The near future or what awaits us now


We regularly write about upcoming services such as WMS, WEDOS Cloud or B2B/VIP. However, these are more or less at the door. Specifically for WMS, we are fine-tuning the final details for the public beta test and expect to launch the service in August. WEDOS Cloud is stuck on a few small issues that the engineers will soon resolve and we are testing the final details. The new B2B/VIP is already in test operation. As far as the WEDOS 2 Datacentre is concerned, they are already finishing the works there so that the test operation can start after the holidays. The Datacent WEDOS 1 upgrade has successfully completed the first part of two. But what’s next? 😉

Datacentre WEDOS 3

It is very bold to write about a third datacentre when the second one has not even started testing yet. But the fact is that Datacentre WEDOS 1 is gradually filling up and if we would again come across another great offer like buying 254 physical servers ProLiant DL320e Gen8 v2 for a fraction of the price, it could be a problem, especially when we are sure that we could sell 5 times as many for a good price. After all, the ProLiant DL320e Gen8 v2 is only available when one becomes available.

At the same time, you keep contacting us saying that you want housing from us. There are no plans to provide anything like this in the current datacentre. In the second datacenter we are finishing, housing is not an option… because there is only oil cooling. And honestly, how many of you have servers at home that can be cooled in oil? 🙂

Our first datacenter is coming to fruition step by step. In total, we can fit less than 70 seagulls, but in reality we count on 52. Some of the capacity is already occupied and we have now switched to HPE Moonshot servers, where there is a huge density of computing power.

We now have several dozen racks occupied in the current datacenter and 26 HPE Moonshot server cabinets, which are running all our new services. Since each HPE Moonshot box, which is 4 and 1/3 U in size (i.e. like two classic servers) can fit 45 separate physical servers, it is quite challenging to keep them cool, so there can currently be a maximum of 4 in a separate rack. Just in case. I could fit more in there, but overall it would be a big cooling demand. We’ll see in the future.

Fully equipped HPE Moonshot has 45 servers, 2x switches, 4x power supply

On the other hand, one HPE Moonshot is worth more than a rack and a half of regular servers. That’s why we bet on them and why we’re building the DC2 completely for oil cooling, which is incomparably more efficient and no problem to literally increase the density of computing power 🙂

The second datacenter will have space for approximately 240 HPE Moonshot boxes, which is 10,800 physical servers. These are extremely powerful servers. Realistically, this is a capacity that can support the entire Czech internet and still have some left over. So we have to fill it.

We just don’t want to leave anything to chance and we had to move DC3 (Datacenter 3) from a medium term plan to a “need it now” situation 🙂

At the moment we already have the land, the project documentation is being prepared and by the end of the holiday season we will decide 100% whether we will implement the construction right now or not and sometime in the future. If now, we would like to apply for a building permit in the fall. In the meantime, we’ll have the reinforced concrete “parts” custom made and once we get the building permit, we’ll just assemble the DC3 WEDOS in a few weeks.

If everything goes according to plan, we would like to be working on the DC3 technological infrastructure in the second half of 2020 and start full operation from the beginning of 2021.

We expect that everything will go quickly, as we will not be dealing with the preparation for TIER IV certification, as was the case with DC2. It’s not going to be that unique a project because of the oil cooling. We’re gonna make a nice new modern data center, for normal operations. No unnecessary conveniences. Just everything is backed up above standard, X times 100 Gbps routes and we are considering special serverhousing not only for South Bohemian IT companies. But let’s not get ahead of ourselves. We’ll see how the final project documentation turns out 😉

As a result, we expect to launch a second datacenter in the meantime, and complete the upgrade of the first one (we are completely dual-partitioning everything for maximum reliability – we were inspired by ideas from TIER IV). This will free up our hands and several of our people involved in the construction of the second and the upgrade of the first datacenter will get bored 🙂 Of course, that’s an exaggeration.

We have already invested over CZK 50 million in the construction of the second datacentre. In this amount we count only construction work and investment in equipment. This does not include any miscellaneous costs related to this (for example, 3 new fiber optic routes or a cooling route)… That’s millions more. It does not even include the salary costs of several people who have been working on the construction practically full-time for several years. We do everything ourselves, we manage the construction with our own people and we do a large part of the implementation ourselves. This is more and more millions of crowns (or a sum approaching 20 million crowns). Overall, this is not a small investment, but a matter where it will cost us around CZK 100 million in real terms. And it’s not just one single server… You know that, but everything is multiply secured. In the second datacentre you will find, for example, 5 motor generators, 4 types of cooling, different independent power supplies without concurrency (one under the ceiling and one under the floor and each from a different side of the building), all non-flammable or with functional fire resistance for 90 minutes…

For the third datacentre, on the other hand, we expect significantly lower costs.

World Wide WEDOS or World Wide WEDOS CDN

In 2014, we were the target of extensive and prolonged DDoS attacks. We understood then that if we wanted to survive and grow, cybersecurity had to be our priority. Thus, we invest more than 10% of our total costs in the development and evolution of our security technologies every year.

To date we have filtered out 670,851 DDoS attacks!!!

We have probes – servers for detecting faulty packets in various Prague datacentres. In 2016, they underwent an extensive upgrade.

We have thus reached a state where we have and can provide one of the most secure solutions for protection against cyber attacks in the Czech Republic. We get regular visits from large IT companies and when they see the massive security infrastructure we have built over the years, they tell us they would like it too and would immediately replace it with what they use.

We can filter attacks with a strength of tens of Gbps, i.e. clean up the traffic. We currently have 3x 100Gbps connectivity to Hluboka (physically 3 different routes from 2 different providers to 2 different locations), making us practically the best connected datacenter in the region. We have connectivity to the internet from several providers and the total is even higher.

37 Gbps DDoS attack. Thanks to the 100 Gbps link, real-time detection, analysis and filtering is applied. The target didn’t even find out. This is what automation looks like after 6 years of development, which can give your website peace of mind in seconds.

DDoS attack 24.8 Gbps on our public traffic graph. As you can see on the blue line (transmissions out), our customers’ services have not been affected.

We have also started looking at IPS/IDS protections based on deep packet inspection and machine learning. In normal operation, our IPS/IDS protections have over 20,000 active filters, the number of which is constantly changing according to the current threats.

We can thus defend, for example, websites against various errors in content management systems. Currently only on HTTP, but soon on HTTPS.

Deployment of IPS/IDS protection on a test sample in 2016. Almost 6 million packets scanned in 15 minutes.

This year, we successfully deployed a new kind of very fast web application protection based on our “private honeypot”, which is essentially data from over one hundred and thirty thousand domains. This data is processed and evaluated in real time. In addition, the filters work even in the event of an extremely strong attack that would shut down conventional IPS/IDS protection.

Just to give you an idea – over 43% of packets are not allowed into our network at all and are filtered directly at the input. This is what our servers are “deprived” of.

The first deployment of a new type of protection and its impact on the 10 busiest web hosts. The graph shows how the protection gradually collects data and evaluates attacks. These are gradually filtered until only clean traffic remains.

So basically we have 3 different attack detection technologies and each filtering in a different way. In an emergency, one can protect sites when the other would have an outage. But the main thing is that they complement each other.

We figured if we have all this, why not offer a safe WEDOS space for others. Our customers with WEDOS NoLimit are already fully protected (DDoS and IPS/IDS). VPS SSD, VPS ON and dedicated servers are partially protected by DDoS protection (up to 1 Gbps, in case of new attacks experimentally even much more – we are collecting data and experience).

This year we wanted to launch a global anycast DNS service and this is basically the next step.

When choosing a suitable solution, we found that it would not be a problem to combine our anti-DDoS and IDS/IPS technologies with our WEDOS proxy and the already planned Anycast DNS. Basically, we can run a real CDN with protection. Rather, it will be protection with a complementary CDN service worldwide.

According to the proposals, in the first phase we will only need to select 5 major global locations and place a total of 45 physical servers on 2x 100 Gbps lines in each. In the future, we anticipate that there may be dozens or hundreds of such sites around the world.

We have already taken the first steps in this matter and contacted potential partners who have the necessary background abroad. We’re working out the details. This year we would like to offer the service to all clients.

We have asked RIPE to allocate a new autonomous system, a new range of IP addresses that we will use for the new anycast service. We want to keep it completely separate from existing services from that perspective as well.

We’re thinking about the final name… We have some ideas. If you advise us, we will offer you antiDDOoS for free for life 🙂 Contact us.

We are also currently thinking about a suitable business model. We definitely want to do a basic version in a very cheap or free version, then one cheaper plan for regular shared web hosts and a very fancy version for much visited commercial projects.

We will write more details about this new service in the coming days.


And that’s not all. We have other projects in the pipeline that we will gradually unveil. Some here on the blog others perhaps at conferences in our other datacenter 🙂