Server Capabilities

server_img

TLC Employer Services makes the security of their client’s data the #1 priority. TLC has selected to work with Infinitely Virtual because of their reputation, their leading technology and their strong belief in protecting the data they store. TLC’s server, monitored by Infinitely Virtual, is a state-of-the-art virtualization infrastructure. It was designed with several goals in mind:

  • 100% Customer Uptime
  • Near-Physical Server Performance
  • Absolute Data Protection
  • Support for High Value Custom Services
  • Industry Cost Leadership
  • Industry Environmental Leadership
  • SSAE 16 Type II Audited

TLC’s server contains three major layers each made up of four sub-layers. Each layer and sub-layer represents a basic building block of the environment. The major layers, from the bottom up, are the Physical Layer, the Network, Server and Storage Layer, and the Virtualization Layer.

PHYSICAL LAYER: BUILDING

SSAE 16 Type II Audited Data Center: The data center building is the first layer of our environment. The 40 megawatt, 450,000 square foot data center is SSAE 16 Type II audited. It is equipped with a Dual-interlock, dry-pipe pre-action fire suppression system with VESDA. With respect to earthquake safety, the entire facility exceeds Seismic Zone 4 requirements by up to 15%.

Layer Features:
  • SSAE 16 Type II
  • Fire Suppression System
  • Exceeds Seismic Zone 4 Requirements
PHYSICAL LAYER: PHYSICAL SECURITY

State-of-the-Art Physical Security: Physical access is restricted to employees only of Infinitely Virtual. The data center itself is staffed by security 24×7. To enter the building, you must first pass through a mantrap, operated by security guards and managed by both keycard and biometric access control. Entry to each floor and suite is controlled by keycard. All public areas of the building are covered by CCTV surveillance, which is monitored 24×7.

Layer Features:
  • 24×7 Security Guards
  • CCTV Surveillance
  • Multiple Mantraps
  • Biometric Access
PHYSICAL LAYER: REDUNDANT POWER

100% Uptime Power Protection: Circuits follow a diverse path to distinct circuit breaker panels. The panels are powered by diverse UPSs. Utility power and generators each connect to Automatic Transfer Switches, which feed the UPS’s. This configuration is designed to ensure 100% system uptime by eliminating any single points of failure.

Layer Features:
  • Redundant 10 Megavolt LADWP Feeds
  • 8 Generators
  • N+1 Uninterruptable Power Supplies
  • Automatic Transfer Switches
  • Redundant load-balancing circuits to all equipment

Uninterrupted Power & Generator Protection: Our servers are redundantly powered and backed up by both Uninterruptable Power Supplies and generator power. All loads, including the cooling system, are powered by an “A” and a “B” circuit, each of which is robust enough to supply power for the entire load.

PHYSICAL LAYER: REDUNDANT COOLING

Efficient Cooling for the Environment: Cooling is as critical to uptime as it is to environmental protection. Servers, storage and other networking equipment may operate in widely varying temperatures, but as the temperature in a data center rises, so falls equipment lifetime and power efficiency. Our data center cooling is controlled to achieve optimum equipment life and power efficiency. All cooling loads are supported by no less than N+1 cooling systems, meaning TLC’s servers continue to operate properly if any cooling systems are down.

Layer Features:
  • Minimum n+1 cooling systems
  • Optimized for both equipment life & power efficiency
NETWORK, SERVER & STORAGE LAYER: Local Area Network & Internet Connectivity

Intrusion Detection & Prevention, Anti-Virus, and Anti-Spyware: All traffic entering TLC’s server is inspected and filtered by Infinitely Virtual’s industry leading Intrusion Detection & Prevention (IDP) screens. Infinitely Virtual IDPs are designed to identify and block threats before they enter the environment. Some of the threats we protect against:

Layer Features:
  • Spyware
  • Viruses
  • DoS Attacks
  • Brute Force Attacks
  • Botnet
  • Other Common Vulnerabilities
  • Code Execution
  • Info Leak Attacks
  • Overflow Attacks
  • SQL Injection
  • Phishing

Firewall Protection & IPSec VPN: Our operations network and customers who purchase firewall protection are placed in VLANs protected by one of our firewall clusters. These clusters provided fault-tolerant stateful packet inspection and anti-virus security. VPNs are also terminated on these clusters, ensuring that equipment failure will not cause an outage for our VPN customers.

Layer Features:Redundant 10 gbps layer 3 switches, Multiple BGP routers, Multiple upstream internet service providers, Multiple firewall clusters, Multiple intrusion detection and prevention screens.

Redundant, High-Performance Network:This layer is the nervous system. It is composed of redundant 10 gbps core switches, multiple bgp routed Internet connections to multiple upstream service providers, and multiple idp and firewall clusters.

Redundant, High-Performance Network:This layer is the nervous system. It is composed of redundant 10 gbps core switches, multiple bgp routed Internet connections to multiple upstream service providers, and multiple idp and firewall clusters.

The center of this network is our redundant 10 gbps layer 3 network switches. This configuration provides extreme throughput and low latency connectivity to our entire network, and it is intelligent enough to route traffic around any outages.

Tier 1 Internet Service Providers: TLC’s server connectivity with the Internet is accomplished with multiple bgp routers connected to multiple upstream providers, including Global Crossing. Our BGP network ensures that we route traffic the most efficient way to its destination, and that our network can sustain equipment or circuit failures without affecting customer connectivity.

NETWORK, SERVER & STORAGE LAYER: Wide Area Network

Site-Level Protection: Our Enterprise Virtualization EnvironmentTM spans multiple data centers, and to ensure secure, reliable communication among our sites, we have implemented a fiber-based QinQ Ethernet network between data centers.

Layer Features:
  • Multiple data centers
  • Multiple 1 Gbps QinQ Ethernet Interconnects
NETWORK, SERVER & STORAGE LAYER: Wide Area Network

Site-Level Protection: Our Enterprise Virtualization EnvironmentTM spans multiple data centers, and to ensure secure, reliable communication among our sites, we have implemented a fiber-based QinQ Ethernet network between data centers.

Layer Features:
  • Multiple data centers
  • Multiple 1 Gbps QinQ Ethernet Interconnects
NETWORK, SERVER & STORAGE LAYER: Wide Area Network.

Business Continuity: In addition, all data is replicated from the primary data center to a secondary data center on an hourly basis, protecting all customer data through any catastrophic failures at the primary data center. In the unlikely event of a site outage, VMs are powered up at the secondary data center.

Industry Leading Fault-Tolerance: The filers are clustered, meaning that if one of the controllers fails, the remaining controller will automatically take over the load. This configuration is designed to maintain server availability through any hardware failure.

Industry Leading Disk Performance: Volumes are composed of 15,000 RPM enterprise fibre-channel drives, making our storage among the fastest in the industry.

Layer Features:
  • Clustered NetApp Filers
  • RAID-DP; protects against multiple drive failures
  • Fast 15k fibre-channel disks
  • Data replicated offsite

Industry Leading Data Protection: All virtual machines and their data is stored on one of our clustered NetApp Filers. The volumes are configured with RAID double parity or RAID-DP as implemented by NetApp, which can survive up to two simultaneous drive failures without causing down-time or losing data. Therefore, customer servers can still remain online even if a raid group sustains two drive failures at the same time.

NETWORK, SERVER & STORAGE LAYER: Physical Server Infrastructure

Industry Lowest Watts/VM:Each BladeSystem enclosure enables up to 16 physical servers to share power supplies, fans and network interconnects. Servers boot from ultra low-power SSD drives. This configuration enables E.V.E. to operate at some of the lowest watts/virtual server in the industry or approximately 14 watts/VM.

Industry Leading Fault-Tolerance: The filers are clustered, meaning that if one of the controllers fails, the remaining controller will automatically take over the load. This configuration is designed to maintain server availability through any hardware failure.

Layer Features:
  • HP ProLiant bl490c Blades
  • c7000 BladeSystems
  • Redundant, low-latency 10 gbps switch fabric
  • Sub 10 watt/VM power consumption

Sub 10 watt/VM power consumption: To satisfy our requirements for density and power efficiency, our physical server layer features HP ProLiant bl490c blades in c7000 BladeSystems. Each blade has up to 192 GB ram and up to 12x 2.53 Ghz cores. Physical servers are connected to the backbone by a redundant, low-latency 10 gbps switch fabric. This configuration ensures high performance and network fault-tolerance.

VIRTUALIZATION LAYER: VMware vSphere

It has been demonstrated that web servers based on VMware outperform physical servers, and in most applications vSphere performs comparably to physical servers. With 100% of the Fortune 100, 98% of the Fortune 500 and 96% of the Fortune 1000, vSphere is the most trusted virtualization product in the industry.

Layer Features:
  • VMware vSphere
  • Customer controls the operating system
  • Support for large number of operating systems
  • High-performance hypervisor
  • Most trusted virtualization software

VMware Hypervisor:The VMware vSphere Hypervisor is the heart of TLC’s server virtualization layers. A hypervisor is the software that creates for every virtual machine (VM) the virtual system board and bios, virtual CPUs, virtual RAM, virtual network cards, etc. Accessing hardware through this hypervisor, each VM has its own independent operating system, enabling customers to have complete control over their virtual server.

VIRTUALIZATION LAYER: Virtual Switch Infrastructure

Public & Private VLANs: Each virtual port belongs to a VLAN or virtual LAN, which fits into one of the following classifications:

  • VMware vSphere
  • Publicly numbered, not protected by a firewall cluster
  • Publicly numbered protected by a firewall cluster
  • Privately numbered protected by firewall cluster w/ NAT

VMs and their associated firewall or layer 3 switch interface in the same VLAN may communicate among one another regardless of what host they are on. Therefore, customers with multiple VMs may have their load distributed among all available hosts on a dvSwitch, and individual VMs may operate from any host in the system.

Layer Features:
  • Distributed vSwitch
  • Support for private VLANs
  • VMs may operate from any host
  • Enabling hardware fault-tolerance
  • dvSwitch connected to physical fabric with redundant 10 gbps interfaces

Distributed Virtual Switches:Virtual Machines are connected to ports on one of our Distributed vSwitches, based on VMware vSphere technology. Each dvSwitch is composed of virtual ports connected to individual VMs and redundant 10 gbps physical uplinks from each VMware host to our redundant 10 gbps switching fabric.

VIRTUALIZATION LAYER: Virtual Storage Infrastructure

The Process:

  • Instruct the VSS aware applications on each VM to quiesce all transactions
  • Instruct the VM to quiesce all disk transactions, creating a VM level snapshot
  • Take snapshot of underlying datastore
  • Delete VM level snapshot

This configuration ensures that we can restore your server from any backup with all data intact. This is not true of crash-consistent snapshots. We retain nightly backups for 7 days and weekly backups for 4 weeks.

Instant Restore & Single File Restore:TLC’s servers have the unique ability to restore an entire VM, regardless of size, in minutes. This means that restores that may take hours on our competitors’ infrastructures take just minutes on ours.

Layer Features:
  • Storage vMotion
  • Enabling zero-downtime load-balancing of the SAN
  • Enabling zero-downtime load-balancing of the SAN
  • Instant restore of entire VMs
  • Single-file restores

Multiple Datastores & Storage vMotion:TLC’s Server Virtual Storage Infrastructure is composed of multiple VMware datastores on our NetApp Filers. Using Storage vMotion, a component of VMware vSphere, we can move VMs from one datastore to another “hot” or without shutting down the virtual machine. This gives us the ability to load-balance datastores without disrupting customer uptime.

Nightly Application-Consistent Backups: Every VM in our environment is backed up nightly by taking a point-in-time snapshot of the entire datastore. Unlike our competitors who take crash-consistent snapshots of their customers’ servers, we take application-consistent snapshots.

VIRTUALIZATION LAYER: DRS, vMotion & VMware HA

vMotion: Hot Migration: The method by which vCenter dynamically load-balances resource utilization among hosts is called vMotion. Sometimes called hot migration, this feature allows vCenter to move a VM from one host to another without disrupting the virtual machine. This enables us to perform maintenance on any host without shutting down customer VMs.

VMware Hardware Availability & Fault-Tolerance:Another role of vCenter is to monitor the health of the hosts and the VMs. If for any reason vCenter detects a host failure, all virtual machines on that host are immediately unregistered from that host, registered on another host in the cluster, and the VMs are then booted up on the new host. This feature gives our customers a very high level of protection from hardware and other failure on a host. Every VM in our environment has this protection included in the cost of their plan.

We offer an option called VMware Fault-Tolerance. This feature creates an active-passive cluster of two VMs. Using a special heartbeat network, vCenter monitors the primary virtual machine, and if it stops responding for any reason, the secondary VM takes over for it.

Layer Features:
  • Storage vMotion
  • Distributed Resource Scheduling, ensuring consistent VM performance
  • vMotion, enabling 0 customer downtime host maintenance
  • VMware Hardware Availability on all customer VMs
  • Optional VMware Fault-Tolerance

Multiple Datastores & Storage vMotion:Virtual Center & Distributed Resource Scheduling: The intelligence behind the virtualization layer of TLC’s servers are VMware vCenter Server. vCenter monitors the resource utilization of individual hosts and VMs, and it monitors the aggregate of available resources in all host clusters.

The intelligence behind the virtualization layer of TLC’s servers are VMware vCenter Server. vCenter monitors the resource utilization of individual hosts and VMs, and it monitors the aggregate of available resources in all host clusters.