Impreza Infrastructure

24X7 Server Monitoring

Enterprise-grade 24×7 Server Monitoring and Network Security

 

Our infrastructure comprises of high availability clusters of different machines, with varied operating systems and applications, spread across multiple continents.

An effective monitoring system is extremely crucial for ensuring maximum uptime. Today, any web services company manages hundreds of servers with a large number of services running on each server. Manually checking each service on just one server 24 x 7 is extremely difficult – across a number of servers – is humanly impossible.

Services monitored include –

  • Network Connectivity
  • Server Disk Space
  • Server CPU Usage
  • Server Memory Usage
  • Web Services – HTTP, HTTPS & FTP
  • Email Services – SMTP, POP & IMAP
  • Database Services – MySQL, MSSQL
  • DNS Services
  • All Log Files

and More…

Companies that do not have a good monitoring system, or worse, don’t have one at all, have larger downtimes and are increasing the risk of potential damage caused due to service disruptions. An undetected minor issue can change into a major issue rapidly, increasing the amount of damage caused.

Our monitoring systems and tools provide our system administrators with an all-encompassing view into the health of our globally distributed infrastructure. We monitor a large number of parameters related to the health of our servers and individual services that reside on them.

If any server or service fails, or any resource utilization exceeds specified limits, then a notification pops-up immediately on the screen of all our Infrastructure Monitoring Staff. The notification system also handles escalation of issues i.e. if the issue is not resolved within ‘x’ minutes, SMS alerts are sent out to higher level system administrators, and subsequently to Management.

All of this allows us to detect and resolve any issue within minutes of it happening and ensures maximum uptime for your customers.

Data Protection

RAID Technology – We use state-of-the-art Hardware RAID to protect all server data against hard drive failures. This technology works by creating a mirror of all data in more than one hard automatically without any delay. That is, all data is written to multiple hard disks simultaneously so that if one of them fails it will be disabled and the system will continue to function as if nothing had happened by using the copy of the data from the other hard disk. The best part is that you do not need to make any change or modification of special code in your wesite / web applications for this technology

RAID systems offer significant advantages over non-RAID systems in terms of both data protection and the ability to maintain up to 100% uptime, as the system continues to work perfectly in case of disk failures. RAID technology also improves the performance of the various services on the server.

When the hard disk fails notification alerts will be sent so that it can be overridden by system administrators. Thus, the system continues to run normally despite disk failures, using the data mirror on the additional hard disk.

Server backups daily and weekly – Important data exists in multiple locations on a server.Our experts have conducted extensive surveys and prepared complex backup scripts that automatically keep copies of all important files and folders securely and at regular intervals so that, in case of failure, we can restore a server in the shortest possible time.

Your own Backup Policy Manager (Applicable only to web hosting packages) – All of our services involve your data. Most of our products have a built-in Backup Manager that provides effective protection, allowing you to set highly flexible backup policies that will protect your critical data. The web-based backup policy manager provides an easy-to-use one-step wizard to define the backup scope, backup frequency and delays

Datacenter &
Network Details

We have pioneered the concept of a Globally distributed Datacenter. Our Datacenter is a globally distributed collection of redundant server infrastructure which hosts all our Products and Services.

Salient features of our Datacenter

  • Integrates hundreds of distributed servers seamlessly
  • Provides high-availability, redundancy and unmatched reliability

Our Datacenter Details

Our Datacenter consists of servers distributed across various Datacenters worldwide. Most of these datacenters have certain common qualifications described below –

Network
The datacenters are connected to the internet through Gigabit ethernet connections from separate backbone providers, who each run fiber optic cables into the data center through separate entry points.

Security
To guard against line failure or intrusion, the data center is staffed 24 hours a day. Movement throughout the facility is escorted at ALL times. There is 24×7 closed circuit monitoring of all areas and entrances. Between the cameras, access control, and the security team, the datacenter facilities are pretty secure.

Power
The total incoming power is a multiple of what is required to run the datacenter. There is an ATS (Automatic Transfer switch) in place to automatically kick in a generator in case of a power failure. The datacenters are also equipped with redundant UPS systems to ensure clean power.

Cooling
Redundant A/C systems, each running at a fraction of their capacity, keep the server rooms cool. The units are alternated so that each one is kept in optimal condition.

Advanced Smoke Detection & Fire Protection Systems
The datacenters are equipped with specialized fire detection and protection systems meant specifically for protecting servers as using ordinary water based systems would cause just as much damage as fire.

Why our Datacenter?

Scalability & Reliability
Our Datacenter consists of a complex mesh of global servers that interact with each other. The entire architecture is built upon common principles of High-Availability, Clustering and n+1 Architecture. This allows us to scale our solutions to match your exponential growth by simply adding infrastructure and linking it to this architecture. You are abstracted from worrying about variables such as scalability, uptime, network response etc

Global Reach
We and our partners have invested in infrastructure deployments at various locations globally. You can now leverage upon this global infrastructure and offer a completely private-labeled global experience to your Customers without any investments. We handle the selection, negotiation and relationship management with Infrastructure providers around the world.

White Labeled Architecture
Our Datacenter is a cluster of globally distributed redundant servers of various different operating systems to provide your Customers and Resellers with myriad hosting options. The servers, and IP addresses are white-labeled and cannot be traced back to us. If you are one of our Resellers, then the name servers used for any services hosted on these servers would be your branded Name Servers. So for all practical purposes these clusters of hundreds of servers would appear as YOUR servers to your Customers.

Hosting Security

In order to reduce security risks to minimum, a holistic approach to security is required. Our security processes are born out of a clear definition of the threats to our system.

Security Goals

Privacy – Information within our infrastructure and systems will only be accessible by authorized users

Integrity – Data and information within our infrastructure cannot be tampered with by any unauthorized user

Data Protection – Data within the systems cannot be harmed, deleted or destroyed

Identification and Authentication – Ensures that any user of the system is who he claims to be and eliminates chances of impersonation

Network Service Protection – Ensures that networking equipment is protected from malicious hacking attempts or attacks that threaten uptime

Our Holistic Security Model

Our Security platform and process leverage on multiple levels of security – consisting of Security Systems and Equipment1 combined with Security Procedures and Practices2 and Auditing Processes3, to ensure unparalleled security for all the services we provide. The platform tackles security at 7 different levels

Level-1 Datacenter Security

Our global datacenter partnerships are a result of a comprehensive Due diligence process. Security and stability are two of the most important variables in our due diligence process. All datacenters are equipped with surveillance cameras, biometric locks, authorization-based access policies, limited datacenter access, security personnel, and similar standard security equipment, processes and operations.

What separates us however is the fact that our due diligence process also incorporates a measure of proactiveness demonstrated by the datacenter towards security. This is measured by evaluating past practices, customer case studies, and the amount of time the datacenter dedicates towards security research and study.

Level-2 Network Security

Our global infrastructure deployments incorporate DDOS mitigators, Intrusion Detection systems, and Firewalls both at the edge and the Rack level. Our deployments have weathered frequent hacking and DDOS attempts (sometimes as many as 3 in a single day) without any degradation.

Firewall Protection – Our round-the-clock firewall protection system secures the perimeter and delivers the very best first line of defense. It uses highly adaptive and advanced inspection technology to safeguard your data, website, email and web applications by blocking unauthorized network access. It ensures controlled connectivity between the servers that store your data and the Internet through the enforcement of security policies devised by subject matter experts.

Network Intrusion Detection system – Our network intrusion detection, prevention and vulnerability management system provides rapid, accurate and comprehensive protection against targeted attacks, traffic anomalies, “unknown” worms, spyware/adware, network viruses, rogue applications and other zero-day exploits. It uses ultramodern high-performance network processors that carry out thousands of checks on each packet flow simultaneously with no perceivable increase in latency. As packets pass through our systems, they are fully scrutinized to determine whether they are legitimate or harmful. This method of instantaneous protection is the most effective mechanism of ensuring that harmful attacks do not reach their targets.

Protection against Distributed Denial-of-Service (DDoS) Attacks – Denial of Service is currently the top source of financial loss due to cybercrime. The goal of a Denial-of-Service attack is to disrupt your business activities by stopping the operation of your web site, email or web applications. This is achieved by attacking the servers or network that host these services and overloading the key resources such as bandwidth, CPU and memory. The typical motives behind such attacks are extortion, bragging rights, political statements, damaging competition etc. Virtually any organization that connects to the Internet is vulnerable to these attacks. The business impact of large sustained DoS attacks is colossal, as it would lead to lost profits, customer dissatisfaction, productivity loss etc due to inavailability or deterioration of service. A DoS attack in most cases would even land you with the largest bandwidth overage invoice that you have ever seen.

Our Distributed Denial-of-Service protection system provides unrivaled protection against DoS and DDoS attacks on your internet-facing infrastructures i.e. your websites, email and mission critical web applications, by using sophisticated state-of-the-art technology which automatically triggers itself as soon as an attack is launched. The DDoS mitigator’s filtering system blocks almost all fraudulent traffic and ensures that legitimate traffic is allowed up to the largest extent possible. These systems have seamlessly protected several web sites from large service outages caused by simultaneous attacks as large as 300+ Mbps in the past, thus allowing organizations to focus on their Business.

Level-3 Host Security

Host Based Intrusion Detection System – With the advent of tools that are able to bypass port blocking perimeter defense systems such as firewalls, it is now essential for enterprises to deploy Host-based Intrusion Detection System (HIDS) which focuses on monitoring and analyising the internals of a computing system. Our Host-based Intrusion Detection System assists in detecting and pinpointing changes to the system and configuration files – whether by accident, from malicious tampering, or external intrusion – using heuristic scanners, host log information, and by monitoring system activity. Rapid discovery of changes decreases risk of potential damage, and also reduces troubleshooting and recovery times, thus decreasing overall impact and improving security and system availability.

Hardware Standardization- We have standardized on hardware vendors that have a track record of high security standards and quality support. Most of our infrastructure and datacenter partners use equipment from Cisco, Juniper, HP, Dell etc.

Level-4 Software Security

Our applications run on myriad systems with myriad server software. Operating Systems include various flavors of Linux, BSD, Windows. Server Software includes versions and flavors of Apache, IIS, Resin, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc. We ensure security despite the diverse portfolio of software products we utilize by following a process-oriented approach

Timely Application of Updates, Bug Fixes and Security Patches – All servers are registered for automatic updates to ensure that they always have the latest security patch installed and that any new vulnerabilities are rectified as soon as possible. The largest number of intrusions result from exploitation of known vulnerabilities, configuration errors, or virus attacks where countermeasures ARE already available. According to CERT, systems and networks are impacted by these events as they have “not consistently” deployed the patches that were released.

We fully understand the requirement for strong patch and update management processes. As operating systems and server software get more complex, each newer release is littered with security holes. Information and updates for new security threats are released on an almost daily basis. We have built consistent, repeatable processes and a reliable auditing and reporting framework which ensures that all our systems are always up-to-date.

Periodic Security Scans – Frequent checks are run using enterprise grade security software to determine if any servers have any known vulnerabilities. The servers are scanned against the most comprehensive and up-to-date databases of known vulnerabilities. This enables us to proactively protect our servers from attacks and ensure business continuity by identifying security holes or vulnerabilities before an attack occurs.

Pre-Upgrade testing processes – Software upgrades are released frequently by various software vendors. while each vendor follows their own testing procedures prior to release of any upgrade, they cannot test inter-operability issues between various software. For instance a new release of a database may be tested by the Database vendor. However the impact of deploying this release on a production system running various other FTP, Mail, Web Server software cannot be directly determined. Our system administration team documents the impact analysis of various software upgrades and if any of them are perceived to have a high-risk, they are first beta-tested in our labs before live deployment.

Level-5 Application Security

All of the application software that is used in the platform is built by us. We do not outsource development. Any 3rd party Products or Components go through comprehensive training and testing procedures where all elements of such products are broken down and knowledge about their architecture and implementation is transferred to our team. This allows us to completely control all variables involved in any particular Product. All applications are engineered using our proprietary Product Engineering Process which follows a proactive approach towards security.

Each application is broken down into various components such as User Interface, Core API, Backend Database etc. Each layer of abstraction has its own security checks, despite the security checks performed by a higher abstraction layer. All sensitive data is stored in an encrypted format. Our engineering and development practices ensure the highest level of security with regards to all application software

Level-6 Personnel Security

Theweakest link in the security chain is always the people you trust. Personnel, Development staff, Vendors, essentially anyone that has privileged access to your system. Our Holistic Security Approach attempts to minimize security risk brought on by the “Human Factor”. Information is divulged only on a “need-to-know” basis. Authorization expires upon the expiry of the requirement. Personnel are coached specifically in security measures and the criticality of observing them.

Every employee that has administrator privileges to any of our servers goes through a comprehensive background check. Companies that skip out on this are putting to risk all sensitive and important data belonging to their customers, as no matter how much money is invested into high-end security solutions, one wrong hire – having the right amount of access – can cause greater damage than any external attack.

Level-7 Security Audit Processes

In a vast deployment of globally distributed servers, audit processes are required to ensure process replication and discipline. Are all servers being patched regularly? Are the backup scripts running all the time? Are offsite backups being rotated as desired? Are appropriate reference checks being performed on all personnel? Is the security equipment sending out timely alerts?

These and many such questions are regularly verified in an out-of-band process that involves investigation, surveys, ethical hacking attempts, interviews etc. Our audit mechanisms alert us to a kink in our security processes before it is discovered by external users.

Questions? Problems? Contact Us!

Any questions or problems with your Cloud Hosting service, please contact us, our support is online 24×7!