Secure Private Cloud



Document image

The IREX cloud-native architecture enables secure, resilient, and easy deployment in any data-center or on-prem location. IREX Secure Cloud runs 100% open-source software, ensuring sustainable infrastructure for large and public sector service providers.

Cloud-native is a modern approach to building and running software applications that exploit the flexibility, scalability, and resilience of cloud computing. Cloud-native encompasses the various tools and techniques used by software developers today to build applications for the public and private cloud, as opposed to traditional architectures using virtual machines, relational databases, and RAID storage. The cloud-native approach was pioneered by a group of companies commonly referred to as “born in the cloud” — such as streaming giants Netflix and YouTube. The cloud-native approach has since been adopted by other companies looking for similar digital agility and disruptive competitive advantage. Like most cloud-native apps, the IREX Smart City Platform is based on loosely coupled microservices, containers, Kubernetes, immutable infrastructure, REST APIs, and continuous delivery technology with techniques like DevOps and agile methodology. The following table provides a comparison of the IREX cloud-native platform with traditional video management and video analytics platforms:



IREX Cloud-Native Platform

Non-Cloud Alternatives

Solution class

Carrier-grade solution

Enterprise-grade solution

Mutitenancy

Multiple organization (with optional resource sharing)

Single organization (no isolation/resource sharing between organizations)

High availability

Reduced downtime thanks to greater redundancy, automatic load balancing, automated continuous integration (CI), continuous delivery (CD).

Increased risk of downtime due to the lack of advanced failover mechanisms as well as the lack of sufficient automation of monitoring and updates.

Scalability

Independent horizontal scaling by the number of cameras, users, API integrations, AI applications, and searchable data size.

Scaling by the number of cameras only.

No scaling by the number of users, AI applications, and searchable data size.

Virtualization

Docker lightweight containers. Fewer hardware resources are required.

Virtual machines (VMs) More hardware resources are required.

Orchestration

Kubernetes production-grade orchestration.

Automatic deployment, scaling, and management.

No orchestration is available. No automatic deployment, scaling, and management/

Storage

Ceph object storage. Inexpensive, scalable, and self-healing.

RAID-based file systems. Expensive, non-scalable, and difficult to repair.

Database

Cassandra/Ignite/Spark databases. Linear scalability and proven fault-tolerance.

Relational databases (e.g. MS SQL Server) Difficult to scale and backup.

Deployment models

On-Prem Bare Metal. On-Prem Virtual Machines. On-Prem Private Cloud. Public Cloud.

On-Prem Bare Metal. On-Prem Virtual Machines.

Continuous Delivery

With Kubernetes' continuous delivery in place, IREX engineers and/or your team can deploy changes throughout the day, instead of quarterly or monthly. Continuous delivery also provides a mechanism to roll back changes whenever they need to. Continuous delivery is essential for providing uninterrupted service to thousands of users while applying updates with new features or security patches. 

Cost-Effective Design

It is true that most private cloud deployments turn out to be more expensive than public clouds. This is because of subscription fees for the private cloud software, support, and DevOps. But this is not the case for IREX.  The IREX Smart City Platform ships with a private cloud and web application firewall based on open-source. This infrastructure is optimized for video AI and Big Data analytics, making IREX more efficient when running on dedicated bare-metal servers, than in public clouds. IREX customers do not need to buy expensive infrastructure software for virtualization, distributed storage,  and monitoring. The IREX all-one license or subscription provides all the software and support needed to run the system on bare-metal servers.

Carrier-Grade Design

Unlike conventional video management systems (VMS) and physical security information systems (PSIM), IREX is designed to serve multiple organizations from a single Secure Private Cloud. For example, a service provider for a smart city can connect City Government, Local Businesses, First Responders, and Police. All these users can share cameras and data, yet can be completely isolated from each other.

IREX carried-grade features include:

  • Multi-tenant product design
  • Multi-vendor support for cameras and servers
  • Cross-platform clients (web browsers, desktops, and mobile devices)
  • High availability, no single point of failure
  • Horizontal scaling by the number of cameras, the number of users, and retention period
  • One-click rebranding of the web portal and mobile apps
  • Advanced monitoring and logging tools
  • Rolling updates (i.e. without stopping the service)
  • Billing integrations

Ultimate Security

Private by Default

Unlike most cloud video surveillance systems that run in public clouds, IREX isolates data physically from other enterprise users and other applications. If a super admin account is compromised, the exposed data will be localized in the Secure Private Cloud. Of course, IREX can also operate in a private network (e.g. in an airport) without any connection to the Internet or other public networks.

Web Application Firewall

IREX is bundled with a Multilayer Web Application Firewall (WAF), Intrusion Detection System (IDS), Internet Protection System (IPS), and Network Filter. These powerful cybersecurity tools enable proactive defense against known and unknown cybersecurity attacks. IREX conducts regular penetration tests for each major release per OWASP Testing Guide and other frameworks.

Dynamic Keys in the IREX API

IREX uses JSON Web Tokens (JWT) with asymmetric signatures for all the platform microservices, clients, and third-party software connecting to the IREX API. The signature keys are randomly generated and updated on regular basis. So neither software developers nor system installers can use re-use API keys to bypass full user authentication. 

End-to-End Encryption

As standard, IREX uses HTTPS / TLS 1.3 to encrypt all traffic from its edge devices to the Secure Private Cloud and further to clients. Outside private networks, IREX uses VPN to encrypt RTSP streams from standard IP cameras. IREX sends real-time alerts using its secure messenger hosed in the Secure Private Cloud.

Advanced Security Policies

IREX has developed a multi-organizational access control system including hierarchical user groups, comprehensive user roles, and resource groups to manage cameras, IoTs, building plans, people, and vehicle databases. This access control system ensures that users can see only designated real-time alerts and search results. 

Detailed Logging

IREX authenticates all users and records their activities, for example, platform sign-in, facial search, video export, and permission changes. As shown on the screenshot, the log is searchable by user name, event type, and period.



© 2021 IrexAI Inc
irex.ai