Our servers are working from home, just like you do

Articles
Jun 7, 2023

Our servers are working from home, just like you do

Articles
Jun 7, 2023

So heata’s servers are out in the wild, in people’s homes, when they'd normally be in a data centre behind lock and key. You might be thinking - it’s great that this enables heata to re-use the heat from its data processing, but it sounds like it’s less secure…?

Fortunately the security challenges that this introduces have already been dealt with by well understood industry standards built to tackle just these sorts of situations.

1. VPNs

You might be familiar with VPNs, if not VPN stands for Virtual Private Network.

Many people started using them on a daily basis after the COVID-19 outbreak. The pandemic’s impact was minimised by a large chunk of the workforce continuing to work from home. For a significant proportion of remote workers this was only possible thanks to the secure connection from home to work a VPN provides.

Take a bank with employees working from home that need remote access to the head office network. The bank will set up a VPN for employees to connect to, which creates a private connection – known as a tunnel – across the internet from the employee’s device to the bank’s network. Any data sent between the device and the bank will be encrypted and sent through the tunnel. As a result the device will behave as if it is connected directly to the bank’s internal network.

In the same way individual heata servers – attached to hosts’ hot water cylinders – connect to the heata network via a VPN, becoming the securely connected endpoints of our distributed data centre. Automatic workers rather than humans attached to a laptop or PC.

What this means is that all data is securely transferred in either direction but moreover that the household can’t access the heata network, and importantly, that heata can’t access the household network.

How does the heata unit access the VPN?
In the same way that an office worker has a key – a password they enter that proves their identity so they can be trusted, each heata server also has an access key that is protected by a specialised chip, called the TPM (Trusted Platform Module) - an industry standard dedicated microcontroller that stores encryption keys to ensure the integrity of the computer. The heata server automatically requests access to the heata network, using the key to get through to the ‘reception’ stage of our security protocol. Only when it has successfully passed further security checks is it then let onto the heata network.

2. Physical access and encryption

But what about physical access? The heata unit isn’t behind lock and key like in a traditional data centre… 

We’ve worked with two key partners to help us build our system to deal with this challenge.

SUSE
A leading enterprise Linux distribution who have been instrumental in helping us define our approach. The heata network is built on SUSE’s secure edge platform which has been designed to provide enterprise grade security in physically exposed public infrastructure.

Securelinx
A SUSE Platinum Partner with over twenty years' experience ensuring secure enterprise grade outcomes for businesses using open source solutions.

Together they’ve helped us define the access to the network and also the per unit set-up. To that end, each heata server is simply an anonymous processing node, all it knows how to do is to contact base and ask for work. When a task is assigned, only the data required to carry out the specific task is transferred and stored (encrypted with an in-memory key). Both the key and the data are discarded upon completion of the work and also if the unit is powered down or reset. There is no long-term storage of information on any heata unit. So whilst we do have physical locks on the heata unit, even if someone did gain physical access to the heata unit, there is nothing for them to gain access to. The heata unit has also successfully been through penetration testing — a simulated cyberattack, performed to evaluate the security of the system — by Bulletproof (part of Defense.com), an industry leading cyber security consultancy.

Data centres and security

Nothing can be 100% secure, even data centres which you might consider 100% secure suffer from breaches. Around 60% of those breaches are down to social engineering attacks1. What that means is that the physical and technical security of a facility can be the best available but the weak link is the staff, who can be manipulated into providing an entry point to a bad actor.

By assuming a trustless environment and ensuring that our servers are secure even if someone gains physical access, we avoid a key aspect of that risk.

Working from home has its benefits

Modern networking technologies have made hybrid working possible, enabling us to spend more time with our families and less time commuting. They’ve also enabled heata to build an innovative new distributed data centre delivering a step change in energy efficiency.

By taking the processing to where heat is needed, we’re able to re-use the waste heat from our processing to offset domestic hot water heating; reducing the energy spent on cooling on the data centre side, and providing a significant amount of free hot water for families on the housing side, delivering a climate and social impact.

Protected by the modern industry standard security measures already used to keep the rest of our online life secure, what workloads could you run on the heata network? 

Get in touch to discuss how we could help you reduce your compute carbon footprint.

Contact:
01483 677 147
hello@heata.co

Continue reading