- Enrichment of the educational experience of students.
- Consistency & wide availability to students, faculty and administration.
- Enhancement of communication, fostering engagement in University life and building community.
- Construction of a streamlined, reduced-paper information processing environment based on electronic workflow and hierarchies based on assigned authorizations.
2. OUTLINE
I. ITI TECHNICAL OVERVIEW
II. HOW IS THE UMS-X1 STRUCTURED
1. SOLUTION ARCHITECTURE
2. INFRASTRUCTURE
3. SECURITY
4. USAGE
III. WHAT UMS-X1 ENSURES
IV. Q&A
Presented By Internet Traders International S.A.R.L
3. ITI TECHNICAL OVERVIEW
ITI employs highly skilled NOC engineers with the
aim of deploying Systems on high performance
machines hosting client applications. These
applications run our client operations online;
therefore uptime, security, scalability and reliability
are critical in ensuring proper delivery of services.
Our 24/7 technical support and quality awareness
enables us to maintain our online business
reputation that is reflected by our clients, providing
them with highly sophisticated platforms to expand
their business and operations.
5. The UMS-X1 Solution is hosted on Linux Operating
System( Red Hat Enterprise). The UMS-X1 is a Web
Application utilizing PHP(Server-side scripting) and
JavaScript (Client-side scripting) for code
development and HTML for design. As a browser-
based System, the UMS-X1 uses HTTP Requests to
transmit data, making it accessible to users on a
variety of client platforms, such as Linux, Macintosh,
and Windows.
1. SOLUTION ARCHITECTURE
….
Internet
Database Server
Scripting
Engine Scripts
Web Server
Database
Management
System
Client Tier
Middle Tier
Database Tier
Web Surfer
HTTP Request
The UMS-X1 is a database driven application built
around a three-tier architecture model:
Client Tier, usually web browser software that interacts
with the application.
Middle Tier, built on top of the database tier is the
complex middle tier which contains most of the
application logic and communicates data between the
other tiers.
Database Tier, consisting of the database management
system that manages the database containing the data
users create, delete, modify, and query.
6. 2. INFRASTRUCTURE
The UMS-X1 Infrastructure is based on six essential Layers:
Load Balancer
Firewall
Application Servers
Clustering of Databases
Reporting Server
MySQL Server
7. LOAD BALANCER
The Load Balancer allows you to balance the load of requests across multiple
servers.
The servers will appear as one to the end user. This enables you to manage the
clustered network very easily and allow the clients the most efficient and quickest
way to access the data. To ensure the data on the servers is synchronized, the File
Synchronization feature will replicate the data on all servers automatically. Should
any of the servers or processes fail, the Failover feature will direct all the traffic to
the available servers. The Load Balancer will ensure your site and services are
always available to handle incoming connections.
50%
50%
Primary
Secondary
8. FIREWALL
• The Application Layer is protected by firewall designed to
secure applications from network and application-layer
attacks through an easy-to-manage and integrated
approach. The application firewall is a critical element in
delivering a complete application access and security
solution.
Application
Server
Web
Server
HTTP
Client Browser
9. APPLICATION SERVERS
• An application server is a software engine that delivers applications to client
computers or devices. Moreover, an application server handles most, if not all, of
the business logic and data access of the application (a.k.a. centralization). The
main benefit of an application server is the ease of application development, since
applications need not be programmed; instead, they are assembled from building
blocks provided by the application server.
• Application servers typically bundle middle tiers to enable applications to
intercommunicate with dependent applications, like Web servers, database
management systems, and chart/Reporting programs.
Desktop Machine
Laptop
User Interface Presentation Layer
Application Logic
Data Manager and MySQL
engine
Database Server
10. MYSQL SERVER
The MySQL® database has become the world's most popular open source database
because of its consistent fast performance, high reliability and ease of use.
The figure below illustrates what MySQL Server can provide us with:
11. CLUSTERING OF DATABASES
MySQL Cluster’s unique parallel fault tolerant architecture provides the
following benefits:
– 99.999%Availability provided by a fault tolerant architecture
– Cost Effective requiring less hardware, lower maintenance costs, and affordable licensing
compared to proprietary databases.
– High Performance which only an in-memory database can provide.
– Linear Scalability to incrementally scale your system without a high initial hardware
investment.
– Easy to administer reducing
your need to hire additional
database administrators.
– No Single Point of Failure
using a distributed node-based
architecture with fast
failover Hot Backups to back
up to system without
interruption.
– Automatic Fast Failover enabling
systems to automatically fail
over in less than a second.
Cluster
12. REPORTING SERVER
The reporting server hosts the Reporting Engine.
Since reporting bears heavy load on the system, it
is deployed on a separate server where the
queries will run and not affect the other servers.
Report Processing
Reporting Server
Data Processing
Security
MySQL Server
Database
Browser
13. INFRASTRUCTURE DIAGRAM
Application Server 1 Application Server 2 Application Server 3
Load Balancer
Firewall
Clustering
Management
Node
Database
Part 1
Database
Part 2
Database
Part 1
Database
Part 2
Replicated
Reporting
Server
www.ums-x1.com
No Public Access
Local Network
1
2
3
5
MySQL
Server
4
6
Clustering
Management
Node
Clustering of
Databases
14. 3. SECURITY
Security of your mission critical Internet operations is of paramount
importance. ITI employs multiple levels of security to ensure that client data is
very secure and can be easily recovered from backups.
Security includes:
1. Data Security
2. Materiel Security
3. Network Security
ITI Lebanon staff handle security and audit reports and submit any
observations to relative personnel. Security and audit monitoring is a great
tool to spot errors and trace attackers. On one hand, it will guide the
employees to correct their mistakes. On the other hand, it will spot any
changes done due to any security breaches that might occur and take
corrective actions accordingly.
Authentication Vulnerability Assessment LogsNetwork Encryption
15. Security of your mission-critical Internet operations is of paramount importance. Multiple
levels of security are employed to ensure that only Data Center Operations Engineers are
physically allowed near your routers, switches, and servers. Security procedures are as
follows:
No Public Access: Public access to the data center is strictly forbidden.
Video Surveillance: Live video surveillance of the entire data center building is
monitored 24/7.
Onsite Security Personnel: Onsite security personnel monitor the data center building
24/7. Security personnel provide the first layer of security for entering the data center.
Military-Grade Pass Cards: Access to the data center is restricted to those who hold a
pass card. These pass cards control elevator access to restricted floors within the building.
Power: The data center gets power from commercial utility underground conduits with a
30-minute battery backup in the event of failure.
UPS Systems : The power systems are designed to run uninterrupted even in the
unlikely event of a total power outage.
Diesel Generator Systems - Our onsite diesel generator will automatically start in
the event of a power surge or power system failure.
MATERIEL SECURITY
16. The security policy is applied on all users who access the System/Network including
administrators, accountants, instructors and students.
The security policy provides maximum security by all types of vulnerabilities on any level
(interruption, interception or fabrication) on any broad category (hardware, software or
data)and assures the terms of confidentiality, integrity and availability.
A user policy documentation is handed to administrators and users to know their privileges.
Users are classified into groups related to their departments, their responsibilities and
status.
DATA SECURITY
No access is allowed to the
servers
Connecting directly to the
database, is not through the
application, but by
reconfiguring the firewall to
allow database access from
designated IP
Access is only granted on the
local network (private IP) to
the application servers
17. Network security threats – from Internet-born worms and
viruses to DDoS attacks, internal data losses, natural disasters
and terror-related risks – pose a multi-billion pound threat to
corporations. From secure server builds and security-tested OS
installations to a physically secure data centre and monitored
network, we take a multi-layered approach to keeping your
hosting operations reliable and secure.
1. 100% Availability
2. Connectivity: fully resilient and redundant network
infrastructure
3. Routing: Each packet is evaluated and sent over the best
route possible
4. Guaranteed Packet Delivery: To ensure network integrity
NETWORK SECURITY
18. MORE SECURITY…
• Path Security
The path to internal files in the web system is confidential. The address bar will be
hidden when the user is authenticated into the web system to avoid others memorizing
the path.
• Password Protected Directory
A user has to supply a username and password to pass through protected directories
where certain web system files exist. The usernames and passwords will be configured
into groups. Groups can be: administration, registrar, accounting, student affairs,
etc…Each staff member will have the username and password of his own group.
• Web System Authentication
A staff member will need to supply his own unique username and password to the web
system to authenticate him according to his privileges.
• Secure Transfer of data
When a user is sending his credentials through the internet, the transfer of information
will be secured using Secure Hypertext Transfer Protocol (HTTPS). This will disable any
hacker from stealing the credentials on the internet.
19. 4. USAGE
Permission and security: UMS-X1 has a reliable permission system. The main
edge of this permission system is flexibility. The administration can easily
specify the restricted areas on the system. The administrators have access
according to the assigned role.
20. Administrator Management: The administration can manage the usage of the
system. Such as registration parameterization (setting criteria for registration: per
major, school, number of credits, etc…)
21. Accounts Management
Faculty Accounts Management
Adding / Editing / Enabling / Disabling
Resetting Grading System
Resetting Account Password
Students Accounts Management
Blocking / Unblocking
Staff Accounts Management
Adding / Editing / Enabling / Disabling
System Administrator:
Semester Management
Current Semester Administration
Pre-registration Period
Registration Start/End
Add/Drop Start/End
Withdrawal Start/End
Classes Start/End
Semester Start/End
Refund Percentage
Setting holidays
New Semester Creation
Semester Creation
Setting of Payment Dates
Course Offerings
Adding course offerings
Deleting course offerings
Setting type of offering
System Configurations
Schools
Majors
Contract Sheets
Courses
Course Prerequisites
Grades
Lists
Official Documents
Entrance Exams
Rooms
Registrar:
Applications Management
Data Verification
Entrance Exams
Official Documents
Major Selection
Curriculum Editing
ID issuance
Setting of Financial Aid
Forced Course Registration
Students Affairs
View Absence
View Grades
Incomplete Grades Management
Honor Lists
Official/Unofficial Transcripts
Contract Sheets (Curriculum)
Academic Withdrawal
Accounting Department
All tasks related to Payment Vouchers
All tasks related to Transactions
Special Permissions to debit or credit students’
accounts
Faculty Payroll
File Management: The files accessed are grouped into categories where the administrator
can set privileges. For example, a user might view data but cannot delete/modify. The
categories are divided into subcategories where handling of permissions will be limited to
page level.
22. WHAT UMS-X1 ENSURES
• UMS-X1 Maintenance
UMS-X1 Maintenance is the process of enhancing and optimizing, as well
as remedying defects that may be encountered in the UMS-X1. UMS-X1
maintenance involves changes to the software in order to correct defects
and deficiencies found during field usage as well as maintaining the
integrity of the database, file transfer client, and backups.
• UMS-X1 Scalability
Scalability ensures that the system can adapt to growing demands such as
being able to handle more users or a larger number of enquiries and
transactions, and to have the capability to meet peak demand periods
without introducing unacceptable delays for processing queries.
• UMS-X1 Availability
High availability is a primary and critical requirement. It means that the
system must be up and running 24/7 with no downtime. The system must
be able to recover immediately from any failure situation, from software
bugs to hardware crashes. This means that there must also be fast failover,
so that other operating nodes will continue to process requests seamlessly.