Infrastructure
Mondrian is hosted on a web server whose maintenance, connectivity and security is contracted to a third party supplier, who are leaders in the field of infrastructure provision for internet applications.
Our supplier utilises a scalable, redundant "bandwidth-on-demand" solution. Depending on network traffic and nationwide bottleneck status, our supplier's web server traffic is routed down multiple OC-3 Internet connections to Internet backbones, AT&T and Qwest.
Our supplier uses only Cisco routing and switching equipment. Every server is fed into dual Catalyst 3500 high-speed switches that channel all server traffic into redundant Juniper and Foundry routing equipment, using BGP4 routing protocol for complete redundancy. If one router should have an equipment failure, the other one picks up the traffic. This lowers the possibility of network downtime due to an equipment failure
Our supplier's internal network is 100% hardware redundant. They have invested heavily in our network from the ground up to make sure we have NO single point of failure. Firewalls are implemented at the core router and internal network level.
All electrical power from supplied by local utilities is fed to the data centre via three separate power grids. All electrical connections are backed up using multiple Liebert UPS battery backup systems in a N+1 configuration. In the event of an extended outage, power is supplied to the datacentre using a diesel generator supplied with a 30 hour full capacity and a proactive refuelling contract with a local supplier.
Internal atmospherics are monitored 24x7x365 to ensure the temperature and humidity of the data centre are providing an optimal environment for the server and network equipment.
Overall data centre security is provided using multiple levels of security including camera surveillance, key card access, biometric hand scanning and 24x7x365 on-site personnel.
Connectivity to the Internet is provided via multiple, physically diverse, carrier-agnostic high-speed OC3 connections. Local access at the data centre is provided through multiple, physically diverse, carrier-agnostic, OC-48 sonet connections.
The data center is both physically and logically secure. It is protected 24x7x365 by internal and external cameras, which are monitored by the Network Operations Centre. The front door is protected by a badge reader system and badge access is required to enter the building. Before access to the actual data centre area is permitted, one must first pass through the "man trap" area, which is a concrete hallway protected with a badge reader for initial access and then a biometric hand scanner, personal security code and a camera to ensure physical and visual confirmation of identity. This entire process is monitored 24x7x365 by the Network Operations Personnel.
The server sits behind dedicated firewalls and F5 BigIP Controllers which constantly monitor and analyze all network traffic. Our supplier has multiple security policies in place to assist in the prevention of a network interruption in the event of a malicious attack. They host B2B Intranets and Extranets for a number of financial institutions, and their security policies and procedures have been audited EXTENSIVELY by several third-party organizations.