Hosting policy

CGX AERO provides a SaaS mode offer (Software As A Service) based on a virtualized infrastructure within high availability Datacenters.

In order to meet the requirements of its customers and current standards, the means implemented by CGX AERO are:

• Highly secure and standardized Datacenter infrastructure,
• A united IP network with major market players,
• A safe base conforming to the normal way,
• Rigorous and conscientious professional teams.

Any application requiring a high level of availability today must have a virtualization layer. The solution proposed by CGX AERO is therefore based on the performance of the hardware and on the virtualization layers.

So CGX AERO chooses physical servers specifically supporting the virtualization layer.

The storage space is supported by SAN (Storage Area Network) arrays known for their performance and reliability.

The purpose of this architecture is to be able to increase storage spaces in an almost infinite way. In this case, the volumes can reach several terabytes of data.

The CGX AERO hosting platform, located in Castres is a Data Center consisting of two clean rooms intended for the operation of hosted applications. The Datacenter team is ISO 27001 certified.

Energy supply

The site is connected at two separate points to the EDF distribution network (ringed network), the latter being supplied by two independent electrical sources.

In addition, a generator enables EDF access to be backed up and provides the entire site with 24 hours of operating autonomy. Continuity of operation during the time necessary for switching over to the generator set is ensured by an inverter.

Network interconnection

The territorial ISP, is connected (in BGP4) to the Internet backbones. This multi-ISP positioning allows service continuity for suppliers hosted in the DMZ. Any hosted system has shared Internet bandwidth (between 100 Mbps and 2.5 Gbps symmetric).

Air conditioner

The thermal and hygrometric regulation of the accommodation rooms is ensured by a cold group and two independent air conditioning systems, guaranteeing a constant room temperature and relative humidity to ensure optimal functioning of the electrical equipment.

Fire safety

Datacenter fire detection complies with French APSAD rule 7 (Assemblée plénière des Sociétés d’Assurances Dommages) relating to automatic fire detection, the labor code and the law of July 19, 1976 concerning classified installations for the protection of the environment. Datacenter rooms are equipped with a fire detection system and an automatic extinguishing system based on internal gases (FM 200), non-destructive for equipment and non-dangerous for humans.

The fire protection of the Datacenter complies with the R2 APSAD rule relating to automatic extinguishing by gas with adaptations specific to NFPA 2001 concerning substitutes for Halohydrocarbon and to all the rules concerning the protection of persons. The system guarantees the extinction of the beginning of a fire without damage to the equipment.

The processes and methodology implemented in the Datacenter for compartmentalization, security and evacuation of people conforms to standard NFS 61 930. A rapid evacuation procedure as soon as the fire alarm is triggered allows personnel to leave the room before the fire extinguisher system is launched.

Intrusion protection

The Data Center is equipped with an alarm system on movement detection, door opening with break-in (magnetic contacts), and glass breakage.

Datacenters are equipped with a video surveillance system to monitor accommodation spaces and access zones in real time. Image recording is triggered automatically on motion detection. The management of the video surveillance is associated with a recording with storage of the images over 30 days.

Only authorized technical personnel can enter the rooms (Access zones restricted to certain specific employees corresponding to standard EN 50600-1 class 3).

The opening of the access door to the clean rooms is subject to an access request and is activated by associated badge, each badge making it possible to identify its bearer in a unique way. Access control center makes weekly records of all accesses.

Any connection of mobile support is prohibited on our infrastructure. In all cases, access to the various ports of physical hardware (USB or other) is disabled in the virtualization layers.

Logical security is defined by the following points:

• Secure access to administration (authentication, traceability, audit and compliance)
• Network security policy (SSH, HTTPS, VPN)
• Backup plan (outsourced encrypted replication)

The Data Center has a NOC (Network Operations Center). It is a screen wall visible to the entire technical team. This receives alerts and displays in real time any type of problem that may arise (backup, unavailability of a service, network saturation, bandwidth, etc.).

All of the servers have deployed supervision models usually supplemented by a metrology dedicated to this project.

The databases are very carefully monitored, as are the inter-server links. The same goes for the network links connecting the servers to the storage equipment.

CGX AERO ensures the maintenance of all hosted machines. Continuous monitoring makes it possible to observe and maintain the quality of service. The generated graphs allow to appreciate the use of different resources over time (traffic, bandwidth, cpu, disk space, ...).

The operations department is notified in real time of any incident in order to minimize intervention times.

All infrastructure services (electricity, HVAC, Fire, etc.) are regularly tested in order to continually improve the level of quality provided.

These tests are performed by the personnel in charge of maintaining the data centers in order to validate the proper functioning of the solutions implemented and, if necessary, make the necessary modifications.

If the client so wishes, we can take a tour of our facilities to assess the level of security provided by the infrastructure.

The infrastructures can be audited on request.

CGX AERO may interrupt the service for the purpose of maintaining its server centers or their operating systems. These interruptions occur at times of the day or night, the least detrimental to server traffic.

The schedule for the interruption will be determined by mutual agreement between the Customer and CGX AERO, taking into account the attendance of the server.

In the case of automatic application of software patches (OS or application), we use weekly night programming by default. An ad hoc schedule can be determined.

In case of absolute necessity, in particular for security issues, CGX AERO reserves the right to immediate intervention on any material of its technical platform.

The Customer will then be notified.

Article 6-I-2 ° of the law for confidence in the digital economy stipulates that the host has the obligation to collect data allowing the identification of people inserting content into a site and delete of all content reported.

The Customer and CGX AERO may, within the framework of their collaboration, have access to confidential information belonging to either of the parties and undertake to protect this confidential information as if it were their own information.

"Confidential information" applies to any written document, data or information indicated as confidential by the party who provides this information to the other party, in accordance with the usual rules of the profession.

CGX AERO certifies that the employees or agents of its service have accepted these rules and principles of confidentiality.

CGX AERO therefore undertakes to comply with the following obligations and to have them respected by its personnel:

• Make no copies of the documents and information carriers entrusted to it, with the exception of those necessary for the performance of the service.
• Do not use the documents and information processed for purposes other than those provided for under this contract.
• Do not disclose these documents or information to other persons, whether private or public, physical or legal persons.
• Take all measures to avoid any misuse or fraudulent use of managed computer data.
• Take all security measures, in particular material, to ensure the preservation and integrity of the documents and information processed.