After four years of operation and maintenance in a bank, an IDC practitioner came to answer a wave.
In fact, this issue was raised decades ago.
In July 2007, the Ministry of Public Security, the State Secrecy Administration, the State Cryptography Administration, and the State Council Information Work Office formulated the "Administrative Measures for Information Security Level Protection", which clearly stated: as an authoritative authentication system for information security levels in the current financial circle , The third-level guarantee is the highest level of information security certification for financial systems other than banks.
The purpose is
Prevent the destruction of information systems, causing serious damage to social order and public interests, or damage to national security.
Of course, I can't talk about the third-level guarantee here. If you are interested, you can check it yourself.
So what happens when Alipay storage is blown up?
It depends on how you bomb it, let’s take a look at what the lowest-equipped financial information system looks like
The pictures found on the Internet are not very appropriate but easier to understand. The
general financial information is at least a three-center system in two places.
Three centers in two places refer to two data centers in the same city. The relationship is hot backup or active-active
Double live means that you blow up one, and there is another. Two working at the same time, almost no effect.
Hot backup means that if you blow up one, I can switch the service to another data center without any impact.
So if you want to fry, you have to fry two.
So what if two data centers explode at the same time?
Sorry, I also have a disaster-tolerant data center that can switch and restore data.
What should I do if all three data centers are exploded? Sorry, I have a cold backup.
Cold backup refers to regular backup. This backup does not run in the system and is only used.
This is a little affected, because cold backup is not real-time. If you do an incremental backup every 2 hours, you may have no data within 2 hours (some data can also be restored, as will be discussed later).
And cold backup recovery also takes a relatively long time, and business cannot be provided in a short time, but the data can still be recovered.
Then I blow up your cold backup
Sorry, I have more than one cold backup.
I'm so mad, so hard, then I will blow up your three data centers and all the backups.
Then you are great. I can only ask for funds data from various banks and financial institutions. The user data and ant scores are probably gone.
All Alipay transactions are backed by bank and fund transactions, and Alipay data can also be recovered through their data.
But it's hard to say whether it can be restored intact, it can only be said that the data is bad. But there is still hope
Then I exploded all three data centers and all backups, and also exploded all data centers and backups of the cooperative financial institutions.
Sorry, the central bank has settlement data.
One is counted as one, and one is to blow up. How can there be data to blow up!
Then you are awesome!
So how many data centers does Alipay have
do not know
From the side, we can roughly see how many ips the DNS of the domain name "http://alipay.com" points to
Currently eight can be seen, and these eight are alive at the same time, that is, live more.
(I got it wrong, the front is the dns location and the back is the ip. There are two in total, sorry haha)
In addition, this Alipay's domain name resolution address does not mean that Alipay's data is in that place.
It's just that the server requesting and returning the data is located there, and we don't know how the specific internal business goes.
Let's take a look at the details of the funds, which addresses need to be requested
You can see that the business is not in one place.
After the hot backup, disaster recovery is invisible.
If you want to blow up Alipay's storage, you still have to work hard.
Bombing may not be realistic, let's see how to paralyze a data center.
There are several ways to classify data centers.
1. The internationally accepted ones are T1, T2, T3, and T4 (T4 is the highest level, generally T3 level data centers)
2. According to my country's "Electronic Information System Computer Room Design Specification" (GB50174-2008), data centers can be classified into three levels: A, B, and C according to the nature of use, management requirements, and their importance in the economy and society. (A grade is the highest)
3. Domestic operators have assigned their own data centers with a rating of 1-5 stars (5 stars highest)
. Data centers that can undertake financial services need to comply with Class A data centers specified in the "Electronic Information System Computer Room Design Specification".
Generally, the information system in a single data center also has active and standby and load balancing, so it is not easy to unplug the network cables of several devices.
Then we start with the power system.
If we cut off the power supply to the data center, we can paralyze the data center.
1. Let's blow up the power station directly, and the data center will be self-defeating.
No, the data center has 2N+1 power supply. To put it bluntly, there are two power stations supplying power at the same time. Each power station can meet all the power needs of the data center. There is also a backup power supply for two generations. The situation where the station is powered off at the same time.
2. Shall I blow up three power stations? Is the power station so easy to blow up? Let's blow up the power distribution room in the data center.
No, the mains access to the Class A data center is an independent power distribution room, and it is physically isolated, so it will blow up.
3. Okay, then I'll make some money and blow it all up.
It still doesn't work. There is an UPS room in the data center, which is filled with batteries, which can supply the data center to run at full load for at least 15 minutes.
4. Haha, wait 15 minutes, I don’t believe he can repair the power distribution room within 15 minutes.
They don’t need 15 minutes to repair the power distribution room. They have generators and oil storage tanks that can support a full load for more than 12 hours.
5. It means they can repair a power distribution room in 12 hours?
No, they signed an agreement with at least two nearby gas stations to supply diesel within 4 hours.
6, I wipe, then I will find Lei Gong to attack him.
Thunder is not easy to use, they have lightning protection and grounding measures.
7. Then I will move to Huoyan Mountain to kill him.
You can't move it in, it's constant temperature and humidity inside.
8. Then I will conduct a nuclear test underground in the data center to crush him.
Sorry, they are earthquake resistant at least eight.
9. Then I sneak in and set a fire. If he wants to put out the fire, dry powder will damage the server, and water will also damage the server.
Hey, do you think the security system is a decoration? Even if you can get in, you can't bring in a lighter.
Even if you get in, the lighter is also brought in, and you can't light it. There are no flammable objects in the computer room.
Even if you bring two more barrels of gasoline in, you can burn them out in minutes if you light them.
The data center has temperature sensing systems, video systems, and even staff on duty to detect and extinguish fires.
When a fire is discovered, it is not dry powder or water that may damage the server.
Using a heptafluoropropane gas, the gas extracting data center, then release heptafluoropropane .
This kind of thing is colorless and tasteless, killing people in the invisible, cough, cough, and start again. This thing is colorless, tasteless, low-toxic, non-conductive, non-polluting, and non-corrosive.
10. Aren't all the people in there choked to death?
When the data center is extinguished, the access control system will automatically power off, and personnel can leave the fire extinguishing area and cannot leave in time.
Sufficient oxygen masks are also provided in the data center.
11. Stop doing it, do it, but do it.
That's right.
The location of the Class A computer room is also very demanding, and there should be no safety hazards such as railways, highways, airports, chemical plants, landfills, nuclear power plants, munitions, gas stations, etc. nearby.
The location requirements cannot be set in places where floods and earthquakes are likely to occur, and cannot be set in places with high crime rates.
Even so, the data center needs to meet certain flood and earthquake resistance standards, and has a criminal record and cannot be close to the computer room.
The internal HVAC system, air conditioning system, lighting, fire extinguishing, power supply and other systems have very strict requirements.