To read this White Paper in its entirety with images, charts & illustrations please download the PDF HERE.
Summary
The typical IT infrastructure in medium size enterprises consists of a Main Server Room, which houses the most important hardware, software and databases. Contained in other rooms, buildings or branches are all other components of the network, such as backup-server, department server, router, telephone systems, etc. This White Paper shows how such branched infrastructure can be effectively and centrally monitored to protect against any essential physical and elemental dangers, such as overheating, fire, water, power outages, as well as misuse and
deliberate attacks.
Implementation of IT-basic protection and compliance requirements
Today, the requirements for the monitoring of critical infrastructures must be in accordance with very strict standards. Compliance plays the central role. Within the context of security risks, terms and defensive strategies are often against attacks on corporate networks from outside, malicious program codes in the form of viruses or Trojans, or even unauthorized access to information or systems.
Modern technologies today allow easy and complete monitoring of server rooms and branched infrastructure units. In the foreground is central monitoring with the possibility to also send network redundant alerts to the appropriate receivers. The low costs for these systems combined with a simple plug’n play installation significantly increase IT-security and point to a very good cost/use ratio.
Physical threats of IT and infrastructure units in companies
There are basically two groups. The digital threat in the area of IT-software and networks, and the physical threat to server rooms, data center, as well as critical infrastructure units.
Digital threats
Digital threats include, e.g. viruses, Trojans, and hackers who attack data security. Media publicizes these attacks and attracts public attention. Because of this, great attention is being paid by those responsible for IT for comprehensive preventive measures; e.g. use of antiviral programs or a fire wall are common. Protection against digital danger shall no longer bediscussed here.
Physical dangers
Cooling problems, power outage, access of unauthorized persons, fire, leaks are all part of the
physical dangers for IT and technical equipment. Current systems already partially monitor such
risks. Fire alarm centers are being used by appropriate manufacturing plants. The quality of the
power is frequently measured via the USV-System. Air-conditioning systems measure the in- and
outlet temperature in server rooms.
Thus, it provides a certain basic prevention in the most serviceable rooms. However, in many instances, it does not provide for an IT-specific design and an integrated representation of these hazardous sectors. Modern monitoring systems secure against the elemental dangers with integrated sensors and thereby capture all important parameters in one system.
- Air – Room temperature
- Humidity
- Dew Point
- Motion detection (intruder)
- Vibration or rattling effect, position change (sabotage and vandalism)
- Fire, i.e. smoke detection
- Leakage and flooding
Optimal basic protection requires IT-specific systems
Theft, technical damage or disturbance of the operating environment: these are the largest physical risks which daily threaten the data and IT-infrastructure in server rooms. In order to guaranty effective protection, it is necessary that several physical prevention mechanisms work together as a unit. The following is a detailed listing of the most important physical sensors and components that ensure this overall protection.
- To secure the server room from theft, sabotage and unauthorized access, a motion detector is necessary that alerts to burglary. It is most important to use a specialized motion detector
which is sensitive to the various temperature zones and equipment temperature in an IT room to avoid provoking a false alarm. Ideal are detectors based on radar technology or specialized Passive Infrared detector (PIR) with temperature compensation. - If the room gets too hot, the temperature rises too rapidly or temperature fluctuations are too high, this shortens the life of the technical equipment, or it could lead to the server being shut down. This needs a temperature sensor which protects by monitoring the room temperature and the functioning of the heating and cooling systems.
- To avoid technical damage and server outage because of moisture, humidity as well as dew point can be monitored. To spot water on the floor of the server room, the use of a leakage-sensor is recommended.
- To detect fire you need a fire detector – ideally a carbon monoxide sensor, with a practical release point between 20 and 200 ppm. A finer adjustment provides for an early detection of the danger.
- The external network power supply should also be monitored. Power outages must be reported and in an ideal situation immediately bridged. In case of a power outage, the system should have an emergency power supply to ensure functioning of the alarm per GSM. Without any power, there is no LAN and no e-mail notification possible. This redundancy in transmission significantly increases safety.
- In order to detect errors in the operating environment early, climate data such as humidity, room temperature and voltage fluctuations should be collected and evaluated in addition to the actual monitoring. Because of the real time-monitoring of the operating parameters in the server room, some potential dangers can be recognized early on and prevented.
Modern monitoring solutions are cross-linked and signal disruptions in real time
In case of a disruption or alarm, the inserted components send messages to a central system unit – the alarm manager. It is here that all information of the sensors is collected and evaluated.
Since the server rooms to be secured in practice usually are completely equipped (and the sensors so to speak are to be installed during operation), there is no need for a signal transmission using wire; this is expensive, it would entail knocking out walls and laying wire. An effective network of sensors and the alarm manager is done server in rooms per LAN or radio (z.B. ZigBee). Should one of the sensors detect a theft or technical damage, the information gets to the alarm manager in real time, which will react accordingly depending on the type of alarm.
External alarm devices such as sirens and flashlights can be controlled via signal outputs, for example. These bring a lot of attention, but there is no guarantee that in case of alarm the proper
personnel are being notified early enough. To make this possible, an additional silent alarm system should be installed in any case, which would notify selected personnel. The silent alarm is via SMS, email, SNMP, or telephone call and can be adjusted individually -depending on the type of alarm. Furthermore, it is possible by using switches to activate additional uses, for example, an external light which increases security. An effective interplay and a functional network of all the components are necessary to protect the server room from central dangers and to react correctly in case of alarm.
Multi-sensor systems merge all important sensors in one device
In classical danger signal systems, a separate sensor is responsible for recognizing each of the dangers mentioned. To secure a server room, a technician must install and program various
components in different locations. A complete monitoring concept in accordance with the philosophy “all out of one hand,” however, is not achievable, since most of these systems although warning of any danger cannot collect and evaluate the decisive climate data of the operation environment (e.g. humidity, room temperature and voltage fluctuations).
Here lies the strength of a multi sensor-system for IT and Server Rooms. In this All-in-OneSolution all physical sensors, matched to protect server rooms, are integrated in a compact housing. It is possible to integrate third-party components into the monitoring system, but not necessary to effectively protect the server room. The multi-sensor protects from dangers and collects relevant climate data, the alarm manager evaluates, documents, and alarms – even the multi-sensor housing contains a signal. A multi-sensor solution thus is all: climate-, fire- and intrusion panel – a complete package for the physical security for these serviceable rooms.
Comparison of possible costs as a result of negligence in securing against physical dangers and the costs to invest in an integrated multi-sensor technology
Potential costs in case of the above-described physical risks. Considerable costs to replace computer hardware and software for damage sustained in server room and Datacenter. Additional costs due to loss of productivity as a result, e.g. the server being down due to overheating. It could also have an impact on the image of the enterprise in the public’s view. The investment for the purchase, installation and start-up operations for a system to monitor and protect IT-Infrastructure units is less than $1,000.
You’ve written it so nicely, and you’ve come up with some great ideas. This is a fantastic post!