A web application was experiencing serious performance problems, only
handling 10 concurrent users before terminating due to an out-of-memory
exception. Creatrix first profiled garbage collection and verified that the
out-of-memory exceptions were occurring due to a condition were the heap
fills up too quickly for the garbage collector to effectively free heap space.
Applying knowledge of how web applications operate, Creatrix engineers
reconfigured the JVM heap settings to increase the amount of space
available for short-lived objects. This adjustment allowed the application
to handle over 100 concurrent users.
Field personnel would routinely lock out their Active Directory accounts,
which placed undo strain on the help desk and systems administration
team. Creatrix developed an application to read the finger print templates
from a PIV type card and match them to the person using the computer.
Retrieval of the template required that the user enter their card PIN. This
essentially amounted to a three-factor authentication ‐ "something they
have, something they are, something they know". If the match was
successful, the user was prompted for a new password. The template
was then transmitted, along with the fingerprint and new password, to
a back-end server. If the server verified the match, then it would change
the user's password to the new password. All traffic was encrypted over
a VPN connection.
A certificate authority's (CA) fulfillment process was manual, and
there were more than 400 workstations that used certificates for
VPN machine authentication. The manual process was nine steps and took constant
Creatrix wrote software to automate the process. A web service permitted
workstations to request a new certificate; a message broker then called
a custom library to generate a PCKS10 certificate request. The form was
completed, and the required paperwork was generated as signed PDF
documents which were then emailed to the CA. A custom service then
checked the CA for new certificates on a daily basis. If new ones were
found, the message broker would join the certificate with the private key,
encrypt it, and store it in a database. On the workstation's next web
service request, the web service would retrieve the certificate from the
database, encrypt it with the
public key, and transmit the encrypted
package to the work station that would then install the
Copyright 2012 Creatrix, Inc. All Rights Reserved.