1 / 100

Maximizing Virtual Data Center Security with Linux

Learn about the importance of physical and cyber security measures in virtual data centers using Linux. Explore data center layouts, access controls, power systems, and more.

Download Presentation

Maximizing Virtual Data Center Security with Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Virtual Data Center Security using Linux INCS - 775

  2. What is a data center? • A data center is a facility used to house mission critical computer systems and associated components. It generally includes environmental controls (air conditioning, fire suppression, etc.), redundant/backup power supplies, redundant data communications connections and high security. (Wikipedia)

  3. Data Center Physical Layout • A data center can occupy one room of a building, one or more floors, or an entire building. • Servers are stacked in rack cabinets • Cabinets are arranged in rows with aisles in between them to allow access to both front and back of the servers

  4. Data Center Physical Layout (cont.) • Air conditioning • Backup power systems • Raised floors – air circulation and power wiring • Overhead cable trays – data wiring • Fire prevention and extinguishing systems • Physical security

  5. Data Center • A centralized location where computer related resources (and data) are stored. • The users do not require physical access in order to use the resources.

  6. Physical Layout • A room • Interior room • A section of a building (a floor) • Interior building space • A building, underground structure, etc.

  7. Physical Access • Ease of access to roads • Ease of access to the interior • Large oversized double doors • Loading dock • Ramps • Service elevator

  8. Location Considerations • Geography, weather, and climate • Earthquakes • Floods • Lightning • Fires • Hurricanes • Tornados

  9. Data Center Requirements • Fire protection • Weight rated floor • Access to power • Access to HVAC • Access controls • Limited access entry points.

  10. Physical Security • Crime prevention through environmental design: • Fences, walls & gates • Natural barriers and open spaces • Lighting • Surveillance • Alarms

  11. Physical Security • The computer room should have limited access: on a need to be there basis only. • Keycards and old fashioned keys and locks. • Guests should not be given access without an escort. • Proximity badges • Biometric Passes

  12. Physical Security • A room may require two people to have access at any one time, so no one can be alone in the computer room.

  13. Physical Security: Surveillance • Cameras (Closed Circuit Video) • Motion Detectors • Keeping track of entry and exit of each individual

  14. Power • Your power capacity must provide for • Computer equipment • HVAC • Lighting • Security • Fire prevention • As technology advances, it takes less space to use equal amounts of power. • Power cords, fuse boxes, switches must meet fire safety standards. (NEBs Standards)

  15. NEBS • Networking Equipment Building System • Floor loading • Temperature & Humidity • Fire prevention • Airborne contamination • Noise level • EMF

  16. NEBS • Electrostatic Discharge • Lightning protection • Electric safety standards • Grounding • etc

  17. Power Main Categories • UPS • Surge Protection • Line conditioning

  18. Power: UPS Consist of • ATS (automatic transfer switch) • Fire codes require an off switch for UPS. • Batteries • May include generators for prolonged outages.

  19. Power: ATS Automatic Transfer Switch • Detects when utility power is outside of an acceptable range, then activates the UPS and generators. • Detects when utility power resumes, and switches from UPS to utility power.

  20. Power: UPS • UPS must provide power for • Computing systems and other essential hardware. • HVAC • Security • Lighting • Separate backup power for any fire suppression needing power.

  21. Power: UPS • UPS may require special requirements for: • cooling, • ventilation • power • Its own special room • Make sure the power is available for this room too! • Access is for maintenance and inspection only!

  22. Power: UPS • UPS can be made up of a room full of batteries. • these can be a dangerous fire hazard. • Fumes from battery acid are flammable and poisonous.

  23. Power Outage • Statistics show that power outages tend to last for very short periods or very long periods. • Most power outages last less than 5 seconds. • If an outage lasts more than 10 minutes, it is likely to last all day.

  24. Power Outage • A UPS should have enough stored power to last about 10 min + the required time to safely shutdown. • A generator would be required to handle power outages lasting more than 10 to 15 minutes. • UPS needs maintenance. Rechargeable lead acid batteries will last about 5 years.

  25. Power: Surge Protection • Required to protect against jumps in voltage from your power source. • Can happen when there is a sudden large draw of power. Most likely to happen during power outages. • A spike in voltage can damage electronics.

  26. Power: Surge Protection • Data center should be grounded for lightning strikes using lightning rods.

  27. Power: Line Conditioning • A power conditioner keeps the power supply at a constant voltage and frequency. • Deals with sags, spikes, surges, and outages. • Surges last longer than spikes. • A step above surge protection.

  28. Power: Fire Suppression • Fire suppression power requirements must be separate from everything else including computer system UPS.

  29. Fire Suppression Halon Alternatives are used to reduce the oxygen content. (There must be enough remaining oxygen for humans to breathe)

  30. Fire Suppression CO2 – cheap but causes greater condensation compared to other alternative suppressants. If fire suppression is activated: Power down systems. Evacuate personnel Shut off all power and system UPS Contact the suppression experts Maintain a fire-evacuation plan

  31. Power Switches • Fuse boxes, and any other power switch control should be easily accessible and not hidden behind equipment.

  32. HVAC • Heating Ventilation and Air Conditioning

  33. HVAC • Fans for forcing air flow • Filters for reducing the amount of contaminants in the air. • Humidity control – • dry air leads to more static electricity. • Damp air leads to corrosion • 40%-60% RH • Water chillers, pumps, compressors

  34. HVAC: Air Flow Management • http://www.42u.com/42u-rack-cooling.htm • The hot aisle-cold aisle alternating system

  35. HVAC • Room should have good ventilation. • Equipment should be spaced apart to prevent heat pockets from forming. • The Amundsen-Scott facility does not require heating as long as the equipment in the data center is running. • Water sensors should be placed under AC units, and raised floor.

  36. HVAC • Multiple thermostats may be required for larger rooms. • Alarm to alert when temperature/humidity is outside a safe operation range.

  37. Redundancy • Power • HVAC • Hardware • Server • Disk • Backup

  38. Racks • Selection • Floor Layout • Contents

  39. Racks • Racks help manage space efficiently. • Racks are needed so that equipment is not literally stacked on top of each other. (build up of heat) • Racks also provide cable management. • Racks help manage HVAC

  40. Rack Selection • Two Posts – usually for lighter communications hardware. • Four Posts – for heavier hardware. http://www.racksolutions.com/index.html

  41. Rack Selection • Height – should not be too tall that access is difficult or gets too close to the roof. Heat rises and equipment at the top will be subject to higher temperatures.

  42. Rack Selection • Width • Computer hardware standard is 19 inches. • Networking hardware NEBS standard is 21 inches. Network Equipment Building Standards.

  43. Rack Selection • Depth Must be deep enough for your equipment to fit plus enough space for vertical and horizontal cabling. Cables and equipment should not protrude into aisle space. (check fire codes)

  44. Rack Selection • Extra deep racks tend to create unused space. • Over packed racks lead to cabling complications and heat build up around equipment.

  45. Rack Selection • Some racks have built in fans. • Bottom mounted fans may require perforated raised floors. • Bottom mounted equipment can restrict air flow. • Doors on racks restrict air flow when closed.

  46. Rack Placement • Allow racks to be far enough apart for easy access to equipment and cabling. • Racks placed too close will build up excessive heat and cause access problems.

  47. PUE = Power Utilization Effectiveness SPUE = Server Power Utilization Efectiveness

  48. (Courtesy of Luiz Andre Barroso and Urs Holzle, Google Inc., 2009)

  49. Racks: PDU vs Power Strip • PDU - power distribution unit connects different sockets into different circuits.

  50. Non-rack equipment • Not all equipment is rack mounted. • Be sure to have enough space for non-rack mounted hardware.

More Related