A lot of people have specific ideas when you say “Datacenter” — dark ambient light, lots of bright lights from servers (hopefully lots of green and blue, and not so much yellow or red). Some big datacenter providers put a lot of effort into that “cool” factor, going out of their way to keep overhead lights dim, brushed steel with LED strings in behind, etc. The fact is that there is a lot to datacenters that isn’t as much talked about because it isn’t so cool. In fact, most datacenters and datacenter operations are pretty boring.
What is a datacenter?
A datacenter is any place you keep and store servers and/or data and/or core networking equipment. For many businesses it’s a closet, or even just a section of a closet. That’s because that is all the business needs. As the business grows, the IT needs grow and this gets outsourced somewhere, possibly to a Datacenter Provider.
What does a datacenter provide?
A professional datacenter provider is supposed to have a range of things.
- Reliable network connectivity, either through their own network (carrier controlled) or by making available direct connections to providers (carrier-neutral) — some providers do both.
- Reliable power. Datacenters should have a UPS system to keep all of its customers online for a given period of time, usually long enough for the generator(s) to turn over and start. Depending on the age and size of the facility, most of these will be battery backed. Smaller facilities may use other technologies such as flywheels.
- Reliable climate. Computers don’t like it when the humidity is too low, and they don’t like swings in temperature. Many facilities will target specific temperatures and tell you why their choice is optimal, but anywhere between 60 and 80 degrees F is probably going to be fine, so long as it isn’t swinging more than a couple of degrees over a period of time.
- Reliable security. You don’t want other customers being able to steal your data, bandwidth or power. If they do, you want your provider to be able to know and prove it within a reasonable doubt so that it can be properly prosecuted. This isn’t limited to your cabinet or cage, either. When you get packages, you want to be able to trust that they are accepted and held for you, and only you.
- Some kind of remote hands ability. If you need work done on your equipment such as a reboot or a drive swap, your provider should be able to give you means to do that using their staff. You almost invariably pay extra in some way for this service, be it a bundled number of hours or just an hourly rate with minimum time commits per-incident.
What does this mean for you?
Everything is variable, and everything has a cost. Datacenter providers will be more than happy to provide 100% Power SLAs, 100% Uptime SLAs, tight security based on blood samples and facial recognition along with a 10-digit PIN, and the best remote hands and managed services technicians in the world. They’re also going to expect you to pay high prices for that package.
On the other hand, you might get a physical key to a door, told which cabinet is yours, and to have a nice day. There might be a camera, there might not. There might be a lock on the cabinet, there might not. The cooling might work, it might not. And power/network will come with only a 99.0% uptime guarantee. And it’s dirt cheap.
The key is to find the right mix for your business and your needs. Recognizing that migrating is expensive, both in terms of man hours and downtime, picking right the first time is important. What’s important, and if you can’t afford the best, where are you able to compromise? Maybe you need maximum power and network, but can afford to lax a little on the security side if it’s “good enough.”
Most IT people have heard of SOX or PCI compliance, but have you heard of a SAS 70, or an SSAE-16? Any datacenter worth their salt will have been SSAE-16 SOC 1 and/or SOC 2 (which is the updated SAS 70) certified. This isn’t simple, though. Really, all it means is that they’ve defined a series of controls for different things, mostly related to reliability or security, and have demonstrated either to an auditor at one point in time that they were documented (type 1) or demonstrated to an auditor that they were documented and then carried out over a period of time (usually about 12 months, type 2). Each report is unique to the facility or facility’s owner (covering all of their facilities), and you’ll need to read theirs specifically and carefully to learn. Facilities have an obligation to provide the report on request (after all, it’s why they spent the time and money to get it written), they may demand signing of an NDA or similar first.