The structure of Password Safe v8 is based on the principle of multi-tier architecture. This multi-layered design of the individual software components provides the basis for a well thought-out and ground-breaking security concept. The three separately acting layers can each be scaled as needed. As a result, Password Safe v8 can also be used efficiently in companies with very large number of users and sites around the world. If the “end-to-end” encryption is used, data can be encrypted or decrypted also on the clients. This ensures that unencrypted passwords will never exist on the database server or the application server. The “private and public key method” ensures that the private key is always only available to the user. The application server only knows the value of the public key and is thus unable to see the value of the password.
Password Safe version 8 can be set up on small to global system landscapes. Any number of clients, application servers and database servers can be connected within the multi-tier architecture. The use of a fail-safe cluster is recommended for databases in a production system. Microsoft SQL Server can replicate the data to a different data centre, e.g. via WAN. We also recommend providing a separate Windows server in each case.
The following overview presents a classic Password Safe system landscape. Version 8 allows use of several database servers across all sites. These are then synchronized with one another using Microsoft standard applications. Any number of application servers can be made available for the client connection. This ensures load distribution, and allows work without significant latency. This technology offers enormous performance advantages, particularly in the case of installations that are spread across worldwide locations.
Client (presentation layer)
The client layer handles the representation of all data and functions, which are provided by the application server.
Application server (business logic)
The application server is entirely responsible for the control of the business logic. This server only ever delivers the data for which the corresponding permissions are available. The multi-tier architecture described at the beginning allows the use of several application servers and ensures efficient load distribution.
Database server (data storage)
Password Safe version 8 uses Microsoft SQL Server to store data due to its widespread use, and its ability to ensure high-performance access even in large and geographically scattered environments. Smaller installations may also use the free SQL Express version.
At least three servers are thus recommended:
- Database server (MSSQL)
- Application server (Password Safe services)
- Web server (IIS)