| Facility Manager: | | Each data center is managed as a physical facility with physical CCTV, alarms, entry control, power supplies with backup generators, air conditioning and air drying, fire suppression and complex uninteruptable power supply batteries. | | Our Facility Manager must be able to manage physical entry to the secure building by avoiding any need for people to enter except to do a known and pre-planned task for an agreed duration of time. | | Visits to "see" the data center and its impressive wall of server cabinets was eliminated many years ago - even the MD is not allowed on site withot a purpose. | | No data center has a vistors area or a meeting room - only known operations people who are scheduled to enter are permitted to enter. |
| Qubves OS: | | 1. It is a trade secret as to how Qubes hypervisor is deployed, but it is the most secure operating system in the world and will not be influenced by Governments to reduce its privacy-by-design and overall effectiveness. | | 2. The operating system can only be as secure as its hardware, so a very restricted hardware specification is deployed based on no-frills, simplicity and no back doors. |
| Dual Sign-In: | | It is unacceptable to grant any one person data acccess to any data center - at least two people must be involved in gaining data access to a data center. | | One data administrator will sign-in and get to an interim point where they require the colaboration of another data administrator. | | A second data administrator will sign-in and approve that the first data administrator can proceed using standard data administration utilities. | | Both data administrators are mutually responsible in all audit trails for any data changes that transpire. | | Each data administrator is protected from becoming an unwilling party to a fraud - a consipacy involving at least one other data administrator is required. | | As each data center has different data administroators and as data is automatically replicated between data centers, it is hard to imagine how a conspiry could access all data centers and make an unauthorized fraudulent data change. |
| | | Objective: | | To manage the physical environment where IT infrastructure is located. | | Facilities management includes all aspects of managing the physical environemt; including power, cooling, entry and environmental monitoring. |
| Checklist | | 1. Verify that a large number of copies of all business data are stored in distributed places - and that all copies are excessively encrypted. | | 2. Check disk usage and never store archive data in a production environment - store data according to its use and life cycle. | | 3. Drop obsolete techniques like RAID disks - focus on flash drives, a very large number of modest sized flash drives. | | 4. Patch management must be scheduled every month - operate many self-contained applications in parallel so maintenance is simplified. | | 5. Patch all utilities, control panels and editors every month - never use WordPress. | | 6. Patch all application tools or delete any application program that has not been used for a month. | | 7. Patch FTP and remote access tools. | | 8. Use tools to scan logs for hardware errors, timeouts and utilization limits being exceeded. | | 9. Continually monitor server performance and utilization - one day it may be overloaded. | | 10. Continually monitor all user accounts and tidy up the data. | | 11. Continually monitor all pass-phrases and design alternative assignment algorithms. | | 12. Periodically run external penetration tests - and monitor what criminals are trying. |
| Large number of small servers: | | While the rest of the world are moving to consolodate into massive virtualized blade servers, we choose to evolve to use a large number of very small servers. | | Our three-tier architecture is fundamentally safe, secure and scalable to any number of users with any number of web servers and any number of applications. | | We continue to employ one massive database server in each data center, but it has dual everything to maximise its availability. | | Atom: | | An atom process running 10 watts is a very effective web server with numerous servers being load balancing from the firewall - 12 by 10 watts is only 120 watts of power to support thousands of users. | | The same atom process is a very effective application server with up to a six processing all application data requests - 6 by 10 watts is only 60 watts of power to support thousands of users. | | Using less electrical power than a typical desktop computer, many thousands of Internet users can be supported into a big database server. | | If any atom processor fails, the impact on traffic thoughput may be too small to measure, extra Atoms can be plugged into the architecture to scale up for more users and at night, half the Atoms can be powered down to reduce electric costs. | | The result is that we have a lower cost of operation than all our competitors, we have more resilience, greater availability and easy scaling to match ever growing capacity requirements. |
| Security Laws: | | 1. Nobody believes anything bad can happen to them until it does. | | 2. Security only works if the secure way also happens to be the easy way. | | 3. If you do not keep up with security fixes your network wont be yours for long. | | 4. It does not do much goos the install security fixes on a computer that was never secure in the first place. | | 5. External vigilance is the price of security = Monica. | | 6. There really is many people out there trying to guess your passwords. | | 7. The most secure network is a well administrated network. | | 8. The difficulty of defending a network is directly proportional to its complexity. | | 9. Security is not about risk avoidance its about risk management. | | 0. Technology is not a panacea. |
| Rack Rental: | | 1. Space in a data center is rented by the rack where a standard 19 inch rack may be 70 to 90 units high. | | 2. Normal deployment is to rent only one rack in each data center, so the infrastructure can be distributed to as many data centers as possible. | | 3. In a few cases where networking is exceptionally good, additional racks are rented. | | 4. Each rack begins at the base with a power distribution server and massive batteries that can power the entire rack for at least 30 minutes. | | 5. Any transient power failure of up to 10 minutes can be ignored as the rack will continue to provide normal services. | | 6. After a ten minute power failure, the network is dynamically reconfigured to switch transactions to an alternative data center. | | 7. People using application services will have no reason to notice the transaction switch to an alternative data center. | | 8. All data centers have diesel generator backup power generators, but while they are in use, risks are too high to use the data center for normal production services. | | EXAMPLE: BA found that when a person switched off the main power breaker, it took some days before servers could recover and provide a normal application service. | | It is no longer cost effective to operate like BA from a single data center. | | The large number of data centers that provide Bespoke Application Services may not be the cheapest option, but it is the better than every other solution. |
| Document Control: | | 1. Document Title: Facility Manager. | | 2. Reference: 164700. | | 3. Keywords: Facility Manager. | | 4. Description: Facilities Managagement by the Facility Manager. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 11 Feb 2017. | | 7. Edition: 1.1. |
|