Business continuity and Disaster Recovery Planning

Business continuity and Disaster recover are amongst the most unpleasant task of the business planning. They also offer some of the highest paybacks. Disaster planning is often neglected by the companies. It provides enormous business value and protects our assets. Too often when asked how they prepare for an emergency, companies will say that they backup their data every day. But, this is not enough. For example, it’s not uncommon for companies to back up their system and lock the backup tapes inside of fire retardant system. Fires are among the most common catastrophic disasters to affect businesses. But although these systems are fire proof, they won’t stop the backup tape from melting. In order to be effective, backups must be taken to an offsite location. Few statistics reveal that, 80% of the companies that suffer critical data loss will close their door within two years.

In addition to data protection, there are number of legal public relations, organizational and safety consideration which must be taken into account. In the chaos of an emergency, the broken window effect might come into play. Normally ethical employees might see an absence of authority and leadership as an opportunity for a fraud or theft. Every department in the company must contribute to the disaster plan. Disaster planning is a business issue, not an IT issue. IT department have the greatest insight into company-wide business process, so IT should be tasked with the disaster planning. But despite this a plan must be developed and implemented with top down support across all organizational departments. Without this insight and cross departmental participation, it is impossible to put together the proper plan.

The Disaster recovery plan stipulates, how a company will prepare for a disaster?  What the company response will be in the event of the disaster? And, What steps will it take to ensure that the operations will be restored? This plan must include many possible scenarios, since the causes of disaster can vary greatly. These can include things such as deliberate criminal activity, natural disaster such as fire, a stolen laptop, power outages, a terrorist attack, etc... There are hundreds of possible disaster scenarios and they vary based on cultural, geography and industry. It is also important that the disaster recovery plan be distributed across the organization so that everyone know the role within the plan.

The business continuity plan is a fairly new methodology that stipulates what steps a company must take to minimize the effects of service interruption. Back when companies were primarily paper-driven and information processing was done using batch processing, companies could tolerate a few days of downtime. But as technology became faster and cheaper, companies began computerizing more of their critical business activities. Companies needed to have systems in place that would minimize the impact of unplanned downtime. The first major event to demonstrate the importance of business continuity planning was the Y2K crisis. Since then, it’s been a standard function of corporate IT planning. One typical example of business continuity would be the electric generators used by hospitals to ensure that patients can still be cared for in the event of a power outage.

Reference: https://www.youtube.com/watch?v=qfjWhAmWYL8

ISO 27001

International Standard for Organization (ISO) 27001 is a management framework for protection of business – critical information. According to ISO 27001, Information security is defined as the preservation of Confidentiality, Integrity and Availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved. Confidentiality means, only the authorized person can access certain information. Integrity means, only the authorized person can change and add the information in a specified way. Availability means, the information has to be available to all the person who need them in the specified time.

Information Security Management System (ISMS) is a systematic approach to managing confidential or sensitive corporate information so that it remains secure. ISO 27001 is an ISMS standard that replaced BS77799-2:2002 in late 2005. It formally specifies an ISMS that is intended to bring information security under explicit management control. Also it is the best practice specification that helps businesses and organizations throughout the world. It adapts Plan-Do-Check-Act (PDCA) model.

Why should organization care about ISO 27001?

Reason 1: Compliance. ISO 27001 can bring in the methodology that enables organizations to comply in the most efficient way. Certification is often the quickest ‘Return on Investment’ – if an organization must comply to various regulations regarding data protection, privacy and IT governance (particularly it a financial, health or government organization).

Reason 2: Marketing Edge.  In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could be indeed a unique selling point, especially if you handle client sensitive information.

Reason 3: Lowering the expenses. Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruption in service, or occasional data leakage, or disappointed employees or disappointed former employees.

Reason 4: Putting your business in order. ISO 27001 is particularly good in sorting out those thorny management system issues -  it forces you to define very precisely both the responsibilities and duties, and therefore strengthen your internal organization.

Reference: https://www.youtube.com/watch?v=eN5MtSq89Hs

Data Center Construction Costs

When considering the expenses of building and the ongoing management of a data center, you can usually bank on about sixty to eighty percent of your investment going to:

• Telecommunications cabling and systems
• Ventilation and cooling systems
• Electrical cabling and related equipment
• Electronic security systems

There are some critical data center construction costs which take a back seat in the minds of many data center executives during the design and planning phases leading up to breaking ground for construction.

Here are six significant capital costs you should consider when preparing your data center business plan.

1. Structural Elements: Just like the human body needs to have air, blood circulation, and a nervous system, it wouldn’t function without skeletal structure. The overall weight of servers, racks, cooling ducts, and cabling in a data center needs strong “bones” to support the load, with minimal impact on available space. The raised flooring, walls, and high ceilings of well-designed facilities need to be built to withstand earthquakes and extreme weather such as hurricanes or tornadoes. Using columns, beams, and other framing materials which don’t just meet, but exceed standards will protect your investment, and possibly reduce insurance costs or provide you with opportunities to win the trust of prospective clients.
2. Office Space for Clients Working Onsite: Your clients will often need to set up a temporary work space while getting their gear installed and tested. Providing conference rooms or desk space for development and testing and other amenities for clients when they come onsite is often forgotten, but an important value add. These facilities can also serve your own needs, when hosting data center tours, interviewing personnel, and having planning meetings for on-boarding new customers.
3. Modular, Adaptable Racking: Server hardware refreshes, upgrades, and expansions can occur frequently in a successful data center. Installing server racks and surrounding walls which can adapt to changing client needs can be another value-added service to differentiate your data center from your competition. Scalability to provide higher tiers of service, ranging from co location to managed, and fully managed Network Operating Center (NOC) monitored services, requires a facility which can be configured in multiple different ways. Racks which can be expanded and clustered, to adapt to changing capacity requirements is important.
4. A Strong Foundation: Just like structural elements, the concrete foundation which supports a data center is vital. For purposes of load bearing, lessening the impact of earthquakes, and providing opportunities for raised floors for cabling are elements of construction which should be considered early in the design process.
5. Fire Detection and Suppression Equipment: With all the electrical systems which power a data center and the backup systems, should primary systems fail, wet and dry fire suppression equipment needs to be widely available. Smoke and fire detection systems need to alert both onsite staff as well as local first responders to prevent extensive damage.
6. Site Logistics Costs: Where a data center is located relative to local airports, shipping routes, telecommunications infrastructure, and power lines are all considerations outside of a data center proper. Should you need to arrange for significant new cabling and the excavation costs to go with it, you could need to significantly adjust your construction budget.

Data Center Virtualization and Standardization

The demand for IT services continuous to rise, while IT budget remains flat. This makes it increasingly difficult to manage the growth especially with the complex IT infrastructure. Maintenance and Management increases the total cost of ownership, because the applications cannot scale easily when built on isolated resources. Data Center standardization, consolidation and virtualization is the key to breaking down the capital expenditure, eliminating inefficiencies and meeting increasing growth demands. At every level of the data center from compute, to storage and to networking there is need for rapidly provisioned on demand capacity that is reliable, highly available and highly scalable so that IT can deliver virtualization economics across the entire data center.

            Server virtualization allows physical servers to be partitioned into multiple virtual servers. Each virtual servers runs its own operating system and applications. Server virtualization facilitates management, improves scalability and reduces capital expense by reducing the number of physical servers in the data center. Virtual server growth has led to an increase storage and network demands. To maintain, we have to use the proven principles of abstraction, pooling and automation can be applied to standardize the storage and network layers. With software defined storage, physical storage is decoupled from virtual workloads. Storage resources are then abstracted to enable pooling, replication and on demand distribution for higher availability. The result is a storage layer which is standardized, aggregated, flexible, efficient and scalable. With software defined networking, the logical network is decoupled from the physical network topology. This allows IT to treat the physical network as a pool of transport capacity that can be consumed and refurbished on demand. As we move into the mobile cloud era, same tools and process use to virtualize and consolidate you’re on premise data center can be used to facilitate your move to the hybrid cloud. In the hybrid cloud architecture services from multiple heterogeneous provider can seamlessly be managed as a part of single virtual cloud.

            

             Managing future growth while reducing cost and complexity is no longer impossible. Data center virtualization and consolidation helps your IT team reduce capital expenditure and eliminate inefficiencies on route to meeting increasing growth demands and delivering virtualization economics across the data center. And ultimately expanding to the hybrid cloud will lead to new services and business innovation.

Data Center Security

Our first key challenge is risk management which can be addressed with the layered physical security approach. Thereat to the data center can be of many forms, like third part contractors or employees who may have access to inflict unintended or intended damage. Deploying a layered security strategy can provide you feasibility to deter, detect or detain at every layer of your data center security producing the risk of breach. There are six layers of security. They are,

• LAYER 1 – Perimeter Defense: The site perimeter is not just the border; it is the first layer of data center protection. Measure used to fortify perimeter security include Video Surveillance, fence, limited entry points with access control, physical security barriers such as anti-ram fencing gates and guard station with security personnel these are all decided to deter the intruders. Car trap and security personnel can delay the intruders.
• LAYER 2 – Clear Zone: The second layer of the security addresses the space between the perimeter and the building exterior. These area is monitored by intrusion detection sensors and video surveillance to identify breaches.
• LAYER 3 – Facility Facade/Reception Area: The third layer is the highest level of perimeter security. We have the opportunity to prevent the unauthorized access into the facility.
• LAYER 4 – Hallway/Escorted Area/ Gray Space: The fourth layer of the security, validates access rights of authorized individuals into specific environments such as the data hall, network operation center, power and cooling facility areas.
• LAYER 5 – Data Center Room: As you enter the data hall the fifth layer of security is the selective profile of authorized staff, contractors and visitors.
• LAYER 6 – Data Center Cabinet: The sixth layer of security provides the controlled access and accountability directly at the equipment location. The interoperability of these six layers mitigates your risk of an effective and efficient protection of the facilities critical data.

Attacks can also come outside in. And today the most popular attacks are the ones that target web applications. Hackers know that the web apps are full of vulnerabilities and can lead to very profitable exploitation. And another popular data center attacks strategy is Distributed Denial of Service (DDoS), where the attacker generates massive amounts of traffic to overwhelm and paralyze your systems. Also another common attack is AppDos attacks which targets specific application. These types of attacks can be prevented by the effective use of firewalls. Also there are different use case for firewall technology. In campus branch the next gen firewall will be deployed. Intrusion Prevention System (IPS) which relies on repeating and other intelligent data source, to provide additional defense. And there is an Application visibility control where we can see and control the internet apps and content the employees are accessing. And finally, there is an active directory integration where the identities can be managed and controlled.

Power Usage Effectiveness (PUE)

PUE is an acronym from Power Usage Effectiveness. It is the measurement of the energy efficiency of data centers physical infrastructure such as the power and cooling equipment. PUE is not a measure of how efficient the IT equipment is, rather it is the metric to quantify the overhead power that is consumed in supporting the IT equipment. According to the recent study, USA data center energy consumption is 2% of total USA energy consumption. This is equivalent to the energy consumption of 7 million households.

The formula to calculate PUE is, take all the energy or power that is used to operate the data center and divided by the amount of energy consumed by the IT equipment’s like servers, network switches and storage devices.

For example, let’s consider this 2N redundant data center. 47 percent of the electrical power entering the facility actually powers the IT load and the rest is consumed or converted to heat by the power, cooling and lighting equipment. This include devices like UPS, transformers, generators, chillers, pumps, fans, etc.… Let’s consider the total data center power consumed is 1000 kw and 470 kw is by the IT load. So the PUE of this data center is 2.13.

The theoretical best PUE that can be achieved is 1. That is, every watt consumed by the data center is consumed directly by the IT equipment. If the PUE is 3 or more, then the data center is considered as in efficient. According to the Uptime Institute Data center survey, the average PUE is between 1.8 and 1.9.

Few ways to lower the PUE level.

• First step is to know the PUE of your data center. If it is not determined, then have the energy assessment performed by the data center specialist. They can also provide the specific recommended improvements that often pay the cost of the assessment within a year. In many data center, the cooling systems uses more power than the IT equipment’s. So the improvements to cooling will generally have the biggest impact on the PUE in overall energy saving.
• Keep hot air and cold air from mixing. Since this mixing makes the cooling system very inefficient. So make use of containment solution like hot aisle or cold aisle containment or vertical docks which are very effective in separating the hot or cold air streams.
• Raise the temperature set point in the data center. The new ASHRAE guideline recommend rack temperature can be as high as 80°F or 27°C.
• Finally, calculate and manage PUE on a constant basis. This can be done by installing the meters and monitoring software.

     Reference: https://www.youtube.com/watch?v=BiglstCxGDI

Selecting a Rack PDU

In this blog, we shall discuss about the configuration option and what rack PDUs are best for your data center. While deploying PDUs we have to consider the following things, What kind of power do you have? How much power do you need? How much power do you draw? What plug types do you have? How much room do you need for the future? What do you need for the future? Will you add more devices to the rack? Will you need more power in the future? In many companies some of these answers to these question will come from Facilities group, while the other answers come from IT group.

In order to calculate the power which is being used by our server and storage devices, we can add the AMP drawn of all the equipment’s that has been plugged to the PDUs. The amp drawn information can also be gathered by several ways. The equipment manufacturer provides the ‘Name Plate’ or ‘Face Plate’ power ratings. These power ratings are often calculated for the worst case scenarios. Most manufacture offer power sizing tool or capacity planning tool to calculate the power used. Intelligent rack PDUs that monitors power consumption of the server can be a valuable source for calculating the amps drawn by new servers. Power monitoring can be done on whole PDU level, individual outlet or groups of outlet.

      

     Few rack PDUs allow remote power management for monitoring the usage of power. Power outlet cycling is ideal for data center without 24 hours’ staff coverage or devices deployed in remote locations. The ability to schedule power off in an outlet allows to easily enforce IT power policies such as switching off all non-production servers after 6 PM.

     Some intelligent rack PDUs also perform environmental monitoring. With temperature and humidity monitoring, we can identify hot and cold spots in data center or within the rack. By identifying the cold spots where over cooling is taking place, we can increase the temperature on our Computer Room Air Conditioner (CRAC) units. If the space is available in the rack, then we can also add additional servers to that rack. By locating the hot zones in our data center, we can identify the cooling needs that prevent the downtime and damage to our equipment. We can receive alerts by having sensors all over the colocation floor.

     

     Over Cooling and Over Provisioning of the data center will lead to the increase in the operational cost and its harmful to the environment. With rise in cooling and power cost, the ability to monitor and control your power usage helps to promote a cost effective and greener data center.