This document describes how Instart maximizes the service reliability of its application delivery service.
In addition to providing the unique web application streaming technology which differentiates our service, Instart's network incorporates all the key capabilities of legacy CDNs in terms of network distribution, network acceleration, backend server offload and traffic spike protection. It additionally provides PCI DSS Level 1 compliance and Web Application Firewall (WAF) capabilities.
According to 3rd-party measurements, the Instart application delivery service has enjoyed 100% uptime since launching officially in the summer of 2012.
The application delivery service is globally distributed and has serving sites in 30 locations around the world located next to every major Internet peering point. This coverage affords fast connectivity and global coverage near all major population centers and on all populated continents. The sites are fully redundant and load-balanced across the globe, with automatic failover capabilities between serving sites, so that any catastrophe that might affect one or more of these sites will not cause any loss of data or interruption of the service.
Local redundancy at individual PoPs
To ensure total reliability, each component of Instart's infrastructure – cabinets, proxy servers, DNS servers, database servers, web servers, storage, routers and switches, fiber connections – is fully redundant locally, with automatic failover capabilities between components. Within each location, Instart has secured redundant peering arrangements with multiple Tier 1 ISPs to ensure seamless global connectivity, even in the event of catastrophic provider failure. Local networking is also fully redundant. There is redundant local load balancing in each serving location. A thorough infrastructure monitoring system tracks system health and performance at each site, with automatic SMS/email notification and escalation processes in place. The sites are operated with the highest level of network security best practices.
The application delivery service is centrally managed. The management site performs log processing and storage, customer billing, and provides the back ends for the customer portal web interface and the service API. All data is fully backed up offsite.
As with the core serving sites themselves, the management site is locally redundant, carefully monitored, and secure.
The Instart Operations staff works from a full set of detailed, fully documented best practice-based procedures for all aspects of maintenance, troubleshooting, disaster recovery, and all aspects involved in the operation of the network and its components.
Addition of new traffic and service software updates
Additionally, the network is designed so that so that the risk of affecting the core service’s performance and functionality is minimized when network traffic from new customers is added and when new versions of the software are introduced. This is accomplished by the use of four distinct production environments:
- The main production environment, built from clusters of proxy servers and used to serve mainstream customers, running the most stable released version of the Instart software
- The global boarding environment, used to initially accept traffic of new customers, also running the most stable released version of the Instart software
- Several small global staging environments required to test new versions of Instart software on real production traffic. The environments can run the latest unstable proxy software releases and normally serve a minimal amount of testing traffic.
- The PCI environment, a dedicated environment using the same platform that powers the rest of the Instart service, but subject to the stringent change controls, limited access, lockdown procedures, and enhanced monitoring specified by the PCI DSS.