TRAXsales is proud to have its Enterprise SaaS platform hosted in the US-East-1 data center in Virginia at Amazon Web Services (AWS) as a multi-tenant service. We are now offering a fully-dedicated managed implementation of our SaaS platform for our customers. This includes tailored configuration of a virtual private cloud (VPC); we also will offer connectivity protection to your instance configured to your specifications including VPN, IP/firewall filtering, client-certificate HTTPS/SSL authentication.
According to Gartner AWS has 5 times more deployed cloud infrastructure than their next 14 competitors have combined. Furthermore, we have partnered with AWS because they can keep up with whatever needs we might have; each day AWS adds as much new infrastructure as they had used to run the entire Amazon business when it was a $7B company.
Amazon’s focus on security is their first priority, as a matter of fact, they call it “job zero ,” as a matter of fact AWS hosts more than 600 government institutions as well as institutions like the Jet Propulsion Laboratory (JPL) and California Institute of Technology and complies with the Federal Risk Authorization Management Program (FedRAMPSM).
There are several excellent features involved with hosting your single-tenant TRAX environment with AWS:
• Managed application updates
• Managed security updates/protection
• Dedicated environment which can include multiple failovers and tailored hardware for your utilization
• Customized security meeting your corporate requirements
• Payments for your environment collected monthly directly by Amazon via credit card
See the AWS statement and information on their site at https://aws.amazon.com/security
How Our System Works
The following diagram is an overview of how the TRAXsales Application works, referenced below is a detailed description of each of the connections involved in the system.
1. The VisualProof™ system contains a small computer which analyses frames of video from a high-definition camera and determines based on a proprietary set of detection algorithms the direction of the motion, the height of the subjects, and the appropriate time to capture the clearest image possible based on lighting. This image is temporarily stored to an internal SD card to protect against power failure and immediately the process to transmit this image begins. The internet-connectivity of the VisualProof™ device allows it to make a DNS lookup which is serviced by Amazon Route 53 which automatically returns the IP address of the closest datacenter to the requestor.
2. The VisualProof™ device then makes a standard HTTPS connection to that datacenter and posts the image along with other statistics such as local time and which door was triggered (important in multi-door scenarios). Steps 3 and 4 take place before this connection is finished with the VisualProof™ device and only if both are successful is a success handshake sent to the VisualProof™ device which then no longer needs to store the image for automatic retries.
3. A globally unique identifier (GUID) is generated for the image that was taken for this count which is then used to place the image on Amazon S3 for redundant storage, this is used as the source for the Amazon CloudFront content delivery network (CDN) which ensures that images are served quickly anywhere in the world (see #9 for more details).
4. The count metadata is sent to Amazon SNS in the US-East-1 datacenter along with the GUID developed in the last step, this takes advantage of extremely fast connectivity between Amazon datacenters and occurs in under 5ms.
5. Amazon SNS then places the metadata in a queue on Amazon SQS which allows one or more dequeuing instances to process data. In the case very large amounts of images and count data is coming in simultaneously this allows the system to absorb that data and process it in a steady stream.
6. A service runs on the TRAX SaaS application server(s) and reads the messages from the queue and places them in the online database available to the SaaS application which is when the counts and images are available on the website.
7. As images age we take them offline making them no longer available for view on the web but we archive them on magnetic tape for a period of time in-case there are emergencies which require them. It does require manual human intervention to locate the appropriate images using our database and then produce a restoration request to bring those images back online.
8. The SaaS application is hosted within a virtual private cloud (VPC) which includes a full suite of implemented best-practices security, this represents the firewall, load balancing, and SSL handoff technology that protects and is involved with the service of the application to the Internet. In a single-tenant instance this component could leverage VPN technology and/or IP filtering to restrict access to the SaaS application. With the exception of the images captured by the VisualProof™ system (see #9 below) the remaining components of the application are hosted and served from here.
9. We leverage the Amazon CloudFront content delivery network (CDN) which uses the high-speed low-latency connectivity between various Amazon points of presence around the world to dynamically cache the images in geographic locations that provide the best user experience. This means when multiple users load the VisualProof™ page from similar locations or multiple times they are benefiting from an extremely high speed and low latency delivery of those images all over fully secure connections.
10. When the user access the SaaS application they are connecting to both the load balanced application described in #8 as well as the CloudFront CDN described in #9 to maximize their user experience.
11. Each VisualProof™ system is independently configurable and that configuration is stored in each unit, not in our central repository. To manage the configuration remotely each device checks every few minutes, this also allows our system to automatically monitor the overall health of the deployed VisualProof™ devices and take proactive steps if required.