I'm working for a client on 2 FileMaker <-> Web applications.
The first involves hosting a web stack (most likely LAMP) for the External
SQL Sources (ESS) portion of the application.
The second involves migrating a custom Web publishing application based on
FX.php to a security compliant platform with a minimum amount of code
This client recently had their web applications tested by a security
scanning company and wants to ensure that all their Web applications are PCI
compliant on an ongoing basis.
At the moment I'm planning on hosting on the Amazon Web Services (AWS)
platform for the following reasons
The client already has a web application hosted at Amazon.
The research that I've done regarding the Amazon Web Services platform
indicates that there is a robust security model in place.
Amazon Web Services seems to be a platform with a lot of momentum and
therefore presents a relatively safe commitment for the client as well as an
interesting platform to become familiar with.
The Amazon Web Services platform seems full-featured. Along with that comes
a learning curve in figuring out how to set things up properly.
One of the most interesting aspects of the Amazon Web Services platform
pertains to the security implementations framework they offer.
In reading through the Amazon Web Services documentation I came across the
"AWS Web Hosting Best Practices" PDF
There are 2 interesting diagrams (page 3 and page 6) that show the
Well-done network diagrams (AWS Reference Architectures)
AWS_Security_Whitepaper PDF (In-depth treatment of security topics)
The security architecture that Amazon describes is more complex and more
granular than the traditional web hosting implementation. For example, the
3 tiers of the application: Web server(s), application server(s), and
database server(s) are deployed on separate virtual machines (EC2
instances). Each of the instances is protected with a virtual machine level
firewall, etc. This high level of security comes at a price. The machines
are so locked down that access often requires skill with the command line,
SSH, SSH tunneling and the management of a variety of different types of
It also seems possible to deploy a Web server platform on AWS in a less
granular fashion although this is not documented by Amazon as far as I know.
My inclination is to go with their more robust and more complex deployment
as it represents a best practice implementation that can be used in both
simple and complex deployments. It seems to me that using different virtual
servers with individual firewalls does create a more secure platform. This
plays to the strengths of the Amazon Web Services platform.
One of the more interesting aspects of Amazon Web Services ecosystem is the
existence of Amazon Machine Images (AMIs). AMIs are essentially computer
disk images that are used to create "EC2 Instances" that run as virtual
machines. In addition to the AMIs provided by Amazon, there are a large
number of third-party AMIs.
It occurs to me that there would be a benefit to FileMaker, Inc. in creating
collections of AMIs that would facilitate the process of setting up and
optimizing various stacks for ESS deployments and/or FileMaker Server
For example, one specification of a collection of AMIs would include the
A version of MySQL that is compatible with FileMaker ESS.
A version of PHP that is sufficiently modern to pass security scans.
An operating system that is compatible with the versions of MySQL and PHP
specified above. My preference would be a Linux based distribution in order
to minimize the cost of the stack and maximize the value available to the
A version of Apache compatible with all of the above.
Additional software as needed to facilitate and support a robust
full-featured ESS implementation. For example, a version of sendmail might
be useful, etc.
Others might have different preferred AMI specifications.
There would be a number of benefits to FileMaker Pro Inc. in providing
Amazon Machine Images.
FileMaker, Inc. would be empowering the developer community in the
implementation of "hybrid" FileMaker <-> ESS solutions thereby retaining
customers who might otherwise migrate towards a solution that is exclusively
FileMaker would achieve branding within that portion of the developer
community that's involved with Amazon Web Services, either using Amazon Web
services or in the process of evaluating AWS use along with other
I would be interested to hear thoughts on any of the above.
All the best,
Tony White Designs, Inc.
44 Butler Place, 6G
Brooklyn, NY 11238
iChat: firstname.lastname@example.org | skype: tonywhitelive