Child pages
  • Library Digital Signage Project -- Vended Application Architecture Review Checklist
Skip to end of metadata
Go to start of metadata


Architecture Review   

All technical projects managed by UTS and R&HS must complete an architecture review conducted by the Architecture Review Team (ART) in the project's planning phase before it can be moved into the next phase, Project Execution & Control. A second Architecture Review should be conducted during the production readiness assessment.

Project Team should submit the following documents and schedule a review meeting with ART:

  • Architecture Review Checklist (this form)
  • Architecture Diagram(s) of the System

More information on Architecture Review and Architecture Review Team can be found on Architecture Review Team.

Project Information

1

Project Name

Library Digital Signage (LDS)                             

2

Project Number

 2640

3

Project Manager

 Trisha Wilson

4

Prepared By

 LDS Project Team

5

Preparation Date

10 Aug 17

6

Project Type (Mini, Standard, or Complex)

 Standard

7

Project Summary

Implementing the Libraries digital signage reinforces their commitment to “implement creative and impactful uses of technology” in order to “create diverse and engaging environments for work, production, study, and intellectual and social engagement; and involves improving their visual communications strategy.

8

Vendor Background and Viability

Four Winds Interactive (FWI) - Founded in 2005, FWI has quickly become the industry-leader for enterprise visual communications software. FWI’s functionality makes it easy to create a powerful communications tool that solves wayfinding challenges, enhances safety, increases sales, improves experience and much more. FWI is based in Denver, Colorado with additional offices in Dubai, Hong Kong, Mexico, Miami and the United Kingdom. Other customers include Georgia Tech, University of West Virginia, Colorado State University, University of Calgary, Boston Logan International Airport, and Miami Heat/Orlando Magic Arenas.

9

LITS Responsible Team

 Leslie Wingate, Norman Hulme, Derek Butler, Michael Williamson, and Marc Hardison

Architecture Diagram of the System

 

Architecture Review Questions  

  1. On what application and middleware platform will this application be deployed? Most of the deployment infrastructure is in AWS.  The Four Winds Interactive (FWI) solution is designed using N-tier architecture with our Content Players (CPs) acting as a thin client to the back-end infrastructure. The solution is multi-faceted. Although the CP, which plays content on displays is a thin client, the administration portal is a web-based portal or can be installed as a desktop application as well depending on client needs.  FWI takes care of the backend SQL DB and server-side components of the platform (Content Manager Web, Data Store, Integration Framework and FWI Services).  Servers that run Windows workloads use Windows 2012 R2 and SQL version is SQL Server 2014.  Additional products (FWI Store/Drive) utilize Amazon Linux, which is a variant of CentOS/RedHat Enterprise Linux. Emory will have the Content Manager Desktop (CMD) and the Windows-based CPs installed locally behind their firewall.  Any/all communication between our AWS hosted environment and the customer’s network is done over HTTP/HTTPs (80/443).  On-premise, a desktop-class software application is used for service owners to interact with and manage signage templates, content, user access, and content deployment directives to signage CPs.  This software will be installed on a Windows VM on the Academic network.  Our vendor license allows for 3 concurrent logins to the CMD application. FWIs current software version is 5.4.
  2. What database management system will this application be using? MS SQL hosted in AWS by FWI.  Content Manager (CM) is designed to write the instruction schema seamlessly to SQL.  Most customers use our hosted model and look to FWI for recommendation.  FWI is currently using SQL 2014.
  3. Describe what data will be stored on this application, and data governance (local process) - In the cloud, (images, logos, CSV files, videos, etc.) are uploaded and downloaded from the content store via the http/https.  Only the metadata stored in the application will be visible from the content manager desktop application.
    The FWI solution will not have any involvement in the transmission or the storage of PHI.  The data is hosted by Amazon AWS; FWI does not have physical access to physical media. In addition, the standard FWI solution does not require the use of confidential or sensitive information.  Customer must request vendor to change password for the cloud content store and on-premise application–to-cloud authentication.
  4. Describe performance and scalability of this application (including normal usage/load patterns, performance target, sustainable peak load, and ways to expand capacity for high load) - Performance and Scalability are managed by AWS and their SLA with the vendor, FWI.
  5. Describe authentication/authorization of this application - SSO is not part of the vendor’s latest release, 5.4 (released in July). Authentication will occur via user accounts created in the on-premise management software (CMD). End users will need Content Manager logon credentials created in order to access the Content Manager Web (CMW) application for signage content manipulation. Within the local CMD application, administrators will create unique credentials for each end user, then grant those users rights to the functionality needed for content manipulation. CMW resides in the vendor hosted domain, and AD credentials will not work in that environment because it has no access to Emory's AD Domain Controller for authentication. CMW will use the credentials created in the CMD for user access to the web application. Users can only be created, modified or deleted using the CMD, not via CMW.  SSO through an application called OKTA, is expected to be released by the end of 2017 or early 2018.
  6. Describe integration of this application with other Emory applications - Trumba, RAVE, Instagram, Twitter, etc. The application will have a direct connection to our RAVE emergency alerting system via RSS.   Trumba, Instagram, Twitter, etc. could be used for content streams as well.
  7. Describe availability of this application - AWS is available 24/7/365 combined with high availability of the VM instance running end user desktop application. All FWI AWS Cloud Services are load balanced or clustered to provide a high availability environment. We currently manually monitor and scale services based on load conditions and expect to implement an auto-scale capability in the future. 
  8. Describe configuration and deployment for this application - Most of the deployment infrastructure is AWS. FWI uses an SQL instance, web application interface and a data store in AWS. On-premise, a desktop-class software installation is used for service owners to interact with, and manage, sign templates, content, user access and content deployment signage player PCs. This software will be installed on a Windows VM on the Academic network. The vendor license allows for 3 concurrent logins. Each digital sign has a local Windows PC player (managed by LITS Client Services) that retrieves and displays desired content from FWI's AWS infrastructure via http/https.   
  9. Describe reporting functionality of this application - Content Manager Desktop (CMD) offers the following native reports: Interactivity Report: Tracks Touch interactivity and Touch versus Swipe gestures within a specified date range in the past. Play Log Report: Reports full and partial plays of content within a specified date range in the past.  Scheduled Play: Reports what content is scheduled to play on a single player on any given date in the future. Reports must be run by employees who have administrator access to the on-premise service owner application software (CMD).
  10. Describe backup and disaster recovery of this application (Note backup mechanism for each layer, as appropriate) -  Cloud infrastructure at AWS. Full backups occur every Sunday and differential backups occur nightly. All backups are stored on EBS volumes in AWS.  Metadata, SQL farm, clustered, is all backed up. Content players are easily replaceable and imaged.  FWi’s infrastructure is duplicated between an established data center (FORTRUST data center) and Amazon AWS. The servers and storage in our Denver headquarters serve as a backup in case of failure at the data centers. FWi also has an offsite center where incremental backups are completed every four hours and added to a base image.  Full backups occur every Sunday and differential backups occur nightly. All backups are stored on EBS volumes in AWS.
    NDB Windows Virtual Machine, Systems team admin service, high availability VMware infrastructure, snapshots stored at White St data center, nightly incremental snapshot, VMware VMotion infrastructure in place to move live VM to new host on the fly for host maintenance issues.
  11. Describe monitoring of this application (local) -  The on-premise installation of Content Manager Desktop (CMD) will reside on a managed VM NDB.  The Systems team monitors and manages all aspects of the VM infrastructure and individual hosts.  Individual player PCs will be monitored by Microsoft System Center Operations Manager (SCOM) and/or NetIQ as needed.  LITS Client Services will provide deployment and oversight via Microsoft System Center Configuration Manager (SCCM).  Additionally, the Content Manager Desktop application has a basic monitoring and real-time screenshot functionality integrated into the application.
  12. Describe SLA and maintenance/support plan - AWS provides SLAs for the base infrastructure they provide, most of which falls under a 99.95% monthly SLA.  Software Maintenance is a subscription model which includes on-going technical support, account management, access to the vendor customer portal and access to updated software releases. Technical support delivers break-fix support for previously functional software components and guidance on errors reported in the product by identifying root cause. Philips digital signage class displays have a 3-Year Advance Replacement Warranty Included, 3-5 business days and are rated 24/7 and 50,000hr mtbf.   Dell Limited Hardware Warranty Plus Service on player PCs. 5 Years Onsite Service. Four Winds Annual Enterprise License - Maintenance and Support Included with subscription. Ongoing software updates and fixes along with 24/7/365 technical support.
  13. Will this application be used by EHC and, if so, has it been tested on the VDT? - No

Technical Challenges



 Timing and compatibility of FWI's SSO solution

Architecture Review Team Feedback

 1) Per Derek Spransy - LDS does not need a formal security review. The Team needs to ensure that everything is properly segmented off and properly updated.

2) CMD application / VM will be put in the DMZ.
“Player PCs function as ordinary desktop computers locked into the Four Winds Player application, and are resident to individual signs.  The only player communication traffic/protocols required are to the Four Winds servers hosted in AWS over port 80 and port 443.  Since ports 80/443 are not blocked on the academic network, no academic network firewall rules are required.  Communication between the players and our CMD application hosted on a VM in the Emory DMZ is not required, so no firewall rules between the Academic network and the DMZ are required.  Since no specific firewall rules are necessary, the player PCs can utilize normal dhcp ip addressing in the designated locations.  The VM(ip) in the DMZ will require port 80 and 443 firewall rules to access the Four Winds Infrastructure in AWS.”

Per Derek Spransy, "if there is no listening service, then the local firewall being turned on should certainly be sufficient."

3) Check with Dorian Hyman about reserved IPs versus static IP.
Musa verified can use DHCP for IPs in VLANs 3988 and 3825.

 

check=

  • No labels