Resources::P2D Papper 2 Data

Award-Winning Cloud Solutions

With more than 172,000 customers in over 80 different countries, Rackspace is the largest managed hosting company in the world. Their world-class facilities, multi-homed network and 'Fanatical Support' have earned them the reputation as the premier provider of managed hosting solutions, and why Rackspace is a 'leader' in the 2011 Gartner Magic Quadrant for managed hosting. Their network is home to companies such as Microsoft, PricewaterhouseCoopers, Canon, KPMG, Vodafone, Samsung, General Electric, Mazda and Accenture.

NETWORK QUALITY

Rackspace's network is 'Cisco Powered', having passed Cisco's compliance audit for security, redundancy and speed. Indeed it is one of only a handful of hosting companies in the world to have this status. The ultra secure and redundant network is built exclusively on hardened Cisco Systems routing, switching and security equipment. The fully switched network is regularly audited for security by Cisco. It is also regularly tested from both inside and outside the network by Rackspace and third party security specialists.

CONNECTIVITY

Rackspace utilizes connections to multiple bandwith providers to ensure that data reaches the end-user in the fastest, most efficient manner possible. There are peering arrangements with local ISPs to allow fast delivery of data.

BGP4 ROUTING

It runs the Border Gateway Protocol (BGP4) for best case routing. The network employs Cisco GSR 12000 class routers running HSRP (N+1 hot failover) to ensure that data can be routed even in the event of a router failure. The BGP4 protocol is a standard that allows for the routing of data sent out from the network. Each packet of data is evaluated and sent over the best route possible. Because of the redundant network architecture, data may be sent via alternative routes even if they are being delivered to the same end user. Should one of the network providers fail, data leaving the network is automatically redirected through another route via a different provider.

GUARANTEED DELIVERY

Providers are paid to ensure all data is delivered to the end-user. Because there are Service Level Agreements with its providers, they are able to guarantee that all data will leave the network at full speed.

BANDWITH UTILISATION

The network currently has considerable excess capacity, even during peak hours. This allows for even the largest spikes in traffic. Network connectivity and new routes are always being added in an effort to make sure content is delivered to users as efficiently as possible. A low bandwith utilization also allows for maximum uptime, even if one of the providers has an outage.

FIREWALL

The hardware Firewall provides robust, enterprise-class, integrated network security, creating a strong multi-layered defensive service for dynamic network environments. The hardware device works with a set of rules, filtering traffic coming through the Internet into our systems. If an incoming packet of data is flagged up by the filters as against the rules that have been set up, it will not be allowed through. These devices add an additional layer of security to the servers, stopping potentially malicious packets from ever reaching the network.

DATA CENTRE

The data centre has been engineered with fully redundant connectivity, power and HVAC to avoid any single point of failure, and is staffed 24 x 7 by highly trained technical support personnel. And because the data centre is not open to the public, only a handful of level-three technicians are allowed in close physical proximity to the servers. Multiple levels of security are employed to ensure that only Data Centre Operations Engineers are physically allowed near the routers, switches, and servers.

ANTI - VIRUS

An anti-virus solution is one of the most critical, effective and affordable ways to avoid infections from viruses, spyware, adware and potentially unwanted applications. The managed Anti-Virus solution from Rackspace is an advanced technology powered by Sophos that's fully managed by their experts, so our servers get the ultimate level of protection.

MONITORING

Rackspace provides a 24 x 7 monitoring service to check the availability on the servers. Service checks are performed at 5 minute intervals to ensure quick identification of problems. Should a device not respond, support engineers are sent an alert via pager and e-mail. Rackspace will investigate the problem immediately, checking the console for the error message and determining the severity of the problem. Rackspace support and Data Centre operations engineers will respond to hardware failures as per their guaranteed 1 hour hardware fix Service Level Agreement which ensures minimal solution downtime. Rackspace also conduct regular internal/external tests and all controls are audited annually as part of their SAS 70 audit. P2d has a full-time administrator and 24 x 7 on-call support.

SECURITY PROCEDURES ARE AS FOLLOWS

  • No Public Access
  • Employee Background Checks
  • Video Surveillance
  • Onsite Security Personnel
  • Military-Grade Pass Cards
  • Biometric Security
  • HVAC
  • Power
    • UPS Systems
    • Diesel Generator Systems

All premises have secured access with RFID entry cards & photographic ID for all staff. Rackspace personnel are required to display their identity badges at all times when onsite at Rackspace data centres and non-data centre facilities. Two-factor authentication is required to gain access to the data centre facilities. Electromechanical locks are controlled by biometric authentication (hand geometry scanner) and key-card/badge. Only authorized Rackspace personnel have access to data centre facilities. Closed circuit video surveillance has been installed at all entrance points on the interior and exterior of the buildings housing data centres. Cameras support data retention for 90 days.

Only Rackspace Data Center employees are allowed to access the server/production floor. That entry access is controlled by a finger print scanning biometric device and proximity access cards. Roof and exterior walls are heavy duty rated at 130 mph. There is a heavy duty lightning grid on roof. All electrical and mechanical equipment is on 3 inch raised concrete pads. Lenel Security Management System is deployed at the data centre with central monitoring capabilities at Rackspace HQ. Alarms are directly connected to the local Fire and Police Departments.

Onsite security personnel monitor each data centre building 24 hours per day, seven days per week. The security team are responsible for making sure that only authorised personnel enter the data centre building. The security personnel provide the first layer of security for access to the data centre.

Building Operations, Security or Data Centre Management review and approve visitor access and issue visitor badges for identification purposes before access is granted to any non-Rackspace employee. ALL visitors must be escorted. All visitors sign-in the visitor log book which requires visitors to present a Valid photo ID, reason of visit and a Rackspace POC. Corporate Risk Management performs a monthly audit of Security and Visitor access logs.

SUPPORT ADMINISTRATION

Rackspace policies require users to be specifically authorized to access information and system resources, especially systems that are used to provide support services to customers. The Information Technology Services (ITS) Department is responsible for security administration functions, including assigning/deleting users to internal Rackspace system resources.

Rackspace has logically separate networks for all internal traffic, resulting in Rackspace administration of customer environments being performed from specified networks within the Rackspace environment. All Rackspace user access requests follow a documented, formal process and must be approved by a manager or supervisor. Upon termination from Rackspace, employee access is removed from Active Directory.

When an employee's job responsibilities change or the employee transfers to a new department, the individual's manager contacts ITS to change the transferred employee's access rights to verify that they are commensurate with the employee's new position. The Human Resources Department generates a listing of all employee terminations (immediately following termination) and forwards this notice to ITS so that the employee's access can be disabled or removed from the appropriate systems. The manager of the terminated employee may also inform ITS of the need to revoke access from a user account.

DISASTER RECOVERY

Server Redundancy: RAID 1 & 5 ensures data is retained and continuously accessible in the event of a hard drive failure. In addition to fault tolerance this also increases disk and therefore application performance. Dual PSUs ensure that in the event a power supply fails on the server, the server will continue to provide service utilising the second PSU. Load Balancing, using various load balancing algorithms, web/application sessions can be distributed across the servers to ensure even distribution of load and to increase solution redundancy and performance, if required.