Design
RSS checks all the feature, device compatibility, performance, scale and security boxes. From the simplicity and maintainability needs of a small office to the administration requirements of multi-location, multi-domain organization.
Security? Any bit of company data that doesn’t by its own inner nature need to cross the internet– doesn’t cross the internet. There is no better security possible than denying a target. Compare that against any cloud-based solution with data crossing the net every read and write hosted by services with ‘lots of eggs from all clients in one basket’.
Clients without extra need to work directly with databases don’t need to learn anything about them; it all ‘just works’. RSS automatically provisions and monitors and maintains database operations and integrates them into the fabric of other RSS subsystems such as websites that rely upon them.
But for those wanting to build on a high performance structure that can scale — it’s all there — from graphic administration of services, users and host access, and from whole databases to tables to rows.
As you can read to the right, RSS offers three concurrent, highly available proven database systems ‘out of the box’: a memory based ‘nosql’ database offering the highest available speeds, a middle speed database able to offer services generally but not automatically replicated across client locations, and a multi-location fully redundant database.
Those with database needs not met by the RSS design can integrate their database engines into the RSS fabric as if native.
The smallest configuration supports hundreds of users via four pairs of dedicated database ‘virtual machines’ using fewer resources than a low-end laptop, each pair running on different physical servers. The largest configuration supports thousands of users via 59 pairs of dedicated database servers running in each of 16 locations, each connected by up to 16 simultaneous internet service providers. And — it is seamless to increase or decrease capacity.
Highlights of database subsystem capabilities and structural components, including links to background and details, are in the sliding two columns on the right. Click the column heading to pause the slider, or click the arrows midway on the left or right to see the next column.
This is ‘database in a box (or 59x2x16 boxes)’ — on steroids!
- Integrated Subsystems:
- MariaDB – SQL Database: From 2009, now with over 50,000 active installations including Google, Walgreens and Mozilla (Firefox, Thunderbird): MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. Originally designed as enhanced, drop-in replacement for MySQL, MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases. General Information. Details.
- Galera Cluster – SQL High Availability: Realtime synchronization of all the computers supporting SQL database operations. General Information. Details.
- Redis Cluster – Ultra high-speed multi-server ‘sharding’ data store: Originally released in 2009, now the most popular key-value database and 4th most installed ‘nosql’ database, currently topping the list of most favored database by 70,000 developers. General Information. Overall Details. Cluster Details.
- Messaging Cluster / AMQP / STOMP / MQTT RabbitMQ: RabbitMQ is the most widely deployed open source message broker. With tens of thousands of users, RabbitMQ is one of the most popular open source message brokers. From T-Mobile to Runtastic, RabbitMQ is used worldwide at small startups and large enterprises. Supports synchronous Messaging, multiple messaging protocols, message queuing, delivery acknowledgement, flexible routing to queues, multiple exchange types. High availability through clustering and federation. TLS 1.3 security, native LDAP authentication and authorization, with management UI. Screenshot. General Information, Details
- phpMyAdmin – GUI Database browser & design editor: Updated since 1998, one of the most popular database administration tools in current use. Screenshot. General Information. Details.
- Security Technologies – To avoid giving those with ill intent information, RSS server installations at client locations have further security related technologies which are documented only for admin users. However, other than described publicly, nothing in RSS permits client data or metadata to leave the client’s installations. Screenshot. General Information. Details.
- Foundational Subsystems:
- HAProxy – High availability load balancer and proxy server. HAProxy distributes requests for database services among computers running database engines. It also offers a GUI providing detailed real-time administrative and status updates. First released in 2000, broadly accepted and the choice of AirBnB, Reddit, Target, Twitter, GitHub and more. Partial Screenshot1- Frontend, Partial Screenshot2 – Backend. General Information. Details.
- Wireguard – Site-Site company specific encryption: Of the three database subsystems, only the database subsystem which replicates real-time changes across locations uses Wireguard. Wireguard aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. RSS encrypts database traffic not only end-to-end using tls between the database engines, but also a further company specific encryption protocol implemented through Wireguard. General Information. Details.
- FreeIPA – Multi-server, high availability user authentication, authorization, policy, certificate and trust management systems. Provides GSSAPI / Kerberos authentication to the database subsystem. Among so many other things, provides administrators and optionally users a GUI to manage accounts and passwords, set up email addresses and aliases, and more. Supports DNSSEC secured company domain names, and cross-trust agreements with Microsoft’s Active Directory. General Information. Details.
- Ceph – “The future of storage”. Updated annually since 2012, among many other things: provides the replicated storage engine supporting the multi-location synchronized database subsystem (not the site-specific higher-speed database subsystem). Each database file is real-time replicated on not fewer than three drives per server– only one of which need be operating to continue database operations on that host. General Information. Details.
- Host OS: Ubuntu LTS running on ‘bare metal’ and/or virtual machine/KVM – Each RSS location supports two separate database subsystems. One higher speed but site-local (used for DHCP and security needs not requiring data to be copied in realtime across the net to all company locations). A second, larger capacity, multi-location database subsystem. Each subsystem uses not fewer than four simultaneously running database servers (scales up to 59 at each of up to 16 client locations). Also ‘galera arbiter’ technology to maintain database state across extraordinary outages. Even should only two be running, database services will appear normal. Scales to thousands of users natively. For security, monitoring and performance, all database functions are isolated both in a private subnet and vlan. Larger installations can host database servers on ‘bare metal’ hosts, smaller installations host database engines in an isolated virtual machine both to protect the overall system from email breaches and to allow the installation of the latest database related patches without concern for dependencies and incompatibilities in unrelated subsystems. While ‘docker’ and related isolation technologies provide small speed advantages, virtual machine isolation remains the gold standard for security and is therefore the basis for RSS database hosts running as a subsystem on a server. The underlying Linux distribution for the database subsystem is Ubuntu. Ubuntu Linux General Information, Details. KVM General Information , Details.
- RSS provides three entirely distinct levels of the most proven high-availability cluster-enabled database services in use today. From the fastest known memory based ‘nosql’ systems, to mid-speed site-local SQL databases replicated across servers within a location, to SQL databases replicated in real time across company locations (which can survive the outage of entire locations and keep running); the last the slowest of the three because of the time involved in writing changes across the internet via encrypted site-site VPN to all company locations.
- Database access across the spectrum of operating systems and devices and programming languages, from Windows to Apple to Android, and literally every programming language in use today.
- Managing messages of any kind, whether voicemails, chatting among people or among cooperating programs, for performance reasons moved from traditional databases (where data is generally both longer-lived and free-form) to special purpose designs. RSS provides the same high-availability, high-availability system used by cell phone carriers and tens of thousands of others.
- Alongside industry standard, optionally tls protected program-to-program API access to the database subsystems, RSS integrates a graphical database design editor and browser. Administrators can grant access to all or part of some or all tables and/or whole databases, create new databases, inspect the operation of the RSS subsystems that make use of databases, and get performance information.
- Administrators, and optionally database users, can update passwords and create accounts that enable database access via a graphic user interface. Administrators can manage subsystems and hosts as if users, granting each specific access as needs change.
- Designers can layer their own subsystems atop RSS resources including access to all levels of database services, replicated and secure file services, web service engines and user authorization, authentication and policy management. Subsystems can be implemented on their own hosts, as added virtual machines on current hosts, or connected to pre-provided RSS web and database servers (for example, git).
- User / Account maintenance. Using a GUI, an administrator can establish user names, host names, IP addresses and more. Users can use the same interface to change their passwords. The interface is not available over the general internet, but only after secondary authentication via RSS’s RoadWarrior VPN or from within one of the client’s RSS locations. Screenshot Details.