DATA CENTER OPERATIONS
Customers are housed in a data center that is connected to multiple Tier
1 Internet providers in Canada and the US, and has peering relationships
with a growing number of other networks. Boasting OC-192 connection speeds
(muli-peered, in multiple locations) and bandwidth that is uncapped and burst
bandwidth available on demand. No slow or expensive upgrades! 100% Cisco
powered internal network prioritizes high performance and redundancy. The
Data Center uses state of the art, fault tolerant software, utilizing Hot
Standby Router Protocol (HSRP), and guaranteeing 99.9% uptime.
The Network has implemented procedures to ensure that our security, like
our network, is absolutely redundant. Our Network Operations Centre (NOC)
is manned 24 hours a day, 7 days a week, and security officers are present
in all locations round-the-clock. Closed Circuit Television (CCTV) has been
installed in the Data Centres. Access points are monitored and all activity
is recorded and digitally archived. Access to all doors is monitored, recorded
and time stamped on a card by card basis.
SECURITY via MULTI-TIERED FIREWALLING
Our services have been engineered and managed by the best people in the industry,
and here are the results:
Our upstream providers are constantly monitoring for DDoS, port scans and
other initial attacks. These services are monitored 24x7, with instant
notification of suspicious actions.
We are employing a sophisticated set of advanced firewalls that do more than
just block traffic! These devices (in a HA setup), provide for protection
against the normal attack parameters (smurf, spoofing, port scans, d/DDoS,
etc.) but also return 'garbage' back to the suspected potential attackers.
That is, these devices, based on our custom parameters will/may/can return
false returns, vague returns, no returns, too many returns, etc.
These devices are part of a global network of advanced virus pattern matching
BEFORE the A/V companies have released a pattern update for a new worm,
trojan, etc., our firewalls immediately start blocking email attachments
(incoming/outgoing) from entering our server clusters. This means you are
protected even before the AV companies have had time to respond!
Finally, our perimeter security systems are integrated with a global organization
that collates and collects distributed attacks across many providers, and
manages law enforcement and ISP notifications.
Our servers are protected with software-based firewalling:
These look at source and destination addresses, and source and destination
ports. Our systems are secured using the latest security methods including
router access list filtering on inbound carrier feeds and firewalling at
the SYN level on internal devices. Our engineers are familiar with many types
of firewall applications, including CheckPoint, ipchains, ipfw, ipfwadm,
etc. We are able to modify response packets with masquerade responses to
the remote initiator.
ALL of our services are monitored by a professional enterprise-class monitoring
system. All services, on all devices are monitored on a protocol-level basis.
To be clear, this is not just a ping service. Each and every service is monitored
by a protocol by protocol basis (DNS, WWW, FTP, etc.). We additionally do
deep-level monitoring of all database services.
All servers are monitored from 4 geographically diverse locations:
Florida, Los Angeles, Australia, and the UK. Service outages are reported
within 5 minutes, and our 24/7 on-site staff are ready to respond.
Reliability and response are keys to our services. So, we perform many backups
and have them on hot-standby equipment ready to be put into action. As such,
all user content (mail, web, ftp, etc.) is backed up on a bi-hourly basis and
offloaded to standby drive arrays. Every 4 hours, all databases are
backed up and replicated to the same multiple drive arrays. Once a day,
we do perform a full backup of all devices. Hourly and daily backups are
replicated to a set of dedicated drive arrays in an incremental image backup
These devices are encrypted, and drives removed weekly for offsite, archival
storage. Also, all data is encrypted and sent offsite every day to our
Disaster Recovery (DR) facility at an undisclosed location. This facility
is our standby facility in the event of a very serious physical attack on
the facilities (bomb, terrorism, earth quake, etc.). The DR facility is ready
to be put into action at any time, and does function as tertiary DNS and
Mail services. Based on our testing, a complete disaster recovery would take
a few hours to have absolutely all services functional after an unlikely,
very serious disaster at our primary facilities.
IN DEVELOPMENT: we will have a global failover solution in place which
will make all sites and service load-balanced in 2 different countries,
elliminiating ANY delays in an DR
In addition to our sophisticated front-line defences against viruses (see
firewall above), we have full and advanced virus scanning (in memory and
post-file scanning) operational on all devices. Additionally,
we offer complementary full email scanning on all mailboxes for all users.
We only use enterprise-class equipment. We are primarily a Dell shop, focussing
on the Dell PowerEdge 1750 class machine. All components are redundant (drive,
power supply, etc.), and have a contract agreement for a maximal 4 hour onsite
response time from Dell. All devices are managed by a private gigabit backbone
that is used for command and control functions, in addition for secured backups
and recovery of files.
The private backbone infrastructure is dedicated purely
to this functionality and is 100% separate from the Internet. All networking
components are using 1 Gb/s switched infrastructure, with redundant hardware