Data Center Standards
advertisement
2011 University Information Technology Services System Assurance Group DATA CENTER STANDARDS This document outlines Indiana University Data Center guidelines and standards, including equipment installations, data center access, and operational procedures. Table of Contents 1. Requesting installation 1.1 Space request 2. Acquisition guidelines 2.1 Rack mounted devices 2.2 Equipment specifications 2.3 Power 2.4 Receiving and placement 2.5 Equipment arrival notification 3. Equipment installation 3.1 Data Center staging area 3.2 Cabinet design 3.3 Cabinet/Rack 3.4 Network connectivity and firewall configuration 3.5 Internal cabinet wiring 3.6 Cabling 3.7 UPS 3.8 KVM solutions 3.9 Hardware identification 3.10 Disposal of refuse 3.11 Combustible and flammable material 3.12 Installation review 3.13 Negotiations 3.14 Replacement parts 4. Equipment removal 5. Operations procedures 5.1 Data Center access 5.2 Equipment registration 5.3 Essential information 5.4 Change Management 5.5 Monitoring tools 5.6 Security 5.7 System backups 5.8 Data Center tours Last updated April 25, 2011 All UITS staff and external departmental staff who have equipment responsibilities in the Data Centers should accept the terms and responsibilities outlined in this document. 1. Requesting installation 1.1 Space request: Prior to your submitting a proposal for new equipment, you’ll need to begin initial discussions regarding machine room space. Once you submit a machine room space request form, the System Assurance Group (SAG) will schedule a meeting. The SAG includes the following participants: the UITS Operations Manager, a representative from UITS Facilities, a representative from Networks, and the system administrator and/or system owner. The purpose of the SAG meeting is to address environmental issues (i.e., equipment BTU and power specifications), space, and floor location. The floor location may be determined based on environmental data. 2. Acquisition Guidelines 2.1 Rack mounted devices: Ensure that you’re purchasing rack mounted equipment -everything needs to be either mounted in the rack or in its own proprietary cabinet (as opposed to free standing). The Operations Manager must approve any exceptions. 2.2 Equipment specifications: Upon making your equipment selections, send the vendor specification sheet to sag-l@indiana.edu 2.3 Power: Request power for each device from the electrical engineer. Power requests will be handled as follows: IUPUI: Two rack-mounted cabinet distribution units (CDU) will be installed in each standard rack. These CDUs utilize 208V IEC C13 and C19 outlets. Your hardware will need to operate at 208V and have the proper power cords. Installation of CDUs can take up to a month, so please request power as early as possible. For non-standard or proprietary racks, twist-lock receptacles shall be provided under the floor for connection of user-supplied CDUs. IUB Data Center: In order to maintain Uptime Institute Tier III requirements, two rackmounted CDUs fed from different power sources will be supplied in each rack. In order to assist with load balancing, you should purchase hardware with 208V IEC C13 or C19 plugs whenever possible. Please do not plug hardware into any receptacle without authorization of the electrical engineer. 2.4 Receiving and placement: When large, heavy equipment is involved, you’ll need to make arrangements for receiving the order. It is also your responsibility to arrange for the equipment to be moved to the proper place in the machine room. In emergency situations, the Operations staff will act as the contact and receive equipment/parts after normal dock hours. 2.5 Equipment arrival notification: Receiving dock personnel will notify you of equipment arrival (unless otherwise arranged). 3. Equipment installation 3.1 Data Center staging area: IUPUI: There is very little to no staging area outside of the machine room, so you’ll need to use the machine room space to uncrate/unpack and prepare equipment for installation – and you’ll need to move/install all items to their intended location within two weeks. If for some reason you cannot do so within this time period, please make other arrangements through UITS Facilities or Operations. (This will not guarantee other storage locations.) IUB Data Center: A staging area for equipment is located just off the dock. This space is for uncrating/unpacking and preparing equipment for installation. This area is only for temporary storage – you have two weeks to move/install all items to their intended location. If for some reason you cannot do so within this time period, please make other arrangements through UITS Facilities or Operations. (This will not guarantee other storage locations.) 3.2 Cabinet design: Unless the server manufacturer specifically dictates the equipment must be housed in their proprietary cabinet, all servers will be installed in the standard cabinets provided by Operations. You’ll need to submit proof of vendor proprietary cabinet requirements to SAG. Such cabinets should have front, back, and side panels. Unless someone is working in the unit, cabinet doors must remain closed. 3.3 Cabinet/Rack: Operations will label the cabinet (both front and rear) with the unique floor grid location and with the power circuit serving that unit. Equipment spacing within the cabinet/rack should allow appropriate airflow for proper cooling. Blanking panels will need to be installed to fill in all vacant rack space. All cabinets will have network switches installed at the top of the cabinet to provide 10/100/1000 Mbps Ethernet connections into the data center switching infrastructure. (10000 Mbps available and priced on an individual request) All public and private Ethernet connections are provided by UITS unless very special circumstances are reviewed and approved by Network Engineering and Campus Network Infrastructure. 3.4 Network connectivity and firewall configuration: System administrators installing new servers in the Machine Rooms must request network connectivity via the following machine room network request form. In addition, all servers must be behind the Machine Room firewalls. Provide firewall configuration requests via the firewall request form. (Note: ALL switches in the Data Center will be managed by Campus Network Infrastructure. System administrators are not allowed to manage their own switches). 3.5 Internal cabinet wiring: Internal cabinet wiring should follow rack cabinet management standards. Cables should be neatly tied back out of the way. All cables should be properly labeled so they can be easily identified. Refer to TIA/EIA-942 Infrastructure Standard for Data Centers, section 5.11; a copy is available in the Operations Center. 3.6 Cabling: All data cabling under the floor, including SAN and Ethernet, must by installed by CNI (Campus Network Infrastructure) in a cable tray. Collocated cabinets will follow normal standards with installation by CNI as outlined above. Both ends of the cable should be labeled and tagged for proper identification. Refer to TIA/EIA-942 Infrastructure Standard for Data Centers, section 7.5; a copy is available in the Operations Center. 3.7 UPS: NO rack mounted uninterruptible power supplies (UPSs) will be allowed. The Enterprise Data Centers will provide backup power. 3.8 KVM solutions: Rack mounted monitors and keyboard trays are required. 3.9 Hardware identification: Supply Operations with the appropriate fully qualified server names, and they will label all equipment within the cabinets so that hardware is easily identifiable. You will need prior approval from the Operations Manager and Communications Office to display any signage. 3.10 Disposal of refuse: The person/team installing the device is responsible for the disposal of all refuse (cardboard, styrofoam, plastic, pallets, etc.). Please see that you remove any refuse – and, if possible, recycle any cardboard – from the IUPUI machine room and IUB Data Center staging area on a daily basis. 3.11 Combustible and flammable material: Please do not leave combustible materials in the machine rooms – such materials include cardboard, wood, and plastic, as well as manuals and books. This also prohibits the use of wooden tables/shelves. 3.12 Review installation: The person requesting installation should arrange with the Operations Manager for a final review of equipment installation, to ensure that appropriate policies and procedures are implemented before the equipment becomes production ready. 3.13 Negotiations: Any negotiations and exceptions must be arranged between the system owners and the Operations Manager, and approved by the Director of Enterprise Infrastructure and the relevant director or officer of the area involved. 3.14 Replacement parts: All onsite replacement parts should be stored in a storage cabinet or on storage shelves in the storeroom (e.g., for use by service vendors such as IBM or Service Express). Make any necessary storage arrangements with Facilities or the Operations Manager. 4. Equipment removal 4.1 When a new system is replacing a pre-existing machine, the old system must be properly decommissioned via the Change Management process. Submit a request to CNI for the removal of firewall rules for machines that are decommissioned.4.2 Removal of old hardware must be coordinated with the UITS Facilities Manager and follow all appropriate policy, standards, and guidelines relating to data destruction, wiring removal, and component disposition. 4.3 Please be sure to include all of the appropriate capital asset transfers. 4.4 The cost of removal is borne by the owner, and all equipment must be removed no later than 30 days after it has been decommissioned. Exceptions to the 30 day removal period require approval by Facilities or the Operations Managers. 5. Operations procedures 5.1 Data Center access: Due to the sensitive nature of the data and computing systems maintained within its facilities, security and access are important aspects of the OVPIT/UITS environment. In most cases, the university is contractually and legally obligated to limit access to only those who have IT responsibilities requiring frequent access. Security cameras are located throughout OVPIT/UITS buildings. These cameras record footage for follow-up in the case of a security incident. They also provide an effective deterrence function in the safe operation of the building. UITS staff with responsibilities in the data center may gain access through an arrangement between the department manager and Operations. Requests should be made via the Special Access Request Form. Persons other than full-time UITS staff are permitted in the data center only under one of the following conditions: A. They are full-time staff of vendors providing services to UITS: Contract consultants or service representatives may be authorized by prior arrangement with Operations. B. They are full-time staff of Indiana University working on a system owned by an IU department and housed in the data center, under terms specified in a Colocation Agreement -- access will be granted in situations requiring hands-on system administration, not simply because a system is present on a machine in the data center. C. They are full-time or contracted staff of a non-IU entity that owns a system housed in the data center, under terms specified in a co-location agreement – again, access will granted when hands-on system administration is necessary, not simply because a system is present on a machine in the data center. D. They are escorted by a full-time UITS staff member as part of a tour of the facilities. ID badges and access cards will be provided for those individuals who meet criterion A, B, or C. The ID badges must be worn and visible during visits to the data center. All staff who meet criteria A, B, or C are expected to sign in to the data center through Operations prior to entering the room, and to sign out upon exiting. Biometric hand geometry scanners are installed at both Data Centers. A registration process will be scheduled and performed by the UITS Facilities or Operations staff. For additional information and to learn about biometric hand geometry scanners, review the internal KB document at https://kb.iu.edu/data/azzk.html (note: the internal document requires authentication). The Vice President for Information Technology has developed a policy related to the handling, management and disposition of "biometric" data used in the hand geometry scanner. It is stored in an internal KB document at https://kb.iu.edu/data/bapr.html (note: the internal document requires authentication). 5.2 Equipment registration: Equipment must be registered in the machine room inventory. Send an email to dcops@indiana.edu if you experience problems accessing the Machine Room Inventory System. 5.3 Essential information: The system owner will enter the essential information into the Machine Room Inventory System and update that information if it changes. Essential information includes: System hardware: A complete description of the machine's hardware configuration, including vendor, model, on-board memory, secondary storage media vendor/type, etc. System software: A complete description of the machine's software configuration, including operating system vendor, version, patch level, and other major software components on the system System function: A complete description of the machine's function (the service that it provides) System recovery: Accurate startup and shutdown procedures and special information relating to crash or other emergency recovery situations On-call notification: Primary and secondary system contacts and schedules, plus contact information for the manager supporting the system (Please provide prior to production date.) Vendor and maintenance contract: Vendor contact information, including information related to the maintenance/service contract and warranty (The Operations Manager will assist in negotiating maintenance contracts on behalf of UITS, but budgets for ongoing maintenance should be managed in the individual units.) 5.4 Change Management: The system manager or system administrator needs to participate in the Change Management process, by representing the deployment of a new production system before implementation. At the start of fall and spring semesters, a change freeze of approximately 2 weeks takes place -- dates are posted on the Change Management web site. Only emergency changes with the appropriate approvals should be implemented during change freezes. 5.5 Monitoring tools: Network monitoring tools will scan incoming machines as appropriate. Please supply the network address and any special considerations for the monitoring mode. 5.6 Security: All servers are expected to be administered in a secure manner using industry best practices IT Policy 12, including employment of host based firewalls and operation behind the machine room firewall. You are expected to properly review and formally acknowledge all relevant security polices and standards. For more information, please see the University Information Security Office Resources page. 5.7 System backups: Best Practices should include the implementation of a proper system backup schedule. This includes the deployment of incremental, full, and archive program processes as needed. You must use proven, supported backup software and apply appropriate standards for off-site backup data for production systems. Enterprise Infrastructure offers a data backup service as part of the Intelligent Infrastructure suite of services. 5.8 Data Center tours: All tours of the machine room must be scheduled with the Operations Manager.
