Document Managers Need to be Vaulting, Says Synergis

April 18, 2013 | Comments

Synergis Software has several decades experience in producing Adept, their engineering document management server software. I spoke with Todd Cummings on the topic of vaulting; he is the company vice president of research and development.

Todd Cummings

Q: Let’s begin with basics. What is “vaulting?”

A: We describe vaulting differently from others in the industry. The image often presented by competitors is one of protecting data, of bank vaults, a Fort Knox.

The truth is that vaulting is more than that. It includes the method of transporting data into a protected area and then back out. It’s pretty simple: Vaulting is both the document delivery and storage mechanism.

 Q: If you describe vaulting as “a document delivery and storage mechanism,” how are others in the industry describing it?

A: They describe it as the location where your documents are stored. We say that vaulting is both the storage location and the transport medium. The reason I believe we speak about it differently from other solutions/vendors is because we offer alternate vaulting choices and other vendors do not.

In reality, the ‘data’ in an EDMS system is comprised of three main types: metadata that are stored in an SQL database; documents that are stored in one or multiple vaults, and the FTS (short for “full text search”) index data, which is an entire index of searchable contents of documents.

Q: How does the Adept EDMS system store documents?

A: Adept stores documents in one or more vaulted file system locations using the original folder and file names.

Q: You place importance on how documents are moved. Tell me more about the process.

A: To the best of our knowledge, we are unique in how we store our customers’ data.

Here is how the system works in competing solutions: After engineers and designers place their drawings on the “Engineering Drive (E-Drive),” they are moved from the current E-Drive location during the vaulting process. Along the way to the final resting place (the vault), the filename and folder name are transformed. This transformation is known as “hashing.” For instance, My Documents becomes a folder name that is not easily readable by humans, such as “PDQ813.”

Q: Why would your competitors do this?

A: The reason competitors hash files and folder names is to make the internal handling of documents easier from their perspective. I think it’s the difference between what the developer wants versus what the customer wants.

We made a design decision that the customer’s data belongs to the customer. If we are going to add value by protecting their data while they use our EDMS, we are not going to obscure the data that belongs to the customer. Our solution lets them have access, yet protects the data.

Other vendors make the case that hashing provides a passive layer of security by making names unreadable. But we know there is a difference between name hashing and encryption. Encryption secures data; hashing data does not.

Q: You mentioned encryption: what kind do you use?

A: Encryption is an option—it can be used or not. If it’s chosen, we use SSL [Secure Sockets Layer, a cryptographic protocol for secure communication security over networks].

We believe the document storage itself should be secure enough that there is no need to obscure the file and folder names.

Q: How does Adept’s storage system work?

A: These days it is common to have an application server that runs our EDMS component, (e.g. application/database server). The documents are stored in one or more other locations, generally not on the same hardware as the application server.

Let’s say the application server goes down due to an operating system crash or the network is cut Our vaulting system allows an IT professional to use Active Directory services to make the document locations available quickly and then make those locations read-only to users so they can keep working. Users can browse by folder and document names, which is in the
human-readable format, and immediately find their documents. If the data were hashed, then this would not be possible.

Sometimes I describe our vaulting as a “wrap around vault.” It makes a difference in how we import documents into our system compared to other solutions. I emphasize “import” because we don’t move or transform anything. A high percentage of our customers leave their documents where they are in their current system, and so we leave them there. We can vault them immediately in place, without moving them around the network.

Q: Would this be like me having my own folder system holding thousands of project files, and Microsoft coming along a year later saying, “You should store files in ‘My Documents’,” and then another year says, “Use ‘My Favorites’ instead?”

A: Exactly.

Q: Would your competitors would be horrified that you don’t lock in customers and that If they want to leave you, they can?

A: It is important to provide customers with an exit strategy. It was first raised by one of our customers, the US Coast Guard who said, “Our requirements today may not be our requirements ten years from now.” It gives customers confidence to choose Synergis Software, because they know if things change, we haven’t locked them in.

Q: How often do customers choose you because of the exit strategy?

A: It is a fair question, but I don’t have the answer. We tend to track customers who choose us because of our vaulting methods (in which we do not change folder and file names) versus our competitors’ vaulting methods.

Q: Doesn’t one implies the other? 

A: That is the point. It is a strategic view, looking ten to twenty years from now. We don’t delude ourselves that once we have a customer, their data belongs to us.

Here is another real world use case: Customers have large investments in existing data that rely on network locations and file names. One customer pumps crude oil from tankers and stores it in underground locations while waiting to be piped to refineries. Their sales and marketing teams have a large body of PDF documents that describe to potential customers what they do.

In these thousands of sales and marketing documents, there are hyperlinks to drawings and other documents. Our competitors would have to tell them that they need to edit every single one of their documents to change the hyperlink addresses. But because of our vaulting technology, we provide them with a secure system without the need to re-edit documents that are already

In addition, users don’t need to know where documents are located; the links always point to the latest (approved) version of all documents, which is a feature of our system.

Our customers like that our system is deployed rapidly. If, however, they want to change their system of file storage, we can help them with that.

Q: You spoke earlier of the importance of moving documents in and out the vault. How does this occur?

A: We support four different transport mediums. Ranging from the most open to the most protected, they are as follows:

  • Direct access gives users access through network shares or hidden network shares. This transport system is rarely used anymore.
  • FTP (short for File Transport Protocol) transports documents using an FTP server, like IIS/FTP services or Mozilla’s FileZilla. (Customers can use secure FTP-S or not.) It works by removing the share from Windows Explorer to make documents no longer accessible in that way. After that, only the Adept Client can be used. We like how unadorned the protocol is, less chatty and more efficient than the direct access method.
  • Hybrid transfers documents using FTP, but allows certain users to have read access through Windows Explorer. This method is useful for departments outside of engineering that need some sort of Explorer access. For example, like that company that needed sales and marketing’s PDF links to engineering document to remain intact.
  • AFS (short for Adept File System) is our own document handler. It is a lightweight service like FTP, but also supports “replication,” meaning that documents are automatically stored in a vault replica (or satellite, as we call it) closest to the user. This makes load and save times faster for users located in countries distant
    from the head office. We manage replication to ensure there is one version of the truth.

We support multiple vaults, such as a head office in US and a branch office in Europe. This is why having multiple document vaults is important. We support any number of vaults, using any of the four transport systems; we can mix and match.

Q: Which of the four transfer systems do you find that people tend to use?

A: AFS with replication is the most recent favorite. It is most commonly used by new customers; older customers tend to rely on FTP.

Q: Physically, what does a vault consist of?

A: It is a hard drive. It has a root and folders. It is commonly on a server with a Microsoft operating system, but that’s not required. It could be a Linux box or another system, because FTP works on all operating systems.

Q: What about backups?

A: In some of our competitors’ systems, they have to install a replacement file system driver and that adds complexity with no gain. Different and costly backup systems may be needed. Since we don’t replace the file system driver, customers can use any backup system they want.

 We provide backup tools, but we find our customers tend to use their existing network backup tools.


Subscribe to CADdigest Weekly