RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

DPC of CROC Volochayevskaya-2

Product

On March 13 on a cloud and DPC of CROC DDoS attack for the purpose of failure in service by contamination of communication channels was made. CROC suspects that the attack was intentional and conducts own investigation.

Developers: Croc
Last Release Date: December, 2011
Technology: DPC

Content

2020: The certificate of Uptime Institute on the third level of reliability

On June 4, 2020 it became known that the DPC Croc "Volochayevskaya-2" underwent certification of Design Documents (Project documentation) according to the Uptime Institute standard on the third level of reliability (Tier III). The received document confirms that the engineering systems of an object are designed according to high requirements to fault tolerance which show to platforms of a corporate class. For June, 2020 it is the second certified data center of CROC. The first — Compressor — has the expanded list of certifications Uptime Institute, including the certificate on competently built operation processes: Gold Certification of Operational Sustainability. Based on these DPCs the Cloud of CROC is unrolled.

Demand for services of commercial centers of data processing, first of all — cloud resources, grows annually for tens of percent. Clients use them in many business scenarios including as the main or reserve platform for critical services. Respectively, also requirements to DPC in which IT systems are placed increase. At the same time, according to analysts, the number of the data centers certified according to the international requirements for June 4, 2020 already exceeds a half from all number of commercial DPCs. In other words, the importance of assessment of objects according to international standards, such as requirements of Uptime Institute grows. This results from the fact that certificates of this organization are conventional around the world and cover practically all keyword parameters of functioning of DPC. The certificate of Uptime Institute at DPC provider is a guarantee of compliance of an object to requirements of high reliability and fault tolerance without additional checks.

File:Aquote1.png
Certification of DPC "Volochayevskaya-2" is carried out by us within review of strategy of filling of network of data centers of CROC and intended to attract clients for whom the confirmed characteristics of an object are important: parameters of non-failure operation of work, reservation of engineering components of infrastructure, possibility of service of DPC without stopping,

File:Aquote2.png

File:Aquote1.png
CROC is the company with long-term experience of construction and operation of DPC. We maintain long-term partnership with provider and we carry regularly out recertification of one of its objects — DPC Compressor. Recently we confirmed its status again — Gold Certification of Operational Sustainability. Such data centers in Russia for June, 2020 still only three. Considering experience and examination of CROC, certification of Design Documents of the second object of CROC went without problems and unexpected surprises,
noted Konstantin Korolyov, the Director of business development in Russia and the CIS Uptime Institute.
File:Aquote2.png


2018: Certification in accordance with GOST P ISO 9001-2015, ISO 9001:2015 and ISO/IEC 20000:2011

On July 24, 2018 the Croc company announced passing of recertification of the Management system by the data centers for IT services according to GOST P ISO standards 9001-2015, ISO 9001:2015 and ISO/IEC 20000:2011.

During audit compliance to standards of services of outsourcing of DPC, the cloud and managed services provided based on network of data centers Croc, including due service quality of corporate customers, processes of operation of engineering and computing systems, feedback according to service addresses was confirmed. Read more here.

2012

Attacks to DPC

On March 13, 2012 on a cloud and DPC of CROC DDoS attack for the purpose of failure in service by contamination of communication channels was made. It is said in the official statement of the company. As specified TAdviser in CROC, the attack began yesterday, on March 13, approximately at 14 o'clock, and came to the end at 20 o'clock. However, customers experienced total loss of communication only the first 30 minutes. Further, the working capacity was partially recovered.

The automatic network of tens of thousands of bots performed the distributed attack within several hours. Specialists of CROC managed to solve the difficulties caused by attack: communication with IT services was reestablished, harmful traffic is cut. Data protection and the systems of customers sustained the attack, violations of integrity of data or unauthorized access to them did not happen, declares the system integrator. CROC notes that for them it is the first precedent such.

Ruslan Zayedinov, the head of DPC of CROC, noted that some time access rate of some customers to IT services was slowed down, but those who use allocate circuits did not test negative effects of this DDoS attack. "We used the best efforts to ensure smooth operation of a cloud and DPC as among our customers there are public and financial institutions where the non-failure operation of systems is extremely necessary", - he added.

Mikhail Bashlykov, the head of information security of CROC, said: certain factors say that attack on IT systems of CROC had the planned character therefore the company intends to initiate investigation.

As for specific suspects, CROC does not call them so far. "We are not inclined to state suspicions. Now our legal department collects information for case referral to Management "K". It is sure that investigation of an incident will allow to identify malefactors", - Ruslan Zayedinov told TAdviser.

He also specified that the most part of customers of outsourcing data center of CROC financial institutions, are also telecommunication companies, retail, the organizations from services industries. "Not CROC, and our customer – the organization from the medical industry was the attack purpose absolutely precisely", - Zayedinov concluded.

As commented on TAdviser Andrey Stepanenko, the director of business development of Informzashita company, judging by attack duration, it "was obviously not the accidental phenomenon". "Other question that it is difficult to judge whether someone ordered it, or it was the initiative of hacker communities", - the expert explained.

According to him to stop simple DDoS an attack on overflow of the channel on an input in DPC it is impracticable. "Any most protected DPC is not insured from similar cases. For ensuring protection against such threats it is desirable to place the systems of protection against DDoS with providers or to use cloud services of protection against DDoS that to DPC there was already "cleaned" traffic", - he concluded.

Vyacheslav Medvedev, the analyst of Dr.Web, also confirmed to TAdviser that there is no system protecting from DDoS attacks with a 100% guarantee yet. "Any company transferring the resources to clouds should understand that it thereby does possible attacks on the infrastructure – at least communication channels with external resources are outside the company now", - he noted.

The expert also considers that the problem is worsened by requirements of the legislation. In particular, according to the Federal Law "About Personal Data" of the company should use secure channels of communication that even more raises a bar of requirements to capacity of these channels. "Yes, the DPC can conform to requirements of TIA EIA 942 and have the security level of TIER II or TIER III, but compliance to these requirements means only security of data in the DPC", - Vyacheslav told.

It is impossible to provide the guaranteed availability of the DPC – the attack can be made not only on DPC, but also on providers and separate servers via which anyway traffic also goes between the client and provider of services, the expert of Dr.Web explained.

As for intention of hackers, in Dr.Web TAdviser told that the attack can be carried out at the same time both on DPC, and on his clients – their resources which are not placed in DPC. DDoS attack can be combined with attempt of interception and substitution of traffic, attempts of cracking of resources. So DDoS attack should distract attention of administrators of the victim from the based purpose of malefactors only. Discrimination of both the DPC, and the specific client, for example for failure of specific projects or contracts can be the attack purpose at the same time. The attack can be dated on time for the procedure of demonstration of the project by the client or possibilities of DPC to the client. Also banal revenge of the hacker can be the possible cause of the attack.

Characteristics of DPC

(data for 2012)

  • The area of the machine hall — 700 sq.m.
  • The premises are expected 110 racks.
  • Average electric power of one rack — 10 kw.
  • Total power of power supply of DPC — 2 MW.

Regular power supply of data center is provided by the dynamic diesel uninterruptible power supply units of production HITEC Power Protection combining in themselves the UPS and DGU.

Conditioning is organized using technology free okhlazh-a deniye in cold season: cooling of warm air happens at the expense of a difference of temperatures between the premises and the street. in data center are set inside - line conditioners (fenkoil) of production of ARS by Schneider Electric with the electronic switched fans, and warm and cold air flows are separated that increases energy efficiency of a conditioning system.

Pass to perimeter of DPC is equipped with readers of proksimi-cards, and in pomeshche-ny the machine hall — in addition biometric readers HandKey II which cornerstone the hand geometry sensing technology is.

Fire safety of DPC is ensured by automatic installation of gas fire extinguishing.

2011

The Diesel Dynamic Uninterruptible Power Supply Unit (DDUPSU) in DPC of CROC Volochayevskaya-2

In December, 2011 the CROC company of the first in Russia began to use the diesel dynamic uninterruptible power supply unit (DDUPSU). The equipment of production Hitec Power Protection is at the moment installed in outsourcing Data center of CROC "Volochayevskaya-2" and provides the continuity of operation of the computing equipment and also increases energy efficiency of data center. The maximum efficiency of a system with DDUPSU is higher than the efficiency of the systems having static UPSes in structure for 6-7%.

Operators and service staff of CROC passed the training program to technical support of the equipment of Hitec Power Protection and can control work of installations and service them. In data center four installations of diesel dynamic UPSes, each 1,000 kVA are set. They provide uninterrupted operation of power supply of all types of consumers, both the IT equipment, and the ancillary equipment installed in data center. At the same time it is not required as earlier to separate types of consumers, for example, IT and the climatic systems. Use of the diesel dynamic UPS allows to fulfill the requirements as on uninterrupted operation of power supply at the time of shutdown of an external power supply or in case of long shutdown of power supply, and "conditioning" of the electric power, providing giving of "net" power supply to consumers. The energy efficiency of power supply when using DDUPSU of Hitec Power Protection is reached at the expense of higher efficiency in comparison with statistical UPSes.

The cost of ownership of a system is much lower, than at statistical UPSes thanks to simpler infrastructure and insignificant housekeeping overheads of the equipment and supplies. Service life of the Hitec Power Protection UPS — more than 25 years.

"For CROC power saving is priority activity in the field of power supply. Contrastive analysis of energy consumption of data center "Volochayevskaya-2" with the similar platform with static UPSes showed that higher efficiency will allow to save about 100,000 dollars a year on everyone the saved 100 kW. It will give the chance to reduce rates for service for our customers. Besides, bezakkumulyatorny UPSes do not do harm to the environment. We exclude a cycle of production and utilization about 40 tons of rechargeable batteries for the entire period of operation" — Alexander Shirokov, the director of the department of intellectual buildings of CROC company comments.
"Reliability of the Hitec Power Protection UPS is provided first of all with simple and compact construction and also total control of automatic equipment of operation of all UPS units. Each UPS installed in data center of CROC is connected by a monitoring system to the round-the-clock technical support service of Hitec. At a situation exit from under control our employees are instantly connected to a monitoring system and quickly help to solve a problem. Besides, Hitec provides both procedural, and corrective maintenance, maintenance inspection and an overhaul" — Rene Latsina, the international sales manager of HitecPowerProtection company comments.

The diesel dynamic uninterruptible power supply unit has the high level of self-diagnostics of a system, allowing to trace and warn timely malfunctions. The equipment of all system occupies 40-50% less than the spaces. Work of DDUPSU does not require the expensive climatic installation necessary for the static UPS.

Demo access

In May, 2011 the CROC company decided to provide a free demo access to the "cloud" platform. Today more than 50 companies showed interest in the offer, and the most active representatives of the Russian and foreign banks, industrial enterprises of insurance and construction companies already managed to estimate efficiency of Cloud of CROC for the business. [according to iBusiness http://www.ibusiness.ru/17669]

"In the market misunderstanding of what is cloud computing and as to put them into practice reigns, - Ruslan Zayedinov, the deputy CEO, the head of data processing centers of CROC company tells. - We decided to pass from words to case and gave to our customers the chance to independently reveal advantages of cloud computing. Absolutely free of charge they can master the main working methods with an IaaS-cloud, unroll in it branched infrastructure of information systems and even to test a cloud as reserve data center".

"The TNS company shows active interest in use of new technologies for the solution of the tasks. The Russian IT specialists of office TNS as a result of the held testing fully estimated the potential of cloud computing in relation to business of our company and options of use of technology for effective solution of tasks. Therefore we considered the idea of CROC useful and with interest seized this opportunity", - Leonid Scherbakov, the head of department of system providing TNS Russia commented on Media Research.

"Now we carry out the work perspective assessment in "cloud" if the technology really helps to save considerably our resources and at the same time safety of information will be ensured, we, of course, will consider it as one of the main directions", - Nikolay Protopopov, the head of department of system technologies, Inteza Bank Ltd said.

The compatibility of "cloud" of CROC under EC2 and S3 protocols with cloud services of Amazon allows not to be afraid of a binding to one provider. And the arrangement of "cloud" in own data center of CROC provides access to all range of integration company services and the high level of data security.