Standard Hosting Policy

Blue Light Publishing Ltd (T/A - Police Pass) / CDSM Interactive Solutions Ltd - Thinqi E-Learning Platform Application Architecture

Thinqi LMS is built on a microservice architecture and can be hosted in a load-balanced, high-availability cloud or local data center environment.

The application architecture allows each layer to scale independently from other layers as demand requires. It enables traffic to be filtered through various levels of caching ensuring super-fast responsiveness even when under significant load. As traffic scales, the cache layers will return an increasingly greater proportion of traffic.

Thinqi LMS services run on Docker containers in Amazon Web Service’s (AWS) Elastic Container Service. The lightweight nature of these containers means they can be scaled incredibly quickly. Capacity for individual microservices can be increased by 10x in less than two minutes. This enables a robust response to any surge in demand as proven by our large-scale national LMS implementations.

 

The database configuration of Thinqi LMS is designed to have segregated services with a massive amount of burstable capacity as and when required. The databases can also be scaled both horizontally (additional nodes added to the database cluster) and vertically (increasing the power of the existing nodes in the database cluster).

 

From experience of running several large-scale applications on AWS in the UK and internationally, CDSM knows that Thinqi is highly scalable under load and performs exceptionally well for users.

The servers used are Ubuntu Linux. The application layer runs as Alpine Linux Docker containers in AWS ECS.

The application itself consists of ASP .NET Core and NodeJS REST APIs with a React JavaScript application layer for the front-facing web components. A high-availability reverse proxy layer ensures high performance website speeds.

The data layer for the application is a high-availability MongoDB database. It also uses a high-availability OpenSearch cluster to provide fast search capability.

Specific AWS services are leveraged to increase system resilience and reduce network latency for users.

These include:

  • S3 – highly redundant and available storage
  • CloudFront – highly scalable content website caching
  • SQS – highly redundant and available queues to insure against single points of failure and ensure integrity of internal system procedures.

Security and data protection

Protecting our end users and their data is our highest priority. Thinqi LMS is built to the highest cybersecurity standards and follows the most current industry standards. CDSM Interactive is ISO 27001 and Cyber Essentials Plus certified.

All communication with the website is conducted via HTTPS using 2048-bit encryption. The load balancing layer only supports secure protocols in line with UK government recommendations. Any outdated protocols such as SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 are not supported.

The application is protected by an AWS CloudFront distribution to enable DDoS protection and a Web Application Firewall (WAF) layer to ensure low latency access and protection from many forms of attack. AWS Guard Duty is constantly analysing log information inside and outside of the network to identify and alert us to any malicious activity around the LMS.

The system implements several layers of logging to allow forensic analysis of any operational failure or interruption. This includes:

  • Remote application monitoring using AWS CloudWatch
  • Website availability tracking using AWS CloudWatch Synthetics
  • Website traffic logs via AWS ELB and CloudWatch
  • System access logs via AWS CloudTrail

Thinqi LMS is penetration tested at least twice annually by independent CISSP certified cyber security consultants.

The LMS is also security audited every year by Welsh Government as part of our UK government provision. This audit is reviewed by the National Cybersecurity Centre (NCSC). Similar testing and auditing can be put in place in line with Omani government standards.

The software is designed to meet EU GDPR and UK DPA standards and similar data rights can be provided to Omani users on request.

  1. The right to be informed.
  2. The right of access.
  3. The right to rectification.
  4. The right to erasure.
  5. The right to restrict processing.
  6. The right to data portability.
  7. The right to object.
  8. Rights in relation to automated decision making and profiling.

Access to the LMS can be controlled by the customer’s own Identity Provider(s) (IdP). This means you have total control over your users’ access. Integration with any IdP is done in line with industry standards such as WS-Federation or SAML.

Data storage in Thinqi LMS

Data storage for the Thinqi LMS application is powered by MongoDB, AWS RedShift and OpenSearch, three popular modern database technologies that allow incredibly fast search and retrieval across massive data sets.

Our application is customised to handle the throughput required by large sites and in a high availability and redundant configuration to ensure up-time and reliability.

OpenSearch is configured as a multi-availability zone replica set and is backed up daily. OpenSearch can also be regenerated from scratch from the source MongoDB data.

The core application data is stored in MongoDB which acts as the ‘source of truth’ for all parts of the application stack. MongoDB is configured as a minimum three node, cross-availability zone replica set as default. As usage of the site grows this can be scaled to multiple replica sets. This configuration allows an extremely high level of redundancy and scalability in line with the projected usage of the national LMS.

All MongoDB disks are also ‘encrypted at rest’. This means that only authorised CDSM staff with access to authorisation keys (also stored encrypted) can access the databases.

AWS RedShift provides a secure data warehouse function which is used for high-volume and high-complexity reporting. This can also be used as a data warehouse by the customer by connecting popular business intelligence tools such as PowerBI or Tableau.

Infrastructure configuration

The following topology diagram shows a high-level overview of how the application infrastructure fits together within the AWS cloud environment:

 

Browser support

Thinqi LMS and all its features will work across all commonly used modern web browsers.

For the purposes of security and requisite functionality, some older browsers will not be supported. For example, to support HTTP Strict Transport Security (HSTS), browsers such as Internet Explorer 8 and 9 cannot be supported.

Where older browsers do not support newer features, such as CSS variables, Thinqi LMS will, where possible, gracefully degrade to support the browser.

Device support

Thinqi LMS supports a wide range of digital devices and platforms.

Thinqi LMS is fully responsive for mobile devices and modern web browsers, with the layout able to adjust depending on whether the user is viewing it in landscape or portrait mode. The user interface will also adjust and optimise for the space available.

For the purposes of security and functionality, some old devices will not be supported. For example, to support connections meeting the TLS 1.2 security protocol, some devices such as Android phones or tablets released before 2014 will not be supported.