10 Things to Think About for Your Data Centre Strategy
Working with a mixture of companies of all sizes I have seen everything from the demands of the immediate fail-over always on, fault tolerant architectures of the real time trading businesses to one mid-sized client who had the servers in a cupboard at the office and regularly used to lose their systems when the cleaners unplugged them to vacuum the floor (and I am not joking!)
Increasingly in the cloud enabled age we see that companies are facing decisions on their hosting strategy. Admittedly very small businesses will just consume services from the web and have no dedicated hosting and machine room or data centre needs, but any business offering a commercial service over the web or needing to house their own secure information or dedicated services will need to decide where to host their services. It’s suffice to say just plugging in a server in the office is far from the optimal solution whether from service or cost let alone disaster planning.
So what do you need to think about when choosing somewhere and a partner to host your services, what are the big questions, and how do you decide?
1. Decide what you need to host.
If you own your own servers, first ask yourself whether you really need to. Look carefully at the costs and see whether on a reasonable replacement cycle the costs of them and the people to support them make sense versus purchasing the same infrastructure from a third party as a lease contract. In most cases owning servers today is barely worth the effort and the total cost is more. Furthermore, if your servers are just sitting in a corner of the office they are not secure, probably are not backed up or up to date on versions and patches, you will certainly lose your business in a disaster, and worse will probably be costing you far more money than you think.
If you are going to look to place the services outside, seek a rigorous and competitive offer and grill your providers hard. Prepare a competitive RFI/RFP and make sure you do diligence on what you need.
2. Decide where you need the service.
With the immediacy of the internet and unless you are a very large global organisation you can probably host your data anywhere technically, except you cannot legally. Legal restrictions on where your data can reside almost certainly exist driven by data protection, privacy and security. You will almost certainly find that your data must be hosted within your main jurisdiction especially if it is personal data, unless you want to get explicit approvals from your customers, which is unlikely. So it makes sense to start with local country providers.
The second consideration is the volume of traffic you expect to reach, if it is held remotely and from where. Most businesses with less than 20 employees can rely on normal internet connections and bandwidth and do not need to consider dedicated networks. Internet based businesses will also be well served by the same means. However as a business crosses a threshold of around 50 people, especially if they are heavy users of desktop non-browser based software and/or all in one location then the question of dedicated network bandwidth to and from the data centre will start to be an additional question and will add cost. To avoid latency issues, choosing a centre within around 100km of the main location is therefore a useful additional selection criteria.
3. Plan for disaster, work out your service demand.
Work out how fast you need to be back on-line in the event of a disaster or major catastrophe as this will determine what you pay. Quiz your potential providers on how they plan to handle the disaster if their centre undergoes any kind of issue ranging from power cuts, to earthquake, to a plane falling out of the sky. Think about how you will respond if services are lost and what speed you need to back on line.
You provider should be able to offer you several options for handling a disaster and you need to decide how fast you need your business back on line and how much you can afford to lose in data. Seconds? Minutes? Days?
Many businesses will chance disaster by operating with no standby machinery and relying just on backup tapes. This means that up to a day of data could be lost (depending on backup frequency) and it may take several days to buy and install new equipment in a disaster. Adequate for some businesses with internal services, but for most external services this is not enough. (We won’t mention the ones with machines in their office not backed up and not secure …and no plan for disaster…).
At the next level a business can choose to have a “cold standby” scenario. This typically means that data is replicated to a second area in the data centre or better still a second data centre using a special storage backbone and so that in the event of big disaster few, if any, transactions are lost and things can be restarted from the replicated copy quickly, even if servers have to be configured after the disaster. This mode will cost more as storage is doubled and special hardware is required in the data centre to replicate the data, but will enable you be back online to your customers even in the worst scenario in around a day. This is appropriate for most types of businesses for internal service, but may not suffice for fast moving and/or customer centric markets.
Step up again to “warm” standby. Here the data is also replicated but a second backup machine is standing by and available if the main centre or servers fail, it maybe used for other activities such as testing or development or even other applications, but it can be quickly linked to the replicated data giving a recovery time of a few hours for key services. Again the cost is higher as more hardware is needed, it is the level most customer centric businesses demand.
Finally “hot standby” is where two sets of machines operate in tandem over two data centres and users are automatically routed to either which means there is no loss of anything in the event of any disaster or operational issues. Naturally this is the most expensive and is applicable to real time trading environments and other high availability systems.
4. Check the data centre topology.
Having decided your recovery and resilience needs then check what your potential providers offer, especially the topology and location of their data centres.
A single centre can still offer operational resilience by replicating data across the building, perhaps with the addition of fire proof zones, however to be really secure the data centres should be fully separated not just by a street or two but by several kilometres/miles. Check the distance between the centres, what are you happy with? Bear in mind after big disasters like 9/11 in New York some data centres ran out of fuel for their generators to keep the power on, not only in their main centre but in the backup one because they were both in the disaster zone. High end users such as banks are increasingly looking at up to 30km between centres, although there are limits on real time data replication across storage backbones on networks that probably mean 50 to 80km is about the maximum sensible distance today. Look at the location of the buildings and ask some basic questions – are they under flight paths? near water at risk of flood? Most sensible providers will have looked at these issues of course, but it is sensible to check.
5. Check out the resilience on offer.
You will see data centres graded by a tiering system – typically most centres are “tier 3”. This means they are adequate for most commercial enterprises but will have possible single points of failure so it is worth diligence to identify them. A good provider will be open about their level and why it is at that level. As the levels move up through tier 4 towards tier 5, the security and redundancy in the centre will be higher. A tier 5 data centre will have full redundant systems and networks for everything – for example there will be two independent connections to the national grid with differing suppliers at opposite ends of the building, networks likewise will be connected twice with different providers and different routing not only in the building but also in the street outside, diesel backups for power will also be dualed, and will be capable of running the whole centre twice as long if power is lost, air-conditioning systems will also be redundant, with redundant or duplicate chiller units with dual power supplies. Consider what is important to you in respect of redundancy and ask hard questions about what happens if things fail when comparing providers.
A simple thought but can a simple machine room in an office building ever provide adequate resilience. Many companies still rely on this for their service ignoring the cost fo the space, the special equipment and people needed to maintain it. I beg to suggest it is an artificial saving and may cost more in overall costs.
6. Understand the security systems.
Like resilience centres are also graded on security. Access controls in the building, to the machine rooms and plant rooms, to the aisles and racks are all critical to controls. The stories in the industry of engineers working on the “wrong” system by choosing the wrong rack are legendary and are perhaps much more likely than a full disaster. So good processes backed up with excellent security systems are a must. Check out the security systems which are they just pass cards (which can be switched) or is there extra checks such as photo ID, palm or print scan, or iris recognition. What level does your business and its clients demand? What are you prepared to pay for? Again ask questions early and eliminate providers that don’t fit your needs.
7. Decide between dedicated and shared “Cloud” services.
Some data centres will allow you to buy rack space, then house and manage the machines yourselves (Rack space offerings), others offer the chance to buy or lease racked up machines provided by the centre (Dedicated server offerings), increasingly you can by the machines and services on shared environments (Cloud services, also known as Infrastructure as a Service or IaaS). What you need will depend on how big your company is, the current hardware you have, how old it is , and how much internal expertise is in place. Most small organisations will trend to the Cloud offerings to gain economies of scale by sharing resources and backbones, at the other end a big company could well rent space and even rack it out to their needs. The hard decisions are in the mid range where the business will drive the choices far more and hard cost benefit analysis will be needed to make the right decision.
In looking at the decision, start with the people and expertise. Do you have and do you want to have IT systems administration experts in your organisation, are you big enough to pay them and motivate them plus provide cover when they are away….if not you should really consider buying your infrastructure as a service with the platform maintained by the provider or at least as a dedicated service with support. If you hardware is old, end of life, and out of support then take the chance to move to a full infrastructure as a service buying what you need without long term commitment. If you have newer equipment then maybe consider rack space to house it or a sell and lease back with vendor. Time taken up front to make the decision will pay back later.
8. Work out your storage and backup needs.
Behind the server service is perhaps the most critical layer in the centre – the storage layer. Most centres will encourage you to make use of their storage backbone, that way they can run centralised backups on your behalf and also provide, if you want it, replication of the data to a second location. From my perspective it is a false economy to have only on board storage on your servers and not availing yourself of wider storage solutions and doing so will cause pain later whether through backup failures or costs or through lack of reliance.
Again quiz your provider hard on the options, check how they perform backups, where they are stored and how tapes are cycled. Ask about replication and what happens when a server goes down and how the solution can be used for recovery. With the right solution you should not lose any transactions in the event of a failure. Finally, when up and running make sure later that they are really doing what you have asked for, perform regular checks by requesting a restore from backup to ensure your data is safe.
Storage volumes are a critical part of the costs of any data centre services so checking out what you have and understanding growth and expansion should be part of your pricing plan.
9. Make a plan for monitoring.
If you are running business applications on your servers you will need to consider how they are monitored and trigger alarms if there are failures. Data centre providers should be capable of helping you with services to make sure you know and are alerted when something goes wrong. Work out what services you need, how many services need to be included and what needs to monitored. Check carefully service levels and make sure the provider has a clear and clean SLA proposal before you sign up.
10. Contracts, contracts, contracts.
I mentioned above getting a sensible RFI/RFP together, it certainly is important to understand the myriad of pricing options and SLAs on offer. It is tempting to see all providers as the same with the same services but experience shows that there are huge ranges of service within the same category and without diligent questions up front you will not find out about any issues until late. Make sure you have a clear set of questions, double check all the answers and use any issues to either force the decision or challenge the price.
Data centres are a complex topic and no bog entry can ever cover all the issues but hopefully a few pointers above will help people understand the critical points and make the right decisions.
If you are running business applications on your servers you will need to consider how they are monitored and trigger alarms if there are failures. Data centre providers should be capabale of helping you with services to make sure you know and are alerted when something goes wrong. Work out what services you need, how many services need to be included and what needs to monitored. Check carefully service levels and make sure the provider has a clear and clean SLA proposal before you sign up.