Promotions run in the following network environment:
SCAinteractive's Network Operations Center (NOC) is located in a secure co-location facility designed specifically for clients with highly sensitive online security requirements. This facility is state of the art and offers full security and fire protection 24 hours a day, seven days a week. SCAinteractive leases a secure cage within this facility from which all its web pages are served. The interior of the facility is temperature-controlled and features dry-pipe fire suppression systems. HVAC systems are monitored at all times for abnormalities and failures. The facility also features advanced UPS systems in the event of power failure to the building. Admission is by photographic verification and secure Smartcard ownership.
SCAinteractive employs network based Intrusion Detection Systems (IDS) and host based IDS. Access to the network is safeguarded by redundant Cisco firewalls which have Intrusion Protection Systems (IPS) and are capable of handling over 400Mbs. To further reduce exposure, services are explicitly defined and restricted by ports and IP addresses. On the promotion engine, we use a three-tier security model with each tier being useless on its own.
The SCAinteractive hosting facility is served by a carrier grade OC-192 connection to a fully peered internet service provider. Servers are placed in a secure environment with carrier grade heating, venting, air conditioning, fire protection and DC/AC power. Redundant systems include backup battery and backup generators. The SCAinteractive NOC server security is provided by the latest version of Cisco firewall technology incorporating the redundancy bundle which features full fail-over recovery in the unlikely case of failure. Our entire core networking equipment features Cisco management agreements whereby certified Cisco technicians are on site within 45 minutes of any failure. These specialists provide technical assistance and replacement equipment if required. Warm standby devices are also on hand. Load balancers with a heartbeat monitor manage the web server cluster. The heart of the data is stored on a fully redundant storage system to a cluster of database servers which share the load and handle requests from only the web cluster. Load balancers capable of managing 2,000,000 simultaneous active connections manage the web cluster. The web cluster is designed so any node in the cluster can be shut down at any time without any disruption to a user. Additional hot standby nodes are automatically added to the cluster as needed. Network availability is monitored by a third party from various locations throughout North America. Host and service availability is monitored from inside the network and in the event of issues, technical staff is notified immediately.
The network runs on a three tier system where business logic is applied on all tiers. The web cluster communicates to the database cluster and to the draw server on a private network. The web cluster handles the requests from users, verifies user input, and provides a user friendly interface to the PromoEngine. Once the input is received, promotion logic is verified and passed to the database cluster through stored procedures. The use of stored procedures limits the access to the data. Arbitrary code injection and attempts to bypass the promotion logic is not possible.
For instant win promotions a third layer is introduced. SCA DrawServer, which resides on a separate redundant network, provides complete audit ability to results generated by the IBM 4758. It is validated by the Secretary of Commerce as fulfilling Federal Information Processing Standards 140-1 (Security Requirements for Cryptographic Modules).
All data stored in the database is electronically journaled and shipped to a backup database server at regular intervals. In the case of failure of the primary database server, the backup database server will be manually brought online to continue service until such time as the primary is brought back online.