General Overview

The Ascent Data Technology Center is located in the RIDC Park, O'Hara Township, approximately twelve miles northeast of downtown Pittsburgh.

Operation
The Technology Center is a 24 x 7 secure Data Center facility requiring key pad access through all exterior doors. Authorized employees can access the control panel with a code in order to gain entrance to the facility. Access times may be adjusted at the company's discretion. The list of personnel allowed access is limited and approved by senior management of Ascent Data.

Environmental and Network Redundancy
The Technology Center is a state-of-the-art hosting facility, with the following characteristics:

  • All major systems have redundant components and are all covered by extended warranty agreements.
  • Redundant Uninterruptible Power Supply (UPS)
  • Two diesel powered generator
  • Weekly tests of all power components
  • Redundant HVAC systems – monitors consistent humidity and temperature
  • A network built with a high performance switched architecture to provide reliable Internet access
  • Multiple network providers with fiber extended into the facility - 35Mbps burstable to 245MB bps
  • High Availability - Fail over CISCO powered firewall infrastructure
  • BGP (Border Gateway Protocol) – allows multiple paths into network
  • HSRP (Hot Standby Router Protocol) – allows multiple paths going out of network

Scalability and Security
Ascent Data can handle small or large hosting requirements in a secure and scalable facility, providing:

  • Scalable bandwidth to meet constant traffic or peak business times
  • Secured scalable facilities
  • 20,000 square foot technology center
  • Shared cabinet, dedicated, or multiple racks
  • Senior technicians on site

Virus Protection
With the increasing frequency of rapidly spreading, destructive viruses, the need for enterprise-wide virus protection has become a core business requirement. Complete virus protection is a requirement for ensuring system uptime and user productivity. Ascent Data has taken the following steps:

  • Environment protected by commercial anti-virus software
  • Virus definitions are checked for updates daily
  • Subscribes to a daily virus alert system
  • All systems scanned for viruses on a weekly basis
  • All systems are protected by a Real time scan engine
  • IDS Intrusion Detection System

Service Level Agreement (SLA)
Beginning with a standard Service Level Agreement (SLA), Ascent Data and the client develop an SLA specific to the needs of the system or application. The SLA typically includes the following components:

  • Ascent Data monitors and measures a number of components that play a role in the application's performance, including the network, the web server, firewall, application and database servers
  • Mutually agreed upon service thresholds will be established between Ascent Data and client
  • Variable or customizable levels of service available
  • Quality and performance levels explicitly stated in SLA

Subscription Agreement
Just as in the SLA, the Subscription Agreement is mutually developed by Ascent Data and the client to reflect the functional and technical requirements of the hosting engagement, including the following standards:

  • Availability of application: Ascent Data monitors the application for failures to comply with the application availability included in the service level agreement
  • Response time: Ascent Data notifies the client of the occurrence of downtime or a performance problem
  • Bandwidth: The client will be notified of any bandwidth problems
  • Support: Ascent Data provides telephone support during application operation hours

Security
Ascent Data has developed a security model for hosting clients as represented in the figure below.

Physical Security

  • State -of-the-art fire protection system
  • Computer room protected by a gas-based HALON system
  • Local fire department notified via direct connection
  • Security/fire alarms automatically forwarded to a monitoring company that notifies Police and Fire personnel via 911 network
  • Technology Center and computer room access is controlled by a scrambled keypad employee ID security system. Access is recorded on security server in the computer room. Any person who does not have a security access number for the computer room is to be signed in and escorted by an authorized person. No unauthorized visitor to the computer area is to be left unattended. Only approved employees have the appropriate security clearance to access the computer room unattended. Each employee is responsible for escorting visitors to the reception area at the end of the visit to sign out
  • Video surveillance cameras are located throughout the technology center. These cameras are tied to a monitoring station located at the Network Operations Center (NOC). Recorded video is maintained for 90 days. (Audit Trail)
  • All doors alarmed and utilize scrambled key code pads
  • Access to the Computer Room is closely monitored and all entrance and exit points are under continuous surveillance via video monitors
  • Copies of keys for all doors, stairwells, meeting rooms, offices, desks, cubicles, closets, and equipment are maintained in a locked key cabinet

System Security

  • System administrators monitor release notes to determine if service packs, releases, or patches are available to fix bugs or security holes in the operating systems. Such upgrades are prioritized for installation
  • All staff are subjected to a comprehensive pre-employment background investigation program, a review of employment and personal references, education verification and professional license search (if applicable), motor vehicle search, and criminal conviction search
  • All reports are in compliance with the Fair Credit Reporting Act (FCRA), labor laws and regulations
  • Ascent Data staff subscribe to the SANS and CERT security alert newsletters and monitor Internet security notifications

Network Security

  • Firewall protection – The connection between client and Ascent Data includes firewall protection and secure solutions designed to meet the needs of the client. Ascent Data has established network tools to monitor and maintain system security
  • Virtual Private Networks (VPNs) use advanced encryption and tunneling to establish secure, end-to-end, private network connections over the Internet. Ascent Data offers a range of VPN products, from VPN-optimized routers and firewalls to dedicated VPN concentrators, to create VPN solutions that meet the requirements of any organization
  • SSL (Secure Socket Layering) is used for Web-based applications
  • SSH – a file transfer that encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Closes several security holes associated with ftp.
  • Commercially available and Ascent Data developed tools are used to for accurate monitoring of each system
  • No dial-up modems are configured in the Technology Center. Secure access via SSH and VPN is permitted only on approved systems
  • Monitors include, but not limited to:
    • Network monitoring
    • Database- allows verification that a query can be processed by the database
    • URL- verifies availability and access time for specified URL
    • Ping- verifies the specified hosts are available via the network to ensure continuous availability
    • DNS- verifies that the DNS server is accepting requests and that the address for a specific domain name can be found
    • Port- determines whether a service on a port can be connected to
    • CPU- reports the percentage of CPU in use
    • Disk space- reports the percentage of disk space in use
    • Service- verifies that specified processes are running

Client Security

  • Clients access Web enabled applications through SSL connections
  • Additional security options include client VPN connections