Security Is OERCA's Top Priority
OERCA has put a tremendous amount of effort in utilizing best security practices ensuring that information remains safe and protected. Not only is data backed up regularly to ensure it is never lost due to computer or hard drive failures, but OERCA also runs on a network of Dedicated Private Servers protected by a robust, multi-tiered security framework.
OERCA was deliberately developed into a web based application for many important reasons (see "Mobile Technology" page); and one of those reasons was to make the security of the system MORE robust than a self-contained or internal network system.
Here are some of OERCA's key security features:
Application Security & Integrity
Secure by Design
- Raw data is parsed among hundreds of “tables” in Microsoft SQL Server. By combining the full features of MS SQL security framework within a fragmented table structure, any conceivable breach would yield nothing more than fragmented and non-relational data.
- OERCA utilizes a proprietary application server, completely separate from MS SQL. The OERCA application server employs a myriad of security protocols of its own, in addition to that of the back-end MS SQL tables. The OERCA application server tests every page and every request to the server against User-validation protocols, no matter how many concurrent users are logged on to the system.
- The interface coding to the database, working with special features in the application server, prevent intrusion with such methods as SQL injection attacks.
- User roles are assigned with various permissions and access levels. While Managers and Veterinarians can access everything, Trainers/Caregivers User group only has access to the tools they need. If a user doesn’t have access to a certain feature, that feature does not appear in their menu options.
- Each OERCA client subscriber has the ability to track user activity. Manager’s user-role and above can review exactly who logged into OERCA, where they went and how long they were there. Managers can restrict printing or viewing of any document management tools within OERCA. Manager’s also have the ability to “disable” users, temporarily or long-term, without having to remove that user’s profile.
- OERCA Admin never knows your password and does not have access to your data. Once a subscriber is added to the system, they are required to reset their password on initial setup. After that, no one but that user knows their password.
- Passwords are “hashed” and randomly “salted” twice within the OERCA system. The use of these techniques, in addition to other proprietary measures, produces some of the most robust password protection on the web today.
Data Integrity & Backup
- Military strength (up to 448 bit) encryption of data before it leaves the OERCA server. All backup data is encrypted, so not even the IT technicians maintaining OERCA servers can access data.
- Powerful Compression.
- Multiple scheduling options including continuous data protection & multiple full backup scheduling.
- Automated data backup offsite multiple times daily.
- OERCA’s server is protected from power outage with 911-grade backup generator reliability.
- OERCA utilizes MS SQL as the database platform, the world standard for large enterprise databases. Maximum MS SQL 2012 database size is 524,272 terabytes and the number of rows in any one table is limited only by available storage. In other words, OERCA has the capacity, which means there’s no need to worry about dumping old data or archiving important files.
- OERCA has been designed so that the size of the data tables (database) does not affect performance of the application itself.
- An important purpose of OERCA is to build and provide long-term record-keeping along with the statistics that flow from those records for the animal care community and scientific world. OERCA was built and designed with large, long-term data storage in mind with no foreseeable need to archive useful data.
Reliability & Uptime
- OERCA’s server operates out of a tier-four datacenter, with state-of-the-art cooling, power supply, backup generator and fire suppressants. The database system and application run on clustered servers and an EMC storage area network – so if one server or disk drive stops working, OERCA keeps working.
24/7 Monitoring & Management
- Always Up service monitors the OERCA application 24/7 ensuring all application features and server resources are not only “up” but also functioning at optimal levels; managing and monitoring OERCA constantly to ensure maximum uptime and performance.
- To further ensure reliability, OERCA server host employs a team of server engineers and administrators 24/7. So if a server problem occurs at 3am on a Sunday morning, a team will be there to solve it – in a matter of minutes. This same team installs Microsoft software patches immediately, as well as software and security updates, for full protection.
Data Center & Network Infrastructure
OERCA’s custom designed and dedicated servers are operated and maintained through a third-party service provider. This allows the OERCA programming and development team to focus exclusively on the application itself while providing for enterprise level excellence in server management, uptime and security.
As a result of this relationship, OERCA provides one of the world's most advanced server and database infrastructures:
On-Demand Data Center
- Through IPMI 2.0 server technologies, secure and remote out-of-band management, and proprietary automated solutions, OERCA benefits from a highly scalable, on-demand, data center experience.
- With fully-featured data centers in Amsterdam, Seattle, Singapore, Dallas, and Washington D.C., OERCA obtains geographic diversity ideal for maintaining system and data redundancy, as well as for placing systems in the optimal physical location for traffic volume and speeds.
- Geographically diverse PoP's provide seamless, direct, private and high speed access to our backbone network, bringing connectivity closer to the end user. You may choose the PoP location closest to your office or end users. High-speed metro-WAN services and cross connects from providers including Equinix and Telx are also available. OERCA network resources are built from best-in-class networking infrastructure, hardware, and software with exceptional bandwidth and connectivity for the highest speed and reliability.
Redundant, Best-in-Class Infrastructure
- All data centers maintain multiple power feeds, fiber links, dedicated generators, and battery backup. They are built from industry-leading hardware and equipment, ensuring the highest level of performance, reliability, and interoperability.
- OERCA’s datacenters are some of the world's few tier-4 datacenters, utilizing ultra-robust premium facilities to minimize downtime. The tier-4 category is for facilities "fundamentally immune to planned and unplanned downtime," according to the Uptime Institute.
Power, Cooling and Infrastructure
- Dual-feed 12KV power supply from PG&E, plus N+1 redundancy with redundant power feeds.
- Powerware UPS modules and PDUs with static switches on front end and 6 emergency redundant back-up diesel generators.
- Fully-redundant, roof-mounted, 1500-ton, Liebert system with common ducting, plus security via the elimination of water-filled piping from the datacenter space.
- CRAC units in the electrical and UPS rooms.
- Environmental control units that give a 100% SLA-guaranteed temperature and humidity within a certain range, plus the most advanced pre-action fire-suppression systems available.
- Raised floors and zone-4 certified for earthquakes.
- Market Post Tower is home to Verizon's MAE-West facility.
- The West Coast's most important communications hub, with carriers including AT&T, Global Crossing, Level 3 Communications, MCI/Verizon, Singapore Telecom, Sprint.
- Failover arrangements to two additional Intermedia California facilities ensure constant uptime.
- Redundancy: OERCA utilizes multiple carrier connections to the Internet. Your connection to OERCA stays up even if one carrier goes down.
- All servers are 64-bit Dell PowerEdge servers, with multiple multi-core processors.
- Passive-active cluster server configuration for ultimate resilience, plus seamless failover when a cluster node is unavailable or taken offline for maintenance.
- Redundant and load-balanced servers increase reliability.
- OERCA’s server provider uses only the best in hardware, including EMC for the most advanced in storage.
- New EMC SAN-based storage with disk clusters in an advanced RAID array for seamless failover.
- Full tape back-ups ensure there no single point of failure anywhere within the storage system.
- A premium network from Cisco and other leading vendors ensures the highest possible reliability.
- Routers and switches with full redundancy powered by Cisco
- Netscreen firewalls for enterprise-grade network protection
- HP rack switch technology
- All premises are closely monitored and guarded, 24x7x365, with sophisticated pan/tilt CCTV covering every part of the facility and security guards posted at all entrances.
- Access to servers is restricted to a limited number of authorized engineers and security is strictly enforced using the very latest technology, including man-trap technology, motion sensors and controlled ID key-cards.
Server Security & Infrastructure
OERCA’s Custom Dedicated Server
- OERCA’s dedicated and primary server is located in the Washington D.C. datacenter; it is customized specifically for the design of the OERCA application. Among many other impressive attributes, the OERCA configuration includes Quad Core XEON processors, SATA RAID array and Solid State Drives.
- Our server management team is among the best in the business in security and uptime performance. Any unauthorized access to the server ports (before even reaching the application server or MS SQL security framework) would immediately be reported to Server Monitoring and result in a lock-down of OERCA server access.
- All systems are protected from intrusion via state-of-the-art Cisco PIX firewalls located at its perimeter.
- OERCA server utilizes a host-based intrusion prevention system (HIPS) that protects the server from brute-force attacks on multiple system services including MS SQL Enterprise where raw data is stored.
- Following the most stringent of modern security protocols in web-based application design, OERCA programmers have painstakingly constructed the system to meet the ever increasing demands on web-based security; OERCA is future-ready.