The overall architecture looks like it is shown on the diagram below:
Chemwatch products are developed based on a three-tier architecture. The high-level system topology is as depicted in the picture below:
...
From the consumer perspective, the structure looks like this:
...
Database layer
Chemwatch uses employs an optimized, high-performance, relational Oracle database . The database is responsible for system state and processes to manage millions of transactions per day. Its structure is optimized for performance and consistency. No duplicate information is stored; relations are built and resolved instead. This helped us to come up with a design schema capable to cope with high server side load generated by many clients (3500 active accounts with many users working under those).Full daily transactions that form the system's state. The database architecture is designed to resolve relations instead of storing duplicate data. This approach allows for an efficient design schema that can manage a high server-side load, resulting from a large user base of 3500 active accounts.
Full-text search is implemented using Oracle text capabilities. Database and Elastic Search engine. The database is fully Unicode compatible and can store and search information in over 40 languages.The solution is scalable and can be adjusted using Amazon cloud which has near to infinite resources.
The data layer is represented by Oracle 19 database hosted in Amazon cloud Cloud (RDS extra large node). It holds all the data required for the effective management of chemicals against different regulations used in different countries. All available performance and statistic tools are enabled on RDS to help us monitor the database 24x7 and act on any deviation from the normal patterns.
...
Chemwatch WebService represents a business layer of the three-tier architecture. It is the backbone of the entire system topology. All the calculations and data processing are is conducted in the WebService. It also supplies data and processes requests from front-end applications providing output in 5 different formats (JSON, SOAP, CSV, ZIP, or XML).
WebService is absolutely stateless and implements SOA patternpatterns. Its architectural role is to detach the front end from the database. It is developed with the concept of reversibility claiming that database implementation should be generic, so if there is a need to replace the database, it can be done quickly and efficiently.
...
The service is entirely developed using the .NET 4.6 latest tested framework. The solution corresponds to the latest performance and security standards. All the operations with the client side are going through secure protocols (SSL). User access is tracked session-wisely.
Front end
Front The front end is represented by Chemwatch WebAppication, which depending on the subscription type comes into one of the available packages: Backpack, ChemFFX, ChemGold, Cobra/Coshhpliant, SmartCobra, Chemritus, AuthorITe. etc.
Each client connects to a single WebService instance to request data and to save user input into the database. Basic calculations can be performed on the client side, but this is discouraged. Instead, we have built a reusable library that holds all the client-side logic throughout all the products. This ensures that all Chemwatch products work in a consistent manner.
Web-based clients client applications are developed using .NET 4.6 Framework and work efficiently under different browsers such as : Internet ExplorerEdge (Chromium), Mozilla FireFoxFirefox, Google Chrome, and Safari.
SmartSuite for the iPhone and Android is created using mobile development frameworks.
Application Platform
Both the Business layer and Front end run on IIS10 on IIS under Windows 2016 Server EC2 Datacenter Edition. Amazon is responsible for keeping those up to date and installing all the required security updates.
Capacity Management and Resilience
The solution is scalable and can be adjusted using Amazon Cloud which has near to infinite resources.
The solution is monitored 24x7. Automated alerts are deployed in case critical resources are running low.
Multi-AZ is enabled for the database layer. Multi-AZ (Availability Zone) is a feature offered by Amazon Web Services (AWS) for its database services, which enables users to increase the availability and durability of their database by maintaining a synchronized standby replica of their primary database in a different availability zone. In the case of Multi-AZ, AWS handles the replication and failover, and the user does not need to manually configure anything. Multi-AZ provides automatic failover in case of instance failure, software patching, or maintenance events, and helps to ensure that data remains available and durable.
See the schema below:
...
Integration capabilities
Web Service API 2.0 enables clients to create live data or document links to other application applications using:
SOAP/WSDL
REST (JSON, XML)
Any modern programming language has means to send and receive web requests (HTTPS). This is all that is required to build connectivity to Chemwatch Web API 2.0.
API provides:
24x7 operation time
High reliability
...
High availability
Backward compatibility
Operational considerations
System
...
Overview
Amazon cloud allows us to provide the a high-end level of data safety and disaster recovery. Amazon cloud also enables us to quickly scale the system to cope with increased load at runtime. A tailored balancing mechanism is used to enhance server capabilities automatically when required. All the critical updates are installed by Amazon timely, maintaining the system in its current state and decreasing any risks associated with security vulnerabilities.
Data Security
In the Cloud solution, user data stored is available only to the user and Chemwatch IT (to provide support). Other customers cannot get
...
access to the other client’s information as it is protected by
...
a secure login and password. To make sure no outside person can get hold of the user data we established a “white list” of IP addresses allowed to connect databases directly. In order to secure traffic we enforce SSL (MD5) /TLS (SHA-1) secure connection between Chemwatch and the client. Additionally, we implement TLS secure connection on our server, so
...
customers may use the power of the SHA-1 hashing key to secure the traffic.
...
Sensitive data is encrypted at rest (AES256) and in transition HTTPS/TLS 1.2.
All servers are hardened and get at least AA rating at SSLlabs.com. Headers are secured and unneeded ports are closed. Access is strictly controlled by Chemwatch IT.
Networking
Network traffic is managed by the AWS network and directed to EC2 node (Windows). IIS on the node processes the message and provides a response.
...