Reliability and safety
An exceptionally high level of operational reliability inherent to the solutions created on the Ultimate Solid platform is the resultant interaction of various factors:
- own capabilities of the supporting Oracle DBMS, including the hardware redundancy schemes.
Incremental Backup, Read Only Physical Standby — for data securityMore details here
Row level security, Fine Granted Access — for controlling data access
Real Application Cluster — for providing seamless service access
- a 3-level application scheme: client stations DO NOT have the direct access to the database.
Even having full control over the client station, an overly curious person will not be able to get access to the data system. The database server is located in a separate network (usually in the remote data center) which is not available to the users of the system.
- ease of scaling to remove the performance limitations.
The data scheme is a mixed OLAP-OLTP scheme with multiple star-shaped formations. Thus, the system, on the one hand, does not suffer from the excess blocking, while, on the other hand, it allows for receiving real-time reports.More details here
The system can be easily scaled by either:
— the increase in the amount of disk surfaces on the main database server, or
— the addition of the backup servers for the reports’ calculation, or
— the addition of the new application servers to the cluster.
- developed system of allocation of Ultimate Solid access rights, always checked at the DBMS level with no possibility of a bypass.
Ultimate Solid allows controlling the access to objects (the lists of storehouses, contractors, offices) and specific entries: this role/user can have the access to read/edit/create/delete a specific entry — a particular office, storehouse or contractor.More details here
The access control system is implemented via the two independent platform instruments:
1. The branching mechanism (the internal terminology can refer to it as the authorization mechanism) combined with the rights’ union mechanism (or the “roles”) is a generalization of a traditional idea of rights.
The roles can be called rights, since they coincide in many cases. However, the use of a role mechanism makes it possible to implement much more complex variants of the restrict access schemes. In this case, the boundaries will depend solely on the imagination of the architect dealing with the business processes.
The system simplifies the administrator’s existence, bringing to disposal such tools as the merging of the several roles into one, the clear exclusion of a role (semantics — “to bestow the rights of a storekeeper without the right to run any inventory”), and the search engines that make it possible to find the users with specified roles, etc.
The basic idea of branching is that, depending on the presence or the absence of the role, one or another “branch” of the program code gets performed.
For example, a role may allow dispatching the goods to the client with an active debt.
2. Predicate apparatus (or line-level restrictions).
A predicate access mechanism allows setting the so-called predicates – the functions that always return either 0 or 1.
The predictive access lets the administrator formulating the restrictions of any degree of complexity: for example, to see only those documents that were created by the current user, or to see the contractors created by the colleagues from the same department, but to be able to edit only those created by oneself.
The ways to apply one’s imagination are, again, unlimited.
The platform records all the data changes, and you can always indicate the author of the changes that were introduced to any object of the system. The performance capacity is enough to make this important component not to affect the operating speed.
If excessive paranoia is necessary, you may even log the events of viewing.
- hack-resistance, inherent to the architecture.
The system does NOT store the data in the client applications (with the exception being made for the site — where the stored data is limited to the minimum necessary information for displaying the functional online catalog — which is, actually, public information by definition).More details here
The site ommunicates with the application server solely via the web-services and without having any access to the DBMS. Therefore, even in the event of a successful attack, the intruders will not get the access to the system database.
- guatanteed transactional integrity at the application server level. More details here
- minimizing of the potential for the deadlocks’ generation by using the internal platform means.
The insiders know what a demanding and complex operation the deadlock resolution is.More details here
Ultimate Solid sorts all the data change operations according to the internal codes, which excludes the possibility of intersection of variable data in two different transactions — thus significantly reducing the risk of a deadlock generation.
- continuous delivery methodology which is integral for the platform: the users are shielded from a regular disaster, which is typical of the usual practice of "rolling up" the cumulative changes every few weeks or months.
Are you familiar with the situation when, after updating the operating version of a system (that’s like surviving a fire and two floods already), the business processes are stalled due to the insufficient testing of the changes?More details here
Sure, you can blame the clumsy programmers’ hands and the testers’ sloppiness. However, this problem is quite a system one — the code errors are inevitable due to the human nature, and to ensure the full and comprehensive testing of a modified version of the system with an extensive amount of changes (directly following the rare updates) is such a complex and effort-consuming problem that it is virtually not-to-be-solved in the real world.
The built-in versioning Ultimate Solid system allows you to "run" the new functionality by the end users at once, in real conditions, and on a test layer. If errors occur, they simply switch to the working layer and continue feeling warm and fuzzy their work without interruption. Roll up your changes every day, if you want. New functionality that can make money right now – will start making money right now.
- encryption — the channel data is encrypted by AES — the symmetric block encryption algorithm adopted as a standard in the US.
- authentication according to the zero knowledge proof principle — the network does not transmit a password in any form, including the password hashes.