Intellect 3.0 Security

Intellect 3.0, the server in particular, is a critical tool for creating value in many applications. Recently we put together a proposal for a system that will model, predict production and optimize entire oil fields in real-time. To a great extent, many of the operations of Intellect don't have an impact on Health, Safety and the Environment (HSE), but some operations do have a significant impact on the businesses' bottom lines... high quality, high volume production (yes, high enough to impact the bottom-lines of some countries). As such, the Intellect 3.0 Server, the "nerve center" of this capability, does need to be secured to avoid unauthorized persons from tampering with settings and to also provide an audit trail of who did what when.

Enter Intellect 3.0's multi-tiered security model. It is part based on either NTLM (NT Lan Manager) or Kerberos (these two comprise Windows Security) and also Intellect's own application-level security model. Users need to have local or domain accounts established on the Intellect 3.0 system's computer(s) in defined roles or groups (in Windows' terms) to be able to access the Intellect 3.0 server and sub-components. These authenticated users then are allowed to participate in Intellect's application security system.

Intellect 3.0's application-level security model is comprised of three elements... Users, Roles and Rights. When a user authenticates with an Intellect 3.0 server, they are granted certain Rights based on the Roles they are assigned to by Administrator(s). These Rights enable/disable certain capabilities, such as the ability to create tasks, start/stop operations, make changes to settings or to merely look. These Rights also auto-configure applications to provide or hide capabilities. Isolating Rights and Roles enables administrators to create all sorts of Roles that have varying Rights. Roles typically include administrators, solution designers, engineers, supervisors, operators and the like, but with a few mouse-clicks could include office staff for reporting, plant management, etc.

The reason we don't just use Windows security for all this is because some customers would rather not have custom roles/groups set up in Windows itself just for a particular application, and we prefer to grant Rights rather than at a Roles level (Windows only allows Users and Roles, aka Groups) giving us more control and isolation/abstraction between the user and the system. Also, user switching (log-out, then log-in) can be done at the application level, avoiding having to log out of Windows, then in again in a different account just to get different Rights.

Intellect 3.0 is a critical tool for creating significant value, sometimes in the $100's of millions per year and because of this, it is flexibly secured to protect this value.