do is process approved SQL procedures issued by an application server - every other service is disabled to eliminate all vulnerabilities. |
| SSL and TLS: | | SSL means Secure Sockets Layer as the original cryptographic protocol used for web services. | | TLS means Transport Layer Security that activates the secure padlock on your web browser to indicate that you have established a secure encrypted connection to our data centers. | | TLS version 1.2 is the approved current version as ratified by standard RFC 5246. |
| Security Measures: | | Protection against a downgrade of the protocol to a previous less secure cipher suite. | | Numbering subsequent application records with a sequence number and using the sequence number in the message authentication codes. | | Using a message digest enhanced with a key so only the key-holder can check the message authentication codes. | | The message that ends the handshake sends a hash of all the exchanged handshaking messages seen by both parties. | | The function splits the input data in half and processes each one with a different hashing algorithm that are then merged to provide protection even if one of the algorithms is found to be vulnerable. |
| Dedicated Security Layers: | | Each dedicated server does one and only one job - every other service is disabled. Nobody has physical access to our server racks, except on-site engineers who may exchange one machine for another under our direction. | | No server has a print driver, has a USB driver, has a graphics driver, has a audio driver, has a CD driver or any other software that may become a vulnerability. | | No server has office, adobe or even an anti-virus program running - just a bare-bones operating system with 99% of things disabled. | | No data is stored on a web server or application server - data is only stored on the database server in its encrypted DBMS or as local text files. | | The database server is two physical layers of security away from the Internet, even if an hacker got into a web server, they could not see any data. |
| | | Encryption: | | 2048 bit root key encryption is the very best available in the commercial world. | | 256 bit message key encryption is as secure as a commercial web service can become without being classified as a weapon of war. |
| Monitoring: | | We provide SSL and TLS to ensure that all messages flowing over the public internet are encrypted in a way to prevent eavesdropping, tampering or monitoring. | | Each ISP has a legal obligation to record all Internet traffic, but where that traffic is protected by SSL and TLS, those ISP recording have no value. |
| Browser Technology: | | All modern browsers fully support TLS. | | Apple Safari supports TLS but does not state what version. Safari uses Max OS X for its implementation. | | MS Internet Explorer supports TLS version 1.2 using Windows XP, Vista or Windows-7 software. | | Opera supports TLS version 1.2. | | Mozilla Firefox supports TLS version 1.0, but not 1.1 or 1.2. |
| HTML5: | | SIS has been delivered using the very latest HTML5 standards, but not all browsers support all HTML5 facilities. | | Professional IT development has set a best practice rule to minimize printing and to only print one page documents, even if a set of one page documents needs to be printed. | | How a user chooses to configure their local computer, browser and printer cannot be predefined and cannot be controlled, so the only practical solution is to only ever print one page documents that are a subset of both A4 and American Legal paper size. | | Many browsers are locked into an American paper handling configuration where the user is not permitted or does not choose to configure for European paper sizes. | | Specifically, "PAGE - BREAK - AFTER : ALWAYS" cannot be trusted to work for all users in any commercial application. |
| Redundancy: | | Each purpose built data center is directly connected to the Internet backbone using extremely fast network switches. | | Two independent power supplies provide continual electicity in the event of one sub-station failure, diesel generators can be switched on when both power supply fail and our server rack can run for almost one hour from its UPS battery pack. | | A typical rack configuration is the Internet firewall providing load-balancing to three web servers that are switched to two applications servers that are switched to the database server running RAID mirroring with two complete copies of all data. | | As traffic increases, extra web servers can be switched in and they can be switched out as traffic reduces. A web server failure cannot causes an interuption to the business. | | Application servers can be switched in and out so a machine failure will not interupt the business. A database server failure will trigger a switch to one fo the other data centers that have an up to date mirror of all data. |
|