Security and Performance You Can Trust

Performance

Our cloud is engineered for processing speed at all three layers of its infrastructure: the virtualization layer, the computing layer and the storage layer.

Virtualization layer. Many providers design their clouds for density, which means they oversubscribe virtualized resources to reduce their own costs and maximize profit. Our cloud is designed for performance, which is why we reserve resources like physical memory within our VMware ESX clusters. This guarantees that application requests aren’t slowed down by resource crunches.

Computing layer. The heart and soul of our server infrastructure is a blazing mix of Dell PowerEdge R/M Series servers. These rack-mounted servers are standardized with Intel X5650 processors, 96–256 GB of RAM at 1333Mhz and dual fiber for storage access. They also have dedicated backup networks that help ensure our data security measures never cause bottlenecks in active usage.

Storage layer. For storage, our cloud also prioritizes performance over cost. We use RAID10 for our boot volumes, transaction logs, and SQL Databases, and 4+1 RAID5 sets for our databases. We also use 10k drives in our enterprise-class EMC and Hitachi storage arrays. (Though Microsoft recommends cheaper SATA storage, our engineers determined that 10k drives were the best for maximizing storage performance and reducing latency to and from the disks.)

Architecture

In our four quadrant architecture, each quadrant is built on its own dedicated hardware and its own VMware cluster. This design ensures that any infrastructure failures are isolated to a specific quadrant of the cloud to guarantee service availability. Each quadrant is configured slightly differently. And as you’ll read, that configuration is very deliberate. Supporting each quadrant are Cisco ACE load balancers, Cisco firewall service modules, Cisco Nexus 10G switches, Dell PowerEdge R/M Series Servers, and EMC and Hitachi 10k Storage. Each quadrant is backed up daily using Symantec Netbackup. To ensure highest possible hardware availability, each front-end quadrant leverages VMware vMotion capabilities across cluster nodes within each quadrant. The back end quadrants use database replication for redundancy.

Security

Each of our datacenters has been chosen to meet the highest availability criteria. Each one is SSAE16 Type II compliant. Each one has verified levels of physical security. Each one also possesses redundant electrical and cooling infrastructure, including diesel generators for backup power, to protect against all imaginable problems. And finally, our entire cloud infrastructure is deployed with redundant power supply units in the unlikely event of a power feed failure.

Internet providers
The final element of our high availability comprises the providers that connect our datacenters to the Internet. We’ve chosen multiple Tier 1 Internet providers for this purpose, including Sprint, Level 3 and Verizon. Taken together, these providers guarantee availability and give us capabilities to route traffic around any provider backbone issues that may arise. Our goal is simple: your data and tools are always available.

Backups and Replication
Your data is also well-protected. Our design protects against data corruption and possible data loss due to hardware failure. We leverage Microsoft Database Availability groups with real-time replication between quadrants. Our infrastructure is designed to replicate data multiple times within one datacenter as well as on remote backup. Beyond that, we adhere to proven security and compliance
practices and implement a strict privacy policy.

Skybox Custom Cloud Security

Skybox Custom Cloud utilizes Citrix to provide one of the most secure cloud environments available. Skybox Custom Cloud is so secure because applications are isolated from the operating system. This means data that is in the cloud, stays in the cloud, no portion of your information ever resides in a web browser which is running on your computer and therefore would be vulnerable to hackers and viruses. Skybox Custom Cloud is run through a secure-by-design, encrypted, single-point access gateway.

Backups and Replication
During the backup process, all files are first secured with a personal 256-bit AES or 448-bit Blowfish encryption key and then transferred to an offsite data center, via a secure SSL connection, which negotiates the highest grade encryption available based on the default settings for OpenSSL. Offsite servers are located in carefully chosen Tier 4 data centers protected by gated perimeter access, 24/7/365 onsite staffed security and technicians, electronic card key access, and strategically placed security cameras inside and outside the building.

In addition to running regular backups, data is replicated in real time from one set of premium hardware to another within our data center. This protects the critical information your business keeps within Skybox Custom Cloud, even in the event of hardware failure or database corruption. It also enables rapid restoration of the full functionality of the environment should an issue occur.

Physical Security
Skybox equipment is housed in SSAE 16, SOC 1 Type II compliant Data Centers. The datacenters are all US based and are built to a 2N standard, meaning there are no single points of failure that could impact the main production infrastructure or its failover. As a result, you have a much higher level of reliability.

Skybox’s colocation facilities feature a state-of-the-art Network Operations Center, advanced security and monitoring systems, sophisticated fire suppression systems and redundant utility transformers, generators, Automatic Transfer Switches (ATS’s), main switch panels, UPS’s and PDU’s-all backed up by industry leading SLA’s.
Staffing

  • 24 x 7 onsite coverage
  • Escorted on-premises customer access
  • 9-to-5 third-party security coverage

Power

  • Minimum of N+1 UPS redundancy
  • Supports a minimum of 2.5 kW/cab or ~100w/sq. ft.
  • Concurrently maintainable

Cooling

  • Minimum of N+1 cooling redundancy

Space

  • Minimum of 150 customer cabinets
  • Compliant with SSAE 16 SOC 1 Type II regulations

 

Encryption and Virus Protection

We rely on advanced, industry-recognized security safeguards to keep all of your financial data private and protected. Skybox uses DigiCert®, a leading secure sockets layer (SSL) Certificate Authority. With password-protected login, firewall protected servers, and the same encryption technology (128 bit SSL) used by the world’s top banking institutions, we have the security elements in place to give you peace of mind.
Within Skybox’s multiple redundant, enterprise-class Citrix Environments, state-of-the-art anti-virus and firewall systems prevent unwarranted intrusions and ensure only authorized users access your environment. This is a purpose-built security system that integrates applications, databases, firewalls, and traffic management. The system monitors for unusual traffic patterns and alerts system administrators of any suspicious behavior to help prevent network attacks against vulnerable services, data driven attacks on applications, host-based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (e.g. viruses, Trojan horses, and worms).

Scheduled Maintenance

In order to maintain performance and security of the Services, Skybox performs scheduled maintenance within its published maintenance windows of 3AM to 5:30AM EST. This may require specific Services to be suspended during the maintenance period. Loss of Service Availability due to scheduled maintenance will not be included in the calculation of Service Availability.

Access to Customer Data

Skybox staff does not access or interact with customer data or applications as part of normal operations. There may be cases where Skybox is requested to interact with customer data or applications at the request of the customer for support purposes or where required by law. Customer data is access controlled and all access by Skybox staff is accompanied by customer approval or government mandate, reason for access, actions taken by staff, and support start and end time.

We care about security as much as you do. And we do it well.