Manufacturers use the term ‘Military grade’ to describe everything from watches to laptops to sunglasses, presumably indicating that their product is rugged. But would a tank or a bazooka ever be anything other than a military grade? A similar use of imprecise language is the frequent claim of ‘enterprise grade’ apps, implying the best-of-the-best. But what does that actually comprise?
Pushing technical limits
Oriana provides a go-to reference point, given that the company’s platform is increasingly seen as very definitely enterprise-grade. The company’s low-code guru, Péter Pátzay (whose job description is intriguingly ‘Pushing Technical Limits’), begins by admitting that although Oriana has more than twenty years of experience with Effector, SMEs were originally the main sales target. However, over time a lot of experience has been gained with major companies such as E.ON and Egis, as well as numerous government agencies and their partner companies. With a strategic approach, Oriana has prepared itself supplying enterprise grade capabilities with the Effector platform. Péter takes up the story:
“When a big company or organization becomes the client, you have to fit in with their methodology, no question. This means that your apps have to come under their governance, so you must be fully prepared for this.” Even something as apparently simple as logging on to the system must be integrated. Clearly it wouldn’t be attractive if a user had to separately log in to every app they needed to use. And imagine new hires, or new customers: their path into the organization has to be smooth, and not feature repetitive access issues. “Enterprises have standard ways of logging in, for example,” says Péter. “An app has to connect to Directory Services, which is the standard way of accessing the system.” So an app must be able to authenticate users to get over the first hurdle of providing enterprise capability.
The concept of a single sign-in is fundamental to all enterprise applications, and authentication provides that ‘single source of truth’ which must be present. This is intimately tied in to the subject of Security, of course. Users must be able to access the system and all appropriate apps with ease, but at the same time the system must be protected from users. It’s a circular argument which must be satisfied by any enterprise grade app (a criterion which Oriana meets).
You would think that reliability would come high on any customer’s spec sheet, but in the area of enterprise grade apps this goes to a new level. What happens if the database fails? The first option is Hot Backup, achieved by having two parallel systems running together. If one falls over, the other is immediately available. The issue is that running two complete systems is costly, so another option is to have a degree of backup available within – typically – one hour. This takes care of major components, such as the database, ensuring that business-critical components are restored at the earliest possibility. Platforms such as Effector must therefore be completely compliant with the database, and reliable. The question which always must be asked is does the company fail if you fail? That’s what is meant by ‘business-critical’ and it’s a good general guide as to what ‘enterprise grade’ really indicates.
Another vital ingredient to the enterprise-grade recipe is the ability of an app to scale. It may be fine coping with small amounts of usage, but what happens when demand rises, or there is a new and different type of demand? This will inevitably lead to stress on the app and database. So how to deal with that? “We’re always looking to prepare for the worst case, so if Effector is installed locally and the load increases, there has to be sufficient processing power on tap to service that. If you want truly modern scalability then you have to go to the cloud where you’ll get a complete one-click solution.” Either route, yes, Effector scales.
As part of the continuous ability to follow all instances of interaction with an app, it must be able to be interrogated and checked by an organization’s IT department, using accepted metrics from independent standards groups such as OWASP 10 and SANS 25. A permanent record of unmodifiable files enables an audit trail showing who did what, and when. “With auditing, the IT department can check all business-critical events,” says Péter. This will include who logged on to the system, or who provided the wrong password – especially who provided the wrong password three times – sometimes an indicator of potential attack.”
Monitoring is an enterprise feature needed by an organization’s IT department to “watch” in real time how well an app is working, based on agreed KPIs. In order to do this, the app must therefore be capable of monitoring by tools such as Aware from HPE. To be accepted as enterprise grade an app has to supply quality information, and show that it is working to the correct threshold.
So, it seems that ‘enterprise grade’ actually does mean something, with defined and measurable factors which must be fulfilled. And does Oriana comply?
You can bet your military grade tank on it.