System Architecture
Technical Specifications
- AlphaWeb’s infrastructure is 100% upgraded to Google Cloud.
- The application is accessed through the web interface via a browser.
- The connection channel between the browser and the server is encrypted with TSL / SSL over the HTTPS protocol.
- The application is highly secured against cross-site scripting attacks as well as CSRF (Cross-site request forgery).
- All systems (applications & databases) are within a VPC (Virtual Private Cloud) network in Google Cloud.
- Databases are inaccessible outside this system.
Reference: https://cloud.google.com/vpc/docs/concepts
Hosting
- The front-end server is separated from the client database.
- Server Features:
- Hosted in Google Cloud
- Microsoft Windows Server 2019 Datacenter
- Parameters scale (RAM, CPU) automatically, depending on the load
Reference: https://cloud.google.com/compute/docs/instances/windows/
Database features
- Each client’s data is stored in a separate database, independent of the system and the data of other clients.
- The database is hosted on a Linux instance – Ubuntu 18.04 LTS, with independent resources.
- Instances are equipped with scripts for self-management, scheduling backups etc.
Reference: https://cloud.google.com/compute/docs/quickstart-linux
Access management
- Software login system is provided with “User” and “Password” credentials.
- Passwords are stored in a one-way encryption database to make it impossible to find users’ passwords.
- Alphaweb provides a mechanism for managing detailed rights for various functionalities. In this way each user has access only modules or reports previously assigned by an administrator user.
- Two Factor Authentication via QR code scanner using Google Authenticator.
- Provides the ability to define detailed authorizations to which user or role can view, manage an account, a particular item or environment.
- It offers the possibility that a particular user can only view his actions and not the actions of other users.
- Provides the application of different password policies.
- Provides the ability to save your password history.
- Provides the ability to set a certain number of password history to save.
- Enables the creation of complex passwords. A complex password is that password that contains at least two of the following elements: a capital letter, a number, or a special character.
- Enables or disables the user from resetting their password via email.
- Enables the user to change the password after the next login.
- Enables the password to expire after a certain number of days.
- Enables setting days for password expiration.
- Allows you to set the minimum length for a password.
- Deny users to log in, when they try multiple times by entering the wrong password.
- Allows you to specify the number of attempts allowed for a password incorrect user. Not only the number of attempts but also how many sessions of attempts.
- The application records any creation, deletion or modification of any entity.
- Enables recording of the date, time, users and IP of any performed action.
- Enables action history so that documents can be viewed as they were prior to modification.
Backup
- The data is stored daily in Google Storage Bucket, via an automatic process.
- For historical reasons in customer support, the data is available for 7 days.
- Backups can be scheduled on Google Drive or the client’s DropBox at the same frequency.