Servers & Infrastructure
Secure backend servers and infrastructure enables IT Services to provide a high standard of available resources to our department.
The ERG data centre houses the data collection servers and other IT systems in two access-controlled, air conditioned rooms. Continuity and quality of power supply is provided by battery backed UPS units for short-term power glitches, and a building-wide emergency power generator which comes into operation if a power cut lasts longer than about two minutes. This generator can operate indefinitely, until external power is restored.
As we gradually upgrade and replace older servers, we are moving over to a virtualized environment based on Microsoft Hyper-V. This gives us two advantages over the traditional arrangement of one server per box. One is the consolidation of many servers into fewer physical computers. The other is that servers can be moved between physical units. In particular this allows service to be restored quickly in the event of hardware failure, by moving virtual servers from the failed unit to another.
Most of our servers and all of our data are kept in a secure zone of the network, protected by a hardware firewall. This means they are inaccessible from the outside world, except via our Virtual Private Network (VPN), which provides a password-protected, encrypted, private communication channel for ERG staff working outside the office.
The information we make publicly available via our websites is not read directly from the secure zone, which would create a security weakness. Instead, it is copied to the demilitarized zone (DMZ) of the network, where limited external access is permitted. This means that if a malicious attack from the internet did damage our data, it would only be the DMZ copy that was damaged.
Servers, notably our webservers, within the DMZ are hardened to improve their security, and websites are designed to provide multiple levels of protection. IT also ensure a minimum downtime for the web servers by routinely running maintenance tasks and Internet Security tests.