Masters Project CThornhill v2 final

Secure File Management Using the Public Cloud AMastersinCybersecurityPracticumProject

CecilThornhill

ABSTRACT

TheProjectexploresthehistoryandevolutionofdocumentmanagementtoolsthroughtheemergenceofcloudcomputinganddocumentsthedevelopmentofabasiccloudcomputingwebbasedsystemforsecuretransmissionandstorageofconfidentialinformationonapubliccloudfollowingguidanceforfederalcomputingsystems.

Secure File Management Using the Public Cloud MastersofCybersecurityPracticumProject,ISM6905–CecilThornhill

MastersProjectCThornhillv2final.docx7/13/16 Page2of46

Introduction ................................................................................................................ 3

Background of the Driving Problem – Ur to the Cloud .................................................. 3

The Cloud in Context – A New Way to Provide IT ......................................................... 7

Cloud Transformation Drivers ...................................................................................... 8

The Federal Cloud & the Secure Cloud Emerge .......................................................... 10

Designing a Project to Demonstrate Using the Cloud .................................................. 13

Planning the Work and Implementing the Project Design ........................................... 15

Findings, Conclusions and Next Steps ......................................................................... 32

References ................................................................................................................. 34

Source Code Listings .................................................................................................. 39

Test Document .......................................................................................................... 46



Introduction ThispaperdescribesthedesignanddevelopmentofasystemtosupporttheencryptedtransferofconfidentialandsensitivePersonallyIdentifiableInformation(PII)andPersonalHealthcareInformation(PHI)toacommercialcloudbasedobjectstoragesystem.ThisworkwasundertakenasaPracticumprojectfortheMastersinCybersecurityprogram,andassuchwasimplementedwithinthetimelimitsofasemestersessionandwascompletedbyasingleindividual.Thisprototyperepresentsabasicversionofaweb-basedsystemimplementedonacommercialcloudbasedobjectstoragesystem.TheprototypedemonstratesanapproachtoimplementationsuitableforusebygovernmentorprivatebusinessforthecollectionofdatasubjecttoextensiveregulationsuchasHIPAA/HiTechhealthcaredata,orcriticalfinancialdata.Ageneralreviewofthecontextofthesubjectareaandhistoryofdocumentmanagementareprovidedbelow,alongwithareviewoftheimplementationefforts.Findingsandresultsareprovidedbothfortheimplementationeffortsaswellastheactualfunctionofthesystem.Duetotherestrictedtimeavailableforthisproject,thescopewaslimitedtofittheschedule.Onlybasicfeatureswereimplementedperthedesignguidancedocumentedbelow.Toexplorefutureoptionsforexpansionoftheprojectseveralexperimentsdesignedtofurtheranalyzethesystemcapacityandperformanceareoutlinedbelow.Theseoptionsrepresentpotentialfuturedirectionstofurtherexplorethisaspectofsecuredeliveryofinformationtechnologyfunctionsusingcloud-basedplatforms.

Background of the Driving Problem – Ur to the Cloud Theneedtoexchangedocumentscontainingimportantinformationbetweenindividuals,andenterprisesisauniversalnecessityinanyorganizedhumansociety.Sincetheearliesthighlyorganizedhumanculturesinformationaboutbothprivateandgovernmentactivitieshasbeenrecordedonphysicalmediaandexchangedbetweenparties1.Variousprivateandgovernmentcourierswereusedtoexchangedocumentsintheancientandclassicalworld.IntheWest,thispracticeofprivatecourierservicecontinuedafterthefallofRome.TheCatholicChurchactedasaprimaryconduitfordocumentexchangeandwasitselfaprimeconsumerofdocumentexchangeservices2.IntheWest,aftertherenaissancethegrowthofboththemodernnationstateandtheemergenceofearlycommerceandcapitalismwerebothdrivenbyandsupportiveofthegrowthofpostalservicesopentoprivateinterest.Theneedsofcommercequicklycametodominatethetraffic,andshapetheevolutionofdocumentexchangeviaphysicalmedia3.IntheearlyUnitedStatesthecriticalroleofpubliclyaccessibledocumentexchangewaswidelyrecognizedbythefoundersofthenewdemocracy.TheContinentalCongressin1775establishedtheUSPostal



Servicetoprovidedocumentcommunicationsservicestotheemergingnewgovernmentpriortothedeclarationofindependence4.Asanewandmodernnationcosteffective,efficientdocumentexchangeservicesfromthenewpostofficewereessentialtothegrowthoftheUSeconomy5.ThegrowthoftheUSasapoliticalandeconomicpowerunfoldsinparallelwiththeIndustrialRevolutioninEnglandandEuropeaswellastheoveralltransitionoftheWesternworldtowhatcanbedescribedasmoderntimes.Newscience,newindustryandcommerceandnewpoliticalurgenciesalldrivethedemandforthetransmissionofdocumentsandmessagesineverfasterandmorecosteffectiveforms6.ItiswithinthisacceleratingtechnicalandcommerciallandscapethatthedigitalageisbornintheUSwhenSamuelMorsepubliclyintroducesthetelegraphtotheworldin1844withthefamousquestion“WhatHathGodWrought?”sentfromtheUSCapitoltothetrainstatininBaltimore,Maryland7.Morse’sdemonstrationwastheresultofyearsofexperimentandeffortbyhundredsofpeopleinscoresofcountries,buthascometorepresentthesingularmomentofcreationforthedigitaleraandmarksthebeginningofthestruggletounderstandandcontroltheissuesstemmingfromdocumenttransmissioninthedigitalrealm.Alloftheissueswefaceemergefromthistimeforward,suchas:

• Translationofdocumentartifactscreatedbypeopleintodigitalformatsandthecreationofhumanreadabledocumentsfromdigitalintermediaryformats.

• Thenecessitytoauthenticatetheoriginofidenticaldigitaldatasetsandtomanagethereplicationofcopies.

• Theneedtoenforceprivacyandsecurityduringthetransmissionprocessacrosselectronicmedia.

Manyoftheseproblemshavesimilarcounterpartsinthephysicaldocumentexchangeprocess,butsomesuchastheissueofanindefinitenumberofidenticalcopieswerenovelandalltheseissuesrequiredifferingsolutionsforaphysicalordigitalenvironment8.Thetelegraphwasremarkablesuccessfulduetoitscompellingcommercial,socialandmilitaryutility.AsDuBoffandYatesnoteintheirresearch:“By1851,onlysevenyearsaftertheinaugurationofthepioneerBaltimore-to-Washingtonline,theentireeasternhalfoftheUSuptotheMississippiRiverwasconnectedbyanetworkoftelegraphwiresthatmadevirtuallyinstantaneouscommunicationpossible.Bytheendofanotherdecade,thetelegraphhadreachedthewestcoast,aswell9,10“.ThereachofthetelegraphwentwellbeyondthebordersoftheUS,oreventheshoresofanyonecontinentby1851.ThatsameyearQueenVictoriasentpresident



BuchannanacongratulatorytelegramtomarkthesuccessfulcompletionoftheAnglo-Americantransatlanticcableproject11.Digitaldocumentsnowhadglobalscope,andthemoderneraofdocumentexchangeandmanagementhadtrulyarrived.TheUSCivilwarwouldbelargelyshapedbythetechnicalimpactofthetelegraphandrailroad.BoththeNorthandSouthruthlesslyexploitedadvancesintransportationandcommunicationduringtheconflict12.Centralizationofinformationmanagementandtheneedtoconfidentiality,integrity,andavailabilityallemergedasissues.Technicaltoolslikeencryptionrapidlybecamestandardapproachestomeetingtheseneeds13.Thepatternsoftechnicalutilizationduringthewarprovidedamodelforfuturecivilgovernmentandmilitaryuseofdigitalcommunicationsandfordigitaldocumenttransmission.Thegovernment’susepatternsthenbecamealessoninthepotentialforcommercialuseofthetechnology.VeteransofthewarwentontoutilizethetelegraphasanessentialtoolinpostwarAmerica’sbusinessclimate.RapidcommunicationandafasterpaceinbusinessbecamethenormastheUSscaledupitsindustryinthelate19thcentury.Trackingandmanagingdocumentsbecameanever-increasingchallengealongwithotheraspectsofmanagingthegrowingandgeographicallydiversebusinessenterprisesemerging.Bytheturnofthe20thcenturythetelegraphprovidedathrivingandvitalalternativetothephysicaltransmissionofmessagesanddocuments.Mostmessagesanddocumentstobesentbytelegraphwereeitherentereddirectlyasdigitalsignalssentoriginallybytelegraphy,ortranscribedbyahumanwhoreadandre-enteredthedatafromthedocument.However,allofthemodernelementsofdigitaldocumentcommunicationexistedandwereinsomeformofuse,includingthethenunder-utilizedfacsimileapparatus14.Asthe20thcenturyprogressestwomore19thcenturytechnologieswhichwouldcometohaveamajorimpactondocumentinterchangeandmanagementwouldcontinuetoevolveinparallelwiththetelegraph:mechanical/electroniccomputationandphotography.MechanicalcomputationtracingitsoriginfromBabbage’sAnalyticalEnginewouldcometobeindispensibleintabulatingandmanagingthedataneededtorunanincreasinglyglobaltechnicalandindustrialsociety15.Photographynotonlyprovidedanewandaccuraterecordofpeopleandevents,butwiththedevelopmentoffinegrainedfilmsinthe20thcentury,microfilmwouldcometobethechampionofhighdensitydocumentandhenceinformationstoragemedia.Despitesomequalitydrawbacks,thesheercapacityandover100-yearshelflifeofmicrofilmmadeitveryattractiveasadocumentstoragetool.Bythe1930’smicrofilmhadbecomethebulkdocumentstoragemediumofchoiceforpublicationsandlibrariesaswellasthefederalgovernment16.



TheexperiencewithearlyelectroniccomputersinWorldWarIIandfamiliaritywithmicrofilmmademergingthetwotechnologiesappearasanaturalnextsteptoforwardthinkers.In1945VannevarBush,thewartimeheadoftheOfficeofScientificResearchandDevelopment(OSRD)wouldproposetheMemex.Memexwasdesignedasanassociativeinformationmanagementdevicecombiningelectroniccomputer-likefunctionswithmicrofilmstorage,butwasnotfullydigitalnorwasitnetworked17.Inmanywaysthisprojectpointedthewaytomoderninformationmanagementtoolsthatwereintroducedinthe1960’sbutnotfullyrealizeduntiltheendofthe20thcentury.Bush,V.,&Think,A.W.M.(1945).TheAtlanticMonthly.As we may think,176(1),101-108.ThecommercialreleaseandrapidadoptionofmoderncomputersystemssuchasthegroundbreakingIBM360inthe1960’s,andseriesofmini-computersystemsinthe1970suchastheDECVAXgreatlyexpandedtheuseofdigitaldocumentsandcreatedthemodernconceptofasearchabledatabasefilledwithdatafromthesedocuments.Thedevelopmentofelectronicdocumentpublishingsystemsinthe1980’sallowedfora“feedbackloop”thatalloweddigitaldatatogobackintoprinteddocuments,generatinganeedtomanagethesenewdocumentswiththecomputersusedtogeneratethemfromthedataanduserinput.Thegrowthofbothelectronicdataexchangeanddocumentscanninginthe1990’s,tobegantoreplacemicrofilm.Manyenterprisesrealizedtheneedtoeliminatepaperandonlyworkwithelectronicversionsofcustomerdocuments.Thedriveformoreefficientandconvenientdeliveryofservicesaswellastheneedtoreducethecostofmanagingpaperrecordscontinuestodrivethedemandforelectronicdocumentmanagementtools.Bythe1990’slarge-scaledocumentmanagementanddocumentsearchsystemssuchasFileNetanditscompetitorsbegantoemergeintothecommercialmarket.Theemergenceoffullydigitaldocumentmanagementsystemsinwidespreadusebytheturnofthe21stcenturybringsthestoryofdocumentmanagementintothepresentday,whereweseeapredominanceofelectronicdocumentsystems,andanexpectationofquickanduniversalaccesstoboththedataanddocumentsasartifactsineveryaspectoflife,includingactivitiesthatareprivate,commercialandinteractionswiththegovernment.AsthedemandforlargeelectronicdocumentmanagementinfrastructuresthescaleofthesesystemsandrelatedITinfrastructurecontinuedtoexpand,placingsignificantcoststressontheenterprise.Therewasaboomintheconstructionofdatacenterstohousetheinfrastructure.Atthesametimethatthephysicaldatacentersforenterpriseswereexpanding,anewmodelofenterprisecomputingwasbeingdeveloped:CloudComputing.



The Cloud in Context – A New Way to Provide IT In1999Salesforcepopularizedtheideaofprovidingenterpriseapplicationsinfrastructureviaawebsite,andby2002AmazonstarteddeliveringcomputationandstoragetoenterprisesviatheAmazonWebServicesplatform.Google,MicrosoftandOracleaswellasahostofothermajorITplayersquicklyfollowedwiththeirownversionofcloudcomputingoptions.Thesenewcloudservicesofferedthespeedandconvenienceofwebbasedtechnologywiththefeaturesofalargedatacenter.Anenterprisecouldleaseandprovisioncloudresourceswithlittletimeandnoinvestmentinupfrontcostsforprocurementofsystemhardware.By2009optionsforcloudcomputingwereplentiful,buttherewasasyetlittlegenerallyacceptedevidenceaboutthereasonsfortheshiftoreventheriskandbenefits18.Whatmadecloudsystemsdifferentfromearliertimeshareapproachesanddatacenterleasingofphysicalspace?Whyweretheymorecompellingthanrentingorleasingequipment?Whileadetailedexaminationofalltheconceptsandconsiderationsleadingtotheemergenceofcloudcomputingisoutsidethescopeofthispaper,thereisabroadnarrativethatcanbesuggestedbasedonpriorhistoricalstudyoftechnologicalchangefromsteamtoelectricityandthentocentralizedgenerationssystems.Whiletheanalogiesmaynotallbeperfect,theycanbeusefultoolsincontextualizingthequestionof"whycloudcomputingnow?"Inthe19thcentury,thedevelopmentofpracticalsteampowerdrovearevolutionintechnicalchange.Thenatureofmechanicalsteampowerwassuchthatthesteamenginewasintrinsicallylocal,asmechanicalpowerishardtotransmitacrossdistance19.Whenelectricalgenerationfirstemergedattheendofthe19thcentury,thefirstelectricalapplicationstendedtoreproducethispattern.Longdistancedistributionofpowerwashardtoachieve,andsomanyfacilitiesusedgeneratorsforlocalpowerproduction20. The nature of electricity was quite different from mechanical power, and so breakthroughs in distribution were rapid. Innovators such as Tesla and Westinghouse quickly developed long distance transmission of electricity. This electrical power distribution breakthrough allowed the rapid emergence of very large centralized power stations; the most significant of these early centers was the Niagara hydroelectric station21. Today, most power is generated in large central stations. Power is transmitted via a complex national grid system. The distribution grid is an amalgam of local and regional grids22. However this was not the end of the demand for local generators. In fact more use of electricity lead to more demand for local generators, but for non-primary use cases such as emergency power, or for alternate use cases such as remote or temporary power supplies23, 24. The way local generation was used changed with the shift to the power grid in ways that can be seen to parallel to shift from local data centers to cloud based data center



operations. Wile it is true that early computers were more centralized since the mid 70's and the emergence of the mini-computer and then micro-computer that came to prominence in the 80's, a much more distributed pattern emerged. The mainframe and mini-computer became the nucleus of emerging local data centers in every enterprise. As Local Area Networks emerged they reinforced the role of the local data center as a hub for the enterprise. Most enterprises in the 1980’s and 90’s had some form of local data center, in a pattern not totally dissimilar to that of early electric generators. As the networks grew in scale and speed, they began to shift the patterns of local computing to emphasize connectivity and wider geographic area of service. When the commercial Internet emerged in the 1990's the stage was set for a radical change, in much the same way that the development of efficient electrical distribution across a grid changed the pattern of an earlier technical system. Connectivity became the driving necessity for en enterprise competing to reach its supply chain and customers by the new network tools. By the turn of the 21st century, firms like Google and Amazon were experimenting with what the came to consider a new type of computer, the Warehouse Scale Computer. By 2009 this was a documented practical new tool, as noted in Google’s landmark paper “The Datacenter as a Computer An Introduction to the Design of Warehouse-Scale Machines”, Luiz André Barroso and Urs Hölzle, Google Inc. 2009. This transition can be considered as similar to the move to centrally generated electrical power sent out via the grid. In a similar manner it will not erase local computer resources but will alter their purpose and use cases25. Aswasthecaseforthechangetomorecentralizedelectricalgeneration,bytheearly21stcenturytherewasconsiderablepressureonITmanagerstoconsidermovingfromlocaldatacenterstocloudbasedsystems.Forbothgeneralcomputingandfordocumentmanagementsystemsthispressuretendstocomefromtwobroadsourcecategories:Technical/ProcessdriversandCostdrivers.Technicaldriversincludethesavingsindeploymenttimeforserversandsystemsatallpointsinthesystemsdevelopmentlifecycle,andcostdriversarereflectedinthereducedoperationalcostsprovidedbycloudsystems26.

Cloud Transformation Drivers Technical and Process drivers also include considerations such as functional performance and flexible response to business requirements. The need to be responsive in short time frames as well as to provide the latest trends in functional support for the enterprise business users and customers favors the quick start up times of cloud based IT services. The wide scope of the business use case drivers goes beyond the scope of this paper, but is important to note.



CostdriversfavoringcloudbasedITservicesaremoreeasilyunderstoodinthecontextofdocumentmanagementasdiscussedinthispaper.MovingtocloudbasedserversandstoragefordocumentmanagementsystemsrepresentsanopportunitytoreducetheTotalCostofOwnership(TCO)oftheITsystems.Thesecostsincludenotonlythecosttoprocurethesystemcomponentsbutalsothecosttooperatetheminamanagedenvironment,controlledbytheenterprise.Evenitappearsthereisnocompellingfunctionalbenefittobeobtainedbytheuseofcloudbasedsystems,thecostfactorsalonearetypicallycompellingasadriverforthedecisiontomovedocumentmanagementsystemsmovefromlocalserversandstoragetothecloud.Asanexampleofthepotentialcostdrivers,AmazonandothervendorsofferanumberofTCOcomparisontoolsthatillustratethecaseforcostsavingsfromcloud-basedoperations.Whilethevendorsclearlyhaveavestedinterestinpromotionofcloudbasedoperations,thesetoolsprovideareasonablestartingpointforan“applestoapples”estimateofcostsforlocalCPUandstoragevs.cloudCPUandstorageoptions.ConsideringthatthenatureofdocumentsystemsisnotespeciallyCPUintense,butisverydemandingofstoragesubsystemsthiscostcomparisonisagoodstartingpoint,asittendstoreducethecomplexityofthepricingmodel.ForpurposesofcomparisonheretheAmazonTCOmodelwillbediscussedbelowtoexaminethestoragecostsimplicationsforasmall(1TB)documentstore.ThedefaultmodelfromAmazonstartswithanassumptionof1TBofdata,thatrequires“hot”storage(fastaccessforondemandapplicationsupport),fullplusincrementalbackupandgrowsby1TBpermonthinsize27.Thisisagoodfitforamodestdocumentstoragesystemandcanbeconsidereda“ballpark”baseline.TotalCostofOwnership.(2016).RetrievedJuly06,2016,fromhttp://www.backuparchive.awstcocalculator.com/Amazon’stoolestimatesthisstoragetocostabout$308,981peryearforlocalSANbackeduptotape.Thetoolestimatesthesamestorageusingthecloudoptioncostabout$37,233forayear.Thecostoflocalhotstoragealoneisestimatedat$129,300forand$29,035forAmazonS3storage.Basedontheauthor’spastexperienceinfederalITdocumentmanagementsystems,theselocalstoragecostsaregenerallywithinwhatcouldbeconsideredreasonablyrelevantandaccurateforaprivateorfederaldatacenterstorageTCOcostranges.Processingcostsestimatesforserversrequiredinthestoragesolutionarealsowithintherangeoftypicalmid-sizetolargedatacentercostsbasedonauthor’sexperienceoverthepast8yearswithfederalandprivatedatacenterprojects.Overall,theAmazontooldoesappeartoproduceestimatesoflocalcoststhatcanbeconsideredreasonablyviableforplanningpurposes.ThisroughandquickanalysisformtheAmazonTCOtoolgivesagoodimpressionofthelevelofcostsavingspossiblewithcloud-basedsystems.ItservesasanexampleofsomeoftheopportunitiespresentedtoITmanagersfacedwithaneedtocontrol



budgetsandprovidemoreservicesforlesscost.Thepotentialtoprovidethesameservicesforhalfto¼thenormalcostoflocalsystemsisveryinterestingtomostenterprisesasawhole.Whenaddedtothecloudbasedflexibilitytorapidlydeployandthefreedomtoscaleservicesupanddown,thesefactorshelpstoexplaintheincreasedpreferenceforcloudbasedITdeployment.Thispreferenceforcloudcomputingnowextendsbeyondtheprivatesectortogovernmententerprisesseekingthebenefitsofthenewcomputingmodelsofferedbycloudvendors.

The Federal Cloud & the Secure Cloud Emerge For the federal customer the transition to Warehouse Scale Computing and the public cloud can be dated to 2011 when the FedRAMP initiative was established. The FedRAMP program is based on policy guidance from President Barack Obama’s 2001 paper titled "International Strategy for Cyberspace” 28 as well as the "Cloud First" policy authored by US CIO Vivek Kundra 29and the “Security Authorization of Information Systems in Cloud Computing Environments “30 memo from Federal Chief Information Officer, Steven VanRoekel. Together these documents framed the proposed revamp of all federal Information Technology systems: In the introduction to his 2011 cloud security memo, VanRoekel provides some concise notes on the compelling reasons for the federal move to cloud computing: “Cloud computing offers a unique opportunity for the Federal Government to take advantage of cutting edge information technologies to dramatically reduce procurement and operating costs and greatly increase the efficiency and effectiveness of services provided to its citizens. Consistent with the President’s International Strategy for Cyberspace and Cloud First policy, the adoption and use of information systems operated by cloud service providers (cloud services) by the Federal Government depends on security, interoperability, portability, reliability, and resiliency. 30“ Collectively,thesethreedocumentsandtheactionstheysetinmotionhavetransformedthefederalcomputinglandscapesince2011andastheprivatesector’suseoflocalcomputinghasbegunarapidshifttotheclouddrivenbycompetitionandthebottomline,intheshortspaceof5yearstheentireparadigmforITinthefederalgovernmentoftheUShasshiftedradically.Itisnotunreasonabletoexpectthatby2020,cloudcomputingwillbethenorm,nottheexceptionforanyfederalITsystem.Thistransitionoffershugeopportunities,butbringsmassivechallengestoimplementsecureinfrastructureinapubliccloudcomputingspace.Functionally,theconversionfromphysicaltoelectronicdocumentshasanumberofengineeringrequirements,butaboveandbeyondthis,therearelegalandsecurityconsiderationsthatmakeanydocumentmanagementsystemmorecomplextoimpalementthanearlierdatabasesofdisparatefacts.Documentsasanentityaremorethanacollectionoffacts.Theyrepresentsocialandlegalrelationshipsand



agreements.Assuchtheauthenticity,integrity,longevityandconfidentialityofthedocumentasanartifactmatter.Thesecurityandprivacyimplicationsofthecontinuedexpansionofelectronicexchangeofdatainconsumerandcommercialfinancialtransactionswasincorporatedintotherules,regulationsandpolicyguidanceincludedintheGramm-Leach-BlileyActof199931.AgoodexampleofthewideswathofsensitivedatathatneedstobeprotectedinbothphysicalandelectronictransactionsisshownintheSensitiveData:YourMoneyANDYourLifewebpagethatispartoftheSafeComputingPamphletSeriesfromMIT.Asthepagenotes:“Sensitivedataencompassesawiderangeofinformationandcaninclude:yourethnicorracialorigin;politicalopinion;religiousorothersimilarbeliefs;memberships;physicalormentalhealthdetails;personallife;orcriminalorciviloffences.Theseexamplesofinformationareprotectedbyyourcivilrights.Sensitivedatacanalsoincludeinformationthatrelatestoyouasaconsumer,client,employee,patientorstudent;anditcanbeidentifyinginformationaswell:yourcontactinformation,identificationcardsandnumbers,birthdate,andparents’names.32“Sensitivedataalsoincludescoreidentitydataasidefromtheinformationaboutanyparticularevent,accountortransaction,personalpreferences,orselfidentifiedcategory.MostusefuldocumentssupportinginteractionsbetweenpeopleandbusinessorgovernmententerprisescontainPersonallyIdentifiableInformation(PII),whichisdefinedbytheGovernmentas:"...anyinformationaboutanindividualmaintainedbyanagency,includinganyinformationthatcanbeusedtodistinguishortraceanindividual’sidentity,suchasname,SocialSecuritynumber,dateandplaceofbirth,mother’smaidenname,biometricrecords,andanyotherpersonalinformationthatislinkedorlinkabletoanindividual.33,"Identitydataisaspecialandcriticalsubsetofsensitivedata,asidentitydataisrequiredtoundertakemostoftheothertransactions,andtointeractwithessentialfinancial,governmentorhealthcareservices.Assuchthisdatamustbeprotectedfromtheftoralterationtoprotectindividualsandsocietyaswellastoensuretheintegrityofotherdatainanydigitalsystem34.InordertoprotectthisPIIdatatheGovernmentthroughtheNationalInstituteofStandards(NIST)definesanumberofbestpracticesandsecuritycontrolsthatformthebasisforsoundmanagementofconfidentialinformation.35Thesecontrolsincludesuchconceptsas:

• Identification and Authentication-uniquelyidentifyingandauthenticatingusersbeforeaccessingPII



• Access Enforcement-implementingrole-basedaccesscontrolandconfiguringitsothateachusercanaccessonlythepiecesofdatanecessaryfortheuser‘srole.

• Remote Access Control-ensuringthatthecommunicationsforremoteaccessareencrypted.

• Event Auditing-monitoreventsthataffecttheconfidentialityofPII,suchasunauthorizedaccesstoPII.

• Protection of Information at Rest-encryptionofthestoredinformationstoragedisks.

Inadditiontotheseconsiderations,manyenterprisesalsoneedtohandledocumentsthatcontainbothPIIandmedicalrecordsordatafrommedicalrecords,orProtectedHeathInformation(PHI).Medicalrecordsbegantobestoredelectronicallyinthe1990’s.Bytheearlypartofthe21stcenturythisgrowthinelectronichealthrecordsresultedinanewsetoflegislationdesigntobothencouragetheswitchtoelectronichealthrecordsandtosetupguidelinesandpolicyformanagingandexchangingtheserecords.TheHealthInsurancePortabilityandAccount-abilityAct(HIPAA)of1996createsasetofguidelinesandregulationsforhowenterprisesmuchmanagePHI36.BuildingonHIPAA,theAmericanRecoveryandReinvestmentActof2009andtheHealthInformationTechnologyforEconomicandClinicalHealthAct(HITECH)of2009addedadditionalpolicyrestrictions,andsecurityrequirementsaswellaspenaltiesforfailuretocomplywiththerules37.TheseregulationsforPHIbothoverlapandaddtotheconsiderationsfordataanddocumentscontainingPII.TheHITEClawincreasedthenumberofcoveredorganizationsor“entities”fromthoseunderthecontroloftheHIPAAlegislations:“Previously,therulesonlyappliedto"coveredentities,"includingsuchhealthcareorganizationsashospitals,physiciangrouppracticesandhealthinsurers.Now,therulesapplytoanyorganizationthathasaccessto"protectedhealthinformation.38”HITECalsoaddedconsiderabledetailandclarificationaswellasnewcomplexityandevenmorestringentpenaltiesforlackofcomplianceordataexposureor“breaches”.UnderHITECabreachisdefinedas:"…theunauthorizedacquisition,access,useordisclosureofprotectedhealthinformationwhichcompromisesthesecurityorprivacyofsuchinformation,exceptwheretheunauthorizedpersontowhomsuchinformationisdisclosedwouldnotreasonablyhavebeenabletoretainsuchinformation.38"TheresultoftheconsiderationsneededtomanagedocumentsthatmightcontainSensitiveData,PIIorPHIoranycombinationoftheseelementsisthatanydocumentmanagementsystemimplementedinprivateorpublicdatacentersmust



implementawiderangeoftechnicalandproceduralstepstooperateinasecuremanner.Protectionofthesecurity,privacyandintegrityofthedocumentsanddatainthosedocumentsbecomesamajorpartofthechallengetodesigning,buildingandoperatinganyinformationsystem.Theseengineeringeffortsareessentialtobusinessoperationshowevertheyalsobecomepartofthecostforanysystem,andassuchcanbeaconsiderableburdenonthebudgetofanyenterprise.

Designing a Project to Demonstrate Using the Cloud Itiswithinthiscontextofprovidingasecuresystemleveragingcloud-basedbenefitsthatthepracticumprojectdescribedinthispaperwasdesigned.ThegoaloftheprojectwastodemonstrateaviableapproachtofollowingthepolicyguidanceasprovidedforfederalITsystems.Toachievethisgoal,thefirststepwastounderstandthecontextasoutlinedinthediscussionabove.Thenextstepwastodesignasystemthatfollowedsoundcybersecurityprinciplesandtherelevantpolicyguidance.Basedonthedemandforelectronicdocumentmanagementinbothprivateandgovernmententerprise,abasicdocumentmanagementsystemwasselectedasthebusinesscasefortheprototypetobedeveloped.Documentmanagementprovidesanopportunitytoimplementsomeserversidelogicfortheoperationoftheuserinterfaceandfortheselectionandmanagementofstoragesystems.Documentmanagementalsoprovidesadrivingproblemthatallowsforclearutilizationofstorageoptions,andthuscandemonstratethebenefitsofthecloudbasedstorageoptionsthatfeatureprominentlyintheconsiderationofcloudadvantagesofbothspeedofdeploymentandlowerTCO.Theseconsiderationswereincorporatedinthedecisiontoimplementadocumentmanagementsystemasthedemonstrationproject.Thescopeofthesystemwasalsoakeyconsideration.Giventhecompressedtimeframeandlimitedaccesstodeveloperresourcesthatareintrinsictoapracticumproject,thefunctionalscopeofthedocumentmanagementsystemwouldneedtobeconstrained.Asasolodeveloper,therangeoffeaturesthatcanbeimplementedwouldneedtobelimitedtothebasicfunctionsneededtoshowproofofconceptforthesystem.Inthiscase,thisweredeterminedtobe:

1. ThesystemwouldbeimplementedontheAmazonEC2publiccloudforthecomputetierofthedemonstration.

2. ThesystemwouldutilizeAmazonS3objectstorageasopposedtoblockstorage.

3. ThesystemwouldbeimplementedusingcommerciallyavailableAmazonprovidedsecurityfeaturesforensuringConfidentiality,IntegrityandAccessibility39.



Dimov,I.(2013,June20).GuidingPrinciplesinInformationSecurity-InfoSecResources.RetrievedJuly09,2016,fromhttp://resources.infosecinstitute.com/guiding-principles-in-information-security/

4. TheserversusedfortheprojectwouldallbeLinuxbased.5. Thesystemwouldfeatureabasicwebinterfacetoallowdemonstrationof

theabilitytostoredocuments.6. ThesystemwouldusePublicKeyInfrastructurecertificatesgenerated

commerciallytomeettheneedtosupportencryptionforbothwebandstoragecomponents.

7. ThewebcomponentsoftheprototypewoulduseHTTPtoenforcesecureconnectiontothecloudbasedserversandstorage.

8. Thesystemwouldutilizeacommercialwebserverinfrastructuresuitableforscalinguptofull-scaleoperationbutonlyasingleinstancewouldbeimplementedintheprototype.

9. Thewebcomponentswouldbeimplementedinalanguageandframeworkwellsuitedtolarge-scaleweboperationswiththeabilitytohandlelargeconcurrentloads.

10. Onlyasingledemonstrationcustomer/vendorwouldbeimplementedintheprototype.

11. ThegroupanduserstructurewouldbedevelopedandimplementedusingtheAmazonEC2consolefunctions.

12. Onlytheessentialadministrativeandusergroupswouldbepopulatedfortheprototype.

13. Theprototypewouldfeatureconfigurablesettingsforbothenvironmentandapplicationvaluessetbyenvironment,files,andAmazonsettingstools.Thecurrentprototypephasewouldnotintroduceadatabasesubsystemexpectedtobeusedtomanageconfigurationinafullyproductionreadyversionofthesystem.

14. DatafilesusedintheprototypewouldbeminimalversionsofXMLfilesanticipatedtobeusedinanoperationalsystem,butwouldonlycontainstructureandminimalIDdatanotfullpayloads.

Inthecaseofanarrowlyscopedprototypesuchasthisdemonstrationprojectitisequallycriticaltodeterminewhatfunctionisoutofscope.Forthissystemthislistincludedthefollowing:

• Thewebinterfacewouldbeleftinabasicstatetodemonstrateproofoffunctiononly.ElaborationandextensionoftheGUIwouldbeoutsidethescopeoftheworkforthisprototypeproject.

• Therewouldbenorestrictiononthedocumentstobeuploaded.Filteringvendoruploadwouldbeoutsidethescopeofworkforthisprototype.

• Testinguploadswithanti-virus/malwaretoolswouldbeoutsidethescopeofthisprototypeproject.



• Securitytestingorrestrictionoftheclientwouldbeoutsidethescopeofthisproject.TheURLtoaccesstheuploadfunctionwouldbeopenfortheprototypeandtheinfrastructureforusermanagementwouldnotbedevelopedintheprototype.

• Loadtestingandperformancetestingoftheprototypewouldbeoutsidethescopeofthisphaseoftheproject.

• NosearchcapacitywouldbeimplementedtoindexthedatastoredintheS3subsystemintheprototypeproject.

Proofofconceptwasthusdefinedas:

A) Theestablishmentofthecloudbasedinfrastructuretosecurelystoredocuments.

B) Theimplementationoftherequiredminimalwebandapplicationserverswiththecoderequiredtosupportuploadofdocuments.

C) Thesuccessfuluploadoftestdocumentstotheprototypesystemusingasecurewebservice.

Whilethescopeoftheprojectmayappearmodestandthenumberofrestrictionsforthephasetobeimplementedinthepracticumcourseperiodannumerous,thesescopelimitationsprovedvitaltocompletionoftheprojectintheanticipatedperiod.Thesubtlechallengestoimplementationofthisproofofconceptfeaturesetprovedmorethanadequatetooccupythetimeavailableandprovidedconsiderablescopeforlearningandvaluableinformationforfutureprojectsbasedoncloudcomputing,asdetailedinthesubsequentsectionsofthispaper.

Planning the Work and Implementing the Project Design Tomovetoimplementation,thenextphaseoftheSoftwareDevelopmentLifecycle(SDLC)therequirementsandscopelimitationslistedabovewereusedtodevelopabasicprojectplanfortheprojectconsistingoftwomainphases:A)Thetechnicalimplementationoftheinfrastructureandcodethroughtoproofofconcept.B)Thedocumentationoftheprojectworkandproductionofthisreport/paper.Theprojectmanagementofanyimplementationprocessforaprojectisacriticalsuccessfactorforanyenterprisenomatterhowlargeofsmall.ThisisverytrueforcloudcomputingprojectsastheyoftenrepresentasignificantdeparturefromexistingITsystemsandprocessedforanenterprise.Thiswasthecaseinthisprojectaswell.WhilenoformalGNATTorPERTchartwasdevelopedfortheprojectplan,astherewasnoneedtotransmittheplantomultipleteammembers,aninformalbreakdown



wasusedtoguidethetechnicalimplementationinanattempttokeepitonschedule:Week1: EstablishtherequiredAmazonEC2accountsandprovisionabasic

serverwithasecuremanagementaccountforremoteadministrationofthecloudsystems.

Week2: ProcuretherequiredPKIcertificatesandthenconfigurethecertificatesneededtosecureaccesstotheservers,andanyS3storageusedbythesystem.ConfiguretheS3Storage.

Week3: ObtainandinstalltherequiredcommercialwebserverandapplicationservertoworktogetherandutilizeasecureHTTPconfigurationforsystemaccess.Implementanylanguageframeworkneededforapplicationcodedevelopment.

Week4: Researchanddeveloptherequiredapplicationcodetodemonstratefileuploadandreachproofofconcept.Createanyrequireddatafilesfortesting.

Weeks5-8: Documenttheprojectandproducethefinalreport/paper.Inpracticethisproposed8weekschedulewouldslipbyabout4weeksduetoabout2weeksofextraworkcausedbythecomplexityandunexpectedissuesfoundinthesystemandcodedevelopmentimplementationandabout2weeksofdelaysinthewriteupcausedbytheauthor’srelocationtoanewaddress.ThesedelaysinschedulearenotatypicalofmanyITprojects.Theyservetoillustratetheimportanceofbothplanningandanticipationofpotentialunexpectedfactorswhenimplementingnewsystemsthatarenotwellunderstoodinadvancebytheteamsinvolved.AllowingslackinanyITschedule,andespeciallythosefornewsystemsiskeytoasuccessfuloutcomeasitallowsflexibilitytodealwithunexpectedaspectsofthenewsystem.TheveryfirsttaskstobeundertakenintheexecutionoftheprojectplanforthisprojectwastoestablishtherequiredAmazonElasticComputeCloud(AmazonEC2)accounts.EC2isthebasiccloudinfrastructureserviceprovidedbyAmazon.Thisserviceprovidesusermanagement,security,systemprovisioning,billingandreportingfeaturesforAmazon’scloudcomputingplatform.Itisthecentralpointforadministrationofanyhostedprojectsuchastheprototypeunderdiscussioninthispaper40.BecausetheauthorwasanexistingAmazoncustomerwithpriorEC2accounts,theexistingidentificationandbillingcredentialscouldbeusedforthisprojectaswell.BothidentityandbillingcredentialsarecriticalcomponentsforthisandanyothercloudbasedprojectonAmazonoranyothercloudvendor.Itisaxiomaticthattheidentityofatleastoneresponsibleparty,eitheranindividualorinstitution,mustbeknownforthecloudvendortoestablishsystemsandaccountsinitsinfrastructure.Thispartyactsasthe“anchor”foranyfuturesecuritychaintobeestablished.The



primaryaccountwillactastheultimatesystemownerandwillberesponsibleforthesystem’suseorabuseandforanycostsincurred.Belowisanexamplehomescreenfortheauthor’sprojectonEC2:

ResponsibilityforcostsistheotherkeyaspectoftheprimaryEC2account.Whilecloudcomputingmayoffercostsavingsbenefits,itisbynomeansafreeservice.EveryaspectoftheEC2systemismonetizedandtrackedingreatdetailtoensurecorrectandcompletebillingforanyfeaturesusedbyanaccountholder.Somebasisforbillingmustbeprovidedatthetimeanyaccountisestablished.InthecaseofthisprojectallexpensesfortheEC2featuresusedwouldbebilledbacktotheauthor’screditaccountpreviouslyestablishedwithAmazon.Inanycloudprojectitisvitalthateachteammembercommittingtoadditionalinfrastructurehavetheunderstandingthattherewillbeabillforeachfeatureused.Amazonandmostcloudvendorsofferanumberofplanningandbudgetingtoolsforprojectingthecostsoffeaturesbeforemakingacommitment.Thisishelpful,butisnotasubstituteforclearlycommunicatingandplanningforcostsinadvanceamongthedevelopmentteammembersandprojectowners,stakeholdersandmanagers.Inthecaseofthisproject,whiletheauthordidreferencethebudgetingtoolstonotecostsestimates,communicationanddecisionsweresimpleduetothesingularteamsize.Belowisanexampleofthebillingreportconsole:



Establishmentofthebasicaccountfortheprojectwas,asindicatedsimpleduetotheauthorhavinganexistingEC2account.Toprovisionaserver,itwasnecessarytodeterminetheconfigurationmostappropriatefortheproject’sneeds,andthendeterminetheAmazonAvailabilityZonewheretheservershouldbelocated.Theserverconfigurationwouldbedecidedbyestimatingtherequiredperformancecharacteristicsneededtohosttherequiredsoftwareandexecutetheapplicationfeaturesfortheanticipateduserload.Inthiscase,alltheseparameterswerescopedtobeminimalfortheprototypetobecreated,reducingthecapacityofvirtualserverrequired.Basedontheauthor’sexperiencewithLinuxserversasmallconfigurationwouldmeettheneedsoftheproject.UsingthedescriptivematerialsprovidedbyAmazondetailingtheserverperformance,amodestconfigurationofserverwasselectedtohosttheproject:

• t2.micro:1GiBofmemory,1vCPU,6CPUCredits/hour,EBS-only,32bitor64-bitplatform41

WhentheserverwasprovisionedRedHatwasselectedastheOS.OtherLinuxdistributionsandevenWindowsoperatingsystemswereavailablefromAmazonEC2.RedHatwasselectedinordertomaintainthemaximumcompatibilitytosystemsnowinusebythefederalsystemscurrentlyapprovedforuseinproductionsystemspertheauthor’spersonalexperience.UseofRedHatLinuxalsomakesgettingsupportanddocumentationofanyopensourcetoolsfromtheInterneteasierasthisisapopulardistributionforwebbasedsystems.BelowisareleasedescriptionfromthevirtualinstanceasconfiguredonEC2forthisproject:



Bydefaulttheserverwasprovisionedinthesamezoneastheauthor’spriorEC2instances,whichwasus-west-2(Oregon).AnAvailabilityZone(zone)istheAmazondatacenterusedtohosttheinstance.Availabilityzonesaredesignedtoofferisolationfromeachotherintheeventofservicedisruptioninanyonezone.EachzoneoperatestothepublishedServiceLevelAgreementprovidedbyAmazon42.UnderstandingtheconceptofzoneisolationandthekeyprovisionsoftheSLAprovidedbyacloudvendorareimportanttothesuccessofanycloudbasedproject.Highlydistributedapplicationsorthoseneededadvancedfaulttoleranceandloadbalancingmightchoosetohostinmultiplezones.ForthepurposedofthisprojectasinglezoneandtheSLAofferedbyAmazonwassufficientforsuccessfuloperation.However,thedefaultzoneallocationwasproblematicandwasthefirstunexpectedimplementationissue.AlmostallEC2featuresareofferedinthemainUSzones,butus-east-1(N.Virginia)doeshaveafewmoreoptionsavailablethanus-west-2(Oregon).Inordertoexploretheimplicationsandeffortneededtomigratebetweenzonesandensureaccesstoallpotentialfeatures,theauthordecidedtomigratetheprojectservertotheus-east-1zone.Migrationinvolvedabackupoftheconfiguredserver,whichappearedtobeprudentoperationalactivityanyway.Followingthebackup,thegeneralexpectationwasthattheinstancecouldberestoreddirectlyinthedesiredlocationandthentheoldinstancecouldberemoved.Ingeneralthisexpectationprovedtobesound,buttheexactstepswerenotsodirect.Someofthecomplexitywasstrictlyduetoneedingtoallowforreplicationtime.SomeofthecomplexityprovedtobeduetotheuseofaElasticIPaddressthatcreatesapublicIPaddressfortheserver.AnAWSElasticIPprovidedastaticpublicIPthatcanthenbeassociatedwithanyinstanceonEC2,allowingpublicDNSconfigurationtothenbere-mappedasneededtoanycollectionofEC2servers.TheauthorhadapriorElasticIPandexpectedto



justre-useitforthisproject,butasnotedintheAWSEC2documentation“AnElasticIPaddressisforuseinaspecificregiononly43”.Thiscreatedanissuewhentheinstancewasmigratedacrosszones.Oncetheproblemwasunderstood,thesolutionwastoreleasetheoldElasticIPandgenerateanewElasticIPthatcouldbemappedusingDNS.ThisnewElasticIPcouldbeassociatedwiththeserversnowrestoredtotheus-east-1(N.Virginia).Thisstepwounduptakingquiteabitoftimetodebugandfixinthefirstweek,andwastoleadtothenextunexpectedissueswithDNS.Noneofthisworkwassocomplexastoputtheprojectatrisk.ThisrequiredIPchangedoesillustratethefactthatunderstandingtheSLAandrestrictionsofeachcloudfeatureiscritical.SmallissueslikerequiringachangeofIPaddresscanhavebigimplicationsforotherworkinaproject.Decisionstoprovisionacrosszonesareeasyinthecloud,butcanhaveunintendedconsequences,suchasthisIPaddresschangeandthesubsequentworkinDNSthatgenerated.Alloftheseissuestakeresourcesandcosttimeinaprojectschedule.Anexistingdomain,Juggernit.com,alreadyregisteredtotheauthorwastheexpectedtargetdomain.SinceoneoftherequirementsfortheprojectwastogetaPublicKeyfortheprojectsite,itwasessentialtohaveapubliclyregisteredInternetdomaintouseforthePKI.OncethepublicIPwasre-establishedinthenewus-east-1zone,andconnectivitywasconfirmedbyaccessingtheinstanceusingSSL,thenextunexpectedtaskwasmovingtheDNSentriesfortheinstancefromthecurrentregistrar.ThiswouldalsoincludelearningtoconfiguretheAmazonElasticLoadBalancerandthenmapthedomaintoit.TheloadbalancerforwardsanyHTTPorHTTPStraffictotheHTTPSsecureinstance.TheHTTPSinstanceisthefinaltargetfortheproject.AmazonElasticLoadBalancingisaservicethatbothdistributesincomingapplicationtrafficacrossmultipleAmazonEC2instances,andallowsforcomplexforwardingtosupportforcingsecureaccesstoadomain.Inthisinstancewhiletheprojectwouldnothavemanyserversintheprototypephase,theuseofloadbalancingwouldreflectthe“tobe”stateofafinalproductioninstanceandallowsecureoperationsinevendevelopmentandpreliminaryphasesoftheprojectusedforthepracticumscope.Theloadbalancerconfigurationwouldrequireadomainrecordoftheform:juggerload1-123781548.us-east-1.elb.amazonaws.com(ARecord)AsnotedintheAmazonwebsite,youshouldnotactuallyusean“ARecord”inyourDNSforadomainunderloadbalancing:BecausethesetofIPaddressesassociatedwithaLoadBalancercanchangeovertime,youshouldnevercreatean"Arecord”withanyspecificIPaddress.IfyouwanttouseafriendlyDNSnameforyourloadbalancerinsteadofthenamegeneratedby



theElasticLoadBalancingservice,youshouldcreateaCNAMErecordfortheLoadBalancerDNSname,oruseAmazonRoute53tocreateahostedzone.Formoreinformation,seeUsingDomainNamesWithElasticLoadBalancing44.TheJuggernit.comdomainwasbeingmanagedbyNetworkSolutions.UnfortunatelytheGUIusedbyNetworkSolutionsdidnotallowfortheentryoftheCNAMErecordformatsneededfortheEC2.ThisrequiredmovingthedomainoutofthecontrolofNetworkSolutionsandintotheAmazonRoute53domainmanagementservice.TheRoute53servicehasavarietyofsophisticatedoptions,butmostcritically,itinteroperateswellwithotherAmazonEC2offeringsincludingtheloadbalancingfeatures45.Route53isagoodexampleofnotonlyanunexpectedissuethatmustbeovercometomigratetothecloud,buthowthenatureofthecloudplatformcreatesasmall“ecosystem”aroundthecloudvendor.Evenwhenstrivingformaximumstandardscomplianceandopenness,thenatureofthecloudplatformofferingssuchasloadbalancingtendtocreateinteroperationsissueswitholderInternetofferingslikethoseforDNSfromNetworkSolutions,whichdatefromtheoriginofthecommercialInternet.TheauthorhadusedNetworkSolutionsDNSsincethelate1990’s,butinthisinstancetherewasnoquickpathtoasolutionotherthanmigrationtotheAmazonRoute53offering.TheJuggernit.comdomainwouldneedtobelinkedtothepublicIPoftheinstance,andpragmaticallythiswasonlyachievableviaRoute53services.OncethesituationwasanalyzedafterconsultationwithbothNetworkSolutionsandAmazonsupport,thedecisiontomovetoRoute53wasmade.ThechangeswererelativelyquickandsimpleusingtheNetworkSolutionsandAmazonwebconsoles.WaitingfortheDNSchangestopropagateimposedsomeadditionaltime,butaswiththezonemigration,thedelaywasnotcriticaltotheprojectschedule.Withtheserver,publicIPaddressandDNSissuesresolvedPKIcertificategenerationcouldbeattempted.TheauthorwasrelativelyexperiencedingenerationanduseofPKIcredentials,butonceagainthecontinuedevolutionoftheInternetenvironmentandofcloudcomputingstandardswastoprovideunexpectedchallengestotheactualimplementationexperience.Therearemanyvendorsofferingcertificatessuitableforthispracticumproject,includingAmazon’sownnewPKIservice.TheauthorselectedNetworkSolutionsasaPKIprovider.UsinganothercommercialcertificatevendorofferedanopportunitytoexploretheinteroperationofAmazon’splatformwithotherpublicofferings.NetworkSolutionsalsohasalonghistorywiththecommercialInternetandhasawell-regardedifnotinexpensivecertificatebusiness46.ThecertificateswereissuedinapackageincludingboththetypicalrootcertificatemostInternetdevelopersareusedto,aswellasanumberofintermediate



certificatesthatwerelessfamiliartotheauthor.Inmostcasesinsideanenterprise,certificatesareissuedforenterpriseresourcesbytrustedsystemsandalltheintermediatecertificatesareofteninplacealready.ThiswasnotthecasefortheAmazonEC2infrastructureforthisproject.Inthisinstance,notonlywastherootcertificateneeded,butalsoalltheintermediatesmustbemanuallybundledintotheuploadedpackage47.Thiswasanewprocessfortheauthorandmanagementofintermediatecertificatesrepresentedanotherunexpectedtask.TheneedtoincludetheintermediatecertificatesintheuploadtoAmazonwasnotimmediatelyapparentanddebuggingthereasonwhyuploadingjusttherootcertificatedidnotwork(aswithpriorsystems)wasgoingtoinvolveamajorresearcheffortandmanyhoursofsupportdiagnosticswitheachvendorinvolved.Tomaketheissuemorecomplex,therewasdocumentationtheAmazonsupportteamfoundforsomecertificatevendorsandtherewasdocumentationforcloudservicevendorsfoundbyNetworkSolutionssupport,butneitherfirmhaddocumentsforworkingwithcertificatesorcloudservicesfromtheother–thiswastheonecasenotdocumentedanywhere.TheNetworksolutioncertificateswereissuedusinganewnamingformatthatdidnotfolloweithertheolderNetworkSolutionsdocumentationtoidentifytheproperchainingorder.Amazonwasalsonottotallysurewhatorderswouldconstituteaworkingpackage.Anumberofordershadtobetriedandtestedoneatatimeandthentheerrorsdiagnosedforcluesastothemorecorrectorderneededintheconcatenatecommand.Ontopofthis,theactualLinuxcommandtoconcatenateandhencechainthecertificateswasnotexactlycorrectwhenattempted.Thiswasduetothetextformatattheendoftheissuedcertificates.Manualeditingofthefileswasneededtofixtheinaccuratenumberofdelimitersleftintheresultingtextfile.ThefinalcommandneededfortheAmazonloadbalancerwasdeterminedtobe:amazon_cert_chain.crt;foriinDV_NetworkSolutionsDVServerCA2.crtDV_USERTrustRSACertificationAuthority.crtAddTrustExternalCARoot.crt;docat"$i">>amazon_cert_chain.crt;echo"">>amazon_cert_chain.crt;doneThisbackandforthdiagnosticworkforcertificatechainsrepresentedamajorunexpectedsourceofcomplexityandextrawork.Again,thisdidnotdisrupttheexecutionschedulebeyondarecoverablelimit.TheexperiencewithcertificatechainingwasavaluablelearningopportunityonthepragmaticuseofPKItools.TheauthorhassubsequentlycomeacrossanumberoffederalITworkersencounteringthesechallengesasmoreandmoresystemsstarttoincludecomponentsfromoutsidevendorsintheinternalenterpriseinfrastructure.Aftertheinstallationofthecertificates,thenextmajorconfigurationtasksweretheinstallationandconfigurationofthewebserverandtheapplicationserverplatformsontheEC2instance.Nginxisthewebserverusedontheproject,and



Node.JSandtheExpressframeworkisusedastheapplicationserver.Eachofthesesubsystemsprovidedfurtheropportunitiesforlearningastheywereinstalled.Nginxwasselectedtoprovideanopportunitytogainexperiencewiththisverypopularcommercialplatformaswellasduetoitsreputationforhighperformanceandexcellentabilitytoscaleandsupportveryhightrafficwebsites.NginxwasdesignedfromthestarttoaddresstheC10Kproblem(10,000concurrentconnections)usinganasynchronous,non-blocking,event-drivenconnection-handlingalgorithm48.ThisisverydifferentfromtheapproachtakenbyApacheormanyotheravailablewebservers.Intheauthor’sexperiencemanywebsitesthatstartoutwithmoretraditionalwebserverssuchasApache,experiencesignificantscaleissuesastheygrowduetohighvolumesofconcurrentusers.StartingwithNginxwasanattempttoavoidproblemthisbydesign,thoughinstallationandconfigurationofthewebserverwasmorecomplexTheopensourceversionofNginxwasusedfortheproject,asaconcessiontocostmanagement.Downloadingthecorrectcodedidprovetobesomewhatofanissue,asitwasnoteasytofindthecorrectrepositoriesforthecurrentpackageandthenitturnedouttheapplicationhadtobeupdatedbeforeitcouldfunction.Itwasalsocriticaltoverifythefirewallstatusoncethesystemwasprovidingconnections.TheAmazoninstallofRedHatLinuxturnsouttodisablethedefaultfirewallsandinsteadusetheAmazonbuiltinfirewallsforthesite.ThisactuallyprovidesaveryfeaturerichGUIfirewallconfigurationbutisanothernon-standardoperationsdetailforthosefamiliarwithtypicalRedHatstand-aloneserveroperations.Thefirewallwasanotherimplementationdetailthatcouldnoteasilybeanticipated.AfterthefirewallwassortedoutthereremainedconsiderableresearchtodeterminehowtoconfiguretheNginxwebservertoutilizeHTTPSbasedonthecertificatesforthedomain.Againtheissueturnedouttobeduetothechainingrequirementsforthecertificate.Inthiscase,Nginxneededaseparateanddifferentconcatenatedpackageinthisformat:catWWW.JUGGERNIT.COM.crtAddTrustExternalCARoot.crtDV_NetworkSolutionsDVServerCA2.crtDV_USERTrustRSACertificationAuthority.crt>>cert_chain.crtAfterdeterminingthecorrectconcatenationformatneededforNginxandmakingtheappropriateuploadsofconcatenatedfiles,HTTPSserviceswereavailableendtoend.However,Nginxdoesnotprovidedynamicwebservices.ToservedynamiccontentitwouldbenecessarytoinstallandconfiguretheNode.JSWebApplicationServerandtheExpressframework.Node.JS(Node)isanopensourceserver-basedimplementationoftheJavaScriptlanguageoriginallydevelopedbyRyanDahlin2009usingbothoriginalcodeand



materialfromtheGoogleV8JavaScriptengine.Mostsignificantly,Nodeisevent-driven,andusesanon-blockingI/Omodel.ThismakesNodebothveryfastandveryeasytoscale.NodeisextremelywellsuitedtosituationsliketheC10Kproblem,andwebsitesthatscalequicklyandefficiently.BeingbasedonJavaScript,NodeisObjectorientedandoffersahugeopensourcesupportbaseofmodulesandlibraries,accessedusingtheNodePackageManager(NPM).ExpressisaminimalandflexibleNode.jswebapplicationframeworkbasedonmanyoftheideasaboutwebsitedesignanddevelopmenttakenfromtheRubyofRailsframeworkproject.ExpressoffersasetofstandardlibrariesandallowsuserstomixinmanyotherNPMtooltocreatewebsitesbaseontheoriginalRubyonRailsprincipleof“conventionoverconfiguration”byprovidingacommonstructureforwebapps49.InstallationofNodeontheserverwasdoneusingthestandardRedHatPackageManagertools.OnceNodeisinstalled,theNodePackageManager(NPM)systemcanbeusedtobootstraploadanyotherpackagessuchastheExpressframework.Inaproductionsystemitisexpectedthatthewebserverandtheapplicationserverwouldbehostedonseparatehardwareinstances,butsincethepracticumwastobesubjecttoonlyasmallload,bothservescanrunonthesameinstanceofLinuxwithlittleimpact.WhileNodecomeswithitsowndynamicwebservertorespondtorequestfordynamicwebcontent,itisnotwellsuitedtoheavy-dutyservingonthefontend.Nginxisdesignforthetaskofrespondingtohighvolumesofinitialuserinquiries.Thecombinationofahighperformancewebserver(Nginx)andsomenumber(N)applicationserverinstances(suchasNode)isawidelyacceptedpatternthatsupportslargescalewebsystems.Implementationofthisdesignpatternwasagoaloftheprototype,topre-testintegrationalltheconstituentcomponentsevenpriortoanyloadtestingofthesystem.DeploymentandconfigurationofNginxandNodetothesingleLinuxserverfulfillsthisrequirementandprovidesaworkingmodelthatcanbeexpandedtomultipleserversasneededinthefuture.Inordertosmoothlytransferwebbrowserrequestfromuserstotheapplicationserverdomain,thewebservermustactasareverseproxyfortheapplicationserver.ToaccomplishthiswithNginxrequirestheadditionofdirectivestotheNginxconfigurationfileinsidethe“server”sectionoftheconfigurationfile.Thesecommandswillinstructthewebservertoforwardwebtraffic(HTTPS)requestfordynamicpagestargetedattheDNSdomainfromNginxtoNode.JS.ThisisarelativelystandardforwardingforNginxandonlyrequiresasmallamountofresearchtoverifythecorrectserverconfigurationdirectiveasshowninthisexamplefromtheNginxdocumentation:server{ #here is the code to redirect to node on 3000



location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_pass "http://127.0.0.1:3000"; }}NotethatthisisjustanexampleforuseonLocalHostwithaNode.JSenginerunningonport3000(anyportwillsuffice).ThecriticalissueistoconfigureNginxtoactasareverseproxytotheNode.JSengine.NginxwillthensendtraffictotheconfiguredportfortheNode.JSapplicationinstance.Node.JSandExpressthenuseaRESTFULapproachtoroutingtotheapplicationlogicbasedonparsingtheURL.ThereverseproxyconfigurationwillensurethatwhentrafficcomesintotheNginxserverwiththeformat“HTTPS://Juggernit.com/someurl”itwillbehandledbytheappropriatelogicsectionoftheNode.JSapplicationsasconfiguredintheExpressframework.TheExpresslistenerwillcatchthetrafficonport3000andusetheroutehandlercodeinexpresstoparsetheURLaftertheslashandensurethattheproperlogicforthatrouteislaunchedtoprovidetheservicerequested.ThisisawellestablishedRESTFULwebdesignpattern,firstwidelypopularizedinRubyonRailsandadoptedbyanumberofwebframeworksforlanguagessuchasJava,NodeorPython,etc.ImplementingthispatternrequiresthatbothNginxandNodebeinstalledontheservertobeusedasapre-requisite.Inaddition,theExpressframeworkforwebapplicationsusedbyNodemustalsobeloadedtoallowatleastabasictestoftheforwardingprocess.Allofthiscodeisavailableasopensource,soaccesstotheneededcomponentswasnotablockerfortheproject.EachofthesecomponentswasfirstloadedontotheAuthor’slocalUnixsystem(aMacbookProusingOSX).ThisallowedforindependentandintegrationtestingoftheNginxwebserver,theNodeapplicationserverandtheExpresswebframework.Byalteringtheconfigurationfileandaddingtheappropriatedirectivesasnotedabove,thereverseproxyconfigurationandfunctioncouldbetestedlocallyaswellagainstthelocalhostIPaddress.AftervalidationoftheconfigurationrequirementslocallyontheAuthor’sdevelopmentstation,thewebserverandapplicationserverneededtobothbeinstalledonthecloudserver.Asnotedabove,NginxwasactuallyloadedonthecloudserverearliertoallowforconfigurationofthedomainandHTTPSsecureaccesstothesite.ThisleftonlytheinstallationoftheNodeandExpressapplicationservercomponents.Whileconceptuallyeasy,inpracticeloadingNodealsoprovedtoprovideunexpectedchallenges.The7.xRedHatversionofLinuxinstalledonthecloudserversupportsNodeintheRPMpackagemanagersystem.HowevertheavailableRPMversionwasonlya0.10.xxversion.ThecurrentversionofNodeis



4.4.x.ThestabledevelopmentversioninstalledontheAuthor’slocalsystemwas4.4.5(providedfromtheNodewebsite).TherearesubstantialsyntaxandfunctiondifferencesbetweentheearlierversionofNodeandthecurrentversion.ThisrequiredthattheNodeinstallonthecloudserverbeupdated,andthatprovedtorequirehelpfromtheAmazonsupportteam,asfollowingthedefaultupgradeinstructionsdidnotwork.Again,thedelaywasnotlarge,butcostacoupledaysbetweentesting,explorationofoptions,andfinalcorrectionoftheblockingissues.Thefinalinstallofacurrent4.4.xversionofNoderequiredacompleteuninstallofthedefaultversion,asupgradingresultedinlockedRPMpackages.AftercleaninguptheoldinstallandloadingthenewNodeversion,thecloudserverwasconformedtotherequiredNodeversion.TheExpressframeworkwasloadedontheserverviathestandardcommandlineNodePackageManager(NPM)tool.Asimple“HelloWorld”testwebapplicationwascreatedinExpress/NodeandagainthefunctionofboththeNginxandNodeserverswasvalidated.ToaccomplishtheverificationofwebandapplicationserverfunctionanAmazonfirewallchangewasrequiredtoallowNodetoresponddirectlytotrafficpointedattheIPaddressoftheserverandtheportnumber(3000)oftheNodeserverwasneeded.ThisfirewallruleadditionallowedtestingofHTTPStraffictargetedatthedomainname,whichwasservedbyNginx.HTTPtrafficdirectedtotheIPaddressandport3000couldthenbetestedatthesametime,asthistrafficwasservedbythetestNode/Expressapplication.Tocompletetheintegration,thenextstepwastoreconfiguretheNginxservertoactasareverseproxy.TheNginxconfigurationfilewasbackedup,andthenthereverseproxydirectivesasshownabovewereaddedtotheNginxconfigurationfile,andNginxwasreloadedtoreflectthechanges.Atthispoint,NginxnolongerprovideditsdefaultstaticwebpagetorequestsenttoHTTPS://Juggernit.com.Instead,NginxforwardedtheHTTPStraffictotheNodeapplicationserver,stillunderthesecureconnection,andNoderespondedwiththedefault“HelloWorld”pageasconfiguredintheExpresstestapplication.ThisstaterepresentedacompleteintegrationofNginxandNodefortheproject.TheserverwasbackedupandthenextstageofworktoimplementtheuploadlogictostoredataontheAmazonS3objectstorecouldcontinue.Thetwomajortasksrequiredtofinishthesiteconfigurationandfunctionalcompletionoftheprototypeprojectwere:

• EstablishmentofanAmazonS3storagearea(knowasa“bucket”onAmazon)

• CodingserverandclientlogictoaccesstheS3storageviaHTTPS



ThefirstofthesetaskscouldbeaccomplisheddirectlyviatheAmazonEC2managementconsole.FortheprototypetherewasnorequirementforacustomwebinterfacetocreateS3storage,andnorequirementforanyautomaticstorageassignmentormanagement.Inafullyrealizedproductionapplicationitispossiblethatapplicationbasedmanagementofstoragemightbedesirable,butthisisasystemfeaturerequirementhighlysubjecttoenterprisepolicyandbusinesscaseneeds.However,evenwhenusingtheAmazoninterfacetomanageS3storageasinthisproject,therewasstillaneedtoconsidertheuserandgroupstructureinordertomanageaccesssecuritytotheS3storage.Asdiscussedearlierinthepaper,adefaultEC2accountassumesthattheownerisgrantedallaccesstoallresourcesconfiguredbythatownerintheAmazoncloudinfrastructure.Forthisreason,itisimportanttocreateseparateadministrativeaccountsforresourcesthatrequirefinergrainedaccessandmightalsorequireaccessrestrictions.Inafullyrealizedwebapplicationhostedonlocalservers,thisuserandgroupmanagementisoftendoneattheapplicationlevel.ForthisprototypetheseconsiderationsweretobemanagedbytheAmazonEC2interface.PriortosettingupastorageareaontheS3objectstorage,theadministratorgroupnamed“admins”wascreated,withfullpermissionstomanagethesiteresources.Anothergroupcalled“partners”withaccesstotheS3storage,butnotothersiteresourcesformanagementofserverswascreated.Ausernamed“testone”wasthencreatedandaddedtothe“partners”group.TheAuthorusedtheprimaryAmazonidentitytobuildandmanagethesite,buttheadministrativegroupwasconstructedsothatanyfuturewebbasedmanagementfunctionscouldbeseparatedfromuser-orientedfunctionsoftheprototypewebapplication.Withtheusersandgroupsestablished,theS3storagecalled“ctprojectbucketone”wascreatedusingthestandardAmazonGUI.Belowisascreenshotshowingthisbucket:



Tomanageaccessrights,theS3storagewasthenassignedaCross-OriginResourceSharing(CORS)accesspolicythatallowedGET,POSTandPUTpermissionstotheS3storage.Asshownbelow:

The“partner”groupwasassignedaccesstothisstoragebyprovidingthemwiththeresourcekeys.WiththecreationoftheS3ObjectStorage“bucket”,theremainingtasktoreachfunctionalproofofconceptfortheprototypeprojectwastoconstructtheJavaScriptapplicationcodetoaccesstheS3storagebucketsecurelyfromtheInternet.Tocreatethelogicforbucketaccesstherewereanumberofpre-requisitestepsnotemphasizedsofar.ThemostsignificantofthesestepswastodevelopatleastabasicfamiliaritywithNode.JSandJavaScript.WhiletheauthorpossessomenumberofyearsofexperiencewithusingJavaScriptinacasualmannerforotherwebapplications,sitedevelopmentinJavaScriptwasaverydifferentproposition.Nodealsohasitsown“ecosystem”oftoolsandlibraries,muchlikeanyemergingopensourceproject.Someunderstandingofthesewasalsoessentialtosucceedincreatingthecoderequiredtoachieveaproofofconceptfunctionfortheprototypesite.AsastartingpointthemainNodesite,https://nodejs.org/en/,providedanessentialreference.Inadditiontheauthorreferencedtwoveryusefultextbooks:

• Kiessling,Manuel."Thenodebeginnerbook."Available at [last accessed: 18 March 2013]: http://www. nodebeginner. org(2011).

• Kiessling,Manuel.“TheNodeCraftsmanBook.“.Available at [last accessed: 25 October 2015]: https://leanpub.com/nodecraftsman)(2015).

TheseprovedtobeessentialinprovidingbothbackgroundonNode,andsomeguidanceontheuseoftheExpressapplicationframework.InadditionanumberofothersmallNodelibrarypackageswerekeytocreatingtherequiredcode,specifically:



• NodePackageManager(NPM)–aNodetoolforgettingandmanagingNode

packages(library’soffunction).https://www.npmjs.com• EXPRESS-aNodelibraryprovidinganapplicationframeworkforRESTFUL

webapplicationsbasedontheconceptsfromRubyonRails.https://expressjs.com

• Dotenv–aNodelibrarytoallowloadingenvironmentvariablesfromaconfigurationfilewiththeextension.env.ThiswasusedtoallowpassingcriticalvaluessuchassecuritykeysforS3storageinasecuremannerfromtheservertoaclient.https://www.npmjs.com/package/dotenv

• EJS–aNodelibrarythatallowsembeddedJavaScriptinanHTMLfile.ThiswasusedtoaddtherequiredlogictocommunicatetotheservercomponentsoftheapplicationandthenaccesstheS3bucketfromtheclientpageusingvaluessecurelypassedoverHTTPS.https://www.npmjs.com/package/ejs

• AWS-SDK–aNodelibraryprovidedbyAmazontosupportbasicfunctionsfortheS3storageservicetobeaccessedbyNodecode.https://www.npmjs.com/package/aws-sdk

AsanewcomertoNode,themostcriticalproblemincreationofthiscodefortheAuthorwasalackofstandardexamplestoS3accessusingacommonapproachatasufficientlysimplelevelofclearexplanation.ThereareactuallyatleastdozensofsampleapproachestointegrationofS3storageinNodeprojects,butalmostalluseveryidiosyncraticsetsofdifferinglibrariesordon’taddresssomecriticalbutbasicaspectoftheprototypesuchassecureaccess.TherearealsoanumberofverysophisticatedandcompleteexamplesthatarealmostincompressibletotheNodenovice.Thisinabilitytofindaclearandfunctionalpatterntolearnfromwasamajordelayofoveraweekandahalfincompletionofthefinalstepsoftheprototype.Afterconsiderablereading,coding,andsearchingforreferencemodels,theAuthorfinallycameacrossatutorialfromDr.WillWebberlyoftheCardiffUniversitySchoolofComputerScience&Informatics.Theauthorread,studiedandanalyzedtheexampleprovided.ThenextstepwastocreateseveraltestprogramstoadapttheapproachusedbyDr.WebberlyintheHerokucloudinstancehedocumentedtoalocalNodeExpressproject50.AftersometrialanderrorandsomecorrespondencewithDr.Webberlyviaemail,aworkingsetofcodeemerged.ThefinalproofofconceptfunctionwasaminimalwebapplicationbasedonthepatterusedbyDr.WebberlyandrunninginacloudbasedserverasanExpressapplicationusinglocalvariablesontheAmazonEC2server.TheservercodeprovidesarestfulserviceoverHTTPStoallowaclientwebpageexecutingontheremotePCordevicetouploadtotheS3storageusingHTPS.Belowisascreenshotofsomeoftheserversidecode:



Theuploadpagelogicisprovidedbytheprojectwebsite,asisthebackendserverlogic.Sincetheclientpageisrunningonaremotedevice,theentiretransferisdoneusingclientresources.Theprototypeprojectsiteprovidesonlycontextandsecuritydata,butisnotusedtomanagetheupload.Thisfreesserversideresourcesfromtheworkofthetransferandthuscreatesahigherperformancedistributedsystem.TheexchangeoflogicandcredentialsisalldoneovertheHTTPSprotocolwiththeclient,asisthesubsequentfileupload.ThisprovidesasecuremethodofaccesstothecloudbasedS3storage.ClientsidedatafromthepartnerisencryptedintransferandnootherpartiesbesidesthepartnerandtheprototypeprojectoperationsteamshaveaccesstotheS3bucket.Forpurposesoftheprototypeonlyoneclientidentityandonebucketwereproduced.Inafullyrealizedsystem,therecouldbeuniquebucketsforeachclient,subjecttothesecurityandbusinessrulesrequiredbytheusecaseofthesystem.AfterestablishingthattheNodelogicwasinfactworkingandsuccessfullyuploadedfilestotheS3storage,asmallsetofsamplehealthrecordsbasedontheVeteransAdministrationDisabilityBenefitsQuestionnaires(DBQs)51wereconstructed.Belowisasampleofoneofthesefiles:



ThesesimulatedDBQrecordswerethenuploadedasatest,andverifiedascorrectusingtheAmazonS3GUItoaccessthedocumentsforverification.PDFformatwasusedforthetestfilestomakethemdirectlyreadableviastandardviewingtools.HereisascreenshotoftheuploadedtestfilesintheAmazonS3bucket:

Thistestrepresentsuploadingthesortofsensitiveandconfidentialdataexpectedtobecollectedandmanagedinanyfinishedsystembasedontheprototypeproject.Whilebasicinitsfunctioncreationanduploadofthesedocumentsprovidedthefinalstepsintheimplementationofthisphaseoftheprototypeproject.BelowisascreenshotshowingtheselectionofaDBQforuploadusingtheclientsidewebpage:



Storingthesefilesrepresentsthecompletionofthemajordesigngoalsoftheprojectandthecompletionoftheimplementationphase,andtheprototypeprojectitself.

Findings, Conclusions and Next Steps Whileachievingthesuccessfulsecureuploadofthetestdocumentstotheprototypemeetstheobjectivessetoutforthisproject,itrepresentsonlythefirstmilestoneinextendingthesystemtoamorefullfeaturedplatform,andexplorationofadditionaltopicsofinterestinthisarea.Thearchitectureimplementedoffersagoodexampleofthelatestnon-blocking,asynchronousapproachtoservingwebcontent.ThesedesignsexploitCPUresourcesinverydifferentwaysthantraditionalcodeandwebframeworks,andthereisampleroomforscaleandloadtestingtomeasuretheactualcapacityofthesesystemstoperformon64butarchitectures.TheasynchronousanddistributedclientcontrolledapproachtostorageaccessalsoprovidesanopportunitytotestthecapacityoftheS3interfacetosupportconcurrentaccess.TheResultsshouldprovidetuningdirectionaboutthenumberandpartitionrulesfortheS3storage.Alargerscalesimulationwithmanymorevirtualclientswouldbeanaturalapproachtomeasuringthecapacityofthisusepattern.Thewebsitefunctionsalsoofferanopportunitytoexpandthefunctionalityofthesystemanddemonstratemoreadvancefinegrainaccesscontrolssupportedbytheuserandgroupmodel.Ataminimumadatabaseofadministratorsandpartnerscanbecreatedtobothlockthesitedownfromcasualaccess,andtoexploretheminimallevelsofaccessneededtostillmeetallfunctionalneeds.Drivingeachroletoheabsolutelowestlevelofprivilegewilllikelyrequiretrialanderror,butshouldbeabenefitinassuringthesitehasaminimalprofiletoanypotentialattackers.



Inadditiontotheseoperationsorientedfutureareasofresearch,oncealargerdatasetissimulatedtheabilityoftheS3storagetosupportsearchindexingontheXMLdataisarichareaofexploration.Thereisemergingfederalguidanceonthebestpracticeformeta-datataggingofPIIandPHIdata,andthisprototypewouldallowforaneasywaytocreateversionsofS3bucketswithavarietyofmeta-datapatternsandthendeterminethemostefficientsearchandindexoptionsforeachwithahighervolumeofsimulateddata.Anexpandedprototypecouldactasatestplatformforfutureproductionsystems,revealingbothphysicalandlogicalperformancemetrics.Eachofthesefutureoptionsprovidesscopetoexpandtheproject,butthebasicimplementationalsoprovidessomeimportantbenefits:

• TheimplementationofthesystemshowsthatitispragmatictostoresensitivedataonapubliccloudbasedsystemusingPKIinfrastructuretoprotectthedatafrombothexternalincloudvendoraccess.

• ThedesignoftheprototypeshowsthatmodestcloudresourcescaninfactbeusedtohostasitewiththecapacitytoprovidedistributedworkloadusingHTTPStosecurethedatastreamsandleverageclientresourcestosupportdataupload,notjustcentralservercapacity.

• TheprototypeshowsthatitisrelativelyeasytouseObjectStoragetoacquiresemi-structureddatasuchasXML.ThisvalidatesuseofanObjectStoreasaformofdocumentmanagementtoolbeyondblockstorage.

• Theestablishmentoftheprojectinonlyafewweekswithlimitedstaffhouseshowsthecostandspeedadvantagesofthecloudasopposedtolocalphysicalservers.

• Theexperiencewithboththecloudandnewwebserversandlanguagesdemonstratestheimportanceofflexibleschedulingandallowingfortheunexpected.Evenonprojectsthatleveragemanyofftheshelfcomponentsunexpectedchallengesoftenshowupandconsumetimeandresources.

Theprototypeproducedasaresultofthisprojectdoesmeettheguidanceforbuildingsecureprojectsonapublicinfrastructure.ItallowsPIIandPHIdatatobetransferredtoanenterpriseviasecurewebservices,anddemonstratesanapproachthatcansatisfymanyenterprisesandtheguidelinesforHIPAAandHiTechdatahandling.Thearchitectureuseddemonstrateshowascalablewebservicemodelcanbeimplementedusingacloudinfrastructurebyasmallteaminalimitedtime.Themodeldoesonlyprovideabasicproofofconceptbutofferseasyopportunitiestoexpandtoexploreanumberofadditionalquestions.Assuchtheresultingsitecanbeconsideredasuccessatmeetingsitdesigngoals,andtheinformationgeneratedinthesitedevelopmentcanbeemployedbyboththeAuthorandothersforfutureworkincloudcomputingimplementationforsecuredigitaldocumentstorage.



References

1. Oppenheim,A.L.(Ed.).(1967).LettersfromMesopotamia:Officialbusiness,andprivatelettersonclaytabletsfromtwomillennia.UniversityofChicagoPress.Page1-10

2. Fang,I.(2014).AlphabettoInternet:MediainOurLives.Routledge.Page

90-91

3. Noam,E.M.(1992).TelecommunicationsinEurope(pp.363-368).NewYork:OxfordUniversityPress.Page15-17

4. Moroney,R.L.(1983).HistoryoftheUSPostalService,1775-1982(Vol.100).

TheService.

5. John,R.R.(2009).Spreadingthenews:TheAmericanpostalsystemfromFranklintoMorse.HarvardUniversityPress.Page1-25

6. Johnson,P.(2013).Thebirthofthemodern:worldsociety1815-1830.

HachetteUK.

7. Currie,R.(2013,May29).HistoryWired:Afewofourfavoritethings.RetrievedMay15,2016,fromhttp://historywired.si.edu/detail.cfm?ID=324

8. Standage,T.(1998).TheVictorianInternet:Theremarkablestoryofthe

telegraphandthenineteenthcentury'sonlinepioneers.London:Weidenfeld&Nicolson.

9. Yates,J.(1986).Thetelegraph'seffectonnineteenthcenturymarketsand

firms.BusinessandEconomicHistory,149-163.

10. DuBoff,R.B.(1980).BusinessDemandandtheDevelopmentoftheTelegraphintheUnitedStates,1844–1860.BusinessHistoryReview,54(04),459-479.

11. Gordon,J.S.(2002).Athreadacrosstheocean:theheroicstoryofthe

transatlanticcable.BloomsburyPublishingUSA.

12. Ross,C.D.(2000).Trialbyfire:science,technologyandtheCivilWar.WhiteManePub.

13. Bates,D.H.(1995).Lincolninthetelegraphoffice:recollectionsoftheUnited

StatesMilitaryTelegraphCorpsduringtheCivilWar.UofNebraskaPress.



14. Coopersmith,J.(2015).Faxed:TheRiseandFalloftheFaxMachine.JHUPress.

15. Cortada,J.W.(2000).Beforethecomputer:IBM,NCR,Burroughs,and

RemingtonRandandtheindustrytheycreated,1865-1956.PrincetonUniversityPress.

16. Smith,E.(2016,June14).TheStrangeHistoryofMicrofilm,WhichWillBe

WithUsforCenturies.RetrievedJune22,2016,fromhttp://www.atlasobscura.com/articles/the-strange-history-of-microfilm-which-will-be-with-us-for-centuries

17. Bush,V.,&Think,A.W.M.(1945).TheAtlanticMonthly.Aswemaythink,

176(1),101-108.

18. Mohamed,A.(2015,November).Ahistoryofcloudcomputing.RetrievedJuly07,2016,fromhttp://www.computerweekly.com/feature/A-history-of-cloud-computing

19. ElectricLightandPowerSystem-TheEdisonPapers.(n.d.).RetrievedJuly13,

2016,fromhttp://edison.rutgers.edu/power.htm

20. Thediscoveryofelecticity-CitiPowerandPowercor.(n.d.).RetrievedJuly13,2016,fromhttps://www.powercor.com.au/media/1251/fact-sheet-electricity-in-early-victoria-and-through-the-years.pdf

21. PoweringAGeneration:PowerHistory#1.(n.d.).RetrievedJuly13,2016,

fromhttp://americanhistory.si.edu/powering/past/prehist.htm

22. Electricity-SwitchEnergyProjectDocumentaryFilmand...(n.d.).RetrievedJuly13,2016,fromhttp://www.switchenergyproject.com/education/CurriculaPDFs/SwitchCurricula-Secondary-Electricity/SwitchCurricula-Secondary-ElectricityFactsheet.pdf

23. Tita,B.(2012,November6).ASalesSurgeforGeneratorMaker-WSJ.

RetrievedJuly13,2016,fromhttp://www.wsj.com/articles/SB10001424127887324894104578103334072599870

24. ResidentialGenerators,3rdEdition-U.S.MarketandWorldData.(n.d.).

RetrievedJuly13,2016,fromhttps://www.giiresearch.com/report/sbi227838-residential-generators-3rd-edition-us-market-world.html



25. Barroso,L.A.,Clidaras,J.,&Hölzle,U.(2013).Thedatacenterasacomputer:Anintroductiontothedesignofwarehouse-scalemachines.Synthesislecturesoncomputerarchitecture,8(3),1-154.

26. West,B.C.(2014).FactorsThatInfluenceApplicationMigrationToCloud

ComputingInGovernmentOrganizations:AConjointApproach.

27. TotalCostofOwnership.(2016).RetrievedJuly06,2016,fromhttp://www.backuparchive.awstcocalculator.com/

28. UnitedStates.WhiteHouseOffice,&Obama,B.(2011).InternationalStrategy

forCyberspace:Prosperity,Security,andOpennessinaNetworkedWorld.WhiteHouse.

29. Kundra,V.(2011).Federalcloudcomputingstrategy.

30. VanRoekel,S.(2011,December8).MEMORANDUMFORCHIEF

INFORMATIONOFFICERS.RetrievedJuly13,2016,fromhttps://www.fedramp.gov/files/2015/03/fedrampmemo.pdf

31. Code,U.S.(1999).Gramm-Leach-BlileyAct.Gramm-Leach-BlileyAct/AHIMA,

AmericanHealthInformationManagementAssociation.

32. WhatisSensitiveData?ProtectingFinancialInformation...(2008).RetrievedJune19,2016,fromhttp://ist.mit.edu/sites/default/files/migration/topics/security/pamphlets/protectingdata.pdf

33. GovernmentAccountabilityOffice(GAO)Report08-343,Protecting

PersonallyIdentifiableInformation,January2008,http://www.gao.gov/new.items/d08343.pdf

34. (Wilshusen,G.C.,&Powner,D.A.(2009).Cybersecurity:Continuedefforts

areneededtoprotectinformationsystemsfromevolvingthreats(No.GAO-10-230T).GOVERNMENTACCOUNTABILITYOFFICEWASHINGTONDC.)

35. McCallister,E.,Grance,T.,&Scarfone,K.(2010,April).GuidetoProtectingthe

ConfidentialityofPersonally...RetrievedJuly13,2016,fromhttp://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

36. Act,A.C.C.O.U.N.T.A.B.I.L.I.T.Y.(1996).Healthinsuranceportabilityand

accountabilityactof1996.Publiclaw,104,191.



37. Graham,C.M.(2010).HIPAAandHITECHCompliance:AnExploratoryStudyofHealthcareFacilitiesAbilitytoProtectPatientHealthInformation.ProceedingsoftheNortheastBusiness&EconomicsAssociation.

38. Anderson,H.(2010,February8).TheEssentialGuidetoHITECHAct.

RetrievedJune19,2016,fromhttp://www.healthcareinfosecurity.com/essential-guide-to-hitech-act-a-2053

39. Dimov,I.(2013,June20).GuidingPrinciplesinInformationSecurity-InfoSec

Resources.RetrievedJuly09,2016,fromhttp://resources.infosecinstitute.com/guiding-principles-in-information-security/

40. AmazonWebServices(AWS)-CloudComputingServices.(n.d.).Retrieved

July10,2016,fromhttps://aws.amazon.com/

41. EC2InstanceTypes–AmazonWebServices(AWS).(2016).RetrievedJuly10,2016,fromhttps://aws.amazon.com/ec2/instance-types/

42. RegionsandAvailabilityZones.(2016,January).RetrievedJuly13,2016,

fromhttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

43. ElasticIPAddresses.(2016).RetrievedJuly10,2016,from

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

44. AWS|ElasticLoadBalancing-CloudNetworkLoadBalancer.(2016).

RetrievedJuly10,2016,fromhttps://aws.amazon.com/elasticloadbalancing/

45. AWS|AmazonRoute53-DomainNameServer-DNSService.(2016).

RetrievedJuly10,2016,fromhttps://aws.amazon.com/route53/

46. SSLSecuritySolutions.(2016).RetrievedJuly10,2016,fromhttp://www.networksolutions.com/SSL-certificates/index.jsp

47. WhatistheSSLCertificateChain?(2016).RetrievedJuly10,2016,from

https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/

48. Ellingwood,J.(2015,January28).ApachevsNginx:PracticalConsiderations|DigitalOcean.RetrievedJuly10,2016,fromhttps://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations



49. Node.jsIntroduction.(2016).RetrievedJuly10,2016,from

http://www.tutorialspoint.com/nodejs/nodejs_introduction.htm

50. Webberly,W.(2016,May23).DirecttoS3FileUploadsinNode.js|HerokuDevCenter.RetrievedJuly12,2016,fromhttps://devcenter.heroku.com/articles/s3-upload-node#summary

51. Compensation.(2013,October22).RetrievedJuly12,2016,from

http://www.benefits.va.gov/compensation/dbq_disabilityexams.asp



Source Code Listings App.js – this is the server side logic for the project: /*CecilThornhill5/26/2016BasedoncodeexamplesandsamplesfromWillWebberlyandAmazonforS3uploads*//*InlearninghowtointerfacetoS3viaNodeJSandJavaScriptIstartedwithcodefromatutorialprovidedbyDr.WillWebberlywhowasacomputersciencelectureratCardiffUniversityandisnowCTOatSimplyDiIdeas.Willwaskindenoughtocorrespondwithmyandaddressquestionsontheconceptsandusecasesinvolvedinmyproject.TheoriginalarticleIreferencedisat:https://devcenter.heroku.com/articles/s3-upload-node#initial-setup*//*Thisisthemainlogicfortheserversideoftheproofofconceptdemoformyproject.ThecodeheresupportsthefeaturesrequiredtoallowtheclienttosecurityloadafiletotheS3storagesite.Thesimpleproofpagesandthiscorelogicdonotattempttoimplementanyuserauthentication,authorizationoradministrationofthesite.Thosefuncitonsarepre-selectedviathestructureoftheusersandgroupsbuiltintheS3interfaceforthisdemo.Alltheseaspectswouldbeexpectedinamorefullfeaturedsitedesign,butarenotrequiredtoestablishthefunctionalproofofconceptforthemainsecureuploadoffilesfunctionality.*//*LicensedundertheApacheLicense,Version2.0(the"License");youmaynotusethisfileexceptincompliancewiththeLicense.YoumayobtainacopyoftheLicenseathttp://www.apache.org/licenses/LICENSE-2.0Unlessrequiredbyapplicablelaworagreedtoinwriting,softwaredistributedundertheLicenseisdistributedonan"ASIS"BASIS,WITHOUTWARRANTIESORCONDITIONSOFANYKIND,eitherexpressorimplied.SeetheLicenseforthespecificlanguagegoverningpermissionsandlimitationsundertheLicense.*/



/**Importrequiredpackages.*Packagesshouldbeinstalledwith"npminstall".*//*CT-Iamusinglocalvariableforthedevelopmentversionsofthisdemosite.BelowIrequredotenvtoallowlocalconfigmanagement,sothisdemocanrunwithoutsettingenvirionmentvariablesontheserverwhichisthemorecorrectfinaloperationsconfigurationpracticeonadeployedsystemstopreventexposingthevaluesintheopenproductionenvironment.OfcourseitismucheasiertomanagelocalvaluesfromthisresourcefileinthedevelopmentphasesothatisthewayIwentforthethecurrentdemocode.*/vardotenv=require('dotenv');dotenv.load();/*ToensurethatwegotthevaluesweexpextedIalsoshowthevariablesnowinprocess.env-nowwiththevaluesfromthe.envaddedontheconsole.Ofcoursethisisnotsomethingtodointhefinalproductionsystem.*/console.log(process.env)constexpress=require('express');constaws=require('aws-sdk');/**Set-upandruntheExpressapp.CT-noteweareruuningonport3000inthiscase.ItisimportanttoforawardyourwebtrafficfromtheNGINXservertotheproperportviasettingupthereverseproxyconfigurationintheNGINXserver,sothattrafficgetsthroughfromthewebservertotheapplicaitonserver.*/constapp=express();app.set('views','./views');app.use(express.static('./public'));app.engine('html',require('ejs').renderFile);app.listen(process.env.PORT||3000);/**LoadtheS3informationfromtheenvironmentvariables.



CT-notethatinourcasetheseactuallycomefromtheresoucesfilesinceweareinadevelopmentstyleenvrionmentasisnotedabove.*/constS3_BUCKET=process.env.S3_BUCKET;/**RespondtoGETrequeststo/account.*Uponrequest,renderthe'account.html'webpageinviews/directory.CT-NotethatIleftthedemo/tutorialstructureasmyframework,anddidnotrenamethepages,thoughIdidadjusttheHTMLabit.ThegeneraldemoserverstoshowproofofconceptinallowingclientsideuploadsoverHTTPStotheS3storagefromanon-administrativeaccount,undercontrolofauserandgrouppolicysetontheAWSsitemanagementconsole.*/app.get('/account',(req,res)=>res.render('account.html'));//stubforpostsaveupdateddisplayapp.post('/save-details',(req,res)=>{//TODO:ReadPOSTedformdataanddosomethinguseful});/**RespondtoGETrequeststo/sign-s3.*Uponrequest,returnJSONcontainingthetemporarily-signedS3requestand*theanticipatedURLoftheimage.CT-notethatintheoriginaldemo/tutorialonusingtheS3interfacefromJavaScriptandNodeJS,thedemowasintendedtosendimagefiles,buttheformatisthesameforsendinganydiskfile.Thecriticalstepsbelowaretogetandreturnthetemporarilysignedrequsetsothattheuploadcanbecheckedagainsttheuser'sauthorizationinthepolicyforthegroups,userandtheS3bucket.Notethatalloftheseentitieshavecredentialthatcanbeusedtoauthenticate(notdoneinthisdemo),andauthorizeactionsagainstpolicy.Also,allactionsandpolicyactiviescanbereportedviasystemsbuiltintotheAWSconsoletoallowcompliancewithsecurityandlegalrulesforauditofthesiteevents.*/app.get('/sign-s3',(req,res)=>{consts3=newaws.S3();constfileName=req.query['file-name'];constfileType=req.query['file-type'];consts3Params={Bucket:S3_BUCKET,



Key:fileName,Expires:60,ContentType:fileType,ACL:'public-read'};/*CT-notethisisthe"buinessend"ofthedemo...inthefunctionbelowthecodetakestheenvironmentnameoftheS3bucketandappendsittothegeneralformatoftheAWSS3storageURL,withtheactualfilename.ThisthenbecomestheHTTPSURLusedtosendthedatatotheAWSS3bucketoverasecurenetworkconnection.*/s3.getSignedUrl('putObject',s3Params,(err,data)=>{if(err){console.log(err);returnres.end();}constreturnData={signedRequest:data,url:`https://${S3_BUCKET}.s3.amazonaws.com/${fileName}`};res.write(JSON.stringify(returnData));res.end();});});/**RespondtoPOSTrequeststo/submit_form.*Thisfunctionneedstobecompletedtohandletheinformationin*awaythatsuitsyourapplication.*/app.post('/save-details',(req,res)=>{//TODO:ReadPOSTedformdataanddosomethinguseful});

Account.html – this is the client page for the project <html><body><h1>Edityouraccount</h1><hr><h2>Youravatar</h2>



<inputtype="file"id="file-input"><pid="status">Pleaseselectafile</p><imgstyle="border:1pxsolidgray;width:300px;"id="preview"src="/images/default.png"><h2>Yourinformation</h2><formmethod="POST"action="/save-details"><inputtype="hidden"id="avatar-url"name="avatar-url"value="/images/default.png"><inputtype="text"name="username"placeholder="Username"><br><inputtype="text"name="full-name"placeholder="Fullname"><br><br><hr><h2>Savechanges</h2><inputtype="submit"value="Updateprofile"></form><script>/*FunctiontocarryouttheactualPUTrequesttoS3usingthesignedrequestfromtheapp.*/functionuploadFile(file,signedRequest,url){constxhr=newXMLHttpRequest();xhr.open('PUT',signedRequest);xhr.onreadystatechange=()=>{if(xhr.readyState===4){if(xhr.status===200){document.getElementById('preview').src=url;document.getElementById('avatar-url').value=url;}else{alert('Couldnotuploadfile.');}}};xhr.send(file);}/*Functiontogetthetemporarysignedrequestfromtheapp.Ifrequestsuccessful,continuetouploadthefileusingthissigned



request.*/functiongetSignedRequest(file){constxhr=newXMLHttpRequest();xhr.open('GET',`/sign-s3?file-name=${file.name}&file-type=${file.type}`);xhr.onreadystatechange=()=>{if(xhr.readyState===4){if(xhr.status===200){constresponse=JSON.parse(xhr.responseText);uploadFile(file,response.signedRequest,response.url);}else{alert('CouldnotgetsignedURL.');}}};xhr.send();}/*Functioncalledwhenfileinputupdated.Ifthereisafileselected,thenstartuploadprocedurebyaskingforasignedrequestfromtheapp.*/functioninitUpload(){constfiles=document.getElementById('file-input').files;constfile=files[0];if(file==null){returnalert('Nofileselected.');}getSignedRequest(file);}/*Bindlistenerswhenthepageloads.*/(()=>{document.getElementById('file-input').onchange=initUpload;})();</script></body></html>



Test Document Sample Disability Benefits Questionnaire PDF (test documents)

VA FORM OCT 2012 21-0960N-1

EAR CONDITIONS (INCLUDING VESTIBULAR AND INFECTIOUS CONDITIONS) DISABILITY BENEFITS QUESTIONNAIRE

NAME OF PATIENT/VETERAN PATIENT/VETERAN'S SOCIAL SECURITY NUMBER

2B. DOES THE VETERAN'S TREATMENT PLAN INCLUDE TAKING CONTINUOUS MEDICATION FOR THE DIAGNOSED CONDITION?

1A. DOES THE VETERAN NOW HAVE OR HAS HE OR SHE EVER BEEN DIAGNOSED WITH AN EAR OR PERIPHERAL VESTIBULAR CONDITION?

NOTE TO PHYSICIAN - Your patient is applying to the U.S. Department of Veterans Affairs (VA) for disability benefits. VA will consider the information you provide on this questionnaire as part of their evaluation in processing the veteran's claim.

1C. IF THERE ARE ADDITIONAL DIAGNOSES THAT PERTAIN TO EAR OR PERIPHERAL VESTIBULAR CONDITIONS, LIST USING ABOVE FORMAT:

OMB Control No. 2900-0778 Respondent Burden: 15 minutes

SECTION I - DIAGNOSIS

2A. DESCRIBE THE HISTORY (including onset and course) OF THE VETERAN'S EAR OR PERIPHERAL VESTIBULAR CONDITIONS (brief summary):SECTION II - MEDICAL HISTORY

NOYES

YES NO

IMPORTANT - THE DEPARTMENT OF VETERANS AFFAIRS (VA) WILL NOT PAY OR REIMBURSE ANY EXPENSES OR COST INCURRED IN THE PROCESS OF COMPLETING AND/OR SUBMITTING THIS FORM. PLEASE READ THE PRIVACY ACT AND RESPONDENT BURDEN INFORMATION BEFORE COMPLETING FORM.

1B. SELECT THE VETERAN'S CONDITION (check all that apply):

Meniere's syndrome or endolymphatic hydrops

Peripheral vestibular disorder

Benign Paroxysmal Positional Vertigo (BPPV)

Chronic otitis externa

Chronic suppurative otitis media

Chronic nonsuppurative otitis media (serous otitis media)

Mastoiditis

Cholesteatoma

Otosclerosis(If the veteran has hearing loss or tinnitus attributable to any ear condition, the VA regional office will schedule a hearing loss or tinnitus exam, as appropriate)

Benign neoplasm of the ear (other than skin only)

Malignant neoplasm of the ear (other than skin only)

Other, specify:

ICD code: Date of diagnosis:

Date of diagnosis:ICD code:






Date of diagnosis:

ICD code:

Date of Diagnosis:

ICD code:

Other, diagnosis #1: Date of Diagnosis:ICD Code:

Other, diagnosis #2: Date of Diagnosis:ICD Code:

IF YES, LIST ONLY THOSE MEDICATIONS USED FOR THE DIAGNOSED CONDITION:

Page 1

ICD Code:

Date of Diagnosis:ICD Code:

Date of diagnosis:

(If "Yes," complete Item 1B)

(If the veteran has hearing loss or tinnitus attributable to any ear condition, the VA regional office will schedule a hearing loss or tinnitus exam, as appropriate)

SUPERSEDES VA FORM 21-0960N-1, FEB 2011, WHICH WILL NOT BE USED.

no

sudden loss of hearing

123-45-6745Chester Tester

Masters Project CThornhill v2 final

Documents

Transcript of Masters Project CThornhill v2 final