LibraryInsight - Technology

LibraryInsight – System Environment

LibraryInsight, Inc. considers customer service our number one priority. Our selection of a commercial grade web hosting partner was a major decision and considerable time and effort was spent in the selection process. We looked for a partner that provided security, high availability, performance and good customer support. We selected MaximumASP, LLC. We have been using their Load Balanced servers for over five years and they have exceeded our expectations in terms of security, high availability and customer support.

The next few pages provide a summary of the technical and physical environment where the LibraryInsight production servers are housed.

Server Environment
LibraryInsight's Load Balanced VPS platform takes reliability one step further by using enterprise-class F5 hardware to load balance multiple VPS accounts on physically distinct servers. This design is much more reliable than software clustered servers.

The VPS-LB is an ideal hosting solution for businesses with a dynamic web presence that require maximum uptime and redundancy. Management and updates are easily handled using Control Panel technology, allowing the administration flexibility of Terminal Services access with the protection of a fully managed platform. In addition to intuitive account management, the Control Panel also provides extensive performance monitoring including CPU exceptions, RAM exceptions, bandwidth and disk utilization and much more.

In addition to the load balanced servers supporting the application and web hosting, the database is hosted on a separate set of servers exclusively supporting the SQL 2005 RDBMS.

Network Security
Network security and the security of our servers is one of our top priorities. Our security team is constantly monitoring the entire network for unusual or suspicious behavior so that when it is detected we can address the issue before our network or your server is affected. We utilize the best tools and practices available to secure and protect your servers.

The network was designed to be a secure network without giving up the reliability, redundancy or speed your systems require. Also we offer custom security solutions that can be designed for our customers’ specific needs. Personal Firewalls, Virtual Private Networks and Dedicated Networks are all available as upgrade options to our standard services.

Enterprise Firewalls protect our network and your servers 24/7.
Intrusion Prevention devices protect you from zero hour exploits.
Fully managed Enterprise Anti-Virus solution included with every server.
State-of-the-art identity verification, zoned access, and monitoring.

Enterprise Firewalls
Our edge layer firewalls are what protect our internal network from the public internet. At this layer the firewalls are watching all packets coming into and out of our network. We can use these firewalls to block based on source/destination IP address or source/destination ports. These firewalls can also be used to protect against some Layer 7 (application layer) attacks and denial of service attacks.

Ensures the latest backdoor Trojans and worms do not effect our network by blocking known ports and traffic from the public Internet.
Detects and stops Denial-of-Service (DOS) attacks before they can affect your server.
Redundant and stateful failover so that even if a core firewall fails it will not affect your server.
Detects over 600 types of application attack using Deep Inspection.

Anti-Virus Protection
Most hosting providers charge an additional fee for a managed enterprise-level anti-virus solution, if they offer one at all. Today more than ever, this feature is so critical that it is included with a fully managed anti-virus protection on every server at no additional cost.

Our network team fully manages all aspects of your anti-virus solution, and we ensure all signature databases are kept up to date so that your server is protected against today’s biggest threats: viruses, Trojan horses, malware and spyware.

Enterprise grade Anti-Virus solution on every server at no additional cost.
Our engineers manage and monitor file system scans and virus signature database upgrades.
Real time monitoring means your server is protected as soon as viruses are discovered.

Intrusion Prevention Systems
Intrusion Prevention Systems (IPS) are devices used to protect the internal network from all forms of attacks. They watch all network data to detect and block exploits, attacks, reconnaissance attempts and other unwanted traffic. These devices dig deep into the network packets to ensure no unwanted traffic is making its way from the Internet to your servers.

IPS devices also help protect your server from the time delay in vulnerability discovery and the release of OS and application patches. In most cases when a vulnerability or exploit is released, it takes our IPS vendor approximately 3 hours to write and release a signature to stop these attacks. Your server will be protected from newly discovered vulnerabilities and exploits even before the needed patch is applied to your server.

Detects attacks and intrusion attempts and stops them in their tracks.
Provides additional network-based anti-virus for the nastiest viruses affecting the Internet.
Detects and blocks zero hour attacks even before specific OS and application vulnerabilities are known through traffic anomaly protection.
Automatic distribution of the latest signatures to help protect your servers from exploits that are three weeks old or three hours old.

Traffic Management
Utilizing Enterprise Class Juniper routers provide the ability to traffic shape all outgoing traffic. This capability routes all traffic to its destination using the best path available across the globe. This means your Internet traffic will know how to get to your customers using the fastest path possible every time.

Utilizing Foundry SFLOW network metric data collection on all internal switching equipment, combined with the InMon data analysis tools, gives us the ability to monitor network performance real time. These tools report traffic utilization patterns and potential bottlenecks before they occur, allowing us to proactively resolve network issues before they ever affect network performance.

Traffic shaping allows best path fast reliable connections around the globe.
Full BGP4 Peering Partners allow best route decisions based on destination paths.
Enterprise Juniper Routers and Foundry switches provide real time network metrics via SFLOW.
Proactively resolve potential network issues before they affect network performance.

Connectivity and Peering
Dual OC-12 Providers (ATT and Quest) with burst capabilities to full OC-48s allow us to have complete reliable redundancy for all Network traffic. Using these global providers gives us the best possible BGP4 (Border Gateway Protocol) peering partners for local and international network paths, allowing our Enterprise Routers to choose the best route to destination networks and your end users across the globe.

Our Enterprise Juniper Routers have MultiService capabilities that help provide the best route decision to its destination. They can accept full BGP4 route advertisements from our providers and make decisions based on the best path to its destination networks. These routers also provide another layer of security by being able to block certain types of attacks and unwanted traffic without affecting its performance.

Dual OC-12s mean over 1Gbps network redundancy for all traffic destinations, burstable to 4.6Gbps!
Full BGP4 Peering Partners allow best route decisions based on destination paths.
Complete internal Network Redundancy ensures uninterrupted network performance in the event of a network device failure.
Enhanced Security features protect our redundant network to ensure a reliable connection.

Network Diagram

CCTV Monitoring
The entire building and datacenter are closely monitored by our staff using the latest technology CCTV camera systems. These systems are all low light or night vision cameras that capture all traffic that pass into and out of the building, datacenter and all other security zones.

This IP based CCTV system is isolated on a totally separate network that is backed up by our fully redundant power system. We use both fixed point cameras and PTZ cameras so that we can ensure all points are monitored and all areas are recorded. The data that these cameras record are stored for a minimum of twelve months.

IP based CCTV system
Totally separate network for camera system
All ingress/egress points and security zones monitored 24x7
Fixed point and PTZ night vision cameras
All activity recorded is stored for at least one year

Reinforced Entry Points
At every datacenter and building entry point we use only the most secure welded door frames, security glass and reinforced walls and ceilings. This insures anyone entering our facility or accessing your server can not bypass our physical security measures such as biometrics, passcodes, CCTV systems, and keyed entry.

After passing through all security access points that require biometrics and passcodes, we still require authorized personnel to sign out keys required for each and every individually keyed steel cabinet and rack. All cabinets are fully secured and separate from each other.

Security glass, reinforced door frames, walls and ceilings at all entry points
Individually keyed reinforced steel racks and cabinets
Zoned authorized personnel only access to datacenter and individual servers
Can not bypass biometric, passcode, CCTV, and keyed entry points

Biometric Access Control
We use the latest biometric technology to restrict physical access not only to our datacenter but to our offices, NOC, lab and staging areas. This insures that only authorized personnel are allowed into the building and each employee only has access to the areas they require.

At each security zone we require what is called two stage authentication, which means we require not only a physical trait but also a known passcode. In this way we guarantee that the person entering the security zone is who they should be.

State of the art biometric hardware
Facility designed in a security zone approach
Biometric and passcode required to pass through any security zone

Zoned Fire Suppression
Our datacenter is partitioned into 2,500 SQ FT rooms in a zoned approach. This is to insure if a fire is started in one zone no other zones are affected and the fire can be contained to the single zone. Due to the added cost and complexity of zoning distributed cooling, power, and suppression systems, very few datacenters are designed with this extra measure of safety.

Each zone has its own separate FE25 fire suppression system. This fire suppression system is fully managed and maintained by one of the best fire suppression companies in the world, one of the first companies to obtain their ISO-9001 certification.

Fully managed state-of-the-art fire suppression system
Managing company is ISO-9001 certified
Fully isolated 2,500 SQ FT fire suppression zones
The latest fire suppression technology using FE-25

Uninterruptible Power Supplies
Equipment within the data center is provided with conditioned electrical power via two redundant 625Kva Liebert UPS systems. These UPS’s provide both active power conditioning to control voltage sags and spikes, and emergency power in the event of a loss of utility power.

These units are a critical component of the always-on power supply to your equipment as they provide power during the interval between loss of utility power and the firing and synchronization of the diesel generator.

Two Megawatt Diesel Generator
Self-power is provided to the data center in the event of a utility outage through the use of a two megawatt diesel generator and Automatic Transfer Switch (ATS). The generator selected for emergency power needs has been sized with future growth in mind and easily provides ongoing emergency power through the use of a 4,500 gallon base fuel tank and a standby refueling contract.

With sixteen cylinders, four turbochargers, and weighing in at 58,000 pounds, this is a very capable source of backup power. To ensure that the generator is always ready for immediate service, a preset test-firing sequence is executed once each calendar month.

Cooling Systems
Our data center uses a Liebert cooling system that utilizes four 30 ton air handlers in each 2,500 square foot data center zone, each with redundant compressor units and integrated humidity controls. These internal units are supplied by three 50 horsepower coolant pumps pushing supply and return fluids to three external cooling towers. This system provides excellent redundancy, scalability, and environmental management.