Despite data centres being at risk from a number of threats – ranging from fire and water, to theft and illegal tampering – protection is sometimes left as an afterthought. Barry Maidment from Rittal looks into the risks and how to go about protecting the equipment within
Within the IT security field there are numerous packages available that allow protection from internal and external software, threats such as viruses, hacking, and so on. While most are very well documented and supported, protecting the physical hardware is sometimes left as an afterthought.
Usually the IT infrastructure is a mixture of various technologies – including servers, switches and routers, patching, fibre and data cabling, and a UPS system – and each of these effectively make up the network. Any of these that are illegally tampered with or damaged could have a significant effect on business.
A data centre is basically a large air-conditioned room which is designed to house all the network components, with the equipment generally mounted in 19” enclosures. These, however, are susceptible to a number of threats that include fire damage, water damage, opportunist theft, tampering and espionage.
Approximately 20% of all fires ignite directly in the server room or in its direct proximity – the remaining 80% ignite outside an IT structure which means that fire risk needs to be looked at on two levels.
Protection against fire which originates inside the security room can be covered by early fire-detection (EFD) system, fire alarm and extinguishing systems. These can be designed redundantly, avoiding false alarms.
EFD systems constantly extract air from the racks to be protected, using an active smoke extraction system that detects the smallest, entirely invisible, smoke particles (response sensitivity of approx. 0.01% light scattering/m). Digital particle counters used in laser technology can also be applied here. Due to high air speeds in air-conditioned rooms, the smoke is dispersed quickly so that EFD systems must always have a sufficient level of detection sensibility.
Through the use of non-poisonous extinguishing gases, fires can be suffocated during the pyrolysis phase (fire ignition phase) with the result that any possible damage is ultimately as minor as possible and fire dispersion is prevented. In some systems, the gas cartridges can be replaced and activated without the need for a service engineer. In addition to FM-200, noble gas (e.g. argon), nitrogen, Inergen or carbon dioxide are used as gases that suffocate the fire through oxygen removal. There are also gases which extinguish the fire by absorbing heat, such as the new NovecTM 1230. With this, only a lower volume of gas is required to extinguish the fire.
Both EFD, fire-alarm and extinguishing systems are now available in space-saving and easy-to install 1 HU technology, meaning that good protection no longer has to depend on the amount of space available.
There are several factors to be taken into account when considering protection against fire which originates outside of the security room. Firstly, the security room must be fireproof; but care must also be taken to ensure that the room temperature and air humidity in the server room do not increase to a level which will affect the sensitive equipment. Here, it is absolutely essential that the upper limits stipulated in the EN 1047-2 standard are observed.
Fire protection lasting 180 minutes and the observance of a maximum temperature of 70°C and 85% air humidity for 60 minutes are currently viewed as being the recognised benchmark in the field of modular security rooms. This can only be guaranteed by a security room solution which has been tested and certified by the independent European Certification Board – Security Systems (ECB•S) with additional, extended fire testing.
A danger frequently not taken into adequate consideration for IT systems is water. This danger does not only come in the form of pipe leaks or floods, but also from the threat due to fire extinguishing water. On many occasions, the primary damage caused by the fire is far less severe than the damage caused by the water used to extinguish the fire. This means that IT rooms need to be watertight during the time when the fire is fought and must be able to withstand stagnant water, as is the case during a flood, for example. The water tightness should be proven to comply with EN 60529 and should be independently certified. Protection against stagnant water over a period of 72 hours is currently the state of technology required by high-availability systems.
To protect against malicious damage it is logical to have a tiered approach to security. Firstly, the data centre should have a master security system for entry into the room. It is also recommended to put a security system on each of the 19” enclosures in the room. This will then enable protection by application, i.e. if someone wants to re-patch then they can have the key to the patching cabinet, but they cannot gain access to the server of the UPS cabinet.
T: 01709 704000