WheelHouse Architecture & Security Overview

Cloud Computing

Customers and prospects often ask about our “technology strategy”.  While it is usually a brief discussion, we thought the following description would shed light on our strategy, how we got to this point, and where we are going.

When we started WheelHouse, we wanted to build a maintenance management platform that was easy to use, reasonable cost, and didn’t require customers to worry about software installs, backups, or hard drive crashes.  We found that almost everyone using a computer knew how to browse the web and point-and-click their way through online applications with little or no training (ease of use).  Due to the high cost of software distribution and maintenance, as well as the cost and inconvenience of data loss, we felt the days of installed software running on client’s computers were numbered.  And finally, we could keep licensing/subscription costs at a reasonable level by leveraging the wealth of open source software components.  Cloud technology also offers instant scalability providing more computer power, storage, and bandwidth. 

Of course, we weren’t the only ones!  Today, the Worlds leading applications are available online for the same reasons, including Salesforce.com, Facebook, Quickbooks, and thousands of others.  Referred to using terms like “Software as a Service” (SaaS), “Cloud Computing”, and other abstract references, we know that this approach provides a reliable and low cost way to deliver applications that cannot be equaled in the old distributed software world.

What this means to our customers is they can manage their maintenance, spare parts, and documents from any web-connected computer in the world without ever worrying about data backups, software downloads, and hidden costs in new releases.

 

Our Architecture - Rackspace

Network

  • Network will be available 99.5% of the time in a given month, excluding scheduled maintenance.
  • To provide multiple redundancies in the flow of information to and from our data centers, we partner with nine network providers.
  • Every fiber carrier must enter our data centers at separate points. This is to protect from complete service failures caused by an unlikely network cut.
  • Fast and reliable network connections because Proactive Network Management methodology monitors route efficiency and end-user performance, automatically improving the network's topology and configuration in real-time.
  • The network's configuration, co-developed with Cisco, guards against any single points of failure at the shared network level.

Physical Security

  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitor access to every data center.
  • Only authorized data center personnel are granted access credentials to data centers. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.
  • Every data center employee undergoes multiple and thorough background security checks before they're hired.

Precision Environment

  • Every data center's HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure.
  • Every 90 seconds, all the air in data centers are circulated and filtered to remove dust and contaminants.
  • Advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.

Conditioned Power

  • Should a total utility power outage ever occur, all data centers' power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.
  • UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.
  • If an extended utility power outage occurs, routinely tested, on-site diesel generators can run indefinitely.

Core Routing Equipment

  • Only fully redundant, enterprise-class routing equipment is used in Rackspace data centers.
  • Fiber carriers enter data centers at disparate points to guard against service failure.

Network Technicians

  • Networking and security teams working in our data centers are certified. It is required that they be thoroughly experienced in managing and monitoring enterprise level networks.
  • Certified Network Technicians are trained to the highest industry standards.

Security

  • Passwords are encrypted through 128-bit encryption for secure access and multiple access levels are available.  All changes to key data is tracked through log functions. 

Data Backup & Recovery

Backup

  • Hourly – A snapshot of the data is taken every hour on the production server.
  • Daily – A daily snapshot of the data and web files is taken once a day on the production server.  A history of 7 days is retained is located in a numbered directory respective to the day.  Once a day, the most current web files and database backup is copied to a remote server. 
  • Weekly – A weekly snapshot of the data and web files is taken once a week on the production server.  A history of 8 weeks is retained and is located in a numbered directory respective to the week.

Recovery

  • In case of failure at the Host, Server or Directory level, the web files and database can be rebuilt from any of the latest backups.
  • If a single user’s data, vessel, etc… needs to be rebuilt, this is completed by building their data separate from the production environment, then take that data to insert back into the production database.

Application Architecture

Application

  • The WheelHouse web application is built on the time-tested and robust PHP Web Application Framework that offers quick time-to-market deliverables, flexibility and security.
  • The front end, user-facing pages, use such cutting edge technologies as JQuery, HTML5 and CSS3.

Hardware

  • The application data is secure stored in MySQL Database which is completely decoupled from the application server and exists on its own VM (Virtual Machine)
    • MySQL server is completely inaccessible to the outside world – operates only on the internal RackSpace network.
    • With regular monitoring and its own backup schedule, the database is completely isolated and safe against server crashes, etc.
    • Database server has multiple levels of access including full access user, read/only user and application user.
    • MySQL Server utilizes a Raid 10 High Availability Group database with Replica.  User data is securely stored on the CBS (Cloud Block Storage Device), on the fast and reliable SSD drives at RackSpace that is regularly backed up and monitored.

Build Environment

  • WheelHouse has two environments – Staging and Production that are being automatically updated and managed by the Jenkins Contiguous Integration Server.
  • The code is securely kept within BitBucket source code repository.
  • Jenkins Continuous Integration Server provides a fully automated deployment of codebase to specified environments while keeping the Management and Development Teams constantly up to date on the application deployment progress.

Secure Communication

  • All WheelHouse environments have fully configured and enabled SSL support, which means all the user communications are fully secure and encrypted at all times.
Posted in WheelHouse Release Notes.