web software best practices update 111112
TRANSCRIPT
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 1/15
Web Services Best Practices
AIR SUPERIORITY
Experience the Advantage
System Integrity & Security Update
August 1, 2011
1
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 2/15
2 | © 2011 CalAmp | Company Confidential
OBJECTIVE Monthly update on web application &
platform services hardware & software
infrastructure – What’s been done in the month
– What new issues have been identified
–What’s left to be done
– Timeframe
2
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 3/15
HARDWARE INFRASTRUCTURE
3 | © 2011 CalAmp | Company Confidential
What’s Been Done This Month
• COLT Load Balanced Web and COMM servers in test.
• COLT updated to utilize Clustered Read Only Servers(6/15).
• Beta version of COLT migration tools are ready for test.
Working with sales team to pick 1st customers to migrate.
• PULS proxy server devices that can be migrated have been
migrated. Working with customers on their units that talk to
the proxy server but Calamp can’t reach. Still have 30-50Kunits checking in daily through the PULS proxy server.
Newly Identified Issues
• None
What’s Left to Be Done
• Test and re-configure to optimize COLT Load Balanced Web
and COMM servers.
• Migrate ABE 1 customers to COLT
• Implement redundant PULS server & clustered database in the
upcoming PULS 2 system
Best Practices PULS ABE 1 COLT
Co-lo Facility
Redundant Power
Redundant Network Connection
Redundant, Load Balanced Servers
Clustered Database Storage
Green - In Place Yellow - Scheduled, < 90 Days Away
Red - Scheduled,> 90 Days Away Black – Not Planned
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 4/15
PERFORMANCE & SCALABILITY
Best Practices PULS ABE 1 COLT
Built on Web Server Stack that isSupported by Cloud Computing
Virtualized Servers
Multi-Server Architecture with LoadBalancing
Database Replication to DistributeQueries
Automatic DB Table Thinning when DBTable Size Monitor goes above its limit
Scalable Architecture to SupportPlanned User Growth
What’s Been Done This Month
• Manually thinning ABE 1 database on a regular basis to
maintain performance
• Active Monitor for ABE 1 device command performance
• PULS 2.0 is in active development.
• PULS is using Virtualized Servers for the PULS 2.0 project.
Newly Identified Issues
• None.
What’s Left to Be Done
• Implement auto thinning for COLT DB tables that grow too
large (oldest data archived off the server)
• Migrate ABE 1 customers to COLT
• Move PULS to virtualized servers (PULS 2.0)
• Replicate the PULS databases (after PULS 2.0 release)
4 | © 2011 CalAmp | Company Confidential
Green - In Place Yellow - Scheduled, < 90 Days Away
Red - Scheduled,> 90 Days Away Black – Not Planned
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 5/15
SYSTEM RELIABILITYBest Practices PULS ABE 1 COLT
Documented 99% Service LevelAgreements (SLAs)
Monitor Server CPU Usage
Monitor Server Memory Usage
Monitor Disk Usage
Monitor Network Throughput
Monitor Each Application Function
Monitor Log Files
Monitor Web Traffic for ExcessiveRequests from IP Ranges
Monitor Database Growth
Web Analytics to Monitor UsageBehaviors
LMU Communication
What’s Been Done This Month • SLA completed.
• PULs functional and log file monitoring in place.
Newly Identified Issues
• None
What’s Left to Be Done
• Upgrade automated reporting to include the metrics agreed to
in the COLT SLAs.
• Design LMU Communication Monitoring and Reporting
• Automate the analysis of LMU network status on COLT
• Add Google Analytics to COLT; not required for PULS
5 | © 2011 CalAmp | Company Confidential
Green - In Place Yellow - Scheduled, < 90 Days Away
Red - Scheduled,> 90 Days Away Black – Not Planned
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 6/15
6 | © 2011 CalAmp | Company Confidential
UNPLANNED SYSTEM OUTAGES
JUNE & JULY 2011 COLT
– 6/24/11 : 45 minute outage during a Denial of Service (DOS) attack
PULS
– None Reported ABE 1.0
– None Reported
6
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 7/15
SECURITY
Best Practices PULS ABE 1 COLT
Firewalls
SSL used for all logins
User Account & Login Management
Detect Machine/Computer Attempts atLogin
Captcha (computer detect)
Security Scanning
Regular Operating System SecurityPatches
Regular Application Security Upgrades
Physical Data Center Security
What’s Been Done This Month • Security Audit by Neohapsis completed for the COLT environment.
• DEI validated their handset upgrades with COLTs repeated-failed=login-
locking, Sesstion Timeout and mandatory SSL. Features will be released
by 8/1.
Newly Identified Issues
• 12 COLT security vulnerabilities identified by Neohapsis. These
vulnerabilities will be closed in COLT v4.0 (due early Sept).
• Secure the communication traffic between LMU and servers.
What’s Left to Be Done • Implement long term security maintenance processes (security is a
moving target due to continuous software development by CalAmp,
our software providers & the hacker community)
• Implement license agreements for COLT & PULS that restrict
decompiling communications
• Developer coding-for-security training.
• Analyze LMU SMS and Server communication encryption.
• Implement processes for on-going security upgrades: COLT/PULS
security patches, O/S upgrades
7 | © 2011 CalAmp | Company Confidential
Green - In Place Yellow - Scheduled, < 90 Days Away
Red - Scheduled,> 90 Days Away Black – Not Planned
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 8/15
DISASTER RECOVERY
8 | © 2011 CalAmp | Company Confidential
Best Practices PULS ABE 1 COLT
Load Balanced Server Failover
Geographically Distributed Co-LoFacilities (Facility Backup)
Daily Server Backups
Offsite Storage for Server Backups
Own the IPs used in MRM DeviceCommunication (for re-pointing to newfacility)
What’s Been Done This Month
• IS worked with offshore Co-Lo facilities to architect mandatory Carrier
VPN tunnels
• In test on Load Balanced Failover servers
• All MRM units under Calamp control have been migrated to new PULs
DNS. Working with customers to migrate their individual units.
Newly Identified Issues
• None
What’s Left to Be Done
• Load balance COLT servers to support failover
• Continuous monitoring of MRM units that phone-home to the old PULs
server. Contact each customer as these units are detected.
Green - In Place Yellow - Scheduled, < 90 Days Away
Red - Scheduled,> 90 Days Away Black – Not Planned
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 9/15
9 | © 2011 CalAmp | Company Confidential
SOFTWARE ENGINEERING BEST PRACTICES
Design & Documentation – CTS is moving onto a single Agile SCRUM toolset that will encapsulate our current ECR, Bugzilla,
Microsoft Project and QA Spreadsheets.
– All Design and Requirements documents stored on Sharepoint.
Software Quality Assurance (SQA) – CTS SQA lead is on board and setting up our SQA processes.
– See note above regarding migration to new Agile SCRUM toolset.
Source Control – Both CTS, Chaska and MRM are now using SVN for source control.
Software Release Process – Development, Staging & Production systems in place for COLT
– All COLT releases documented & stored on SharePoint
– PULS Development system is setup. PULs Staging system set up in process.
Secure Coding – Attending security tradeshows to gain knowledge of latest security threats & coding techniques
– Establish design practices, on-going developer training , code reviews, test processes
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 10/15
10 | © 2011 CalAmp | Company Confidential
VERSIONONEVersionOne is a cutting edge web-based Project Management tool that supports all phases of software
development lifecycle and latest development methodologies such as Scrum, XP, Kanban, AgileUP, and DSDM
10
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 11/15
11 | © 2011 CalAmp | Company Confidential
KEY FEATURES IN VERSIONONE Product Planning - Plan and manage requirements, epics, stories, and goals across multiple projects,
products and teams
Release Planning - Plan, forecast, and report progress on releases and teams in a simple, drag-and-drop
environment.
Sprint Planning - Iteratively plan stories, defects, tasks, tests, and impediments in a single, easy-to-use
environment Tracking - Track progress painlessly using our interactive Storyboard, Taskboard, Testboard and Burndown
charts.
Review - Quickly close-out iterations and capture issues and action items from retrospectives in one place.
Reporting & Analytics - 50+ pre-packaged agile metrics and reports plus a new custom analytics platform
for unparalleled visibility.
Test Management - Plan and track acceptance and regression testing activities in the same tool as stories
and defects.
Open-Source Integration - Open, web services API, Java and .NET SDK’s, and free, open-source integration
connectors.
Product Roadmapping - Create, collaborate and visually communicate product strategy using VersionOne’s
flexible roadmapping capability.
11
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 12/15
12 | © 2011 CalAmp | Company Confidential 12
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 13/15
13 | © 2011 CalAmp | Company Confidential 13
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 14/15
14 | © 2011 CalAmp | Company Confidential 14
8/2/2019 Web Software Best Practices Update 111112
http://slidepdf.com/reader/full/web-software-best-practices-update-111112 15/15
15 | © 2011 CalAmp | Company Confidential
SUMMARY COLT: Focus on continuous performance & security monitoring
– Neohapsis audit of COLT is complete. 12 vulnerabilities were indentified and the developmentteam is working to close them in the next COLT release (v4.0).
– Migrate COLT project management and SQA management onto new Agile toolset (RallyDev orVersionOne).
– Complete configuration and testing of Web and COMM servers load balancing to support themigrated ABE 1.0 customers
– Continuously monitor performance & security. Implement upgrades to close issues.
ABE 1: Focus on migration of customers to COLT – Identify ABE 1.0 customers as Beta testers for ABE 1 to COLT migration.
– ABE 1 health check in place. Health check shows that the average command failure rate is >30%. Migration to COLT will dramatically improve customer perception with COLT’s averagecommand failure rate of 6%.
PULS: Focus is on PULS 2 – All PULS performance and reliability efforts are focused on PULS 2 . Completion timeline is
Fiscal Q3. PULS1 is in pure maintenance mode.
– Recommendations from COLT & DEI Security audit will be provided to PULS 2 developmentteam to incorporate into the PULS 2 system.
15