Data Security

Data centres have been designed and classified according to the international TIER standard for several decades around the world. This standard differentiates data centres according to the degree of substitutability of all key elements, business continuity and access to technology. The key measure is therefore the degree of ability to ensure business continuity in the event of power failure, cooling failure, failure of various branches of the data network, attempted intrusion, etc. We use private data halls to house our technology in several data centres across the European Union that are designed and operated to meet the TIER 3 standard. At this level, N+1 redundancy is ensured for all non-IT elements. This allows maintenance or expansion of the data center to take place without downtime. For security reasons, our data centres are geographically separated and interconnected by their own data circuits. Your data can be transparently operated from multiple data centres without the need for intervention. Furthermore, we strictly ensure that production data and backups are always geographically separated.

In data centres, we use private data halls that are not part of the outer wall of the building. They are separated from the rest of the data centre by walls in category RC3 in the NSA classification. In the halls themselves there are only racks and cooling units. Other data centre technologies, such as the fixed fire extinguishing system, electronic fire suppression system, access control system, CCTV system, electronic security system, monitoring, measurement and control, etc., are only accessible to data centre personnel for security reasons. Access to the data centre is only granted to personnel authorised in accordance with our internal security rules, after presenting their personal documents to the security guard. Access to private data rooms is subject to verification in a fingerprint and bloodstream scanner. Therefore, there is no way to access the private data rooms without prior authorization.

High voltage is always provided by two independent power connections with their own switching station. In the event of a power failure, diesel generators in N+1 configuration, including central fuel management, form a backup. Low voltage is provided by the power substations. Each of the substations has a minimum N+1 element configuration as recommended by the Uptime Institute. All data center operational support systems such as cooling, security, etc. are backed up by separate non-IT UPS power supplies.

According to the TIER 3 standard, on the cooling source side in the N+1 circuit and on the cooling distribution side in the min. N+1. The distribution of the cooling medium is realized by double piping. All components of the cooling system are redundant and powered by two independent power supplies.

To ensure high availability, we use only enterprise grade hardware from Hewlett Packard Enterprise with the highest possible support and a time guarantee for replacement of defective hardware. The physical computing infrastructure consists of hardware from Hewlett Packard Enterprise and Cisco Systems. We use proven servers as physical hosts, namely Synergy, ProLiant DL and Apollo Systems.

For virtualization we use enterprise grade VMware solutions, which are available in the form of the highest possible Enterprise Plus license. As a result, we have the authority to integrate advanced functionality into our services, such as vSphere HA, vSphere DRS / SDRS and, if the customer wishes, vSphere Fault Tolerance, which will reduce possible downtime to milliseconds.

Internet connectivity is always redundant in our data centres and is supplied by two independent providers. Of course, there is active DDoS protection of the entire environment, which is responsible for detecting and blocking potential attacks (so-called Anti DDoS). There is no charge for transferring data to and from the Internet. We also support connections via private lines, e.g. MPLS, where we cooperate with most telecom operators. Upon agreement, it is possible to place a box in our data centers where the private line is terminated.

We are one of the few to exclusively use HPE 3PAR fully redundant Full Flash Storage, divided into speed tiers. IOPS are assigned to a specific disk tier at both the product and technical level to ensure stability of operation and fair access to the service for all our customers. The communication of physical guests with storage is conducted over a dedicated isolated network using Fibre Channel, which has a positive impact not only on latency, but especially on high availability and security of operation. Storage-level data encryption is supported, but it is an optional extra.

At the outer edge of customer clouds, we use VMware NSX EDGE firewall technologies. However, if the customer wishes, we are able to implement other firewall technologies. We use VMware NSX to virtualize network traffic, ensuring that all our customers’ virtual networks are isolated from each other using VXLAN.

Access to the data centre is only granted to personnel authorised in accordance with our internal security rules after presenting their personal documents to security. Access to private data rooms is subject to verification in the fingerprint and bloodstream scanner. It is therefore not possible to access private data rooms without prior authorisation.