Flylib.com

Books Software

 
 
 

Category list


Similar pages

Environmental Controls


Buy on amazon.com >>
Davis C. Schiller M. Wheeler K.
    << Previous page
    Table of contents
    Next page >>

    Environmental Controls

    Computer systems require specific environmental conditions such as controlled temperature and humidity. Data centers are designed to provide this type of controlled environment. When auditing a data center, the auditor should verify that there is enough heating, ventilation , and air-conditioning capacity to service the data center even in the most extreme conditions.

    7 Verify that heating, ventilation, and air-conditioning systems maintain constant temperatures within the data center.

    Heating, ventilation, and air-conditioning systems are used to provide constant temperature and humidity levels within the data center. This is important because computer systems are damaged by extremes in either. High humidity levels can cause corrosion over time, and low humidity levels cause static electricity to occur.

    How

    Data center temperatures should range from 65 to 70°F. Temperatures above 85°F will damage computer equipment. Humidity levels should be between 45 and 55 percent. The auditor should review temperature and humidity logs to verify that each falls within acceptable ranges over a period of time. The auditor also should review the heating, ventilation, and air-conditioning design to verify that all areas of the data centers are covered appropriately. This information usually can be obtained from the facility manager during an interview.

    8 Evaluate the data center's use of electronic shielding to verify that radio emissions do not affect computer systems or that system emissions cannot be used to gain unauthorized access to sensitive information.

    Electronic equipment creates electronic emissions that, in theory, can be captured and disseminated to compromise the information that is being processed by the equipment. These are the same emissions that create crosstalk conditions in phone and network wires. The level of risk that electronic emissions creates is debatable, but nonetheless, many data centers provide electronic shielding to mitigate it as well as the risk of electronic interference from outside sources.

    Note 

    There was a program that the National Security Agency (NSA) initiated in the 1960s called the TEMPEST project that was created to study the feasibility of using electronic emissions to gain access to otherwise protected information. The TEMPEST project still continues today. Although information about it is scarce , see http://www.cryptome. sabotage .org/tempest-time.htm for additional information about project history.

    How

    The auditor should review any shielding strategies that the data center employs to protect against interference or unauthorized access through emissions. Also determine whether there are any nearby sources of electronic interference. The data center facility manager usually can provide this information during an interview.



    Power Continuity

    Computer systems require uninterrupted, clean power to operate . Data centers typically employ several different types of controls to maintain clean power. These controls include

    • Redundant power feeds that provide power from two or more power stations

    • Ground to earth to carry excess power away from systems during electrical faults

    • Power conditioning systems to convert potentially dirty power to clean power

    • Battery backup systems (UPSs) that provide immediate power, typically for short periods of time

    • Generators to provide sustained power during extended power losses

    When performing data center audits , the auditor should verify that adequate power continuity controls are present and working properly.

    9 Determine whether the data center has redundant power feeds.

    Some data centers are built in locations where they can connect to more than one power station. When the power supplied by one feed is lost, the other often will remain live. As a result, redundant power feeds can be used to maintain utility power continuity.

    How

    This control is not always present, but it is worth exploring with the data center facility manager during interviews.

    10 Verify that ground to earth exists to protect computer systems.

    Ungrounded electrical power can cause computer equipment damage, fire, injury , or death. These perils affect information systems, personnel, and the facility itself. Today, buildings that do not have grounded electrical outlets most likely will be in violation of building code.

    How

    Unlike redundant power feeds, the ground-to-earth control always should be present. Ground to earth is a basic feature of all electrical installations. It consists of a green wire that connects all electrical outlets to a rod that is sunk into the ground. When short circuits or electrical faults occur, excess voltage is passed through the ground wire safely into the ground rather than short-circuiting electrical equipment. This control should be present in any facility less than 30 years old or so, but it is definitely worth verifying. Older buildings that have not had electrical systems upgraded may not have an electrical ground, however. Electrical ground normally is required in building codes. This information can be obtained by interviewing the data center facility manager or through observation.

    11 Ensure that power is conditioned to prevent data loss.

    {% if main.adsdop %}{% include 'adsenceinline.tpl' %}{% endif %}

    Power spikes and sags damage computer systems and destroy information. Power conditioning systems mitigate this risk by buffering the spikes and sags.

    How

    Clean power can be represented as a wave pattern with symmetric peaks and valleys. Normal utility power has a wave pattern with peaks and valleys that are far from symmetric, causing momentary spikes and sags. These spikes and sags shorten the life of electronic components and sometimes cause system faults. Power conditioning systems smooth out the wave pattern to make it symmetric. Through interviews and observation, the auditor should verify that power is being conditioned by either a power conditioning system or a battery backup system.

    12 Verify that battery backup systems are providing continuous power during momentary black-outs and brown-outs.

    Power failures can cause data loss through abrupt system shutdowns. UPS battery systems mitigate this risk by providing 20 to 30 minutes of power as well as power conditioning during normal utility power conditions.

    How

    Battery backup systems or UPSs offer immediate power in the event of a power loss. They are typically designed to provide somewhere between 20 minutes and 1 hour of computer run time. Basically, they provide enough time for the generator to turn on and begin generating electricity. They also perform a power conditioning function because they logically sit in between utility power and computer center equipment. As a result, the batteries are actually powering the data center all the time. When utility power is live, the batteries are charged constantly. Conversely, when power is lost, they begin to drain. The auditor should interview the data center facility manager and observe UPS battery backup systems to verify that the data center UPS system is protecting all critical computer systems and affords adequate run times.

    13 Ensure that generators protect against prolonged power loss and are in good working condition.

    Mission-critical data centers, by their nature, cannot withstand any power loss. Since it is impractical to install enough batteries to power the data center for more than an hour or two, generators allow the data center to generate its own power in the event of a prolonged loss of utility power.

    How

    Generators come in two common varieties: diesel -powered and natural gas- or propane- powered . Each has its benefits and drawbacks.

    Diesel generators are most common but have a finite amount of fuel stored in their tanks. Diesel fuel is also a biohazard. If it is spilled, there could be significant cleanup expenses. Also, if the generator is in close proximity to the data center, there is a danger of a spill that reaches into the data center itself, which would be disastrous. These risks can be mitigated though fuel service contracts and spill barriers, however.

    Natural gas generators run cleaner and theoretically have an infinite supply of fuel as long as the gas lines are intact. There is no danger of spills, but there is an increased danger of fire. Natural gas generators are employed rarely, however, because of the expense.

    Propane generators are also expensive but have a limited supply of fuel. Again, this can be mitigated with service contracts.

    All types of generators require frequent maintenance and testing. As a result, the auditor should review both maintenance and test logs during a data center audit. Additionally, auditors should obtain the sustained and peak power loads from the facility manager and compare them with current power generation capacity. Generators should be able to produce at least double the sustained power load.



    Buy on amazon.com >>
    Davis C. Schiller M. Wheeler K.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy