Skip to main content

CivilPro Security & Data Storage

  • Updated

Schematic

CivilPro_Architecture.png
 
 

Database

  • The database is an SQL Server database
  • Databases are Single Tenant
  • All passwords are salted and hashed (for Civil Pro Identity)
  • The azure IP firewall limits connections from all IPs except those whitelisted
  • Default plan is S0 which can be negotiated for larger workloads
  • Direct access can be arranged for custom analytics e.g. PowerBI etc, however access through the API is preferred
 
 

API and Angular app

  • The REST API is used for all data queries to the database and the Blob Storage from the Cloud UI.
  • The API is a .Net 5 Web API application
  • The angular app is a pure HTML/JS application
  • Both the REST API and the Cloud UI Angular App are hosted from the same Azure App service.
  • The Azure App Service Plan is generally a shared resource to maximise performance per unit cost, but this can be negotiated. Please note, each client has their own App Service and Cloud UI App, it is just the plan which is shared.
  • The Web API requires authentication. Supported authentication includes
    • Civil Pro Identity
    • Microsoft Identity
    • Google Identity
 
 

Blob Storage

  • The blob storage is used for storing files and photos refenced from the Civil Pro application. It is accessed either through the Web API (following authentication), or directly from the desktop app. 
  • There is no public interface for the file store. It is accessed via applications presenting the API key
 
 

Desktop Application

  • The desktop application is a .Net Framework / .Net Standard application requiring .Net Framework 4.7.2+
  • The application accesses the database after connection information is provided via
    • direct entry of the connection string (not recommended)
    • an encrypted Civil Pro Connection File (cpcf)
    • validation through the API
  • Once a connection is established, authentication is through the same methods offered via the API
  • If dynamic IP address support is required (for example, accessing via mobile hotspots), then the connection file can be configured to include an API key for the SQL server firewall. In this case, the desktop application can clear its subnet on the firewall.
  • The desktop application accesses the blob storage using an API key that is stored in the database.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk