SKYPIOM’S TECHNOLOGY
At Skypiom, we believe that our technical infrastructure not only meets but exceeds expectations in all aspects. In some cases, we simply follow best practices while in others we have developed innovative ways to increase customer satisfaction levels.
Where possible, we will make use of existing standards to ensure interoperability and user adoption, but not at the expense of our general product vision. Where necessary, we will walk new ways or even beat a new path through the jungle, all in pursuit of providing the most effective Sustainable Upskilling Solutions there is.
AMAZON WEB SERVICES
While Skypiom’s KMS was developed as a cloud based solution from the beginning, it was felt that only high-end service providers would be in a position to satisfy the requirements of Skypiom’s customers.
A detailed investigation during 2016 resulted in AWS being selected as the infrastructure provider of choice and the Skypiom platform was transitioned to AWS during the last quarter of 2016. The performance, service and technical levels provided by AWS have been outstanding and Skypiom has never experienced a major system outage.
PARALLEL WEB SERVER CLUSTER
Performance and reliability are managed by providing a cluster of web servers, positioned in different “Availability Zones”, i.e. within different data centres in different physical locations. This means that even if a data centre or a regional network should become unavailable, service levels are maintained.
Servers are provisioned as per load requirements, both in individual server capability as well as in the number of servers. These servers are the “customer front end” which customers communicate with when making use of the KMS.
LOAD BALANCING
Automatic load balancers are used to distribute the load between the individual servers within the server cluster. The load balancers ensure that individual servers are loaded evenly and they detect outages of individual servers. This means that if a single server or even an entire availability zone becomes unavailable, the load balancers will route traffic to the other servers within the cluster.
All of this happens automatically, with no manual intervention required.
DATA STORAGE
Skypiom makes use of different data storage classes and techniques. The primary data store is a high performance SQL database, handling all user interaction, enrolments and long term structured data storage. This database also acts as a manager of other data storage and as a controller of different processes.
Larger volumes of primarily unstructured data are stored within Amazon’s award winning S3 store. In the case of the KMS, this refers primarily to content data, often made up of larger text, audio or video files. Specialised functions within the KMS ensure perfect synchronisation between the structured SQL data and any larger unstructured data items stored within the S3 store. Both the SQL database and the S3 store will scale as required and operate within a high-performance and high-reliability environment.
PARALLEL QUEUE PROCESSING
A concept pioneered by one of Skypiom’s sister companies within the group more than 20 years ago, this capability has been adopted for deployment on today’s modern cloud based architecture. In essence, it means that potentially processing intensive tasks are “offloaded” onto a “processing queue” by the front end web servers. Examples of such tasks are complex analytical reports and duplication of huge blocks of course content material. By offloading such tasks, web servers can respond to users almost instantaneously and users are not exposed to the risk of reaching network timeouts along the way. Processing takes place by any number of technical background processing servers, configured as required to handle the workload.
Reports completed in this manner are either delivered by email or to a special KMS report repository for convenient download.
CONTENT DELIVERY NETWORK
When data is requested from a web server, this data is often fetched from a remote location, even from different continents. Without going into too much technical detail, there is an obvious advantage if the data to be delivered to a requester is physically close to the requester. Standard internet web servers don’t cater for this.
Since the proliferation of audio and video streaming services like YouTube and Netflix, special “Content Delivery Networks” (CDNs) have become available, including Amazon’s “CloudFront” service. One of Amazon’s better known clients is Netflix, which delivers all of its content via CloudFront. CDNs typically consist of a large number of server locations around the world; there are around 120 of those in the case of CloudFront. Data meant for delivery via a CDN is located at a master location, and replicated across all “edge servers” as required.
Client requests for such data are resolved by finding the server closest to the requester and delivering the data from there, achieving the fastest possible response time. As of July 2018, all of Skypiom’s KMS content is delivered via AWS CloudFront, leveraging the large number of available edge servers, including locations in Johannesburg and Cape Town.
OUTBOUND EMAIL
A number of Skypiom’s technical service delivery actions depend on outbound email messages to KMS users. Anybody who has ever been involved with sending volume email messages will understand the potential technical pitfalls associated with this activity. There is always a risk that such messages may be classified as spam by recipient corporate mail servers.
This risk can be mitigated by professional mail handling contractors and Skypiom does just that. Again, trying to meet core objectives like availability, deliverability and security prompted Skypiom to contract with a suitable and highly experienced provider of SMTP mail services.
Objectives are achieved through features like TLS encryption for both authentication and mail delivery, sender address and domain validation policy as well as SPF / DKIM procedures to help prevent email spoofing.
SECURITY CONSIDERATIONS
While there may be no such thing as an impenetrable network, we believe that AWS operates one of the most secure and best managed networks in the world. Besides Amazon delivering high quality and secure infrastructure, Skypiom works hard to ensure there are no potential security issues within its own area of responsibility which may be exploited. This includes various measures at the application level, where in-house developed procedures serve to obscure data structures and origins, sanitisation of all input data and other measures.
All user passwords are stored as irreversible hash strings which means that even if user passwords were stolen, they cannot be decrypted. Skypiom also insists on all web sessions being encrypted via the HTTPS protocol. To further ensure login security and guard against stolen passwords, the KMS supports optional 2-factor authentication (2fa). This requires the user to enter a 6-digit numeric code along with the login password. Codes change every 30 seconds and are obtained via specialised hardware code generators or by a relevant app on a smartphone.
Besides all of the above, Skypiom makes use of independent service providers at regular intervals to perform relevant security checks. To this end, Skypiom consistently achieves “A Grade” results.
DATA BACKUP PROCEDURES
While most of Skypiom’s live data exists in some form of redundancy, additional and more traditional backup procedures are followed as well. This includes repetitive historical backups within the AWS environment, again making use of high reliability S3 storage.
In addition, backups are maintained outside of the AWS environment on Skypiom’s local servers, in multiple physical locations. Most external backup operations take place on a daily basis, some operate at 10-minute intervals.