Infrastructure as a Service (IaaS)

Physical security

DataLine data centers are securely protected from unauthorized access:

  • Data center buildings and near-by territory are carefully guarded on a 24x7x365 basis
  • 24x7 video surveillance (SVSS) is arranged throughout the data centers
  • Video records with specified time, date, and camera number are stored for at least 90 days
  • The access monitoring and control system (AMCS)
  • "Panic Button" of the FSUE "Okhrana" of the Russian Ministry of Interior
  • Special cages for rack cabinets with additional cameras, AMCS, and motion sensors

Resiliency

CloudLine is based on  Tier 3 level data centers with fail-safe infrastructure:

  • 2N redundant power supply and network  systems
  • N+1 redundant diesel generators
  • 2N redundant UPSs
  • N+1 redundant cooling system
  • 2N redundant automatic gaseous extinguishing system

Network protection

To protect the communication channels of CloudLine we use specialized software and hardware solutions:

  • Secure access from customer's office to CloudLine is provided by Cisco Easy VPN and DMVPN technologies
  • Separation of control channels from transmit channels is performed at the level of network equipment and VLAN
  • To protect the channels we use the powerful AES and 3DES encryption algorithms
  • The channels are arranged on MACSec encryption standard (the standard IEEE 802.1ae)
  • VRF (Virtual Routing and Forwarding) technology isolates the customer routes on a single physical router
  • Tacacs+ protocol controls access to network devices
  • Control Plane Policing (CoPP) solution protects processors of the network equipment from DoS-traffic

Data protection in public cloud

Data and applications in CloudLine are in complete safety thanks to the VMware and Cisco products.

vShield Edgeprotects the perimeter of the virtual data center of each customer and implements several functions at a time:

  • VPN with the option to encrypt traffic;
  • static routing;
  • external Firewall;
  • Network Address Translation (NAT)

vShield Appisolates traffic of virtual machines of different customers within the same physical server. It operates at the level of vNIC network adapters on ESXi host.

vShield Endpoint and Trend Micro Deep Securitу provide the virtual machines with antivirus protection.

Cisco ASA 5500-X Series is a multifunctional protection device, which ensures security in accordance with the specific access needs and business policies. It performs functions of a firewall, intrusion prevention device, and allows creating and configuring VPN networks.

Data protection in private cloud

For additional protection of information in private cloud, the vGate solution is used. It allows:

  • delimit rights of virtual infrastructure management (VI administrator) from security management (IS administrator);
  • log all security events occurring in the system (access to infrastructure, creation or deletion of a virtual machine, change of a virtual machine, etc.);
  • comply with the FSTEC requirements (protection against unauthorized access and absence of undocumented features)

Disaster-proof cloud

For particularly critical applications and data, DataLine has developed a disaster-proof cloud solution – CloudLine Metrocluster. Due to the duplication of all the components of the virtual cluster and its geographical separation (the solution was arranged based on our data centers network, the distance between data centers is 33 km), CloudLine Metrocluster ensures continuous service availability and security of data in the cloud, even in case of failure of one of the data centers. CloudLine Metrocluster allows to balance the load between the two data centers, mirror the data at the data storage systems level (Recovery Point Objective – 0 minutes), and recover a virtual environment in minutes (Recovery Time Objective – starting from 2 minutes).

Learn more about the structure of the disaster-proof solution here.