02 - Data Center - Long
02 - Data Center - Long
1|P a g e
What is a data center?
Known as the server farm or the computer room, the data center is
where the majority of an enterprise servers and storage are located,
operated and managed. There are four primary components to a data
center:
2|P a g e
How are data centers managed?
Operating a data center at peak efficiency and reliability requires the
combined efforts of facilities and IT.
3|P a g e
Data center Tiers
Data center standards exist to evaluate the quality and reliability of a
data center’s server hosting ability. The Uptime Institute uses a
somewhat mysterious four-tier ranking system as a benchmark for
determining the reliability of a data center. This proprietary rating
system begins with Tier I data
centers, which are basically
warehouses with power, and ends
with Tier IV data centers, which offer
2N redundant power and cooling in
addition to a 99.99% uptime
guarantee.
4|P a g e
99.671% Uptime
no redundancy
28.8 Hours of downtime per year.
99.749% Uptime
Partial redundancy in power and cooling
Experience 22 hours of downtime per year
5|P a g e
How can we Manage data center security?
While data centers have become increasingly dynamic,
accommodating rapid application changes and on-the-fly deployments
that span private and public clouds, security has remained relatively
static, based on perimeter appliances like firewalls or other network
chokepoint devices that leave the insides of the data center
vulnerable to attack.
Build on the right spot. Be sure the building is some distance from
headquarters (20 miles is typical) and at least 100 feet from the main
road. Bad neighbors: airports, chemical facilities, power plants.
6|P a g e
Pay attention to walls. Foot-thick concrete is a cheap and effective
barrier against the elements and explosive devices. For extra security,
use walls lined with Kevlar.
Harden the core with security layers. Anyone entering the most secure
part of the data center will have been authenticated at least three
times, including:
a) At the outer door. Don't forget you'll need a way for visitors
to buzz the front desk.
b) At the inner door. Separates visitor area from general
employee area.
c) At the entrance to the "data" part of the data center.
Typically, this is the layer that has the strictest "positive
control," meaning no piggybacking allowed. For
implementation,
Avoid windows. Think warehouse, not office building. If you must have
windows, limit them to the break room or administrative area, and use
bomb-resistant laminated glass.
Use landscaping for protection. Trees can hide the building from
passing cars, obscure security devices (like fences), and also help
keep vehicles from getting too close.
Plan for bomb detection. For data centers that are especially sensitive or
likely targets, have guards use mirrors to check underneath vehicles for
explosives, or provide portable bomb-sniffing devices.
7|P a g e
Limit entry points. Control access to the building by establishing one
main entrance, plus a back one for the loading dock. This keeps costs
down too.
Make fire doors exit only. For exits required by fire codes, install doors
that don't have handles on the outside. When any of these doors is
opened, a loud alarm should sound and trigger a response from the
security command center.
Plan for secure air handling. Make sure the heating, ventilating and air-
conditioning systems can be set to recirculate air rather than drawing
in air from the outside. This could help protect people and equipment if
there were some kind of biological or chemical attack or heavy smoke
spreading from a nearby fire.
8|P a g e
Black Box: KPMG goes one step further and inspects the data center’s
“black box” according to the international ISAE 3402 (or SSAE 16)
certification standard. In other words, it checks the video recordings
made over the last 365 days that prove that doors were opened only
for authorized individuals. Inspectors refer to this measure as a “door
effectiveness” check.
Records from log files, card scanners, and duty rosters of the security
service are checked by the TÜV once annually according to ISO 27001.
Some of the items on the TÜV checklist include: how the security
service organizes its 24-hour surveillance; how access cards are
issued; and how the approval process is conducted.
9|P a g e