MBA management

Data Center topics:

DATA CENTRE STANDARDS


It describes the requirements for the data center infrastructure. The simplest is a Tier 1 data center, which is basically a computer room, following basic guidelines for the installation of computer systems. The most stringent level is a Tier 4 data center, which is designed to host mission critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access control methods. Another consideration is the placement of the data center in a subterranean context, for data security as well as environmental considerations such as cooling requirements.

A data center can occupy on room of a building, on or more floors, or an entire building. Most of the requirement is often in the form of servers mounted in 19 inch rack cabinets, which are usually placed in single rows forming corridors between them. This allows people access to the front and rear of each cabinet. Servers differ greatly in size from 1U servers to large freestanding storage silos which occupy many tiles on the floor. Some equipment such as mainframe computers and storage devices are often as big as the racks themselves, and are placed alongside them. Very large data centers may use shipping containers packed with 1,000 or more servers each; when repairs or upgrades are needed , whole containers are replaced (rather than repairing individual servers). Local building codes may govern the minimum ceiling heights.

Physical Environment of data Centre


The physical environment of a data center is rigorously controlled:

• Air conditioning is used to control the temperature and humidity in the data center. Thermal Guidelines for Data Processing environments recommend a temperature range of 20-25°C ( 68-75°F) and humidity range of 40-55 % with a maximum dew point of 17 0C as optimal for data center conditions. The electrical power used heats the air in the data center. Unless the hat is removed , the ambient temperature will rise, resulting in electronic equipment malfunction. By controlling the air temperature will rise , resulting in electronic equipment malfunction. By controlling the air temperature, the server components at the board level are kept within the manufacture‘s specified temperature / humidity range. Air conditioning systems help control humidity by cooling the return space air below the dew point. Too much humidity and water may begin to condense on internal components. In case of a dry atmosphere, ancillary humidification systems may add water vapor if the humidity is too low, which can result in static electricity discharge problems which may damage components, Subterranean data centers may keep computer equipment cool while expending less energy than conventional designs.

• Modern data centers try to use economizer cooling, where they use outside air to keep the data center cool. Washington State now has a few data centers that cool all of the servers using outside air 11 months out of the year. They do not use chillers/ air conditioners , which creates potential energy saving in the millions.

• Backup power consists of one or more uninterruptible power supplies and/or diesel generators.

• To prevent single points of failure, all elements of the electrical systems, including backup system, are typically fully duplicated and critical servers are connected to both the “A- side” and “B-side” power feeds. This arrangement is often made to achieve N+1 Redundancy in the systems. Static switches are sometimes used to ensure instantaneous switchover from one supply to the other in the event of a power failure.

• Data centers typically have raised flooring made up of 60 cm (2 ft.) removable square tiles. The trend is towards 80-100 cm (31.5- 30.4 in) void to cater for better and uniform air distribution. These provide a plenum for air to circulate below the floor, as part of the air conditioning system provide a plenum for air to circulate below the floor, as part of the air conditioning system, as well as providing space for power cabling. Data cabling is typically routed through overhead cable trays in modern data centers. But some are still recommending under raised floor cabling for security reasons and to consider the addition of cooling systems above the racks in case this enhancement is necessary . Smaller/ less expensive data centers without raised flooring may use anti-static tiles for a flooring surface. Computer cabinets are often organized into a hot aisle arrangement to maximize airflow efficiency.

• Data centers feature fire protection systems, including passive and active design elements, as well as implementation of fire prevention operations. Smoke detectors are usually installed to provide early warning of a development of flame. This allows investigation, interruption of power and manual fire suppression using hand held fire extinguishers before the fire grows to a large size. A fire sprinkler system is often provided to control a full scale fire if it develops. Fire sprinklers require 18” of clearance (free of cable trays, etc.) below the sprinklers. Clean agent fire suppression gaseous systems are sometimes installed to suppress a fire earlier than the fire sprinkler system. Passive fire protection elements can be created include the installation of fire walls around the data center, so a fire can be restricted to a portion of the facility for a limited time in the event of the failure of the active fire protection systems, or if they are not installed.

• Physical security also plays a large role with data centers. Physical access to the site is usually restricted to selected personnel with controls including bollards and mantraps. Video camera surveillance and permanent security guards are almost always present if the data center is large or contains sensitive information on any of the systems within.

COMMUNICATION STRUCTURE IN DATA CENTRE


Communications in data centers today are often based on networks running to IP protocol suite. Data centers contain a set of routers and switches that transport traffic between the servers and to the outside world. Redundancy of the Internet connection is often provided by using two or more upstream service providers. Some of the servers at the data center are used for running the basic Internet and intranet services needed by internal users in the organization, e.g., e-mail servers, proxy servers and DNS servers.

Network security elements are also usually deployed; firewalls, VPN gateways, intrusion detection system etc. Also common are monitoring systems for the network and some of the applications. Additional off site monitoring systems are also typical, in case of a failure of communications inside the data center.

The main purpose of a data center is running the applications that handle the core business and operational data of the organization. Such systems may be proprietary and developed internally by the organization or bought from enterprise software venders. Such common applications are ERP and CRM systems.

A data centers may be concerned with just operations architecture or it may provide other services as well. Often these applications will be composed of multiple hosts, each running a single component. Common components of such applications are databases, file servers, application servers, middleware, and various others.

Data centers are also used for offsite backups. Companies may subscribe to backup services provided by a data center. This is often used in conjunction with backup tapes. Backups can be taken of servers locally on to taps, however tapes stored on site pose a security threat and are also susceptible to fire and flooding. Larger companies may also send their backups off site for added security. This can be done by backing up to a data center. Encrypted backups can be sent over the Internet to another data center where they can be stored securely.

For disaster recovery, several large hardware vendors have developed mobile solutions that can be installed and made operational in very short time. Vendors such as CISCO Systems, Sun Microsystems, IBM and HP have developed systems that could be used for this purpose.

Server Room


A server room is a room that houses mainly computer servers. In information technology circles, the term is generally used for smaller arrangements of servers; larger groups of servers are housed in data centers. Server room usually contain headless computers connected remotely via KVM switch, SSH, VNC, or remote desktop.

Cable Management


Cable Management Solutions of Data Center Now delivers high quality Overhead, Under Access Floor, Cheap Cables, Cheap Data Cabinets, Ample Rack space with functionality of quick installable cables.

Under Access Floor


Data Center now is pleased to announce that our full line of hand bendable cable trays are now available in stainless steel for use in food service , pharmaceutical , marine, oil/ gas platforms, tunnel, factories and outdoor applications. Snake Tray’s hand bendable feature requires no fabrication ( no cutting) of turns to go over, under or around building obstacles. Snake Tray comes with its own built in mounting system for easy attachment under floors, on walls and overhead. Snake Tray stacks together for low cost shipping and easy onsite material handling.

Data Center Security


Protection of Data Centre is an important function. Data should be protected and should secured against all disasters. Mistakes made at the operations security phase can completely undermine the application’s security. But the converse also is true: improvements made in operations security can very much enhance the overall security of the environment. Start by protecting the application and its data and proceed all the way through the operational aspects of effectively responding to security events.

Starting down at the network level, the key principles are compartmentalization and access control. Here’s where most data centers generally do am pretty good job already but it’s likely that you can still find plenty of room for improvement. For example, consider further separating your applications on isolated network segments ( or VLANs) and tightly configuring the network components to enforce thee network- level policies concerning which network services are permitted both in and out of each segment.

Another high-value, low- cost tip to provide a separate network segment for administrative traffic, such as system monitoring actual system administration tasks and event logging. This benefits both the performance of the production data segments, as well as the security of the environment, since administrative traffic is kept isolated from production, requiring an intruder to break through another layer of protection before he can compromise your application.

High quality event logging and monitoring is the lifeblood of incident response operations. Many organizations have implemented pretty good event logging at the network and operating system level ,but very rarely at the application level. There are opportunities here, as well as to enhance the overall security of the application for relatively little money. The reason it’s so important to log events all the way up to the application level is because, to the incident response analyst, each layer of logging brings its own perspective on a security event and a full complement of those perspectives is necessary to really understand what took place at the time of an attack.

Building a Data Center Security Architecture


Data Center architecture has been changing quite dramatically over the past few years. In many data centers, organic growth had left them broken up into application silos. The standard three-tier architecture was copied for each application leading to a fairly hierarchical network. In this architecture, some core security services, such as firewalls and intrusion prevention were concentrated at the root of the network tree, closest to the ingress routers.

This is not unique to security; it is also sing similar consolidation in many other network or application services. Optimization devices, caching, load balancing, application gateways, XML gateway and security appliances are often bundled into one “services subnet” that makes the services available to any application in the data center. The strongest driver for this architectural change is the corresponding changes in application architecture. As applications are consolidated and virtualized they often reside in a pool of servers and can be rapidly provisioned anywhere in that pool.

Another interesting possibility is the consolidation of passive monitoring systems. Plenty of different passive monitoring systems are scattered around data centers. Whether monitoring performance, network parameters, net flow, security events or applications, these passive devices are competing for limited span ports. Network switches at certain critical intersections in the network quickly run out of span ports or struggle to provide copies of wire-speed traffic to number of monitor devices. This is likely then to be the next point of architectural consolidation. Alongside thee active appliance subnet architecture; companies can build a dedicated monitoring architecture that consolidates all the passive appliances in a single location.

BUSINESS CONTINUITY


In today’s always-on business world, fast and continuous access to applications and data is essential for success and as a result, business continuity has become an integral part of the business and IT lexicon. This Solution Brief offers you a basic understanding of what is involved in implementing a business continuity solution for your organization and what the return on investment can be. It will help you understand the software and services available to simplify disaster recovery , minimize downtime, speed recovery and protect your information assets while maximizing the use of resources and personnel.

An access control system is a system which enables an authority to control access to areas and resources in a given physical facility or computer- based information system. An access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure.

Access control is, in reality, an everyday phenomenon. A lock on a car door is essentially a form of access control. A PIN on an ATM system at a bank is another means of access control. Bouncers standing in front of a night club is perhaps a more primitive mode of access control is of prime importance when persons seek to secure important, confidential, or sensitive information and equipment.

Item control or electronic key management is an area within (and possibly integrated with) an access control system which concerns the managing of possession and location of small assets or physical (mechanical) keys.

Physical access by a person may be allowed depending on payment, authorization, etc. Also there may be one-way traffic of people. The can be enforced by personnel such as a border guard, a doorman, a ticket checker, etc., or with a device such as a turnstile. There may be fences to avoid circumventing this access control. An alternative of access control in the strict sense (physically controlling access itself) is a system of checking authorized presence, see e.g., Ticket controller (transportation). A variant is exit control, e.g., of a shop (checkout) or a country.

In physical security, the term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through technological means such as access control systems like the Access control vestibule. Within these environments, physical key management may also be employed as a means of further managing and monitoring access to mechanically keyed areas or access to certain small assets.

Physical access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter and when they are allowed to enter or exit. Historically this was partially accomplished through keys and locks. When a door is locked only someone with a key can enter through the door depending on how the lock is configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or the key holder is no longer authorized to use the protected area, the locks must be re-keyed.

Electronic access control uses computers to solve the limitations of mechanical locks and keys. A wide range of credentials can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is refused, the door remains locked and the attempted access is recorded. The system will also monitor the door and alarm if the door is forced open or held open too long after being unlocked.

Access control system operation


When a credential is presented to a reader, the reader sends the credential’s information , usually a number, to a control panel, a highly reliable processor. The control panel compares the credential’s number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door. The control panel also ignores a door open signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted.

The above description illustrates a single factor transaction. Credentials can be passed around , thus subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. To prevent this, two-factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted. The second factor can be a PIN , a second credential, operator intervention, or a biometric input. Often the factors are characterized as:

• Something you have, such as an access badge or pass card.
• Something you know, e.g. a PIN , or password.
• Something you are, typically a biometric input.

Credential


A credential is a physical/tangible object, a piece of knowledge, or a facet of a person’s physical being, that enables an individual access to a given physical facility or computer- based information system. Typically, credentials can be something you know ( such as number or PIN), something you have ( such as an access badge), something you are ( such as a biometric feature) or some combination of these items. The typical credential is an access card, key fob, or other key. There are many card technologies including magnetic stripe, bar code, Wiegand, 125 kHz proximity, 26 bit card- swipe, contact smart cards and attach to a key ring. Typical biometric technologies include fingerprint, facial recognition, iris recognition, retinal scan, voice and hand geometry.

Credentials for an access control system are typically held within a database, which stores access credentials for all staff members of a given firm or organization. Assigning access control credentials can be derived from the basic tenet of access control, i.e. who has access to a given area, why the person should have access to the given area and where given persons should have access to. As an example, in a given firm, senior management figures may need general access to all areas of an organization. ICT staff may need primary access to computer software, hardware and general computer- based information systems. Janitors and maintenance staff may need chief access to service areas, cleaning closets, electrical and heating apparatus, etc.

Access control system components


An access control point, can be a door, turnstile , parking gate, elevator or other physical barrier where granting access can be electrically controlled. Typically the access point is a door. An electronic access control door can contain several elements. At its most basic there is a stand- alone electric lock. The lock is unlocked by an operator with a switch. To automate this , operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader or it could be a biometric reader Readers do not usually make an access decision but send a card number to an access control panel that verifies the number against an access list. To monitor the door position a magnetic door switch is used on the opposite side of the door. In cases where exit devices can be a pushbutton or a motion detector. When the button is pushed or the motion detector detects motion at the door , the door alarm is temporarily ignored while the door is opened. Existing a door without having to electrically unlock the door is called mechanical free egress. This is an important safety feature. In cases where the lock must be electrically unlocked on exit, the request –to-exit device also unlocks the door.

Access Control Topology


Typical access control door wiring

Access control door wiring when using intelligent readers

Access control decisions are made by comparing the credential to an access list. This lookup can be done by a host or server, by an access control panel, or by a reader. The development of access control systems has seen a steady push of the lookup out from a central host to the edge of the system, or thee reader. The predominate topology circa 2009 is hub spoke with a control panel as the hub and the readers as the spokes. The look up and control functions are by the control panel. The spokes communicate through a serial connection; usually RS485. Some manufacturers are pushing the decision making to the edge by placing a controller at the door. The controllers are IP enabled and connect to a host and database using standard networks.

Types of Readers
Access control readers may be classified by functions they are able to perform:

• Basic (non-intelligent) readers: Simply read card number or PIN and forward it to a control panel. In case of biometric identification, such readers output ID number of a user. Typically Wiegand protocol is used for transmitting data to the control panel, but other options such as RS-232, RS-485 and Clock/ Data are not uncommon. This is the most popular type of access control readers. Examples of such readers are RF Tiny by RFLOGICS, ProxPoint by HID, and P 300 by Farpointe Data.

• Semi–intelligent readers: Have all inputs and outputs necessary to control door hardware (lock, door contact, exit button), but do not make any access decisions. When a user presents a card or enters PIN, the readers sends information to the main controller and waits for its response. If the connection to the main controller is interrupted, such readers stop working or function in a degrade mode. Usually semi-intelligent readers are connected to a control panel via an RS- 485 bus. Examples of such readers are InfoProx Lite IPL 200 by CEM Systems and AP- 510 by Apollo.

• Intelligent readers : Have all inputs and outputs necessary to control door hardware , they also have memory and processing power necessary to make access decisions independently. Same as semi-intelligent reader they are connected to a control panel via an RS-485 bus, The control panel sends configuration updates and retrieves events from thee readers. Examples of such readers could be InfoProx IPO 200 by CEM Systems and AP-500 by Apollo. There is also a new generation of intelligent readers referred to as “ IP readers”. Systems with IP readers usually do not have traditional control panels and readers communicate directly to PC that acts as a host. Examples of such readers are Power Net IP Reader by Isonas Security Systems, ID08 by Solus has the built in web service to make it user friendly, Edge ER40 reader by HID Global, LogLock and UNiLOCK by ASPiSYS Ltd, and BioEntry Plus reader by Suprema Inc.

ACCESS CONTROL SYSTEM TOPOLOGIES


Access control system using serial controllers.

1. Serial controllers. Controllers are connected to a host PC via a serial RS- 485 communication line ( or via 20 m A current loop in some older systems). External RS-232/ 485 converters or internal RS- 485 cards have to be installed as standard PC s do not have RS- 485 communication ports. In larger systems multi- port serial IO boards are used, Digi International being one of most popular options.

Advantages:
• RS – 485 standard allows long cable runs, up to 4000 feet (1200m).

• Relatively short response time. The maximum number of devices on an RS-485 line is limited to 32, which means that the host can frequently request status updates from each device and display events almost in real time.

• High reliability and security as the communication line is not shared with any other systems.

Disadvantages:
• RS- 485 does not allow star- type wiring unless splitters are used.

• RS- 485 is not well suited for transferring large amounts of data ( i.e. configuration and users). The highest possible throughput is 115.2 Kbit/s, but in most system it is downgraded to 56.2 Kbit /s or less to increase reliability.

• RS-485 does not allow host PC to communicate with several controllers connected to the same port simultaneously . Therefore in large systems transfers of configuration and users to controllers may take a very long time and interfere with normal operations.

• Controllers cannot initiate communication in case of an alarm. The host PC setup.

• Special serial switches are required in order to build a redundant host PC setup.

• Separate RS-485 lines have to be installed instead of using an already existing network infrastructure.

• Cable that meets RS-485 standards is significantly more expensive than the regular Category 5 UTP network cable.

• Operation of the system is highly dependent on the host PC. IN case the host PC fails, events from controllers are retrieved and functions that required interaction between controllers ( i.e. anti- passbook) stop working.

Access control system using serial main and sub – controllers.

2. Serial main and sub-controllers. All door hardware is connected to sub- controllers (a.k.a. door controllers or door inter faces). Sub- controllers usually do not make access decisions, and forward all requests to the main controllers. Main controllers usually support from 16 to 32 sub-controllers.

Advantages:
• Work load on the host PC is significantly reduced, because it only needs to communicate with a few main controllers.

• The overall cost of the system is lower, as sub- controllers are usually simple and inexpensive devices.

• All other advantages listed in the first paragraph apply.

Disadvantages:
• Operation of the system is highly dependent on main controllers. In case one of the main controllers fails, events from its sub- controllers are not retrieved and functions that require interaction between sub controllers( i.e. anti-passbook) stop working.

• Some models of sub-controllers( usually lower cost) have no memory and processing power to make access decisions independently. If the main controller fails, sub- controllers change to degraded mode in which doors are either completely locked or unlocked and no events are recorded. Such sub- controllers should be avoided or used only in areas that do not require high security.

• Main controllers tend to be expensive, therefor such topology is not very well suited for systems with multiple remote locations that have only a few doors.

• All other RS- 485 – related disadvantages listed in the first paragraph apply.

Access control system using serial main controller and intelligent readers.

3. Serial main controllers & intelligent readers. All door hardware is connected directly to intelligent or semi-intelligent readers. Readers usually do not make access decisions, and forward all requests to the main controller. Only if the connection to the main controller is unavailable, the readers use their internal database to make access decisions and record events. Semi-intelligent readers that have no database and cannot function without the main controller should be used only in areas that do not require high security. Main controllers usually support from 16 to 64 readers. All advantages and disadvantages are the same as the ones listed in the second paragraph.

Access control systems using serial controllers and terminal servers.

4. Serial controllers with terminal servers. In spite of the rapid development and increasing use of computer networks, access control manufactures remained conservative and did not rush to introduce network-enabled products. When pressed for solutions with network connectivity, many chose the option requiring less efforts: addition of a terminal server, a device that converts serial data for transmission via LAN or WAN. Terminal servers manufactured by Lantronix and Tibbo technology are popular in the security industry.

Advantages:
• Allows utilizing existing network infrastructure for connecting separate segments of the system.

• provides convenient solution in cases when installation of an RS-485 line would be difficult or impossible.

Disadvantages:
• Increases complexity of the system.

• Creates additional work for installers: usually terminal servers have to be configured independently, not through the interface of the access control software.

Serial communication link between the controller and the terminal server acts as a bottleneck: even though the data between thee host PC and the terminal server travels at the 10/100/1000 Mbit/s network speed it then slows down to the serial speed of 112.5 Kbit/s or less. There are also additional delays introduced in the process of conversion between serial and network data.

All RS-485 related advantages and disadvantages also apply.

Access control system using network-enabled main controllers.
Copyright © 2015 Mbaexamnotes.com         Home | Contact | Projects | Jobs

Review Questions
  • 1. What is a Data Centre?
  • 2. What is the necessity for data center security? How will you build a data center security architecture?
  • 3. What are the features of the physical environment of data center?
  • 4. How will you build a communication structure, electrical networking and a server room under the data center architecture?
Copyright © 2015 Mbaexamnotes.com         Home | Contact | Projects | Jobs

Related Topics
Data Center Keywords
  • Data Center Notes

  • Data Center Programs

  • Data Center Syllabus

  • Data Center Sample Questions

  • Data Center Subjects

  • EMBA Data Center Subjects

  • Data Center Study Material

  • BBA Data Center Study Material