Protected IT infrastructure

Description of a secure IT infrastructure. Part 1.

Server infrastructure

The server infrastructure is represented by three main parts: a firewall server, a main server, and a backup server.

Cybersecurity server (the firewall  server) performs filtering of the processed traffic according to pre-configured rules. Its features include:

• providing secure connection (through VPN or Proxy) from personal devices;
• users and resources authentication on the system;
• Deep Packet Inspection;
• restricting unauthorized access (Intrusion Detection System);
• forwarding traffic to a guest system when special guest credentials are used.

The main server is running all your software and services. This is where you store and manage your data.

The backup server creates copies of your data in the cloud storage. These copies can be used to restore data where it used to be or at a new location, in case of damage.

The server is responsible for:

• overall system resiliency;
• data recovery in case of the main server’s emergency shutdown;
• fast recovery and uninterrupted system operations.

Description of a secure IT infrastructure. Part 2.

Computer ——>> Firewall Server connection

In order to transfer data to the Firewall Server, the system uses a VPN (Virtual Private Network) method, which can establish one or multiple connections over another network.

The Firewall Server allows for:

• highly encrypted data transfer (AES256-GCM-SHA384);
• online anonymity;
• network traffic analysis and filtering;
• data protection in transmission between two endpoints.

To establish a PC — Firewall Server connection users must authenticate with a Token.

Smartphone ——>> Cybersecurity Server connection

In order to ensure data security a TLS protocol is used providing:

• asymmetric encryption for authentication;
• symmetric encryption for data confidentiality;
• message authentication codes (MAC) for data integrity.

Cybersecurity server — Main server — Backup server

All servers are interconnected with a VPN network. A reverse proxy technology is used to hide both the Main and Backup server’s IP addresses.

A Token is a compact device (a USB dongle) designed to ensure its owner’s security on the network.

The token is used for authentication purposes, as well as remote data access encryption.

Description of a secure IT infrastructure. Part 3.

Enterprise communication servers

All email and web servers, remote desktop, VoIP (voice-over-IP), cloud storages, and other enterprise applications are virtualized and hosted on the cloud server.

A cloud server is a technology for hosting and providing secure access to software and data over encrypted channels. Whatever stored in a cloud can be used by multiple PCs simultaneously

People may still confuse a ‘cloud server’ and a ‘cloud storage’. A cloud storage only hosts data, while a cloud server is capable of hosting operating systems, software and data. The virtual (cloud) server is the entity processing the data, leaving only the role of an endpoint terminal to the PC.

The main and backup servers collaborate with the virtual servers using a hypervisor.

IaaS is the optimal solution for businesses

In building and maintaining your IT infrastructure you can rely on your own skills, a full-time or outsourced IT engineer, or by obtaining an IaaS service from a dedicated provider.

IaaS (Infrastructure as a Service) is a service of renting out IT infrastructure to clients by its owner. This allows the customers to free up their IT capacity. All enterprise servers and networks are hosted by the provider. You still have the same IT resources but those are maintained by a 3d party.

Benefits of virtualization

Automated servers management along with their consolidation within a virtual framework reduces operating costs and minimizes risks and losses related to downtime and system vulnerabilities.

Main advantages of a virtual server:

• remote location — the cloud servers are located outside the customer office sometimes even in another country;
• high client data protection level — even IaaS provider’s employees cannot access it;
• downtime elimination by instant switching to an alternative hardware server;
• configuration change within minutes on demand without services interruption;
• remote server management and monitoring;
• operational expenses reduction related to building, upgrades, maintenance, repair, and protection of the server infrastructure. This is all covered by the subscription fee.

You can migrate to a cloud in two ways: by building your own cloud infrastructure or subscribing to an IaaS service from a provider.

Building your own cloud infrastructure

What about establishing your own data center where you can virtualize your services, the solution has a number of issues:

• limited ability to handle unexpected problems demanding extended human resources
• capacity upgrade complications;
• the inevitable requirement to create an additional system for redundant hosting, data backup and emergency recovery;
• significant expenses, including those on hardware, virtualization, data and network security.

IaaS virtual server subscription

Moving your enterprise infrastructure to a 3d party cloud under an IaaS contract solves all the above problems. You can forget about all complications and have:

• Zero-NPT (non-productive time) for your business. IaaS provides uninterrupted operation for all your services running on virtual servers. Neither maintenance or upgrades require any downtime.
• The highest grade of data protection. The IaaS provider not only establishes a high level of hardware location security, but also mitigates DDoS attacks, encrypts your data, sets up gateways for your secure and encrypted access etc.
• Instant reaction to your business demands. While service level and capacity requirements keep changing for your company, IaaS allows to allocate resources within minutes and deploy applications in no time.
• Pre-deployment testing of all applications. This allows to identify current and potential issues with the infrastructure before moving it to production and thus avoid unplanned expenses in the future.

By building your own data center to cater only for the requirements of your company you are investing a significant amount of resources that will never return in a mediocre-quality IT infrastructure. A better solution would be to outsource this function to a company specializing in IT, which, in the end, is beneficial for both.

Today IaaS is capable of:

• virtually unlimited flexibility for the IT infrastructure;
• completing your business tasks using provider’s resources;
• optimizing the cost of having an IT department on your headcount;
• reducing the expenses on your IT infrastructure;
• minimizing risks of unauthorized 3d party access to corporate data in the event of your infrastructure being hacked or computers withdrawn;
• enabling data recovery in case of system failure, accidental deletion or damage by malware.

How Monolith Plus helps your organization

On the ground of a powerful and isolated hardware and software complex we are capable of deploying a secure cloud IT infrastructure of any level of complexity.

Our capacities allow you to host your own cloud storage, a remote desktop service, voice services, a mail server, messengers, and other applications your business may need.

Due to a resilient servers infrastructure and automatic software protection system we can ensure your data security and confidentiality 24/7.

Monolith Plus protects your data from all kinds of threats:

• it has an optimized chain of processes to prevent data theft, both internally and by 3d parties;
• it hides your location, contacts, personal devices, and authentication data;
• it denies access to your traffic, both inbound and outbound, your messages and their contents, voice mail etc.;
• it detects and restricts malware;
• it prevents unauthorized data access by using the plausible denial strategy.

The transition to IaaS is your opportunity to establish a secure, reliable and flexible cloud infrastructure.