(+374) 94 770331         info@bits.am
      
OUR SERVICES

Nowadays is more and more difficult to meet IT service requirements by standard tools and solutions, but it is not the case when for customer solutions are used our unique systems.
Here are some examples of IP service requirements from our clients, implemented with the help of our systems:

Mail server.
Implement mail server with open source environment. (For eliminating any license fees or senseless costs)

Mail server must support the secure protocols: SMTP with SSL/TLS, IMAP4s and POP3s. For eliminating unwanted emails, mail server must have anti-spam system, antivirus system and must support protocols: SPF, DKIM and DMARK.

Mail server must be multi-domain, must also have web interface client.

For security reasons the operating system of mail server must be hardened. The mail server must not send or receive any email, when the Email daemons or configuration files of mail daemons are compromised.

For providing high availability, mail server must be installed in cluster manner and must be visible in the world with 3 different real IP address, from 3 different countries (preferably on 2 different continents, e.g. Europe and Asia, or Europe and America, etc…) The web-interface control panel must be developed for managing the mail server, and for security reasons it must be developed without using any known template frameworks (wordpress, joomla, etc…), it must be developed from scratch.

Control Panel must meet at least the following requirements:
  • Ability to add/edit/delete users, password, descriptions,
  • Set the mailbox size quotes for each user,
  • Autoreply ability for users, with Unicode text support.
  • Ability to create mailing list groups.
  • Log view ability, where each transaction is visible, and it is possible to easily identify the brute-force attacks or any errors occurred during mail send or receive.
  • Multi admin technique. E.g. mail server manages many domains, and few domains have to be managed from admin1 user, other two from admin2 user and so on. Also there must be the super admin user, which can manage all domains.
  • Add/edit/delete White/black list tables, at least by the following parameters:
    • Mail server Source IP address,
    • Mail server Destination IP address,
    • Source Domain name
    • Destination Domain name
    • Email address from
    • Email address to

It must be implement auto-learning mechanism, for automatically blacklisting and white listing the remote mail servers IP addresses, depending from error rate of remote mail servers. E.g. if some remote mail server is trying to brute force and get login/password for STMP server, the remote mail server must be automatically blocked after specified count of allowed errors. Unblock must be done automatically. But if after unblock the remote mail server continues the attack, the new block level/period must be stricter and so on. Specify at least 4 levels of strictness for each remote mail server.
Organize daily auto backup mechanism for mail server. Backup usernames/passwords/configurations and also backup all received emails, sent emails and all users standard/custom folders created on mail server. All backed-up emails must be stored at least 180 days.
Mail server also must have ability to show all sent emails, even when the backup of sent folders are not yet done for that period, and the user after email sent has deleted from sent folder, and also have erased the trash folder. The same must be done for all received emails.



DNS server.
Implement DNS server cluster, with open source environment. Cluster nodes must be installed in 3 different Internet Service Providers, located in 3 different Countries (preferably on 2 different continents).

     DNS servers must support VIEW mode, i.e. the same DNS servers must support company intranet (which is geographically spread and includes more than one country) and internet.

     For security reasons, it is required to disable any updates between DNS servers over Internet, and implement some mechanism, which will provide the secure updates channels between DNS servers. The provided secure channel must not be use week encryption algorithms (e.g. DES, blowfish, arcfour etc…); the minimum requirement will be the AES-256.



Intranet/VPN.
It is obligatory to create Intranet which will include all offices of company and the server’s farms located in different locations/cities/countries.
For providing high availability, Intranet connections must be implemented with multiple path technics, automatic switching to backup channels in case of main connections problems.
Intranet routers must be able to handle at least 1000Mbit encrypted channels.
     For security reasons it is forbidden to use any hardware VPN implementations, which can be source of unknown firmware, with bunch of hidden undiscovered bugs, and can be exploited and compromised later when bugs are discovered by hackers’ community.
It is also forbidden to use non-hardware implementations with proprietary or non-open-source operating systems.
     Except intranet, the VPN server for remote users also must be implemented.
As a VPN server open-source matured implementation with hardened version must be used.
None of implementation can be accepted, which is storing its configuration file or user credentials in plain text format. Configuration file and user login/password must be stored in VPN server in encrypted format, it will eliminate the loss of credentials or some sensitive information stored in configuration file, even when the VPN server is compromised and the intruder got full access to VPN server.
Implemented VPN server must support the devices with windows, linux, Mac-OS, IOS and Android.
The encryption algorithms used for Intranet and for remote VPN users must be at least AES-256.



File server.
File servers accessible from intranet users and remote users connected by VPN must be created. File server must provide multi user, multi permissions and multi group technics, for serving users and company appropriate policies and needs.
For smooth and reliable operation of file server, it is needed to have such implementation, which doesn’t require any cloud or client software on users’ computers. Any solutions with web interface, which are compressing the folders tree, for downloading, also are not acceptable, due to big files problems.
File server also has to be well scaled, e.g. files count can be more than 20 000 000, and it must not affect the performance of file server.
Any big file (e.g. 20 GB video file) must be accessed without downloading it, and file server must provide ability to play, rewind videos right on the file server.
File server must be accessed from Windows, Linux, Mac and Androids.
File server have to log the user actions for files/folders (read/write/delete/rename) and for each action the following information must be available in the log:
  • Date, time
  • IP address
  • Username
  • Computer name
  • Action type (read/write/delete/rename)
  • File/folder path

Backup server.
Automatic backup system must be implemented for all servers (file servers, mail servers, DNS, VPN etc...). All files and folders in file servers must be backed-up at the end of each day. The period of backup must be at least 180 days.
For last 180 days any version of file or folder can be restored from backup system. E.g. if some files are updated very frequently (few times a day), we have to have all 180 versions of that file in backup system, and can restore any version of that file for specified day.
Implemented backup system must provide ability to store folders and files with 2 options.
  • Simple backup storage
  • Encrypted backup storage

Some specified folders on file server will be backed up on «Encrypted backup storage», while the other files will be backed-up on «Simple backup storage».
After each backup process, backup system has to send the report to specified email address/addresses. Report must contain information about each node backup status (was it completed successfully or some error occurred), how many bytes where transferred, the period of backup process for each node and also the amount of free space of backup disks.



DHCP server.
Multi-home (multi-subnet) DHCP server must be implemented. DHCP server must have ability to distinguish network device and provide appropriate IP address from appropriate subnet. E.g. if some device is intended for having access to intranet, it must receive the IP addresses from intranet subnet, while the other devices must get IP addresses from restricted subnet and get access only to internet without intranet. DHCP server must have also the ability to provider other scenarios also.



Traffic management, control and monitoring server.
Traffic management system must be implemented in network infrastructure. System must have ability to set shapes to each IP, user or groups, open/close the internet traffic of specified user or IP. System must support cluster architecture, e.g. there will be the central node, and sub-nodes. On central node there will be located all necessary data (IPs, Mac addresses, groups etc.).

     Central node must have web-interface control panel with multi-level administrator logins including appropriate permissions.
Sub-nodes must be installed on routers which collect/manage/control traffics. All necessary information collected by sub-nodes must be automatically sent to central node. Central node must support ability to work with sub-nodes even when they are not located in the same network but are located on remote sites, on another region or city. If the connection from sub-node to central node is lost, or the server of central node is switched off, the sub-nodes must keep all collected information inside, and when the connection is again established (or central server is switched on) the sub-node has to synchronize all data which are missing on central node.

     Central node must have ability to see not only the total traffic of sub-nodes’ interface, but also ability to distinguish some specified groups of users or IPs. For example the company’s network is installed on 4 locations, each location has 3 departments (finance, engineering, production) and it is obligatory to see the traffic charts not only for each location, but also the charts of each department on each location, and also to have ability to see all traffic in total for specified department only (e.g. the summary traffic only for 4 financial departments). Such flexible tool will allow company to see the network current needs of each location/department/user/server and forecast the period and the amount of resources which are needed for scale, before the disruption and network problems start.

     Monitoring system also has to have ability to see not only the traffic amount but also traffic session count, initiated from each IP/user. It will help to find the source of network degradation, when some computers are infected by virus and they are generating thousands of session of unwanted traffic.

     Central node must have ability to monitor the CPU temperature, CPU usage, memory usage and HDD usage of other servers also (DNS, Mail, WEB, VPN…). It will help to eliminate hardware faults in cases, when for example the cooler of CPU is stopped, and after few days the CPU of some server will suffer. Such kind of statistical data also will help to determine when is the best time to start the scaling works, before the servers start to overload due to resource insufficiency.



Video surveillance system.
Video surveillance system for company IP cams must be Implement with open source tools.
For decreasing the overhead of the cams’ traffic and increasing the stability/flexibility of them, “video gateway” server must be deployed, which will get one stream from each IP cam, and will provide the ability to transcode, encode and multiply the streams from cams.
Video gateway must provide the wide range of video codecs and formats, which are not supported even by cams but needed for wide range of video stream players.
Video gateway also must provide the ability to stream the video from cams to YouTube or to other destinations.
Video gateway input and output must support all main video stream types and codecs (multicast, unicast, HTTP, HLS, DASH, RTP, RSTP etc…).

Video gateway also have to have audio/video re-synchronizing ability, for synchronizing the video and audio streams, in cases, when the source of stream has bad quality, and due to packet loss video and audio streams can be de-synchronized.
Implemented video server also has to have ability to log input stream errors, analyze the input stream state, and automatically make appropriate actions if some conditions are met (e.g. analyze the input source stream, and if the packet loss or error rate are critical, restart the input stream).
Copyright © 2009-2019 bits.am