NETSUITE DATA CENTER FACT SHEET
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
NETSUITE DATA
CENTER FACT SHEET
Enterprise-Class Data Management,
Security, Performance and Availability
NetSuite is the world’s largest cloud ERP
vendor, supporting over 40,000 organizations,
processing over 500 million application
requests per day with 9+ terabytes of data Chicago
added every day. NetSuite also has a track
record since 1998 of maintaining the security
of our customers’ records.
NetSuite Data Center Architecture
NetSuite operates six geographically
separated data centers present in two
Regions, US and Europe. The data centers
operate in a hub-spoke architecture. Each
region has a dedicated data center that
provides data mirroring, disaster recovery leading collocation provider, which provides
and failover capabilities for the other data earthquake and fire protection, along with
centers in that region in case any data heating, cooling and backup power. The
center becomes non-operational. Customer NetSuite application is multi-tenant, and all
data is not shared between the regions. servers, storage and hard drives are built on
All data center facilities are operated by a several layers of redundancy.
www.netsuite.comFacts about NetSuite’s Data in usage, and to scale upward smoothly to
Center Infrastructure address increased volume and transactions.
Data Management Application Security
• Redundancy: Many layers in the NetSuite • Encryption: Transmission of users’ unique ID
system implement multiple levels of redundancy. and passwords, as well as all data in the
This design allows one or more elements to resultant connection, are encrypted with
fail without any interruption in service by industry standard protocol and cipher suite.
having multiple, redundant systems online to NetSuite supports Custom Attribute encryption
automatically assume processing on behalf and provide encryption APIs. The application
of the failed component. authentication is token based while end user
authentication supports modern two factor
• Disaster Recovery: Within one region, data is
authentication with mobile devices or
replicated and synchronized between the
authentication FOBs.
active data centers and the dedicated DR
data center by way of a proprietary replication • Application-Only Access: The system is
mechanism built in house. In the event that divided into layers that separate data from
the primary data center fails, all operations the NetSuite application itself. Users of the
fail over to the DR data center. This failover application can only access the application
procedure is tested and proven on the live features, and not the underlying database or
site twice annually. The failover procedure is other infrastructure components.
automated and can be triggered in push
• Role-Level Access and Idle Disconnect:
button fashion. NetSuite has operations
Customers can assign each end user a
engineers geographically distributed from
specific role with specific permissions to only
each other, as well as the data centers in
see and use those features related to his or
order to be able to execute a failover in any
her own job. There is a complete audit trail
disaster scenario. NetSuite conducts semi-
whereby changes to each transaction are
annual DR exercises to ensure that systems
tracked by the user login details and a
and processes are in place, as well as to
timestamp for each change is provided. The
assess and enhance competency of all
system also detects idle connections and
relevant personnel key to the successful
automatically locks the browser screen to
implementation of DR activities. NetSuite
prevent unauthorized access from an
data centers utilizes tape backups which
unattended computer screen.
supports customer-initiated data restores.
• IP Address Restrictions: Restrictions on
• Scalability: NetSuite supports over 40,000
accessing a NetSuite account from specific
organizations with over 500 million application
computers and/or locations can be enforced.
requests per day with 9+ terabytes of data
This is very useful for customers who are
added every day. NetSuite has designed its
concerned not only about who is able to access
systems to accommodate surges and spikes
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Page 2their NetSuite account, but from where they • Separation of Duties: In addition to mandatory
access it as well. This feature significantly employee background checks at all levels of
reduces the risk of unauthorized third parties NetSuite operations, job responsibilities are
accessing a user’s account. separated. The Principle of Least Authority
(POLA) is followed and employees are given
• Robust Password Policies: NetSuite offers
only those privileges that are necessary to do
fine-grained password configuration
their duties.
options—from the length of the user’s
passwords, to the expiration of a user’s • Physical Access: All data centers’ operators
password at any timeframe they desire. maintain stringent physical security policies
Customers can set up strict password policies and controls to allow unescorted access to
to ensure that new passwords vary from prior pre-authorized NetSuite Operations personnel:
passwords, and that passwords are complex
º The first layer of security includes photo ID
enough to include a combination of numbers,
proximity access cards and a biometric
letters and special characters. Accounts are
identification system. This multi-factor
also locked out after several unsuccessful
authentication system provides additional
attempts. For customers who desire a higher
assurance against lost badge risks or other
level of access control, NetSuite offers
attempts at impersonation. Proximity card
multi-factor authentication using a simple
reader devices are located at major points
physical token. In addition to entering their
of entry and are used to secure critical areas
own passwords, users must possess physical
within the data centers.
tokens that generate random one-time
passwords. These cryptographically robust º Single-person portals and T-DAR man traps
passwords prevent key loggers, shoulder guarantee that only one person is authenticated
surfers, phishers and password crackers from at one time to prevent tailgating. Reliable
accessing a user’s account. detection and prevention of tailgating and
piggybacking through secure doors
Operational Security
significantly increases the effectiveness of
• Continuous Monitoring: NetSuite employs
the access control system.
numerous Intrusion Detection Systems (IDS)
to identify malicious traffic attempting to º In addition, all perimeter doors are alarmed
access its networks. Unauthorized attempts and monitored and all exterior perimeter
to access the data center are blocked, and walls, doors, windows and the main interior
any unauthorized connection attempts are entry are constructed of materials that afford
logged and investigated. Enterprise-grade Underwriters Laboratory (UL) rated ballistic
anti-virus software is also in place to guard protection. Vegetation and other objects
against Trojans, worms, viruses and other around the data center are landscaped in a
malware from affecting the corporate manner such that an intruder would not
software and applications. be concealed.
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Page 3• Guarded Premises: On-premise security • Security Certifications: NetSuite has
guards monitor all alarms, personnel activities, passed a SOC 1 Type II audit, is certified
access points and shipping and receiving, for PCI-DSS and is EU-US Privacy Shield
and ensure that entry and exit procedures compliant. NetSuite has defined its
are correctly followed on a 24x7 basis. Guards Information Security Management System in
are provided with ongoing awareness training accordance with NIST standards, including
and skills-building. Numerous CCTV video 800-53 and ISO27000 series standards.
surveillance cameras with pan-tilt-zoom
º NetSuite’s SOC 1 Type II audit is prepared
capabilities are located at points of entry to
by and audited by independent third-party
the collocation and other secured areas
auditors. SOC 1 Type II reports show that
within the perimeter. Video is monitored and
we have been through an in-depth audit
is stored for review for non-repudiation.
of our control environment, including
• Dedicated Security Team: NetSuite employs controls over data and network security,
a global security team dedicated to enforcing backup and restoration procedures, system
security policies, monitoring alerts and availability and application development.
investigating any anomalous behavior within The requirements of Section 404 of the
the system. This team is active 24x7 from Sarbanes-Oxley Act make a SOC 1 Type II
multiple worldwide locations. All access to audit report essential to the process of
production is reviewed and granted by the reporting on the effectiveness of internal
security team. control over a company’s financial reporting.
• Data Center Performance Audits: NetSuite º In complying with PCI-DSS requirements,
Operations management implements such NetSuite offers optional 3D Secure
auditing controls as appropriate for SOC credit card authentication—also known
1 Type II and PCI compliance. NetSuite’s as Verified by Visa and MasterCard
comprehensive risk management process SecureCode. 3D Secure adds a higher
has been modeled after the National level of credit card fraud protection. It
Institute of Standards and Technology’s requests shoppers to create authentication
(NIST) special publication 800-30 and the passwords for their credit cards, or requires
ISO 27000 series of standards. Periodic them to enter their password if they already
audits are carried out to help ensure have one assigned.
that personnel performance, procedural
º NetSuite has achieved the International
compliance, equipment serviceability,
Organization for Standardization (ISO)
updated authorization records and key
inventory rounds are above par.
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Page 427001* certification, the leading international servers run exclusively on flash SSD storage
standard for measuring Information Security ensuring the fastest possible database IO
Management Systems (ISMS). The standard performance available in the industry.
requires a systematic examination of security
• Performance Monitoring Tool: NetSuite’s
risks, threats, vulnerabilities and their impact.
Application Performance Monitoring tool
To achieve certification, an organization must
provides a comprehensive performance
design and implement a comprehensive suite
dashboard that allows you to easily and quickly
of information security controls and adopt an
drill down and investigate the root cause of
overarching management process to ensure
your site’s performance issues. By capturing
that information security controls continue to
critical performance data and quickly identifying,
meet the organization’s needs on an ongoing
analyzing and fixing the problem areas, you
basis. NetSuite’s compliance with this important
can optimize performance, improve customer
industry certification demonstrates the company’s
experience and maintain critical transactions.
continued commitment to maintaining and
improving its information security management Availability
and data custodianship programs. • Service Level Commitment: NetSuite’s SLC
guarantees a 99.5% uptime (outside the
Performance
scheduled service windows) for the NetSuite
• Scalable Application Architecture: NetSuite’s
production applications for all our customers.
application runs on a three tiered architecture.
A credit is available if NetSuite does not
All three tiers—web, application, and database—
deliver its application services with 99.5%
are horizontally scalable and support multi-data
uptime. We have consistently averaged an
center deployment. NetSuite currently operates
actual uptime of 99.98% and provide customers
on over 4000 hosts in production.
a publicly available webpage to display system
• Performance Team: NetSuite invests heavily status at all times at http://status.netsuite.com.
in performance at every layer. This includes a
• World Class Hosting Operations Team:
dedicated performance team of developers
NetSuite has a global team of dedicated
and DBAs whose sole purpose is to proactively
hosting operations personnel with decades
verify application performance benchmarks and
of cumulative experience running large cloud
tune the application for maximum performance.
and SaaS business applications demanding
• High Performance Databases: NetSuite runs high performance and high availability. This
on high performance database server hardware team proactively monitors the health of the
with multiple cores and maximum RAM entire system with industry leading alert and
configuration. NetSuite production database trend based tools designed to identify and
* Oracle NetSuite, a wholly-owned subsidiary of Oracle, received an International Standards Organization (ISO) 27001 certification for its Information
System Management System (ISMS) supporting the security operations of its products and services that includes NetSuite SaaS, OpenAir PSA SaaS and
NetSuite Advance Rating (Monexa).
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Page 5resolve events before they impact the live units on data center floors for a physically
site. This team provides 24x7 coverage to integrated and electrically redundant system
respond to any incident with automated for source selection, isolation, distribution,
recovery procedures. monitoring and control of power to computer
equipment loads.
• Redundant Internet Connections: The network
was built to meet or exceed commercial • HVAC Systems: Air conditioning in all data
telecommunications standards worldwide for centers is configured to allow for proper heat
availability, integrity and confidentiality. All dissipation, permitting the sites to operate
NetSuite data centers have three 10 Gbps within an acceptable temperature range. To
diverse-path pipes, designed so that any two maintain the flow of air conditioning, an N+1
connections can simultaneously fail without redundant system of HVAC units is employed
impacting user experience. This redundancy within each location. The HVAC units are
ensures reliable connectivity and maximum powered by normal and emergency electrical
uptime with no single-point data transmission systems to maintain their availability. Additionally,
bottlenecks to or from the data center. cold water tanks have been installed to keep
Additionally, each data center has 2 dedicated air conditioning units functioning when transition
10 Gbps circuits for data replication. from direct power to generator power during
emergencies is required.
• Backup Power Systems: NetSuite has designed
a solution for clean, continuous power. • Fire Suppression: The latest fire suppression
Uninterruptible Power Systems (UPSs) are methods have been employed at NetSuite’s
provisioned in a redundant configuration data centers. The systems utilize state-of-
support environmental controls in the the-art “sniffer” systems, augmented by heat
collocation spaces. Each UPS battery system detection and dry-pipe sprinkler systems.
is designed to carry full load for 15 minutes
• Seismic Engineering: NetSuite-operated data
without a generator. Emergency generators
centers provide seismic isolation equipment
typically provide backup power in less than
to cushion facilities against movement, in
10 seconds and are sized to support the
addition to installing earthquake bracing on
entire facility at maximum load. In addition to
all equipment racks. Racks are anchored to
UPS systems, NetSuite makes use of power
the concrete slab below the site’s raised floor.
management modules and power distribution
Copyright © 2018, Oracle and/or its affiliates. All rights reserved.You can also read
