Server Specifications

  • IU rack-mounted Dell Poweredge server
  • Intel Pentium 4 (2.6ghz) processor
  • 2 gigabytes ECC SDRAM
  • Two mirrored hard disks
  • Running Debian Linux Sarge (currently w/ Apache 1.3x, PHP 4.x and MySQL 4.1.x).

Backups

  • Second hard disk in server allows redundant copy to run server and has all files.
  • Website data automatically backed up offsite daily from Auckland to Wellington;
  • Each day stored on the SilverStripe fileserver in our office for past month.
  • Thereafter each month a snapshot is stored permanently on DVD.

Data center

  • The server is housed in one of Auckland’s top datacenters, run by the power company Vector. Because it is in a different city to our office, we have used an Auckland third party called Nucleus (www.nucleus.co.nz) to provide support when needed over the past 3-4 years.

Datacenter power supply

  • UPS (battery power) kicks in immediately and runs for at least thirty minutes.
  • 2x Diesel generator powers entire network within ten minutes of a power outage.

Data center access

  • Managed access (you can only enter with a datacenter staff member)
  • 2 levels of electronic card access; security company patrols area 24x7.
  • Secure air-conditioned concrete building with no external windows.
  • Monitored alarm systems including smoke detection.
  • Presence of network administrator less than 15 minutes away.

Internet connection

  • Redundant gigabit circuits into the building, which form part of integral circuits in the Telco backbones.
  • 100mbit internet connection Main international internet connection (Southern cross cable) goes into the building next door and has link into center.

How is Oriwave secured?

Before you can commit to putting all of your HR documents on a remote server, you need to be assured that it will be secured. "Secured" means three things:
  • Your employees can only see the information that they are authorized to see.
  • Malicious 3rd parties aren't able to access any of the information.
  • "Man in the middle" attacks are impossible.

Your employees can only see the information that they are authorized to see

Every piece of data - either particular field of staff information or a page of content in the intranet - is given specific security privileges that are checked when it is accessed. This means that software bugs will not compromise security, and neither will unusual patterns of user actions. For example, as soon as a manager logs off on their computer, another staff member will not be able to use that computer to see the confidential data. Or if a software bug mistakenly tries to list all member data instead of just an manger's direct reports, the security layer will prevent this from happening.

Malicious 3rd parties aren't able to access any of the information

This same security layer protects against 3rd parties trying to access data. There are no "back doors" for them to get through because data security is checked every step of the way.

"Man in the middle" attacks are impossible

Data on the internet is like a postcard - there's no security by default, so anyone at the ISPs could see the data. Although it rarely happens, in principle a malicious network administrator at an ISP could gain access to data send across their network. SSL security protects against this encrypting the data so that only the sender and the recipient can access it. Oriwave.com uses 128 bit SSL security - the same used by online banking - to protect the communication channel.