Website Availability Security
As internet technology has evolved, advanced methods for enhancing website availability and security have become available. Unfortunately, these enhancements are generally only affordable to large enterprises because costs typically exceed $10,000 per month in hardware and IT personnel. Through our proprietary website deployment technology and by utilizing Amazon Web Services (the same core technology that powers Pinterest, Quora, Amazon.com, FourSquare, parts of Netflix, and many more), we are able to provide enterprise-level availability and security to small and medium-sized organizations.
There are 3 primary concerns when planning for high availability:
- No Single Point of Failure
There are several potential points of failure in an enterprise-level
- Load Balancer - Typically (even in enterprise-level solutions), a single load balancer is used in a single physical data center to distribute incoming website traffic across multiple web servers. We use Amazon Web Services elastic load balancing technology that spreads the load balancing through data centers around the world. This is the same technology that powers Amazon.com. If physical load balancers go down, or even if an entire data center goes down, our load balancing layer is not affected.
- Servers - Our load balancers send traffic to any one in a list of web servers. All of our Amazon servers have up to 7 GB of memory, 1.7 TB of disk space, and 8 virtual cores. Each web server is automatically monitored to ensure it is performing at a high level. If any web server begins to be unresponsive, it is automatically removed from the list of available servers until it is performing again at expected levels.
- Databases - Our Amazon databases run on servers with up to 68 GB of memory and 8 virtual cores. The web servers connect to the master databases. If a master database becomes unavailable, the web servers automatically switch to our mirrored failover databases.
- Physical Data Centers - Most website architectures for small, medium, and even large organizations are vulnerable if the data center that houses their website servers goes down. Our servers are split across multiple physical locations enabling us to keep our sites up and running even if an entire facility goes off line for a period of time.
- Ability to Handle Large Spikes in Traffic
We run multiple web servers in multiple physical locations. They are set to run at less than half their actual capacity. As a result, we are able to handle millions of unexpected visitors without any prior warning or advance preparation.
- Fast Disaster Recovery
Despite our best efforts, we cannot guarantee that there will never be an emergency situation that requires a fast recovery from us. We run continuous backups of our system that allow us to restore to a precise point in time (down to the second) for up to 8 days after an emergency event. Beyond that, we preserve daily backups for 3 months and weekly backups for years. Should it ever be needed, we are able to launch completely new servers and databases and restore everything including up to the minute changes in approximately 2 hours.
No website in the world is 100% guaranteed to be secure. However, there are a number of things that can be done minimize the security risks. Here is a summary of some of the security measures we have utilized:
“Obscure” is not “secure”. However, it makes it much harder for someone to attempt to do harm to your website. We do not publish addresses for our web servers or our database servers. The only easily-accessible information about our servers leads to our load balancers (which offer nothing interesting from a security vulnerability standpoint). Our website software is also secure. We don’t use WordPress or similar open source code that routinely has security holes exposed. By keeping our source code private, potential intruders are not able to analyze our code for weaknesses.
- Port Lockdown & IP Address Restrictions
For the general public, we have locked down all ports except for HTTP and HTTPS (80 and 443). No other ports including common ports such as 21, 22, 3306 are locked down to the public. Our database servers use 3306, but they are only open to the IP addresses of our web servers and our server administrators. SSH is also available by IP address only to our server administrators.
- Server Software Updates & Patches
We utilize Linux, Apache, MySQL, and PHP among a few other key technologies. We use Amazon’s auto-upgrade and auto-patch services to keep our servers up to date with all of the latest security updates and patches.
We integrate with PayPal and Authorize.Net servers for transaction processing and rely on their teams of security engineers to safeguard financial transactions. We also provide SSL security to safeguard other sensitive website information and to even encrypt web pages where it is not needed just to provide peace of mind to website visitors.
We are committed to providing the best website availability and security possible to our clients. Because of our proprietary software that allows us to deploy multiple small and medium-sized websites on a single overall website architecture, we are able to provide you with enterprise-level availability and security at a tiny fraction of the cost. We will continue to provide the very best in these areas while also providing huge savings for you.