HP Designjet T520 HP Designjet ePrint & Share - Security white paper - Page 6

/Load balancing and redundant storage, Security quality assurance

Get HP Designjet T520 PDF manuals and user guides View all HP Designjet T520 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 6 highlights

• Firewall: Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny mode and Amazon EC2 customers (HP) must explicitly open all ports needed to allow inbound traffic. Highly secure applications can be deployed using this mechanism. In the case of HP Designjet ePrint & Share, administrative access is limited to qualified HP support staff, and even they do not have access to users' data, which is stored in encrypted form. • Securing data at rest (stored data) involves physical security and data encryption. Amazon employs multiple layers of physical security measures to protect customer data at rest. For example, physical access to Amazon S3 datacenters is limited to an audited list of Amazon personnel. Encryption of sensitive data is generally a good security practice, and AWS encourages users to encrypt their sensitive data before it is uploaded to Amazon S3. As mentioned above, all eP&S customer data is encrypted by HP before being stored. Load balancing and redundant storage In addition to the Service Level Agreements provided by Amazon Web Services EC2 and S3 services (http://aws.amazon.com/ec2-sla/ and http://aws.amazon.com/s3-sla/), and in order to provide high system availability, HP Designjet ePrint & Share runs in a loadbalanced environment, with different application servers hosted in different availability zones inside the Amazon Web Services network. The back-end database runs on a multi-server relational database management system, configured in a master-slave topology which automatically replicates all the data between the master and the slave. For enhanced reliability, the master and the slave are also physically hosted in different availability zones. There is no single point of failure in the HP Designjet ePrint & Share infrastructure, allowing us to offer an availability that typically exceeds 99.9% (excluding planned maintenance periods). Customer files are stored in Amazon S3 (Simple Storage Service), a storage infrastructure designed for mission-critical data. Files inside S3 are redundantly stored on multiple devices across multiple facilities in Amazon, and any lost redundancy is automatically repaired. Amazon S3 is designed to provide an availability over 99.9% and a durability of 99.999999999%. As mentioned earlier, for enhanced security all customer files are encrypted using an industrystandard algorithm. Security quality assurance We take security very seriously, and apart from regularly performing security assessments, vulnerability scans, and updating security assets, we promise to react quickly to any security incident and remedy any vulnerable situation or risk. If you would like to provide any specific feedback on security-related topics, please send an email to [email protected]. 6

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
6
Firewall:
Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is
configured in a default deny mode and Amazon EC2 customers (HP) must explicitly open all ports needed
to allow inbound traffic. Highly secure applications can be deployed using this mechanism.
In the case of HP Designjet ePrint & Share, administrative access is limited to qualified HP support staff, and
even they do not have access to users’ data, which is stored in encrypted form.
Securing data at rest (stored data) involves physical security and data encryption. Amazon employs
multiple layers of physical security measures to protect customer data at rest. For example, physical access
to Amazon S3 datacenters is limited to an audited list of Amazon personnel. Encryption of sensitive data is
generally a good security practice, and AWS encourages users to encrypt their sensitive data before it is
uploaded to Amazon S3. As mentioned above, all eP&S customer data is encrypted by HP before being
stored.
Load balancing and redundant storage
In addition to the Service Level Agreements provided by Amazon Web
Services EC2 and S3 services (
and
), and in order to provide high
system availability, HP Designjet ePrint & Share runs in a load-
balanced environment, with different application servers hosted in
different availability zones inside the Amazon Web Services network.
The back-end database runs on a multi-server relational database
management system, configured in a master-slave topology which
automatically replicates all the data between the master and the
slave. For enhanced reliability, the master and the slave are also
physically hosted in different availability zones. There is no single
point of failure in the HP Designjet ePrint & Share infrastructure,
allowing us to offer an availability that typically exceeds 99.9%
(excluding planned maintenance periods).
Customer files are stored in Amazon S3 (Simple Storage Service), a
storage infrastructure designed for mission-critical data. Files inside
S3 are redundantly stored on multiple devices across multiple
facilities in Amazon, and any lost redundancy is automatically
repaired. Amazon S3 is designed to provide an availability over 99.9%
and a durability of 99.999999999%. As mentioned earlier, for
enhanced security all customer files are encrypted using an industry-
standard algorithm.
Security quality assurance
We take security very seriously, and apart from regularly performing security assessments, vulnerability scans,
and updating security assets, we promise to react quickly to any security incident and remedy any vulnerable
situation or risk. If you would like to provide any specific feedback on security-related topics, please send an
email to
.