BluBØX data centers are outfitted with biometric scanners and secure card access to the collocation services areas of the data center. Additionally, all BluBØX equipment is kept in secure locations. On-site security personnel monitors hosting facilities 24/7 via indoor and outdoor video surveillance. Data center access requires security desk check-in and is managed 24/7. Local key management is enforced for racks and cabinets.
BluBØX has instituted a multi-layered approach to network security for the production BluSKY and disaster recovery environments to ensure the confidentiality of networks and data. BluBØX’s network security architecture includes the use of perimeter firewalls, IPS, network address translation (NAT), and network segmentation such that database servers are not visible to the public. In addition, these environments are both logically and physically distinct from BluBØX’s corporate office network. Internet access is offered through Tier-l OC-192 Internet backbones on dedicated customer circuits.
Access to the production and disaster recovery networks is controlled, logged, and monitored by BluBØX. In addition, encryption techniques are used to support the confidentiality of information sent from one system to another. Between data centers data is transmitted via IPSEC using randomly generated key values.
Redundancy and Disaster Recovery
Every component in the BluBØX production data center is redundant in either an active/active or active/passive configuration. The BluSKY infrastructure at the production data center is designed with scalability and redundancy in mind so that there is no single point of failure. Therefore, every production component of the BluSKY has a redundant counterpart; including firewalls, load balancers, web servers, application servers, and database servers. The data center hosting provider also features redundant power supplies, dual management cards in each switch, redundant Ethernet, redundant gigabit fiber aggregators, and redundant Cisco GSR routers.
In case of disaster, BluBØX maintains DR services in three availability zones located more than 2,000 miles from our primary data center.
An Independent Network
For security reasons, BluBØX’s operational network at its primary data center is completely independent of our corporate office network. What this means from a technical standpoint is:
• Physically distinct networking equipment
• Distinct ISP relationship
• Distinct network address space
• Gateway to data center is dedicated link, with firewall against corporate network What this means in practice is:
• BluBØX employees cannot access data center accidentally or intentionally
• Access to operational network requires firewall login
• Any compromise of our internal corporate network does not “spread” to the operational network