Elyse – INTEGRITY BY DESIGN
Elyse® DMS (document management system) is a high integrity controlled document database platform.
Interact with the live read-only demo. No registration required.
Download the pre-release version for an unrestricted evaluation.
This is the initial public pre-release of Elyse, representing a complete and production-ready product. The platform is released with a fully functional Apache-licensed application layer. Elyse provides a stable and transparent foundation upon which independent vendors, integrators, and internal teams can build.
High Integrity
Immutable File Storage
After being stored in an Elyse database, files are immutable for Elyse application users, ensuring their integrity. Files can also be assigned an immutable retention date, which cannot be changed once set, and the file cannot be deleted before that date has passed. Under normal configuration, files can only be deleted via the database and are not accessible outside of database-managed operations.
Secure File-To-Data Relationship
The relationship between files and associated file metadata is managed with strong transactional integrity. Relational data and file data are stored and backed up within the same SQL Server–managed system. The database provides transactional consistency between relational data and file data, including during backup and restore, preventing orphaned data under normal SQL Server–managed operations.
Single Namespace Guaranteed-Unique-Identifier Register
A single Elyse database instance maintains one register of user-facing document identifiers within a single namespace. Identifier values are database-constrained for uniqueness while remaining format-agnostic. Identifiers are editable but can be locked against unauthorized change.
By design, duplicate identifiers cannot be created, including through misconfiguration by use of multiple registers for similar entities. No parallel or proxy identifier register is used, regardless of how identifiers are constructed. Document IDs are abstract entities which relate to files through a parent-child relationship.
High Security
Windows Integrated Security
Elyse relies on Windows Integrated Security, leveraging operating-system-level controls for authentication and access management rather than application layer security.
Database Layer Trust Boundary
Once a user has logged into a Windows account the Elyse SQL database is the sole arbiter of user authentication. The database maintains a zero trust relationship with the application layer. It uses ORIGINAL_LOGIN() to resolve and authenticate users against SID-based ACLs stored within the database. No token passing occurs. The application layer is only responsible for ensuring that the configuration preserves the integrity of ORIGINAL_LOGIN() responses.
Stateless Security Architecture
User authentication is verified within the database every time a call is made that requires privileges. No token passing occurs. No security state is stored beyond the scope of a single call or single stored procedure.
Fully Parameterized Stored Procedures
All application access to data is enforced through stored procedures. Access by stored procedures to underlying tables is via internal ownership chaining. All stored procedures are fully parameterized and contain no data definition language (DDL), no data control language (DCL), and no dynamic SQL capable of structural SQL injection.
Zero-Privilege Application Layer
The application requires zero privileges and only needs credentials for one or more application roles. Application role credentials allow the execution of stored procedures within role-based schemas. Access to data is further restricted by ACLs checked against ORIGINAL_LOGIN() in each stored procedure that performs a privileged task. The application layer can be segmented by configuring an application with credentials for a single application role, preventing it from executing stored procedures for other roles. Application service accounts are not required to, and must not be, registered within database ACLs.
Full Code Transparency
All code is publicly available and fully transparent. No database code is obfuscated. Application layer code is released under Apache License 2.0.
Audit Logging
Built-in audit logging is provided for essential requirements such as creation of key records, file access and file deletion. Additional fine-grained auditing can be enabled by configuring Microsoft SQL Server Audit.
Fine-Grained Internal Data Access Segmentation
Access to privileged data can be controlled at both the data-level and user-level, with independent permissions for viewing and data editing.
Encryption of Data at Rest
Data at rest can be encrypted using Transparent Data Encryption (TDE) on supported Microsoft SQL Server editions.
Open Architecture
The Elyse database exposes approximately 900 application-facing stored procedures that serve application layer API endpoints. Any third party may develop an application that interfaces with the Elyse database, or extend or modify the application layer code released under the Apache License 2.0.
Low Cost, Low Friction, Trust-Based Perpetual Licensing
Single-user environment, or non-production multi-user environment: Free, with full access to product features.
Multi-user production: Trust-based perpetual license per-database instance basis. Unlimited users. No restrictions on data volume. Price: US$3,500
Air-Gapped Deployment Ready
The licensing system for Elyse does not need to ‘call home’. Hence Elyse can be immediately deployed to an air-gapped environment.
Fine-Grained Role-Based Access Control
Elyse has six different user roles for different document management system functions, plus an unprivileged read-only role. Users can be linked to groups of documents such that only linked users can find and view documents within the document group. Document controllers can be segmented into groups so that editing of metadata of documents within different parts of an organization is restricted to members of authorized groups.
Rigorous Version Control
Each release of a document is stored as a complete separate file, or set of files, and cannot be altered. The published release can be reverted or rolled back by changing the publication status.
Powerful Searching
Elyse is carefully designed to ensure that documents can be easily found. Searching includes: full-text content searching, metadata searching and filtering, and hierarchical tag structure-based searching. Document identity is flexible and user-configurable — not system-enforced, allowing for human-friendly document IDs to be used. Configurable forms allow for data to be presented in a user-selectable table.
Integration-Ready
The transparent and open architecture of Elyse ensures that it can be readily integrated into complementary systems.
Ease of Setup
Elyse is fully functional out of the box. The architecture is designed for self-service installation and customized configuration extension.
Ease of Use
Elyse is designed such that document consumers should be able to find exactly what they need with zero training. The flexible configurability allows for metadata systems to be customized to suit the organization's specific needs. Application layer menus, forms and the help system are zero-code customizable. The Apache License 2.0 application layer, coupled with a highly encapsulated and secure database layer, permits unlimited customization of the application layer code to suit end user needs.
Validation-Ready
The open transparent code and encapsulated architecture of Elyse facilitates validation processes. A stable central core allows flexibility without compromising validation requirements.
Environment and Deployment
Elyse requires Microsoft SQL Server Express 2022 or higher. For multi-user network deployment it requires standard Windows and SQL Server administration skills, including Kerberos Constrained Delegation, but minimal specialized knowledge of Elyse itself. It can also be installed locally on a single machine for a single user, with all components – SQL Server, backend and web frontend – self-contained, fully-featured and ready to run.
Elyse is a platform for systems where integrity and security are valued. Lack of a cloud-based deployment option is not an oversight or shortcoming, it is a trade-off that is fundamentally inherent to the high-integrity, high-security, time-tested framework that Elyse is based on.
Support
Elyse is fully functional upon installation and is designed for self-service use. Users can rely on the included documentation for installation, configuration and operation. Multi-user network deployments require Windows KCD/AD and SQL Server administration skills.
In the future, authorized service providers will offer optional support, consulting and managed deployment services for organizations that require assistance.
Become an Elyse Authorized Service Provider
Elyse is a robust, enterprise-grade document control platform designed for secure, multi-user deployments on standard Windows and SQL Server platforms. As an Authorized Service Provider you have the opportunity to help organizations deploy, configure and maintain Elyse, delivering professional services that add tangible value.
Multi-user network deployments require standard IT skills, including Windows administration, SQL Server configuration and Kerberos Constrained Delegation, but minimal specialized knowledge of Elyse itself. A team with these skills can provide installation, configuration and ongoing support with confidence.
By joining the Elyse ASP network you gain access to a growing market of organizations seeking secure, fully featured document control solutions, while building revenue through trusted, high-value services – without the need to develop proprietary software expertise. You will receive direct access to the Elyse development team, advance notice of upgrades, plus opportunities to network and collaborate with other ASPs.
Send a proposal to contact@silkwoodsoftware.com