CTLDC Data Center Overview
CTDLC maintains its data center in the heart of Connecticut on the grounds of Charter Oak State College. This data center offers industry standard data center services such as
- UPS Backup System
- Backup Generator
- A/C System
- Security System
- Rack Enclosures
- High bandwidth
The datacenter is protected by Nokia Checkpoint firewall appliances and backed-up with Veritas Software on with LTO2 architecture. Backups are stored off-site at a remote storage vault and cycled weekly. VPN tunnels have been created with clients and client databases to facilitate the secure interchange of information.
The data center sits on the Connecticut Education Network (CEN). This dark fiber network connects our data center at gigabit speed to many colleges and universities in Connecticut. In addition, the data center offers a public internet connection to facilitate student at-home connectivity.
The Data Center is relatively new, opening in June 2003. All of the components in the data center including auxiliary systems are also new. We have attempted to leverage recent technological advances in our data center including Cisco gigabit over copper networking, APC Infrastructure battery and rack enclosures, Checkpoint AI firewalls, etc.
The Architecture that Serves our Clients
Server Hardware
Our data center only uses industry proven servers in for our production applications. These servers are configured with redundant processors, memory banks, hard-drives, and network cards. Our goal is to prevent any single point of failure in our server infrastructure. Additionally, the CTDLC keeps spare cold-swappable servers offsite in the event that we were to experience a massive failure, we would immediately replace the server(s). This eliminates the waiting for vendor technical support to arrive onsite and reduces our mean-time to restore.
Server Backup
Backup of your server or information is one of the most important aspects of hosting. To that end we have invested heavily in providing an effective, comprehensive and reliable backup infrastructure. Our backups are done to LTO2 tape storage libraries using Veritas backup software. All production servers are backed up on a weekly schedule to file level.
We will define how, when and what we backup in detail in your Service Level Agreement. We will also detail how, when and what we can restore from your backups.
The data on each server is backed up regularly to an automated robotic tape library system in accordance with the customer’s requirement. Any tapes from our backup system or our clients dedicated drives that are not in use are kept in a secure off-site storage facility which can only accessed by key personnel. Tapes are used on a four-week rotation cycle unless otherwise specified by the customer. Daily backups in addition to disaster recovery solutions provide peace of mind in the unlikely event of total failure.
Storage Area Network
The CTDLC employs the latest offerings from EMC to provide for the enterprise storage and redundancy needs of our clients. Our storage area network exceeds 2 terabytes and provides the necessary platform for your growing or changing needs.
Information Security
Information Security continues to be a great concern with all of our clients. The CTDLC understands the vital importance of protecting the intellectual property of your institution and complying with FERPA and GLB Act regulations. Additionally, we also fully recognize our legal obligations under the 1998 Data Protection Act, and our social responsibilities for the safe keeping of the confidential information entrusted to our care. For these reasons we are committed to maintaining the highest possible levels of information security. This is reflected in the way we approach every aspect of the business.
The CTDLC has addressed and regularly reviews our security infrastructure based on the below levels.
- Security Policy
- Organizational Security
- Personnel Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Systems Development and Maintenance
Internal access to the CTDLC data center is controlled by key and electronic log card systems with 24 hour monitored burglar alarms and fire detection in all areas.
All external connections to the CTDLC data center networks are through firewalls configured to prevent unauthorized inbound and outbound traffic. The systems are highly flexible allowing configuration of dedicated firewall policies for each individual server or IP address if required. These can be based on source and destination IP addresses and ports, as well as transmission and application protocols. We recommend that only the minimum access necessary to meet the customers requirements be allowed, and the firewall policy used for each customer forms part of the Service Level Agreement (SLA).
All of our implemented servers (Sun Solaris and Microsoft Windows) have extensive permissions and identification capabilities which we deploy in line with client requirements. The CTDLC makes every attempt to “harden” all servers in the data center by disabling any server function not required by the client. To date, this has proved to be very effective in protecting systems.
Firewall
The CTDLC datacenter provides firewalls provide your network with enterprise-level Internet security and outstanding performance. We deploy Nokia firewalls running Checkpoint NG AI. These firewalls have ICSA 4.0 corporate certification that ensures that our firewalls meet the industry's highest security standards. With features that include VPN Acceleration, Encryption, High Availability, and Network Translation, the CTDLC attempts to provide a solution that will meet your current and growing needs.
We run only Cisco gigabit over copper and gigabit over fiber switches to ensure that traffic destined for your application is only sent to your server. This minimizes the risk of someone sniffing or capturing traffic being sent across the network.
Uninterruptible Power Supplies
Power quality in our data center is ensured by American Power Conversion’s Symmetra UPS System. This N+1 system is offers redundant components to protect against single points of failure. Each UPS module has its own battery bank with capacity to sustain its load for approximately 15 minutes. Should power from the street fail, a standby generator is activated via an automatic transfer switch. This generator will run the data center until utility power is restored.
Climate Control
The data center's HVAC (Heating Ventilation Air Conditioning) system is also N+1 redundant, with full integrated particle filtering and humidity control. Our data center is maintained at a cool 68 degrees to ensure the proper environment for our electronic equipment.
Monitoring
Our monitoring strategy is designed to look at specific areas of the network, servers and web sites and to notify our support team of any problems. We use a number of tools to achieve this which run locally and remotely to our network to get total coverage of all failures. Our support team is on line to respond to any alarms and fault calls 24 hours a day, 7 days a week.
- Network Equipment: Switches, Routers, Network Cards
- Security: Physical Intrusion, Firewall
- HVAC: Temperature Control, Humidity, Power
- Servers: Server Services, e-mail, web, database, or DNS service
We allow our customers to specify the appropriate emergency service response time (time to acknowledge problem, time for engineers to be onsite) that their applications require. Please let us know what your requirements are and we will build them into your custom proposal.
Special Monitoring
Customers can have specific items monitored on request and have any errors reported via email or SMS to a maximum of five addresses of their choosing. The time interval and particular service to monitor should be discussed with our technical team but can include HTML / ASP pages, email servers, DNS servers and database and SQL servers.