Server Security and Protection
The Datacentre
Our servers are housed in a secure high speed Internet data centre, owned and operated:
Oz Servers
26 Hampton Street
East Brisbane, QLD 4169
Australia
This secure datacentre facility has double entry doors on all entry points. The building was formerly used as an unmarked State Police Technical Lab and much of the physical security, alarms and fire protection was inherited from them when the building was taken over.
Physical Security
2mm Steel plate standard embedded in walls between office areas, UPS rooms, and Generator Areas.
Hardened steel security fence covers all office windows and building air intake areas.
Standard Steel Security Grills cover all door viewports.
Double entry doors for personnel.
Secure Vehicle Delivery Areas (Double Doored).
General Security
24 x 7 Off-site REMOTE monitoring of all security zones (Including building exterior, rooftops, perimeter and internal zones) (Including isolation alarming for cut connections).
24 x 7 Onsite Personnel.
24 x 7 Extra personnel on-call.
Authorised Access
There are policies and procedures in place that prevent unauthorised access; however we are not able to discuss specifics of procedure or electronic systems in place to maintain the integrity of those systems. One notable policy however is that we do not allow ANY unauthorised access to the datacentre office or equipment areas, and sub-contractor authorised access for performing maintenance work is escorted at all times by full-time staff. (We do not do tours of datacentre space, for this particular reason.)
Fire Protection
Datacentre has a 24x7 monitored fire system.
Wet Sprinklers to all office areas.
Dry pipe system to all server areas.
Personal fire devices such as handheld extinguishers and fire hoses are present.
Passageway doors are reinforced, have been installed to comply with AS 1905 Part 1, and doors have a Fire rating of 120/120/60.
Fire barriers extend from the visible ceiling, into the empty roof space to prevent fire spread.
The Network
The network has been setup for maximum redundancy, scalability and performance.
- For maximum redundancy, the Datacentre has multiple carrier-grade connections to Teir-1 Provider Optus.
- For maximum scalability, Gigabit Ethernet over copper and Fibre is used throughout the internal infrastructure.
- For maximum performance, the network is connected to the upstream providers via Gigabit Ethernet optical fibre links.
The datacentre’s fibre installation plan incorporates multiple points of entry into the datacentre Facility as well as multiple internal fibre paths leading to geographically isolated secure core-switching ('carrier') rooms.
Your sites are hosted on servers that are connected to a switched backbone using 100Mbps Ethernet ensuring data transit as fast as your applications demand. Switches are uplinked at 1GBPS to core switching.
Network Security
The datacentre implements a firewall at the network edge to protect against any denial of services attacks or similar, and feed all inbound and outbound data into a traffic collector that identifies suspicious behaviour. This is primarily for the protection of the datacentre as a whole.
The datacentre uses Cisco Switches and routers on all edge of network and core switching, and configured with Cisco access control lists that adhere to best-practice recommendations by Cisco.
We have packet-level network-monitoring and firewalling for suspected attacks, based on network traffic signatures that are being constantly updated and maintained, e.g. DDOS, Syn flooding, port scanning, brute force cracking, etc.
Monitoring
We have both passive and active monitoring systems.
We have console-based applications that generate live reports for on-duty staff stationed at their workstations, (With about a 30 second resolution) (System has beeps and buzzers etc that set off audio and visual warnings on suspect events/warnings, and critical events) and emergency pagers / SMS alerting systems for active notification of emergency / critical events to grab the immediate attention of a human operator. This system is manned and monitored 24x7.
The Servers
We use specially sourced 2RU rack mounted server enclosures. These cases provide superior cooling with six extraction fans and more internal area for airflow than standard 1RU server cases. The cases also feature washable dust filters, lockable drive bay access, and excellent earthing for minimal electrical interference.
We use specifically chosen hardware that will support Intel and AMD processors. Great care is taken to make sure that the supporting components, for example mainboards, memory and storage devices, are 100% compatible, and support the operating systems and applications for which they are intended.
Chipsets, Transfer Rates, Error Correction, Compatibility and Performance are all factors when our in-house hardware selection team design a package. Every attempt is made to utilise the dynamic nature of the computer hardware industry by selecting only those components that will provide an economical and technically superior upgrade path for your server.
Backups
We perform nightly rotation, and weekly rotational backups, however we expect clients to retain their own backups in case of loss of data (Even though we do endeavour to have a backup available).
Restores
If it is a hardware failure, we always have hardware on hand, our staff are available 24x7 and respond as soon as we are physically able, i.e. straight away, and try and have a resolution within 2 to 4 hours, depending on the hardware, for example a power supply may only take 15 to 30 mins.
Accreditation
We are recognised by the Microsoft Service Providers Licensing Agreement (SPLA) as an SPLA datacentre, which has a minimum level of fire protection and network connectivity, staff technical accreditation and general capacity.
We are a Plesk recognised hosting Gold Partner, and house many web hosting servers running Plesk software.
We are an Ensim trained and Accredited Hosting provider, and house many Ensim based web hosting servers.
We are an AMD Certified Gold reseller, having undertaken technical training.