Articles

The private cloud for more security

Outsource its data and therefore its heritage remains a difficult decision for most business leaders. Technically and legally many questions are still complex and vague answers. However, a reflection on the infrastructure component offers Cloud allows to move towards more reassuring solutions for businesses.

Companies that intend to optimize their IT resources are reluctant to take the step of outsourcing their technical infrastructure and SI. The issues raised within the safety levels : guarantee security and access to their data, physical location of servers eg. Many analysts table on the Private Cloud solution.

But what the private cloud ? The commonly accepted definition is the result of dedicated infrastructure for a client. Companies with a private cloud would have access to the infrastructure to the creation and destruction of virtual machines and storage resources.

These offers private cloud respond well to the application of traceability, because it is the company itself created its virtual machines, in a well identified datacenter. They can also address the issue of security, provided that the networks are well segmented and isolated.

However, it is interesting to return to the definition of cloud computing : remote access to computing resources on demand. Dedicating an infrastructure company goes somewhat against this concept, and does not provide the benefits of investment : costs of computing resources are fully supported by the company, whatever its use. Regarding the power consumption, it can not be adjusted if the system of private cloud pemet off unused servers. In practice, few companies are encouraged to extinguish, because current offerings take little account of the power consumption.

The commonly accepted definition of private cloud is a virtualization infrastructure dedicated ; but it does not have the benefits of cloud computing …

Can we reconcile the imperatives of security companies with the benefits of cloud ?
We believe that this is possible with a shared infrastructure, but whose networks are private. In this model, companies have access to a private network virtual machines on a shared platform. The network is an essential basis for safety. It allows you to define which users have access to what resources. It also limits and plot areas where data. If the zones are not routed on the Internet, is a key element of security.

From the moment we define the « private cloud » is the cloud on a private network ; not a cloud « dedicated », then companies can reap the benefits of cloud : consumption of virtual machines on demand, billing according to consumption. The host will share resources between several companies, and will optimize the energy consumption of these machines to reduce costs. This solution seems more virtuous and more economically efficient.

The definition of private cloud seems therefore to be reviewed. Rather than dedicated infrastructure for business, it is rather a shared infrastructure on a private network that allows for the benefits of cloud computing. Remains to find the right hosting network solutions to ensure customers that their resources are well protected.

Computer rooms : key points

New uses of IT result in an increase in the number of servers the company to squeeze in the computer room and the electric power purchase. The room is not always appropriate in electrical terms, Networking and Security. But what of its servers ?

The alternative for server hosting is simple : develop a computer room in the premises of the company, even build their own data center or in a datacenter outsource open for business. To simplify datacenter call, space dedicated to the storage server that is located in a business or is operated by a company specializing in specific buildings.

For the proper functioning and security of servers, the data center must be

  • Powered by a high electrical power, with redundant power supplies. Double electric supply, generator, inverters will be required in case of high-availability power requirement
  • Secure both physically and technically to prevent tampering, elicitation or destruction of data or hardware.
  • Conditioned or cooled effectively to prevent overheating and hardware designed to reduce the risk of fire
  • Interconnected to the Internet with guaranteed speeds and symmetrical powerful to handle traffic from external users (website eg)

All these constraints are difficult to meet for an IT manager, often limited budgets. On one hand, the physical location of the premises is sometimes away from electricity substations, fiber networks or copper, access to resources and limited technical capabilities of the company. On the other hand, existing local, if they are lucky not to be confined (rarely the case in the Paris region admittedly), shall be provided and the costs can be very high : air conditioning systems, materials, work, Civil Engineering. Finally, this type of infrastructure are hidden costs that can encumber profitability : assurance, team training, fire controls, electricity bill, guarding or access control.. .

For a computer room forty servers in a standard configuration (low-density, air conditioning, key lock), we believe that thetotal investment reached 50 k € and a monthly charge of about operating 2,5 k€ (out servers and training).

The choice is pretty fast … However, for the choice of datacenter « outside » it is necessary to take into account 3 other settings outside of course the rates and conditions of sale or service specific constraints (approche green IT, billing consumption).

  1. Scalability of the accommodation on offer provider of short and medium term : particularly in terms of availability of additional bays and electric power (high-density) to compensate for the peak server activity (such balances for e-tailers)
  2. Service Offerings Site. Providing connections : connectivity offerings, rates, number of operators, high availability option connection and monitoring services. But also offers cabling, reboot servers, storage materials, boardroom …
  3. Geographical location ou more precisely accessibility for staff and providers. In addition to the distance, must be taken into account in a more comprehensive, time access and transport infrastructure (train, RER , parking..). Et the last but not the least, offer interconnection to facilitate remote administration of servers by business teams (the rate of, vpn ethernet)

Based on our clients’ projects, regardless of their location, and in conclusion, we advise companies wishing to optimize their network infrastructure spending by maximizing their availability a mixed solution : a computer room in their local small in terms of area but equipped with inverters and cooled servers for back-up, outsourcing servers on sites operated by professional and above all a safe and efficient management thanks to an interconnection level 2.

This solution allows to have a secure and redundant architecture across multiple physical sites while releasing stress and eligibilities electrical network

To assess the safety of a data center

The security of a datacenter, is the security of your data or those customers. Do not be fooled by security pretexts, marketing often also, to avoid questions about the real conditions of operation and maintenance of your site hosting.

Data centers are the factories of modern times. They host Internet : websites, les emails, data and photographs of individuals ; but also corporate data. At the centralization of IT and cloud computing, they become the backbone of the digital economy. A failed datacenter, and thousands of people may be deprived of network, Phone, emails or data.
For all that, we do not know well their security. Often under the guise of confidentiality, some operators of data centers provide little information on their thermal architecture, electric, and failures encountered. This communication is rather made by users who have to suffer an outage. There is no standard defining the security of a datacenter.

Criteria based on the architecture of datacenters enable a private, l’Uptime institute, classify datacenters. They are categorized as « Tier I » to « Tier IV ». However, these categories are often used wrongly and without control by designers datacenters. Furthermore, they do not take into account new data center configurations and operating process.

To know the security of its datacenter, Here are some basic questions that it seems useful to ask their host :

Thermal safety is often the most overlooked element, and it is the cause of many failures. For a datacenter 1 MW computing power, if the cooling system stops working, this is 1 MW heat that builds up and raises the room temperature. How are cooled machines ? Is it a system of chilled water circulation in a false floor ? Is this ice water directly in the machines ? Is this recycled air conditioning and ? Cooling by ambient air ? What are the beaches outside temperature for which the system is designed ? What is happening in case of leakage of water if the water is used ?

It is necessary to check the fault tolerance of the cooling system. The network is it doubled ? Production units of cold are they redundant ?

– Electrical safety must be examined from the high voltage to the computer servers. How high-voltage electrical sources your datacenter he has ? high-voltage cables are they doubled, on two different courses ? A risk of fire exists on the high-voltage transformers : are protected against fire ? Are they lined ? Many data centers have only one general low voltage switchgear : Is this the case with your ? Computer rooms are they protected electrical brownouts ; that is to say is that the inverter is used continuously ? What are the procedures and maintenance of energy storage systems, Batteries such as ? How gensets been dimensioned ? Can they rescue all the datacenter or only the power of the computer ? What is the fuel reserve available ?

At electrical bays, how many power sources are distributed ? Is it different phases of the same channel, which is not a security ; or channels produced by separate inverters ? Computer servers are they connected to two separate sources ?

– The fiber-optic networks data center must be secure. How many conveyances optical fiber are present ? The optical fiber paths they are disjoint from one end : in the street and in the building ? points of presence until berries operator customers ?

Other security features may be considered : access control, video surveillance, fire detection, automatic fire extinguishing. A key element is the presence of staff on site : Security Officers, but also maintenance personnel, welders fiber, network and systems technicians. Procedures put into production, maintenance, SAV, penalty must be clearly defined and applied. For information on the quality of operations, a visit is helpful : the site must be clean and empty boxes should not be located in rooms. The access to the rooms and bays doors must be closed, well ordered and labeled wiring. Rooms, berries and technical areas must be clearly marked.

You can never be certain that an incident will not occur in a datacenter. However, it is quite essential to be very demanding vis-à-vis its host in terms of safety, availability and operating conditions. Safety is not to be walled in underground and excuse solicitor. Safety is first and foremost a question of resources and processes but also clear and transparent vis-à-vis its customers’ information.