With more than 50,000 cloud-managed networks, ViTech is one of the largest providers of cloud-based networking services in the world. Operating continually since 2007, Vitech’s Vcloud network controller has been trusted to power the networks of hotels, shops, schools, businesses and communities in Tucson & Phoenix.
This page details how ViTech and Vcloud safeguard your data and keep your network running reliably.
ViTech Data Centers
Vitech’s network controller, Vcloud, runs in at least 3 geographically separate Amazon AWS data centers. A combination of physical and cyber security, coupled with geographic regions and availability zones allow Vcloud to remain secure and resilient in the face of most failure modes, including natural disasters or system failures.
AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergoes annual SOC 1 audits and has been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems.
- Globally distributed, redundant, physically separate data centers
- 24/7 automatic outage detection and alert system
- Underlying architecture provides Vcloud with 99.99% uptime
- All network settings replicated across at least two geographically separate data centers simultaneously
- Automated nightly backups
- IP and port-based firewall protection
- Comprehensive physical on-site security
- Immediate failover to hot spare in case of hardware failure or natural disaster
Out of Band Management
No user traffic—browsing data, application data, etc.—passes through Vcloud: it flows unimpeded to its intended internal or external destination. Vcloud sends network configuration data via a secure (AES encrypted) connection with Vitech access points. Each access point maintains its own key. Only aggregate user data is sent to Vcloud for reporting purposes.
Vitech uses a cloud-based out-of-band management as it is:
Secure. User traffic is routed directly to intended destination; no user traffic passes through Vcloud data centers.
Scalable. With no local controller, each network has no controller bottlenecks.
Reliable. Cloud-hosted in multiple redundant locations for high availability. The network continues to function even if Vcloud is unavailable.
Other cloud-based solutions will disable your access points if you don't purchase a license. Vitech is different. We provide the cloud controller free of charge and have built the architecture to keep a network operational (with most features) without relying on the cloud controller at all. It's truly your network.
ViTech has an advanced architecture to ensure minimum disruption to users in the event ViTech access points cannot communicate with VCloud due to a temporary WAN failure or other outage.In the event an access point is unable to communicate with Vcloud:
- Users can access the Internet, provided a WAN connection is available
- Users can access local network resources (directories, printers, etc.)
- Users can continue to authenticate via splash pages (unlike other cloud systems, Vcloud hosts the splash pages on the access points).
- >Network policies (walled garden, blocked devices, etc.) remain in effect
- Users can authenticate via 802.1X/RADIUS
- Users can roam between access points
- Users can initiate and renew DHCP leases
- Established VPN tunnels continue to operate
If Vcloud is temporarily unreachable, the following services are unavailable:
- Network configuration and monitoring tools
- On voucher-enabled public networks, splash pages continue to load and all vouchers are presumed authentic, granting users temporary access for up to one hour. Normal authentication resumes once a connection with Vcloud is reestablished.
Security Best Practices
ViTech recommends users follow these security best practices for an added layer of security on their networks.
1. Enable WPA2 Security
Each SSID can be protected with WPA or WPA2 security to restrict access to users with a pre-shared key (or “passphrase”). To reduce vulnerability to password cracking attacks, ViTech recommends using a truly random passphrase of 13 characters (selected from the set of 95 permitted characters). If possible, use WPA2 as it is far more secure.
2. Verify SSL certificates
VCloud uses https, ensuring communication between an administrator's browser and the cloud controller is encrypted. As with any secure web service, do not log in if your browser displays any of the certificate warnings shown here, as it may indicate a man-in-the-middle attack.