ICANN Registry Proposal
Registry Operator's Proposal - TECHNICAL CAPABILITIES AND PLAN
D15.2.12. System
outage prevention. Procedures for problem detection, redundancy
of all systems, back up power supply, facility security, technical
security, availability of back up software, operating system,
and hardware, system monitoring, technical maintenance staff,
server locations.
Every data center has a battery backup, generator, and two power grids. In addition, at least 20 amps of power is guaranteed for every system rack that contains mission-critical systems. Each system rack also is guaranteed one ton of air conditioning to maintain environmental stability. Periodic tests of the backup power systems are standard procedure at each data center. Logs are kept of power failure drills to ensure that all staff is fully aware of their tasks and responsibilities.
Technical maintenance staff are on hand at the data centers at all time. Each data center has a supply of spare parts available at all times to meet service level agreements.
Details on the systems and tools used to prevent outages are as follows:
Electrical and Power Systems
All power in the IDCs is passed through a fully redundant Liebert 1000KVA Uninterruptible Power Supply (UPS) system with two 500KVA parallel UPS. The UPS system feeds five Power Distribution Units (PDU), which feed all network and systems, and critical office areas in the facility. The Internet Data Centers' Physical Security consists of seven layers, to include 24/7/365 Security Staff at multiple internal posts, Access Control Systems, Electronic Perimeter Intrusion System, and Video Surveillance.
Environmental Systems
All Webvision Data Centers use Liebert HVAC systems. For example, the Torrance IDC air conditioning system is zoned into four self-contained areas: (1) the Computer Room, (2) the UPS and Battery Rooms, (3) the NOC and office/common spaces, and (4) the Telecommunications Room. Each of these zones is supported by 8 to 20-ton under-floor (e.g., the conditioned air is forced and vented under the raised flooring) Liebert Series 3000 Air Conditioners, and augmented by a 40-ton Trane System located on the roof for supplemental air forced through ducting above the ceiling. Current total capacity is 268 tons.
Fire Suppression Systems
A FIKE Fire Suppression System (Halon 1301) is the primary system providing coverage for the UPS, Battery, Telecommunications, and Computer Rooms. Smoke detectors are located in:
|
Above Ceiling
|
Ceiling
|
Subfloor
|
Computer Room
|
31
|
44
|
44
|
Telco & UPS/Battery Rooms
|
3
|
19
|
6
|
A Pre-Action Sprinkler system is the secondary fire suppression system for the Computer, Telco, and UPS/Battery Rooms with a double interlocked, supervised, dry system using a deluge valve controlled by an electric release systems and pneumatic system pressure. The electric detector system must actuate and a sprinkler must fuse before water will enter the system. The office areas are covered by a wet-pipe Sprinkler System. All are tied into the building Fire Control Panel for Central-Station monitoring.
Water Detection System
A Raychem TraceTek Water Detect System is deployed throughout the Computer, Telco, and UPS/Battery Rooms.
Raised Floors and Seismic Stabilization
Located on the ground floor, the entire facility employs an 18-inch DONN All-Steel and SolidFeel Raised Floor Panel System with seismic stabilization throughout. Floor panels are Severn Model 75, rated for a concentrated load of 1250 lbs.
Security
The key to WebVisions security is security in depth. The Physical Security Program consists of seven layers, to include 24/7/365 Security Staff located at multiple posts, Visitor/Escort Control procedures, Access Control Systems, Electronic Perimeter Intrusion System, and Video Surveillance.
WebVision security services include a choice of leading firewall vendors, intrusion detection, frequent vulnerability checks, monitoring, and rapid response.
WebVision has affiliated with leading security product vendors. Firewall choices include Checkpoint Firewall-1 and Cisco PIX. ISS' RealSecure is used internally and offered for Intrusion Detection.
WebVision provides a "Honey Pot" and active monitoring as part of its intrusion detection service, which is a rather rare advanced capability. A honey pot is a dedicated system into which intruders are enticed. It gives the appearance of a successful intrusion, while keeping the intruder away from critical systems and gathering evidence about their actions.
In addition to these physical and network security measures. WebVision provides a wealth of professional services, including:
- Security offerings for assessment
- Vulnerability analysis
- Policy planning
- Security System Design
- Incident Response & Incident response training
- A highly sophisticated firewall service
- Intrusion Detection with a Honey-Pot feature
- Investigation services
- Security-specific service-level agreements
The extent of these protections is difficult to apply to a remodel or retrofit, but WebVisions facilities have been built from the ground up for this purpose. Some other existing offerings include;
The firewall and intrusion detection offerings include service level agreements (SLAs) for response to threats and downtime. Some features to augment the SLAs are:
- Off-site backup services
- Rapid failover
- System configuration assessment & Systems hardening
- Vulnerability scanning
- Monitoring services
Security is an important centerpiece of our business. WebVision uses proven practices, methodology, processes, and tools to monitor and maintain its clients' network security, which includes real-time alerting and response capabilities. This multiplayer approach provides safeguards against a single point of failure or vulnerability, and continuous improvement abilities. WebVision has a complete package rather than an a la carte collection of security services, and is a standard component of the company's hosting packages. For its customers, WebVision can either provide all hosting functions or serves as a network perimeter and Internet gateway, handling all inbound and outbound traffic.
Redundancy, as seen in this diagram, helps prevent system outages.
|