Infrastructure – Operational security

Hardware quality

All equipment at the hosting location, including (but not only) the router, switch, server, components are purchased from a high-quality manufacturer via their official Hungarian distributor. Compatibility of devices with one another and high availability are required criteria during procurement. Devices are specifically designed to operate 24 hours a day in a server production environment.

In order to improve operational security, remote management is also available for each server with strictly limited and documented access rights. This allows low-level server administration, e.g. BIOS updates.

 

Separate racks

The company has its own rack cabinets in the hosting facility which can only be accessed by VCC system engineers with the required authorisation, thus access by unauthorised persons is prevented. Physical access to the infrastructure is regulated by strict hosting processes which separately record the access time, type of access, and data accessed.

 

Power supplies

All of the servers have redundant power supply units and receive current from two separate circuits, thus no shutdown can occur due to power supply failure.

Equipment without dual power supply units are designed redundantly and connected to a so-called static switch which performs this function instead.

 

Network setup

Each server located in the hosting room has at least two network connections which are connected to two different switches. The two switches have Internet access from two separate core devices and therefore, if any device, switch or network card fails, the computer is still able to fully communicate. If a fault occurs in these components, the changeover is made fully automatically.

 

Business Continuity, Disaster Recovery and virtualization

VCC’s systems are installed in a virtual environment, which has a number of advantages. One of the main advantages is that if any computer becomes physically unusable, and even if all of the data held on it is lost, both operations and data can be restored in a very short period of time, because virtual machines are regularly archived and so can be easily and quickly restored from the most recent backup. Only databases are present on the machine as variable data. As recorded sound files are stored on a distributed file system, there is less chance that they will be damaged; and a real-time replica is made of the databases so that the most recent status can be restored without any data loss.

If a disaster event occurs:

  • Depending on the event type VCC uses different manner of business continuity and disaster recovery plans.
  • Every disaster event is logged and recorded in accordance with quality regulations and information security policies, including incident management and business continuity management.
  • Examples of event and event management:
    • In the case of a partial malfunction or breakdown, if the affected server is still operational, it is easy to move the client to a new server within VCC’s infrastructure, the transfer of the entire database and the complete set of telecommunications settings, without data loss, taking up to two hours (depending on the size of the database).
    • In the case of a total outage (server halt) the fastest solution is to rebuild the customer database from the data backed up the previous day in VCC’s infrastructure. This takes about eight hours (including approximately two initial hours to restore the database, depending on the size of the database) and subsequently includes the restoration of data created between the outage and the creation of the back-up.
    • If a disaster event takes place, customer working processes may be affected during the restoration process. In particular, during the restoration process incoming calls may be redirected to pre-defined secondary telephone numbers.
  • To help with continuous improvement of our systems, after every incident event VCC analyses results and data, and if applicable applies relevant lessons learned to improve business continuity.

 

Call management

VCC is connected to several large service providers who supply telecommunication lines. If a problem arises at any of our service providers, calls are automatically redirected to another service provider so as to ensure that as many calls as possible are delivered. There are two central call management systems; if one of the systems shuts down, then the other automatically takes over and handles calls.

Relevant regulations:

  • Change Management Policy
  • Risk Assessment Policy
  • Testing Process and Procedures Policy
  • Operational Security Policy
  • Key and Certificate Management Policy
  • Incident Management Policy and Response Plan
  • Business Continuity Management
  • IT Security Policy
  • Third Party Management Policy
  • Physical Security Policy and Procedures