A recommended installation for getting Cartegraph OMS setup securely and properly.
Much has been written lately concerning computer data breaches. Computer hackers have hit a few corporations especially hard, exposing customer credit card numbers and causing public relations nightmares. These headlines highlight the fact that computer security is a necessity, not an option. Data needs to be secured and protected from attack. With that in mind, we at Cartegraph recognize that data produced by our Operations Management System (OMS) needs to be secure. To ensure a secure data environment for our web-based system with on-premise deployments, we have a recommended two-tier installation of our software that will protect your data.
If we can think of the installation as a locked building, where at the center of the building is the data we want to protect, it’s easier to understand how that data is accessed, as well as the security layers that protect it. At the outside of the “building,” we have our devices (pc, tablet, or smartphone) connected to the internet. The outside door of our secured building can only be “unlocked” by those possessing the proper credentials. This “door” is the firewall of your organization that controls who can enter the building. The firewall is a hardware device that controls traffic between the public Internet and your organization’s private network. Since installations are publicly available, an organization must make changes to their firewall to allow access.
Once access has been gained through the firewall, the next room we encounter in our building is the Web server. This is a Microsoft Windows server with Internet Information Service (IIS). This server provides Cartegraph’s OMS application to end-users and communicates with the database server, acting as the primary gateway/routing application to forward information requested or submitted from devices. This Web server also should house SSL Certificates, which is a way for your computer’s browser to “ask for ID” to verify the server is secure and will encrypt the data being transferred. SSL Certificates are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser verifying its authenticity. This permission now grants us access to the next and final room, the database server room.
Data Storage Tier
Finally, we have arrived and gained access to the “center of the building”, which is the Database server room. This is where all the data in OMS is stored, using SQL databases. From this server, data is mined and assembled to generate reports. This is the heart of where decisions are made, money is saved, workflow is streamlined, and the return on your investment is clearly illustrated. Housed in this “room” is the reason you purchased Cartegraph’s OMS. As you can tell, we take data security seriously here at Cartegraph, so we recommend this two-tier approach to give you the peace of mind that your data is always safe and secure when using our system.
*Note: Some organizations might require a three-tier setup to fit within their organization's needs. There are obviously some differences when compared with the recommended two-tier setup and those can be discussed as an option. This option involves an Application server that acts as a gateway between Cartegraph and the Database server. This is installed on a Microsoft Windows server with IIS running. SSL certificates will be placed on this server. Cartegraph recommends adding this server’s URL to the Safe list on the firewall between the DMZ and internal network to eliminate flooding issues.
So, whether you follow the recommended two-tier approach or the optional three-tier approach described above for on-premise deployments, you can rest easy, knowing that your data will always be safe and secure in Cartegraph OMS.