Technology behind ProZorro, ProZorro.sale, MTender, Rialto

The OpenProcurement toolkit, designed by Quintagroup, has been implemented in four different projects, both Ukrainian and foreign ones. As to the projects, launched in Ukraine, they are ProZorro, ProZorro.sale and RIALTO. One more project, designed on the basis of ProZorro with the respective customization, is MTender that has been realized in Moldova. The implementation and further functioning of these projects involves both open source and closed-source software application.

The closed-source software, used for the discussed projects, primarily includes cloud services, necessary for data storage and management. Quintagroup is experienced in building, testing, deploying, and managing applications and services at various web services, such as Amazon S3, Microsoft Azure, MCloud and De Novo. The choice of this or that cloud service has been justified with the peculiarities of a certain project and the customer’s preferences and requirements.

Amazon S3

ProZorro.Sale and RIALTO are hosted at Amazon S3 cloud provider. Amazon S3 (Simple Storage Service) is a web service offered by Amazon Web Services. Amazon S3 is built for simplicity, with a web-based management console, mobile app, and full REST APIs and SDKs for easy integration with third party technologies. It is available in regions around the world, and includes geographic redundancy within each region as well as the option to replicate across regions.

The server’s security is assured with the data transfer over SSL and automatic encryption of customer’s data once it is uploaded. Amazon S3 stores data as objects within resources called "buckets". Customers can also configure bucket policies to manage object permissions and control access to their data using AWS Identity and Access Management (IAM).

Amazon S3 Storage Management

Amazon S3 Storage Management features allow customers to take a data-driven approach to storage optimization, compliance, and management efficiency. These features work together to help improve workload performance, facilitate compliance, streamline business process workflows, and enable more intelligent storage tiering to optimize storage costs and performance.

Security and Access Management

Amazon S3 provides several mechanisms to control and monitor who can access your data as well as how, when, and where they can access it. VPC endpoints allow you to create a secure connection without a gateway or NAT instances.

Azure

Azure cloud provider is used to host the Jenkins continuous integration testing stand, used for quality assurance testing within the ProZorro.sale project. Microsoft Azure is a cloud computing service created for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service and infrastructure as a service and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

Azure integrated tools, from mobile DevOps to serverless computing support the productivity. Azure supports a range of operating systems, including both Linux and Windows, programming languages, such as Node.js, Java, .NET, frameworks, databases, and devices with cross-device experiences with support for all major mobile platforms.

Azure offers hybrid consistency in application development, management and security, identity management, and across the data platform. Customers can connect data and apps in the cloud and on-premises to achieve maximum portability and value from their existing investments.

As to the security assurance, Azure Security Center enables detecting and mitigating threats with a central view of all customer’s Azure resources. If Azure and AWS services are compared, Azure was the first major cloud provider to contractually commit to the requirements of the General Data Protection Regulation (GDPR).

Azure services offer cognitive APIs, bots, machine learning, and blockchain as a service (BaaS) capabilities for building intelligent solutions at scale.

De Novo

Currently, ProZorro is hosted at De Novo cloud provider. It is necessary to mention that from the onset of ProZorro existence the system was hosted at Amazon S3 cloud provider for three years. Later on, the ProZorro system was to migrate to another cloud provider, a Ukrainian one, as it is regulated by the law of Ukraine, according to which the state-owned data are to be stored in Ukraine. Thus, Quintagroup undertook the process of the system migration onto the De Novo cloud provider.

De Novo cloud services are provided for corporate customers according to IaaS-model (Infrastructure-as-a-Service). It is designed according to Trusted Cloud concept to assure multilevel security protection, provide the implementation of custom code and data protection solutions. De Novo can stand its ground due to high reliability, professional technical support, availability guarantees as well as resources complying with Complex Data Protection Systems standards.

Cloud Storage (vStorage)

vStorage is a virtual disk array designed to store large amounts of information with a predominantly sequential access profile – archives, media files, backup copies, installation images.

De Novo services offer full control over cloud storage, possibility to define how the resources are allocated in the network drives and export them using iSCSI (block access) or NFS / CIFS (file access) protocols. Among the De Novo Cloud Storage key benefits one can distinguish:

Failure tolerance. Cloud disks are protected from hardware failures using enterprise-class RAID-DP failure tolerance technologies that ensure data integrity and availability even in case of simultaneous failure of two disks. Physical resources used by De Novo Cloud Storage do not have non-redundant points of failure (SPoF).

Variation in usage models. The disks set up within Cloud Storage can be mounted to virtual machines in the cloud datacenter, as well as to virtual or physical servers located in user’s own data center. Both access protocols (block (iSCSI) and file (CIFS / NFS) are supported.

MCloud

MTender is hosted at MCloud cloud provider. The MCloud Platform is a joint governmental information infrastructure that functions on the basis of “cloud computing” technology and caters for various types of services, namely Infrastructure as a Service - IaaS, Platform as a Service - PaaS, and Software as a Service - SaaS.

The MCloud Platform is purposed for the use of central administrative authorities and organizational structures falling within their spheres of competence, subordinated to the Government (CPA) and represents an innovative delivery model based on infrastructure, platform and software as services’ consumption.

The MCloud Platform has several objectives, including:

exempt public institutions from managing their own infrastructure, so as to give them the opportunity to concentrate their efforts on the set objectives as well as to create value-added services;

reduce the data centers maintenance costs through rationalization, consolidation and virtualization;

minimize paper consumption within the governance process.

In order to minimize the threats, the MCloud platform security architecture suggests a new approach to its security by applying the “in-depth security” principle. This principle presupposes the use of new security levels for general safety, operating independently from each other, where the next security level provides protection in the case the previous one has failed.

Thus, 8 levels of security are provided: