Our Server Details
The BuilderStorm application runs on AWS (Amazon Web Service) – providing a high level of reliability and security.
Current Server Technology
Linux – Nginx – Apache – PHP – MySQL
Note: these are subject to change
Amazon Web Service
Our Region: EU West (Ireland) – EC2 Availability Zones: 3 – Launched 2007
The AWS Cloud infrastructure is built around Regions and Availability Zones (“AZs”). A Region is a physical location in the world where Amazon have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. These Availability Zones offer us the ability to operate a production level application, while making it highly available, fault tolerant and scalable.
Amazon EC2 – Virtual Server Hosting
www.builderstorm.com and all sub-domains run on a virtual server through Amazon EC2. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It gives us complete control of our computing resources running on Amazon’s proven computing environment. This ensures that the server will be optimised, providing a high level of performance as our demand grows over time. Amazon EC2 provides us the tools to build a failure resilient application that can be isolated from common failure scenarios, allowing you to get the most out of BuilderStorm.
Amazon Simple Storage Service (Amazon S3) is a secure, durable and highly-scalable cloud storage. We use two types of Amazon S3 services for the storage of our data. ‘Amazon S3 Standard’ is used to store data that may need to be accessed quickly. Perfect for short-term backups. ‘Amazon Glacier’ is used to store data as a long-term archive. I.e. you do not intend to access this data very often. Perfect for long-term backups.
Our server runs on Amazon Elastic Block Store providing extremely high levels of redundancy alongside our own contingency measures. This is what Amazon states:
“Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. Amazon EBS volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component. All EBS volume types offer durable snapshot capabilities and are designed for 99.999% availability.”
Every system no matter how well maintained is susceptible to some form of failure. However, with the procedures we have in place, it is unlikely we will suffer any data loss. The short-term and long-term backups ensure that we cater for events such as physical hard-drive failures or data becoming corrupted and going unnoticed, however unlikely.
Note: These are both highly unlikely events and are used as examples.
Backups of the file system and database are made over a rolling 24 hour period. These are stored in up to 3 locations:
- Our AWS EC2 virtual server – stores real-time data at all times and up to 10 days of database backups are stored directly on the server.
- Our Amazon S3 Standard Vault – stores at least 2 weeks of backups. The database is backed up to this service every 30 minutes. User uploaded files are backed up twice during UK business hours to this service – typically mid day and at the end of the day.
- Our Amazon Glacier Vault – stores at least 30 days of backups. Data is backed up to this service every 8 hours.
Manual Backups – we have the facility to take manual backups if required, which can be made on request.
Backups To Your Own Amazon S3 Account
We have the facility to export certain data from BuilderStorm and place this within your own Amazon S3 account. This ensures that you always have access to the data, regardless of the availability of our own services.
Note: This will need to be pre-arranged with details on what data is to be exported. It would be subject to additional cost in line with AWS pricing – https://aws.amazon.com/s3/pricing/. You would effectively be in charge of your own account.
Your data is extremely sensitive and for that reason it’s stored in an encrypted state at all times. Amazon S3 Standard and Amazon Glacier automatically encrypts data at rest using Advanced Encryption Standard (AES) 256-bit symmetric keys and supports secure transfer of your data over Secure Sockets Layer (SSL).
Web Hosting Interface
We run additional software on top of other server packages to manage our web server as well as our authentication, web server security, antispam, antivirus and network security. It adds another layer of protection along with its monitoring scripts providing server health reports and other warnings/reports. Security & DNS
The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers. AWS also manages dozens of compliance programs in its infrastructure. AWS environments are continuously audited, with certifications from accreditation bodies across the globe. AWS also provides several security capabilities and services to increase privacy and control network access. Encryption in transit is with TLS across all services.
Security & DNS
Managed through CloudFlare – https://www.cloudflare.com/
Our web traffic is routed through CloudFlare’s intelligent global network. They automatically optimise the delivery of our application. They also block threats and limit abusive bots and crawlers from wasting bandwidth and server resources. The result: a significant improvement in performance and a decrease in spam and other attacks.
CloudFlare’s technology automatically detects new attacks that arise against any website on its network. Once CloudFlare identifies a new attack, it starts to block the attack, both for the particular website and the entire community.
We ensure that your communication is encrypted at all times through Secure Socket Layer.
Our service runs through CloudFlare’s ‘Full SSL (strict)’ mode: encrypts the connection between your computer and CloudFlare, and from CloudFlare to our server. Our SSL certificate is signed by a trusted certificate authority. You will always see the SSL lock icon in your browser.
DDoS And Other Attacks
CloudFlare has built-in security to protect against DDoS and other attacks. Built from the ground up with security in mind, their DNS service can resist the largest DDoS attacks. Based on their experience with handling attacks, and their custom authoritative DNS software, CloudFlare automatically applies the proper protections, including rate limiting, filtering, and blocking.
IP Address Banning
We run software that manages traffic to our site. It scans log files and bans IPs that show malicious signs – too many password failures, seeking for exploits, etc. This is used to update our firewall rules to reject the IP addresses for a specified amount of time.
Along-side AWS own security measures and running our server with the latest up to date packages, we also run an antivirus engine for detecting trojans, viruses, malware & other malicious threats. This scans any files that are uploaded onto our server in real time. The virus database is updated every 3 hours automatically. We run periodic scans to ensure no malicious code or files are present.
Code Repository / Deployment / Automated Testing
Not only do we keep multiple backups of all files and databases relating to your code and our application. We also store our application code securely in what’s called a ‘distributed version control system’. This is a tool that makes it easy for us to collaborate as a team, while storing every change we ever make to the software.
This is linked to our automatic deployment system that allows us to run automated tests on our application as it’s developed. The idea is to ensure that fewer bugs are introduced as we improve our software and extend the product to meet your business requirements. Not only does it make development easier, but it also ensures we never lose the application code. It ensures that we can deploy the application quickly in case of any emergency in the quickest amount of time possible.