CALL FOR INFORMATION +44 (0) 1509 261100

Threat Management in the Datacentre

The Data Centre of today is governed by regulation, such as Sarbanes-Oxley for security and numerous referring to cooling demands, it is inevitable that closer monitoring of the physical environment of the Data Centre is essential. Traditional and well understood methodologies often fall short of complete management requirements by overlooking certain monitoring points. on365 are uniquely positioned to offer guidance on the class of threats, to suggest tactics for monitoring and provide best practice in ensuring minimum downtime.

An ever increasing power density aligned with dynamic power variations are the two major concerns fuelling change in the monitoring techniques deployed in IT environments. Blade servers have tremendously increased power densities and dramatically changed the power and cooling dynamics of the surrounding environments. Power management technologies have pushed the ability of servers and communication equipment to vary power draw (and therefore heat dissipation) based on computational load. Monitoring of equipment is not enough – the surrounding environment must be viewed holistically and watched proactively for threats and intrusions. Threats could include excessive server intake temperatures, fluid leaks or unauthorised human intrusion.

on365 specialise in addressing a particular set of threats that demand proactive and expert design at the implementation stage to defend against them. These particular threats are often referred to as Distributed Physical Threats. Of course we also bring significant expertise to planning and managing Data Centre defence against Digital Threats (hackers, viruses, bottlenecks, malware etc) but this does not generally cover human error, atmospheric challenges, fire, leaks or pwer/cooling related issues.  

Certain physical threats in the Data Centre do not have a predetermined or widely available monitoring solution and therefore require carefull planning, an example would be Data Centre humidity whereby specific monitoring devices need to be positioned, with the fact that high humidity could be found anywhere, as a consideration.

Common Distriubuted Physical Threats

Air temperature
Room, rack, and equipment air temperature fluctuation threatens Equipment failure and reduced equipment life span. Temperature sensors are the solution to this problem.

Humidity
Room and rack relative humidity must be monitored to guard eagainst device failure from static electricity buildup at low humidity points and condensation ingress at higher humidity points. On365 have a range of humidity sensors to combat this issue.

Liquid leaks
Water or coolant leaks lead to, at minimum, damage to floors and cabling and can lead to catastrophic device failure. Sufficient and well placed leak sensors are essential.

Human error and unauthorised access
Whether intentional or accidental, mistakes or wrongdoing by employees inevitably lead to downtime and possible equipment failure. A selection of digital video monitoring, motion sensing and forced entry alert devices can equip you to guard against these threats.  

Smoke / Fire
Electrical or material fires naturally lead to equipment loss, total loss of assets and considerable business downtime. on365 recommend supplemental smoke detection devices.

Airborne  contaminants
Airborne chemicals such as hydrogen from batteries or even just excessive dust particles in the atmosphere present a dangerous threat for personnel an equipment. Combat increased static and clogged fans and filters with chemical (hydrogen) and dust sensors.

How and where to use sensors
Various types of sensors can be used to provide early warning of trouble from the threats described above. While the specific type and number of sensors may vary depending upon budget, threat risk, and the business cost of a breach, there is a minimum essential set of sensors that makes sense for most Data Centres.

Temperature sensors
Normally located on the rack, at the top, middle, and bottom of the front door to monitor inlet temperature of devices in rack or other open rack environments. Temperature monitoring should always be as close as possible to equipment inlets

Humidity sensors
Situate one per cold aisle, at the front of a rack in the middle of the row. Since air conditioning units provide humidity readings, location of row-based humidity sensors may need to be adjusted if too close.

Rope leak sensors
Spot leak sensors placed around each air conditioning system, cooling distribution unit and under raised floors. Must include spot leak sensors for monitoring fluid overflows in drip pans.  

Digital video cameras
Strategically placed according to Data Centre layout covering entry / exit points and a good view of all hot and cold aisles; ensure complete required field of view is covered. Most commonly associated with monitoring and recording of normal access as well as unauthorised or afterhours access with video surveillance software.

Room switches
Place an electronic switch at every entry door to provide audit trail of room access, and to limit access to specific people at specific times. Such a system should integrate room switches with a communications interface for maximum effectiveness.  

Supplemental smoke sensors
on365 always recommend “very early smoke detection" (VESD) to provide advanced warning of problems in highly critical areas. When rack-level supplemental smoke detection exceeds budget, placing VESD on the input of each air conditioning device provides some degree of early warning

Chemical / hydrogen sensors
When VRLA batteries are located in the Data Centre, it is not necessary to place hydrogen sensors in the room because they do not release hydrogen in normal operation (as wet cell batteries do). Wet cell batteries in a separate battery room are subject to special code requirements

Motion sensors
Used when budget constraints don’t allow for digital camera installation, which is  best practice. Motion sensors are a lower cost alternative to digital video cameras for monitoring human activity

Rack switches
Placement of electronic switches on the front and rear door of every rack to provide audit trail of access and to limit critical equipment access to specific people at specific times. Integration of rack switches into the facility system and communication interface is advised.  

Vibration sensors
Situated in high traffic data centers, a vibration sensor in each rack detects unauthorized installation or removal of critical equipment. Vibration sensors in each rack can also be used to sense when people move the entire rack.

Glass-break sensors
Deployment of glass-break sensors, especially in unison with video surveillance cameras is a recommendation.  

Aggregating Sensor Data
With the sensors selected and placed, the next step is the collection and analysis of the data received by the sensors. Rather than send all sensor data directly to a central collection point, it is usually better to have aggregation points distributed throughout the Data Centre, with alert and notification capabilities at each aggregation point.

Taking Action
Sensors supply the raw data, but equally important is the interpretation of this data to perform alerting, notification, and correction. As monitoring strategies become more sophisticated, and sensors proliferate throughout the well-monitored Data Centre, “intelligent” processing of this potentially large amount of data is critical. Action is taken in one of three ways:

  • Alerting on out-of-bounds conditions that could threaten specific devices, racks, or the Data Centre as a whole.
  • Automatic action based on specified alerts and thresholds.
  • Analysis and reporting to facilitate improvements, optimization, and fault / failure Measurements

Design Method
While the specification and design of a threat monitoring system may appear complex, the process can be automated with Data Centre design tools provided by on365.

Conclusion
Safeguarding against distributed physical threats is crucial to a comprehensive security strategy. While the placement and methodology of sensing equipment requires assessment, decision, and design, best practices and design tools are available to assist in effective sensor deployment. In addition to proper type, location, and number of sensors, software systems must also be in place to manage the collected data and provide logging, trend analysis, intelligent alert notifications, and automated corrective action where possible.

OUR PARTNERS

  • Uniflair
  • Pelco
  • Schneider Electric Partner
  • Hubbell Partner
  • Enlogic Partner
  • Chatswoth partner
  • APC Partner