| 4.6 Ops
01. Three Tier Architecture | |
|---|
| 1. Three Tier Architecture: | | 1. The world have specified that the safest and most effective hardware structure needed to operate web-based application services is known as the "Three Tier Architecture". The classic three tiers are known as:- | | (1) Web layer of web request validation and presentation server. | | (2) Application layer of business logic server. | | (3) Database stored procedure, encryption and replication server. | | 2. In practice, many more servers are deployed with security built in to each server being dedicated to one and only one service. |
| 2. Physical Rack: | | 1. Battery with 24 volt distribution. | | 2. IDS Intrusion Detection Server. | | 3. Load Balancing Firewall Server. | | 4. Web Servers (three). | | 5. Application Servers (two). | | 6. Database Server. | | 7. Network Attached Storage Server. | | 8. Email Server. | | 9. Bastion Server. |
| 3. Recycled: | | 1. A rack is built and deployed to be unchanged for just over one year - it is then replaced and the old rack torn down and parts recycled. | | 2. Each data centre will house two or three racks - many data centres are better than more racks in the same data centre. | | 3. Eliza operating system software is not expected to be patched withinin its one year life cycle. | | 4. A server is a motherboard with processor, memory, solid state disk, rotating disk and up to three Ethernet ports - no power supply, no graphics, no tin box. | | 5. Thermal camera is used to detect hot spots where a component needs to be replaced - physical cleaning is not permitted. | | 6. Security is built-in to this physical architecture to eliminate the possibility of a backdoor. | | 7. High speed Internet tunnels are used to ship encrypted replicated data from data centre to data centre and to other racks. | | 8. Racks can be cooled by spraying very clean water over the entire rack - only 24 volts are involved. | | 9. Fire risks are minimised by truncking all cables so they cannot burn - massive heat sinks replace CPU fans. |
| 4. Software Defined: | | 1. The rack must be able to operate for about one hour without power - topped up with solar power and overnight cheap electricity. | | 2. Each server has one and only one purpose - locked down so it cannot do anything else. | | 3. Eliza operating system software is normally a fork from IBM Web Sphere Centos - where the OSS has been proven to have one years operational life without any issues. | | 4. A server has no screen, no keyboard, no media and no USB ports - only Ethernet connections. | | 5. Eliza OSS does not need any hardware drivers that could become a security vulnerability. | | 6. No application software can run on any server - XLS and PDF files cannot be opened. | | 7. Each rack may be viewed as an integrated assembly that is software defined and relatively unchangable. | | 8. For operational reasons, each rack has four assigned IP addresses. | | 9. RAID hard disks are not used - the failure rate of SSD and rotating disks are negligible for the one year life cycle. | | 10. Simple low-power processors are used with no more than four cores - software cannot run more than four threads. | | 11. Whole disk encryption is applied to every rotating disk and solid state disk. | | 12. Servers can only communicate with secure remote procedure calls (RPC). | | 13. Malware cannot be downloaded. installed or executed - anti-virus is not needed. |
| 5. Logical Connections: | | 1. The Internet is connected to the IDS and firewall. | | 2. The firewall balances traffic to each web server. | | 3. Web servers are router connected to application servers. | | 4. Application servers are router connected to database servers, NAS and email server. | | 5. Firewall is connected to email server. | | 6. Firewall is connected to bastion server. | | 7. Bastion server is connected to each other server for Eliza knowledge management. | | 8. Network management in the firewall is dynamically controlling all these logical connections. | | 9. IDS is connected to email server. |
| 5. Data Sovereignty: | | 1. In the good old days, data was stored in a physical location that criminals could attack. | | 2. Today, data is stored everywhere and nowhere - because its excessively encrypted, who can say where specific data is physically stored. | | 3. Physical access to any server in any data centre will show a lot of meaning less numbers, but no data that can be identified. | | 4. Now everything is just a string of numbers, who can say where the customer records are stored. | | 5. It is not possible to have a data breach, because personally identifiable information does not exist and so it cannot be stolen. | | 6. Laws state that information about people cannot be copied outside a country, but long strings of meaningless numbers can be physically located anywhere in the world. | | 7. Encryption technology has implemented and exceeded national laws by eliminating Personally Identifiable Information (PII). |
| 6. Large Number of Data Centres: | | 1. When we got to 10 data centres, it was imagined that business continuity issues were solved and no more data centers woul be needed. | | 2. We can now see merit in hundreds and thousands of data centres working together as a single unstoppable entity. | | 3. Swarm concepts are evolving to improve business continuity, improve availability and improve reliability. | | 4. It can be shown that the intelligence of the swarm is greater than the intelligence of any one server. | | 5. When encrypted data is stored in many hundreds of countries, national governments will need to rethink laws that imagine data as readable paper records. | | 6. A fallback position may be that encryption is illegal in some countries, but data will simply migrate to other countries. |
|
|