AGTEK R & D Wiki

User Tools

Site Tools

Trace: trackwork_server internet_key_tasks access_web_application key_tamper_detection internet_key_system server2017tasks accessweb2overview access_server_2013_robustification_project
access:access_server_2013_robustification_project

This is an old revision of the document!

Table of Contents

Access Server 2013 Robustification Project

The Access/License server has been running fine for several years but it has become apparent that the system is vulnerable to some “single point of failure” conditions.

Problems

There are many potential problems with the current Access server architecture. In a rough order of severity they are:

  • Complete region failure (rare, but something close to this happened in 2010 or 2011)
  • RDS or EC-2 instance failure (has happened in 2011 and 2012, about once per year)
  • AWS fabric failure (at least once per year), e.g. S3, network, virtual host failure
  • Storage and retrieval failures, mostly experienced by the Agtek Access Java Client
  • Potential black hat attacks (mainly on the AccessWeb application)
  • Client failures (losing keys)

Possible Solutions

Virtual Machine failure recovery strategies

  • Quick reboot - Available via the AWS management console.
  • Quick instance recreation - Either:
    • scripted in command lines tools on dev.agtek.com or
    • built into the AccessSupport tool (NOT keyforge)
    • Scripting is easy, but not easy to transfer the skills to another person
    • Building into the support tool makes them easy to use, but not as easy to adapt for future changes.

Recreate RDS, EC2 constellation in new region

  • Quick instance recreation (as in last section): allow region specifier
  • Migrate EBS / RDS instances : cross region migration/snapshot.

Security issues:

  • Implement https for web application
  • Add a security analyzer to look for anomalies and send alerts
  • Include failure (404, 501, bad login) attempts in auto security analysis

Monitoring:

  • Increase real time monitor goals to include:
    • Real time connection monitoring
    • Operation duration

Possible Track items to consider at the same time

  • Move track storage to S3, integrate with Access Files.
  • Integrate track api with regular API?
  • Drop support for firmware loads on devices (old grey boxes).

Server Architecture Improvements

The following areas are routine maintenance items and/or feature requests that need to be done. The timing is right to do these at the same time as the other efforts.

  • Upgrade the server infrastructure to the latest Java 7
  • Add wildcard search to admin api for users
  • Routine update of AMI Linux server upgrades (security)
  • Possible update of entire Linux AMI (2013-03 variant released).
access/access_server_2013_robustification_project.1365015994.txt.gz · Last modified: 2013/04/03 19:06 by mjallison

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki