eNlight Cloud has been designed to the latest industry security standards, with scope to improve this further so that as a platform, eNlight is able to counter all potential threats that exist today and in the future.With eNlight Cloud you can be guaranteed the highest levels of security possible, making it an ideal solution for any business seeking a hosting for a mission critical website.Whilst, we adhere to the rules and regulations and our staff is trained enough to the highest levels possible so that our customers can be confident in their ability to develop a secure Cloud hosting environment.
bodHOST utilizes a high security Tier III data center that is based around a core network which features no black holes or single points of failure.Multiple Tier III connections are responsible for adding a level of redundancy to our core networkguaranteeing fast connection speeds for all customers.
Hardware failure is totally prevented with the use of well-known brands such as Cisco and HP. The network utilizes Border Gateway Protocol v4 (BGP4) over dark fiber and long haul wavelengths; the switches used in the eNlight Cloud are connected to the core router via fiber.
The following standards have been observed with the development of eNlight Cloud to enhancethe security:
eNlight Cloud is developed around the usage of a hypervisor layer, a technology that effectively isolates individual VMs from one another.VMs utilize virtual disks rather than physical storage devices.The eNlight Virtualization layer resets the chunk of storage used by a customer, therefore meaning that a customers' data will never be revealed to another customer.Enterprise storage devices are used to provide VMs with disk space, multiple security layers being in place to secure customers' data; industry best practices have been observed at every stage with eNlight Cloud so that you are able to place your full trust in the platform.Our enterprise storage devices are completely isolated from the public network and instead the secure communications take place within the context of an internal LAN for the purpose of security.
eNlight also features an isolation layer whose role it is to replicate the Cloud resources of VMs to match the requirements of the host server at the time of execution. Through this method of data interpretation, applications are able to run in the eNlight Cloud "as it is" without the need for any modification as the applications uses the resources of the eNlight VM in the same way as they would use those of a physical server. eNlight has been developed around a set of tightly integrated modules that expands as your Cloud does so that the same levels of security is maintained at all the stages.
For improved security, the servers that are responsible for storage in the eNlight Cloud are fully isolated from the public network; this reduces the threat of any attacks, because hackers won't be able to access the private network on which the storage servers are hosted. Furthermore, our employees are limited to viewing the metadata of your files only and will not have access to the contents of your eNlight account. bodHOST has also implemented regulated routing policies that specify the users who are allowed to access the cloud resources.
With in-flight Cloud, advanced Virtualization techniques are deployed so that different networks can be hosted on the same hardware. This allows resources to be partitioned effectively. The benefits of using network isolation include:
Layer switches powers the backend of our network, with every customer being hosted on a vLAN for improved security. This configuration allows us to protect customers from a range of network vulnerabilities such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MitM) attacks, IP spoofing, port scanning and packet sniffing.
eNlight Cloud provides security at all levels; these levels being the operating system of the host machine, the OS running on the VM and the firewall.The main network security features of eNlight Cloud can be summarized as follows:
IP and MAC address policies are utilized in the eNlight Cloud to guarantee that no IP thefts occur.IP addresses are bound to the MAC address of the VM that they have been assigned to.These policies are also implemented on our routers so that if the MAC address gets spoofed, no traffic will be forwarded to the unknown MAC.In addition to this, the eNlight interface doesn't accept traffic having an address of an internal IP range.Our host-based firewall infrastructure doesn't allow any VM to send traffic using any IP address other than its own.
Some of the protection mechanisms that have been implemented to mitigate the seriousness of potential threats include:
Our US data center is manned by a team of NOC (Network Operations Center) engineers 24x7 so that if any issues are identified, they can be rectified as they are discovered rather than being left to develop to a point where reliability could be impacted.
eNlight Cloud includes automated monitoring tools that deliverhigh levels of performance and reliability.eNlight's built-in monitoring tools are designed to monitor key operational metrics; in the event that any of the thresholds are crossed, the operations will be monitored and responded immediately by our support staff.Our support staff is provided with the access to all the necessary documentation that can be utilized to handle incidents efficiently.
eNlight can automatically scale VMs that are facing resource constraints.These changes are logged in real time and clients are able to monitor these additional resources on an hourly, daily, weekly, monthly or yearly basis.To minimize costs, resources are provided to clients in 90 second cycles only.
Before providing support, our support staff will verify the identity of the customer raising the support incident.The client's email address is utilized as the primary access parameter for eNlight Cloud.Access Control Lists mean that the staff only has access to the eNlight management tools that are required so that the damage can be limited in the event where an account becomes compromised.
Our data center is protected using seven separate layers of security and is covered by surveillance systems that are monitored 24x7.One of these security measures is ensuring that all hardware is located behind a firewall to mitigate the threat of potential attacks.These firewalls then store logs of all traffic activity so that they can be referred back in the event of an attack.ACLs (Access Control Lists) are in place at every stage to ensure that only those who are meant to have access to particular systems are granted with particular access.Access to the network, hardware nodes and storage facilities are handled separately.
eNlight Cloud itself has been developed using 3 layers of isolation, these are: