Billing System (BSS / OSS) Technical Systems Overview
Unified Signal has chosen to build and deploy its own BSS/OSS system which has now recently been deployed on the AWS cloud. Unified Signal’s framework is designed to be extremely flexible, reliable, scalable, and secure providing rapid development utilizing common class libraries and built-in security and logging. The foundation of the system is built on .NET Framework 4.0, written in C#, connecting to a powerful Sequel Server database. Unified Signal’ front end interface are highly compatible with applications that are built with other technologies or applications that are hosted on other networks by providing multiple integration methods including framing and API integration.
The solution stack includes an Infrastructure as a Service (IaaS) provider that delivers a reliable virtualization offering that includes a secure facility, reliable hardware, networking and 24/7 support. The software stack includes MS SQL Servers in a cluster, replicated or standalone instances, multiple Web servers configured with round robin load balancing and one or more application servers based on the load for the instance being implemented.
Application Auditing and Access Control
Each application within the system has the capability for auditing and security processes to be attached to it. The security level (1 thru 10) and department of the employee determines the availability of the application for the user. Each time the user accesses the application, whether authorized or not, an audit trail from the user is logged in the system, including date/time, IP Address, and permission ID (unique to user). This database table has triggers and permission set up to track and prevent tampering (direct access to the table).
Tokens are generated for each logged in user, which tracks the role of the user and time of the session. This best practice technique is used to ensure that unauthorized access is not gained into the system by session tampering.
Encryption is done in a secure manner where no encryption keys are stored in clear text on the Web or Application servers. A strategy of double encryption has been taken in lieu of utilizing a hardware encryption module. A hardened database which stores the keys for encrypting and decrypting should only be accessible by dual authentication by two database administrators. The encryption keys stored in the hardened database are encrypted (double encryption), which is decrypted by the keys on stored on the Web or Application server configuration files. This method ensures that no encryption keys used to encrypt and decrypt customer data is stored in plain text or accessible by one individual.
System exceptions that are created by applications are logged as system generated trouble tickets, which are assigned to IT personnel and can be emailed or sent via SMS. The Watch Dog processes are database scripts that monitor the data in the databases to ensure that the system is working logically and will provide notification to technical teams of any potential issue by creating trouble tickets.
Trouble tickets created by clients, customers, and distributors and are monitored by a team of operations staff to ensure that the overall health of the application is optimal.
Rating & Reporting
The Rating application is designed to handle multiple types of file formats from different locations including locally delivered files or remote files on FTP servers. Reporting is managed on the application server and is designed to extract any type of information from the database that is needed by business analysts or partners. The reports that are generated can automatically be delivered to a partner’s secure FTP location on the application server. The rating and reporting applications are designed to be flexible and stable.
The Web Servers do not hold state for users, which makes it easy to scale the web front ends horizontally. Initiating additional Web Servers from back up VMs is a seamless is a way to build out the front end horizontally.
Horizontal scaling for the database servers can be accomplished by logically segregating Channels into separate SQL clusters. The application can support different database connection strings based on the unique host header of the client. For larger scale subscriber bases, a reporting server is added to house all of the reporting data in one system to support real time reporting. This is accomplished through a data warehouse, SQL Server replication and a database snapshot on a mirrored database.
Adding additional hardware to the existing database or application servers is a painless way to improve performance. Simple enhancements like adding memory, faster storage or additional processors will improve performance significantly.
Taking the horizontal scaling approach along with a vertical scaling approach ensure that the system scales virtually unlimitedly. The hybrid strategy is essentially taking the best of each method and combining them into one. Each client can have their own cluster, several large clients can share one cluster (grouped cluster), many small to medium sized clients can share a cluster (grouped cluster), or a combination thereof. The exact approach can be preplanned prior to onboarding new clients. If anyone client becomes too large and is currently sharing a cluster with other clients, that large client can easily be migrated to its own cluster, which has been done many time in the past for large clients that have over 500,000 active customers.
Ultimately the front-end Web Servers only need to know the database connection for the cluster of the client, due to being stateless, which is easily provided via the configuration files along with the Host Headers passed to the Web Server. Additional enhancements are made to ensure that Transaction IDs are unique throughout all of the various clusters, which make troubleshooting and customer management an easier task. This is accomplished by having one small centralized database cluster which is the master for handing out IDs to the application. Each grouped SQL cluster can be scaled vertically before the need of a migration of specific clients to their own cluster. The system is also let up on AWS autoscaling which allows each clients frond end web servers to scale up or down based on demand.