High Availability and Disaster Recovery

On this page we will attempt to answer any questions you may have regarding the availability of our services and our approach to backups, disaster recovery, upgrades and overall resiliency.

Note that this page refers to the minimum levels of service availability that are offered to every customer. Individual customers may have additional measures in place in order to meet specific availability and/or compliance requirements.

Where are your services hosted?

Our services are hosted by Amazon Web Services (AWS) in their EU-West-2 region which is based in and around London. AWS operates 3 geographically separated data centres in this area and our services are spread across all 3 of these availability zones.

In addition to the AWS London data centres, we utilise our own premises for the storage of backup data.

Where will my data be stored and processed?

All customer data is stored and processed within the United Kingdom.

How and when is data backed up?

Data is replicated in real time across at least 2 of the 3 London data centres. Additionally it is backed up to the 3rd data centre every hour, and backed up every day to an off-site location.

Data is always backed up to encrypted media.

Do you utilise air gapped backups?

In order to meet our strict recovery point objectives, our primary backup methods are all online, using a variety of distinct technologies. However, we also take more traditional air gapped backups periodically as a last line of defence in the extremely unlikely event that our online backups are compromised. Note that the manual nature of air gapped backups results in a considerably longer recovery point objective, and if you have specific requirements in this area you should discuss these with us.

How and when are software updates applied and what level of disruption is caused during the update process?

There is no disruption to our services during software updates.

We release new versions of our ESB platform on a quarterly basis, as well as interim patches designed to address specific issues.

We apply all updates to our infrastructure in accordance with the specific vendor's recommendations, and ensure that any security-related patches are applied within 5 days of release.

As every aspect of our service is delivered across clustered and load balanced servers, we are able to apply updates to individual nodes without affecting the availability of our services.

Each node in a cluster is first removed from the live pool before having its updates applied. Once updates have been applied and verified the node is placed back into the pool.

Our monitoring system will automatically remove any node from the pool if it is found to be unhealthy, however we always apply any software updates outside of normal business hours so that in the event of an unexpected issue, disruption can be minimised.

What is your uptime guarantee?

Our uptime guarantee is 99.99% in any given calendar month.

What is your approach to DDoS protection?

Protecting our services from distributed denial of service (DDos) attacks is a joint operation between our own technical teams and our infrastructure provider, AWS.

AWS is responsible for protecting the infrastructure that underpins its cloud services. To safeguard its infrastructure, AWS employs native protections against infrastructure DDoS attacks (at layer 3 and 4). These are based on the following components:

  • Monitoring systems analyze various sources, such as NetFlow from networking devices and service logs, to detect DDoS attacks.
  • Scrubbing systems clean traffic from DDoS attacks using Deep Packet Inspection, firewalling, and traffic shaping. For services like CloudFront and Route 53, scrubbing systems are deployed within their Points of Presence (PoPs), enabling sub-second detection and mitigation. In contrast, for regional services like ALB or EC2, scrubbing systems mitigate attacks after detection, usually within minutes.
  • The Shield Response Team drives rapid resolution of DDoS attacks that are not automatically detected and mitigated by the monitoring and scrubbing systems

In addition to the protection offered by AWS, our own load balancers have been specifically hardened against DDoS attacks through the use of a highly resilliant and scalable architecture. We use HAProxy on our load balancers, which is a highly robust load balancer that is responsible for operating some of the world's largest web sites.