Cyber attacks on major corporations generate big news headlines, especially when they are successful. Threats to a data center from heat, humidity, water, or smoke aren't as flashy in terms of media coverage. They are, nonetheless just as real and, potentially, just as devastating. That's why you need a full array of environmental protections in and around your data center.
Any data center provider will affirm that they're required; and that all built-in protections fly under the radar until you really need them. To illustrate the point, on January 9, 2015 several news agencies covered a 3-alarm fire at a data center in Ashburn, Virginia. The massive building was under construction. The conflagration apparently had started on the roof. Fortunately, there were no injuries and firefighters were able to extinguish the blaze after about an hour.
This is Part 2 in a 3 Part series highlighting different protections inside and around a CenturyLink data center. This time we focus on the environmental safeguards that protect the facility, personnel, the infrastructure, and your data. If you missed Part 1 in the series, Data Center: Physical Security, you can find that topic right here.
Data Center Locations
We carefully choose the location of a data center to minimize the risk of potential environmental hazards such as flooding. Our buildings are nondescript and unmarked except for a street address. The facility is designed to present several false entrances, all of which are reinforced with vehicle barriers. The site layout is designed to prevent vehicles from having a running start for a ramming attack. In addition, the walls of the building are blast resistant with the entrance door, lobby, and guard booth equipped with ballistic protection.
Power Equipment and Power Cabling
We make sure that all power equipment and power cabling is protected against damage and destruction. Power cabling from the utility company enters the building through underground cables. Even here, there is redundancy built in. The data center receives power from one or more utilities through cables entering the facility at multiple locations. All power equipment and cabling, e.g., switching, Uninterrupted Power Supply (UPS), and battery rooms, are housed inside Restricted Access Areas.
Each data center has several generators with associated power cabling. These are protected by concrete and cinder block enclosures. The generators are located inside the Restricted Access Area of the facility and monitored by surveillance video 24x7. To protect power cables from damage, all are routed from the UPS room under the raised floor in the Restricted Access Area.
In the event of a disaster every data center has the capability of shutting off power to the system or to system components. Multiple Emergency Power Off (EPO) switches are installed throughout the facility per local fire and electrical codes. The switches are located at all exits to the raised floor space. The minimum specification is an alarmed, dual button EPO station that requires a person lifts the cover of each switch and presses both buttons simultaneously.
Each data center is equipped with a short-term, Uninterrupted Power Supply (UPS) in the event of loss of primary power. Mission-critical equipment and customer loads are fed by redundant UPS systems, each of which is configured with automatic bypass and manually operated fuel circuits.
Diesel engine generators at the facility provide long term power to critical equipment and customer loads. The generators are located in secure areas of the facility. Base tanks or “day tanks” provide up to 3,000 gallons of fuel storage. On-site fuel storage is sufficient for either 12 hours of design-load operation at a minimum, or as much fuel capacity as local authorities will allow. Generator backup capabilities also include a short-notice refueling contract for the diesel generators.
Each data center has automatic emergency lighting that activates in an outage or a disruption. That is to say, whenever backup power switches on. All lighting in the building is restored once the diesel generators are operational, after about 20 seconds.
Our data Centers have both fire detection and suppression systems which are powered by the data center and supported by battery backup until the generators start (about 20 seconds). All critical areas are protected by pre-action sprinkler systems, electronic fire alarm systems, and Very Early Smoke Detection Alert (VESDA) devices that detect smoke at the earliest stages of combustion. The system is augmented by heat detection and dry-pipe sprinkler systems. The fire detection system has a separate battery backup, in addition to the Data Center UPS and generator systems.
Each data center is divided into multiple fire detection zones. If smoke is detected in a single zone, data center personnel conduct an inspection of the zone. Alerts are simultaneously sent to the headquarter facility in St. Louis. If smoke is detected in two or more zones and excessive heat is detected in either of those zones, then the dry-pipe sprinkler system is charged with water. The only sprinkler heads that might activate are those in which the heat is detected to be sufficient to melt the heat valve. Any activation of the sprinkler system results in the automatic notification of the local fire department. We test these systems at least once a year.
Temperature and Humidity Protection
We design our buildings using American Society of Heating, Refrigerating, and Air-conditioning Engineers (ASHRAE) guidelines. The facilities are built on raised floors and have high-volume, zoned, temperature, and humidity control systems. Each data center has multiple air conditioning units for proper heat dissipation. In the event that one system fails, the other units are capable of assuming the full load to cool all equipment. Temperature is managed via an overhead and under floor zone-control system. Air temperature in a data center is controlled +/- 2 degrees by managing air flow in these zones. The cooling capacity is designed to be 125% of the rated load for the building.
Temperature and humidity levels are measured and monitored continuously. The temperature is maintained at 72° F, +/- 2 degrees. Each HVAC unit controls the humidity level at 45 % humidity, non-condensing. Adverse levels trigger alerts and appropriate staff are notified.
Water Damage Protection
The facility is protected from water damage through master shutoff valves. Master shutoff valves are always clearly marked and tested periodically. Each data center uses a dry-pipe fire sprinkler system. There are also water sensors under the raised floor and around the building perimeter with layout designs that route plumbing lines away from the raised floor space. Automatic electric leak detection and drip containment are also used for protection.
The cost of unplanned data center downtime is significant when considering the total cost of potential damage to enterprise data, equipment, lost revenue, productivity, legal and regulatory impact, or the diminishment of corporate brand and reputation in the marketplace. Risk reduction and mitigation shouldn't be an afterthought. A world-class cloud provider builds in an array of protections into the architectural design and structure of a data center. We've done that at CenturyLink.
Check out the Advance Security we have for protecting your enterprise systems and data. We offer industry leading Colocation Services as well. Better yet, start with your free trial of CenturyLink Cloud today. Look for Part 3 in the series. It covers data center protections for digital and non-digital media related to storage, transport, sanitization, and disposal.