System integration

Gdata has all the necessary cloud-based solutions to help customers focus on their core business. Hardware optimization, minimizing the risk of data loss, easy management, and the lowest cost are what we can do for our customers.

For businesses that own data and resources that require protection, closely monitoring the usage of these data and resources is a top requirement.

When the information system is the place to store and process customer-related and business-related data with great value, through this data, financial resources are circulated in a strict order and rules. If these data and processes are interfered with improperly, there will certainly be incalculable disruption and damage to the business as well as the loss of reputation of that business.

By closely cooperating with organizations operating in the field of system security that are famous in the world, our company always ensures to provide customers with system security solutions at 06 levels (organization, law, operation, trade, finance and human) in compliance with ISO 27001: 2005 standards to ensure its 3 attributes: Confidentiality, Integrity and Availability.

Based on this standard, our company always provides system security solutions according to the level of each enterprise with the minimum components such as:

MULTI-LEVEL HARDWARE PROTECTION SOLUTION

External Firewall Layer

This is the main security layer used to fight against attacks from the external environment such as hackers, viruses, spam… protecting the system to minimize negative impacts from the outside. When connected to the external environment. In reality: the risk of intrusion into the internal system of the enterprise from external objects (such as hackers, viruses…), the information provided to users/customers MUST be intact and authorized users from the outside can EASILY access it.

Intermediate security layer

This security layer is mainly based on the basic security features of network devices, operating systems, etc. For example, with high-end network devices, we can deploy basic network security features such as:

• Access control list restricts end-user access to areas and applications that are not within its scope of access.
• Set access rights via username, password
• Limit connection to the system (physical connection) at unauthorized locations via port security, VLAN access control list of network devices.
• VLAN partitioning limits useless data (Broadcast, ARP signal…) from flooding from one area to another, maximizing bandwidth for useful information (real user traffic) of the system. Prevent the spread of viruses or related effects due to hardware system instability from one area to another.
  etc.

Firewall protects server system (server farm) – internal firewall

The internal firewall subsystem plays a very important role as the final security barrier to protect the entire data system of the enterprise. This subsystem is also the control gateway before entering the most sensitive area of ​​the system, which is the central server area. The special point here is that in addition to preventing attacks from the external environment from entering the system, firewall devices must also analyze accesses from within the LAN, filter and prevent attacks originating from within. Furthermore, due to such importance, firewall devices in this subsystem must be of the type with high processing capacity (throughput) and especially have the ability to operate as an IPS (Intrusion Prevention System) device.

The data center is where all the invaluable assets of the business are stored in terms of finance, customer information, etc. Therefore, in this vital area of ​​the system, we need to have the highest security protection solution within the technology’s capabilities. (see illustration diagram).

With many years of experience in the field of network security, our company is committed to providing comprehensive security solutions to minimize potential risks to the business’s computer network system. The solution is built with equipment from the world’s leading security vendors such as Fortinet, Watchguard, Astaro… from basic to integrated with many levels of security – including firewall, anti-virus, intrusion prevention, VPN, web content filtering, spyware prevention and anti-spam – designed to help customers protect against potential risks at the content level across the entire system of small to large-scale businesses.

With many years of experience and a team of well-trained, competent specialists, we have provided many solutions from simple to complex for systems of all sizes with the motto: giving the best to customers.

We always try to use the most advanced technologies and techniques in our customers’ computing environments and systems to the highest level.

The leading advanced switching technologies currently used for LAN and Campus environments such as FastEthernet, Gigabit Ethernet, 10Gigabit Ethernet, FDDI, Optical Cable… or for WAN networks such as ISDN, Frame-Relay, MegaWan, MPLS, VPN based on ADSL/FTTH lines, leased-line channels, satellite channels… are always considered by us to apply to solutions in an optimal way.

Our solutions for LAN, Campus, WAN networks have proven their strength and high features in environments with harsh requirements for technical features and high security.

In addition to the solutions that we design directly according to customer needs, we will support users in consulting on the design of a number of separate networks with different technologies and sizes through the form of online technical support on our WEB page. We hope to continue to receive the support and trust of customers.

Sincerely thank you!

I. General introduction:
Purpose:
− Synthesize individual strengths into one
− Enhance fault tolerance
Technically:  the system will include subsystems:

1. Web server
− This is a public system, serving the purpose of marketing, promoting the company’s activities and products to everyone.
− This system, technically, allows all Internet users to search for information and exchange information with your website. Therefore, it is necessary to ensure access speed and stability.

2. Database Server
− A common database system for the Web server to access to get data and display content on the website.
− This is the system that contains all information for both Public and internal company operations.
− Therefore, the DB system must be strong enough, stable and data secure.

3. Proxy server (Load Balancing)
− This is a system that forwards information and controls information, creating security for web servers and database servers.
− The Load Balancing (LB) function for web servers will be installed on this Proxy server.

III. Equipment and other requirements:

− 3 PUBLIC IPs:

• WAN IP 1: Will be assigned to LB1
• WAN IP 2: Assigned to LB2
• WAN IP 3: Used for Virtual IP (Users will access Webservers through this address)

− 4 Servers are required:

• 2 Servers act as load balancing controllers:

+ Each Server needs 2 Interfaces.

+ Because it is the main traffic transfer point, the throughput requirement for network traffic is high. This throughput capability is based on CPU and RAM.

• 2 Servers act as Websites
+ Store website information here.

+ On the 2 Servers, we can set up appropriately to act as database servers.

+ To ensure the synchronization between the 2 databases on these 2 servers is always the same, we can set up a database replication solution

IV. How it works:

− We will have 2 Servers taking on the role of LoadBalancer and Firewall.

− Load Balancer:

• 1 Server plays the role of active. (here is LB1)
• The remaining Server plays the role of standby. (LB2)
• When the outside accesses the website via the address: IP WAN3. will be redirected along the path (black arrow) to server LB1 (Active). LB1 will automatically perform load balancing to 2 Web Servers
• When Server LB1 is no longer able to serve, server LB2 will be automatically transferred to Active to continue holding load balancing to 2 Web Servers, ensuring continuous access to the website for internet users (red arrow path)
• When Server LB1 is up again, the role will be automatically transferred back to LB1.
• This way we can ensure high availability and load balancing for the website.
− Firewall:

• Web Servers will be placed in the DMZ protected by the LoadBalancer (Thanks to the Firewall installed on the Load Balancer)

− Model 1:

– This model is suitable for the following cases:
. Large database data and high security requirements
. Web Server executes Read and Write continuously to the Database.
– With the above model:
. Web Server and Database run independently on each physical Server.
. Can deploy appropriate hardware configuration for Web Server and Database Server.
. Ensure Secure. In case Hacker attacks and takes control of the Web Server => Still have to connect to the Database Server
– Replicate between 2 Database Servers will not affect much the performance of the Web Server (Because it runs independently).
– Increase the load capacity of the Web Server (Because it does not have to share resources with the database)
– Data retrieval is only within the LAN and does not affect the 2 Load Balancers.
– Model 2:

– In this model, we place the Database and Web on each Server at the same time.
– This model is applied in cases where the database data is small or medium. But requires fast and always available web access (number of Web Servers up to 4)
– With the above model, the number of requests from the Internet will be distributed to 4 Servers.
– The database on each Server will be synchronized with each other. (Up to 4)
– At this time, because the Load Balancer must bear the load of up to 4 Servers => Requires strong configuration for 2 LoadBalancer machines

Disaster Recovery for large, important data warehouses is an indispensable task for any business that has been and is operating mainly based on IT. Depending on the level and impact of IT on the business’s operations, there will be corresponding safety solutions.

Protecting the business’s data system so that information and data are always ready to access is a very important requirement and is increasingly emphasized. In addition to using on-site data backup solutions, the plan to prepare a backup infrastructure center for the main center is the safest solution in case the main center experiences natural disasters, fires, etc.

Today, IT has a decisive influence on most large businesses/organizations, so stopping the system will cause great damage to the business in terms of finance as well as reputation, so building backup solutions so that the entire system is not affected much when there are major incidents such as earthquakes, natural disasters, fires, etc. is very necessary and the professional disaster prevention solution provided by our company is also not outside the above purpose to help businesses always preserve all their activities in the most severe natural disaster conditions.

TECHNICAL SOLUTIONS

Depending on the importance of the data as well as the characteristics of each business, our company always has suitable backup solutions as follows:

• Simple solution, just backup data

With this solution, there is only the option to back up data to tapes or other devices outside the system. Data is backed up daily and the tapes are transferred to another location (offsite) for storage. So when it is necessary to restore the tapes are brought back to restore the damaged data.

The advantage of this solution is low cost, simple administration, very suitable for small businesses.

• Solution for building redundant data centers and periodic data backup

With this solution, we will support customers to build a data backup center connected to the main center. But only back up data and periodically.

Once there is an incident at the main center, we still ensure that all business data is relatively safe, meaning that the data in the most recent backup cycle is still preserved.

With this solution, the cost is not too high, but for businesses that need data accuracy over time, there is a risk of data loss between backup cycles.

• Solution for building redundant data centers and periodic data backup

With this solution, we ensure that data is not lost and overcome the disadvantages of the above solution thanks to continuous and automatic data backup via transmission lines, but the investment cost is higher.

Although this solution does not ensure the safety of all data because online backup, the system still needs a short time to execute, but this solution can ensure that nearly 99.99% of the business’s data is safely backed up.

To implement this solution we need the following elements:

• Requires the construction of a backup data center with compatible devices.
• Data is backed up online to the backup center via high-speed transmission lines.
• When the main data center fails, the backup data center restores the available data and is ready to replace the main data center.

Solution for building backup data center and synchronizing data using high-speed transmission line

With this solution, we ensure that all business data is backed up to the backup center thanks to the ability to continuously synchronize data. That is, any transaction that changes at the main center is immediately synchronized to the backup center. Although this solution ensures that business data is always preserved in any case of incident at the main center, in addition to the disadvantage of quite high cost, this solution is still limited because it takes a certain short time to recover when an incident occurs.

To deploy this solution, it is necessary to:

•  Requires the construction of a backup data center with compatible devices.
•  Data is synchronized between the two sites using high-speed transmission lines.
•  When the main data center fails, the backup data center is ready to replace the main data center.

– Comprehensive DR solution

Depending on the needs of customers, our company ensures to provide customers with a comprehensive DR solution in terms of data as well as automatic recovery of operations without having to suspend the system under any circumstances.

In this technical solution, we build backups for most components that affect the operation of the business according to international DR standards. That is, backups include: data, servers, network systems, security systems…. as the reference model below.

Please contact us for advice

Hotline: 0904 512 968 – 0966 583 085 – [email protected]