data centre securitynpti.gov.in/sites/default/files/policies-document/data... ·  ·...

5
Page 1 Data Centre Security Why we build Data Centre Why we build Data Centre The data center is the heart of any Organization Data center is a term used to describe the physical hosting of computer equipment in a shared data center environment that is mutually beneficial to various tenants without each incurring the full cost of designing, building, and maintaining the environment. Campus data center is designed to function as a hardware facility for the purpose of housing computing systems providing various mission-critical services to the campus. What is it that makes a Data Center? What is it that makes a Data Center? POWER SECURITY COOLING FIRE 100% UPTIME PUZZLE Data Center Security Data Center Security There are four levels of security for physical access to securely hosted servers and equipment in data center . The first level is code access to the building. Everyone will need a private code or someone with a code to assist you to get into the building. to get into the building. The second level is biometric access to the floor. employees or data center visitors will need to pass a biometric Palm scanner to gain access to Data Center.

Upload: trandiep

Post on 04-May-2018

218 views

Category:

Documents


4 download

TRANSCRIPT

Page 1

Data Centre Security

Why we build Data CentreWhy we build Data Centre

The data center is the heart of any Organization

Data center is a term used to describe the physical hosting of computer equipment in a shared data center environment that is mutually beneficial to various tenants without each incurring the full cost of designing, building, and maintaining the environment. Campus data center is designed to function as a hardware facility for the purpose of housing computing systems providing various mission-critical services to the campus.

What is it that makes a Data Center?What is it that makes a Data Center?

POWER

SECURITY

COOLING FIRE

100% UPTIME PUZZLE

Data Center SecurityData Center Security

There are four levels of security for physical access to securely hosted servers and equipment in data center .

The first level is code access to the building. Everyone will need a private code or someone with a code to assist you to get into the building.to get into the building.

The second level is biometric access to the floor. employees or data center visitors will need to pass a biometric Palm scanner to gain access to Data Center.

Page 2

Data Center SecurityData Center Security

The third level is the card reader access to the server area. All access information such who and when gained access to the server area are logged. Security manager can review such access information at anytime.

The fourth level is locked cabinets for securely hosted servers. Keys are required to open such locked cabinets.

Data Center SecurityData Center Security

In addition to four level physical access control, the data center is also monitored by security cameras.

Fire Detection & SuppressionFire Detection & Suppression

Supply, Testing and Commissioning of Kidde Fire Protection System or Approved Equal include optical / ionization smoke detectors and rate of rise heat detectors located within floors / ceilings and room space & Area below raised floor .

FM200 extinguishing systems in both large data centers and small computer rooms

Hi Fog fire suppression systems in some of the larger data centers.

Fire Detection & SuppressionFire Detection & Suppression

zoned fire alarm panel break glass units, sounders and alarm bells.

optical / ionisation smoke detectors Gas going out valve

Page 3

Data Center:Data Center: Computer Room Power Computer Room Power

• Ensuring the availability of critical data centre, power is at the top of a designers list.

• IT equipment must be supplied with a clean, consistent source of electrical power, which allows the equipment to avoid system errors and / or a system crash.

• The following systems are available in a Data centre:

Power conditioning and UPS (interruptible Power Supply) systems.St db di l t tStandby diesel generator systems.Mains switchgear.General distribution and lighting.

Data Center: Data Center: Room Air ConditioningRoom Air Conditioning

power and environmental control / cooling are inseparable design criteria to achieve cost effective and reliable solutions, by using the following systems :

Air conditioning - close control and comfort. ventilation and extract systems. Water detection systems - local and perimeter sensing.

Data Center: Data Center: Room BuildRoom Build

Raised floor (for cabling)

Control Room Secure environment

< 1500 m< 1500 m

IDFIDF

IDFIDF

MDF: MDF: Main Distribution FacilityMain Distribution FacilityIDF: IDF: Intermediate Distribution FacilityIntermediate Distribution Facility

< 1500 m< 1500 m

Data Data CentreCentre

IDFIDF

IDFIDFMDFMDF

OFOF

Page 4

1000BASE-TX1000BASE-SX

Data centre bandwidth:Gigabit and 10 Giga Ethernet

1000BASE SX1000BASE-LX

Gigabit Ethernet IEEE 802.3z

Data Centre Architecture Data Centre Architecture

UsersWorkstation

Main NetworkDatbase VLAN

2x 2Gbit Fiber2Gb/s Fiber Channel 16

Ports Switches

MS SQL Cluster MS Exchange Cluster

Internal Web Server

SQL Front-End Server

Public Web Server

Exchange Front -End Server

Domain Controller Servers

ISA Firewall and

Data Center Network Servers Design

4x CPUs, 12GB Memory

With Windows 2003 OS

Storage SAN Fiber ConnectGE (1000Mb/s) connectionFE (100Mb/s) connectionSCSI connection

2x 2Gbit Fiber Connections for Storage

SAN to different Fiber Channel Switches for Load Balancing and

Failover

Ports Switches

Tap Library Store Edge L500 LTO 2

SAN Storage

ISA Firewall and Caching Server

Anti-virus Server

Test Server

SMS Server

Backup Server

2x CPUs, 8GB Memory

With Windows 2003 OS

Data Center Servers Data Center Servers Configuration DesignConfiguration Design • Network Services

Application ServicesVisualization ServicesStorage services

Page 5

Data Center Secure ConnectionsData Center Secure Connections

Data Center network security are customized to each customer's needs. It can be a combination of :

• firewall on network routers and switches,

• dedicated network firewalls and checkpoints such as

Netscreen, Cisco Pix, Watchguard firewalls,

• Firewall and antivirus Software on each server.

• Data transfers can be secured by VPN, SSL, and SSH

Windows 2000-basedServer/Router

Windows 2000-basedServer/Router

Security Between Networks

RouterRouter RouterRouter