The Access/License server has been running fine for several years but it has become apparent that the system is vulnerable to some “single point of failure” conditions.

There are many potential problems with the current Access server architecture. In a rough order of severity they are:

• Complete region failure (rare, but something close to this happened in 2010 or 2011). Fortunately the S3 buckets are not specific to a region.
• RDS or EC-2 instance failure (has happened in 2011 and 2012, about once per year)
• AWS fabric failure (at least once per year), e.g. S3, network, virtual host failure
• Storage and retrieval failures, mostly experienced by the Agtek Access Java Client
• Lack of Track redundancy due to them being stored in instance specific storage.
• Potential black hat attacks (mainly on the AccessWeb application)
• Through put of operations, appears to be DB related.
• Client failures (losing keys)

Virtual Machine failure recovery strategies

• Quick reboot - Available via the AWS management console.
• Quick instance recreation - Either:
  • scripted in command lines tools on dev.agtek.com or
  • built into the AccessSupport tool (NOT keyforge)
  • Scripting is easy, but not easy to transfer the skills to another person
  • Building into the support tool makes them easy to use, but not as easy to adapt for future changes.

Recreate RDS, EC2 constellation in new region

• Quick instance recreation (as in last section): allow region specifier
• Migrate EBS / RDS instances : cross region migration/snapshot.

Security issues:

• Implement https for web application
• Add a security analyzer to look for anomalies and send alerts
• Include failure (404, 501, bad login) attempts in auto security analysis

Monitoring:

• Increase real time monitor goals to include:
  • Real time connection monitoring
  • Operation duration

• Move track storage to S3, integrate with Access Files.
• Integrate track api with regular API?
• Drop support for firmware loads on devices (old grey boxes).

The following areas are routine maintenance items and/or feature requests that need to be done. The timing is right to do these at the same time as the other efforts.

• Upgrade the server infrastructure to the latest Java 7
• Add wildcard search to admin api for users
• Routine update of AMI Linux server upgrades (security)
• Possible update of entire Linux AMI (2013-03 variant released).
• Performance improvements: add index to problematic tables (licence, licenseuser, licenselog).
• Add licenselog pruning.
• File/Folder level permissions.