What is data center?

How to manage data center

security?

Department of Information Technology

G.C University Faisalabad

1|P a g e
What is a data center?
Known as the server farm or the computer room, the data center is
where the majority of an enterprise servers and storage are located,
operated and managed. There are four primary components to a data
center:

White space: This typically refers to the usable raised floor

environment measured in square feet (anywhere from a few hundred to
a hundred thousand square feet). For data centers that dont use a
raised floor environment, the term "white space" may still be used to
show usable square footage.

Support infrastructure: This refers to the additional space and

equipment required to support data center operations — including
power transformers, your uninterruptible power source (UPS),
generators, computer room air conditioners (CRACs), remote
transmission units (RTUs), chillers, air distribution systems, etc. In a
high-density, Tier 3 class data center (i.e. a concurrently maintainable
facility), this support infrastructure can consume 4-6 times more space
than the white space and must be accounted for in data center
planning.

IT equipment: This includes the racks, cabling, servers, storage,

management systems and network gear required to deliver computing
services to the organization.

Operations: The operations staff assures that the systems (both IT

and infrastructure) are properly operated, maintained, upgraded and
repaired when necessary. In most companies, there is a division of
responsibility between the Technical Operations group in IT and the
staff responsible for the facilities support systems.

2|P a g e
How are data centers managed?
Operating a data center at peak efficiency and reliability requires the
combined efforts of facilities and IT.

IT systems: Servers, storage and network devices must be properly

maintained and upgraded. This includes things like operating systems,
security patches, applications and system resources (memory, storage
and CPU).

Facilities infrastructure: All the supporting systems in a data center

face heavy loads and must be properly maintained to continue
operating satisfactorily. These systems include cooling, humidification,
air handling, power distribution, backup power generation and much
more.

Monitoring: When a device, connection or application fails, it can take

down mission critical operations. Sometimes, one system's failure will
cascade to applications on other systems that rely on the data or
services from the failed unit. For example, multiple systems, such as
inventory control, credit card processing, accounting and much more
will be involved in a complex process such as eCommerce checkout. A
failure in one will compromise all the others.

Building Management System: For larger data centers, the building

management system (BMS) will allow for constant and centralized
monitoring of the facility, including temperature, humidity, power and
cooling.

The management of IT and data center facilities are often outsourced

to third party companies that specialize in the monitoring, maintenance
and remediation of systems and facilities on a shared services basis.

3|P a g e
Data center Tiers
Data center standards exist to evaluate the quality and reliability of a
data center’s server hosting ability. The Uptime Institute uses a
somewhat mysterious four-tier ranking system as a benchmark for
determining the reliability of a data center. This proprietary rating
system begins with Tier I data
centers, which are basically
warehouses with power, and ends
with Tier IV data centers, which offer
2N redundant power and cooling in
addition to a 99.99% uptime
guarantee.

A Tier III data center is concurrently

maintainable, allowing for any
planned maintenance activity of
power and cooling systems to take
place without disrupting the
operation of computer hardware
located in the data center. In terms
of redundancy, Tier III offers N+1
availability. Any unplanned activity
such as operational errors or spontaneous failures of infrastructure
components can still cause an outage. In other words, Tier III isn’t
completely fault tolerant. A Tier 4 data center is fault-tolerant,
allowing for the occurrence of any unplanned activity while still
maintaining operations. Tier 4 facilities have no single points of
failure.

Tier 1 data center

Tier 1 data center requirements are generally utilized by small

businesses and feature:

4|P a g e
  99.671% Uptime
 no redundancy
 28.8 Hours of downtime per year.

Tier 2 Data Center

The benefits of a Tier 2 facility include:

 99.749% Uptime
 Partial redundancy in power and cooling
 Experience 22 hours of downtime per year

Tier 3 Data Center

Tier 3 data center specifications are utilized by larger businesses and

feature:

 99.982% uptime (Tier 3 uptime)

 No more than 1.6 hours of downtime per year
 N+1 fault tolerant providing at least 72 hour power outage
protection

Tier 4 Data Center

Tier 4 data center certification typically serve enterprise corporations

and provide the following:

 99.995% uptime per year (Tier 4 uptime)

 2N+1 fully redundant infrastructure (the main difference
between tier 3 and tier 4 data centers)
 96 hour power outage protection
 26.3 minutes of annual downtime.

5|P a g e
How can we Manage data center security?
While data centers have become increasingly dynamic,
accommodating rapid application changes and on-the-fly deployments
that span private and public clouds, security has remained relatively
static, based on perimeter appliances like firewalls or other network
chokepoint devices that leave the insides of the data center
vulnerable to attack.

Build on the right spot. Be sure the building is some distance from
headquarters (20 miles is typical) and at least 100 feet from the main
road. Bad neighbors: airports, chemical facilities, power plants.

6|P a g e
Pay attention to walls. Foot-thick concrete is a cheap and effective
barrier against the elements and explosive devices. For extra security,
use walls lined with Kevlar.

Use two-factor authentication. Biometric identification is becoming

standard for access to sensitive areas of data centers, with hand
geometry or fingerprint scanners usually considered less invasive than
retinal scanning. In other areas, you may be able to get away with
less-expensive access cards

Harden the core with security layers. Anyone entering the most secure
part of the data center will have been authenticated at least three
times, including:

a) At the outer door. Don't forget you'll need a way for visitors
to buzz the front desk.
b) At the inner door. Separates visitor area from general
employee area.
c) At the entrance to the "data" part of the data center.
Typically, this is the layer that has the strictest "positive
control," meaning no piggybacking allowed. For
implementation,

Avoid windows. Think warehouse, not office building. If you must have
windows, limit them to the break room or administrative area, and use
bomb-resistant laminated glass.

Use landscaping for protection. Trees can hide the building from
passing cars, obscure security devices (like fences), and also help
keep vehicles from getting too close.

Plan for bomb detection. For data centers that are especially sensitive or
likely targets, have guards use mirrors to check underneath vehicles for
explosives, or provide portable bomb-sniffing devices.

7|P a g e
Limit entry points. Control access to the building by establishing one
main entrance, plus a back one for the loading dock. This keeps costs
down too.

Make fire doors exit only. For exits required by fire codes, install doors
that don't have handles on the outside. When any of these doors is
opened, a loud alarm should sound and trigger a response from the
security command center.

Use plenty of cameras. Surveillance cameras should be installed

around the perimeter of the building, at all entrances and exits, and at
every access point throughout the building. A combination of motion-
detection devices, low-light cameras, pan-tilt-zoom cameras and
standard fixed cameras is ideal. Footage should be digitally recorded
and stored offsite.

Plan for secure air handling. Make sure the heating, ventilating and air-
conditioning systems can be set to recirculate air rather than drawing
in air from the outside. This could help protect people and equipment if
there were some kind of biological or chemical attack or heavy smoke
spreading from a nearby fire.

Different Security Standers.

Doors, windows, and ventilation systems are inspected annually. The

TÜV (an international safety certification organization) inspects all
access points to the data center in accordance with ISO 27001
specifications. The door check verifies what types of door locks
(toggle locks or dead bolt locks) are used and whether they comply
with the ISO standard. In addition, doors may not be kept open for too
long. During the TÜV inspection visit, the door is left open for one
minute to see whether an alarm is triggered as per the standard.

8|P a g e
Black Box: KPMG goes one step further and inspects the data center’s
“black box” according to the international ISAE 3402 (or SSAE 16)
certification standard. In other words, it checks the video recordings
made over the last 365 days that prove that doors were opened only
for authorized individuals. Inspectors refer to this measure as a “door
effectiveness” check.

Access authorization: Biometric identification is becoming standard

for access to sensitive areas of data centers, with hand geometry or
fingerprint scanners usually considered less invasive than retinal
scanning. In other areas, you may be able to get away with less-
expensive access cards.

Records from log files, card scanners, and duty rosters of the security
service are checked by the TÜV once annually according to ISO 27001.
Some of the items on the TÜV checklist include: how the security
service organizes its 24-hour surveillance; how access cards are
issued; and how the approval process is conducted.

9|P a g e