Overview: Perbedaan revisi
(→Security) |
|||
Baris 3: | Baris 3: | ||
==Security== | ==Security== | ||
− | ===Access security=== | + | ====Access security==== |
The Virtual Private Cloud allows computers within the could to communicate between themselves rapidly and easily, while blocking all access from outside the VPC. Access is controlled by a single, highly secure NAT server. | The Virtual Private Cloud allows computers within the could to communicate between themselves rapidly and easily, while blocking all access from outside the VPC. Access is controlled by a single, highly secure NAT server. | ||
Baris 10: | Baris 10: | ||
Administrative access through the NAT server is controlled using digital certificates. | Administrative access through the NAT server is controlled using digital certificates. | ||
− | ===Data security and redundancy=== | + | ====Data security and redundancy==== |
The iSIKHNAS database runs on a single master database, with multiple slave databases providing real-time replication. Some of the slaves are always in a different physical location to the master. In case of failure of the master, one of the slaves is automatically promoted to be the master, resulting in down-time of only a few seconds. | The iSIKHNAS database runs on a single master database, with multiple slave databases providing real-time replication. Some of the slaves are always in a different physical location to the master. In case of failure of the master, one of the slaves is automatically promoted to be the master, resulting in down-time of only a few seconds. | ||
In addition to database replication, the full system is automatically backed up every 12 hours and stored in replicated off-site storage. | In addition to database replication, the full system is automatically backed up every 12 hours and stored in replicated off-site storage. | ||
− | The VPC is spread across two security zones, representing different physical locations, with servers and queues replicated in each zone. This means that should there be a catastrophic failure of an entire data centre, the system will continue to run uninterrupted. | + | The VPC is spread across two security zones, representing different physical locations, with servers and queues replicated in each zone. This means that should there be a catastrophic failure of an entire data centre, the system will continue to run uninterrupted. |
− | |||
==Servers== | ==Servers== |
Revisi per 2 September 2014 13.56
Daftar isi
iSIKHNAS Server Infrastructure
iSIKHNAS is hosted in a Virtual Private Cloud (VPC) on Amazon Web Services (AWS) cloud servers. The VPC consists of a number of different components (servers, queues, storage) that expand and contract according to need.
Security
Access security
The Virtual Private Cloud allows computers within the could to communicate between themselves rapidly and easily, while blocking all access from outside the VPC. Access is controlled by a single, highly secure NAT server.
All communications with iSIKHNAS are encrypted using secure industry standard Transport Layer Security (TLS) encryption, preventing interception of any data exchanged between the user and the VPC.
Administrative access through the NAT server is controlled using digital certificates.
Data security and redundancy
The iSIKHNAS database runs on a single master database, with multiple slave databases providing real-time replication. Some of the slaves are always in a different physical location to the master. In case of failure of the master, one of the slaves is automatically promoted to be the master, resulting in down-time of only a few seconds.
In addition to database replication, the full system is automatically backed up every 12 hours and stored in replicated off-site storage.
The VPC is spread across two security zones, representing different physical locations, with servers and queues replicated in each zone. This means that should there be a catastrophic failure of an entire data centre, the system will continue to run uninterrupted.
Servers
The VPC Database Web Messaging Processing Reporting
Storage
Buckets