The Data Center: A Writer's Perspective (Part II)

Part II: The Heart of the Data Center

This is where all the servers are. My top-notch data center is built as a building within a building—both of them brick, several feet thick. The data center proper is on the bottom floor, below ground level. It would take a nearby nuclear detonation to harm the servers. After keying through another man-trap door system that separates the outer building from the inner one, you’re met by a technician who will show you to, and unlock, your company’s server rack.

Noise: The first thing you notice, upon entering, is the noise level. There are hundreds (or thousands) of servers and other equipment, all with humming power supplies and whirring fans, not to mention the whooshing of the air conditioning system. All of this combines into a constant white noise between 70 and 80 dB (a little quieter than a lawnmower [90 dB] but louder than a normal conversation [60 dB]). Contrary to what you might think, there is no beeping. Servers don’t beep as a matter of course, unless there is something very wrong.

Temperature: The next thing you notice is the temperature. Theoretically, it should be pretty cool (below 70°F) in a data center, but depending on the efficiency of the air-conditioning and the amount of equipment packed in there, it could get pretty warm.

The Plenum: The data center floor is generally one large room, although it could be subdivided into smaller spaces, and most contain caged-off areas for companies who rent multiple server cabinets. A server cabinet is a box (usually black), about 7 feet high, by 20 inches wide, by 2.5 feet deep. It has locking doors on the front and the back; usually these are perforated to allow air-flow. On the data center floor, server cabinets are arranged side-by-side in long rows. The effect is similar to a convenience store with narrow aisles and tall shelves.

The floor of most data centers is raised to allow for cables to run beneath. The floor is very solid, but consists of 2-foot-square steel or aluminum tiles (usually with a white linoleum surface coating). Any of the tiles can be lifted away by using a tool that looks like a handle attached to two suction cups. The plenum (the space between the raised floor and the sub-floor) is usually around three feet in height, though it could be as low as 1 foot. The larger the data center, the higher the raised flooring. (This is due to the fact that the chilled air is circulated in through the plenum.)

The plenum in a top-notch data center will be mostly empty (and clean). Cables will be run in neat chases, leaving plenty of room for the air to circulate (or someone to crawl around). I have seen a private data center, however, where it looked like someone dumped a giant’s pot of spaghetti down there.

Lower-end data centers might not have raised flooring. In this case, cables will be run in chases overhead.

The technicians who monitor everything work mainly in a Network Operation Center (NOC). This is a separate room—usually looking out onto the data center floor, with computers and monitors. It’s much quieter in there.

Now What?: If you’re there for legitimate purposes, you do your thing and then leave. Assuming a criminal gained entry into a data center and onto the floor, what could he do? Well, not much. First of all, there are (or should be) cameras covering the data center floor. Unless a big company is bringing in a lot of new equipment, there are generally less than three or four non-employees in the building at any given time. Guards or techs would notice someone in an area where no one is supposed to be. Remember, the lights never go out. It’s always someone’s workday in the data center.

The server cabinets are locked, and some are even surrounded by metal cages. Granted, the locks are not particularly secure, but, again, someone would notice a person trying to pick the lock of a server cabinet.

The best place a criminal could get would be into the plenum, beneath the raised floor. From here, they would have access to the entire data center. The bottoms of server cabinets are open. It is conceivable that someone could drill or cut up through the floor tile, and into a server cabinet. From there, they might be able to access network cables, network ports on servers and switches, or keyboard/monitor/mouse ports on servers. Generally, the equipment is in there pretty tight though, so access to anything but the bottom-most piece of equipment would be difficult at best. Also, don’t think about stealing equipment that way. Everything is screwed into vertical rails, and there’s no way to unscrew it without opening up the doors.

This ends our tour of the data center. To get out, please go to the lobby and return your keycard to the guard. He probably won’t be the same guard you checked in with, and he won’t ask for any ID.

If you have any questions, please wait until we’re off the datacenter floor, so we don’t have to shout.
***
Have your own data center experiences that differ from mine? Feel free to share.

The Data Center: A Writer's Perspective (Part I)

Part I: Getting In

My job as an IT (Information Technology) consultant affords me some unique opportunities. For instance, the other day, I had to go to a hosted data center to install some servers for a customer. I realized that the inside of a data center is something that most people may never see, so I thought I would give some description that might be useful to writers—or potential criminals. (Funny how the interests of those two segments of society often overlap.)

First of all, what is a data center? Fundamentally, it’s a big room, filled with servers. (If you’re asking at this point, “What is a server?” you probably aren’t going to write about a data center, and you can skip the rest of this article.)  In today’s online world, data centers are the physical repository of enormous amounts of very valuable data.

In a smaller company, the area where the server or servers are located is usually called a server room, and lacks much of the sophistication that makes a true data center. A large company may have one or more data centers within their office buildings; this is a private data center. Most data centers, however, hold more than one company’s servers. These are known as hosted data centers or co-location spaces. Data Centers (private or hosted) are also called server farms. Size-wise, they are measured in thousands of square feet.

A hosted data center is a facility where many different smaller organizations keep their servers. The hosting company provides (at a minimum) physical security, power, cooling, rack-space (more on that later), Internet connection, fire suppression, and physical access when necessary. The differences between hosted and private data centers are minimal, although specifics of each can vary widely. I will focus mostly on hosted data centers in this article, and I will compare one that is top-of-the-line with another that is less so.

External environment: Data Centers are generally located in industrial parks. They are often nondescript buildings with few windows. A top-notch data center will be isolated from other buildings (to prevent fire or flood in another office from spreading to the data center) and will be often isolated from its own parking lot (to prevent people from driving cars into the building in order to force entry). A less-secure data center may lease space in a larger building. The top-notch data center I visited the other day has a thirty-yard path from the parking lot to the main entrance, which snakes through a lovely patch of natural foliage. Another data center I know of simply has a couple of bollards outside the front door, which opens into the parking lot.

Gaining Entry (Through the Front Door): A very secure data center will have a single point of entry. The one with which I am familiar has a “man-trap” (air-lock style) double door system at the front. You enter through the first glass door into a small entryway. Through the second glass door, you can see the guard desk. A guard must buzz you in before you can enter the second door. (I presume the outer door must be closed before the inner one will open, but I’m not sure.) The guard desk is located in a lobby area, with comfortable chairs, fake flowers and marketing flyers. Without authorization, that’s as far as you can go. There isn’t even a bathroom in the lobby. There’s no way to get out of the guards’ sight other than to leave the building.

Behind the guard desk is a glass wall. Behind that, is a hallway that connects to the rest of the building. You get in only if you have been pre-authorized by a company that rents space in the data center. (The customer can do this through a secure Web site or by calling the data center support number.) You give the guard some ID (driver’s license) tell them which company you’re with, then fill out a form stating why you’re there (to install a server, perform maintenance, etc.). Once they confirm you are authorized to be there, they give you a credit-card-sized RFID badge and let you in the door.

If you’ve never been there before, someone may show you to the data center floor. Otherwise, you’re free to get there on your own. The top-notch data center where I have been has a kitchenette and restrooms down the hall from the main entrance. This is for the convenience of the employees and also for the customers and contractors, who may be there for many hours, on successive days. This is as good a place as any to mention that a data center operates 24x7. A contractor may need to get in at any time to replace a failed hard drive, or some other such task.

Lower-end data centers may have a less-formal entry procedure, and may rely on on-site technicians instead of guards to authorize entry.

Gaining Entry (Through the Back Door): Data Centers are full of big equipment (battery arrays, server cabinets, etc.) and none of it comes in through the front door. That’s why there is a loading dock. The top-notch data center I’m referencing has surprisingly lax security at the loading dock.

Obviously, one can drive right up to the loading dock, or it wouldn’t be of much use. Technically, anyone who enters through the loading dock is supposed to have signed in at the front desk, but, as long as one person goes in through the front, it wouldn’t be tough to have someone drive around and meet you at the back to help you unload. I’m pretty sure that the data center employees are supposed to stay in the loading dock area as long as anyone else is there, but there are no guards. Movement between the shipping area (just inside the loading dock) and the rest of the building is restricted by key card.

Employees: Before I move on to the heart of the data center, I would like to make a note about the employees. Hosted data centers are companies, just like any other. Single-site data centers (and private data centers) will have offices for marketing and sales and purchasing and all the other people who make a company run. Other data centers have multiple sites around the country or the world. These sites will typically have only guards and technicians. The guards have an extremely boring job. (I asked one.) Very little happens, other than the sporadic checking in of customers and employees. Since almost everything can be done remotely, customer visits are infrequent. The guards may or may not be armed. And, they may or may not be friendly.

The other employees are technicians. They are responsible for monitoring and responding to problems with temperature or Internet connections, or other services the data center provides. They will also act as “hot-hands” to physically reset a piece of equipment for a customer, so the customer doesn’t have to travel on-site just to power-cycle a switch. These guys are hard-core IT geeks. They are denizens of the data center—territorial and lacking in social skills. OK, not all of them, but most of the ones I’ve met are.

Stay tuned for Part II, The Heart of the Data Center.