|
 
eContrack is a secure application
and each authorized user must logon with a user name and password.
Each authorized user is allocated appropriate access rights
to the database as required.
The login page runs on a secure server running SSL (Secure
Socket Layer at 128bit encryption. A copy of our security
certificate granted by Thawte is available on application.
The URL is https://www.building-software.com
Clients have the choice between:
- a fully secure site where all data communication between
the browser client and the server is encrypted, and
- a site where only the login page is fully secure
The fully secure option is only recommended where the client
has a fast connection to the internet (due to the performance
overhead).
User Access
Access to the system is restricted and is controlled by allocating
each user a logon name and a password. Each user is also allocated
an authorization level, which determines their access within
the system; the following levels of Authorization are available:
Sysadmin (system administrator)
- Can view, edit and delete everything.
- Has full rights over all reports in report library
- Can run prints and reports (for all data)
- Can create additional users with levels: memberadmin, member,
read only all, read only private
Member admin
- Can view and edit their own data and any data belonging
to an Alliance to which they belong but no access to system
administration.
- Can delete their own or public data.
- Can create additional users for their own company with levels:
member, read only all, read only private
- Has full rights over all reports in report library owned
by their company
- Can run prints and reports (for all data)
Member
- Can only view and edit their own data, or public data.
- Can only delete their own scorecards and influencers
- Can run prints and reports (for their own or public data)
Read Only All
- Can view all data (just like a sysadmin) but cannot edit
anything
- Can run prints and reports (for all data)
Read Only Private
- Can only view data owed specifically by themselves or that
is public
- Can run prints and reports (for their own data or public
data)
The security system can be tailored to meet the specific requirements
of each client as a part of the configuration exercise. Once
the security configuration exercise is complete, the users
with "SysAdmin" authority can allocate security levels.
DATA SECURITY - PHYSICAL
Our primary servers are located in London with Hostway and
our backup servers are based in Exeter with South West Telecom.
Both are major players in the industry and have invested heavily
in providing a secure, reliable, high quality service. eContrack
runs on a Microsoft IIS Web server over Windows 2000 Advanced
Server. All client data is stored in Microsoft SQL Server
2000 databases.
Each client has their own separate SQL Server database with
full transaction logging and security enabled. All data is
automatically backed up each day.
Contrack eBenchmark was developed using Macromedia MX with
ASP and Flash; graphs are rendered and displayed using ChartFX
(Internet Edition).
The Hostway London Datacentre
Security
The facility has a 24-hour manned, secure visitor reception
area, responsible for verification of visitor ID and the 24x7
monitoring of the comprehensive external CCTV surveillance
and intruder detection alarms.
Access to the building is controlled by a microprocessor-based
door access control system. Once identity has been confirmed
by a rigorous verification procedure, visitors pass through
secure access pods, which require a swipe card and pin number
for entry. The pods incorporate a 'one in, one out' double-locking
glass door mechanism and weight sensitive floor which records
visitors weight on access and re-entry. Once inside the facility,
the access card and pin provide access only to the specific
areas and routes needed by the visitor. All doors are alarmed
will be activated in the event that force is used to try to
gain access to any secured area.
Power
The facility incorporates all the power supply requirements
needed for round-the-clock, uninterruptible operation of servers
and electrical equipment. Power is supplied by a 6MVA feed
from an adjacent London Electricity primary sub-station and
fed through the building via harmonic distortion filters.
In the event of a mains failure, the online bank of 9 AVK/AEG
static UPSs takes over. Each UPS provides 0.5 of a megawatt
of power, supplying more than enough power to keep all systems
running, even with the building at full capacity.
The UPS bank keeps systems running until the generators synchronise
and take load, which happens within 2 minutes. This, coupled
with a Priority 1 fuel contract (as used by the emergency
services), means that service will be maintained irrespective
of the duration of the outage.
Fire Prevention
The facility incorporates state-of-the-art fire detection
and suppression systems, ensuring that any fire can be detected
and extinguished before it even takes hold.
VESDA® (Very Early Smoke Detection Apparatus) is an ultra-sensitive
smoke detection system which measures extremely low concentrations
of smoke to detect fires at their earliest stages. VESDA®
systems continuously sample the air and detect the invisible
by-products of materials as they degrade during the pre-combustion
stages of a fire.
An FM200 fire suppression system then discharges gas to extinguish
fires. Environmentally friendly and non-toxic, it poses no
risk to human health and no significant reduction in oxygen
levels. FM200 gas is effective within 10 seconds of discharge
so that fires are rapidly extinguished. Each machine room
is also fitted with a gas extraction system, which discharges
the gas into the atmosphere.
Network
3 carriers connect Hostway in the UK. The preliminary connection
is backed by OC2 (100mbit) with Easynet, who operate one of
the largest European backbones. A second connection peered
through BGP4, allows no single point of carrier failure and
is provided by Cable & Wireless through a DS3 (45mbit) connection.
A third fail-over connection is provided by Global Crossing
at throttled DS3 (34mbit).
Hostway uses Cisco 7206 and 12000 VXR core routers to enable
high performance BGP and packet routing through multiple networks.
Industry standard HP Procurve switches and gigabit internal
transit mean high performance data transfer internally and
externally through the network.
Security is managed by a stage of Cisco PIX 520UR firewalls,
then through IP Tables; Linux based firewalls. SNORT and TripWire
are also implemented for intrusion detection and packet analysis.
Rack-Space
Purpose built 19" Racks cabinets are designed to enhance the
security and operating environment for all services, with
lockable front glass and rear steel door, power sockets, full
cable management, 340 watt internal fans, a specified power
supply and cabling required for connection to the Hostway
backbone.
Environment
Contained within fire-resistant walls and flooring with bomb-proof
windows, the hosting environment conforms to the highest industry
specifications with all power, air conditioning, security
and fire detection and suppression systems featuring N+1 N+1
fail-over and redundancy.
Cabling is provided under 500mm raised flooring or in secure,
overhead data trays for easy routing to anywhere in the facility.
The 600mm x 600mm heavy duty flooring tiles are capable of
taking a 32 Kilo-Newtons per sq mtr floor load, capable of
supporting the heaviest server solutions.
6 liquid-cooled air chilling systems supply chilled air directly
into the environment, ensuring safe operation of electrical
equipment. System units are powered from the critical-load
UPS system to ensure the system is always operational.
At-a-glance Machine Room Features.
Secure door access
VESDA® fire detection
FM200® fire suppression system
UPS power back-up
Generator power back-up
Height clearance of 2300mm
1100mm door opening
2 x power distribution units
Water detection system |
 |
|
|
