THIS PAGE WAS PRINTED FROM WINDSIM.COM © 2010

Data security

WindSim Cloud runs in geographically dispersed datacenters that comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity, see www.windowsazure.com

In addition to datacenter, network, and personnel security practices, WindSim Cloud incorporates security practices at the application and platform layers.

Key Architecture Design Points


The WindSim Cloud platform is designed to provide “Defense in Depth,” reducing the risk that failure of any one security mechanism will compromise the security of the entire environment. The Defense in Depth layers include:

  • Filtering Routers
  • Filtering routers reject attempts to communicate between addresses and ports not configured as allowed. This helps to prevent common attacks that use “drones” or “zombies” searching for vulnerable servers. Although relatively easy to block, these types of attacks remain a favorite method of malicious attackers in search of vulnerabilities. Filtering routers also support configuring back end services to be accessible only from their corresponding front ends.

  • Firewalls
  • Firewalls restrict data communication to (and from) known and authorized ports, protocols, and destination (and source) IP addresses.

  • Cryptographic Protection of Messages
  • TLS with at least 128 bit cryptographic keys is used to protect control messages sent between between clusters within a given datacenter. Encryption of traffic between your local machine and the datacenters are enable by default.

  • Software Security Patch Management
  • Security patch management is an integral part of operations to help protect systems from known vulnerabilities. Out plataform utilizes integrated deployment systems to manage the distribution and installation of security patches for Microsoft software.

  • Monitoring
  • Security is monitored with the aid of centralized monitoring, correlation, and analysis systems that manage the large amount of information generated by devices within the environment, providing pertinent and timely monitoring and alerts.

  • Network Segmentation
  • Microsoft uses a variety of technologies to create barriers for unauthorized traffic at key junctions to and within the datacenters, including firewalls, Network Address Translation boxes (load balancers), and filtering routers. The back-end network is made up of partitioned Local Area Networks for Web and applications servers, data storage, and centralized administration. These servers are grouped into private address segments protected by filtering routers.

  • Physical Security
  • Physical security goes hand-in-hand with software-based security measures, and similar risk assessment and risk mitigation procedures apply to both.

    WindSim Cloud infra-structures uses highly secured access mechanisms, limited to a small number of operations personnel, who must regularly change their administrator access passwords. Datacenter access, and authority to open datacenter access tickets, is controlled by the network operations director in conjunction with local datacenter security practices.

    If you have any question or any concern contact us info@windsim.com