Software Architecture and Security

1. Maintenance Connection CMMS Overview

The Maintenance Connection solution encompasses the entire functional spectrum to meet any Maintenance, Asset, or Facility Management requirements. Maintenance Connection CMMS will enable the customer’s Maintenance staff to improve traceability, provide comprehensive reporting, facilitate failure analysis, maximize asset life, improve labor productivity, reduce costly downtimes, minimize investments in inventory, and lower the total cost of maintenance. The Maintenance Connection applications are displayed below showing how they interact with each other.

Features

  • Multi-Site Asset Tracking
  • Multi-Site Work Orders
  • Work Order Scheduling and Work Manager
  • Preventive Maintenance
  • Procedure Library (300+ Procedures)
  • Multiple Stockroom Inventory Tracking
  • Generate Purchase Orders
  • Project Management

 

  • Multi-Site Asset Tracking
  • Contract Management
  • Accounts and Budgeting
  • Hierarchical Classifications
  • Document Library and HTML
  • Document Editor
  • Access Groups and Security
  • Integrated Report Writer
  • Print, Email, or Fax Reports

Module

  • Assets
  • Work Orders
  • Purchase Orders
  • Preventive Maintenance
  • Inventory
  • Procedures
  • Tasks
  • Projects
  • Repair Centers
  • Shops
  • Labor
  • Crafts
  • Requesters
  • Training

 

  • Accounts
  • Categories
  • Tools
  • Failures
  • Classifications
  • Specifications
  • Companies
  • Stock Rooms
  • Tool Rooms
  • Contacts
  • Documents
  • Bulletins
  • Access
  • Groups
  • Members

Module

  • Maintenance Repair and Operations WorkCenter
  • Technician WorkCenter
  • Service Requester
  • Reporter and KPI Dashboard
  • MRO Mobile

Technology

Basic Facts on Maintenance Connection technology

  • 100% Web-Based Application requiring no installation on client machines
  • Deployable on the Internet (hosted online solution) or at the customer’s site (self-hosted onsite solution)
  • Open architecture with easy integration to other applications on similar or different platforms
  • Built using standard Microsoft Web Technologies
  • Utilizes Microsoft’s SQL Server Relational Database Engine
  • Massively scalable. (Maintenance Connection has been designed and architected to be used regardless of whether the application will have 10 or 10000 concurrent users.

Security

The Maintenance Connection security architecture employs 7 layers and modules to accomplish a highly reliable, fine-grained multi-faceted security platform.

Each layer is optimized for the enforcement or management of specific security detail:

1. Authentication – most basic and top layer of defense which establishes the identity and credentials of the user who wishes to access the system by requiring users to enter a member name and password. Every request is re-authenticated automatically given the user credentials that have been validated and secured on the first-time login. Maintenance Connection utilizes session time-outs; therefore the user might be asked to re-authenticate in mid-session if expiration timeout has been detected.

In order to protect user identity and access to records, Maintenance Connection requires that users have a unique user-defined Member ID and password when logging on to the application. Even before the user can log onto the system, they must go through the sign-up process to establish their account. Only when this account is approved will the user have access to the Maintenance Connection applications and data.

Maintenance Connection security policies and procedures provide authentication by:

  • Establishing an unapproved account during the sign-up process
  • Allowing managers to approve or reject user accounts
  • Allowing user-defined Member IDs and passwords that can be changed frequently

2. Filtered Browsing Layer – is the extension to the authentication mechanism, enforcing each web page access to use valid credentials. This layer detects whether a user has a valid session, and therefore it will direct users to a login step if either session or credentials have been deemed invalid. This mechanism prevents unauthorized users who might have a bookmark or URL link from gaining direct browsing access to any parts of the system.

3. Roles – provide a dynamic grouping function of permissions associated with data manipulation or specific application level functions. Maintenance Connection has a rich support for user level role definition (defined in the application as access groups), giving managers a fine-grained capability to grant permission to specific features of the system to any users of the Maintenance Connection application. The manager can assign an access group to any individual, thus easily expanding or narrowing access rights as necessary. The built-in access groups can be used, or new ones can be created. Since this security layer is dynamic and real-time, changes to the details of a particular role will take effect immediately. Several functions of the Maintenance Connection application are controlled by means of access groups, therefore users who do not have the appropriate permissions, will not be even aware of the existence of certain features, since the tabs, icons, or buttons will not be present in their view of the application.

4. Process Filter – provides a workflow-based security framework, through which managers can enable and disable application level functions at any given step in the business process flow. For example, a manager may allow a user the ability to create a work order, but not approve, issue, or close it out.

5. Data Access Filter – layer enforces data access policies of the Maintenance Connection application. All data access requests pass through system filters and only allowable data sets are exposed and returned to the user.

6. Audit Trail Container – is the central repository of the history of all changes made by all users of the Maintenance Connection system. The audit log helps reconstruct with accuracy the changes made to any specific data item. The audit log contains the date, time, user who made the change, the value before the change, and the value after the change so that information related disputes can be corroborated.

7. Encryption – is the methodology by which information sent between a browser and web server is scrambled through various algorithms in order to prevent someone from eavesdropping (or sniffing) in the communication and potentially observing the transmitted information. Clearly this is a major issue for communication over public networks, since there is no control over who can see the information on the open net. To combat this issue, the Maintenance Connection architecture fully supports and utilizes the industry standard SSL (Secure Socket Layer) protocol.

Secure Socket Layer (SSL) is the software protocol used by both the browser and the web server to implement the highest possible security levels. The Maintenance Connection server requires that the user’s browser be configured to support both SSL2 and SSL3 protocols (in the security options of the web browser) so that it can encrypt communications with the web server and ensure that information between Maintenance Connection and the user cannot be read by outside parties.

Web servers that run secure sessions require browsers with a minimum of 40-bit encryption to generate session keys used to encrypt/decrypt transmissions between browser and server. Maintenance Connection uses 128-bit encryption whenever possible to ensure privacy. Encryption capabilities are built into most Internet browsers and can be enabled by users. The larger the number of bits contained in the session key used for encryption (40-128 bits), the more difficult (exponentially) it is for an unauthorized person to unscramble the transmission. The 40-bit encryption is known as international level or export-grade encryption. The stronger 128-bit encryption is referred to as U.S. and Canada-only level, or domestic-grade encryption. Until recently, no encryption requiring a key greater than 40-bit was permitted to be exported outside of the United States and Canada.

This restriction has now been partially lifted under certain trade conditions, but 40-bit encryption is still used by many companies doing business internationally.

The Maintenance Connection servers support connections from browsers that employ 40-bit, 56-bit and 128-bit encryption. The stronger 128-bit encryption method may impose performance degradation on less powerful PCs running the browser. Maintenance Connection continually evaluates commercial browsers to ensure that they meet strict security standards. For browser requirements for Maintenance Connection, refer to Maintenance Connection Minimum Requirements.

Maintenance Connection has implemented a rich security architecture to satisfy the most stringent needs of any organization and it is under management control how much or how little security is applied, and therefore, administration can selectively enable or disable the various security measures to tailor security constraints to the organization’s needs.

Previous Next

Software Security

Maintenance Connection’s Maintenance Management application provide a comprehensive integrated security system that enables administrators to customize data access permissions according to their roles. Using a built-in Security Manager, Administrators can create security profiles that not only limit access to specific features, but also permit viewing of records based on data types and/or values. The ability to grant access to records based on their contents advances database security beyond that offered by many of today’s most powerful database management systems, and puts users in control of their information.

Features

Work Order Module

Asset Management

Preventive Maintenance Module

Inventory Management

Purchase Order Management

Reports and Alerts

Mobile Application

Integrations and Custom Add-ons

Software Architecture and Security