Networking

The local IP space used between systems on our virtual private cloud (VPC) network is issued by DigitalOcean, with static IP addresses that are assigned at creation of the Droplet and persist throughout the lifecycle of the virtual machines.

Where possible, any communication between internal nodes is encrypted even though the communication takes place on the VPC network.

There are a few cases where traffic leaves our VPC but still communicates within the DigitalOcean network, such as when data is moved between Droplets in Toronto and the Object Storage in NYC, or during replication between NYC and SFO data centers.

Preventing unnecessary external access to systems through OS and service provider firewalls, and limiting communication between internal systems only to the source/destination ports and protocols required for functionality.
Blocking any access to the system from known problematic networks.
Leveraging an intrusion detection system to detect and deny access to active bad actors.
Using updated versions—from trusted sources—of the source code and binaries downloaded to our systems.
Requiring encrypted connections to all public facing elements, deprecating insecure ciphers, and using secure connections where possible—even on private networks—for communication between internal systems.

Certificates

We use Let's Encrypt as our primary certificate authority.

InfrastructureMonitoring

InfrastructureObject Storage

Networking

Public IPs

IPv6

DNS Resolution

Security

Certificates