Web Hosting Solution

上海络安信息技术有限公司
Shanghai Luoan Information Technolo
gies Co., LTD.
公司简介
上海络安信息技术有限公司成立于 2003 年，是一家专注于从事系统集成、
信息安全服务与互联网安全预警的高新技术企业，并荣幸成为 2010 年上海
世博会信息安全保障应急响应支撑单位。

上海络安自主研发的 Webcare 365 安全预警平台纳入城域网信息安全综合

监测体系，并得到国家科技部、发改委及上海市经信委项目基金支持。上海
络安积极投入上海世博信息安全保障工作当中，完成上海世博 10 个门户网
站及网安办关注的 190 个上海市重点单位门户网站实时安全预警服务。

上海络安提供从服务器托管、宽带接入到网站安全、系统安全运维、互联网
信息收集、分析等的一站式服务体系，使客户信息系统安全从被动防守转变
为主动防御，从根本上提高防范风险的能力。

2
公司荣誉资质
•2008 年公司获得高新技术企业和双软件企业的证书；
•2009 年获得工信部（工信部协 [2009]42 号）互联网安全接入试点工作的上
海市试点工作任务承担单位；
•2009 年获得上海世博会信息安全保障应急响应支撑单位；
•2010 年获得工信部颁发的计算机信息系统集成资质
•2010 年荣获上海世博会信息安全保障工作优秀集体（唯一 一家）
•2010 年公司荣获上海市创新型企业称号
•2010 年公司获得工信部颁发的信息安全应急处理服务资质
•2010 年公司获得中国信息安全测评中心颁发的信息安全服务资质

3
Key Concepts for Web Hosting Service
 Standard hosting services overview
 Web infrastructure and application design
 Load Test Plan
 CDN service
 Load balance
 Website accessbility and security monitor
 Website performance analysis
 Vulnerability scan and risk assessment
 Security log audit
 Business continuity plan
 Service operation center
 Performance and security threat monitor
 Problem management
 Change management
 Website visit analysis
 SLA

4
 Standard hosting services overview

Co-location
What we can help user & Hosting Se
to implement Domain Name R Bandwidth Le Email Hosti
rvices
egistration Collocatio ase Web Hosting ng
n

Managed S
ervices
Managed Managed Rout Server Load B
Server er/Switch alancing

Managed S
ecurity S
ervices
Firewall Ma VPN Manageme Vulnerabili Disaster Recove
nagement nt ty Assessme ry
nt
Monitoring &
Reporting Ser ……
vices
Traffic Analysis Performance Monitoring Reportin
g

5
Web Infrastructure and application design

Managed
VPN Tunnel

Web Server DB Server

Staging Environment

6
Load Test Plan
The purpose of load test plan includes stress test and performance
test via the state-of-the-art test tools LoadRunner.

The following performance counters will be monitored and measured in

each test scenario.
• CPU/Memory/DISK for all resources
• Pages/second and disk queue length for all systems
• Session number for all network components
• Concurrent connections for systems
• Network traffic for all resources
• HTTP response time and page hits number for test URL
• Network Round Trip Time
• DB Servers

7
CDN Service
This service provided by CDN (Content Distribution Network)) is used
by its customers to improve the interconnection performance between
ISPs. However, it only works only for static Web pages. Depend the ratio
of static Web page number to dynamic Web page number, Web Cache
services could save about 70% .

CDN Network CDN Node

CDN Node
CDN Node
CDN Node

CDN Node

CDN Node

8
Load Balance
A single access address eases connection for users!

VIP 1 VIP 2 VIP 3

Load Balance
Appliance

Web Farm 1 Web Farm 2 Service Farm

9
Website accessibility and Security Monitor

Mo
nito
ni tor
r Mo

管理员 Website
Webcare Monitored Abnormal EventsWebcare

Monitor
Performance Monitor Nodes Content Monitor Node

Webcare
Security Monitor Nodes

Real Time Monitor

Data
Service Platform
10
Website accessibility and Security Monitor
Monitoring Nodes in China

Performance Monitor Nodes

Security Monitor Node

Content Monitor Node

11
Website accessibility and Security Monitor
Monitor Service Feature

• No any changes to servers or platform.

• Virtual visit behavior to get real monitor data.

• Distributed and redundant nodes to monitor website by

user defined frequence and time frame.

• Abnormal events notice through SMS, Email.

12
Website Performance Analysis
Service Features ：
 Insures that your web site is accessible from multiple locations around the
world.
 Alert system for contacting people who need to know when there is a
problem with website.
 Understand website performance through Web KPI monitor servcie.
 To understand CDN service quality and ROI assessment

13
Vulnerability scan and risk assessment
Scan And Assessment
Operation systems
Network OS
Web content security
Code vulnerabilities
SQL injection
SSL services
SQL server/Oracle server/mysql vulnerabilities

Black-Box WEB Risk Assessment White-Box WEB Risk Assessment

through Web Application….. through Source Code….

14
Vulnerability scan and risk assessment

Risck Assessment Risck Control

Weakness

Threats Assests
• Risk Definition • Risk Evadable
• Risk Identification Risk • Risk Divertable
• Riisk Analysis • Riisk Mitigable
Protections
Worth
• Risk Aseessment Measures Protect • Risk Acceptable
Requirements

• Vulnerability Scan • Continous Monitoring and

• Penetration Test • Emergency
• Management Codes Respondence Procedure

15
Security Log Audit

16
Business Continuity Plan and Disaster
Recovery Procedure
Emergency Measures Classifications ：
• Illegle Web content change incidents.
• Server operational incidents.
• Database incidents.
• Security attack and intrusion incidents.
• Virus incidents.
• Application operational incidents.

17
Service Operation Center
Our services are based on a total lifecycle management that is designed
to provide our customers with a complete range of services from
planning and design to implementation and support. the service
operation center is available 24 hours a day, 7 days a week. In addition,
our staff working together with IDC technical staff 24 hours a day, 7 days
a week

• Server/Network/Applicaiton Performance monitor

• Security threat monitor
• Inventory management
• Problem management
• Change management
• SLA management

18
Performance and security threat monitor
When you rely on your Web Site, downtime is unacceptable. But on the
Web it happens. The key is to know as soon as possible when there is a
problem so you can take action before customers are affected and
business is lost.

Web Application Monitor

Infrastructure Monitor
Security Log Audit

Internet Threat Analysis

19
Problem Management

20
Change Management
Prior to submission of change request, the requestor should take the
responsibilities of communication with application business owner,
system owner and all third parties involved to make sure the business
impact will be fully understand. In the meantime, Hosting Agency (Luoan)
will conduct risk assessment and make change plan.

21
Website Visit Analysis

22
SLA

23
Our Clients
Enterprises:

Goverments:

24
Case Study and Open Discussion

上海络安信息技术有限公司
Shanghai Luoan Information Tech. CO.,LTD.
邮编： 201203
上海市浦东新区龙东大道 3000 号 1 号楼 B 区 7 楼
TEL: (021)68798808
FAX: (021)68799088
http://www.luoan.com.cn
http://www.webcare365.com.cn

25