Commitment to security
Arsys has adopted an integrated security model certified by the international standard ISO 27001, since October 2007. This model includes an Information Security Management System that incorporates both the physical and logical security of its facilities.
Arsys annually submits external audits of safety: an intrusion test, audit of application source code and an industrial audit of its Internet Data Centres.
General configuration of the Data Centre
The main Arsys Data Centre has adopted the “Invest as you grow” model, allowing the infrastructure to grow according to capacity demands.
Each IT room is 250 m2 and has the following features:
› Redundant electrical connection:
- › Two 1000 kVA transformers
- › An extra transformer for every two rooms
› Protection against power outages:
- › Two UPS (550 kVA + 275 kVA)
- › Two 1100 kVA generators
- › An extra generator for every two rooms.
- › Short-term:
- › 2 380 kW water chillers
- › An extra chiller for every two rooms
- › A 600 kW cooling tower
- › Six 120 kW CRAC units
This Data Centre is classified as TIER 2, although Arsys is making improvements to the infrastructure on which this classification is based. This is because Arsys wishes to offer its clients the best security conditions at the lowest cost.
To achieve this, Arsys has developed several R&D&i projects focused on optimising infrastructure and mastering virtualization techniques, allowing us to offer services with reliability levels you'd expect from a TIER 3 Data Centre, at a similar cost to services housed in TIER 2 Data Centres.
- › Redundant electrical connection:
The power supply in the Data Centre is redundant from the transformers powered by the electricity company through two High-Tension connections, to the UPS that provides clean, uninterrupted power to the servers as mentioned above.
Arsys has advanced fire detection systems, supported by ion and laser detectors.
Once a possible incident has been detected, Arsys' qualified staff can use a number of different extinction systems depending on the risk and severity of the outbreak, or allow the inert gas extinction system to be activated.
The Arsys Data Centre is more energy efficient thanks to its cooling towers that support the redundant cooling systems . These cooling towers allow the company to take advantage of the outside temperature to significantly reduce the energy needed by the cooling system, as well as minimising CO2 emissions.
Thanks to these innovations, up to 40% less energy is consumed by the environmental control system of the Arsys Data Centre, specially designed to achieve a Power Utilisation Effectiveness (PUE) value of 1.45 and a rating of "Excellent". The PUE scale is used in the industry to assess the energy efficiency of data centres.
Technical and Electrical Room Enclosures
The very design of the technical rooms, set in 250m2 spaces, allows us to use energy more efficiently thanks to the special enclosures made of sheet metal panels insulated with rockwool.
These panels also provide fire protection, mechanical stability and electromagnetic and acoustic seals. Therefore, should a disaster occur in one of the rooms, the rest of the services housed in the Data Centre will continue to operate normally.
Similarly, thermal stability is achieved by minimizing the loss of cold air and improving energy efficiency.
Infrastructure Control System
The Data Centre has a Supervisory Control and Data Acquisition System SCADA which incorporates the following features:
- › Transformers
- › Generators
- › SAIs
- › Chillers
- › Cooling Towers
- › CRACs
- › Water circulation pumps
- › Fire protection
Access Control System
The facility has an integrated security system, with closed-circuit television, which controls access to the facilities through all possible routes, operated by on-site security staff around the clock.
Access to interior rooms is controlled by a proximity card and presence detectors linked to the access control system.
The facility has a perimeter protection system used to detect and deter any intrusion attempt.
Vulnerability Management and Analysis
Arsys uses tools on a daily basis to systematically analyse potential vulnerabilities of the servers it manages, as well as the servers of clients who, despite administrating their own machines, have requested this service.
These tools identify potential threats, specific points of action and possible errors in patching or updating procedures, automatically generating the support tickets necessary for the technical staff to make the appropriate countermeasures and remove these vulnerabilities.
They also generate reports making it possible for us to monitor our level of compliance with the most common standards.
Arsys has an intrusion detection and prevention system (IDS/IPS) which scans and filters server traffic. It not only analyses what kind of traffic it is, but also reviews the content and its behaviour.These systems detect and block attacks and intrusion attempts targeted at servers, from the network level to the application layer.
This platform allows us to establish the correlation between the 150 million events generated each day by our clients' active services and configure specific rules to filter undesirable situations or behaviours.
As in the case of the vulnerability management and analysis solution, this system generates reports making it possible for us to monitor our level of compliance with the most common standards.
Lastly, it's a centralised source of information that allows us, if necessary, to carry out a forensic analysis of the architectures housed in the Data Centre.
Online services are constantly subjected to attacks aiming to exploit the vulnerabilities of the applications on which they work. As this number of attacks is extremely high, and rising, Arsys completes its range of security services by also offering a web-based application firewall, which allows you to detect and prevent attacks that are much more specific than those detected by intrusion detection or event correlation systems.
This tool protects companies' web-based corporate applications as well as the web pages of clients who request it as a value-added service.
The High Availability Centre (HAC) is the control room of the Arsys Data Centre. The access to the technical rooms is heavily restricted for security reasons. All the machines in our Data Centre, along with the network connectivity elements, are connected to the HAC, which ensures the servers' performance, availability and the traffic they generate. From the screens in the HAC, we can monitor the state of the servers, communication lines, services, etc. around the clock. From here, we can also activate the necessary protocols in the event of any kind of incident: electrical, technological, connectivity…
Besides monitoring the state of the services, the HAC controls the perimeter security systems, which make unauthorised access to the facilities and different rooms impossible.