How to Qualify a Data Center

Do you know anyone with a server and an Internet connection can become a cloud vendor, how do you know what to ask, or who to believe? Cloud providers are prime targets for hack activists and nation state attacks.

The first building block is the home of the solution core—the data center. A quality data center will have a hardened environment with redundant power sources backed up with local generators, redundant carrier access, overbuilt HVAC, etc. This can be a source of significant savings over the cost of self-provisioning and maintaining an equally well-designed internal data center.

However, it is important to verify the quality of the proposed data center, especially since even a large data center has experienced (highly public) service outages. It is important to seek providers that can guarantee availability and reliability; such resiliency usually requires business continuity designs.

Large or sophisticated enterprises may need to seek a partner with multiple geographically separate data centers for the most appropriate solutions to support business continuity. These partners can also help to optimize network traffic between the core services and the external services, which can be critical with bandwidth-intensive solutions

A recent study by IT industry association found that even though many organizations are concerned about the security of their data in the cloud, a minority of companies perform a comprehensive review of their cloud service providers before sealing the deal. It is critical that questions are asked. What kind of questions?

The following is set a questions, or evaluation guide, you can use to cut through the hype and make an informed decision

Architecture:

Architecture review process then extends into an exploration of the overall architecture of the solution. It starts with a robust and scalable infrastructure platform based on reliable components, but it extends into an exploration of the possible points of failure and the impact on your operations.

  1. Integrated Solution Is the core solution an integrated offering backed by a major manufacturer’s product line with good support services? The proposed solution should be based upon continuously updated, improved, and enhanced solution. Also, no matter how good the selling partner is, it needs advanced support from the manufacturer’s experts and developers.
  2. Modified Open-source Software Avoid solutions based on systems that have little history in the market, are based on modified open-source software, or use a customized package of multiple suppliers to create a full suite. These vendors may be creating better margins for themselves but the problems that are created will become yours.
  3. Business Continuity Are critical components redundant in an active mode that provides true business continuity (no interruption), or do certain failures require a restart, re-registration, database load, etc.? This same set of questions extends to any geographically separate backup sites.
  4. Service Uptime What are the documented service uptime stats? Ask for details on the root cause of any service interruptions. This applies to either a dedicated or owned data center maintained by the offering partner, or for a third-party data center where the service provider is a tenant.

Security
With any hosted solution, it is natural that questions arise about security issues. The hosted industry has clear awareness of these concerns and capable partners have addressed them. Even though some hosted data centers are more secure than most premises installations, it is still important to ask many questions about end-to-end security.

With cloud solutions, various components are shared among customers, therefore, security needs to extend inside of the cloud, and not just at the perimeter. Questions need to be asked about the partition of customer data, and application level access.

In addition, security impacts many layers of the solution, and you want to find a partner that has addressed the full set of issues.

  1. How is physical access to the site controlled?
  2. What are the written policies, procedures, and methods for ensuring security?
  3. Are they compliant with applicable rules and regulations (such as PCI, HIPPA, etc.)?
  4. Do they offer a written Service Level Agreement (SLA) that covers security concerns, risks, and liability coverage?
  5. Do they offer encryption of all stored data?
  6. Can all media packets (voice, video, IM, etc.) in transport be encrypted?
  7. Who has access to the de-encryption keys?
  8. What types of operating systems are running on the servers and how does the vendor secure them from exploits?
  9. What is in place to prevent device-level exploits? This should include any locally installed gateways, data storage devices, and even the telephones.
  10. What type of security exists within the applications to prevent abuse and malicious activities?
  11. What security measures are in place to grant access to authorized client staff that need to access the system’s management tools?
  12. How does the partner protect the services from standard IP vulnerabilities, including denial-of-service attacks?

A solid solution from a quality partner will not brush over your security concerns lightly but instead will share what they do, how they do it, and how you can audit them if necessary.

Closing

Reliable, professional, expertise in overseeing a data center is beneficial when looking to maximize PUE and IT performance, and when seeking consultancy about how best to improve the life of each individual asset. In other areas, and for the organizations wanting to remain focused on their core business competencies, a good facilities management team also brings with it the reassurance that the data center infrastructure is resilient; and well maintained.

A number of data center operators are open about the fact that they outsource the ongoing management of their facilities but others are less willing to share how, and by whom, the day-to-day elements of the data center are managed. Don’t assume your operator does it in-house – make sure you ask!

At easySERVICE™ Data Solutions, we fundamentally believe that by entrusting the management of our data center to our in-house teams, we are able retain direct control over our facilities management policies and adhere to best practices. This also provides us with a very real opportunity to build valued long-term relationships with our customers. After all, a data center operator that demonstrates its face market commitment to continually achieving improved levels of performance should surely then become a front-runner when the supplier shortlist is being reviewed by the board.