Monday, October 23, 2017

What to look for when inspecting a data centre

by Paul Slocombe, senior manager of critical infrastructure at NaviSite

At their most basic level, data centres are where companies store their data (surprise) and IT infrastructure. But despite that common purpose, they can vary a great deal.

From the physical security layers and protocols in place, to the supporting infrastructure and redundancy available, what you should expect will differ from facility to facility.

However, there are certain things you should expect to see or be available from any data centre facility worth its salt.

Physical security

The physical security of data centres is about layers; it’s how many steps and hoops you have to jump through to get to your servers and racks.

Some data centres will have so few layers that you can walk up to the front door of the building before being stopped by anyone, while others rely entirely on remote monitoring and camera systems for authentication. For most, however, you should expect to see some form of physical perimeter security.

Most data centres’ first layer of security will be the checks needed to enter the premises in the first place. The core components here will be things like a physically gated area, some form of personal ID check (and yes, the ID you present will have to be valid) and you will have to have arranged your visit in advance and be on the books – as the purpose of the DC is to keep your IT systems running consistently and reliably, so we’re not massive fans of surprises.

Access control systems to the data halls are the next layer of a data centre’s security – and these can vary a lot depending on both the facility and businesses’ individual requirements.

They will also be what security auditors will review, test and request evidence against. Access control systems are made up of various types of authentication factors, and the more authentication factors which are in place, the more secure access should be.

The first factor authentication will usually be something along the lines of assigning unique cards to individuals (even visitor cards should be numbered and logged), and they will need to swipe that card to get through most doors in the facility.

Someone will also have the fun job of regularly reviewing the card swipe logs for any suspicious activity. Two- or three-factor authentication will usually add additional layers to the card swipe layer in order to accurately identify that it’s the right person accessing the data hall.

This can include biometric authentication – such as fingerprint, retinal or full palm scans – and PIN codes.

At the final physical security stage we have the actual server rack doors. Similar to data hall access, there can be several authentication stages such as biometric, pins or just standard locks on the door – though locks can also become more complex through things like “intelligent keys” that match profiles to give access to specific racks and can even set time limits on access.


Supporting Infrastructure

Your data centre wouldn’t really be worth much if it was prone to regular downtime. To avoid this, the provider will need to ensure there’s always electricity and connectivity to keep your systems up, running and online.

Today, most data centres will be built to Tier III level standards, but the key thing to look out for is that your data centre has no “single point of failure”.

Avoiding single points of failure means ensuring that the equipment and electrical infrastructure supporting your servers, switches and connectivity has some kind of redundancy built into it. For electrical infrastructure, this means that you should expect several back-up power sources should one, or even two, of these sources fail.

For most facilities, this will mean having two alternative power grids on-site, being fed from different power sources. Most of the time, the data centre will be getting powered by both feeds simultaneously but, should one fail, the other can continue to power the entire facility.

Should both power sources fail, however, high redundancy facilities should also have generators on-site that can power the whole facility with stored fuel for entire days if necessary – with refuelling contracts from two separate locations to stay online even longer.

While your team should be ready to turn on generators in under a minute, there will also need to be a UPS (or Uninterruptible Power Supply) that kicks in immediately to hold the load until generators are online – hopefully avoiding any downtime for customers.

Having multiple feeds also holds true for the telecoms carriers supplying the actual connection from your data centre to your offices and devices.

While most of the big carriers will likely be connected to the facility, it’ll be worth ensuring that they not only have multiple cable paths through the buildings and into the separate carrier demarcation rooms, but also that these paths actually have multiple entry points for their fibre cables.


Business needs

Like any good business decision though, knowing what your individual needs are is the most important aspect when inspecting a data centre. There are many security add-ons and redundancies that can be supplied, but not every option makes sense for every business.

It’s about looking at what is needed to maintain your business, evaluating what data is actually being stored in that facility and any relevant industry regulation requirements.

Keeping these factors in mind when evaluating the solutions on offer will let you view and evaluate your data centre needs more clearly, rather than being distracted by high tech features which may be interesting, but not necessarily relevant to your needs.