The bxp software (bxp) infrastructure is a multi-tier design to delivery high availability with our own private infrastructure within Amazon Web Services. Bxp_software_in_AWS_Cloud_Services

bxp is built on a WAMA stack (Windows, AWS, MySQL, ASP).

For more information on stacks | Stack Information

AWS provide numerous high level interconnects to provide redundant Internet connectivity.

At no point in communication of data does the data leave an encrypted state, even data at rest.

1. Security
2. Load Balancing
3. Web
4. Database

2.1 Security

The firewalls are implemented using Cisco ASA 5512.

2.2 Load Balancing

The load balancers are implemented using CentOS on a virtualised basis.

2.3 Web

The web servers are implemented using Windows Server 2012 R2 x64 on a virtualised basis.

2.4 Database

The database servers are implemented using Windows 2012 R2 x64 on a dedicated rack server basis.

3.1 Data Segregation

Within this common infrastructure data segregation is key. Though the solution uses a common infrastructure, logically the data is completely segregated. This segregation occurs at a web and database level.

This area is often referred to as multi-tenancy or multitenancy. Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers. Each customer is called a tenant. In the case of bxp, the software does share common functionality, but each system is a separate instance, as is each separate database. Wikipedia - Multitenancy

3.2 Web segregation

Each client is given their own unique folder within the web structure. Our demo system has the link https://ww3.allnone.ie/client/client_demo/main/login.asp. The client_demo part segregates the web file infrastructure uniquely. Each client has their own folder structure which is independent of all other systems.

A set group of unique identifiers hard coded at the web layer ensures that database connections are only possible to one client database at a time. This is encoded into all operational pages of the solution.

3.3 Database segregation

Each client has their own separate database. Each database begins with a common suite of tables making up the database structure independent of all other databases. As content is added each database grows according to the specific client needs.

Each database is combined with the web segregation to provide full and unique audit trails for all interactions with that database. This is part of the design of the bxp solution.

Backups of databases are unique to each client and encrypted separately. Bxp_Backups

Strong security and operational procedure controls ensure this segregation is maintained by all personnel with access. All interactions are auditable.

3.4 Server Patching Process

Servers are checked for patches and updates daily.  These updates are downloaded and installed as soon as they are spotted. The restart for the updates and patches to take effect is executed nightly.

The database server is the one exception where as updates are installed weekly and implemented weekly.