System Architecture

Technical Specifications

  • AlphaWeb’s infrastructure is 100% upgraded to Google Cloud.
  • The application is accessed through the web interface via a browser.
  • The connection channel between the browser and the server is encrypted with TSL / SSL over the HTTPS protocol.
  • The application is highly secured against cross-site scripting attacks as well as CSRF (Cross-site request forgery).
  • All systems (applications & databases) are within a VPC (Virtual Private Cloud) network in Google Cloud.
  • Databases are inaccessible outside this system.

Reference: https://cloud.google.com/vpc/docs/concepts

Hosting

  • The front-end server is separated from the client database.
  • Server Features:
    • Hosted in Google Cloud
    • Microsoft Windows Server 2019 Datacenter
    • Parameters scale (RAM, CPU) automatically, depending on the load

Reference: https://cloud.google.com/compute/docs/instances/windows/

Database features

  • Each client’s data is stored in a separate database, independent of the system and the data of other clients.
  • The database is hosted on a Linux instance – Ubuntu 18.04 LTS, with independent resources.
  • Instances are equipped with scripts for self-management, scheduling backups etc.

Reference: https://cloud.google.com/compute/docs/quickstart-linux

Access management

  • Software login system is provided with “User” and “Password” credentials.
  • Passwords are stored in a one-way encryption database to make it impossible to find users’ passwords.
  • Alphaweb provides a mechanism for managing detailed rights for various functionalities. In this way each user has access only modules or reports previously assigned by an administrator user.
  • Two Factor Authentication via QR code scanner using Google Authenticator.
  • Provides the ability to define detailed authorizations to which user or role can view, manage an account, a particular item or environment.
  • It offers the possibility that a particular user can only view his actions and not the actions of other users.
  • Provides the application of different password policies.
  • Provides the ability to save your password history.
  • Provides the ability to set a certain number of password history to save.
  • Enables the creation of complex passwords. A complex password is that password that contains at least two of the following elements: a capital letter, a number, or a special character.
  • Enables or disables the user from resetting their password via email.
  • Enables the user to change the password after the next login.
  • Enables the password to expire after a certain number of days.
  • Enables setting days for password expiration.
  • Allows you to set the minimum length for a password.
  • Deny users to log in, when they try multiple times by entering the wrong password.
  • Allows you to specify the number of attempts allowed for a password incorrect user. Not only the number of attempts but also how many sessions of attempts.
  • The application records any creation, deletion or modification of any entity.
  • Enables recording of the date, time, users and IP of any performed action.
  • Enables action history so that documents can be viewed as they were prior to modification.

Backup

  • The data is stored daily in Google Storage Browser, via an automatic process.
  • For historical reasons in customer support, the data is available for 7 days.
  • Backups can be scheduled on Google Drive or the client’s DropBox at the same frequency.

Reference: https://cloud.google.com/storage/docs/concepts