Physical datacenter security

  • Rackspace personnel on duty 24/7/52
  • All Rackspace personnel are required to display their identity badges at all times when onsite at Rackspace facilities
  • Two factor authentication is used to gain access to sensitive areas of the datacenter:
    • electromechanical locks are controlled by biometric authentication and key-card/badge
  • Only authorized Rackspace personnel have access to data center facilities
  • Closed circuit video surveillance at all entrance points on the interior and exterior of the building housing the data center facilities

Datacenter redundancy

  • Redundant HVAC units
  • Redundant lines of communication to telecommunication providers
  • Fire detection and suppression systems (inspected at least yearly)
  • Multiple uninterruptible power supplies (UPS) with N+1 redundancy and instantaneous failover in the event of a primary UPS failure
  • Diesel generators with N+1 redundancy (run at least every 120 days and serviced at least annually by a third-party contractor)
  • Fuel contracts maintained with multiple providers for prioritized resupply of diesel generators
  • Cabinets wired to separate power distribution units (PDU) to provide redundant power
  • Raised flooring to protected hardware and communications equipment from water damage

Network redundancy

  • Continuous monitoring of connectivity and performance to multiple bandwidth providers, including all routers and switches
  • Highly available, fully redundant enterprise-class Cisco routing and switching equipment
  • Highly available, fully redundant enterprise-class F5 load balancing equipment
  • Redundant power to all infrastructure routers and switches
  • Redundant fiber connections to Internet backbone connectivity providers
  • Advanced route optimization technology to provide efficient routing among the multiple backbone carriers connected to the datacenter
  • Servers monitored on a real-time basis for availability via ICMP

Network and server security

  • Cisco firewall employed at network perimeter to block all unused protocols
  • Dedicated virtual network (VLAN) for logical segmentation of ion interactive servers within Rackspace’s network infrastructure
  • Distributed-denial-of-service (DDoS) attack mitigation services available
  • Active intrusion detection system from AlertLogic
  • Access to ion interactive servers restricted to only an approved subset of ion interactive’s engineering team via secure VPN connections
  • All system administrator access to ion interactive servers logged to an audit trail
  • Anti-Virus Protection is used to scan servers for viruses and infected files are automatically quarantined (Rackspace maintains current virus signature updates)
  • Dedicated/independent IP address for each ion customer

Server/application reliability

  • Dedicated failover service paired with Cisco and/or F5 load balancer(s) provides seamless HTTP/HTTPS redirects to customer-specific URL in the instance of an interruption to the ion service
  • Immediate alerts to engineering team in the instance of any such failover, with weekly assigned “on call” engineers as first responders to such events
  • New application software releases go through a five-stage verification process: independent developer verification, QA server test, alpha test, beta test, and engineer-observed final production release
  • Primary server hardware failures are guaranteed to be replaced within 1 hour or less (meanwhile, the failover service would be in effect)
  • Redundant server hardware is available for fast-track replacements
  • Rackspace network and hardware engineers are standing by 24/7/52 for immediate detection and resolution of any such hardware failures
  • ion interactive “sentry” service on each server automatically notifies the ion interactive engineering team in the event of system-level anomalies
  • Centralized monitoring of all ion interactive consoles via a tailored “farm” application that is reviewed daily by ion interactive’s engineering and account management teams
  • Personalized account management service available via telephone and email M-F 9am-5pm ET; a toll-free emergency number for any after-hours incidents that will escalate response 24/7/52