OneVue is a multi-tenant solution built on top of Amazon Web Services (AWS). AWS is designed with multiple layers of protection, including secure data transfer, encryption, network configuration, and application-level controls distributed across a scalable, secure infrastructure. AWS provides a scalable architecture with security capabilities while lowering the application life-cycle costs and total cost of ownership for the OneVue capabilities.
Application Development Language: Public and private service layers are constructed with Ruby on Rails. The front-end experience is developed with a responsive design through HTML5 and JavaScript.
Operating System: CoreOS and CentOS
Database Architecture: PostgreSQL (AWS RDS), DynamoDB, and Redis (ASW ElastiCache)
The security architecture of OneVue is multi-layered, operating through the Amazon Web Services (AWS) security infrastructure. AWS is ISO 27001 certified, SOC (1,2, and 3), and is validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
AWS provides a secure infrastructure, including physical security, employee life-cycle management, and regular, third-party audits. The adoption of AWS by Homeland Security, NASA, and the Central Intelligence Agency demonstrates the high level of security AWS provides in its architecture.
Primex leverages the secure architecture of AWS to provide a cost effective solution that encompasses the high-security needs of our customers.
-
AWS Identity and Access Management (IAM) with Multi-Factor Authentication: Controls and manages user credentials, including passwords, access keys, and permissions policies.
IAM allows for the central management of all users, allowing Primex to control user access to individual records and services. Primex adds to this multi-factor security by controlling and managing the Primex resources granted access to the OneVue development and production environments through IAM. This provides complete security and ensures that not only can Primex control the security of customer information, but also audit and manage the access of Primex development, engineering, and support resources.
-
AWS Virtual Private Cloud (VPC): Provides the separation of OneVue customer instances.
Primex uses the AWS VPC services to provide separation of data and services between environments. Additionally, Primex uses the VPC service to secure all connectivity for development, training, and technical support functions.
-
Encrypted Data Storage: Secures data throughout the record lifecycle.
OneVue only accepts TLS-encrypted connections from client connections and reporting Primex IP devices. Additionally, data is AES encrypted and maintained securely in storage with all of the AWS database services.
OneVue is comprised of the following Amazon Web Services (AWS).
Database |
---|
DynamoDB - Predictable and Scalable NoSQL Data Store
|
ElastiCache - In-Memory Cache
|
Relational Database Service (RDS) - Managed Petabyte - Scale Data Warehouse
|
Storage & Cloud Delivery Network (CDN) |
---|
Simple Storage Service (S3) - Scalable Storage in the Cloud.
|
Compute & Networking |
---|
Elastic Cloud Compute (EC2) - Virtual Servers in the Cloud.
|
Virtual Private Cloud (VPC)- Virtual Secure Network
|
Elastic Load Balancing (ELB) - Load Balancing Service
|
Auto Scaling Groups (ASG) - Automatically Scale Up and Down
|
Route 53 - Scalable Domain Name System
|
Deployment & Management |
---|
CloudFormation - Template AWS Resource Creation
|
CloudWatch - Resource and Application Monitoring.
|
Identity and Access Management (IAM) - Secure AWS Access Control
|
App Services |
---|
SES - Email Sending Service
|
SQS - Message Queue Service
|
SWF - Coordinating App Components
|
Security |
---|
CloudFront
WAF (Web application firewall)
|