The subject of what keeps Flowhub running in the face of infrastructure and security challenges is inherently technical. Buckle up and come along for the ride.
Much of modern software is delivered using a model known as SaaS, “Software as a Service”, where users no longer install software on their local computers, but have it delivered via the web or a web-enabled application. Think Gmail. There are many advantages to this model: the user doesn’t have to install anything, software can easily be updated with new features with no effort by the user, the software can be used from a variety of locations and devices, and so on. For this reason, Flowhub, like many other vendors in the cannabis industry, uses SaaS to distribute its POS and Grow solutions.
But these advantages also come with challenges. The user is now susceptible to problems with the vendor infrastructure. If the SaaS product fails, it can be catastrophic, affecting all users and shutting down businesses.
The challenges for application uptime can come from a number of sources. These include:
- Hardware failures, such as servers, disks and network routers
- Failure of supporting software such as databases or application frameworks
- Application software bugs
- Malicious security attacks aimed at either disabling the SaaS application, or worse, stealing or destroying customer data.
- Internet connectivity. Without a connection to the vendor’s SaaS infrastructure, the app can’t function.
To address these challenges, Flowhub uses a set of best practices to protect its users from failure. Flowhub’s applications are built using a modern partitioned Service Oriented Architecture, running on third party enterprise-class cloud infrastructure. This allows us to leverage high grades of security and reliability implemented by our Cloud vendors without having to invest in dedicated Flowhub teams.
To help our customers understand how Flowhub protects their business operations, below are some of the best practices we use.
Data is the lifeblood of our clients. From sales records to customer and loyalty profiles, Flowhub takes the responsibility of protecting client data incredibly seriously. We use a cloud-based enterprise-class database hosting service, running on top of the Amazon Cloud. This server provides two hot redundant servers running next to the active server, and takes backup snapshots every 6 hours to store offline.
Flowhub is based on an application development framework that supports high-reliability instances running on Amazon Web Services servers. Software is deployed into “containers” and the framework automatically recovers if a container or server fails by recreating the container, and restarting the operations seamlessly.
Even with the above techniques, failure is always a possibility. Flowhub uses a partitioned infrastructure, where groups of customers are hosted on different clusters of Amazon servers (we call them “pods”). If there is an application failure, the “blast radius” is constrained to only the small number of customers on that pod. This also supports scaling the system by providing dedicated server performance for each client.
Reversible Application Deployment
Flowhub uses modern practices of constantly delivering new features. We release software every 2 weeks. But what if something goes wrong on the deployment, or a major bug is inadvertently released? We have a pattern of always testing and qualifying a rollback with each release, so that if there is a problem with the new release, we can rollback to the previous version in a manner of minutes.
Backup Network Connectivity
A key part of the Flowhub POS solution is the iPhone mobile component (the “NUG”). Our iPhone app creates a best-in-class customer check-in and management experience, allowing the ID vetting interaction at the customer’s arrival to be transformed from hassle to benefit with the mobile Check-in App. It also allows effortless inventory tracking and management for the back office via the Stash App™. Just as importantly, if a customer decides not to provide their own backup internet link, it can provide backup internet connectivity. If the dispensary WiFi fails, the POS stations simply switch to the hotspot provided by the NUG and continue operation uninterrupted.
In the modern world, a software vendor needs to assume they are under attack all the time. Flowhub uses a number of techniques to ensure only the correct people can access the system. These include encryption on all traffic from app to app server to database, and encryption of all data in the actual database files. Amazon Cloud network protection is used for Virtual Private Clusters and IP whitelists. All the computers used at Flowhub are passworded with encrypted disks. User passwords use one-way encryption. All passwords for key infrastructure are stored in a third party encrypted vault and regularly rotated.
TL;DR Flowhub takes reliability and security with the utmost seriousness, and aggressively uses modern best practices for databases, applications and security to keep our customers’ businesses running.
You may also like...
Introducing Stash™: The Mobile Way to Manage Dispensary Inventory
24 June 2019 | 14 min read