Top 6 Ways to Improve Data Center Efficiency

By: Daniel Bodenski, PE, LEED AP, Director of Strategic Solutions at Electronic Environments Co.

The data center has become a staple of modern society, making the technology that we use every day possible.  Today, everyone from small start-up organizations to multi-billion dollar corporations utilize mission-critical facilities to house their vital data, and as the Internet of Things (IoT) and Big Data continue to proliferate, our demand for more data centers will only increase.

With growing energy costs and data center energy consumption nearly 100 times higher than that of a typical commercial building, data center owners and operators are placing a higher focus on improving energy efficiency within their facilities.  Maintaining energy efficiency is critical to running a reliable, high-capacity, and cost-efficient mission-critical facility.  At Electronic Environments Co. (EEC), we are dedicated to enabling our clients to develop the most efficient and profitable data centers possible, allowing for maximum uptime while minimizing capital and operational costs.

When it comes to data center energy efficiency, there are six key ways you can improve your bottom line while still ensuring total reliability.  Below, we will examine these key strategies and help you answer the question, “How can my data center be more energy efficient?”

  1. Assessments

Performing a detailed assessment of your data center’s operational performance will give you clear and concrete insight into the particular ways your data center can be improved, outlining the individual areas in which current energy efficiency practices may fall short.  Review of airflow management, implementing a detailed PUE analysis, and obtaining real-time data hall temperature measurements, are all important metrics to assess in order to develop a fully strategic plan to lower energy costs. Data center assessment professionals are equipped to provide comprehensive results through in-depth analysis and can provide recommendations for design, installation and maintenance improvements resulting in quick and cost-effective solutions. An assessment can also be used to prepare for external audits, and provide foundational data for developing thorough strategies.

  1. Equipment Upgrades

As society evolves, so too do our technologies, putting increased demand on data center capabilities. Equipment upgrades are necessary to maintain a robust and reliable facility. Moreover, in order to make data centers increasingly efficient, new technologies are continually developed that reduce overall energy consumption, such as ECO mode Uninterruptible Power Supply (UPS), 380V DC power systems, lighting system retrofits, efficient chillers, and more. By knowing what new technologies exist and understanding the return on investment of many of these upgrades, you may be able to use many to your advantage within your data center’s lifecycle.

  1. Maintenance

If your current equipment is unreliable or beyond its normal lifespan, it could be adding to your operating costs and could pose a serious threat to reliability.  Downtime is the number one critical issue, as it will not only hurt your bottom line, but your reputation as a reliable organization. The Ponemon Institute reports that data center downtime costs an average of $7,900 per minute. Can you afford that? By employing a comprehensive maintenance routine, trained specialists should be engaged to check generator heaters and batteries, test load banks, sample generator coolant, fuel and oil, and regularly exercise overcurrent protective devices. These activities, coupled with implementation of an on-demand Asset Management system, will increase operational efficiency and reduce overall critical system downtime.

  1. Dynamic Cooling Management

Every data center is unique, so its cooling solutions should be as well.  Cooling plays a critical role in the energy efficiency of a data center. Finding the correct model for your individual facility is of capital importance. With a dynamic cooling model that’s easy to deploy, you can see immediate energy savings, more efficient network transformation, and increased network reliability. Instead of zone-level control, fans are individually optimized based on real-time readings, utilizing rack sensors and control modules to collect temperature requirements and Computer Room Air Conditioning (CRAC) airflow and power metrics, resulting in a fully optimized, intelligent cooling system.

  1. Airflow Management

Poor airflow management leads to a lot of undesirable results, including the recirculation of supply air, causing hotspots and reducing the overall effectiveness of the data center’s cooling plant.  By implementing simple airflow management techniques, such as adding floor grommets, implementing partial or full containment, and adding blanking panels, data center operators can see reduced plenum losses, and immediate energy savings. This is a simple, low-cost method to reap instant financial benefits and improve Power Usage Effectiveness (PUE).

  1. Baseline Energy Reduction

Sustainable energy sources such as solar, fuel cell and wind power are becoming more and more commonplace within data centers to reduce overall energy use, shrink their carbon footprint and become more energy independent. Not only can sustainable energy sources reduce energy usage, self-contained power plants can also offer data center operators the option to develop a micro-grid, which decreases the reliance on an aging, electrical infrastructure and provides a strategy for modular data center solutions.

To learn more about these six strategies for enhanced energy efficiency, check out our eBook, “6 Ways to Improve Data Center Energy Efficiency”.  If you would like more information about any of these solutions or feel that you could benefit from customized professional assistance, please visit www.eecnet.com or email us at info@eecnet.com.

About the Author:

bodenskiDaniel Bodenski, PE, LEED AP, is Director of Strategic Solutions at Electronic Environments Co. Mr. Bodenski has over 20 years of experience in mechanical systems design and project management for mission critical facilities. He has managed several large design, due diligence, site assessment and commissioning projects for telecommunications, healthcare, financial and retail data center clients. At EEC, he proactively increases facility reliability through implementation of new technology for mission critical facilities.

How Does Aging Equipment Impact Your Data Center?

Aging data center infrastructure can pose several issues for data center operators  – typically in the areas of dependability, increased maintenance, inefficiency and ultimately, customer trust.  Although most data center equipment is designed to sustain a decade of use, its reliability declines over time – especially critical gear such as Uninterrupted Power Supply (UPS) and cooling equipment.  This diminishes its ability to meet the growing power, cooling and structural demands of today’s ever-evolving and increasingly sophisticated technology market.

When hardware in your mission-critical data center ages, you run the risk of unexpected system failure, yielding lower to no productivity and hindering not only your profitability and core operations, but also the very business functionality of the customers that have come to rely on you.  Data center downtime also comes with a hefty price tag.  A study by the Ponemon Institute, a firm that conducts independent research on privacy, data protection and information security, found that the average cost of an unplanned data center outage in the US is approximately $7,900 per minute, a 41% increase from the $5,600 it was in 2010.  The average reported incident length was 86 minutes – that’s a bout $690,200 of loss per incident.

Knowing when to repair, replace or upgrade equipment is critical to saving your company the headaches, data loss and financial burdens that plague today’s aging infrastructures.  James Stark, P.E., Electronic Environment Corporation’s (EEC) Engineering and Construction Manager, recently addressed best practices associated with upgrading or replacing critical infrastructure equipment in a webinar.  During this webinar, Mr. Stark discussed the negative impact of aging equipment, the factors that indicate equipment should be replaced, proactive measures you can take to ensure maximum uptime as well as predictive signs of failure such as capacitor leakage and high motor amperage.

Mr. Stark also recommended considering measuring the input and the output of systems’ power consumption as part of general preventative maintenance efforts / programs due to advances in data center technology that have increased uptime and reduced the amount of energy required for usage.  The webinar’s key takeaway to preventing equipment failure is constant, proactive monitoring.  Trending this information over time will allow data center professionals to easily identify when a system needs to be upgraded or replaced.

The EEC webinar also featured representatives from ConEdison, NationalGrid and NSTAR, who highlighted how utility incentive programs can shape these upgrade decisions.  Attendees obtained an overview of these incentive programs as well as field examples and case studies of how the programs reduced capital expenditure for new equipment, shortened payback periods, increased project Return On Investment (ROI), and improved energy efficiency.

To learn more about best practices for replacing, repairing or upgrading your data center equipment, watch EEC’s ‘How Utility Incentive Programs Affect Equipment Upgrades’ webinar by visiting http://www.eecnet.com/Resources/Videos/#incentive.

To schedule a free project consultation or ask specific questions about upgrades or utility incentive programs, please contact an EEC representative at (508) 229-1404 or email info@eecnet.com.

For more information on Electronic Environments Corporation, visit www.eecnet.com.

 

Please welcome Host in Ireland to Data Center Discovery!

Host in Ireland is an industry-led marketing initiative that provides timely and accurate information on the Ireland’s Digital Asset Hosting Ecosystem at all times including demonstrating why Ireland is more cost effective, efficient, reliable, secure and accessible than most other regions across the EU.

For more information about Host in Ireland please visit their profile in the Data Center Discovery global directory of data center solution providers

For more information about how your company can get listed in the Data Center Discovery global directory of data center solution providers please email becca@datacenterdiscovery.com

Key Considerations When Moving Your Business to a New Facility

Expanding or relocating your business to a new location is an exciting, yet daunting undertaking that presents its fair share of challenges.  The process can have a profound impact on your resources as well as your entire organization.  From the removal and redeployment of furniture and IT equipment, to the removal of complex HVAC systems, cabling, conduit, wiring and piping, to the rebuilding or repairing of walls, floors and ceilings, modern-day relocation projects require a tremendous degree of careful project planning, coordination and execution.  Add tight deadlines and extensive make-ready stipulations, and the challenges can be downright overwhelming.

But they don’t have to be.  Approaching your corporate move in the right way can mean the difference between a cost-effective, efficient facility relocation and an unorganized, expensive and time-intensive headache.  To help you complete a successful move, we have composed a list of key considerations that businesses need to keep in mind:

#1 Review your current lease.  Commercial property leases are typically more restrictive than residential leasing agreements.  Carefully review your current lease to ensure you are aware of specific move guidelines, deadlines and make-ready stipulations.  Unforeseen damage and discrepancies or straying from prearranged lease requirements can result in costly liabilities for your organization.  These liabilities are not only limited to financial penalties; it is easy for a company to get ‘blacklisted’ by property management firms if it does not comply with the terms outlined in its contract.

#2 Construct a solid plan – and stick to it.  In the realm of commercial relocation, having a well-thought-out plan is crucial to the successful execution of a move, and can prepare you for many unforeseen challenges.  The relocation requires careful project planning and cross-functional coordination between both internal and external stakeholders.  Ensure your plan includes logistical considerations, designates specific tasks to their owners, and outlines a realistic timeline.  This timeline depends heavily on the complexity, location and size of the move.

#3 Build the right project team.   Assembling an effective moving team takes extensive research and methodical thinking.  In addition to allocating specific departmental tasks to internal employees, Project Managers must conduct in-depth vendor assessments to hire effective external support.

Selecting a certified commercial moving specialist with the expertise and experience to overcome unexpected occurrences, tight deadlines, changing schedules or last-minute modifications is critical.  The vendor should also have experience moving the specific items that need to be relocated from your facility; it takes particular expertise to move complex assets such as IT equipment and HVAC systems. 

Last, but certainly not least, find a vendor that offers a single-source solution for all of your moving needs.  Corporate relocation projects can require the engagement of various specialties including contractors, electricians, crane operators, and more.  Selecting a specialist with established relationships that can source, communicate between, and manage these various specialties is key to saving your company precious time and money, allowing you to repurpose critical resources and providing you with much needed peace of mind.

#4 Take thorough pre- (and post-) move inventory.  During the relocation process, there are a lot of things happening, plenty of moving parts and many items to keep track of – especially for organizations with large asset bases.  Have you decided what assets you’re going to move, recycle, resell or throw away?  Cataloguing and tracking your assets during a move is essential to effective records management, as well as mitigating unnecessary purchases of new equipment and avoiding regulatory fines.  

#5 Ensure business continuity.  Downtime can cost the average small to medium-sized business $12,500 per hour.  In this difficult economic climate, that’s a tough bill to swallow.  When selecting a commercial moving vendor, it is important to hire an organization that is experienced and flexible enough to ensure your business remains operational during your move.  Expert professionals allow for minimum downtime, minimizing the impact on your bottom line.

LIQUIS is a leading, single-source provider of turnkey facility relocation and shutdown as well as complete infrastructure asset liquidation services.  Please click here to learn how LIQUIS can help your company ensure a speedy and efficient move when the time comes for corporate relocation.

For more information about Liquis please visit their FREE profile on Data Center Discovery

The Threat of Cyber Attacks on Data Center SCADA Systems

Editor’s note: I originally wrote this post two years ago for another blog called datacenterpro. Datacenterpro primarily deals with Low-Probability, High-Consequence (LPHC) types of threats to data center operations. So, you will see posts there about topics such as geomagnetic storms and cyber-security threats. This post received nearly 10,000 hits, was picked up by MIT’s Technology Review blog and led to a cover article for Mission Critical Magazine.

I’m reprinting it here because I’m a shameless self-promoter and need to draw web traffic to my new website because it may be of interest to new readers here at Data Center Discovery. Happy reading!

Earlier this year, shortly after the discovery of the STUXNET cyber weapon, I wrote an article for Mission Critical Magazine (MCM) titled, “The SCADA Worm Threat to Mission Critical Infrastructure”.  In the article, I explained how STUXNET had demonstrated a new and profoundly dangerous threat to Industrial Control Systems (ICS) such as SCADA (Supervisory Control and Data Acquisition).  I urged the data center community to recognize that data center electrical and mechanical infrastructure is potentially vulnerable to this type of cyber attack.  Furthermore, I warned that data centers can be very enticing targets for criminals, terrorists and foreign nationals utilizing cyber weapons.  I predicted that SCADA cyber attacks in general would become more common and that data centers could become targets for data theft, extortion and sabotage through their SCADA systems.

Since the release of the article, a number of trends have reinforced my view that SCADA systems are becoming increasingly vulnerable.  Events of concern include:

  • Proliferation of STUXNET SCADA worm technology.  On September 1, 2011 a new SCADA worm, dubbed Duqu, was discovered.  The Duqu worm bears close resemblance to the STUXNET worm in complexity, design and execution.  However, Duqu was configured for a completely different (and currently unknown) target.  Initial analysis indicates that Duqu may be designed to steal data as a precursor to a STUXNET type cyber attack.   The similarity to STUXNET indicates that Duqu’s designers either designed STUXNET or had access to the STUXNET source code.
  • Rise of hactivist interest in ICS cyber attacks.  In September of 2011, a US Department of Homeland Security (DHS) bulletin provided evidence that the hacking collective “anonymous” “had recently expressed an interest in targeting industrial control systems (ICS).”  It is doubtful that anonymous will have the capacity to execute a STUXNET level cyber attack in the near future.  However, their interest in exploiting ICS technology is indicative of an increase in awareness and activity within the hacking community regarding ICS systems.
  • SCADA hacking malware (almost) demonstrated at TakeDownCon In May 2011, security researchers from NSS Labs were planning to demonstrate how to write “industrial-grade” SCADA malware at a Dallas information security conference.  The researchers claimed, “We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state.”  SCADA manufacturer Siemens and the US Department of Homeland Security requested that the researchers not continue with the demonstration citing public safety concerns.  The NSS Labs researchers complied with the DHS request.
  • Additional SCADA vulnerabilities made public.  In March 2011, security researcher Luigi Auriemma posted full-disclosure advisories and details regarding proof-of-concept attacks for thirty five new SCADA vulnerabilities.  Auriemma posted these to the publicly available securityfocus.com (Bugtraq), an open bulletin board for Symantec customers, end users, developers and partners.
  • Powerful SCADA Hacking “Toolkit” released.  In March 2011, Gleg, a Russian security firm offered for sale a software package known as The Agora SCADA+ Pack.  The software contained 22 modules exploiting 11 zero-day vulnerabilities.  The pack included data applicable to a wide variety of SCADA system manufacturer’s devices and software.  The package also allegedly contains analysis of SCADA system “weak points” such as hard-coded passwords and problems with smart chips.

Clearly, cyber criminals are beginning to focus their attention on SCADA systems and are busy developing new exploits and malware

The vulnerability of SCADA systems represents a particularly grave threat to infrastructure of national significance.  Vital infrastructure such as electrical grids, refineries, water treatment plants and chemical processing plants rely heavily on ICS and/or SCADA.  The consequences of a successful cyber attack on this infrastructure are potentially dire.  Fortunately, some national governments have recognized that the SCADA cyber vulnerability represents an emerging threat to national security and have taken steps to close security gaps.   The US Federal Government, for example, has launched extensive cyber security initiatives and programs to address vulnerabilities in our national infrastructure.  US-CERT, a division of the US DHS, has become one of the world’s leading cyber security organizations.

SCADA systems are not limited to industries of significance to national security.  In fact, variations of these systems can be found in nearly every industrial and commercial environment.  Data centers are no exception.  Most commonly, data centers utilize SCADA technology to control the automated functions of their critical electrical switchgear.  Switchgear in these facilities usually feature multiple, redundant power paths to allow for maintenance and to provide operational resilience in the event of a system component failure.  In order to function effectively, this type of switchgear must monitor system conditions such as voltage, amperes and frequency.  If one of the monitored parameters falls out of a preset tolerance band the switchgear automatically performs an action or series of actions to correct the abnormal condition.  For example, in the event of a loss of mains power to the switchgear, standby generators start and a number of circuit breaker position change in order to deliver generator power to the critical load.  The system of sensing devices, Programmable Logic Controllers (PLCs), and computers that monitors and controls the switchgear is known as SCADA.

For many years, data centers and other users of SCADA systems operated without significant threat from hackers, malware and cyber criminals.  These systems benefitted from a flawed security principle known as security through obscurity or hiding in plain sight.  SCADA systems utilize communication protocols (for example MODBUS) that are not widely known by hackers and malware developers.  Furthermore, the systems monitored and controlled by SCADA are often extremely complex and require extensive training to understand and operate.  It was considered unlikely that an intruder in the system would have the engineering knowledge needed to effectively infiltrate the system and cause lasting damage.  These system characteristics amounted to a degree of obscurity that did not seem to require extensive cyber security.

The security of SCADA systems also benefitted from a persistent question of motive.  Hackers and malware are typically associated with the theft of sensitive corporate secrets, personal information or financial data.  This type of data is not stored in Industrial Control Systems.   Thus, ICS manufacturers and operators assumed that their systems would not be hacked because they contained no data that might justify the work required by a hacker.

Additional security was assumed because SCADA systems are not typically connected to the Internet.  However, these systems are routinely accessed for software upgrades, data exports and system configuration changes.  Additionally, many SCADA systems share network infrastructure with other corporate networks.  This practice allows the SCADA system to share data with other corporate assets and avoids the cost of a separate, dedicated network for the SCADA system.  However, these practices compromise security integrity for these systems.

Given the assumed security through obscurity, the lack of traditionally targeted data content and the lack of direct Internet connection the primary security threat to SCADA systems appeared to come from accidental misuse by poorly trained operators or deliberate misuse by disgruntled employees.  The solution to this type of security problem consisted of restricting access to the SCADA controller using rudimentary (usually default) passwords and physical security.

In 2010, the appearance of STUXNET shattered the illusion of security for operators of SCADA systems.  The STUXNET cyber weapon was a piece of malware (specifically a worm) which was engineered to target a uranium purification facility in Iran.  The STUXNET worm utilized USB drives and autonomous replication capability to infect the SCADA system in the highly secure facility.  The systems were infected despite the fact that they were not connected to the Internet.  Once inside the system, the malware cunningly hid itself in system memory, reprogrammed Programmable Logic Controllers (PLCs) and sent false data to the system SCADA controller or Human Machine Interface (HMI).  The new PLC programming caused momentary speed changes in the high speed uranium purification centrifuges in use at the facility.  These speed changes had the combined effect of rendering batches of purified uranium unusable and causing catastrophic physical damage to the centrifuges.  The net effect of the attack was to set the Iranian nuclear power program back by years.  When the worm was finally discovered months after its payload was delivered, the international cyber security community promptly labeled STUXNET a “game changer” and the first “cyber super weapon”.

For the first time, malware had been successfully deployed against a SCADA target and caused catastrophic physical damage to the controlled system.  Clearly, the obstacles of obscurity and complexity could no longer be counted on to keep SCADA systems secure.  The creators of STUXNET had demonstrated that these obstacles were irrelevant to highly motivated and educated malware developers.  Clearly, a lack of Internet connection could no longer be considered adequate protection for SCADA systems. Trojans, worms and other malware can infect SCADA systems via secondary network connections and via devices used to perform necessary maintenance tasks.  Clearly, the question of motive was answered.  SCADA technology had been adopted by so many critical industries that abundant motive could be found to justify building the tools needed to crack these systems.

The complexity and sophistication of the STUXNET worm indicated that it was the work of a national intelligence agency.  However, many cyber security professionals began discussing the longer term ramifications of the existence of such powerful SCADA worm malware.  Drawing on their experience with the development and spread of conventional worms and viruses, experts warned that now that this type of weapon had been deployed, the techniques and source code would be replicated and repurposed by a widening array of cyber criminals.  Because SCADA technology can be found in nearly every industrial environment and because these systems usually lack even rudimentary cyber security features, experts warned that attacks on these systems would quickly become commonplace.

Some cyber professionals argued that operators of SCADA systems that are NOT part of the national infrastructure are actually at greater risk than targets of national security significance.  Ralph Langner (the man who “solved” STUXNET) of Langner Communications, warned that cyber criminals using SCADA worm malware would avoid public infrastructure targets in favor of poorly protected private enterprises with sizable financial resources.  Langner predicted, “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied.  Sabotage with the motivation of extortion will get a commonplace scenario.  At this time targets are no longer limited to critical infrastructure but will especially cover the private sector — a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures large scale in a reasonable amount of time.”

Fortunately, some private industries are actively hardening their SCADA infrastructure against cyber attack.  Many electric utilities, chemical manufacturing plants, water treatment facilities and oil & gas infrastructures, at the urging of the U.S. Congress and in cooperation with agencies such as US-CERT, have taken many steps to secure their systems.  In addition, a number of professional cyber security firms have emerged to specifically address SCADA vulnerability for these industries.  However, the data center industry has largely been slow to implement meaningful security measures.  Ironically, an industry that is profoundly conscious of the cyber security threats aligned against the IT assets on the raised floor seems to be unconcerned regarding the security issues relative to the SCADA in the facilities space.

In the current political and cultural climate there are a variety of groups that may develop the motive and skill to target data center SCADA infrastructure for cyber attack.  These groups include:

  • Nations engaged in cyberwar.  In 2007 a Blue Horizons paper, titled, “State Actor Threats in 2025” was prepared by the US Air Force.  The paper identified a number of scenarios that could threaten the United States in the future.  The scenario with “the highest potential for a state actor to inflict catastrophic damage to the US” is known as Phantom Menace.  In this scenario, cyber attacks are used, “against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis.”  Each of the targeted infrastructure assets identified could be crippled by attacks that shut down the data centers that control those industries.
  • Corporations and nations engaged in industrial espionage.  In 2010, Google revealed that for the second half of 2009 it had been under constant cyber attack.  Security professionals at McAfee named the attack Operation Aurora and identified the attacks as an advanced persistent threat (APT), (a classification of attack that also includes the STUXNET malware.) Google indicated that the cyber attack originated in China.  Operation Aurora was not limited to Google assets but also included assaults on other major American companies.  Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanleyand Dow Chemicalwere also among the targets.  In an era where state actors can attack public companies using cyber weapons, it is not inconceivable that data center infrastructure could be jeopardized.  Nations and companies could gain competitive advantage over their adversaries by disrupting operations at their data centers.
  • Cybercriminals targeting data center infrastructure for purposes of extortion.  As Ralph Langner pointed out, malware has become a common weapon used by criminal organizations.  As SCADA cyber weapons proliferate, it is expected that the technology will find its way into the hands of criminals that will use the technology to extort funds from corporations.  In my article in MCM, I outlined a possible scenario where a SCADA worm could be used to destroy an emergency generator at a data center. The damage would be followed up with a threat of more damage unless a hefty extortion threat is complied with.
  • Social activists seeking to disrupt credit and banking infrastructure.  The news during the autumn of 2011 was dominated by stories of “Occupy” protesters in major American and European cities.  Fortunately, these protest groups lack a cohesive political message or effective leadership.  However, these groups represent a general rise in antipathy toward banking and commerce organizations.  A cyber attack on commerce infrastructure such as a stock exchange or credit card processing data center would meet the apparent aims of these groups.  The Occupy protesters may find support for such an attack from environmental activists who view data centers as major consumers of “dirty” electrical energy.

The trend regarding SCADA attacks is clear.  The weapons used to perpetrate these attacks are becoming more widely spread and more powerful.  Simultaneously, the expertise and techniques required to successfully deploy these weapons is becoming more common.  Finally, the number of groups that could benefit from deploying one of these weapons against a data center is increasing.  Each of these trends points toward a bleak future for the unprepared data center.