|
For the average citizen, this isn't the ideal time of year to broach the topic of audits. However, in the data center space, audits can work to actually relieve stress and save money over the long haul because of their innate ability to identify problem areas and discover opportunities for improvement.
"Data center audits are an effective and cost-saving tool allowing data center managers to know where their facility stands today and what power and cooling strategies are needed to grow in the future," explains Tom Karabinos, director of partner channels for Emerson Network Power's Liebert Products (www.liebert.com).
Although a data center could appear efficient from a bird's-eye view, closer investigations typically unveil vulnerabilities and threats that could affect not only performance, but also the data center's ability to meet availability and security expectations. An audit is generally no small undertaking, but its long-range effects are almost always worth the effort spent.
Key Points
- Audits are useful not only for identifying factors that can impact availability and security, but also for easing the introduction of new technologies such as virtualization or blade servers.
- Through the inclusion of a detailed inspection of infrastructure elements, managers can pinpoint areas for improvement in power, cooling, and other parts of their data center.
- Although most organizations should be capable of handling their own audits, outside help or consultation can add an unbiased approach that's difficult to obtain using in-house personnel.
Who Needs It?
As complex technology innovations continue to creep into data centers, managers can more easily lose sight of the overall performance of their data centers. Karabinos notes that audits can be useful when there is a need for strategic moves or technology additions such as virtualization, consolidation, or blade server implementation. Audits also have value in data centers where energy efficiency is a primary concern or when information is required to support budget requests.
According to Jack Probst, principal consultant, Pink Elephant (www.pinkelephant.com), an audit can evaluate a data center's infrastructure to determine its ability to continue to meet the ongoing needs of the enterprise (that is, deliver services) and to assure that the infrastructure doesn't place the enterprise at inordinate risk. Probst says the primary focus of such an assessment should be on the basic tenants of four key ITIL/ITSM processes: availability, capacity, IT service continuity, and IT security management.
Probst says that the departments required to fulfill the audit are system engineering, which should have the best handle on availability and capacity requirements, and security management, which not only typically handles security controls but also ITSCM (IT Service Continuity Management), though that function is sometimes aligned with corporate risk management or a similar department. The service or help desk should also be involved, as these personnel are the owners of the key incident data, which is highly relevant to the assessment.
Focus On Power
From a broad standpoint, audits need to follow a defined process for the best chance at success (see the "Follow The Plan" sidebar for more information). Within that process, there are certain points of investigation that experts recommend data centers target, particularly when it comes to power and cooling. For example, Jim Scherr, director of PDUs Direct (www.pdusdirect.com), recommends identifying the draw of each circuit.
"Using either metered-type PDUs or power clamps, identify the draw of each circuit. Multiple readings should be taken during various times of day to determine the power draw during peak loads and during times of idling. This information will help determine if you are maximizing your circuits and where you have additional capacity to mount additional equipment," Scherr says.
He also suggests inspecting racks to ensure devices with multiple power supplies have their power connections separated between the A and B feeds, which helps to provide some N+1 protection. Scherr says the audit is a good time to complete a selective coordination of the circuit breakers, which ensures the breakers closest to the equipment have the lowest threshold (with the intent of quarantining overcurrent incidents to affect the smallest number of devices).
Audits should also identify idle equipment, along with the workload of equipment that is in use. Dennis Julian, principal at Integrated Design Group (www.idgroupae.com), says underutilized equipment discovered in the audit should be configured to handle more work to raise the utilization level and thus the efficiency of the equipment. He also recommends looking at redundancy.
"Evaluate the actual and required redundancy of the data center and its equipment," Julian says. "How much is really needed for a buffer when work increases or there is an event that affects operating equipment? How fast can additional resources be put into operation to cover an increased workload or an unplanned outage?"
Help Is Available
Just like IRS-mandated audits, data center audits can be an intimidating prospect, at least from an execution standpoint. For this reason, some data centers may wish to engage outside help to assist with audits or even perform audits from end to end.
"Typically, outside resources are engaged to evaluate the security management controls and framework," Probst says. "It is always helpful to get an external perspective for the other assessments-one would want the assessment to be considered unbiased. Organizations should be capable of executing their own audit. Who is engaged would be dictated by the assessment objectives and purpose: Is the intent to identify pitfalls before they surface or to address required audits or respond to regulatory or statutory requirements?"
by Christian Perry
|
Follow The Plan
An audit is no small undertaking, but adding structure to the project can help managers succeed. Jack Probst, principal consultant, Pink Elephant (www.pinkelephant.com), recommends the following steps for a data center audit:
1. Establish the audit sponsor, objective(s), and scope.
2. Identify the key resources required to conduct the audit.
3. Establish the comparative standards that will be used to support the audit (this could also involve assessment tools such as questionnaires).
4. Create the project plan to conduct the audit.
5. Gather the data for the audit from all resources.
6. Analyze the data compared to the performance standards or objectives.
7. Reaffirm or update the data and initial findings.
8. Prepare the report and recommendations for presentation to the audit sponsor.
Because of the typical depth of a data center audit, it's crucial to be aware of the audit's goals throughout the various processes required to complete the assessment. Probst says an audit should confirm the following aspects of the data center's infrastructure:
- It is sufficiently well-monitored to react rapidly and adequately to both availability and capacity challenges.
- It is sufficiently well-controlled to manage and mitigate information security risks.
- There are adequate plans in place to address service continuity threats and vulnerabilities, such that critical business functions are sustained or restored as required.
- The scope of the infrastructure under investigation is all-embracing, covering servers, applications, storage, networks, facilities, monitoring facilities, and service/help desks, among other elements.
- It is sufficiently well-designed to meet the availability requirements of the business into the future.
|
For more informaiton or to receive a subscription to Processor Magazine visit the link for this article.
|
My Cart
