...
Hardware failures are handled by applogic. As long as we do not use too many resources on a given grid, the hardware failover is automatic.
TODO - Will, is there a way we can be notified when there is a hardware failure? Do we need to do anything here.?
Denial of Service Attacks
We will not be taking any specific measures to detect or to mitigate a DOS attack.
...
The application code uses a framework to escape all user input which effectively dispenses with this problem.
User Credential Security
Should we/can we We will not enforce strong passwords ?
TODO - Paul, check and see if we can do this.
Should we/can we force password changes?
TODO - Paul, check and see if we can do thisnor will we force password changes.
Each year we will conduct a user account audit and disable or remove all accounts that are not in use.
DEFER
System Administration Credential Security
...
ETL Processing
- windows user accountaccounts (dev, qa, prod)
- ssh keys (dev, qa, prod)
Web Application
- applogic grid rootroot (or sudo) and each linux
- VMssh access to linux VMs
- tomcat
- geoserver
- postgres
- web application("superuser" - django)
- apache httpd ("nobody"?)
...
- MAD application admin
- apache httpd
TODO - Paul - enumerate all these accounts, to be stored and maintained at a single unpublished location known to the support staff.
TODO - Paul - review all of the administration credentials, and do the following:
- insure that default passwords are not usedinsure that passwords are strong
TODO - Paul
Viruses
We will not be scanning for viruses.
...
Database Integrity and Performance
...
We are using the Postgres database which is know for stability and robustness.
In any event, every 24 hours we
- run consistency checks
- run a full vacuum/analyze to guarantee good performance
- backup the database
- copy the backup to offsite grid
- retain backups as needed
TODO - Paul - automate all of this
Data Center Connectivity Lost
...
With each version release into produiction we will back up the entire application to a secondary data center. We will make database backups every 24 hours day and copy them the backup to the secondary data center. Should we lose the primary data center, we will bring up the application in the secondary data center using the most recent database backup. Performance of the application for the first day will be sluggish because the map cache will be empty/out of date. It will take overnight to reseed the map cache .
TODO - add job to completely reseed the map cache (Paul)
...
Database Integrity
...
We are using the Postgres database which is know for stability and robustness.
In any event, every 24 hours we
- run consistency checks to insure integrity
- run a full vacuum/analyze to guarantee good performance
- backup the database
- copy the backup to offsite grid
- report any issues to application support
TODO - Paul with help from DBA and Willwhich can be done from the command line on the ETL machine.
TODO - Paul - test
XXXXX
Deployment practices
The Enterprise Addressing System includes a data server, a map server and a web server. The application deployment are managed using standard practices with 3 separate environments (DEV, QA, PROD). Changes of any sort are first tested in the DEV environment. If the tests pass, we apply the changes to QA where business users conduct testing. Only after the business users approve the changes do we release any changes to PROD. This includes everything from OS upgrades through to our own application code, minor and major.
...