We are very serious about system security because we know how much it means to operate flawlessly in the aviation business. System security is about two major things: data protection and continues operation (SLA).
Leon is hosted in Amazon (datacenter in Europe, Ireland). There is also a backup hosting facility located in Berlin. In the first hosting facility (primary and operating in normal conditions) we operate four servers combined in an infrastructure, which ensures redundancy of each of its elements (picture below). Load Balancer is redundant also (redundancy provided by Amazon) and there is no single point of failure.
All traffic from customers is routed to one of two application servers where we run Leon. If one server fails, all the traffic is automatically routed to the other machine. In such condition, Leon will operate a little bit slower but it will be fully functional.
Each application server is located in a different Availability Zone (a different location in the datacenter) so that a whole Zone failure will not affect both machines at the same time.
Similar redundancy is designed on database servers. We operate two servers in two different Availability Zones which are accessible to both Application Servers. In normal conditions, one of two database servers is used and the second one is synchronising to the first one. In case of databse server failure, the second takes over automatically.
We have a multi-level backup. The first level is within the infrastructure itself. We have two independent servers for running database with the same data and the failure of any of these servers will not stop the system.
The second level of backup is provided by storing snapshots of all data in separate backup servers provided by Amazon and located outside our infrastrucure. Those backups are performed automatically once per day and we store last 7 copies of the database. We are able to restore database to any point in time for the last 7 days due to additional binary logs.
The last backup layer is provided by a Backup facility (Profitbricks company in Berlin). We operate 3 servers in our backup hosting facility (2 application servers and 1 database server). In normal conditions, database server in the backup facility is all the time in sync with the primary hosting facility. In case of (a rather impossible) situation when all Amazon servers fail at the same time, we can always switch to the Berlin center.
CONTINUITY OF OPERATION
The second issue we are really focused on is to make sure that Leon is served all the time. We had to implement many sophisticated procedures to be able to update the code without shutting down the application.
Normally (>99.5%) Leon is served from the main hosting facility in Amazon. Taking into account the convenience of our users we are trying to make application updates only once a month with a new Leon’s version release. Application update process doesn't take more then a minute due to the automated process we have implemented for this procedure.
Both application versions (leon.aero and beta.leon.aero) use GeoTrust SSL certificate from the moment of logging in. This ensures safety of transmission and is a standard in reliable online applications with restricted access. We do not store passwords in our database in open text format. We use hashes. Also, it is not possible to login to database from any other server than these running Leon.