Product Description Certified Data Center Segment
Certified data center segment (A-DC) — IT infrastructure to accommodate an information system with increased information protection requirements information protection requirements. The requirements are fulfilled in accordance with the delineation zones of responsibility.
Only dedicated servers of any configuration and network equipment provided by Selectel can be placed in the A-DDC.
A-DC is used for:
- certification of the information system in accordance with the requirements of FSTEC Orders No. 17 and No. 21;
- processing of personal data up to the first (maximum) level of protection in accordance with the requirements of the 152-FZ;
- security controls at the infrastructure level;
- increasing the loyalty of service users by meeting the requirements of Russian laws and international standards.
To meet security requirements, the A-Data Center service includes:
- data center engineering infrastructure;
- certified information system (hereinafter — IS) "Managed Security Services";
- certified IS "Administration";
- certified IS "Information Security Monitoring".
A-Data Center Services
Placement of equipment in A data centers
Ensures compliance with data center engineering infrastructure requirements in accordance with PCI DSS, 152-FZ (FSTEC Orders #17 and #21), GDPR, SOC-2, ISO 27001, ISO 27017, ISO 27018, performs security measures related to physical access to equipment, maintains continuous operation of the infrastructure.
If you select an infrastructure level service, infrastructure level services are provided:
- dedicated servers of any configuration;
- hardware firewall: Fortinet, UserGate, Cisco, Continent, CheckPoint;
- optional: Selectel network equipment.
Additional information security services can be connected with the service Placement of equipment in A data center:
All equipment is housed in racks related to the A-Data Center service.
A typical connection scheme is used when connecting servers in the A-DC.
Dedicated servers are switched behind a dedicated firewall and have no direct connection to Selectel's internal networks or to other clients' networks. Because of this, Selectel's internal systems do not have access to server information, and the server cannot be managed through the Selectel Control Panel. The Selectel Control Panel displays the message "No power information" for such servers. All connections to external networks go through the firewall.
You can only connect to servers in the A data center through IPMI interfaces that are firewalled together.
When conducting performance evaluation (attestation) of the information system hosted by the A-DPC, the following shall be provided:
- excerpt from the document "Threat model and security violator of the data center engineering infrastructure information security provided within the framework of the "Attested Data Center Segment" service of Selektel Joint Stock Company";
- Confirmation of infrastructure placement;
- serial numbers and special firewall security marks;
- if additional information security services are used — serial numbers and special security marks.
Server protection
Provides protection from current threats, fulfillment of the requirements of FSTEC Orders No. 17 and No. 21, as well as the requirements of international standards for information systems in the client's area of responsibility.
When activating the service, access to the selected specialized software or hardware-software means of information protection is provided:
Managed security services and administration
Allows for both one-time installation and configuration of information protection tools and full system support, including response to security incidents.
The service is provided using IS "Administration", IS "Managed Security Services" and IS "Information Security Monitoring", which allows the certified systems to be transferred to Selectel for administration without violating legal requirements.
Information protection requirements to be met
Compliance in Selectel's area of responsibility is regularly reviewed and confirmed by external auditors.
Areas of responsibility
Selectel is responsible for security related to physical access to the IT infrastructure and implements the portion of physical security measures that are within its area of responsibility.
Selectel is not responsible for the operation of the system and application software of the servers, firewall administration and security related to logical access to the information system. Selectel's internal systems do not have access to the servers hosted in the A-DDC.
Cost
Depending on the type of balances in your account, a single balance or a primary balance is used for payment. Top up your balance before ordering the service.
The cost depends on the amount of equipment to be placed and additional services ordered. It includes:
- cost of a dedicated server of arbitrary configuration;
- firewall cost;
- cost of the service Placement of 1U equipment in the Attested segment of the data center. The service must be ordered for each unit;
- cost of selected information protection means within the framework of the Server Protection service.