Attached is a technical proposal by a software designer
Here is an additional document:
[url removed, login to view]
Openvz to safeguard applications, I added a OTP application to this document and questions to be addressed regarding vps and centos the new flavor of linux I've decided to use. I elaborated on details of some points as well
technical proposal attached and questions regarding openvz and HA
Electronic silver and gold trading platform for members,like a stock exchange a bid and ask and the member has a client on his computer to communicate with the server to purchase or sell silver. clients can depositor withdraw silver into their account and we do safekeeping with serial number on tube or bar which must be attached to customer account and removed once removed from our facility
at the end of the day mouvement of the bullion must be done.
customer must sign transaction with depository key and their key and the depository must verify each transaction before moving bullion. depository may be in a different country or locally.
clients can lend out their silver or gold at a certain interest rate.
with otp(one time pass) on server and client
payment can be made by converting silver or gold to any currency or kept in commodity if merchant is our member.
A normal card (similar to a bank card) will be used to access the account with a cell phone loaded with one time pass program or a device.) you have to setup the onetime pass server application as well as client.
You can deposit or withdraw silver,cash or check or make purchase from a merchant.
The card can be active with certain functionalities turned on or off and certain dollar limits for diffferent card functions) or the card can be frozen or hot carded(cancelled) or stolen ( call branch).
members need to be registered and can add bank to debit(ach) from to pay for transaction.
we need a feed for quotes on commodities so client can see the spot price live and trade accordingly.
fault tolerant and replication in case server goes down.
can you guys take a look at this while I am puting together my notes for my
the transactions have to be super secure., understanding this document in
advance would help me alot, will be in touch.
looks like openvz and centos will be used
I want to make sure you get that all transactions have to be sent signed with pki using the depository key and the client key, so you need a database with clients keys on it with the depository(which moves the gold or silver), to verify transactions were sent by client.
the client communicating with live data from members(bid and ask and the live spot quote must not be tampered with as well. so ssl is good for that.
since singapore is knowlagable in smartcard technologies and OTP (one time pass) I think you would be in charge of developing that security and applications.
some ideas below for open source OTP
clients using the goods/service application installed on the merchant server will have to enter their card number and use the otp application on their cell phone or computer(find out if this application can be installed directly on a pc)
In the branch as well workstations need to have this application installed to service walk in clients.
[url removed, login to view]
Here are fips compliant librairies
[url removed, login to view]
[url removed, login to view] is budget startup, I would like proposal within 1 week and project would start thereafter if price target met.
I need a company who is effecient in understanding and implimenting my needs and doing all the bug testing so product is delivered bug free. I would like it finished in a two month period if possible.
QUESTIONS REGARDING VPS
Are you planning to deploy over VPS? Is this for load management? HA over VPS is not possible in the truest sense. Application level HA will be your only option. Postgresql has HA built-in. That will still work for two VPSs. Some hosting providers also have HA VMs with DNS fail-over. I'm not sure if this active-active?
But overall, given the kind of number crunching you are going for, I would suggest you perform some empirical tests to see what your performance is going to be like. It is not just a matter of hard disk space here. Computing power specific to hashing and total bandwidth required for all clients both need to match up here.
I’m not sure what the wiki says. Haven’t had a chance to read it.
I’m guessing that the security they refer to in the wiki is application security. That is, if each application is run within its own container or VM, then its environment remains unpolluted by other applications.
However, the basic security against external attacks is increased because the virtualization/containment layers are not very mature systems. This is in contrast to Operating Systems which are much more mature and provide greater confidence against external attack if routinely patched.
Containers are relevant when one requires a physical machine to be running diverse applications (possibly belonging to different users) which need separate environments.
Another motive to use VMs or containers is to use the hardware more efficiently by deploying several instances per machine, thereby having less machines than users/servers to deploy.
In your case, only the second motive applies. You would need to benchmark the physical hardware though, to see how many VMs/containers can be run at maximum load.
For security against external attacks, you should put the VMs/containers running the actual backend code within a private network and the public facing server in the DMZ. The public server will be a sort of proxy, which redirects requests to one of the VMs/containers, thereby providing load balancing and shielding the private network.
This is the layout most often used in web deployments. The greater the need for security, the more the separation between data/application and the public interfaces.