Embed Size (px)
Citation preview
Data Centre AuditingData Centre Auditing• Capitoline has audited over 30 data centres in
the UK, Ireland, Netherlands and the Middle East
• Capitoline is the audit partner for the Amsterdam Internet Exchange and Cisco EMEAN t t h th t ti• No two customers have the same expectation from a data centre audit
What are the motives to obtain a DC audit?What are the motives to obtain a DC audit?• Their customers require it
N d t d t d ‘Ti ’ ti• Need to understand ‘Tier’ rating• Know they have problems but need an external
lt t t fi th t t f f diconsultant to confirm that to free up funding• Have current and severe operational problems
and need to start the overhaul/replacementand need to start the overhaul/replacement process
• Need ISMS audits such as ISO 27000• Need ISMS audits such as ISO 27000• Need to know their green/CO2 /PUE position• Want compliance with H&S and other legislation• Want compliance with H&S and other legislation
About 50 separateseparate standards that could be applied to a ppdata centre plus many national requirements
Tier RatingTier Rating
The UpTime Instit teThe UpTime Institute
=TIA 942
=BICSI 002=
‘Tier’ StandardsTier Standards• TUI is a design philosophyg p p y
– Tier 1, basic requirements– Tier 2, redundant components, p– Tier 3, concurrently maintainable– Tier 4, Autonomous fault toleranceTier 4, Autonomous fault tolerance
• TIA 942, a prescriptive design guideBICSI 002 some different ideas• BICSI 002, some different ideas
ISMSISMSInformation Security
Management standards
ISO 27000 Series
ISO 27002 Code of PracticeInformation technology Security techniques Code of practice forInformation technology — Security techniques — Code of practice for
information security management
1. Introduction and scope2. Terms & definitions3. Structure of the Standard4. Risk assessment and treatment5 S it li
Big on questions but proposes no answers
5. Security policy6. Organisation of information security7. Asset management8. Human resources security8. Human resources security9. Physical and environmental security10. Communications and operational management11. Access control12. Information systems, acquisition, development & maintenance13. Information security incident management14. Business continuity management15 Compliance15. Compliance
Do you handle credit/debit card transactions or keep financial data?
U S RequirementsU.S. Requirements• Sarbanes-Oxley Act• Health Insurance Portability and accountability
Act• Gramm-Leach Billey Act• State level legislation• Payment card industry standard• International Traffic in Arms Regulationsg
Green CredentialsGreen Credentials• 2001 European Directive on Energy
performance in Buildings• 2006 Building Regulations Part L
2006 EU E S i Di ti• 2006 EU Energy Services Directive• 2007 Climate Change Bill• Server and Data Center Energy Efficiency• Server and Data Center Energy Efficiency,
Public Law 109-431, April 2007
Code of Conduct on DataCode of Conduct on Data Centres November 2008
Make Your Reputation by Inventing a Metric
• The Green Grid• The Green Grid• Environmental Protection Agency, EPA• US Department of Energy, DoEUS epa e o e gy, o• Silicon Valley Leadership Group• Mckinsey• The UpTime Institute• Leader Environmental Design, LEED• BREEAM• Transaction Processing Performance Council, TPPC
Data Centre MetricsData Centre Metrics
DCiE Data Centre infrastructure Efficiency
DCiE =IT equipment Power
DCiE Total facilities Power
Power Usage Effectiveness, PUE = 1
DCiE
Advantages – SimpleDisadvantages – the servers, though taking most of the energy, may not actually be doing any useful work
Energy Usage Effectiveness EUEEnergy Usage Effectiveness EUE
Energy Star is developing an ‘improved ‘metric* called
E U Eff ti (EUE) T t l E / UPS EEnergy Usage Effectiveness (EUE) = Total Energy / UPS Energy
•EUE is based on energy, not power•Total Energy includes all fuels (electricity natural gas diesel etc )Total Energy includes all fuels (electricity, natural gas, diesel, etc.)•EUE is based on source energy, not site energy•Source Energy is the total amount of raw fuel required to operate the buildingg
•Build on existing ENERGY STAR platform with methodology similar to existing ratings (1-100 scale)g ( )•Usable for both stand-alone data centers and data centers housed within office or other buildings•Offer the ENERGY STAR label to data centers with a rating of 75 or higher
The UpTime InstituteThe UpTime Institute • Data Center Energy Efficiency and productivity
(DC-EEP) Index• DC-EEP=(IT-PEW) x (SI-EER)• IT-PEW=IT Productivity per embedded watt• SI-EER=Site Infrastructure Energy Efficiency
(same as PUE)• TUI say average SI-EER is 2.5 or 40%
Data Centre AuditingData Centre Auditing• What does the customer want to achieve?• Use the right audit package to answer the
customer’s questions/requirements• Select from the range of appropriate standards
available. There is no one standard that fits all i trequirements
• An audit includes business processes not just ph sical attrib tesphysical attributes
Thank youThank you
Barry Elliott, RCDDCapitoline LLPCapitoline LLP
[email protected] capitoline euwww.capitoline.eu
