【數據中心設計】CDCP 學習筆記 - 數據中心 (Part 11) - Data Centre Design - Physical Security & Safety and Auxiliary Systems

Questions need to be addressed:

• What are you trying to protect?
• What are the threats?
• What is the probability of the danger occurring?
• What is the impact?
• What is the risk identified?
• Risk = impact * probability（risk assessment）
• Does the risk identify require a control?
• How does one design, build, implement (and subsequently during operations, monitor, review and improve) the control?

Physical security considerations

• Perimeter protection and intrusion detection 
• Fencing / Walis
• Barbwire facing outwards, slanted 45 degrees
• Security control room/guard house
• Boom barriers
• Concrete bollards
• CCTV(Closed-Circuit Television) cameras
• Security zones
• Access control (badge) system
• Security awareness posters

CCTV cameras

• CCTV
• Recording on the hard disk
• Motion detection cameras
• Night vision camera
• Event/face recognition
• Install cameras in such a way that the areas they monitor are overlapping to prevent black spots / blind areas（overlapping）
• Cameras and recorder must be on UPS
• Recorder to be located in a secure area
• Avoid placement inside the computer room
• Copy of hard disk should be stored off-site or in another remote area of the building

Entry control

• Areas can be secured in various ways
• Revolving doors
• Mantraps
• Turnstiles
• Cages —— No impact on cooling/fire suppression system, ensure that cages are installed slab-to-slab (subfloor of area up to the ceiling).
• Door locks
• Key lock —— Proper key management procedures
• Electronic locks —— Card reader / security code / biometrics (fingerprint, iris scan etc.)

Physical safety considerations

• Signage (regulatory and additional), using indicators for:
• Location of fire extinguishers
• Location of first-aid kit
• Emergency numbers and contacts
• Escape routes at each door
• Emergency response plans
• Safety awareness posters
• Cardiopulmonary Resuscitation (CPR)
• General safety practices

Monitoring system —— Data Centre monitoring requirements

• To have the ability to see at a glance everything is in a normal state
• To have peace of mind that should an alarm condition occurs, the relevant personnel will be informed（24x7 informing relevant staff）
• Have centralized monitoring capabilities that integrates with current monitoring software
• Keep a history of alarms and trending data for analysis（provide detailed reports）

EMS/BMS

• EMS —— Environmental Monitoring System
• Monitors only
• Most of the time low-level monitoring only (i.e. dry/alarm contacts)
• Relatively in-expensive
• Limited alarm contact inputs and limited notification capabilities
• BMS —— Building Management System
• Monitors and control
• Provides High-level monitoring (i.e. full parameter monitoring)
• Relatively expensive
• More detailed level compared to an EMS
• Either system fits a certain purpose
• The purpose is that abnormalities are noticed early so that actions can be taken to avoid disasters

DCIM —— Data Centre Infrastructure Management

• DCIM integrates information technology and facility management disciplines to centralize monitoring, management and intelligent capacity planning of a data centre's critical systems
• A lot of variances exist with most DCIM solutions to focus on:
• Asset management
• Power monitoring
• Environmental monitoring
• Capacity planning
• Change management

現在已經有很多供應商提供DCIM，但需要具體例子具體分析，首先要確定DCIM提供了哪些附加功能，特別是如果數據中心的自動化系統已經提供得很到位了，是否需要再增設DCIM系統需要再次衡量。

Water leak detection

• Pad based
• Covers certain areas only
• Inexpensive
• for smaller data centres only
• Cable based
• Placed under the raised floor along the perimeter and pipes
• Detection only or distance monitoring
• Need to keep cable clean
• for large data centres

Notification system for monitoring system

• Should be able to alert persons and groups relevant to the alarm detected
• Should be able to have various thresholds, both severity-based and timing-based with corresponding alerts
• Alerts to be communicated by
• E-mail
• SNMP(Simple Network Management Protocol)
• SMS (Short Message Service)
• Audible alarm
• Voice dialling

What to monitor？

• Monitor at least（基本版）
• Temperature / Humidity in various zones
• UPS status
• Water leakage
• Fire suppression
• Air conditioning
• Standby generator set
• Nice to have（進階版）
• Breaker / PDU level monitoring
• Rack door open / close
• Power, temperature, humidity inside the rack
• Pressure / airflow