Isolating databases

This image illustrates the level of isolation achieved by different solutions.

Project isolation

If security or regulatory constraints are placed on you regarding the storage of project information you can choose to control the isolation of project data by the way in which you deploy projects across Helix Plan databases and servers.

A Helix Plan server can host one or more databases. Each database is stored in it is own file and a single database can contain one or more projects. Thus each project within a database is stored in the same file on disk.

If you require a higher level of isolation between different projects you have two choices:

  • Use one database per project, with one server hosting all databases.
  • Use one server per database and one database per project. Each server can then be moved to a separate physical machine if desired.

With #1 a user connecting to your server will be presented with a list of databases so they can select which database they wish to connect to. A user can open a new connection to another database if they require access to more than one database. It is important to note that the names of databases available on a server will be visible to all users connecting to a server.

#2 provides the highest level of isolation between projects - especially if you use a separate physical machine per server.

Sharing users

A common way to facilitate account management is to use Helix Plan shares. Shares allow two servers to be configured to exchange information between them. The information that is shared can be limited to user account information, thus you can maintain project information isolation between servers while centralizing user account management. You can read more about shares in the Helix Plan shares management documentation.

Delegation

If you are concerned with isolation at a more operational level (e.g. you wish to limit access to certain portions of a project to a limited group of users) you may wish to consider using the delegation feature of Helix Plan. This provides a lower level of physical security than splitting projects across servers or databases but allows for higher granularity control. You can read more about delegation in the Helix Plan user documentation.

Choosing where to put the database files

The data is safest if the database file, transaction log and the backup files are all put on separate physical discs. The backup directory can be put on a networked directory, but the main database and transaction log should be located on local discs to minimize the risk for corrupted data.