Reliability and safety

An exceptionally high level of operational reliability inherent to the solutions created on the Ultimate Solid platform is the resultant interaction of various factors:

• own capabilities of the supporting Oracle DBMS, including the hardware redundancy schemes.
  Incremental Backup, Read Only Physical Standby — for data security
  
  Row level security, Fine Granted Access — for controlling data access
  
  Real Application Cluster — for providing seamless service access        
  
  
  More details here
• a 3-level application scheme: client stations DO NOT have the direct access to the database.
  Even having full control over the client station, an overly curious person will not be able to get access to the data system. The database server is located in a separate network (usually in the remote data center) which is not available to the users of the system.
• ease of scaling to remove the performance limitations.
  The data scheme is a mixed OLAP-OLTP scheme with  multiple star-shaped formations. Thus, the system, on the one hand, does not  suffer from the excess blocking, while, on the other hand, it allows for  receiving real-time reports.
  The system can be easily scaled by either:
  — the increase in  the amount of disk surfaces on the main database server, or
  — the addition of the backup servers for the reports’ calculation, or
  — the addition of the new application servers to the cluster.
  
  More details here
• developed system of allocation of Ultimate Solid access rights, always checked at the DBMS level with no possibility of a bypass.  
  Ultimate Solid allows controlling the access to  objects (the lists of storehouses, contractors, offices) and specific entries: this role/user can have the access to read/edit/create/delete a specific entry — a particular office, storehouse or contractor.
  The access control system is implemented via the two  independent platform instruments:
  
  1. The branching mechanism (the internal terminology  can refer to it as the authorization mechanism) combined with the rights’ union  mechanism (or the “roles”) is a generalization of a traditional idea of rights.
  The roles can be called rights, since they coincide in  many cases. However, the use of a role mechanism makes it possible to implement  much more complex variants of the restrict access schemes. In this case, the boundaries  will depend solely on the imagination of the architect dealing with the business  processes.
  The system simplifies the administrator’s existence, bringing to disposal such tools as the merging of the several roles into one, the clear exclusion of a role (semantics — “to bestow the rights of a  storekeeper without the right to run any inventory”), and the search engines that  make it possible to find the users with specified roles, etc.
  The basic idea of branching is that, depending on the  presence or the absence of the role, one or another “branch” of the program code  gets performed.
  For example, a role may allow dispatching the goods to  the client with an active debt.
  
  2. Predicate apparatus (or line-level restrictions).
  A predicate access mechanism allows setting the  so-called predicates – the functions that always return either 0 or 1.
  The predictive access lets the administrator formulating  the restrictions of any degree of complexity: for example, to see only those  documents that were created by the current user, or to see the contractors  created by the colleagues from the same department, but to be able to edit only  those created by oneself.
  The ways to apply one’s imagination are, again, unlimited.
  
  The platform records all the data changes, and you can  always indicate the author of the changes that were introduced to any object of  the system. The performance capacity is enough to make this important component  not to affect the operating speed.
  If excessive paranoia is necessary, you may even log the  events of viewing.
  
  More details here
• hack-resistance, inherent to the architecture.
  The system does  NOT store the data in the client applications (with the exception being made  for the site — where the stored data is limited to the minimum necessary  information for displaying the functional online catalog — which is, actually, public information by definition).
  The site  ommunicates with the application server solely via the web-services and without  having any access to the DBMS. Therefore, even in the event of a successful  attack, the intruders will not get the access to the system database.
  
  More details here
• guatanteed transactional integrity at the application server level. More details here
• minimizing of the potential for the deadlocks’ generation by using the internal  platform means.
  
  The insiders know what a demanding and complex operation the deadlock resolution is.
  Ultimate Solid sorts all the data change operations according to the internal codes, which excludes the possibility of intersection of variable data in two different transactions —   thus significantly reducing the risk of a deadlock generation.
  
  More details here
• continuous delivery  methodology which is integral for the platform: the users are shielded from a regular disaster, which is typical of the usual practice of "rolling up" the cumulative changes every few weeks or months.
  Are you familiar  with the situation when, after updating the operating version of a system (that’s  like surviving a fire and two floods already), the business processes are  stalled due to the insufficient testing of the changes?
  Sure, you can  blame the clumsy programmers’ hands and the testers’ sloppiness. However, this  problem is quite a system one — the code errors are inevitable due to the human nature, and to ensure the full and comprehensive testing of a modified version of the system with an extensive amount of changes (directly following the rare updates) is such a complex and  effort-consuming problem that it is virtually not-to-be-solved in the real  world.
  The built-in versioning Ultimate Solid system allows you to "run" the new  functionality by the end users at once, in real conditions, and on a test layer. If errors occur, they simply switch to the working layer and continue feeling  warm and fuzzy their work without interruption. Roll up your changes every  day, if you want. New functionality that can make money right now – will start making  money right now.
  
  More details here
• encryption — the channel data is  encrypted by AES — the symmetric block encryption algorithm adopted as a  standard in the US.
• authentication according to  the zero knowledge proof principle — the network does not transmit a password  in any form, including the password hashes.