Our dual data centre facilities offer tier-1 standards required to support the highest level of security and uptime for your critical application hosting.

Access Control and Physical Security

• 24x7x365 security control
• Intrusion detection alarms
• Visual capture provision for CCTV 
• Card access control systems
• Watchmen tour system

Environmental Controls 

• Redundant cooling systems
• Air conditioning units to regulate and control temperature and humidity levels
• Water leakage alarm system
• FM200 alarm and discharge monitor

Power 

• Redundant (N+1) uninterruptable power supplies
• Redundant power distribution units
• Redundant (N+1) diesel generators
• Isolation transformer

Fire Detection and Suppression

• FM200 Fire Suppression System
• Fire hydrant and hose reel (FH/HR) to Hong Kong Fire Services Department (HKFSD) requirement
• Very early smoke detection apparatus (VESDA)

Connectivity

• Multiple Gigabyte Ethernet connectivity from Tier-1 bandwidth provide

Servers

• Fully-clustered servers for maximum resilience
• Network load balancing to deliver high performance and failover protection

Storage

• Mirrored storage with geographical redundancy

Upgrades

• Upgrades and patches performed on passive cluster nodes to minimise service disruption

Backup

• Instant snap shot technology with offsite replication work
• On-demand archival and continuity services available for high availability disaster recovery

System Monitoring

• 24x365 automated hardware, network and software monitoring with issue notification      

Reliability

• No physical connection to the Internet minimising hacker accessibility to perimeter network

Security

• Multiple scan engines to help protect messaging environment from spam, viruses and worms

View the full architecture diagram

Perimeter Zone The perimeter zone is the area where Azurance hosting infrastructure interfaces with the public internet and other dedicated private connections to our clients.  This zone features border gateway routers and, inter-data centre fibre connected, Layer 2 switches, together with load-balanced Forefront Threat Management Gateways, the highly secure application proxy, firewall, and load balancer.  No servers reside in this zone.

Edge Zone Azurance has five (5) edge zones per data centre.  This zone contains all servers that cannot operate behind an ‘application proxy’ and which require true public internet IP addresses.  The servers in this zone do not contain any user identifiable data and are not members of the Hosting Active Directory Domain.  Compromising a server in this zone would not provide an attacker with access to any other zone and would not provide access to any useful data.

Proxy Zone Azurance has one (1) proxy zone which extends to all data centres through a Layer 2 dark fibre mesh network.  The Proxy Zone consists of ‘Application Servers’, primarily web servers, which do not store any customer data.  These servers have private IP addresses and do not have default routes to the internet nor access to internet DNS, therefore, these servers have no outbound internet connectivity.  Only inbound internet traffic, that is specifically proxied by the Forefront Threat Management gateways, can reach servers in this zone.

Inner Boundary Area The inter-boundary area is a zone that contains a second set of Forefront Threat Management Gateways that inspect traffic which must pass between the data centre zones and the zones further forward.  This unique configuration gives Azurance the assurance that only authorised requests for user data reach the servers in the data centre zones.  Filtering is done to ensure that user requests from proxy zone servers only forward to servers which contain data for that user.  A compromised user account, therefore, cannot be used to scan for data throughout the data centre zone, as firewall forwarding between zones is tightly controlled and monitored.

Data Centre Zone The data centre zone contains all servers which are involved in the process of storing and retrieving user data.  This, and the Forefront data centre zone, are the most tightly guarded zones in the environment.  Unlike most enterprise environments, servers in this zone have absolutely no internet connectivity.  Requests for data in this zone may only come from servers in the proxy zone and only after careful inspection at the Inter Boundary firewalls.

ForeFront Data Centre Zone The Forefront data centre zone is similar to the data centre zone, except that e-mail servers in this zone are protected by Microsoft Forefront Server Security for Exchange Server.  All servers in the Azurance environment run Forefront Client Security to secure the Operating System, but only servers in the Forefront data centre zone scan e-mail content with Forefront.  This is done to provide customers with the power of choice in e-mail antivirus solutions.  Customers who do not wish to have their e-mail scanned for viruses, by Azurance, either because they subscribe to an external e-mail filtering service, or because they have their own on-premise A/V solution, may choose not to subscribe to Forefront by making use of Exchange Mailbox Servers in the data centre zone.