Top 10 Data Center Security Must-Haves with CEO Geoff Green

Owning and operating a private, state-of-the-art Data Center sets Myntex Inc. apart from its competition in the custom encrypted phone app industry. Myntex CEO, Geoff Green, gives an overview in this Q&A.

Question # 1

What exactly is the function of the Myntex Data Center?


You can think of our data center as the brains of our infrastructure. Regarding our messaging service, the data center acts as a messaging agent. When communicating with end-to-end encryption, devices need to know how to reach one another. Networking is not magic, but it is cool. You need some sort of tunnel to each device so when you send a message it can reach the intended recipient. By utilising open-source virtualization technology and custom designed hardware our data center has been the primary reason we have been able to cost effectively grow as a company. The alternative would be a less secure approach by renting co-located space and paying large fees in licensing.

Question # 2

How has the Myntex Data Center evolved over the years?


From a virtualization perspective we started out with the original Xen from Xen Project, which has gone through many changes throughout the years as an open-source virtualization technology.

We later transitioned to XenServer when Citrix became the dominating provider of features for the Xen hypervisor which did require license fees for support contracts. But when a new open-source project came to market called XCP-ng based on the same hypervisor we made the switch. XCP-ng is what we currently use and will continue to support their development.

We use XCP-ng for our primary virtualization technology and then on top of that, we use Docker. We run a series of virtual machines on our hardware, which means we can use orchestration software instead of a physical computer to run programs and deploy apps. CDW Canada helped us source the right equipment to fit our needs.

We’re the only encrypted mobile solution provider with our own data center. We chose to invest in one, even though it’s expensive, because it provides better privacy. We planned and developed it ourselves. Some companies just can’t afford the investment or lack the knowledge to run a private data center. You need to hire the right people, which makes it more costly.

Question # 3

What maintenance is required to ensure optimal performance in the Data Center?


Running a datacenter does have to have a maintenance schedule, generators, networking, hardware all must be tested and monitored to make sure they are performing at their best.

APC by Schneider Electric performs an annual inspection and maintenance. Most of the critical pieces of equipment go through their own diagnostics automatically. You’ll sometimes hear weird beeps, coming from the data center which is when the system is doing self-testing, which is a huge time saver.

The air-conditioning gets looked at every year or two. We have N+1 for all pieces of equipment including the A/C unit. If a main unit were to break, we still have a standby backup unit.

Our primary backup generator is tested monthly and must be load tested every year.

Question # 4

What disaster recovery plans are in place?


We took a pre-emptive approach to disaster planning. We did a complete threat analysis. Are we in a flight path? How close are we from the fuel depot? We’re not on a floodplain.

There are only a few people who have access to the data center. We have offsite backups in an undisclosed location. But the most important piece is backups of our proprietary code, which would allow us to rebuild our entire infrastructure even if the building was destroyed. The nice thing about our Calgary location is it’s not on a fault line so, you don’t have to worry about catastrophic earthquakes.

We learned a lot about flood protection when we went through a major flood in Canmore, which also devasted central Calgary. It’s the reason we opted for diesel powered backup generators, because when the 2013 flood happened, Emergency Management worried about the water exposing the underground natural gas pipes, so they shut the gas off. Calgary does have one of the most stable power grids in the world, but a generator is a must.

We have a two-stage fire suppression system inside the data center. In stage one a fire alarm sounds, and safety systems are activated. If the second stage is triggered, there’s a different alarm to warn you to get out immediately. Seconds later a dry chemical flame retardant is dispersed. We don’t use halon. We use a non-toxic, Novec fire suppression system. That’s industry standard for most data centers. There’s no water in the pipes inside the data center. There are special smoke strobes in the server room that can detect any kind of laser break, even the smoke from vaping.

80% to 85% of the costs we put into building our world class headquarters went into securing our data center. We have ballistic protection on the windows and armored doors on top of that, for protection as well as 24/7 surveillance and monitoring.

Question # 5

What are the industry standards for a Data Center security?


A data center needs N+1 redundancy and you should have safety systems in place, the minimum being two‑stage fire suppression. If a company has server equipment with only one A/C unit and no backup generator … that’s not a real data center. That’s more like a networking closet.

N+1 plus ensures system sustainability in the event of component failure. Components (N) have at least one independent backup (+1). The power modules in ours are N+2 redundancy, so we can lose two power modules before we’re in a critical state. So, that redundancy is vital in a data center. All the switch gears are redundant to the point of N+1, N+4 on some things, depending on where it is and what its purpose is. The best of example is N+1 from a networking perspective means if you have two routers you better have two switches to prevent a single point of failure.

To maintain 100% uptime, we use triple replication for high availability. So, for each server we have three, running on three different servers. They’re all virtualized, but they’re across three different pieces of hardware. Everything is running redundant that way.

Question # 6

What method of protection does Myntex use for DDoS?


We utilize different techniques and technologies for protection but our main provider is Radware, which protects us from large scale DDoS attacks – and they’ve been doing a great job for many years.

Question # 7

Why is a data center location important, and explain why Myntex is in Canada?


I think people just don’t understand the advantages and implications of server location. Canada has a large international economy; we have a stable government and is one of the last remaining countries that cares about our privacy and freedom.

The one thing that I personally have heard numerous times is many people in Europe seem to think Canada is the United States. I think that could be a misnomer, where people just don’t quite understand how we are separate sovereign nations.

Question # 8

For Mobile Device Management, Myntex has relied on BlackBerry UEM, how do you ensure its secure?


We self-host UEM, so we control it, nobody else does. If there’s a problem, I call BlackBerry to explain the issue. We may do a screen share so they can look, but they have no access to our server at all.

You can also host BlackBerry UEM in their cloud, but then you don’t physically control the server. Therefore, BlackBerry gives organizations the option to self-host.

Question # 9

What’s the difference between the Myntex Data Center and companies using cloud servers?


A cloud could technically speaking still be in a single data center. It would be considered a non-resilient cloud, but it is possible to still call it a cloud if it’s using cloud-based computing, like the OpenNebula open-source cloud computing platform developed by NASA, is awesome.

I believe the big difference between using a cloud provider and hosting our own datacenter is that we own the data center, we control the data, we control the physical access. If you are hosted in a third-party data center, you don’t control anything. They control it and give you access, like they give you a remote login, but that’s all you get.

Question # 10

Bonus Question: Have you been able to clock the speed of your messaging service since you operate your own servers at the Myntex Data Center?

No, we don’t have exact metrics like that. When it comes to messaging, I guarantee they can send in under 200 milliseconds, but you have all the infrastructure that’s tied between it. So, when we say we have the fastest messaging in our industry it comes down to many factors… my phone is running through a network to our servers through another network and received on another device. So, when you send an image, it normally takes about 500 milliseconds, probably even less, to go from my physical phone to you.

(Myntex COO and co-founder, Chantel Duplantie, sends him an image and it instantly pings his phone.)

See that? That’s how fast it is. I have seen many other messaging systems and how long some take to send a picture, you’ll be waiting like … two minutes from the initial press of the send button. And when I say our industry I’m referring is our niche industry, I still think we might be faster than Signal and WhatsApp, but they also have many more users which is a major factor when it comes to speed.

To achieve some of the insane speeds we use different types of technology including Erlang, Redis, Elasticsearch and RabbitMQ which is implements of my favorite protocols AMQP.  They’re all a type of in‑memory storage. We use RabbitMQ for our primary messaging between our microservices. It’s instantaneous. Same with Erlang, we use it for the messaging system’s capability.

The speed with which we can send pictures and voice messages just blows our competition away.