A risk prevention concept for IT structures is an essential part of the IT planning process. This is where data centers come to the fore. If IT is the central nervous system of modern companies, the data center is their spinal cord. If this is damaged, it can paralyze all of a company's processes. Managers, however, also have to keep an eye on the price/performance ratio when it comes to risk prevention.

Data centers are faced with numerous risks including fire, smoke generation, water damage, power failure and overheating. Other disruptive factors include cyber crimes and unauthorized third-party access to data center rooms. Given the wide variety of threats, a comprehensive security concept plays a key role in all data center planning and modernization projects.

Costs vs benefits
The cost of risk prevention must always be commensurate with the potential economic loss or damage mitigation. Potential risks, such as production downtimes, must always be weighed against the business process target. This is the full set of requirements that the business operations place on IT.

The ratio of business process target to tolerable downtimes and potential damage indicates which operational losses are acceptable and which are not. This qualification and quantification of risks within the data center infrastructure is not designed to protect solely against business losses. A holistic view of the entire data center is also indispensable for planning. It is the only way to ensure that protection against fire, unauthorized access and overheating is implemented in a way that is demand-based and therefore cost-effective.

Consequently, the first step is to define the availability requirements for IT. During subsequent implementation, data center planners can use the Tier classifications of the Uptime Institute for guidance. The demands for power and cooling in particular are specified in four classes – Tier I to Tier IV – depending on the availability requirements. Tier IV specifications for particularly business-critical core processes achieve maximum availability of 99.995%.

Security rooms of all sizes
Modular security rooms are the protective shell of data centers. They accommodate both IT devices such as servers, switches and data memories, as well as the infrastructure. Regardless of whether a company has a high-security data center or racks located in an office environment, various protection concepts comprising different resistance classes are available tailored to the exact requirements of the business processes. The concepts range from basic protection through to high-availability security rooms with minimal downtime tolerances.

To be able to respond adequately to company needs, cost-effective concepts are modular and can be tailored flexibly to the structural conditions and availability requirements, for example, by opting for a room-in-room concept. State-of-the-art data center concepts provide for separate accommodation of server enclosures on the one hand and the infrastructure such as low-voltage distribution, UPS systems. The individual "rooms” (data center area / technology area) are designed and built as protection cells to meet precise requirements. For example, the server cell is designed to achieve high-availability protection, while the remaining technology is equipped with less expensive basic protection. These modular security cells are quick and cost-effective to dismantle and reassemble at a new location and thus offer a high level of investment security. The data centre can also be expanded at a later date as the enterprise's requirements grow.

IT safes are an alternative to server rooms and they offer comprehensive protection for critical servers. These small suits of armour present an interesting and cost-effective solution for small and medium-sized enterprises. They provide protection against physical threats and are available as modular Basic Safes. In addition to the physical shell, various configuration components for cooling, power supply, emergency power and monitoring transform the safe into a complete compact data center.

The micro data center can take this one step further, supplying everything as a comlete package. Take for example Rittal’s microdata center designed in cooperation with IT service provider Bechtle. In this joint concept, Rittal supplies the entire infrastructure and physical security technology – Basic Safe as the enclosure, climate control, fire alarm and extinguisher system and energy distribution. Bechtle is responsible for the actual IT devices and software integration.

The micro data center is essentially a plug-and-play system that is available in three variants with different levels of system redundancy. With a footprint of just 1 sq m, micro data centers can offer sufficient computing power to supply several thousand SAP users at the same time.

Protection against fire, water and smoke
Fire, water and smoke pose a fundamental risk for data centers. A multifunctional safety concept is needed when a data center is taken into operation. A fire protection concept alone is insufficient.

Water is also a source of risk to IT that should not be underestimated. Most damage is usually caused by the water used to extinguish a fire. Therefore, data centers should remain watertight for long periods and should also offer protection against standing water. Watertightness in line with EN 60529 (IP standard) is a minimum requirement.

The prevention of smoke build-up must also be factored into any safety concept. The substances in flue gases mean they are often corrosive and can quickly attack and damage IT systems, thus significantly reducing the time till system failure. What's more, for smoke damage to occur, the fire does not even have to be close to the data centre. Certified flue gas-tightness to DIN 18095 or EN 1634-3 is essential.

For the prevention of fires in data centers, the residual risk must be reduced through additional measures. Early fire detection systems are designed to prevent fire damage from occurring in the first place. They continuously extract air from the server enclosures at risk and the surrounding area and can detect even the smallest smoke particles.

Due to the high air speeds in climate-controlled server rooms, the systems must be sufficiently sensitive. In this way, fires are detected and reported very early on (pyrolysis phase). At higher concentrations, the data center is extinguished using non-toxic extinguisher gases. Unlike foam or powder, gases such as Novec 1230 do not soil or damage the sensitive IT equipment. The extinguisher gas exhibits a five-day atmospheric lifetime and is not harmful to people.

Trust is good, control is better
It is the stuff of nightmares for data center administrators – a leak in the liquid cooling system in an area of poor visibility, a smouldering fire that is detected much too late or impermissibly high temperatures in the server enclosure.

With rack-based cooling equipment, even a rack door left open unintentionally can cause considerable damage if the cooling output is affected or if unauthorized persons gain access to the valuable and sensitive hardware. In cases like these, appropriate countermeasures must be taken quickly to prevent or at least minimise damage.

Early detection of the problem in question is a basic requirement in minimising response times. This is where a monitoring system with far-reaching alarm workflow concepts comes in to ensure the seamless operation of the IT infrastructure.

Sensor-based solutions are ideal for monitoring these situations. The sensors constantly control ambient parameters, such as temperature, pressure and humidity, and immediately report any deviations. Software can also provide intelligent interfaces to incorporate building control systems and server management, thus providing a holistic view of the data center. The relevant officers are informed automatically as soon as a measurement in the data center deviates from the defined parameters. If required, countermeasures can also be triggered automatically. This improves both safety and efficiency. For example, the climate control can be configured so that the cooling output is based on the actual cooling requirements at specific locations.

Safeguarding against power failure
Suddenly the lights go out – even in Australia, power failures are surprisingly frequent. As even minor fluctuations or voltage peaks can have serious consequences for sensitive hardware, uninterrupted power supply (UPS) systems are an essential part of state-of-the-art data centers. They make it possible to bridge shorter downtimes and act as a kind of "filter" to absorb fluctuations and deliver only the exact amount of power required by servers.

UPS systems are classified to EN 50091-3 and EN 62040-3. Systems in quality class 1 VFI-SS-111 can deliver ultimate protection against power failure. Redundancies are recommended for UPS systems to safeguard availability. The above-mentioned Tier classes of the Uptime Institute provide planners with suitable guidelines. Modular UPS systems based on n+1 redundancies have proved their worth in practical applications. Purchasing and operating costs are also lower. The use of two separate UPS systems is recommended for extremely high availability requirements.

Due to rising energy prices, efficiency is also an important factor. As the characteristic efficiency indicator for UPS, the level of efficiency expresses the ratio of power supplied to power output. A value of 95% is excellent.

While UPS provides immediate assistance in case of power failure, data centers must also be safeguarded against longer-term downtimes through autonomous emergency power generators. These mains backup systems – usually diesel generators or fuel cells – bridge longer power failures before the USP's batteries run out.

When things hot up
Heat is not only caused by external fire – it also results from the heat dissipated from powerful data centre servers. With a low thermal load of up to 800 watts per sq m, for example, one climate control system per air circulation system is sufficient. This is not enough for powerful servers such as blades, which can generate over 20 kW of waste heat per rack.

This is where liquid-cooled, rack-based climate control units can prevent heat from destroying computers. These special cooling systems can also be used without a raised floor. This way, cooling output of up to 60 kW can be achieved per rack. Cold air is blown from the bayable air/water heat exchanger through slotted side panels directly in front of the servers into the enclosure.

This type of cooling output is only required in exceptional circumstances and in case of high computing power in individual racks. These rack-based cooling units often also provide a "row-based" solution in which cool air is blown in a contained aisle.

Climate control via a conventional raised floor is another possible solution. Here, too, the cooling requirements, including appropriate redundancy, must be factored into the planning. A modular approach based on the waste heat and spatial requirements prevents hot spots and server failures on the one hand and costly overdimensioning of the climate control system on the other.

Another very efficient option is to use geothermal energy. By pumping water into the ground it can return to the surface at a maximum temperature of 14 degrees Celsius. This achieves an excellent power usage effectiveness value of 1.06. Overall, climate control in data centres can be realised with clever and cost-effective solutions without jeopardising reliability.

Conclusion
Although you can never achieve 100% protection, careful planning enables effective risk prevention. It is therefore important to ensure that the corresponding certifications are in place in key safety areas.

A holistic view of the IT landscape with a detailed analysis of the physical risks is essential. These are important elements in comprehensive risk management and make an important contribution to ensuring the availability of business-critical processes.

The efficiency and scalability of solutions must also be taken into account. In view of dwindling budgets coupled with growing requirements, it must be possible to flexibly extend and reorganise the data center infrastructure while keeping operating costs low. When investing in data center security, it therefore always pays dividends to look ahead to the future and opt for expandable concepts. If operators take a structured and considered approach to data center reorganization, investments in data center security will pay off the first time an incident is prevented at the very latest.