IT Security & Infrastructure
This document is designed to provide our customers and potential customers with a summary of our:
- Server Infrastructure which has been designed to ensure maximum efficiency and minimal downtime
- IT software security features to protect our client data from outside attacks
- IT software features to ensure our clients can meet the GDPR, CASL and other governmental regulations relating to securing their submitters personal identifiable information and data.
To ensure X-CD focuses on its core competency of developing and continually improving its AMS and CMS software X-CD early on made the decision to sub-contract its hosting to a third-party service (Hostek). Working with Hostek for well over a decade we have designed and structured our servers to most efficiently meet our customers needs and increase uptime to over 99.95%. All servers are hosted in Hostek facilities and are monitored 24/7/365.
An illustration of our designed infrastructure is below as well as a description of the servers and facilities.
Our primary server is located in St. Louis MO with a secondary server in Ashburn VA. Having a secondary backup server that mimics all aspects of the primary server ensures that if one server fails for any reason the other server will take over.
We perform daily backups of all web, email, and database servers.
We also backup databases 6 times daily.
Backups are stored off-site in a location that is in a different geographical area than the primary site. This means that should a major disaster occur in the area where the servers is running your data is safe in another location.
Server and Storage Hardware
To host our clients’ data X-CD utilizes Dell servers and Dell Compellent storage arrays.
Our web servers are virtualized utilizing VMWare vSphere. With VMWare High Availability, should a physical server fail, any virtual machine will be automatically migrated to another physical server and powered on, and resume normal operations. This operation can be completed with the affected virtual machines back in service often in 3-5 minutes.
Another added benefit to virtualization is that resources such as CPU, RAM, and disk space, can be quickly allocated based on utilization patterns. This ensures optimal performance for your site or mail server with minimal down time.
Electricity is provided from two separate power feeds. In addition, our equipment is protected with UPS systems and diesel generators. Servers and storage devices have redundant power supplies, each on separate feeds to help prevent loss of data due to power failures.
Virtual machines, along with their data (i.e. your web site files, email, etc.) reside on enterprise SAN arrays. These arrays have the following features:
- Disks configured in high performance RAID configurations for redundancy
- Redundant storage controllers
- Redundant network adapters
- Redundant storage networking switches
- Redundant power supplies connected to redundant power feeds
- All servers are connected to the storage network via multiple paths for performance and redundancy
All SAN volumes are cross replicated to disparate SAN each day. In the event of failure on one SAN array, replicated data can be access on the second SAN array and vice versa.
Firewall & IPS
Perimeter firewall and Intrusion Prevention System (IPS) with the following features:
- Highly available for redundancy
- Stateful packet inspection
- Deep packet inspection for known malicious attack patterns
- DDoS (Distributed Denial of Service) protection mechanisms
All inbound email is filtered using multiple real-time RBL and content inspection technologies.
Additionally, outbound mail from our Windows web servers are checked with anti-SPAM content filters to prevent delivery of mail from your site from being disrupted by compromised mail submission forms from other tenants on the server your site resides on.
Protected by Sophos Intercept X with Managed Threat Response (MTR) and managed by VBS IT Services. The MTR feature links the solution to Sophos’ 24×7 team of cybersecurity experts who are ready to respond at an event of an endpoint attack.
The buildings housing our datacenter have a comprehensive security system which include but not limited to the following:
24×7 on-site security
- Access codes
- Biometric hand scanners
- Electronic proximity readers
- Security surveillance system
Fire suppression system
Our equipment is protected by a pre-action, dry pipe fire suppression system.