BER8 SER2

Contents

1 bxp software Release 8 Service Enhancement Release 2

1.1 Overview

As part of All n One's efforts for ongoing service enhancement and improvement of the bxp software platform, it is now time for a number of extensive infrastructure improvements.


The most important part of the process for this release is that you, the bxp user, will experience no change in any of your daily activities. This is purely a suite of back end enhancements.


For convenience this process will be referred to as SER2 for the remainder of this article.


1.2 Primary client impact changes

The only change visible to clients will be an IP address change. The IP address of ww3.allnone.ie will be changing from 82.195.135.134 to 82.195.138.166.


For testing purposes for a limited time the service will be available through http://ww4.allnone.ie/client/client_demo/main/login.asp though some operational differences explicitly regarding the SSL certificate and file references will be apparent (as ww4 is not the same as ww3, where current links point). The service will continue to use ww3. ww4 is for testing purposes only.


1.3 Infrastructure

The current bxp infrastructure is built on Windows Server 2003. This will become end of life in 2015 ( http://support.microsoft.com/lifecycle/search/default.aspx?alpha=Windows+Server+2003+R2 ).


All n One are "late majority" adopters of server operating systems ( http://yavvy.com/blog/wp-content/uploads/2012/07/crossing_chasm2.jpeg ) to ensure that most new release bugs have been ironed out.


The equipment on bxp is still operating at 3% to 4% of capacity but the longer equipment is in place the higher the percentage change of fail.


We have had 100% availability of the service since 2008 and we aim to keep delivering this high level of availability.


For these reasons, all bxp servers are to be upgraded to Windows Server 2008 R2 which will see us clear until 2019 ( http://support.microsoft.com/lifecycle/search/?alpha=windows+server+2008 )


It also means that our infrastructure on which these OS's are installed will be upgraded as well. The web tier of our infrastructure will enable virtualisation of 2 windows 2008 servers across three physical boxes. Our database server will be upgraded as well with a minimal lag mirroring server sitting immediately beside it. This reduces any impact of a motherboard failure.


As part of the security enhancements planned, all data on the database hard drives at rest will be encrypted. This is not applied to the web servers as they do not hold client data.


1.4 Databases

We are upgrading our database server software to the latest version of Oracle's MySQL. This provides a number of enhancements and has also seen the biggest adaptation of our solution.


In previous iterations of MySQL where a date time field is in a table and not specified in the query, it could be left out. More recent iterations of MySQL now require the date time field to be explicitly filled in, e.g. Not every outcome requires a callback. Therefore the callback date and time could be left blank. Now a date time must be specified and then handled. We have been working on code to handle all examples like this throughout bxp for the past 14 months.


We are improving the security of communications between the web and database servers by introducing an SSL connection internally between web and database server. This is also a requirement to upgrade the database server to the latest version as previous versions use OpenSSL 1.0 which is subject to the HeartBleed attack.


1.5 Scheduling

Over the last number of months All n One have been working on a Scheduling Heart Beat that can have numerous events attached to it. This heart beat is now in place and has been thoroughly tested. As part of the move to the new infrastructure this heart beat and ability to attach administrative, data and reporting events to it will become more and more available through the bxp front end.


1.6 Security

A number of new security features are now possible through the heart beat. The first is an ability to auto lock an account after 90 days if it hasn't been logged into. This ability will lock the account on a scheduled basis but the user will remain a live user. This option will not be turned on by default for all accounts, just those clients who explicitly request it.


To provide greater transparency to All n One operations, an audit log of All n One events on client systems will now be visible through the bxp front end.


1.7 Timeline

  • Mon August 18th reduce TTL on DNS records to allow for swift change over
  • Tues August 26th begin database snapshot transfer to new infrastructure
  • Wed August 27th data delta transfer to new infrastructure
  • Thurs August 28th data delta transfer to new infrastructure
  • Thurs August 28th at 23:50 update DNS records
  • Thurs August 28th stop IIS service on the Web Server of old infrastructure
  • Fri August 29th 00:01 operational go / no go on swap over completing successfully
  • Fri August 29th monitor manage and support
  • Mon September 1st all infrastructure changes in place and statement of confirmation to clients
  • Fri September 5th secure deconstruction and disposal of old infrastructure