data assest management system (dams)

7/26/2019 Data Assest Management System (DAMS)

1/32

Running head: DATA ASSET MANAGEMENT SYSTEM (DAMS)

Data Assest Management System (DAMS)

Datacenter Application

inal Term !ro"ect

Greg #iedeman

MS$T%&'

Regis niersity


2/32

DATA ASSET MANAGEMENT (DAM) &

A*stract

The +ollo,ing paper contains in+ormation +or supporting a Data Asset Management

System (DAMS) located in a data center ,ith a +ocus an in+rastructure o+ models that are used to

capture- catalog- store and manage digital assets ,hich ,ill *e print media and adertising art

,or./ The process o+ design +or the DAMS ,ill consist o+ the net,or. architecture and

supporting in+rastructure used to create an e++icient system- ,hich is scala*le- +le0i*le- and

resilient/ The system is going to reside in one or more o+ the serer +arm topologies- ,hich

include internet- intranet and e0tranet and the topology *oundaries o+ the system ,ill help to

determine security- including data integrity- assurance- and secure access ,ithout causing a

hindrance to end1users or a++ecting the applications per+ormance/ The net,or. design ,ill

consist o+ a layer & net,or. design including ST!- a layer 2 design ,ith routing protocols

de+ined- SS34T3S- load *alancing- serer monitoring- and caching ,ith a +inal DNS mapping/

This in+ormation should *e enough +or an installation team to deelop a +ull cost estimate-

con+iguration guides- and construction plans/

Ta*le o+ $ontents


3/32

DATA ASSET MANAGEMENT (DAM) 2

5/ 5ntroduction

55/ Ris. Analysis

555/ 3ayer & Design o+ the Datacenter

56/ 3ayer 2 5! Address Design

6/ SS3 and T3S

65/ 3oad 7alancing

655/ DNS

6555/ Re+erences

I. Introduction

The ,orld today is *ecoming more a*out ones and 8eros as *oo.s are conerted to digital


4/32

DATA ASSET MANAGEMENT (DAM) 9

media- medical records are +orced to go digital- documents are scanned into computer systems-

pictures- music- moies- and the list continues on ,hat is getting digiti8ed/ 7rand (;;'s to the present recorded in+ormation increasingly disappears into

a digital gap/ ?istorians ,ill consider this a dar. age@/ The management o+ all the digital assets

*ecomes a necessity *ut di++iculties arise as +ormats change and *ecome o*solete- tapes and dis.s

lose integrity- systems *ecome more complicated- ne, methods o+ access *ecome aaila*le- such

as smart phones and ta*lets- and as more data is trans+erred to digital media storage increases and

a storage li+e cycle plan *ecomes eer more important to deelop in an organi8ation to moe data

around easier +or +ast and e++icient access/

The purpose then- +or Digital Asset Management (DAM)- is to deelop the concept into

the data center as a Digital Asset Management System- (DAMS)- ,hich according to Mc$ord

(&''&) contains an in+rastructure o+ modules that are used to capture- catalog- store- and manage

digital assets/ ?e also points out that those assets should e0pand to use in tools that can produce

ideos- audio- ,e* content- and print media/ The digital content must also contain ,ays to

identi+y the asset- group indiidual assets +orming a collection- the a*ility to protect the original

asset as it is used to in these collections- de+ine rights- determine permissions- deelop process

rules- and +inally administer and control the +lo, o+ assets/

A company called Media Rier 33$ ,ill attempt to +rom a *usiness reuirement to easily

share documents ,ith satellite o++ices- and to e0ternal clients/ The companyBs digital o*"ects

consist o+ geological sureys- Microso+t #ord documents- and E0cel spreadsheets along ,ith

lo, to medium resolution images o+ land sureys- satellite photos- and digital ground photos/

The +ront1end access is a ,e* inter+ace- similar to Share!oint- ,ith a login page to control

security access- auditing- and user sessions ,hile proiding a search +unction to enter metadata


5/32

DATA ASSET MANAGEMENT (DAM) >

in+ormation to pull up certain images/ Metadata could include *ut not limited to a pro"ect 5D- the

name o+ a company- and the name o+ a product or a campaign theme/ sers o+ the system can

use a chec.out method- similar to a li*raryC to gather images to use as re+erences +or no, or later

*ut a+ter a &91hour period the assets ,ill automatically go *ac. on the shel+/ Administrators can

manually oer ride the system to moe assets *ac. on the shel+ *ut cannot e0tend the period o+

&9 hours *ecause o+ the persistent coo.ie e0piration time that is deliered to the user *ro,ser/

Een though items may *e chec.ed out this does not mean that the digital assets can not

still *e ie,ed and chec.ed out *y other mem*ers +or +urther processes such as ordering high

resolution prints or o*taining a hard copy o+ the media/ There ,ill *e certain access controls so

that only certain indiiduals and groups ,ill *e a*le to ie, certain digital media/ or e0ample

one client could not see another clients data and clients ,ill hae speciali8ed employees ,ho ,ill

,or. one on one ,ith the client to ensure that employees only hae access to their supporting

clients/ This ,ill preent employees haing access to all the data assets o+ eery client/

II. Risk Analysis

The +ollo,ing contains a *rie+ summary o+ the top three content elements used *y users

and managed *y the DAMS/ A score o+ high- medium or lo, +or each content element shall *e

gien *ased on the alue o+ the content element to the organi8ation- alue to the user *ased on

the su*"ect o+ the content- the attractieness to an outside attac.er- and insider intent on +raud or

e0tortion/ The ealuation o+ the content elements continues *y loo.ing i+ there are any la,s-

such as ?5!!A- !$5 or ER!A as an e0ample- that are goerning the elements/ The +inal portion

ealuates ,hat tools and technologies are reuired to ensure that the company is proiding

appropriate protections +or the content elements identi+ied/

The +irst content element that is critical +or the DAMS is the ,e* inter+ace granting


6/32

DATA ASSET MANAGEMENT (DAM) %

access to speci+ic in+ormation +or an employee- administrator- or client to create- read- update- or

delete/ This particular content- also .no,n as authentication- has a rating o+ high +or the

organi8ation *ecause according to 6emuri (&'')- it =is important in esta*lishing trust in critical

*usiness processes@/ 5t is also important to the organi8ation *ecause the identi+ication o+ the

person accessing the system is critical +or sa+eguarding that the in+ormation accessed is correct

+or presentation and manipulation/ 5t also helps to maintain con+identiality and integrity o+ the

in+rastructure *y trac.ing changes made to the system/

Authentication- to the user- also ran.s high +or alue *ecause ,ithout this in+ormation

there is no access to the in+ormation through the ,e*site/ 5t ,ill also preent users +rom

interacting ,ith the system to ie, and update in+ormation ,ith the company/ 5t ,ill also a++ect

communication and slo, do,n an end users e++ectieness and productiity/ Authentication also

protects the client or company +rom an employee ,ho is accessing and manipulating data in such

a ,ay that iolates the companyBs policies/

The attractieness o+ the content element o+ authentication is e0tremely attractie to an

outside attac.er and there+ore ran.ed high/ 5t should *e common sense the ran.ing o+

authentication simply *ecause it ,ill allo, that attac.er to impersonate a user and has the same

principal as +raming someone +or a the+t o+ a physical item/ 5t ,ill also compromise the

trust,orthiness o+ the system and possi*ly turn a,ay +uture *usiness and it *ecomes a pu*lic

relations nightmare +or a compromised system/

The ne0t category ealuated is the alue authentication has to insiders intent on +raud or

e0tortion and again this receies a medium due to the +act that employees o+ the surey company

,ill indeed hae certain rights not only to ie, content *ut also to loo. into other clients login

pro+iles +or trou*leshooting pro*lems or +or training clients and a real threat o+ +raud or e0tortion


7/32

DATA ASSET MANAGEMENT (DAM)

is not high *ecause the content has more alue to the client then it does to the employee/ An

employee could ho,eer steal in+ormation that a land surey may present and lea. this

in+ormation to outside entities +or gain *ut the employee ,ould already hae authentication into

the system to get the in+ormation/ As o+ no, there are no .no,n la,s +orcing authentication

processes +or the company *ut "ust guidance +or standards *ased on *est practice and some

outlined *y N5ST Special !u*lication


8/32

DATA ASSET MANAGEMENT (DAM) 9 usa*le addresses- inerse mas. '/'/2/&>>- su*net si8e o+


16/32

DATA ASSET MANAGEMENT (DAM) %

VLAN 200 )ackend Data!ase *luster % "u!net 10.200.1&3.0 ' 2(

Gate,ay Address '/&''/;2/

Su*net Mas. &>>/&>>/&>>/'

S65 63AN &'' Aggregate4$ore S,itch '/&''/;2/&

S65 63AN &'' Aggregate4$ore S,itch & '/&''/;2/2

?SR! 65! &'' Aggregate4$ore S,itch '/&''/;2/

7ac.end Data*ase $luster Serices 65! $luster 5! address '/&''/;2/'

VLAN 300 % Load )alance "er#ers

Gate,ay Address '/&''/;9/

Su*net &>>/&>>/&>>/'

S65 63AN 2'' Aggregate4$ore S,itch '/&''/;9/&

S65 63AN 2'' Aggregate4$ore S,itch & '/&''/;9/2

?SR! 65! 2'' Aggregate4$ore S,itch '/&''/;9/

!rimary 3oad 7alance Serer F '/&''/;9/'

Secondary 3oad 7alance Serer F '/&''/;9/&'

VLAN (00 % +"P, -dge De#ices

Gate,ay Address '/&''/;>/

Su*net &>>/&>>/&>>/'

S65 63AN 9'' Aggregate4$ore S,itch '/&''/;9/&

S65 63AN 9'' Aggregate4$ore S,itch & '/&''/;9/2

?SR! 65! 9'' Aggregate4$ore S,itch '/&''/;9/

!rimary ire,all 5nside ' F '/&''/;9/

Stand*y ire,all 5nside ' F '/&''/;9/&

?SR! 65! 9'' ire,all F '/&''/;9/'

ire,all Actie 4 Stand*y $on+iguration

$E Routers Redistri*ute S!

ut o+ *and management inter+ace on s,itches '/''/''/ 4 &9


17/32

DATA ASSET MANAGEMENT (DAM)

5 still hae some uestions on the routing/ 5 ,ill hae to inestigate ,hether 5 can use

7G! all the ,ay to the core layer 2 s,itches or i+ 5 ,ill need to redistri*ute S! into 7G!/ The

M!3S carriers only accept 7G! or static routes +rom the $ustomer Edge ($E) routes/ Since 5

am using diersi+ied carriers there are no managed routers and 5 ,ill hae to manage the routers/

There are some adantages and disadantages to using diersi+ied carriers/

Adantages

More ault domains

3eerage pricing +rom carriers

Automatic carrier +ailoer +or redundancy

Disadantage

3oad 7alance is complicated *et,een carriers

Design $omple0ity

5ncreased cost +or routers

Reduces common o++erings *et,een carriers

5 ,ill also need to discoer internet connectiity and ho, to proide +ault tolerance/ The

original idea is to use t,o circuits ,ith di++erent entry points +rom ,ithin the data center/ 5 ,ill

see i+ 5 ,ant to load *alance *et,een the same carriers and hae them manage the routers or

manage the routers and hae carrier diersi+ication on the internet connection/ The internet

connection ,ill proide 6!N access into the data center- NAT +or ,e*sites and other serices/ 5

,ill still need to proide pu*lic to priate addressing and de*ating ,hether 5 should create a

DMI 8one or e0tranet +arm 8one +or access to the ,e*site inter+aces/ 5+ 5 can +ire,all and NAT


18/32

DATA ASSET MANAGEMENT (DAM) deice A$3Bs allo,ing any to the deice on port


22/32

DATA ASSET MANAGEMENT (DAM) &&

gate,ays- or een routers/ The load *alancers are a*le to accomplish the distri*ution in di++erent

,ays *ased on di++erent methods and algorithms/ Depending on the goals and in+rastructure o+

the *alanced entity certain methods- o+ course- ,ill ,or. *etter than others/ #hen choosing the

type o+ algorithm to use the designer must ta.e into consideration the method to create

persistence- =stic.iness@ ,ith the *ac.1end in+rastructure/ 5n the case o+ the DAMS- the *ac.

end serers are in a ,e* +arm that ,ill proide a ,e* inter+ace +or clients/ The clients ,ill hae

the a*ility to ie,- do,nload and upload their data +rom the ,e* content so maintaining

persistence across serers ,ill *e important +actor/ The serer +arm on the *ac. end ,ill contain

serers o+ similar model and type ,ith the same hard,are in each ,e* serer +or consistency and

ease o+ management/ Serer monitoring is ery critical in determining ho, to distri*ute the

tra++ic load along ,ith deciding ,hat serer certain reuests should go to and ho, to reallocate a

serer load in the eent o+ a serer crash or +ailure/ or the DAMS- a dynamic automated +orm

o+ system monitoring is pre+erred along ,ith an e++ectie alerting tool to in+orm administrators o+

any ,arnings- critical +ailures or simple anomalies- such as an unusual increase in tra++ic olume/

The +irst load *alancing design +or the DAMS is a so+t,are solution using Apache ,e*

head serers running modHpro0y- modHpro0yH*alancer- and modHstatus/ ModHpro0y is the core

o+ the so+t,are modules and proides the layer stic.y sessions- ,hile modHpro0yH*alancer

proides three load *alance methods including Reuest $ounting- #eighted Tra++ic $ounting and

!ending Reuest $ounting and +inally the modHstatus ,ill proide the serer monitoring/ The

modHpro0yH*alancer algorithm that seems to +it *est ,ith the DAMS is reuest counting and

idea is that there is a distri*ution o+ the reuests among the arious ,or.ers- *ac. end serers- to

ensure that each gets a share o+ the num*er o+ reuestsC this is a type o+ round ro*in/ Some

reasons to use reuest counting are that all the *ac. end serers ,ill *e the same- it is easier to


23/32

DATA ASSET MANAGEMENT (DAM) &2

con+igure- the users sessions are not usually long *ecause o+ uploads or do,nloads and it can

*alance eenly across all serers getting +ull utili8ation/ Reuest $ounting is ena*led *y ia

l*methodL*yreuest in the httpd +ile/ The modHpro0yH*alancer also has stic.iness ,ith t,o

,ays to implement and that is a coo.ie and the other is R3 encoding- ,hich the DAMS ,ill

use the coo.ie method to proide stic.iness +or a couple o+ reasons including proiding *etter

+le0i*ility and since it is using layer the client 5! does not matter and does not matter- ,hich

ma.es it easier +or more mo*ility/ To ena*le *alancing manager- ,hich is a ,ay to dynamically

monitor and update the load *alancing policies- the modHstatus is reuired/ The *alancer

manager support ena*les dynamic update o+ *alancer mem*ers/ 7alance manager can then

change *alance +actor or put a mem*er o++line/ The *alance manager is the ,ay to proide

serer monitoring and health/

The load *alancer outside connection is a pu*lic 5! address in the DMI and the inside 5!

connection is part o+ the same priate address su*net as the ,e* serers in the same lan/ This

proides a t,o ,ay arm pro0y to pass tra++ic through the load *alancer to the ,e* serers/ The

pro0y serer can also cache pages in memory to decrease load time o+ images or common

content/ Redundancy is also *uilt into the load *alance serers *y using a module called

heart*eat/ ?eart*eat is a +ree utility that is setup on *oth load *alancers and supplies the pu*lic

65! used and the outside and on the inside to trac. *oth inter+aces in case one +ails/

VII. DN"

The +ollo,ing section descri*es the in+rastructure design +or DNS 8ones including

de+ining replication partners +or redundancy and ho, the 8one ,ill in+luence seeral other


24/32

DATA ASSET MANAGEMENT (DAM) &9

components- such as the load *alancer- ,e* portal- MyS3 data*ases- and the Actie Directory

in+rastructure/ The data center ,ill consist o+ t,o DNS serers and t,o 8ones/ ne +or Actie

Directory 8one and the other +or a split 8one that ,ill contain the e0ternal 8one records +or the

,e* portal/ At the end o+ descri*ing the 8one setup- there is a net,or. diagram to sho, ,here in

the datacenter the internal DNS serers lie/

The internal DNS serers are Microso+t DNS and run on the same serers in the data

center as the Microso+t Actie Directory Serers/ The internal DNS ,ill hae the Actie

Directory DNS 8one and the main 5nternet 8one/ The +orest in Actie Directory ,ill proide the

=priate@ internal DNS 8one called mediarier/pri- ,hich is an actie directory integrated 8one/

This ,ill contain all the serice records +or actie directory along ,ith all the serers- s,itches-

routers- load *alancers- routers- and +ire,all entries/ The registrars +or the domain

mediarier/com hosts the e0ternal dns serers and ,ill only contain the records needed to allo,

clients to connect to the ,e* portal +rom the outside/ or an employee to connect to serers

inside the data center using DNS then the employees local internal DNS serer ,ill do a split

*rain and hae conditional +or,arding setup to direct the reuest to the 8one/ This ,ill .eep

reuests on the priate M!3S net,or. (Schauland- D/ &'';)/ The internal DNS serers are the

only serers that ,ill *e a*le to send replication in+ormation

Actie Directory or,ard Ione mediarier/pri

Name Type Data Timestamp

(same as parent folder) Start of Authority

(SOA)

[86676] ns1mediari!erpri!


25/32

DATA ASSET MANAGEMENT (DAM) &>

(same as parent folder) Name Ser!er

(NS)

ns1mediari!erpri! stati"

(same as parent folder) Name Ser!er

(NS)

ns#mediari!erpri! Stati"

$rimaryfire%all &ost (A) 1'#''111 stati"

Stand*yfire%all &ost (A) 1'#''1#1 stati"

+ain,ire%all &ost (A) 1'#''11' stati"

ns1 &ost (A) 1'#''1##' stati"

ns# &ost (A) 1'#''1#-' stati"

primload*alan"er &ost (A) 1'#''11' stati"

se"load*alan"er &ost (A) 1'#''1#' stati"

mys.l1 &ost (A) 1'#''1-#' stati"

mys.l# &ost (A) 1'#''1-#1 stati"

mys.l- &ost (A) 1'#''1-## stati"

%e*1 &ost (A) 1'#''1##'

%e*# &ost (A) 1'#''1##1

%e*- &ost (A) 1'#''1###

a""esss%it"h'1 &ost (A) 1'1''1''1'

a""esss%it"h'# &ost (A) 1'1''1''11

a""esss%it"h'- &ost (A) 1'1''1''#'

a""esss%it"h' &ost (A) 1'1''1''#1

/ores%it"h'1 &ost (A) 1'1''1''1

/ores%it"h'# &ost (A) 1'1''1''#

"erouter'1 &ost (A) 1'#''1-'

"erouter'# &ost (A) 1'#''1'

fi*ers%it"h &ost (A) 1'#''1--'


26/32

DATA ASSET MANAGEMENT (DAM) &%

These addresses ,ill not *e pu*lished to the outside ,orld *ut only shared ,ith internal

employees ,ho must manage the in+rastructure/ The other users ,ho go to mediarier/com ,ill

use e0ternal DNS serers hosted *y the registrar/


27/32



28/32


data assest management system (dams)

Documents