Secure Data Centers

Data Centers

Best Practices

Compliance

Protection

D2L hosted services are provided on Amazon Web Services (AWS). Physical and operational security processes are described for network and infrastructure under AWS’ management, as well as service-specific security implementations documented in Amazon Web Services: Overview of Security Processes, which outlines AWS’ data centre controls such as:

  • Physical and Environmental Security
  • Fire Detection and Suppression
  • Power
  • Climate and Temperature
  • Management
  • Storage Device Decommissioning
    o AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning process.
  • Amazon’s infrastructure fault tolerant design
    o Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
  • Certification
    o AWS holds numerous security certifications, which can be reviewed at https://aws.amazon.com/compliance/

 
 
Back to D2L security overview

D2L hosted services are provided out of tier 3 or greater hosting facilities. These facilities provide carrier-level support, including:

Access Control and Physical Security

  • 24/7 guard surveillance including foot patrols and perimeter inspections
  • Servers are protected by several multifactor physical access controls
  • Video surveillance throughout facility and perimeter
  • Access to data centers is managed through each data centers respective change management process
  • Building engineered for local seismic, storm, and flood risks
  • Tracking of asset removal
  • Dedicated concrete-walled Data Center rooms

Environmental Controls

  • Humidity and temperature control
  • Redundant (N+1) cooling system

Power

  • Underground utility power feed
  • Redundant (N+1) CPS/UPS systems
  • Redundant power distribution units (PDUs)
  • Redundant (N+1) generators

Network

  • Redundant internal networks
  • High bandwidth capacity
  • Redundant routers are configured for high availability
  • VLAN segmentation by security zone is deployed using multi-link trunks to create over a robust backbone

Fire Detection and Suppression

  • VESDA (very early smoke detection apparatus)
  • Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

Certification

D2L data centers undergo their own SSAE16 audits and maintain PCI Service Provider Level 1 compliance, ensuring that they meet industry standard security and procedural controls.
 
 
Back to D2L security overview