What Happens If Alipay’s Servers Are Destroyed? Inside Data‑Center Resilience

Earlier, a Zhihu question asked whether destroying Alipay's physical storage servers would erase all users' money.

"If the physical servers of Alipay were bombed or otherwise destroyed, would the money stored in Alipay disappear? Would the data disappear as well?"

The author, a former bank operations staff member, explains that financial information systems typically employ a "two‑site three‑center" architecture with hot‑standby, active‑active, and cold‑backup mechanisms.

Two‑site three‑center means two data centers in the same city, each capable of taking over the other's workload. Active‑active means both operate simultaneously; hot‑standby allows switching to the other center if one fails.

Cold backup refers to periodic offline backups that may lose up to a few hours of data, but the data can be restored later.

Even if all three primary data centers are destroyed, transaction data can be reconstructed from partner banks, fund companies, and the central bank, although full restoration may not be guaranteed.

Alipay’s DNS resolves to several IP addresses, indicating multiple active sites:

Financial data centers must meet the A‑class standards defined in GB50174‑2008, which require strict power, cooling, fire‑suppression, and location constraints.

International classification: T1‑T4 (T4 highest).

Chinese classification: A‑C (A highest).

Carrier rating: 1‑5 stars (5 highest).

Power redundancy follows a 2N+1 model: two independent power stations can each supply the full load, plus an additional backup source. UPS systems provide at least 15 minutes of runtime, generators and diesel tanks extend operation for over 12 hours, and fuel contracts ensure diesel supply within four hours.

Fire suppression uses clean agents such as FM‑200 (seven‑fluoropropane), which are colorless, odorless, low‑toxicity gases that do not damage equipment.

Physical attacks—blowing up power stations, distribution rooms, or attempting to set fires—are ineffective because of redundant power supplies, UPS, generators, fire‑suppression systems, and strict security measures.

Therefore, destroying Alipay’s storage is extremely difficult; the system is designed to survive extensive failures and continue operating.