eNlight Cloud Technology Architecture

eNlight Cloud has been designed to the latest industry security standards, with scope to improve this further so that as a platform, eNlight is able to counter all potential threats that exist today and in the future.With eNlight Cloud you can be guaranteed the highest levels of security possible, making it an ideal solution for any business seeking a hosting for a mission critical website.Whilst, we adhere to the rules and regulations and our staff is trained enough to the highest levels possible so that our customers can be confident in their ability to develop a secure Cloud hosting environment.

Data Center

bodHOST utilizes a high security Tier III data center that is based around a core network which features no black holes or single points of failure.Multiple Tier III connections are responsible for adding a level of redundancy to our core networkguaranteeing fast connection speeds for all customers.

Hardware failure is totally prevented with the use of well-known brands such as Cisco and HP. The network utilizes Border Gateway Protocol v4 (BGP4) over dark fiber and long haul wavelengths; the switches used in the eNlight Cloud are connected to the core router via fiber.

Security Standards Observed

The following standards have been observed with the development of eNlight Cloud to enhancethe security:

  • ISO 9001
  • ISO 20000/BS 15000
  • ISO 27001/BS 7799

Platform Infrastructure

eNlight Cloud is developed around the usage of a hypervisor layer, a technology that effectively isolates individual VMs from one another.VMs utilize virtual disks rather than physical storage devices.The eNlight Virtualization layer resets the chunk of storage used by a customer, therefore meaning that a customers' data will never be revealed to another customer.Enterprise storage devices are used to provide VMs with disk space, multiple security layers being in place to secure customers' data; industry best practices have been observed at every stage with eNlight Cloud so that you are able to place your full trust in the platform.Our enterprise storage devices are completely isolated from the public network and instead the secure communications take place within the context of an internal LAN for the purpose of security.

Server Isolation and Security

eNlight also features an isolation layer whose role it is to replicate the Cloud resources of VMs to match the requirements of the host server at the time of execution. Through this method of data interpretation, applications are able to run in the eNlight Cloud "as it is" without the need for any modification as the applications uses the resources of the eNlight VM in the same way as they would use those of a physical server. eNlight has been developed around a set of tightly integrated modules that expands as your Cloud does so that the same levels of security is maintained at all the stages.

Storage Security

For improved security, the servers that are responsible for storage in the eNlight Cloud are fully isolated from the public network; this reduces the threat of any attacks, because hackers won't be able to access the private network on which the storage servers are hosted. Furthermore, our employees are limited to viewing the metadata of your files only and will not have access to the contents of your eNlight account. bodHOST has also implemented regulated routing policies that specify the users who are allowed to access the cloud resources.

Network Isolation

With in-flight Cloud, advanced Virtualization techniques are deployed so that different networks can be hosted on the same hardware. This allows resources to be partitioned effectively. The benefits of using network isolation include:

  • Viruses are unable to spread throughout eNlight Cloud
  • eNlight Servers can't be attacked because hackers lack the authority and credentials necessary to establish the connections to commit such attacks

Network Security

Layer switches powers the backend of our network, with every customer being hosted on a vLAN for improved security. This configuration allows us to protect customers from a range of network vulnerabilities such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MitM) attacks, IP spoofing, port scanning and packet sniffing.

eNlight Cloud provides security at all levels; these levels being the operating system of the host machine, the OS running on the VM and the firewall.The main network security features of eNlight Cloud can be summarized as follows:

  • Private vLANs
  • Optional hardware firewall for improved security or load balancing for improved stability
  • Anti-spoof and anti-sniff firewall technology
  • Customer isolation in Public Cloud
  • MitM attacks and IP theft are prevented using ARP access lists
  • Traffic is analyzed using a Cisco anomaly detector
  • The Cisco Anomaly Guard is used to protect the network from DDoS attacks
  • Traffic is blocked using an Out of Path filtering systems so that normal traffic isn't impacted

Protection Against IP Spoofing and Theft

IP and MAC address policies are utilized in the eNlight Cloud to guarantee that no IP thefts occur.IP addresses are bound to the MAC address of the VM that they have been assigned to.These policies are also implemented on our routers so that if the MAC address gets spoofed, no traffic will be forwarded to the unknown MAC.In addition to this, the eNlight interface doesn't accept traffic having an address of an internal IP range.Our host-based firewall infrastructure doesn't allow any VM to send traffic using any IP address other than its own.

Security Against Internet Threats

Some of the protection mechanisms that have been implemented to mitigate the seriousness of potential threats include:

  • Enabling of Software firewall on every server
  • An IDS is implemented alongside the router so that traffic is continuously monitored and threats can be blocked as soon as they are detected
  • Our 24x7 NOC team keeps a close lookout for abnormal network behavior

Monitoring of Uptime

Our US data center is manned by a team of NOC (Network Operations Center) engineers 24x7 so that if any issues are identified, they can be rectified as they are discovered rather than being left to develop to a point where reliability could be impacted.

eNlight Cloud includes automated monitoring tools that deliverhigh levels of performance and reliability.eNlight's built-in monitoring tools are designed to monitor key operational metrics; in the event that any of the thresholds are crossed, the operations will be monitored and responded immediately by our support staff.Our support staff is provided with the access to all the necessary documentation that can be utilized to handle incidents efficiently.

eNlight can automatically scale VMs that are facing resource constraints.These changes are logged in real time and clients are able to monitor these additional resources on an hourly, daily, weekly, monthly or yearly basis.To minimize costs, resources are provided to clients in 90 second cycles only.

Secure VM Management

Before providing support, our support staff will verify the identity of the customer raising the support incident.The client's email address is utilized as the primary access parameter for eNlight Cloud.Access Control Lists mean that the staff only has access to the eNlight management tools that are required so that the damage can be limited in the event where an account becomes compromised.

Security Against Privileged Users

Our data center is protected using seven separate layers of security and is covered by surveillance systems that are monitored 24x7.One of these security measures is ensuring that all hardware is located behind a firewall to mitigate the threat of potential attacks.These firewalls then store logs of all traffic activity so that they can be referred back in the event of an attack.ACLs (Access Control Lists) are in place at every stage to ensure that only those who are meant to have access to particular systems are granted with particular access.Access to the network, hardware nodes and storage facilities are handled separately.

eNlight Cloud itself has been developed using 3 layers of isolation, these are:

  • Our client's details and server login credentials are isolated to the highest layer and only the client has the authority to disclose these
  • Billing area and Cloud servers
  • Layer 3 switches offer network and security isolation
Copyright © bodHOST Ltd. All rights reserved.