OCX Platform Security

Updated by CoreSite

The Open Cloud Exchange (OCX) provides direct network connectivity between cloud Service Providers, and other CoreSite customers via dedicated, and secure infrastructure.  The infrastructure is designed to provide private connectivity to customers needing to transmit data from one environment to the other all while avoiding the public internet.   The infrastructure is placed in a secure, private room with security monitoring the facility 24/7.


The OCX is a vendor neutral Software Defined Network platform which orchestrates creation of network services to partnered service providers.  The following measures are employed by CoreSite to ensure platform security and secure services:

  • VLAN assignments – VLANs are used to create separate logical networks limiting unauthorized access and cross traffic interruption.
  • Cloud Service Provider Credentials – For Layer 3 services, CoreSite OCX uses your existing cloud to create resources for end-to-end connectivity.
  •  Network Device Control Plane – CoreSite uses control plane controls to regulate the flow of traffic between devices (i.e. SNMP, BGP) to prevent the communication of unwanted traffic and to aid in blocking unauthorized networks.
  •  Bastion host access – CoreSite equipment is secure and can only be accessed via a dedicated bastion host connection.
  • TACACS - CoreSite uses TACACS protocols for Authentication, Authorization, and Accounting for access to network devices.

How did we do?