Resilience
Our experience in delivering cloud services has proven that the delivery of applications back into customers is highly dependent on the performance of the network and therefore MDNX recommends that if customers are making the transition to cloud services, they should ensure both computing and networking components are delivered as an integrated solution.
The MDNX cloud platform is made up of multiple layers, with risks and performance issues addressed at each level. This ensures that the resulting platform is capable and highly available.
Virtualisation Layer
The foundation computing power is harnessed by an enterprise class hypervisor, providing centralised control, monitoring and reporting at the guest, host and component level. It is enabled with advanced disaster recovery features to ensure faults at the hardware level do not impact on the availability of the guest machines.
Guest servers/appliances within the cloud platform are contained within a resource pool, with enterprise features such as Distributed Resource Scheduler (DRS), and High Availability (HA) enabled. The resource pool is spread across the hardware platform, which in turn is spread across MDNX datacentres. DRS performs the role of load balancing the guest servers/appliances over the hardware layer, while HA ensures failover in the event of a node/enclosure/datacentre failure.
Compute Power Layer
Each participating datacentre is equipped with HP Blade Infrastructure, offering the following features:
• Modularised platform designed for scalability, offering multiple points of resilience while minimizing the use of physical space and power.
• Each Enclosure is populated with Half-Height Blades to increase density, mitigate risk and impact of failed nodes.
• Built on Next generation Intel Virtualisation Technology enabling best-in-class virtualisation performance.
Storage Layer
The storage platform is based on HP SAN technologies; each tier of storage is resilient at the disk, shelf, and node level with multiple access paths.
Data Centres
The MDNX Cloud Computing services are delivered from geographically dispersed data centres. These data centres are Tier 3+ and comply with the quality and security standards required by the Public Sector and Large Enterprises including Financial Institutions. The datacentres sit on MDNX’s nx10G core network with diverse connectivity in and out of each location.
Security
MDNX combines its integration capability with its cloud infrastructure to deliver secure and resilient solutions to businesses at a compelling price point and optimal design. It has implemented stringent security procedures and access controls to networking and cloud services based on industry standards.
Technical security controls
MDNX guards its data networks with several layers of physical and logical security mechanisms, some examples being:
Network access is controlled (and logged) by:
• Physical security
• Firewalls
• Management and monitoring systems
• Routers with strict access policy
• Password management
• Virtual Private Networks (VPN’s) – MPLS or IPSec based
• Automatic log analysis systems
Managed network devices are configured using an AAA framework (Authentication, Authorisation, Accounting) and furthermore, all remote devices are configured with ACL’s (Access Control Lists).
In addition, all NMC (Network Management Centre) facilities and Management and Core infrastructure are physically secured via controlled access procedures and facilities such as carrier grade colocations for infrastructure.
MDNX works with a number of security groups and forums from a number of leading vendors such as Juniper, Cisco and Stonesoft to monitor industry best practise, legal compliance and current security threats.
ISO27001
As well as the technical security controls that have been adopted by MDNX in the delivery of customer network and cloud solutions, MDNX have gained the ISO27001 accreditation.
ISO27001 is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Its full name is ISO/IEC 27001:2005 – Information technology — Security techniques — Information security management systems — Requirements.
ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control.
ISO/IEC 27001 requires that management:
• Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
