Aras - www.aras.com
myInnovator Subscriber Login
We chose Aras because of demonstrated strength in both PLM and the automotive requirements, and because the flexibility of the solution allowed us to easily adapt it to our proprietary competitive processes while remaining compliant to industry standards.
July 2008
Project Manager
Nemak

Technology |

Security

Aras is the only solution of its kind that has ever been independently certified for the entire Microsoft platform including Windows Server, SQL Server and the .NET Framework. These certifications ensure the highest level of confidence for mission-critical enterprise solutions.

Users

The Aras standard client is a browser based application that uses the Aras SOA framework Web Services Definition Language (WSDLs) Documents to discover and consume web services-based connections from the server.

Secure end user access to the server-based processes, data and documents is through the standard Aras SOAP/XML-based client or any SOAP/XML client application.

Aras User Access Security Features include:

  • Single sign-on with Active Directory / LDAP for end-user authentication
  • Role & Group Hierarchy and Access Rights managed within Aras Innovator
  • Mixed-mode Authentication Schema for Management of Supplier and Customer Access
  • Configurable authentication security features include:
    • Passwords Encrypted Over The Wire
    • Password Complexity Rules
    • Password Aging
    • Automatic Lock-Out on N Failed Logon Attempts

Data

The Aras security, authentication and data access rights model was defined by our defense industry customers. Every business object (item) is linked to a need-to-know access control list which specifies the access rights of each User with that data element.

Aras Data Access Security Features include:

  • Secure Access through Authentication and Access Control Lists
  • Internal or External Authentication Control through LDAP or Microsoft Active Directory
  • Authentication Required with every Transaction; No Risk of Session Hijacking for Unauthorized Data Access
  • Access Controls include Per User and Per Group Defined Access Control Lists
  • Defined Access Control Lists Enable Aras to meet the most stringent Need-To-Know Requirements

Framework

The Aras framework is designed from the ground up to expose secure web services for all data exchange and process integration.

The n-tier, service-oriented architecture is composed of web clients, application server(s), database(s) and file server(s) and is based entirely on standard Internet protocols, including HTTP / HTTPS, XML and SOAP (Simple Object Access Protocol). The application server and vault server are implemented using Microsoft .NET and the database is Microsoft SQL Server.

Optimized for flexibility and performance, the Aras framework securely manages both the current state and version history for configurations of documents, metadata, form-based data and task oriented workflow processes. And, because Aras is completely web-based and all the APIs are available as published WSDLs, any web client can be easily and securely integrated through the published WSDLs.

Integration with other legacy and modern applications is accomplished through the SOA Web Services framework using a technique called Federation, which allows application specific WSDLs to be created and published for specific data and process integration scenarios.

Outside the firewall, Web browsers and mobile devices connect using either HTTP or HTTPS. Aras is fully and securely extensible to any web services client, including Android, BlackBerry, iPhone and iPad.