Isolocity is a web based application that securely stores all manufacturing data, for auditing and reporting purposes. The system uses a completely distributed architecture through Amazon Web Services, using it’s newly launched Canadian region and availability zones.
Isolocity Architecture Overview
API and REST Based Design
The API is build with a fully REST based design principals, using nested objects and controllers, for a truly RESTful nature. Our front-end clients that connect to this system require a true REST based system, and maintaining this standard helps keep development streamlined and consistent.
Integrations are made easy with ISOlocity because of it’s reliance on convention over conﬁguration. Our API makes data easily to import data into our system, or send data to outside systems that consume JSON feeds.
Front End and Desktop Apps
Ember relies on strong conventions that it uses. Controllers, Models, Views, Components, and Templates, are all kept in a speciﬁc place. This helps our development team maintain consistency, and allows new people to be brought onboard much quicker.
Data and Files
Keeping our clients data safe, is a top priority at ISOlocity. We take advantage of Amazon’s RDS service, so we can get by the second read-write duplication, across multiple Availability zones. These availability zones are maintained across several data centres in your country, so your data is never exposed to another foreign body. Along with replication, we take daily snapshots of each database, and store them for a determined period of time. Hourly (or more frequent time periods) are available as an upgrade feature.
Each organization on ISOlocity is given their own database. Your data does not share the same database as another organization, so there is never any potential for data leaks or seeing other organization’s information. We do maintain a master database with the list of all organizations, and users. We do this so everyone can beneﬁt from a simple user signon, rather then having to visit different URLs for each organization or team.
When a user uploads a ﬁle, the ﬁle is immediately stored in a AWS S3 bucket. AWS S3 buckets have a 99.999999999% retention rate. That is 11 nines, and is lower then the failure rate of 3 hard drives failing consecutively. The S3 bucket is kept completely private. For a user to see a ﬁle, a request is send to the API, with the user’s auth credentials. The API then makes a hash, and sends the hash to the S3 bucket to request the ﬁle. The URL can not be stored for later viewing, as the hash expires after 20 minutes.
Authentication and other AWS Services
Due to the fact that ISOlocity uses a fully distributed system, there is a need to manage state across the platform. We don’t use traditional sessions for authentication. Instead we rely on token based authentication. The major beneﬁt of using tokens, is they can be revoked in an instant.
Emails are sent through AWS Simple Email Service. No sensitive information is every contained in the emails that are sent. Only links to take action are provided to the users. In the case of suppliers, where they need to upload documents, a one-time hashed URL is sent to them to provide the information. Once they provide the required information, the URL is destroyed, and another must be made if they want to append their information.
Other AWS services that we use are Simple Queue Service, CloudWatch, Route53, and Lambda. The uses for these services is fairly simple, and we use them as intended (ie CloudWatch to monitor logs, and Route 53 to manage DNS). Everything is contained within a private subnet, within a VPC (Virtual Private Cloud), and only an Internet Gateway is allowed to the API. The API sends data to the RDS instances which are maintained in a private subnet. You must be within the API subnet to access the RDS private subnet.