- FreeBSD 11.2 patched with security fixes
- Only HTTPS and SSH services running, no FTP etc
- Apache 2.4.x – kept up-to-date with latest security fixes
- MySQL 5 – kept up-to-date with new releases
- PHP 7.2 – kept up-to-date with new releases
- Exess has a dedicated server that is hosted in a purpose-built centre in the Sth Island
- Data Centre Tier Rating: 3
- Fully redundant* architecture utilising dual Cisco 6500 core switches.
- Fully redundant* FortiGate appliances for network security
- Multiple POEs (Point of Entry) for fibre using Border Gateway Protocol (BGP4) core routing to eliminate network downtime.
- Independent networks for backups, management and public services ensure the highest levels of security and performance by segregating traffic on physically separate networks.
- 99.99% Core Network Service Level Agreement
*In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe.
- Back up is to a dedicated server in a Tier 4 data centre in the North Island to accommodate additional archiving, data management and disaster recovery.
- Private Data Centre – invited, escorted access only
- No signage, nondescript building
- Single entry and exit point, using biometric devices and man-trap access
- Network cameras monitoring and recording all movement – no blind spots
- Perimeter fencing encompasses the data centre with CCV (closed circuit video) surveillance cameras recording all entry/exit points and open areas
- Security patrols nightly at random times to ensure the location remains secure. After hours access to the location is via keypad entry only
- Segregated fire-rated power room, independent biometric access
- Custom designed and engineered main switchboard with dual A + B (2N) power supply and integrated ASCO automatic transfer switch (mains/generator)
- Olympus auto-start diesel generator, serviced and load tested monthly with 24 hour on site diesel storage
- Dual A + B (2N) power feeds to A + B (2N) UPS’s Uninterruptible Power Supply (UPS)
- Dual A + B (2N) metered and monitored PDU’s (Power Distribution Units) in each 19′ cabinet
- Exess is on a dedicated server – nothing else runs on there; it’s a real machine not a virtual machine
- There are NO non-essential services running on the box – just the bare minimum to support Exess the web application (for example, there is no FTP service)
- The Exess server is behind a firewall that restricts traffic to ports 22, 80, and 443
- All data is transferred over SSL (we only use port 80 for Google Maps)
- Data is encrypted for backups
- Remote shell access (for programming work) to the server is strictly limited and controlled
- The server is patched and all applications kept-up-to-date
- The database does NOT listen for remote connections
- Exess review security on a regular basis and act promptly on any identified issues
- All staff sign confidentiality agreements if they have access to customer data