AimBetter Architecture
Data can only flow in one direction – there is no possibility of feedback into or interference with the customer’s domain.
Data can only flow in one direction – there is no possibility of feedback into or interference with the customer’s domain.
As illustrated in the graphic, there are three primary areas in which the AimBetter product operates. We have introduced specific and unique procedures and technologies inside these, as well as in the movement of data. Combined, these produce an impenetrable shield around the whole operation, guaranteeing the integrity and privacy of your data and the safety of your own IT process.
The installation of the agent requires the creation of a specific user inside the customer’s own domain. This user has strictly limited access – cannot query/change/drop/create any table or object data on monitored servers.
AimBetter user itself needs only access to its program folder and specific permission on the single-host server. The script that creates this user grants specifically restrictive rights (VIEW) on the database and the server. As well, the roles allocated are reader-only. This user cannot make any changes to data or infrastructure. You can check our instructions to create a user with minimal permissions for Windows, Linux, MSSQL, Oracle, and Amazon RDS.
AimBetter monitor pushes information out in a one-way stream from the agent. As a further level of security, there is the option to block inward requests. All data is compressed and encrypted, then transmitted via SSL-secured ports through our firewall into our secured data center.
By lifting the monitoring results into our data center, AimBetter provides another level of security. Third-party service providers such as programmers and consultants can also access the information without having to be given access to the customer’s domain.
We provide full coverage of the following areas:
AimBetter only monitors performance for the applications and/or servers of the customer database environment specified during the installation of the AimBetter agent. Generally, the monitor collects metadata that includes aggregate time measurements for server resource utilization statistics, server error logs, SQL server resources, SQL server query statistics, and SQL errors.
AimBetter agent processes:
We offer an optional separate function that can collect and report on connection performance to non-database-related hardware and services (disks, drives, folders, websites, etc.)
AimBetter is committed to protecting the privacy of our customers. The application data we process as part of our provision of services is only used to display application performance information back to the customer’s AimBetter account users, or to our Expert Support team to facilitate their support activities.
We undertake never to provide data to third parties without the explicit approval of the customer.
AimBetter only collects metrics relevant to server activity (for example, creation/reading/update of data), which is passed up through the firewall for analysis.
AimBetter is hosted at our Tier3+ certified data center. Physical access to this location is restricted to people with authenticated credentials and all access/egress is reported.
The center is equipped with fully redundant power backup systems, fire suppression systems, security guards, and biometric authentication systems.
Users access the results of AimBetter’s services through their unique username (usually email address) and password. These passwords must meet a high level of complexity (for example – a minimum of eight characters with mixed cases and special characters). Customers are responsible for managing their accounts, including provisioning and de-provisioning their own users. We store user passwords in an advanced, industry-standard encrypted hash format.
AimBetter adds the following mechanisms to protect against access violations:
AimBetter has certain technical features built into its design to offer its customers additional security options:
On top of AimBetter’s already secure-by-design architecture, we offer additional security conditions for customers with more stringent compliance requirements who want complete separation from the general environment.