InstaDB server specification

This document describes the deployment specifications of the InstaDB platform.

Overview

InstaDB is a database web application platform. It provides:

  • a complete development and deployment environment,
  • a database creator (Schema Editor),
  • applications/databases management tools,
  • backup procedures.

Architecture overview

Requirements

Hardware

A dedicated server is required, however both physical and virtual machines are acceptable.

Minimal requirements:

  • RAM: 2 GB,
  • processor: single core 2 GHz 64bit,
  • hard drive: at least 20 GB.
Optimal requirements:
  • RAM: 4 GB,
  • processor: dual core 3 GHz 64bit,
  • hard drive: 500 GB at least.
Access to additional server for backups storage is required.

Software

Currently InstaDB runs on Debian 7 and depends on:

Software details

Operating System

Debian 7.9.0.

Database

The database engine used by InstaDB is MySQL.
Note: All files uploaded to the InstaDB server are stored in the server file system (not in BLOBs). The database holds only meta-data descriptions of the files.

Development language

InstaDB applications are developed with the platform's built-in Schema Editor tool. At some points, Schema Editor allows the use of SQL expressions. The Schema Editor SQL dialect is a slightly modified MySQL.

InstaDB allows the extension of its core functionality by PHP and JavaScript languages.

The InstaDB platform itself is written in Nianio Lang. The Nianio Lang code is compiled to C code and the latter is compiled to binary code on the server machine.

Interfaces

InstaDB server requires:

  • a static IP address,
  • unlimited access to ports 22, 80 and 443,
  • at least one e-mail account (protocol SMTP with TLS on port 587) for sending notifications,
  • access to Active Directory or LDAP server for user authentication (optional),
  • an additional server for storing backup files (optional, but essential for backups),
  • time limited access to Debian package repositories for security update purposes.

Security

Communication

All the end-user InstaDB server communications use the HTTPS protocol that uses a valid SSL certificate.

For service and support purposes SSH access is required. It can be direct (from the Internet) or indirect (through a remote desktop node for example).

User access

Users can access the InstaDB platform only after successful authentication. Authentication can use internal InstaDB's access control or can be based on a LDAP/Active Directory server.

InstaDB enables a user to create many independent databases, which provides internal access control. InstaDB guarantees that a user may access a database in only three cases:

  • he/she is an owner (creator) of the application,
  • he/she has been invited to the application by its owner or administrator,
  • access to the application is confirmed by a LDAP/AD server.

Every InstaDB application ("instance" or "database") defines internal access control rules. InstaDB internally pre-processes and wraps every database request with additional access control rules, so the access regulations cannot be overwritten by a user – for example: by browser manipulation. It also provides protection against SQL injections.

Logging

Users access to the InstaDB data is logged on two levels:

  • nginx logs include HTTPS requests,
  • history of every record modified – provided by the InstaDB engine.

Server updates

InstaDB engine updates are performed at least once a year.

Backups

The InstaDB server creates backup files every 24 hours for every instance whenever data was modified the previous day. The InstaDB backup system guarantees the backup files will be kept according to the following rules:

  • all backup files for the last seven days,
  • at least one backup for every week in the last month,
  • at least one backup for every month in the last year,
  • at least one for every year.