EnGenius Cloud Services DataCenters

Overview

The EnGenius Cloud services are built upon fully redundant and highly available data centers with SSAE18 Type II audited and ISO27001 certifications. EnGenius Cloud architecture is a serverless design that functions and data are distributed across multiple redundant servers so that there is no single point of failure and every function module will scale by itself to reach high availability and high independency.

Components

EnGenius Cloud is a distributed FaaS (Function-as-a-Service) design and the components include:
  • Cloud devices check-in service
  • End-user web GUI access service
  • Real-time monitoring service
  • End-user configuration database
  • Log and notification services
  • Services management center
Figure01 -- Distributed Faas Design of EnGenius Cloud

Availability

  • 99.99% uptime service level agreement
  • 24*7 server health monitoring and report every 2 minutes
  • 24*7 automated failure detection test every 20 minutes
  • Rapid escalation procedures by multiple operation team shift

Redundancy

  • Distributed Datacenters between multiple availability zones
  • Customer network configuration data and statistical data replicated across different zones
  • Real-time replication of data
  • Daily backups for network configuration, statistical data, and event logs

Disaster Recovery

  • Rapid failover to hot spare in event of hardware failure or natural disaster
  • The End-user network keeps running even if EnGenius Cloud connectivity is unreachable. (except the function of EnGenius Cloud Authentication)
    • Users' data plane doesn't go through EnGenius Cloud
    • Only Cloud devices' management plane goes through EnGenius Cloud for configuration and status reporting, so when the Cloud is not reachable, it won't impact the users' network normal operation and keep running.
Figure02 -- Secured Cloud Management Platform

Secure On-Boarding Process

  • Every Cloud device will have a unique certificate built-in from the factory
  • Cloud devices have to go through multiple-factory authentication (MFA) process to make sure the devices are legitimate devices, then the devices will have another private certificate from Cloud to build a secure tunnel between the devices and Cloud
  • Before the on-boarding, the device has to be registered in an Organization by the users
  • After the secure tunnel is built, the device starts to check in to the Cloud by sending the device information
  • If the device is assigned to a Network, then the Network configuration will be pushed to the device through the secure tunnel
  • The device will keep checking in to sync up the configuration and update device information
Figure03 -- Secure On-Boarding Process of EnGenius Cloud

Global Operation

  • EnGenius builds team for Data Centers global operation to create several regional zones for back up whole FaaS services
  • For users to run global businesses, EnGenius Cloud infrastructure design allows users to manage different Networks under different Countries and timezones, so the firmware scheduling update time can be adoptive to local time and device operation mode can be compliant with local Country regulations such as available channels.
Figure04 -- Global Operation with EnGenius Cloud

Service Security

  • 24*7 intrusion detection
  • Protected by IP and port-based firewalls
  • Administrator access with multiple-factor authentication enforcement

Infrastructure Security

  • All entries, exits of the datacenters are monitored by the surveillance camera
  • 24*7 security guards control all accesses into and out of datacenters to ensure only authorized persons can access the controlled zones with different privilege

Maintenance Process

  • To keep improving the Cloud infrastructure and features, the operation team might need to upgrade the current production site
  • Any revision of code will do a full test at a staging site before pushing to the production site
  • Before the upgrade, the operation team will notify cloud users 2 days ago through a pop-up Post when users log in to Cloud to announce when the maintenance will be held and the estimated time of the action
  • During the maintenance window, users will be redirected to a maintenance window to let users know how long the maintenance will be. Since the data plane will not go through Cloud, so users' networks should still be functional
  • Users can also call local support to understand more details