Datacenter Services
Inventx's Datacenter Services encompass the entire lifecycle from planning (Plan) through construction (Build) to operation (Run) of the central Datacenter infrastructure in the Inventx datacenters ix.DC1 (Chur), ix.DC2 (St. Gallen), and ix.DC3 (Gais). The following table provides an overview of the service features per service model. This forms the basis for all services described in this service catalog.
| Service Feature | IaaS | PaaS |
|---|---|---|
| Datacenter locations on Swiss territory | ✓ | ✓ |
| Data center complex distributed across two geographically separate site areas with route-redundant backbone connectivity | ✓ | ✓ |
| Autonomous alarm system for all critical infrastructure components | ✓ | ✓ |
| Access control systems against unauthorized entry additionally with isolation systems and personnel airlocks | ✓ | ✓ |
| Intervention and escape routes in case of emergency | ✓ | ✓ |
| All accesses designed with break-in resistance | ✓ | ✓ |
| Intrusion detection system | ✓ | ✓ |
| Video surveillance | ✓ | ✓ |
| Two independent, separate power supplies | ✓ | ✓ |
| Redundant uninterruptible power supply (UPS) | ✓ | ✓ |
| Power generators with network backup system (Diesel) | ✓ | ✓ |
| Overvoltage protection and lightning protection | ✓ | ✓ |
| Redundant power supply within the rack | ✓ | ✓ |
| Climate monitoring | ✓ | ✓ |
| Redundant cooling of racks | ✓ | ✓ |
| Early fire detection | ✓ | ✓ |
| Hand-held fire extinguishers | ✓ | ✓ |
| Water sensors | ✓ | ✓ |
The following Datacenter Services are available:
| Service Name | Service Description |
|---|---|
| Cloud Connect | Connecting on-premise IT with ix.Cloud |
| Rack Collocation | Rental of rack space in the Inventx data center |
Cloud Connect
This service includes the operation and administration of the communication infrastructure in Inventx's data centers as a link between the system hardware components and their communication interfaces for the entry and exit of the data centers.
Service Architecture
Service Scope
| Service Feature | IaaS | PaaS |
|---|---|---|
| Datacenter LAN Infrastructure | ◼ | ◼ |
| Datacenter Interconnect | ◼ | ◼ |
| Private Connectivity Provider Equipment | ◻ | ◻ |
| Shared Internet Access | ◻ | ◻ |
Service Options
With the "Cloud Connect" service, the customer can establish a private connection to their services in ix.Cloud, which can be customized according to requirements.
Datacenter LAN Infrastructure
The services of the IaaS and PaaS service models are operated using the datacenter LAN infrastructure managed by Inventx based on the following service features:
| Service Feature | IaaS | PaaS |
|---|---|---|
| Strict zone concept at infrastructure and security level | ◼ | ◼ |
| Zone separation through firewalls | ◼ | ◼ |
| No sharing of infrastructure components across zones | ◼ | ◼ |
| Dedicated customer zones | ◼ | ◼ |
| Dedicated and shared service zones | ◼ | ◼ |
| Scalable and redundant security components | ◼ | ◼ |
Datacenter Interconnect
The Inventx data centers are securely and efficiently connected through the Datacenter Interconnect. This WAN connection is operated by Inventx as follows and as an integral part of the corresponding IaaS and PaaS services:
| Service Feature | IaaS | PaaS |
|---|---|---|
| Route-redundant, private connection between Inventx data centers | ◼ | ◼ |
| Encrypted communication | ◼ | ◼ |
Private Connectivity Provider Equipment
The customer can establish a private network connection customized according to their requirements to the Inventx data centers via the WAN infrastructure of their connectivity provider. The customer provides a connection via MPLS/DWDM or Dark Fiber, which is then terminated in the Inventx data center and thus provides access to the services operated in ix.Cloud. The necessary infrastructure of the customer's connectivity provider is operated on the basis of the Rack Collocation service in the Inventx data center. The customer must ensure compliance with IT security standards commonly used in the financial industry, in particular Distributed Denial of Service (DDoS) and 1st firewall level.
Shared Internet Access
Shared Internet Access is based on Inventx's own IP range including BGP peering to two different providers and terminates with one connection each to the global firewall instance in the geo-redundant Inventx data centers. This global, transparent firewall instance from Inventx is a mandatory connection element to the customer's first firewall level, which serves as a VPN endpoint. The following firewall policies are implemented on this global, transparent firewall instance:
| Service Feature | IaaS | PaaS |
|---|---|---|
| Distributed Denial of Service (DDoS) | ◼ | ◼ |
| Botnet Control Services | ◼ | ◼ |
| Application Control Analytics | ◼ | ◼ |
The IP addressing between the global, transparent firewall instance and the customer's first firewall level is provided by Inventx. These chargeable IP addresses can be obtained in block form in the following quantities: 2/4/8/12/16/20/30/40/50 addresses. The number of IP addresses can be changed on the 1st of the following month via "Generic Request" while observing a notice period of 3 business days.
This service is offered exclusively in the Platinum SLA. It should be noted that Inventx does not assume responsibility for the customer's on-premise VPN endpoint and only assumes responsibility for the VPN endpoint in ix.Cloud if it terminates on a component operated by Inventx.
The desired bandwidth can be reserved for the customer and can be changed on the 1st of the following month via "Generic Request" while observing a notice period of 3 business days. The following bandwidths are available:
| Service Feature | IaaS | PaaS |
|---|---|---|
| 20 Mbps | ◼ | ◼ |
| 50 Mbps | ◼ | ◼ |
| 100 Mbps | ◼ | ◼ |
| 200 Mbps | ◼ | ◼ |
Rack Collocation
With the Rack Collocation service, the customer rents a complete, dedicated rack or the desired number of rack units in a shared rack in Inventx's data centers via "Generic Request". The systems are managed by the customer themselves in this case. Power consumption is billed individually based on actual consumption. The electricity price is adjusted annually according to the price level of electricity suppliers.
This service is not available as a standalone service, but only in combination with other services from this service catalog. Customers benefit from this service in cases where, in addition to the cloud service, a solution for hosting applications, systems, or appliances that are not cloud-capable is also needed.
Service Architecture
n/a
Service Scope
| Service Feature | Shared | Dedicated |
|---|---|---|
| Dedicated rack | ⁃ | ◼ |
| Individual rack units (RU) | ◼ | ⁃ |
| Network connections to the appropriately defined customer network zones and outward (e.g., Internet) | ◼ | ◼ |
| Power on Demand | ◼ | ◼ |
| Remote Hands and Eyes | ◻ | ◻ |
| Customer Access | ◻ | ◻ |
Service Options
As a supplement to the Rack Collocation service, the customer can obtain additional services by arrangement as follows:
Remote Hands and Eyes
Required hands and eyes services must be registered via "Generic Request". These are billed according to the agreed hourly rate on a time and materials basis.
Customer Access
Customer access is exclusively possible upon advance registration via "Generic Request" and only in strictly defined exceptional cases that have been approved via a defined process. The following guidelines must be observed:
- Customers are accompanied in at least 1:1 supervision by Inventx employees.
- The registered persons of the customer must identify themselves with an official identification document before accessing the data center.
- A log of accesses is maintained.
- Persons are not permitted to bring mobile phones or smartwatches with photo functions or cameras into the data center rooms.
- All work performed by Inventx is billed on a time and materials basis according to the master agreement.