Escape from Data Alcatraz 248
nihilist_1137 writes "Zdnet is reporting on a new information facility that is built to surive the worst.Triangular in shape, two of the sides house offices while the third, a large rectangular block if taken in isolation, contains two data centres, as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion."
Foreign Invasion? (Score:5, Interesting)
Seriously, though... you're saying they can stand up to repeated shelling by artillery? Or infantry-placed demo charges? Or anything else an invading force is likely to have?
WHY????
If you're being invaded, you've got more important things to worry about than if your company's web site will stay up!
The other half of this is: What if the invasion is an invasion of illegal immigrant workers? Can this thing survive having a janitor who's been slipped a hundred bucks (three weeks pay) to pull out a wire here and there?
Interesting... (Score:4, Interesting)
Kinda scary.
Build redundancy with distribution (Score:2, Interesting)
Looks like a big basket to me. Would you put all your eggs there?
Short on details but interesting... (Score:2, Interesting)
The article is pretty high level, but interesting none the less. I'm skeptical that is really as secure as they say it is. It would seem that any building which relies on outside connections would be vulnerable if those connections were cut. Not to mention that the air towers that were mentioned could be closed off, etc.
It seems to me that the best defence would be geographically distributed datacenters synced up on a regular basis. Of course you would have to deal with data syncing, and perhaps a master-slave relationship amongst the datacenters, but these are relatively simple problems to solve, compared to preparing for a nuclear or other attack...
Take care,
Brian
--
Only a few Free Palm m100's left... [assortedinternet.com]
--
Cheap geographical redundancy, not $$$ gimmicks (Score:5, Interesting)
By far, the cheapest and most effective method of redundant systems is to just safe your money and not buy fancy equipment for one place, but to spend it on cheap equipment is several places. That way, who cares if someone takes out an entire hosting center, leaving only a 100 ft dep crater. You still have servers running in California and Asia.
The Domain Name System doesn't rely on a huge Fort Knox-like system. It simply has 13 (?) different places throughout the world where amazingly cheap (for its importance) equipment resides. Even if North America sinks to the bottom of the Ocean, DNS should still happily resolve.
Expensive (but impressive) measures are not the answer to reliability. Geographic diversity of cheap systems is the answer most most applications. Today, we have incremental transfer protocols such as rsync that will even transfer massive databases back and forth by only sending the changes. It's largely marketing, unwarrented by technical considerations, that make companies spend so much money on these extra sigmas of reliability.
Re:Foreign Invasion? (Score:5, Interesting)
EXTERNAL---
1 - Parking lot is too close to the building (a reasonably sized car/truck device could do serious structural damage.
2 - "ram proof"??? Not hardly. I don't see a double berm system. Some of those nice decorative tree planters that are actually 2 foot thick reinforced concrete might help
3 - No view of the perimeter. Does it have a ditch, double fence line, k-rails to require a zigzag entrance.
(plenty more)
INTERNEL ---
1 - From what I can see all conduits are directly attached to unistrut on the ceilings. Big problem if you take a good shock to the building (ie - it's rigid)
2 - Equipment is not isolated by springs/rubber mounts from the floor. Same shock damage possibilities as above.
3 - No water collection trough around the sides of each room. I don't see floor water sensors either.
4 - Water drip pans under all chilled water and condensate lines.
5 - *1* generator? For the cost of the facility it would have been a pittance to go with two and have full redundancy when running on local generation.
All in all it's a decently engineered place. It just needs the final touches...
So 1999 (Score:3, Interesting)
This sort of excess overspending and the lack of emphasis put on _real_ security (i.e. data security rather than physical security) ignores the vastly more likely threat to most company's web servers and database servers (and frankly that's what most of the boxen in these places are - huge rooms full of Yahoo and eBay machines). I'm not saying that a certain degree of security isn't appropriate, but withstanding foreign invasion? Please. The invaders are looking to break in with their armored brigade to the Exodus data center!!! Oh no!! Come on. A modest degree of armed guard presence, a low profile, some generators and massive UPS system - fine, this all makes sense. But you can go overboard.
Anyway, don't take my word for it. Just look at Exodus' stock. Their excesses seemed to ignore the fact that the service they provided just wasn't worth the outrageous amount of money they were charging for it, and these days, the more budget conscious hosting/data center/colo companies are the ones left standing.
Errr... geographical redundancy? (Score:3, Interesting)
Let's face it - someone who wants to take your website down isn't going to do it by physically storming the building! Unless, of course, they're the government - in which case they'll also cut off your internet feed. What good is your 7-week's worth of diesel going to do you then?
Furthermore, it doesn't make any difference how physically secure your boxen are, if you're running an OS with networking vulnerabilities, or are vulnerable to DOS attacks.
The most secure solution is complete redundancy/distribution, in both physical and network space. The most obvious example is Freenet, which sadly isn't quite mainstream-useable yet.
Store your documents in a distributed fashion across thousands of machines. Encrypt them, so even the individual user doesn't know what his cache contains. Cryptographically sign each piece of content you produce. How is anyone going to fuck with your site when it's in a thousand different places?
Re:Wow... This is just too easy.... (Score:3, Interesting)
Decommissioned ECM pods now sitting in Russian Aerodromes and/or US Military Surplus sites from the 60's had the power to fry radar electronics from a mile or so away.
FCC regs don't require shielding from this type of high power frequency.
Heck - a good electromagnet or a junkyard magnet could do a similar number on the place.
Re:Cheap geographical redundancy, not $$$ gimmicks (Score:2, Interesting)
http://www.info-sec.com/abuse/abuse_062097a.htm
I was touring one of these secured data sites once and (being the shit I am) I asked the techie-sales dude there if they'd secured the site against tempest. He hadn't heard of the technology. Thick bullet-proof glass but no sign of gounded chicken wire.
The roof wasn't shielded as far as I could see either, and there were other businesses on floors above.
So ymmv.
What they sell is perception... (Score:1, Interesting)
Not so unique... (Score:4, Interesting)
There were essentially two data centres in one building, each with its own exceptionally large UPS system with rooms full of wet-cell batteries, and each with two backup generators. Naturally there were separate power feeds into the building (three separate sub-stations if memory serves). The most memorable part tho' was walking through the separating wall - 10 feet thick re-inforced concrete which, we were told, had been designed to withstand an impact from a 747. They were under the local airports flightpath - an airport whose runways will never take a 747, but anyway. The wall runs diagonally to the flightpath, but if it lands right on top they've still lost the facility.
The thing that always strikes me about all these types of centres is that they seem to ignore (or just don't talk about) the human factor. Most disaster recovery plans are just as bad. Picture the scenario - half of your facility has just been taken out by some disaster, you probably just lost half of your collegues. I won't describe the scene, but you can imagine what horrors might be going on on the other side of the 10 foot concrete wall from you - how well will the average person be able to cope emotionally, never mind how well they'll be able to do their job? I imagine a lot of people simply wouldn't be able to face coming into work in those situations.
All that said of course, from what I hear those who survived the WTC proved me wrong, but then they were making a stand against the terrorists, and I really admire that. What if though, for the sake of this scenario, the disaster had been caused by human error, natural disaster or whatever. How would people have coped and done their jobs under those circumstances. I think a lot more people would have refused to come into work, even in the disaster recovery site, and those that did would probably have been a lot more distracted and lack motivation, at least once the immediate response to the disaster was over.
Kevlar to the rescue (sort of) (Score:3, Interesting)
In Tsutomu Shimomura's book Takedown (about the hunting and capturing of Kevin Mitnick), Shimomura describes how a snow plow would constantly sever wires running between the trailer he had his computer in and the data center next door. His solution was to wrap super strong kevlar cable around the the vulnerable data cable. This solution worked a little too well-- the snow plow caught the kevlar cable, and indeed it did not break and neither did the data cable; instead the snow plow ended up pulling off the entire side of the trailer the kevlar cable was attached to!
What about connectivity? (Score:2, Interesting)
Okay, good structure, check.
Anyone remember what happened to CNN, MSNBC, etc. after the WTC thing? The sheer number of accesses brought them right down. It was a perfect testament to the fragility of the Web. This ought to be addressed as well; we may not always have Google's famous cache to fall back on.
Re:Good Investment (Score:1, Interesting)
Just to let you know, I work in IT for a large US bank. I've been here for four years, and there is not a lot that someone form the outside can do to compromise our data security. Branches are still on proprietary circuits; all internet traffic to or from the branch banks must come and go via two giance data centers in different cities. Each of those sites have triple firewalls with DMZs... and trust me, they watch that stuff closely.
All incidents (since I've been there) regarding fraud have been internal; most by unimaginative tellers who get caught at the end of their shift because of the nasty habit the managers have of double-checking all balances.
Customer data being taken usually only happens when someone hacks our ouside vendors we use for credit checks and check ordering.