Other optional add-ons

Additional dev/test environments

Agencies can purchase one or more further environments for various testing uses. These can have no backup, backup, or Active DR, as options.

Virtual Private Networking (VPN) Endpoint

CWP can be used to run intranets, and can support websites requiring secure access into other networks. For example to integrate into back-office systems holding important data. Agencies may use Virtual Private Networking (VPN) to provide a high level of security to enable these scenarios. In technical terms, the VPN End Point:

  1. Provides configuration to place the Environments of an Instance in a secure network container (VLAN), creating additional isolation from other Instances on CWP.
  2. Creates a VPN End Point in the form of an opening in the CWP firewall and provides services enabling communication to another End Point using a standard VPN protocol (IPSec). 
  3. Provides network engineer time to work with the Participating Agency to determine correct network configuration and establish the VPN connection, including whether web traffic on the Instance is accessible exclusively through the VPN (creating an Intranet) or accessible publicly but with certain network routes configured to utilise the VPN (creating a website with API access into a remote network).
  4. For clarity, does not provide underlying network connectivity between the two End Points, or any hardware or software to the agency. Agencies will still need to pay for and use the public internet or a dedicated pipe to connect between the End Points, and will need an IPSec compatible device to establish a VPN with the CWP End Point

A VPN End Point is provided for a set upfront and ongoing monthly fee. Note that where an instance uses Active DR, a second End Point is provided for redundancy over two data centres, and will cost double.

Web Application Firewall (WAF)

WAF diagram

Standard Service:

A Web Application Firewall (WAF) comes standard with all Instances, bundled into the price of the Instance. This mitigates DDoS and malicious web traffic as shown by the by the diagram on the right. For an overview, watch a two minute video about Incapsula(external link), used to provide this service.

Incapsula uses an intelligent automated rule-based system for detecting and preventing attacks and intrusions. The service is continuously updated to detect and automatically mitigate new attacks, much like a virus scanner gets regularly updated databases of signatures to detect. 

Some Security incidents require human intervention to mitigate. These are only assessed and mitigated where they are discovered and raised by SilverStripe or an agency as a Priority Level 1 incident. Where automated detection is insufficient, an agency may wish to consider adding the Premium Managed Service.

Content Delivery Network (CDN)

Incapsula enables websites to be configured and architected to support extremely high traffic levels. Public pages and files can be cached and delivered via a global network of nodes that includes Auckland, and which enables hundreds of page requests per second. Website visitors retrieve their content from the node detected to be closest to them to reduce network latency and increase website performance. We recommend that you work with CWP team so that bandwidth, security, and architectural issues are well managed. See also: technical CDN configuration details.

Optional Premium Managed Service:

An additional monthly fee provides agencies with:

  1. Access to a web-based dash-board with realtime reporting and configuration options, providing increased visibility into malicious activity directed to a website. See example report screenshot or detailed interactive demo at incapsula.com/demo(external link).
  2. Automated email contact 24/7 in the case of incidents.
  3. Proactive assessment of all security incidents, including those that require human intervention as they were not automatically mitigated by the Web Application Firewall.

 

Using HTTP/2

CWP production sites can be upgraded to use HTTP/2 through Incapsula. In order to get this activated please raise a service desk request and make sure to specify which Instance HTTP/2 should be activated on.

For more information on HTTP/2 please follow this link.(external link)

Last modified: