| | 4.7 Facilities
04. Data Center Architecture | | |
|---|
| Data Center Architecture | | 1. Either (1) Dedicated servers or (2) Cloud Virtual Instances may be chosen. AWS, Google and Microsoft all provide Cloud Virtual Instances (paid by the minute). The location of a cloud virtual instance is virtual and may be programmed to appear to be in any location. Real data center owners provide colocation rack space rental for ASP owned dedicated servers or provide dedicated servers to rent; the infrastructure is the same. The location of a real data center is fixed and can be part of a business continuity active-active replicated data strategy. | | 2. By definition, Bespoke Application Services are NOT cloud-based, they are dedicated-server and Internet-based. | | 3. Bespoke Application Services may have an (1) Active-Active or (2) Active-Passive architecture. While Bespoke Application Service came from an Active-Passive background, they have evolved to an Active-Active architecture. Continued evolution will see the large number of active data centers increased over the coming years. Scaling to more and more data centers is more effective than scaling each data center to use more resources. |
| Active-Active Replication: | | 1. The business continuity plan is based on an active-active architecture with synchronous replication based on data centers with high resilience. Application traffic is simultaniously served to two or more data centers with load balancing and very high availability. Continual business services are delivered by avoiding the need to do backups, eliminating recovery and simply switching to a different data center without any delays. | | (1) Enhansed service availability (no downtime). | | (2) Continual availability to increase customer satisfaction. | | (3) Improved capacity and application performance (load balanced). | | (4) Focus on disaster avoidance rather than disaster recovery. | | (5) Provides insurance against equipment failures at either data center. | | (6) Enables one data center to continue providing an application service when another data center experiences any failure. | | (7) Serves applications in real-time through multiple data center locations. | | (8) Eliminates disruptions in service. | | (9) Improves cluster performance through load balancing. | | (10) Enables business continuity during maintenance and migration. | | (11) Provides a quick and reliable fallover in the event of any disaster. | | (12) Active-Active Architecture is more difficult to begin and distributed data synchronisation is needed. |
| Active-Passive Replication: | | 1. Obsolete Disaster-Recovery plans were based on an active-passive architecture with asynchronous replication based on a primary and backup data center. Application traffic is routed to the primary data center while the backup data center may be used for testing, deelopment or non-productive work. Business data is continually replicated from the primary to a swarm of other data centers so in the event that the primary data center fails, any other data center can take over with the minimum of delay. | | (1) Minimised service disruption. | | (2) Improved efficiency. | | (3) Simple implementation - easy to get started. | | (4) Increased service availability. | | (5) Reduced outage duration. | | (6) Predictable performance during a fallover. | | (7) Improved business continuity. | | (8) Simplified maintenance. |
| Distributed Data Centers: | | 1. It became self-evident that as an interuption to power supplies to a data center was an identified risk, it would be reasonable to locate a data center to be close to power generation where disruption was less likely. | | 2. London docklands was a critical data center location until it became identified with potential terrorist threats to the power supply. | | 3. For simple security reasons, the physical location of any of our data centers is not documented and not published - people do not need to know and so this information is not disclosed. | | 4. In practice, the IP address used to connect to the Internet backbone could be detected and may be used to identify data center exchange locations. | | 5. In 2016, more than 250 secure data centers were known to exist in the UK. Slough and Leeds each have nine data centers. By simply by being manned 24*7 by dedicated data center engineers can be a major security improvement over any in-house data center. | | 6. A physical data center has a natural life cycle of less than two years before its technology is obsolete and prone to faults. Recycling of equipment is a critical part of facilities management as new equipment can be many times more energy efficient than older equipment. London cost per rack is 10,000 pounds per year, while outer-London cost per rack is 5,000 pounds per year. | | 7. A defective UPS unit is the primary cause of a data center failure - redundant UPS units backed by 100 hours of diesel generation is a basic requirement. Average large organisation downtime costs 7000 pounds per minute - a redundant UPS unit that is never used is a worthy insurance investment. |
| Replicated Data: | | 1. In the good old days, data was always copied to a safe place - until that safe place failed. The piece-of-mind that comes from storing precious data in a large number of safe places is wonderful. | | 2. Annual account data is always treated as a benchmark - it is too precious to be lost, to be stolen or to be corrupted. A solution it to ensure that at least ten copies are stored in safe places and encrypted. The logical direction is to evolve towards copies of encrypted data replicated to a swarm (hundreds) of physical places as true piece-of-mind. | | 3. Benefits of massive replication:- | | (1) Data cannot be lost in a world where lost data is a reportable data breach. | | (2) Data cannot be accidently corrupted or fraudulently changed. | | (3) Backup-restart-recovery procedures are eliminated. People remembering to do things perfectly is eliminated. |
| Data Center Management: | | 1. Microsoft Azure Cloud UK with physical data center locations in London (Paddington), Manchester and Durham. Microsoft was chosen after being audited and accepted by the UK Ministry of Defence and South London NHS Foundation Trust. The need for further due diligence could never be cost justified. | | 2. IBM Global Cloud has six UK data center locations and 16 data centers in Europe. IBM was chosen after being audited and accepted by National Grid, Dixons Carphone, Shop Direct and many leading UK corporations. It would be an illogical waste of money to imagine that IBM data centers need a physical security audit. | | 3. Pulsant Business has 12 UK data center locations and a very large number of data centers in the rest of the world. The Milton Keynes and Newcastle data centers were the first to be chosen as tier-4 with ISO 27001 security compliance. High speed communications to a swarm of data centers demonstrated the benefit of replicated data over backup data. | | 4. Telehouse North in London Docklands was one of the early data centers used with 20,000 server racks. But communication risks at the time of 2012 Olympics caused a switch to Leeds and Newcastle. Telehouse with its own power station and physical security systems are considerable more effective than any in-house data center. | | 5. Redcentric provide five UK data centers with locations in Reading, London Shoreditch, London City, Cambridge and Harrogate. It is noted that the two London data centers are not tier-4 and not ISO 27001 certified like the other data centers. These data centers are accredited to process HM Government data, to store NHS patient data and provide Janet school services - another physical audit would not be a good investment. | | 6. Equinix with multiple UK data center locations based around London and Manchester. They are one of the biggest in providing services to the FinTech industry. London Internet Exchange (LINX) provides service to thousands of financial firms using four London sites sharing services with Microsoft, AWS, Oracle and Google. With 25% of all European equities traded via the Slough data center, another physical audit of their security capabilties would not be a wise investment. | | 7. IOMart with eight UK data center locations based in London, Manchester, Maidenhead, Nottingham, Gosport, St Asaph, Glasgow and Leicester. Maidenhead has nine computer halls, independent power supplies and cross connection to many Internet carriers. IOMart with annual revenues of 76 million pounds offer cloud services using many trading names such as EasySpace and Melbourne. Hosting UK provide colocation rack space and Dell dedicated servers. RapidSwitch is yet another part of this group. | | 8. UKFast with its UK data center located in Manchester has grown from 25th to fifth place in the UK league table based on proven ISO 27001 Security credentials. With colocation, rack space is rented in ISO 27001 secure data centers to securely house the ASP owned equipment. With dedicated, servers are rented in ISO 27001 secure data centers with the ASP having full control over the build and operation. | | 9. CenturyLink have a portfolio of five UK data centers with high speed direct connections for financial trading, legal and processional firms. Slough is the latest and most powerful data center with 13.5 MW of servers. | | 10. OVH is one of the largest European data center providers with an array of colocation and dedicated server options. OVH are in a unique position to match customer service level agreements for security, availability, business continuity and privacy. | | 11. Netcetera provide a colocation data center service from the Isle of Man that is only 900 pounds per month for a full (42u) rack space and zero carbon energy of up to 8 amps. Dedicated servers with 36 cores, 512 GB of memory and 8 TB of flash storage costs from 65 pounds per month - a rack of eight machines is 520 pounds per month. | | 12. Next Generation Data Europe in Newport is the largest data center in Europe at 750,000 square-feet with BT, IBM and Logica renting most of the space. Companies like Microsoft operate their Azure Cloud services from this data center. Security is exceptional. Its own connection to the National Grid is exceptional. | | 13. Teledata operate a data center in Manchester and boast to be the most secure and most resilient colocation provider. With more then one million pounds invested to gain ISO 27001 security accreditation. Many alternative Internet connections can be rented, including SSE. | | 14. Host-IT operate data centers in Milton Keynes and Bletchley, and two in Northampton. These provide primary and backup services to one another. Their own networking capabilities are exceptional for replicated data updates between data centers. | | 15. Virgin Media has been a long term partner with ten data center locations in the UK, including Welwyn Garden City. The strength of this offer is up to 10 Gbps Internet connections to any part of the UK - direct data center to data center connections are easy to configure. | | 16. Rackspace has been used for many years because they are good at providing equipment that is exactly what is needed. Rackspace may have moved their focus to AWS. Rackspace are not interested in where or what data centers may be used. | | 17. AWS have a London portal to what may be their primary European data center in Dublin. UK Government services like DVLA and TfL are using this portal, so it must be safe, secure and backed by the very largest data center operator in the world. AWS provide compliance with ISO 27001 ISS, 9001 QMS, SOC1, SOC2, SOC3 and PCI-DSS - enough said. AWS is very different from all other data centers in that virtual instances of infrastructure is rented by the minute. | | 18. Google Clound Compute Virtual Instances are rented by the second, but operate just like any purpose built dedicated server. By definition, the physical location of any real hardware is of little concern and may be impossible to determine. It is said that Google do not own their own data centers, they simply own containers of racks that are hosted by other data center owners. Google make their own servers - the very best vendors will always build their own servers rather than buy from Dell or HP. |
| Data Sovereignty: | | 1. Once upon a time, data sovereignty had some significance and USA owned data centers were never used. | | 2. However as encryption evolved to the point of excessive encryption of all business data, then access to that data by a USA court order became meaningless. | | 3. As data replication evolved it became self-evident that the physical location of an encrypted data is meaningless because the encrypted data is unreadable. | | 4. The combination of excessive encryption and massive replication has created an environment where it is plausible to state that business data is not stored in any specific physical location. A court order to access physical data in any one data center will provide a copy of excessively encrypted data that is meaningless and worthless. Services continue to operate from a large number of other data centers that are unknown and ever chainging. | | 5. A court order can demand that a person gives up an encryption key and password. Excessive encryption has increased the use of encryption keys to more than ten-thousand and may exceed a hundred-thousand. It is not practical for any person to know or understand the full scope of what encryption methods may have been used for a specific field in a table in a database in a partition when everyone is unique. Excessive encryption can means that many different layers of encryption are applied to one field and the order that decryption is applied is critical. Excessive encryption involves other data that is used in combination with a field to decide what encryption methods shall be applied because it is impossible for any person to know the right combination of fields that are involved in every unique case. | | 6. Data Sovereignty cannot have any meaning when all business data is excessively encrypted and massively replicated to cause it to be meaningless in any physical location. As proof of concept, the annual accounts were encrypted and published on a public web site for the world to see as a bunch of images. Security experts invited to view the images imagines they are parts of a diary or calendar - obfuscation works when the most secure things are in plain sight. | | 7. While competitors continue to use obsolete database methods, the ASP has deployed encrypted NOSQL and encrypted data stored in images. While criminals will spend resources trying to crack illogical database encrypted fake data, the real business data is encrypted in images that are in plain sight. | | 8. Everything is encrypted and at least 85% of all stored data is fake data designed to obfuscate the real data. While others may use real data for testing, the ASP chooses to store test data as if it was real data as a means to obfuscate the real data. |
| Document Control: | | 1. Document Title: Data Center Architecture. | | 2. Reference: 164704. | | 3. Keywords: Data Center Architecture. | | 4. Description: Data Center Architecture and Management. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 11 Feb 2017. | | 7. Edition: 1.1. |
|
|