Implementation details, security & data transmission
Defence in Depth (DiD) options
How does this compare to interfaces Protel / Suite8 offer?
Implementation details, security & data transmission
The Impala Data Reader is a locally installed Windows service with minimal CPU footprint.
- APPLICABLE TO PROTEL: It queries the Microsoft SQL Server database locally through a Tabular Data Stream (TDS) connection. No direct database connection is performed from outside the server that the Impala Data Reader is installed on.
- APPLICABLE TO SUITE8: It queries the Oracle database locally through a Transparent Network Substrate (TNS) connection. No direct database connection is performed from outside the server that the Impala Data Reader is installed on.
The Impala Data Reader transmits the collected data at regular intervals to the Impala Data Ingestion endpoint through SSL / TLS 1.2.
The SSL connection is guarded against Man-In-The-Middle attacks, SSL certificate mis-issuance, DNS spoofing and domain takeover attacks by using a private Impala Certificate Authority (CA) and restricting the Impala Data Reader to only trust this private CA.
Even if the local hotel network is compromised and the DNS poisoned to redirect traffic to a host with a certificate trusted by the Public Key Infrastructure (PKI), the Impala Data Reader will not transmit data to it.
Impala generates a custom installer for each hotel that includes a hotel specific 2048-bit encryption key. This makes sure data is sent encrypted while making the installation a quick and easy process for the integration engineer or IT team
Defence in Depth (DiD) options
Database credentials used to query the database are stored locally on the hotel server (on-premise). Hotels can choose to install the Impala Data Reader and enter their own database credentials themselves, without Impala becoming aware of these details. The Impala Data Reader can run as an unprivileged user and with restricted permissions to the target data source.
How does this compare to interfaces Protel / Suite8 offer?
Depending on the data needs for a particular integration, official interfaces send data in excess of the needs of the individual integration.
- For example An IPTV system only requires room numbers and the last name of the guest for a greeting, but the PMS-offered interface might transmit complete guest profiles including highly sensitive data like birth dates, phone numbers and email addresses, leaving you as a hotel open to creating an unnecessarily bigger data footprint. With Impala, only the precise data points required are cached and transmitted to the technology provider.
The PMS-offered interface does not shield a hotel against Man-In-TheMiddle attacks, SSL certificate miss-issuance, DNS spoofing, and domain takeover attacks by using a private Certificate Authority (CA), and restrict transmission to this private CA.
Impala offers its product at a fraction of the cost of what a PMS charges hotels for a one-of installation, and ongoing support and maintenance. This enables hotels to use innovative technologies in a cost-effective way.
Impala’s installation can be completed in hours, not weeks. Most PMS interfaces require licenses to be ordered and involve high-touch sales processes and account management, as well as costly remote or on-site installs.
The data flow for Protel / Suite8 can be reviewed here.