ChannelCandy Technical Architecture:
INDUSTRY LEADING TOOLS
ChannelCandy was developed on modern, industry-leading platforms. Our vision is a platform that can deliver scalability, reliability and low cost to our customers.
Ruby on Rails
The core of the application is built on Ruby on Rails. Rails is an open-source web framework that’s agile and optimized for programmer productivity. It is a full-stack framework: it allows creating pages and applications that gather information from the web server, talk to or query the database, and render templates out of the box. As a result, Rails features a routing system that is independent of the web server.
Ruby on Rails emphasizes the use of well-known software engineering patterns and principles, such as active record pattern, convention over configuration, don't repeat yourself, and model-view-controller.
Rails uses the Model-View-Controller (MVC) architecture pattern to organize application programming. In a default configuration, a model in the Rails framework maps to a table in a database, and a Ruby file.
Ruby on Rails provides the framework where new and innovative modules can be built quickly and robustly on the ChannelCandy platform. It includes tools that make common development tasks easier "out of the box”. It also offers our development team flexibility with an open API that can easily integrate with our customer’s communication and operational platforms.
Engine Yard is an industry leading platform as a service (PaaS) company focused on Ruby on Rails deployment and management. For ChannelCandy, it handles all the details of pushing the application to the cloud, and monitors the continued operation. Partnering with Engine Yard brings ChannelEyes Rails expertise, uptime guarantees, performance and scale on AWS – Amazon Web Services.
Amazon Web Services (AWS)
Amazon Web Services is a collection of remote computing (web) services that together make up a cloud computing platform, offered over the Internet by Amazon.com. ChannelEyes takes advantage of the most central and well-known of these services, Amazon EC2. The service provides us a large computing capacity much faster and cheaper than building a physical server farm.
AWS is located in 8 geographical Regions:
- US East (Northern Virginia)
- US West (Northern California)
- US West (Oregon)
- São Paulo (Brazil)
Each Region is wholly contained within a single country and all data and services stay within the designated Region giving ChannelEyes global access and local performance.
Each Region has multiple 'Availability Zones', which are distinct data centers providing AWS services. Availability Zones are isolated from each other to prevent outages from spreading between Zones, distributing load demand and avoiding downtime from failures.
TECHNICAL AND SECURITY ARCHITECTURE
The ChannelCandy platform is deployed on the Engine Yard Cloud Platform as a Service and is built on top of Amazon Web Services (AWS). Each instance with Engine Yard is a separate AWS instance. Engine Yard Cloud boots this instance and automatically configures it with the appropriate Engine Yard Cloud platform (operating system, application and database) components for the ChannelCandy environment.
Other Engine Yard software, including our orchestration and automation engine, handles key functions including cluster management, load balancing, high availability, database replication, and monitoring and alerting.
ChannelEyes is committed to maintaining a safe and secure platform for our customers, business partners, and the broader Internet community. Working closely with Engine Yard, we have developed an in-house information security and compliance function that complements Engine Yard and the controls that AWS provides.
Each ChannelCandy customer’s data is isolated from other customer’s data. No functionality is shared between virtualized instances. In our dedicated tenancy model, ChannelCandy apps operate in their own data space, including full administrative access - much like a server that is racked in a data center.
Amazon Web Services is responsible for security around the Virtualization layer, Network layer (including DDOS, spoofing, and port scanning mitigation), Physical and environmental security.
AWS provides network security controls, while Engine Yard performs the configuration of the AWS security groups.
Each customer cluster is protected by an AWS security group, which provides ingress network filtering from the broader Internet. By default, all access is denied with only explicitly defined ports and protocols permitted to enter the customer environment. Additionally, customers can choose to configure a host-based firewall (with IPtables being the most commonly used) to further isolate traffic on individual instances.
Distributed Denial of Service (DDoS) Mitigation
ChannelEyes relies on AWS’s proprietary DDoS mitigation techniques to lessen our customer’s exposure to successful DDoS attacks. Also, AWS’s networks are multi-homed across a number of ISPs to provide further Internet access diversity. Engine Yard assists ChannelEyes with an established contractual relationship with Amazon that grants access to AWS dedicated resources to aid in the resolution of security incidents, including DDoS attacks.
Engine Yard instances are unable to send spoofed network traffic. The AWS controlled firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
AWS maintains the capability and responsibility for detecting illicit port scans against Engine Yard customer environments. When unauthorized port scanning is detected, AWS blocks the scan and notifies Engine Yard via their abuse process. ChannelEyes has an established arrangement with AWS that permits our customers to conduct vulnerability scans against their environments in order to meet their specific security or compliance requirements.
The AWS virtualized infrastructure prevents a virtual instance, running in promiscuous mode, to receive or “sniff” traffic that is intended for a different virtual instance. While customers could place their interfaces into promiscuous mode, the hypervisor will not deliver traffic that is not explicitly addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic. Attacks such as ARP cache poisoning do not work within the Engine Yard environment.
More details on AWS’s security can be found at: https://aws.amazon.com/security
Engine Yard is responsible for managing Operating system security, Database security, Network security (ports/protocols), Vulnerability management (including testing and patching) and Support access.
Engine Yard continually looks to improve and enhance its security architecture. Engine Yard subscribes to the PDCA (Plan, Do, Check, Adjust) cycle - a tenant of the ISO 27001 Information Security Management Standard. Through this process, Engine Yard has developed a security strategy (Plan) and related security projects (Do) that address risks identified during the annual risk assessment process (Check). Additionally, new Engine Yard architecture projects involve the information security and compliance function to assist with risk assessment and controls design in order to mitigate risk to an acceptable level.
More details on Engine Yard’s security can be found at: https://www.engineyard.com/products/cloud/cloud-security
ChannelEyes is responsible for managing Access Control, Application code (non-platform related) and Compliance.
ChannelEyes takes information security seriously and has established information security policies that include requirements on:
• Information security roles and responsibilities
• Policy development, maintenance and distribution
• Information classification
• Internet usage and access management
• Customer data protection
• Risk management and compliance
Our Chief Technology Officer owns ChannelEyes’ information security policies, and delegates multiple operational responsibilities to the Executive team.
Information security policies are reviewed annually, and updated as necessary to address new threats or findings from our risk assessment process. Information security policies are required to be read and acknowledged via signature by all ChannelEyes personnel. Policies are published on our intranet and are available to all personnel in writing.
ChannelCandy has established three levels of information classification for the organization that applies everywhere that data is stored. Our standard includes requirements, by classification level, for protecting data in transit, data at rest, access, and the handling of information. These classification levels are Public, Sensitive and Confidential.
Public data would not cause an adverse impact on our customer’s or their personnel. Examples of this data may be found on social media and on the web, outside the firewall.
Sensitive data requires special precautions to ensure the integrity and confidentiality of the data by protecting it from unauthorized modification or deletion. It requires higher than normal assurance of accuracy and completeness. Channel information that normally sits behind a firewall, partner portal or other type of secure access would fall into this category.
Confidential data is designed for use within the company only and its unauthorized disclosure could seriously affect the company. It is rare that a ChannelCandy app would have this classification.
ChannelEyes does not host customer data in its corporate or remote offices, but rather in AWS data centers that have been certified to meet industry security standards. AWS provides the physical and environmental controls for data centers that handle our customer data.
Our physical infrastructure is hosted and managed by AWS via their secure data centers. AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
AWS’s data center operations have been accredited under:
• ISO 27001
• SOC 1/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)
AWS has years of experience in designing, constructing, and operating large-scale datacenters. They operate the following controls:
• AWS datacenters are housed in nondescript facilities.
• Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
• Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors.
•All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
• AWS only provides datacenter access and information to employees & contractors who have a legitimate business need for such privileges.
• When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services.
• All physical access to datacenters by AWS employees is logged and audited routinely.
Fire Detection and Suppression
• Automatic fire detection and suppression equipment has been installed to reduce risk.
• Fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms.
• Data center environments are protected by either wet-pipe, double interlocked pre-action, or gaseous sprinkler systems.
• The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week.
• Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility.
• Data centers use generators to provide backup power for the entire facility.
Climate and Temperature
• Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages.
• Data centers are conditioned to maintain atmospheric conditions at optimal levels.
• Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.
• Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified.
• Preventative maintenance is performed to maintain the continued operability of equipment.
INTEGRATIONS WITH THIRD PARTY APPLICATIONS
As discussed above, ChannelCandy is built on a modern and open platform supporting application programming interfaces (API) from leading vendors in the CRM and PRM (partner relationship) industry as well as OAuth and OAuth 2.0 authorization/authentication security standards.
OAuth is an open standard for authorization. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.
OAuth 2.0 is the next evolution of the OAuth protocol and is not backward compatible with OAuth 1.0. OAuth 2.0 provides specific authorization flows for web applications, desktop applications and mobile phones. The specification and associated RFCs are developed by the IETF OAuth WG. The main framework was published in October 2012.
One of the most popular integrations we do is with SalesForce.com. Force.com dramatically reduces the effort to integrate with Amazon Web Services, reducing cost and complexity for our customers. Force.com directly supports Ruby on Rails and the ChannelCandy application environment, combining a framework for authentication, native access to the AWS Simple Storage System and pre-built Amazon Machine Images.
DEVELOPMENT & TESTING
ChannelEyes employs peer programming and review, as well as code “check-in” tools to perform standard bug testing. Multiple staging environments have been established to facilitate proper testing. Additionally, a formalized Quality Assurance (QA) function is established.
This business unit organizes structured testing when a major function, feature, or higher risk change is to be introduced into our environment. ChannelEyes maintains processes and tools to roll back changes in case issues arise during a production deployment.
ChannelEyes engages with qualified and reputable third parties to perform penetration tests against key application interfaces. The frequency and areas of testing are commensurate with known risk. Third-party testing traditionally occurs when major changes are introduced that could impact customer data locations (for example the customer’s content management system), or when a particular application or interface has not been tested recently.
As issues are discovered, tickets are filled and remediation is initiated. After fixes are implemented, the third-party conducts retests to ensure that significant risks are mitigated and that no new security weaknesses were introduced during remediation efforts.
BUSINESS CONTINUITY AND BACKUPS
Application code and databases are written out to persistent storage volumes. Engine Yard automatically mounts these volumes and takes backups for our customers. ChannelEyes takes advantage of AWS’s EBS storage allowing us to take regular disk snapshots of both of these volumes. If the need arises to ever rebuild instances from scratch, we have the ability to restore both of these volumes from previous snapshots.
ChannelEyes takes advantage of Engine Yard’s architecture that provides automatic failover that can replace a failed master application instance with an existing application slave. “Takeover” is the Engine Yard failover process for recovering from failure of an application master instance. Takeover occurs when Engine Yard detects that your application master is unable to reliably respond to requests. For example, this can happen because of an AWS EC2 issue or because the instance froze. If the instance does not recover within a short time, Engine Yard does the following:
• Terminates the problem instance.
• Promotes an application slave to master.
• Assigns the old master’s IP address to the new master.
• Replaces the application slave instance that was promoted. (The new application slave uses the same version of the stack as the other instances in that environment.)
All Engine Yard Cloud supporting infrastructure is located in multiple availability zones. Within the dashboard, customers can select from different regions to establish their computing clusters. Once a region is selected, the Engine Yard provisioning system distributes the instances among multiple AWS availability zones.
GETTING STARTED WITH CHANNELCANDY
The development of the app is largely turn-key.
The team at ChannelEyes creates and designs the app with initial guidance from the Vendor. The branding of the app, including logos, colors, splash pages, as well as collecting information sources such as Twitter, RSS, blogs, industry magazines, news, etc.
The initial consultation takes between 60 and 90 minutes and focuses on defining roles and responsibilities, collecting marketing assets and outlines the process around integration with the Apple and Android stores.
Discussions around customization of the app start during this consultation session. Outlining the tools, resources and special links to be included in the app, as well as development resources required.
At this time we also can book a technical discussion to review any deeper integrations with enterprise back-end products, security and authentication scenarios as well as the type of end user segmentation/personalization that is required.
ChannelEyes will submit the app into the Apple App Store as well as Google Play Android Marketplace. The app will also be deployed as a mobile website, allowing usage on other mobile platforms such as Windows and Blackberry.
The time from initial consultation to delivery of the basic app is 6 weeks.
Customizations will take longer and will depend on the complexity and development work required.
HOW THE APP WORKS – SIMPLE VERSION
The app will be downloaded by your Partners from the App Store for their device. The Vendor logo and colors will show up as an icon on their home screen.
As with other apps, future improvements and feature additions will be made available and automatically updated through the iOS or Android update mechanism.
There is a notification feature that shows a red circle including the amount of missed messages on the upper right side of the app icon.
When the Partner clicks on the icon they are taken to a security sign on screen. Vendors can easily manage authorizations at the Partner organization level, saving time and ensuring that only trusted people are accessing your information.
There are several ways to manage Partner invitations to the app, including a Partner Pass unique code, whitelisting, or by an OAuth integration.
After the security screen, the Partner will access their main social wall. Here they will see a snapshot of Vendor’s new channel information, news and updates. They can control the programs they need to follow, filter the information based on their job role and engage with questions or comments.
The Vendor has the flexibility to include content sources such as Twitter, RSS, blogs and industry news.
These highlights can quickly be scanned by the Partner and selected for more information. This drives more traffic to Web Portals, marketing sources and landing pages.
Customizing the app
ChannelCandy is a platform that can be easily expanded to include the tools, resources and enablement features to drive new levels of engagement by Channel Partners.
There are several options for incorporating new functions into the app:
1. Link directly to mobile ready pages (ex: HTML 5)
2. Build forms that can transfer information securely back to the Vendors internal systems (example: deal registration)
3. Build mobile features directly into the app
Other ways to customize the app are to change the log in screen and add advertisements into the social stream. Announcing new products, programs, or co-marketing with another company is possible within the app.
The ChannelEyes team will work with the Vendor on different custom options and recommend solutions that blend a great Partner experience with cost effectiveness.
Learn more at: http://channeleyes.com/candy/ or call (518) 417-4873