A Data Center by Design: Keeping the Roof Over Our Heads
November 28, 2011 by bczachura · Leave a Comment
I doubt that you spend much of your day thinking about your roof. It’s just sort of there to keep rain and snow off of your head, and as long as it’s not leaking on your desk, it’s rarely a topic of conversation. I agree that most roofs lack the dynamic quality to make them interesting, but that was before I had the pleasure of watching a Tier IV data center being built specifically to protect IT equipment from the excesses of Mother Nature. I’ll talk about some of the other amazing infrastructure components in future blogs, but this is about the roof.
Being located in the Midwest, our primary adversary is tornadoes. They are fascinating to watch on Storm Chasers but are tough on buildings and their contents, so our facility is built specifically to withstand that threat, and a key component is the roof. The roof is approximately 43,000 square feet (bit smaller than a football field) and is constructed of 8” thick concrete reinforced with ½” rebar laid in a 12” grid, covered with a rubber matting which is in turn, covered with gravel. There is nothing located on the roof, and no penetrations. Those are the rather dry statistics, but the cool part is:
It weighs 4.5 million pounds! 2,041,186 kilograms! For those that might relate to numbers differently that is the equivalent of 1,258 average midsize cars (Chevrolet in this case), or 372 African elephants (with intact ivory) or 34 fully loaded Abrams battle tanks, all in a roof that is smaller than an acre! It took over 100 fully loaded concrete trucks just to supply the material, and it was a non-stop process from start to finish. To watch load after load after load of concrete dumped into the hopper of the delivery boom and blown onto the roof in a seemingly endless stream of grey slurry was fascinating. (Authors note: I did shorten the viewing process slightly by actually only watching the first few and last few trucks but the principal holds).
Why did we make it so bloody heavy? Easy for those of you who watch natural disasters on the weather channel; to keep it there if we ever experience a very personal visit from a tornado. Twisters have a tendency to pull off or lift away a roof rather than push it in. We decided to leave the whole Wizard of Oz thing to someone else.
The end result is a roof with no edges for the wind to catch; no equipment on the roof to generate wind resistance, no penetrations through the roof for leak points (doesn’t matter if your roof stays when the wind ripped off your air conditioner and dumped water onto your equipment through the holes) and enough weight to stay put during an EF5 tornado. How many facilities to you know of that are totally secure in a 207 MPH storm? Puts a whole new spin on the humble roof!
Here are some past roof related blog posts we did during the construction process:
Please Contact Us if you would like more information or would like to see what’s under the roof.
When the levee breaks – no Zeppelin about it
November 7, 2011 by Kara Manon · Leave a Comment
Recently, Southwest Dubois County School Corporation in Southeast Indiana ran into some problems when a water pipe was cut during construction at Southridge High School. The pipe was quickly capped. But as they later learned, when water rushed onto the school’s computer servers, the pipe had been capped improperly. The estimated damage of $500,000 was covered by insurance. Equipment is replaceable and sometimes salvageable but that doesn’t cover data that could be lost from such an incident.
Things like this do happen and we all need to be prepared. Whether or not you have offsite backup or disaster recovery, you should make sure your servers aren’t near ongoing construction, overhead water pipes or windows. The equipment should not be in a basement or first floor, if possible. This reduces the chances of water damage from flooding. This won’t help you if a pipe bursts on a higher floor like at Abilene Christian University where a pipe burst due to cold temperatures and flooded the third floor back in February. The school’s IP server was damaged and no new computers could be connected to their network. That seems like a fairly lucky incident. Lost data or lost internet connectivity would have been much worse for staff and students.
Not everyone is as fortunate. Last year, a water main break caused a massive flood in the basement of the Dallas County Records Building in Texas. Their servers were located on the fifth floor but UPS systems and key electrical equipment were six feet under water in the basement. The County had no backup system at the time. It took three days to get critical computer systems back in place. During those three days, half of the civil courts and one-third of the criminal courts could not operate. Police officers were unable to run background checks during traffic stops. The building remained closed to the public for a month and the reported cost of repairs: $10 million dollars.
This is a risky business. Lacking a backup system leaves you extremely vulnerable in the event of a disaster. Some business couldn’t bounce back from an incident like Dallas County, Texas suffered. According to the Red Cross, 40% of small businesses do not reopen after a major disaster. A water main break might not be a major disaster but what about ice and snow causing impassable roads and power outages? What about a tornado, hurricane, fire or flood? Do you have a contingency plan for these situations?
Downtime is easily avoidable and Data Cave can help.
Questions? E-mail us at info@thedatacave.com or call 866-514-2283
Data Centers and HIPAA Compliance
October 11, 2011 by Kara Manon · Leave a Comment
There have been questions about what role a data center plays when it comes to HIPAA. We want to address what requirements and obligations data centers have when working with clients in the healthcare industry.
First of all, what is HIPAA? The acronym stands for the Health Insurance Portability and Accountability Act of 1996, enacted to protect the health information of patients. When you visit a doctor’s office or the emergency room at your local hospital, all the people seeing your medical history have signed some sheet of paper, promising to keep your information private. This means to disclose healthcare information, they must have your permission (or authorization from the proper authorities in cases of child abuse, etc.). HIPAA also covers how physical and electronic data is handled and secured. Healthcare entities must backup their data and have a disaster recovery plan in place. This is where data centers come in.
The Health Information and Technology for Economic and Clinical Health (HITECH) Act was enacted on February 17, 2009. This Act requires covered entities to disclose breaches in Protected Health Information (PHI). The covered entities and their business associates that “access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI” are required to notify the Department of Health and Human Services or any breaches. The business associates must notify the covered entity of a breach who in turn notifies the individuals involved (patients) and the HHS if more than 500 individuals were affected. From the statement above, data centers like Data Cave, would be considered a business associate.
The problem is there is much to speculate on what this actually means. Some data centers use HIPAA compliance as a marketing tool. Let me make something clear, there is no certification for HIPAA. A data center can be HIPAA compliant, which is what we at Data Cave consider ourselves. Some pay an outside source to come in, look around, and put their stamp of approval on the facility. For Data Cave, meeting HIPAA compliance means limiting people with access to equipment, including our own staff. This also means notifying the proper channels when someone has been near a healthcare entity’s equipment. With most healthcare companies, they are going to want to manage their own equipment, which means our staff wouldn’t need to touch it anyway. However, for a data center doing managed services, facility staff would be responsible. In that case the facility would enter into an agreement with the customer to maintain confidentiality. In the event of a breach, whether virtual or physical, a data center would notify the customer (the covered entity) who would, in turn, notify the HHS if applicable.
In other words, no one can claim HIPAA certification. To take it a step further, the essence of a data center is to be secure; so in that case, aren’t we all HIPAA compliant?
To find out more about Data Cave and HIPAA compliance, call us at 866-514-2283 or Contact Us via our website.