Fires remain a major cause of extended data center failures. Indeed, the high density of several megawatts of electrical power significantly increases the potential of a fire. Arcing, short circuits, smoldering fires or defective components can all have serious consequences. We spoke to Joachim Faulhaber, product manager and head of data center at TÜViT, about a well-known cloud data center fire earlier this year, and how fire protection ought to be a key element of any broader risk prevention strategy.
The Strasbourg data center fire earlier this year demonstrated how easily a fire can break out and spread. In your opinion, how can such fires be prevented or, at least, how can the fire risks be reduced?
Of course, the latest data center fire makes one thing clear above all: behind ‘the cloud’ there are physical data centers that can fail and massively restrict cloud services. Fire protection, in particular, plays a central role in view of the energy density required to power the technology but, at the same time, also presents data center operators with a special challenge.
This is because fire protection measures must be taken into account and consistently implemented right from the start. For example, the IT-equipment should be distributed on a small scale across several rooms and separated in terms of fire protection.
In addition, a suitable state-of-the-art fire alarm system and an early fire detection system should be used to detect fires in their early stages. There are a number of criteria of this kind that data center operators should be aware of, in order to protect their premises effectively. Among others, the Trusted Site Infrastructure (TSI) or EN 50600 certifications can provide guidance.
What distinguishes ordinary building fire protection from the fire protection that should be used in data centers?
The protection requirements in a data center relate to personnel, equipment, data and service availability. Protection of personnel and equipment is usually covered by conventional fire protection measures, such as setting up fire compartments, fire monitoring and sprinkler systems if necessary. The mission here is that damage to equipment is not necessarily prevented, but limited. The protection of data and service availability is about preventing the fire (materials, oxygen lowering), or detecting and fighting it early in its development phase (early fire detection, gas extinguishing system).
Redundant distribution of the supply infrastructure makes it possible to isolate the fire in such a way that it is still possible to supply the IT equipment via the unaffected rooms. In principle, the fire protection measures in a data center are more complex and must be planned conceptually, taking into account the aforementioned protection goals.
What would you advise data center operators to do about fire protection?
As in many other areas, the same applies here: caution is better than indulgence. Of course, there are legal regulations that need to be adhered to, or requirements from insurers that have an influence on the amount of the insurance fee. In addition, data center operators should supplement their fire protection measures according to the particular needs in the data center and not leave it at the conventional equipment. After all, in the event of a fire, not only are the restoration costs high, but there is also the risk of serious damage to a company's reputation.
To avoid such a scenario – and others – as far as possible, it is advisable to consult a fire protection expert with knowledge of the data center environment at the planning stage and to use catalogs of criteria such as the TSI.STANDARD or the TSI.EN50600. In addition, you gain a higher degree of confidence if you have your data center regularly inspected and certified by an independent third party such as TÜViT.
At the end of the day, fire protection represents only one aspect of data center risk management. What else should operators consider?
That's right and, for this reason, we at TÜViT take a holistic approach with the TSI.STANDARD. This takes into account the relevant EN and DIN standards – especially DIN EN 50600 – but also VDE regulations and VdS publications.
Here, of course, the topic of fire protection is also found, but is equally weighted alongside nine other assessment areas, each of which contains a set of requirements in the form of criteria. Also considered in this context are the environment, building design, security systems and organization, cabling structure, power supply, ventilation systems, operational organization, documentation, and data center network, if applicable.
The goal of this holistic approach is to optimally secure one's own data center by implementing and fulfilling the various requirements, and in this way to ensure the highest possible availability.