Hi

I have been working on the spec for the client this week and have just bought ElevateDB.

I have signed up with Amazon but have not actually set anything up yet as I am still researching.

I notice that you can set up a VPN with Amazon. Would this not be more scure?

Also will compressing the data make it quicker or slower, and should I encrypt the tables?

What are your thoughts?

Thanks in advance for your help.

Peter

On 4/18/2012 4:24 PM, Peter Hodgson wrote:
> I notice that you can set up a VPN with Amazon. Would this not be more scure?

I assume you mean their VPC (virtual private cloud) - it would be but i
thought it's more to make cloud LAN extension.

One thing i found is that VPN can be a real support nightmare when it
comes to end-users  - issues from needing to install 2nd VPN client
(assuming they have corporate one that is different) to VPN (IPSEC at
least) not working often with shared internet (hotels/airports/etc).

I suggest you try it out and see if it's worthwhile.

More important question is how much protection you need for your data -
whether it's VPN and/or EDB encryption - i assume it's your client data
so having it on internet does change things a bit relative to LAN so
there might be additional security/privacy considerations.


> Also will compressing the data make it quicker or slower, and should I encrypt the tables?

On slower connections (like Internet) compression usually helps though
you will take a processing penalty on both ends as data is
compressed/uncompressed.

Encryption is same thing - you get security but there will be speed
penalty. Review security requirements first as you might need encryption
to secure the data.

Test app to emulate a normal user would be a good way to see what the
experience will be like with various options - encryption/compression/etc.

Raul

Hi Raul

Yes I did mean VPC. This creates a VPN and I would presume a secure tunnel between the client and the cloud.

My thought was that I would not need to encrypt the data if it was I on a tunnel as it would be sucure.

As far as the performance hit at each end of encryption I am assuming that the cost of this in performance terms would be minimal compared to thelatency of the network.  The data requirements (at the present time) are quite small.

I am not to sure how concerned I should be about security. At the end of the day its names and addresses that are available through the electoral register anyway apart from eMail addresses and I could encrypt and decrypt them on the fly within the software. i.e. post them encrypted into the database and decrypt them when returned.

Of course I would be backing up. As it is a virtual server I could back up to the office using Oops backup over the VPC.  I use it in my office and it uses very little resources, cheap as well.

Peter

Just rented a VPS running Hyper V.

Just rented a high end server on the net for testing the backend database 4gb Memory 4 cpus

Its up now!!!!! Got it on a monthly contract so if my I have problems nothing lost. Awesome! Its got failsafe - if the server crashes and burns it falls back to server B then Server C etc instantly. Also no backup problems as it gets backed up automatically every 2 hours. 2 i.p's unlimited bandwidth.

Looking forward to trying it out over the w/e. Should be able to have something up to test early next week.

Three click setup and no control panel. Just Login to the server with the remote desktop and you see a Win 2008 Server - do what you like £88pm/$188pm.

If it does the job the client wont be bothered about the price. Also I need to know that if its slow its not the server or the connection, its a flawed idea or flawed software rather than the server/infrastructure.

Peter

> Yes I did mean VPC. This creates a VPN and I would presume a secure tunnel between the client and the cloud.

I have to say I have not used VPC myself so buit unclear on the VPN side
of things. It seems to be designed for site-to-site VPN tunnels (like
connecting it to your corporate lan and basically extending lan into
cloud) but I'm unclear as to if this would work with remote-client type
VPN setup (like distributed end-users would have).
AWS refers to "Hardware Virtual Private Network" and also that there is
a limit of "10 Hardware VPN Connections per Amazon VPC" so bit's but muddy.
I can easily see how this would be useable to provision some corporate
servers in the cloud but running remote vpn end-users might get tricky.

The other aspect of course is that since EC2 server is a regular server
(same applies to your VPC i saw from your other post you signed up for)
you could just install VPN server side software on it and then play
around with routing so EDB ports are only accessible when coming over
VPN connection - hence your public server would act as vpn server and
edb server at the same time.


> My thought was that I would not need to encrypt the data if it was I on a tunnel as it would be sucure.
From aspect of somebody listening in yes - vpn does provide transport
security while data travels in the Internet. Encryption would provide
additional security of actually securing the data on disk (so if your
hosting company happens to lose backup tapes you'd at least know that
your data is somewhat safer). Whether this is a real concern is another
question.


> As far as the performance hit at each end of encryption I am assuming that the cost of this in performance terms would be minimal compared to thelatency of the network.  The data requirements (at the present time) are quite small.
I would think so as well.


> I am not to sure how concerned I should be about security. At the end of the day its names and addresses that are available through the electoral register anyway apart from eMail addresses and I could encrypt and decrypt them on the fly within the software. i.e. post them encrypted into the database and decrypt them when returned.
The only downsides of doing encryption in app at field level is that you
might be limited when you need to run run sql queries that need to do
field level filtering (for example LIKE clauses) or if users want to use
3rd party report tools. And of course compression would likely be less
effective - if the encryption is any good then data is not compressable
no longer.