Skyhigh Security Cloud Resiliency
Each Skyhigh Security Cloud environment consists of redundant hardware components and is connected by redundant Internet Service Providers (ISPs). Skyhigh Security Cloud also uses VeriSign Hosted Domain Name System (DNS), which provides 100% Service Level Agreement for DNS resolution with a globally distributed and highly redundant design, extremely rapid propagation updates, and DNS failover as a core feature.
In addition, each Data Center (DC) is self-monitoring and can detect local issues in real-time and resolve them locally. A simplistic example: detectable software or load issues on one of the servers will lead to shifting load off that instance, re-initialization of the containers, restart of the services, and shifting load back to the instance. In order to perform these tasks without impacting the overall DC performance, each DC runs with enough idle capacity to handle such situations.
In case a DC, while unlikely, disconnects entirely, Skyhigh Security will automatically initiate a series of events in order to balance out the decrease in capacity. This chain of events is initiated from Skyhigh Security’s global SaaS NOC, which monitors the service 24x7. All event data is collected and fed back to the monitoring backend of the NOC.
- Skyhigh SSE environments utilize redundant network services providers InterNAP and XO Networks and best-of-breed security appliances, Edge firewalls, and IDS/IPS.
- When the Skyhigh Security Client Proxy (SCP) is used for connectivity to the Secure Web Gateway Cloud, the Global Routing Manager redirects the SCP to the next available PoP, in the event of a failure.
- Skyhigh Security offers a combined service level agreement (SLA) for the full range of the platform's cloud services. Refer to: https://www.skyhighsecurity.com/sse/en-us/assets/docs/legal/SkyhighSecurity_Service_Schedule1_CSA_9_22.pdf
Real-time and historical status, including downtime data can be viewed online at https://status.skyhighsecurity.com
Skyhigh Security Cloud offers full global security for customers subscribing to the service. This means that access is provided without geographical restrictions or the need to license access to parts of the global presence separately. To support that, a customer’s policy is globally mirrored and cached in each data center. This global caching negates any downtime due to policy DB issues, as each data center can be used as a source of policy data and as failover in case any of the global DBs has an issue. This failover is seamless and fully automated.
Log storage follows a similar concept and assures that even when a specific data storage location or data center is chosen, that log data is not lost. It is stored and made available for reporting in the product.