[ISN] Out of sight, never out of mind

From: InfoSec News (alerts@private)
Date: Wed Aug 16 2006 - 01:00:49 PDT


http://www.smh.com.au/news/biztech/out-of-sight-never-out-of-mind/2006/08/14/1155407745935.html

By Nick Miller
August 15, 2006
Next

STUART McKENZIE folds his arms. "Welcome to my fridge," he says, a 
twitch of the eyebrows indicating his pride in the massed racks of 
humming servers in the Sydney base of global IT services provider 
Unisys.

Peter Wilson, at Datacom's GlobalCentre in Melbourne, stages a more 
theatrical welcome: boardroom curtains part to reveal the flashing 
lights and busy screens of the central monitoring post.

At the Melbourne hub of telco Primus, Bruce Klimeck simply offers a 
business-like handshake, places his palm on a biometric reader and 
ushers visitors through the security "airlock" into his inner sanctum.

Every data centre has its own style but all are welcoming customers as 
organisations around the country say "get these damned servers out of 
my office".

Two years ago Michael Browne, CEO of Datacom, thought the age of the 
outsourced data centre was in severe decline as technology advanced 
and sophisticated servers became smaller and more manageable.

"It's a difference scenario now," he says. "Thanks to the 
infrastructure you need to run a modern server rack, the power they 
draw and the heat they put out, the ability to run them in-house is 
almost eradicated."

The first problem is the modern server, he says. They can be tightly 
stacked, draw more power every year, and put out a lot of heat. Many 
companies simply cannot afford the demands this places on 
air-conditioning and power supply.

The second problem is redundancy. With the growth in web services and 
business management systems, plus email, many of a company's most 
critical parts rely on the health of a small rack of servers.

Power cuts or natural disasters carry a new level of threat that many 
companies aren't prepared to face alone.

"One of our Sydney clients moved their data centre in-house two years 
ago," says Mr Browne. "They've just moved back out, to our Melbourne 
facility. Organisations I would not have considered as (customer) 
prospects two years ago are now seriously considering outsourcing."

Iain McKimm, general manager of operations at internet telephony 
company Freshtel, says he used to build data centres in a previous job 
but now prefers to rent them.

"It's a simple decision: do you spend a million dollars putting in the 
computer room, the environmental control, the air-conditioning, backup 
generator, fire detection, power redundancy . . . or do you just say 
'here's one I prepared earlier'," he says.

Despite being an IT player, Freshtel was happy to put all its servers 
in Datacom's Melbourne building. "We don't host anything except a 
router," Mr McKimm says.

Outsourcing costs more money in the long run, he says, but you get the 
service straightaway and can concentrate on your core business.

Some don't have the choice. The Queensland branch of the Pharmacy 
Guild of Australia had big plans that it would not have been able to 
manage alone.

"(Data-centre company) WebCentral allows us to punch above our 
weight," says the guild's manager of innovation, Shaun Singleton.

Pharmacies face a blizzard of paperwork because of evolving services 
and government standards, he says.

The guild wanted web-based tracking of ISO (commonly agreed 
international) standards and online storage for documents such as 
staffing records. The system would also track sales of pills 
containing pseudoephedrine so pharmacists could cross-check that a 
customer was not going from shop to shop gathering the raw materials 
for the manufacture of illegal drugs.

"There were big privacy and security issues," Mr Singleton says. "We 
wanted to deliver a high-quality service to 4800 users but our 
business case would never have been viable."

The obvious solution was to outsource. But the special nature of the 
system meant the security of the data centre became a big focus.

"The Queensland Police made it a condition: if they couldn't see the 
data centre, they wouldn't work with us," Mr Singleton says.

Another advantage of putting their servers into a data centre was 
added flexibility as the system rapidly grew.

WebCentral CEO Andrew Spicer's customers range from small businesses 
to big government departments and banks.

With the growth in internet bandwidth, companies realise they can put 
more of their services into someone else's building, and offload a big 
problem.

"Why build a data centre when you can buy one," Mr Spicer says. "This 
is a big swing in the way people think about IT."

So many people are converting to that point of view that demand is 
starting to exceed supply. Most data-centre professionals interviewed 
by Next were adding extra floor space, and prices for rack space have 
more than doubled in the past two years.

Mr Spicer says customers often want to buy managed services rather 
than basic co-location. But they never take an "out of sight, out of 
mind" approach.

"Customers are interested in security - they want to know about 
guards, physical and network security," he says. "The second question 
is usually about disaster recovery. They always ask about redundancy. 
They always ask about tech support, can they get someone on the phone 
24/7."

That requirement was at the top of the list for the Board of Airline 
Representatives of Australia, which has the tough task of keeping 
track of all airline baggage in the country.

Three years ago the Government mandated a new system in which every 
bag had to be checked and reconciled with an authorised passenger 
before it boarded a plane.

BARA outsourced the system to Unisys and Ultra Electronics - with 
Unisys hosting the servers at its data centre.

Uptime and maintenance are critical. "We need a very rapid response 
time," says the board's executive director Warren Bennett. "It costs a 
hell of a lot of money to have an aircraft sitting at the terminal 
waiting for authorisation of the bags coming on board."

Early on there were serious failures: power problems at the central 
server site and unexpected glitches in the software. But these were 
smoothed out quickly.

"It just better to use a large site such as Unisys," Mr Bennett says. 
"If there is a problem with the system, the baggage-handling companies 
can get a response and things are sorted pretty quickly."

Unisys guaranteed system uptime, with compensation if a benchmark was 
not met. Also it provided documentation for government-conducted 
security audits: the Department of Transport has the power to refuse 
take-off or even call back a plane in the air if it is not satisfied 
with a manifest report.

Other customers are more interested in price. The typical Australian 
price of $1000 per rack per month does not impress Cameron Reilly, CEO 
of the Podcast Network.

"Australian providers have never come even close to the rates we can 
source out of the US and Europe," he says. "The cost differential is 
in the order of five to 20 times."

"I would highly recommend that anyone looking at hosting 
bandwidth-intensive applications such as digital media or hosted 
services give serious consideration to using a service based outside 
of Australia."

Mr Reilly's US-based servers were installed after a short tender 
process in which he looked at price, service level agreements and the 
quality of service. His six servers were built on-site and within 24 
hours he could log in and build the system remotely. US intervention 
is now only necessary for the occasional hard reboot, replacing a 
failed card or hard drive, or if there is a DNS attack.

"As broadband pipes shrink the world, that will have a serious impact 
on the market," he says. "I will be hosting in Russia, China or India 
in the next couple of years."

He's not blind to the downside. "On one or two occasions the service 
has gone down for several hours and I didn't feel I had a reasonable 
explanation," he says."(With) someone local you can build a 
relationship, eyeball them, sit down and have a coffee. The downside 
of being international is that when shit breaks down - and this is IT, 
so something always does - it's easier for someone to give you the 
runaround.

"I wanted a guarantee of 24/7 access to someone relatively senior. 
Make sure you have a phone number and an uptime guaranteed."

But Mr Spicer says US data centres only look cheaper on paper. "When 
you phone up on Monday with a problem you're going to get the Sunday 
night tech support," he says. "Even small enterprises now see their 
internet applications as incredibly important. You want a reliable 
service."

Unisys' Stuart McKenzie says high-quality Tier-3 data centres such as 
his attract premium customers in finance, banking and transportation. 
"It's not for Bob the Builder's web server," he says. The building, 
out in Sydney's western suburbs, has 1000 watts of power per square 
metre, two electricity substations, two switch rooms, two generators 
with a tank of 72 hours worth of diesel, and two uninterruptible power 
supplies. "It's parallel all the way up."

Tier-3 centres offer premium security also. Security concerns have 
shifted over time, Mr McKenzie says. Clients worry about how close 
they are to the city, or to a geological fault, or to water - whether 
the site is on a flood plain, for example.

Terrorism is another big concern. Global events have changed levels of 
comfort, possibly forever. Some clients are nervous if a data centre 
is above a car park. Others want to hear about contingency plans in 
the case of a bird flu outbreak.

Steven Firth, in charge of outsourcing and infrastructure services at 
Unisys Australia, says customers come in two flavours.

Those looking for a facility management have practical questions about 
power supply, scalability and data pipes. Those looking for a managed 
service view a data centre as the "hygiene factor" in a service level 
agreement. More sophisticated customers ask about the certification of 
a company's employees to determine the quality of service.

Bruce Klimeck at the Primus data centre in Melbourne says customers 
should ask detailed questions about the power and air-conditioning 
backup systems.

"The key is that there can be no single point of failure," he says. 
"Even water supply can be critical - a data centre in Brisbane melted 
when it lost the water supply to its air-conditioners: it had to shut 
down."

Customers should ask to see comprehensive and immediate maintenance 
contracts, he says. "Otherwise it's a question of when it's going to 
fail".

They should ask when the backup generator was last turned over - and 
when will be the next time. He had a nasty shock at Christmas when a 
routine check found there was not enough juice in a battery to get his 
own back-up generator going. But thanks to the check, no customer was 
affected. Power supply is probably the biggest issue facing modern 
data centres - both for the racks themselves and the massive 
air-conditioners needed to cool them.

Peter Wilson, in charge of Datacom's GlobalCentre data centre in South 
Melbourne, says he wouldn't be surprised to see a return to the "data 
chillers" of the mainframe days, with water or compressed-gas-based 
heat exchanges in each enclosure. "We even have to be careful about 
the physical weight of the servers."

Most data centres get the basics right, he says. Datacom tries to 
differentiate itself through services, priding itself on efficient 
change management, for example. "Data centres are not about real 
estate any more, it's about what value you can add to a rack."

One such service is virtualisation. Mr Spicer of WebCentral says it is 
an increasingly useful tool, especially for companies with widely 
variable IT demands.

A customer running a tax application or a website specific to an 
event, such as the Sydney to Hobart yacht race, may peak at loads 
hundreds or thousands of times the normal level.

Virtual servers can take that load without the need to race into a 
data centre and plug in more machines.

"That's where this (business) is headed," Mr Spicer says. "There is a 
trade-off, which is mainly a perception around security. Customers 
like to know they have a box somewhere with their own firewall, all 
sealed."

If this sounds like a return to the "glass house" days of mainframes, 
it is quite similar, says Rod Vawdrey, CEO of Fujitsu Australia. He 
says business is lively because many government agencies hope to 
simplify their IT after years putting up with complicated legacy 
systems.

Most government clients demand AS7799-compliant "bunker-like" 
security, which has created a good sideline in physical security and 
identity management products. Often this consolidation accompanies a 
move to data centres. "There is a shift back to strongly integrated, 
secure and supportable infrastructure," Mr Vawdrey says.

-=-

NEXT LESSONS

Security: 24/7 human presence, CCTV cameras, lockable cabinets and 
caged areas.

Safety: gas-based and dry-pipe fire system, VESDA smoke detection, 
back-up air conditioning, power and networking connectivity, stable 
power grid, headroom on power supply and cooling, UPS and battery of 
10 or more minutes

Services: access to dedicated fibre and all major telcos, 24/7 on-site 
technical support

Scalability: ability to expand when customer does, in footprint, rack 
density, power and cooling draw, UPS.

Source: Peter Wilson, Datacom


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 16 2006 - 01:06:01 PDT