Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Available Hosting Services for clients of The ASAM Criteria Software Version Control Date 8/19/2013 Version 1.0 Author(s) Gordon Campbell Brief Description of Change Initial draft FEi Systems | 7175 Columbia Gateway Drive | Suite A | Columbia, Maryland 21046 tel: (443) 270-5100 fax: (410) 715-6538 | www.FEIsystems.com Page 2 Intent of Document This document describes the services which will be provided for those clients who opt to use FEi Systems to host data related to The ASAM Criteria Software. Hosting Environment FEi uses Equinix Internet Business Exchange (IBX) centers located in Ashburn, Virginia and Omaha, Nebraska. Equinix provides ‘network-neutral data centers’ serving as core hubs for critical IP networks and Internet operations. The stateof-the-art facility boasts industry-leading security, operating environment controls, and power resources and management. This multisite hosting approach decreases the potential for environmental outages. The colocation vendor used by FEi has a global uptime average of 99.9999%, with over 7 million square feet of datacenter space, across 13 countries in 5 continents. The hosting facility uses biometrics to control access to the facility and the cages. The biometric devices are hand geometry readers manufactured by Recognition Systems. The hand readers and required pass code restrict movements between the following areas: welcome area to the “man trap”; “man trap” to the main center; main center to the server area; and server area to the cages. Server Configuration Figure 4.1 presents the application topography we employ to ensure data security. Figure 4.1 The only IP address permitted to connect to the database server is the app server. No servers are placed in the DMZ – instead the HTTPS specific port is opened on the external firewall. Secured (HTTPS) access to the website. 2 levels of firewall protection. Backup and Recovery Plans. Offsite data storage. FEi Systems | 7175 Columbia Gateway Drive | Suite A | Columbia, Maryland 21046 tel: (443) 270-5100 fax: (410) 715-6538 | www.FEIsystems.com Page 3 Facility Attributes Environmental Factor i. Fire suppression Facility Attributes o Protected with a dual-alarmed, dual interlock multi-zoned, dry pipe, water-based fire suppression systems armed with sensory mechanisms (HSSD) to sample the air and give alarms prior to pressurization. o System trip protected by multiple cross-linked events, including ceiling mounted smoke-heads and smoke ‘sniffers’ and required sprinkler-head trip in order for dry-pipe system to activate. o Fire suppression is localized at the event-point, only. ii. Flood control o Facility is located above sea level. o No basement. o Dedicated pump rooms. o Drainage / evacuation systems. o Tightly sealed conduits. o Moisture barriers on exterior walls. o Moisture detection sensors iii. Earthquake o Structural systems meet or exceed seismic design requirements of local building codes. o Equipment and nonstructural components, including cabinets, are anchored and braced in accordance with the requirements of the 1997 Uniform Building Code. Server and Connection Monitoring The server and connection is continuously monitored 24 hours a day, 7 days a week. Technical support and problem resolution will be handled through a multi-tiered notification arrangement. The following procedures cover all failure FEi Systems | 7175 Columbia Gateway Drive | Suite A | Columbia, Maryland 21046 tel: (443) 270-5100 fax: (410) 715-6538 | www.FEIsystems.com Page 4 types, e.g., electrical power, network connectivity, Firewall issues, VPN connectivity, environmental issues, or hardware/software issues. Level One – Microsoft System Center Operations Manager will be used to issue ‘managed automated alerts’ to FEi support personnel. Level Two – The automated system will use a ‘hunt sequence’ of notification to elicit a positive confirmation of receipt response. Level Three – Technical support will be dispatched to address error condition: 1st Action – Diagnosis of problem area and domain area classification. Create automated trouble report for tracking, resolution, and documentation purposes. 2nd Action – Correct problem condition (or) assign to Domain expert for resolution. If required, FEi technical staff may notify other appropriate personnel for support, e.g., hardware failure and required parts replacement. Escalate, as necessary, to ensure prompt resolution of problem. 3rd Action – Problem resolved; trouble report documented within automated tracking system; email alert to appropriate State and FEi personnel. Redundancies The hosting facility’s fully redundant and uninterruptible electrical system is designed to provide continuous service. The configuration and back-up are as follows: Overall system is N+1 redundant. AC and DC raceways with 2N distribution. AC power deliver via distributed redundant UPS systems. Batteries with at least 7 minutes full load operation (diesel engine generators take roughly 8 seconds to synchronize and assume load). 48 hours’ worth of generator fuel with contracts with multiple fuel providers. Isolation K factor transformers used for 480 volt UPS to 208/120 volt. FEi provides redundant storage through the use of Redundant Array of Independent Disks (RAID). Full data is written in real time to multiple disks in the array. This prevents the loss of data in the event that a disk becomes inoperable. Furthermore, our RAID configuration allows continued use of the system throughout a disk failure, service, or replacement. When the out of service disk resumes operation, data mirroring across the array is regained by writing from the disk that remained in service. Firewall The network’s firewall is provided by a Juniper Networks SRX 240. This device protects against worms, viruses, Trojans, spam, and emerging malware at a firewall performance level of 400 Mbps. Additional firewall features include: Network attack detection. DoS and DDoS protection. TCP reassembly for fragmented packet protection. Brute force attack mitigation. SYN cookie protection. Zone-base IP spoffing. Malformed packet protection. Protocol anomaly protection. IPS/DI attack pattern obfuscation. Anti-keylogger. FEi Systems | 7175 Columbia Gateway Drive | Suite A | Columbia, Maryland 21046 tel: (443) 270-5100 fax: (410) 715-6538 | www.FEIsystems.com Page 5 Emergency Management/Business Continuity In this section, we will provide details on how FEi responds to three types of system failures as examples of our effective approach to emergency management. FEi’s emergency management plans are based on the method presented in Section 4.1.7. These plans are designed to re-establish connectivity and application availability in less than 24 hours. One of the keys to our ability to quickly resolve such problems is rapid identification of the failure and assignment to the appropriate FEi specialist. Physical security Physical entries to the development datacenter is controlled and monitored through electronic means, allowing only IT access. The production (hosting) data center is SAS-70 audit compliant, ensures DOD-class physical security including; biometric scanning, government picture ID required for access, guard patrolling, redundant electronic activity monitoring with power and cooling substructure that exceeds N+1 system standards. Backups FEi provides back-up and recovery services using Microsoft Data Protection Manager, a fully-automated and managed service that includes data encryption. Backups are tapeless, disk to disk and multi layered. Complete snapshots of the virtualized servers are completed every two hours using Microsoft data protection manager. Next is real-time, blocklevel replication of the production SAN in Ashburn, VA to the development SAN in Columbia, MD, completed over a 1GB pure fiber connection. Finally the individual production databases are off-line copied to disk every twenty-four hours. These systems are monitored by three teams – FEI customer support, database administrators and by IT personnel at the network operations center (NOC) in Columbia, MD. Failure at any of these recovery points, initiates an alert message for immediate attention by the support teams. Back-ups can be kept for up to seven years according to client and/or regulatory requirements. Disaster Recovery FEi has a comprehensive Disaster Recovery Plan in the event that a failure occurs despite the many redundancies built into the hosting environment. Datacenters are tested manually for three scenario types by the IT department on a monthly basis. This testing is executed using backups from live customer production sites, spanning the application and database systems. Details on FEi’s Disaster Recovery Plan can be provided upon request. Assumptions These services do not take into account any data feeds or data exchanges with third party systems. If that is needed, it will be considered an enhancement and subject to additional costs. Alaska currently writes their own SSRS reports and this proposal assumes that this would continue to be the case. Alaska would be provided with access to their production data in such a manner that reporting would not be negatively affected. Stakeholders Role ASAM Criteria Software Product Manager ASAM Criteria Software Technical Support Name Gordon Campbell Tony Calice FEi Systems | 7175 Columbia Gateway Drive | Suite A | Columbia, Maryland 21046 tel: (443) 270-5100 fax: (410) 715-6538 | www.FEIsystems.com