I2k2 Data Center Security

Contents
Site Location and perimeter: .............................................................................................................................................. 2
Physical Access ......................................................................................................................................................................... 2
Concentric control boundaries: .................................................................................................................................... 2
Datacenter building ........................................................................................................................................................... 2
Single access point control ......................................................................................................................................... 2
Biometric devices........................................................................................................................................................... 2
Goods X-Ray ..................................................................................................................................................................... 3
Body scanner ................................................................................................................................................................... 3
Smart card access........................................................................................................................................................... 3
Internal sensitive areas .................................................................................................................................................... 3
Biometric devices........................................................................................................................................................... 3
Smart card access........................................................................................................................................................... 3
Infrastructure ............................................................................................................................................................................ 3
Secure cages and racks ..................................................................................................................................................... 3
Fire protection ..................................................................................................................................................................... 3
Water Proofing..................................................................................................................................................................... 4
Power Management ........................................................................................................................................................... 4
Air Conditioning .................................................................................................................................................................. 4
Rack Management .............................................................................................................................................................. 5
Closed Circuit Television (CCTV) ................................................................................................................................. 5
Network ....................................................................................................................................................................................... 5
Network planning ............................................................................................................................................................... 5
BGP....................................................................................................................................................................................... 5
Firewalls ............................................................................................................................................................................ 5
Switches ............................................................................................................................................................................. 5
Data backups ........................................................................................................................................................................ 6
Disaster recovery plan....................................................................................... Error! Bookmark not defined.
Noida Data Center
H 223, Block,Sector 63
i2k2 Networks hosts all the servers at NTT -Netmagic Noida Datacenters @ Noida Sector 63

The Data center is a specialized facility that houses servers which hosts Web sites and provides
data serving and other services for other companies. Netmagic contains the following areas as a
part of their Datacenter:

1. Network operations center (NOC): A restricted access area

containing automated systems that constantly monitor
server activity, Web traffic, and network performance
and reports even very slight irregularities to engineers
so that they can spot potential problems before they
happen.

2. Server Rooms: Where all the servers are kept.

The security of data center is maintained by applying physical

barriers and control procedures and preventive measures or
countermeasures against threats to resources and sensitive
information.

Site Location and perimeter:

The datacenter has been appropriately positioned
geographically. Care has been taken that it is above the water
table / flood level, away from fire prone areas, electromagnetic
and physical hazards and in a location that can be physically secured against unauthorized access.

It’s build inside the tallest building of Montreal and therefore has complete seismic protection.

Physical Access
The physical access controls suitable for our datacenter security requirements has been
professionally specified, designed, installed and maintained.

Concentric control boundaries:

Perimeter security fence and weapon equipped guards

Datacenter building
The datacenter building has following security features:

Single access point control

There is a single location from multiple entries where a person is required to report prior to
entering the internal premises / floors of the Datacenter Building.

Biometric devices
The entry is permitted after verification thru the Finger print scanners, eye / retina scanners.
Goods X-Ray
The installed X-Ray machines scan the bags and belongings or other goods going inside the
Datacenter premises.

Body scanner
Body scanners have been installed to scan the visitors for any
metal or chemicals that they may be carrying.

Smart card access

The use of smart cards to access ensures only authorized
person to enter the premises. This also helps to maintain the in-
out data of the personnel who are accessing the restricted areas.

Internal sensitive areas

All different locations within the Datacenter have restricted
access and only authorized people are allowed to enter the
designated sensitive areas as per Access Permissions Granted to the access cards. Controls are
applied over who can access the facility and when they can access it.

Biometric devices
The entry is permitted after verification thru the Finger print scanners,
eye / retina scanners.

Smart card access

The use of smart cards to access ensures only authorized person to enter
the premises. This also helps to maintain the in-out data of the
personnel who are accessing the restricted areas.

Infrastructure

Secure cages and racks

All Racks are routinely locked and keys carefully controlled. Usage of pass coded electronic lock is
implemented with routine change of lock pass codes. The issues and passes, especially master keys,
are carefully controlled with frequent reviews and reconciliation.

Motion detectors, micro-switches, pressure pads are used to indicate when doors or racks are
opened, racks are moved or accessed.

Fire protection
A strictly-enforced no smoking policy is in place for the entire facility. No Overloading of power
cables and outlets is allowed and is fully monitored. Any flammable materials paper, cardboard,
plastics and solvents are not allowed inside the datacenter areas. Any chemical that may be
hazardous for people health or cables and servers are not allowed inside.
Fire alarms, heat and smoke detectors, automated fire suppression, extinguishers, emergency exit
routes are well in place. Entire fire protection system is certified by local authorities from time to
time.

Non-flammable self extinguishing furniture, carpets, wall coverings, fixtures and fittings are used
inside the premises. Only low smoke cable jackets are used within the datacenter for all forms of
cablings.

Water Proofing
Roofs, windows, doors, walls and cable ducts are sealed against rainfall and flood water and are
properly maintained. No water is used for fire extinguishing. Water leakage detector loops and
sump pumps are used at lower points under raised floors. Drip trays under air conditioner units,
pipes etc. are used with proper drains and water detection to reduce the risk of problems from
condensation or leaks.

Power Management
Adequate power capacity is monitored to prevent the sudden supply failures and fires caused due
to overloading. Multiple / Redundant power sources are in place including diesel (not gasoline)
generators. Computer grade, on-line no-drop sinusoidal output with frequency and voltage control
is used for uninterruptible power supply for servers and disk arrays. Mains regulators and filters
are used for power line noise, spikes, frequency and voltage fluctuations (brownouts).

Generators with extra underground fuel tanks are kept at standby to run all essential equipments
and have auto start capabilities.

UPS racks with 30 minutes of backups are used

to fill the gap between power cut and starting
of the generators. Cell conditions are checked
regularly, and the overall battery capacity is
confirmed regularly by run-down testing.

Switching panels allow for alternate power

feeds to be routed to essential equipment
without interruption and for isolation of power
segments for safe maintenance of power
equipment, installation of additional power
outlets etc.

Regular preventive maintenance and testing including full on-load tests of generators, UPS systems,
switchgears etc is carried out. The quality of the clean (e.g. Voltage, Amperage, Frequency, Spikes,
Noise) electrical supply to equipment is monitored continuously and compared against the
“original” incoming supply.

Air Conditioning
“Computer grade” highly reliable air conditioner units are used for proper cooling. All these units
are located to avoid hot spots. Temperature monitors inside the racks and overall room sensors are
used with local indicators and connected to a remote monitoring console. Routine preventive
maintenance e.g. cleaning, checking mechanical and electrical operation, coolant levels, condensers,
changing filters etc are done. Standby emergency air conditioners are in place to cope with air
conditioner failure, outage due to maintenance or inadequate capacity for peak demand.

Rack Management
Cables are laid neatly in conduit and cable trays, and properly but discreetly labeled to provide
reliable power and data feeds to the datacenter equipment. Cabling diagrams are regularly updated
and maintained and checked periodically before undertaking any maintenance work.

Incoming cables are routed underground in sealed, secure conduits encased in concrete.

Closed Circuit Television (CCTV)

Closed circuit television monitoring professionally designed with suitably located day/night
cameras covering all entry points (including the delivery yards and fire escapes). Video recording
are reviewed frequently. All incidents are logged and shown to guards for training purposes.

Network

Network planning
i2k2 has setup the professionally designed network with the help of professionals using best
equipments and applications provided by APC, Cisco, Netgear and Dell. The entire network has
been planned to prevent any single point of failure. To prevent failure, all elements of the electrical
systems, including backup system, are typically fully duplicated, and critical servers are connected
to both the "A-side" and "B-side" power feeds. This arrangement is made to achieve N+1
Redundancy in the systems. Static switches are used to ensure instantaneous switchover from one
supply to the other in the event of a power failure. Each network cable line is actually two network
cables on two different network cards teamed for Failover. If one goes down, the other takes over
ensuring redundancy.

BGP
All core routing decisions on the internal network are managed using BGP (Border Gateway
Protocol) which maintains a table of IP networks internally used to designate network reach ability.
BGP redundant routers, failover cable and failover switches have been configured to automatically
shift the incoming connection to other connections without any failure.

Firewalls
Redundant Cisco and IPCop Firewalls have been installed along with failover switches and failover
cables.

Switches
We have used Gigabit fully managed, stackable Cisco and Netgear smart switches to deliver
maximum throughput and flexibility. Our Layer 2 and Layer 3 switching functionalities ensure
reliable network segmentation and routing along with robust security to deliver intelligent edge
connectivity for essential business applications and websites.
Data backups
Our backup environments ensure that critical data remains available to your business by
monitoring service 24x7 to improve efficiency and reduce the risk of downtime and data loss.
Professionals with a deep technical knowledge and practical, hands-on experience monitor the
entire replication of the data.

Enterprise SANs are used to take backups and restore the clients' hosted environments. The
backups are taken over the network and stored at the remote location. We take daily partial
backups and full weekly backups to ensure that incase of any outage, everything can be restored in
minimum possible time.