Practical Data Centre Management Part 1
|
|
- Merryl Allison
- 5 years ago
- Views:
Transcription
1 Practical Data Centre Management Part 1 David Cuthbertson BSc MBCS MIOD Mobile david.cuthbertson@squaremilesystems.com 1
2 Housekeeping Fire evacuation Toilets Refreshments 11:15 Mid morning break 1pm Lunch 15:15 Afternoon break Mobile phones Student packs 2
3 Square Mile Overview UK based Cirencester, Glos Focus on applying asset & configuration management techniques to large infrastructures & data centres Develop toolsets for end to end systems and service mapping Integrate existing CMDB / knowledge sources with other toolsets Training, design, data capture, process development All technologies! Business Processes Departmental, Company Services End user, infrastructure, supplier Applications PC, server, mainframe, SOA Virtual Infrastructure PCs, Network, Servers, Storage, DBMS Hardware Infrastructure PCs, Network, Servers, UPS, Storage, Other Fixed Infrastructure (Cabling, Power, Cabinets, Rooms, Buildings) 3
4 Data Centre Management The following organisations have contributed information to this course, directly or indirectly, and their trademarks and cooperation are all acknowledged: Cisco, Panduit, APC, University of California, Texas Department of Information Resources, The Data Center Journal, BCS Data Centre Specialist Group, BICSI, OGC (Office of Government & Commerce), AFCOM ITSMF (IT Services Management Forum), Microsoft 4
5 Introduction, Agenda and Objectives Managing the Data Centre Facilities Introduction and objectives The TIA 942 framework Handover of the data centre facility Establishing the design limits Controlling the environment Maintenance practices Data centre inventory and documentation Installation practices Monitoring and ongoing administration of the facility Meeting the needs of regulators and 3rd parties Testing for recovery and resilience Backup and equipment recovery Access & Security Practices 5
6 Typical Data Centre Issues Heat and power Operating costs Speed of provisioning Optimising space Decommissioning Forward planning Reacting to failures / emergencies Communication with other teams 6
7 Defining a Data Centre A building or portion of a building whose primary function is to house a computer room and its support areas, according to TIA 942 7
8 Data Centre Standards TIA 942 Telecommunications Infrastructure Standard for Data Centers, April 2005 Substantial, available, all-american EN Information technology data centres Smaller scope, European perspective BICSI 942, complementary to TIA 942, expected 1Q2010 ISO/IEC NP Information technology -- Generic cabling for data-centres 8
9 Tier Classifications - The Uptime Institute Tier 1 Tier II Tier III Tier IV Site availability % % % % Downtime (hours/yr) Operations Center Not required Not required Required Required Redundancy for power, cooling N N+1 N+1 2(N+1) or S+S Gaseous fire FM200 or FM200 or suppression system Not required Not required Inergen Inergen Redundant backbone pathways Not required Not required Required Required 9
10 Classifying Data Centres Construction $/ft2 raised floor $450 $600 $900 $1,
11 Redundancy 11
12 TIA 942 Good at specifying how a facility should be designed and installed to meet requirements Ongoing management is often left to technology vendors to recommend O&M manuals for HVAC, UPS, Fire suppression Operational management is the customer s responsibility. 12
13 Technology Evolves Before A Monitor, keyboard and mouse to control servers 3 of 4 Cabinets have Servers 36 deep cabinets Ventilation Along Window Window Front Door 13
14 Technology Evolves After A Monitor, keyboard and mouse moved to remote location All 4 Cabinets have Servers cabinets Entire front ventilated, no window Routing, protecting cable Enclosing equipment More equipment and more types of equipment being put into datacenter 14
15 Changing Requirements BEFORE AFTER No. of Servers per cabinet Power Disipated per cab W 3kW - 25kW Current service to cabinet 16A 32 A or 3 phase Types of Equipment Servers Blade Servers Monitor Power Distribution Units KVMs MidSpan Boxes Power Strips UPS Disk Arrays (Storage) Smart Power Strips Regular Power Strips Network types 100Base-T 1G, 10G, SAN No. of Cables Power 1 or 2 2 to 6 (per server) Network 1 or 2 5 to 10 Total
16 New Technology Challenges Sun Blade 8000 Blade Chassis 4 Power supplies (N+1) 9kW 3 chassis per rack HP C7000 Blade Chassis Up to 6 Power Supplies 13kW 4 chassis per rack Cisco Nexus Data Centre Switch 3 Power Supplies 12kW 16
17 Data Centre Management We will address typical operational management issues required to ensure that data centres (and equipment rooms) continue to work as facilities to house computing devices. Covering: Organisation Facilities Systems Services Staffing Funding 17
18 Data Centre Management We will develop the concept of best practice - industry acknowledged practices, processes and guidelines - what you find to be practical Handout material covers 70% of the course 30% is interactive. 18
19 Management Impact In staff, managing incidents a year In staff managing 9000 incidents a year 32 times improvement in productivity or employ 450 staff Cisco How? 19
20 Inadequate Management Avoidable failures Uncertainty Tasks take too long Lack of ownership Costs are too high compared to others Reacting to events rather than controlling And many others. What do you regard as bad management (in a Data Centre context) 20
21 Best Practice Management For Data Centres No accepted framework In other areas: Project Management Prince 2 Service Management - the IT Infrastructure Library (ITIL) - ISO Information Security - ISO Business Continuity BS
22 Different Working Practices 22
23 ISO20000/ ITIL V2 Framework Security Management Service Continuity & Availability Management Release Processes Release Management Service Delivery Processes Service Level Management Service Reporting Control Processes Configuration Management Change Management Resolution Processes Incident Management Problem Management Capacity Management Financial Management Relationship Processes Business Relationship Management Supplier Management 23
24 Examples Best Practice Procuring a new server Policies - sign off, payment Ordering process life cycle Purchase orders common reference Roles and responsibilities specify, order and approve 24
25 Examples Best Practice Backup Tapes Regular schedule Taken offsite Checked on a regular basis 1. Policies or rules 2. Processes within and across teams 3. Unique reference for lifecycle management 4. Roles and responsibilities 25
26 Defining Management Planning what needs to be done to achieve a particular result Organising and directing appropriate resources. Controlling and making adjustments as needed Motivating all those involved. 26
27 Common Issues (for the manager) Personal objectives Culture and working practices Accurate and relevant information Toolsets, audits, reviews Available resources Organisational structures Difference in understanding of risk at different levels 27
28 Provisioning a Server You have received a request to move 10 existing servers into a data centre. What tasks might have to be done to fulfil this request? 28
29 Exercise 1 - Provisioning Concentrate on these two and the tasks appropriate to each Assess Plan Implement Test Completion 29
30 Data Centre Rack Space %Full % 50-75% <50% 30
31 Power Loading >6kW 2-6kW <2kW 31
32 Cooling Rated % 50-75% <50% 32
33 At the Environmental Level Overall design limits of rooms Power, Cooling, Loading Manage current and future needs Power by Room, PDU, Phase, Cabinet, Strip, Port, Cooling by Room, Zones, Cabinets Floor loading by Room, Zones Space by Room, Zones, Cabinets Maintained list of devices Connectivity of device power Don t assume a spare cabinet can be used! 33
34 Reducing Provisioning Times Reduce discovery time Management toolsets Remove the physical aspect Virtualisation Optimise Processes Formalise workflow Use common knowledge bases 34
35 Starting Well A New Data Centre 1. We have used TIA 942 to determine requirements and build specifications for a new data centre What handover information could you specify from the contractors to make it easier to manage when in service? 2. It has been decided to use a hosting provider to house some of the mission critical computing. How would you assess their management practices so that you would be confident that there is minimal risk? 35
36 Handover of a New Data Centre Typical handover information sets Design documents Test documents O&M manuals Support contracts & conditions Training programme Support systems - BMS 36
37 Understanding Existing Data Centres Environment limits Information sets - formal and informal Working practices - formal and informal Roles / responsibilities Current issues Establish priorities 37
38 Establishing a Baseline Know your environment design limits Understand the gaps Roles Knowledge Practices Decide on priorities and actions 38
39 Establish Design Limits Room Architectural and Structural - Weight Mechanical - Cooling, fire detection /suppression Electrical - Power 39
40 Typical Power Distribution Incoming feeds UPS 32 & 16 Amp Sockets 3 Phase PDU 100A 100A 100A Remote Controlled Power Strips Circuit Breakers 24A 32A 16A Power Strips Power Strips Power Strips 10A 16A Ethernet 40
41 Power Monitoring at Strip Level Totals for Power Strip Individual Port Status and controls 41
42 Exercise 2 Power Trips Your first objective as the new data centre manager is to prevent circuit breakers tripping unexpectedly due to loading issues. What would you do and in what order? 42
43 Controlling the Environment Known design limits Project approval process Regular reviews against limits Forward planning to avoid overload Customer / own kit can cause issues Maintenance practices 43
44 Maintenance Practices Failover testing Optimisation of power, cooling, cabling Maintenance contract records Servicing and maintenance requirements as covered by BS5266 pt1 Batteries Fire detection systems PAT testing CFD Modelling 44
45 CFD Modelling 45
46 Data Centre Inventory and Documentation It s common sense to know what is in your data centre and how it is configured But achieving this is not so easy Why is it so difficult? 46
47 Exercise 3 Data Centre Records The 10 servers have been successfully installed in the data centre What records or systems would you expect to have been updated or modified as a result of the additional servers? 47
48 Recommended Information Sets Space Environment (power, cooling) Connectivity (power, networks) Asset and Inventory controls Device management Service management 48
49 Space Management Space management systems Floor layouts and plans Rack layouts Floor loading Cabinet functions (customer, comms, servers etc.) Spreadsheets 49
50 Environment Building management systems Fire, cooling, temperature, power, humidity Power management systems PDU, UPS, power strips Access controls Power distribution diagrams and lists Current and projected power / cooling 50
51 Connectivity IP addressable power strips Cable management systems Intelligent cable management systems Network provisioning systems Fixed infrastructure diagrams Network diagrams Lists / databases of connectivity between devices and fixed infrastructure. 51
52 Cabling Overview Diagram 3C 3E 2E 2W 1E 1W 0E 0C 0W 0E N1E Fitzwilliam Street London Head Office Fibre Copper UTP 52
53 Cabling Fixed Infrastructure Second 2E-A 2E-A 2E-A 2E-A 2E-B 2E-C First 1E-A 1E-A 1E-A 1E-A 1E-B 1E-C Ground 0E-A 0E-A 0E-A 0E-A Head Office Computer Room 0C-A 0C-A 0C-A 0C-A 0C-B 0C-B 0C-B 0C-B Second 2W-A 2W-A 2W-A 2W-A 2W-B 2W-C First 1W-A 1W-A 1W-A 1W-A 1W-B 1W-C Ground 0W-A 0W-A 0W-A 0W-A 3C-A 3C-A 3C-A 3C-A 3C-A 3C-A 3C-A 3C-A 3C-B 3C-B 3C-B 3C-B 3C-B 3C-B 3C-C 3E-A 3E-A 3E-A 3E-A 3E-A 3E-A 3E-A 3E-A 3E-B 3E-B 0E-B 0E-C 0C-C 0C-C 0C-D 0C-D 0W-B 0W-C 0E-A 0E-A 0E-B Basement 0C-V 0C-V 0C-V 0C-V 0C-F 0C-F 0C-G Fitzwilliam Street 0E-B 0E-B 0E-B N1E-B N1E-B N1E-C 0C-H 0C-J 0C-K 0C-M 0C-L 0C-N 53
54 Asset Controls Lists of all devices and assets Their current status and location Previous history and audit trail Often combined with maintenance and procurement data Auto-discovery can help, but often limited in value in data centres. 54
55 Device Management Network, server, storage monitoring Configuration systems Deployment / provisioning systems Network and other architecture diagrams Automated discovery and scanning Backup and failover 55
56 Service Management Help or service desk system Project control or management system Services maps Devices mapped to critical services Service monitoring tools Recovery planning and testing Billing and charging 56
57 For Example Data centre project server cabinets: 6 servers per cabinet, 3600 servers 4 network connections per server 14,400 switch ports 7200 power connections (dual supplies) Plus SAN storage, network hardware, cabling etc. 57
58 Data Chaos Power feeds to cabinets User locations Network Inventory Chassis/card layouts IP addressing spreadsheet Rack diagrams Network diagrams Maintenance contracts Floor plans Patching spreadsheets Server asset list Building wiring diagrams PAT testing results Departmental billing/charging Service desk inventory Hot/cold aisle Project plans Computer room layout Naming conventions Power phase summation Equipment room maps Labelling standards PABX port mapping SAN Architecture 58
59 Summary of Information Sets There is potentially a huge amount of data, so focus is required Knowledge of components is duplicated, so focus on reducing the number of possible data sets Start with information held by specific teams, before looking at information sets across teams. 59
60 Installation Practices The Data Centre was designed and implemented against various criteria which will be compromised if the installation practices are inconsistent When should you define your own best practices - before you take over the facility, or afterwards? 60
61 Good Installation Practices Original design rules and limitations should be understood by all Keep naming and labelling consistent Updates to O&M manuals must be carried out to keep them current Separate build room can save a lot of time when staging new installs They will evolve, so review regularly. 61
62 Monitoring and Administration of the Facility Improve management information Toolsets, audits, incident and problem reviews Optimise people resources Centralise expertise and workflow Multi-disciplinary staff Culture change Review organisational structures 62
63 Typical Management Data Downtime or availability figures Component, service, customer Incidents Equipment faults, change related Changes Successful, failed or backed out Capacity Existing, planned and full Charging and funding 63
64 Charging and Funding Space Power Cooling Network Ports used Shared Infrastructure Costs and Support Hardware Maintenance Costs and Support Operations Costs and Support 64
65 Exercise 4 - Reducing Costs Without buying new technology, or changing staffing, you are targeted with improving the cost base of the data centre. What management initiatives can you undertake that will reduce direct costs? 65
66 Meeting the Needs of 3rd Parties Insurance SOX, FSA, auditors, etc. Planning permission Legislation Disability Health and safety Electricity at work And others All require evidence that you are complying with their policies, requirements or laws. What would be sufficient evidence in most cases? 66
67 Evidence of Conformance Policies Evidence of processes that support the policies Change records Build and test records Written material or trails Communications Incident reviews If someone was accidentally electrocuted, what would the Health and Safety Inspector want to see? 67
68 Testing for Resilience Resilience may be found in: Incoming power supply HVAC systems Networks Equipment clustering or primary/standby Data storage Used for fault tolerance and maintenance 68
69 Typical Issues with Resilience Is meant to prevent disruption, not cause it! Detailed understanding needed of primary to secondary failover, with evidence Should be tested offline before going live Doesn t work if device configurations are corrupted and functionality is lost Testing is meant to prove the resilience would work if required. 69
70 Backup Backup process Weekly dumps, daily incremental backups Tapes often rotated every 6 weeks Off site storage SAN systems don t impact need for tape backups Most financial data must be retained for up to 6 years, pensions 40 years plus 70
71 Practical Backup Issues Recovery of data may be dependent on media type, recovery software and platform. Password and encryption is more common to protect data, so improved records required to keep passwords available. Organisations must check on physical security of backups e.g. credit card frauds. June 2, 2008 (Computerworld) Bank of New York Mellon Corp. late last week said it has launched a new policy to encrypt data held on storage devices and to limit the amount of confidential client data stored on tape drives. The policy was launched after unencrypted backup data tapes were lost twice by third-party couriers this year. The company late last week also announced that it will provide two years of free credit monitoring, credit-freeze benefits and a $25,000 identity theft insurance policy to those affected by the missing tapes. 71
72 Exercise 5 Data Centre Authority Give examples where initiatives or tasks driven by the data centre team will result in live systems being switched off (planned and unplanned) 72
73 Access and Security Practices Keep the bad guys out and the good guys honest! Two thirds of security attacks involve individuals wanting to damage a company, rather than making a profit 73
74 Access and Security Practices Secure access is a common feature in data centres Access control will depend on organisational issues Building Access Room Access Cabinet, Equipment Layering - multiple needs to authenticate access Many types What you have Card or token What you know Pass code, keypad Who you are Biometric (finger, eye) 74
75 Access Controls Issue Maintenance Recall Authority to enter (internal teams) Authority to enter (external teams) Surveillance issues 75
76 Some Tips Embed in HR terms of employment Confidentiality, adherence to procedures, communicate concerns Applying for access to central system or Operations Centre, rather than local site Criminal checks on those with regular access Guards, Cleaners, Working in pairs or under supervision External auditors useful to support management concerns 76
77 Data Center Job Spec - Yahoo Performs periodic physical security penetration testing. Reviews security logs to monitor unauthorized system access attempts, both internal and external. Investigates and follows up on security violations and incidents. Serve as a member of Yahoo! Paranoids operations security team. Evaluate new data center build-outs/initiatives from a physical security perspective and provide guidance. Develop physical security monitoring standards and ensure those standards are consistently enforced across all locations. BA/BS or experience related military background preferred. Thorough understanding and experience related to Data Center Security policies and practices a must (prefer 5+ years.) Excellent interpersonal and organizational skills. *Excellent judgment, discretion and diplomacy. Knowledge of laws and practices of employee safety. Knowledge of current security technology including access control, CCTV, identification and special applications. Familiar with investigative tactics including interviewing and documentation. Experience administering a large contractor staff of security officers and control center operations. 77
78 Data Centre Management Planning what needs to be done to achieve a particular result. Organising and directing appropriate resources Controlling and make adjustments as needed. Motivating all those involved. 78
79 Key Learning Points One each 79
80 Thank you for attending Have a good journey back home! 80
Best Practices for Managing Data Centres
Best Practices for Managing Data Centres David Cuthbertson Square Mile Systems david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Tel 0870 950 4651 Mob 07717 883177 Best Practices? Guidelines?
More informationManaging The Infrastructure Of Data Centers
Managing The Infrastructure Of Data Centers David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets, training
More informationManaging The Infrastructure Of Data Centers
Managing The Infrastructure Of Data Centers David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets, training
More informationDocumenting and Managing Infrastructure Connectivity
Documenting and Managing Infrastructure Connectivity David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets,
More informationAutomating Physical Infrastructure Documentation. David Cuthbertson Director
Automating Physical Infrastructure Documentation David Cuthbertson Director david.cuthbertson@assetgen.com www.assetgen.com 1 AssetGen Overview UK based Cirencester, Glos, UK Sister company - Square Mile
More informationSan Francisco Chapter. What an auditor needs to know
What an auditor needs to know Course Objectives Understand what a data center looks and feels like Know what to look for in a data center and what questions to ask Deepening understanding of controls that
More informationAutomating IT Asset Visualisation
P a g e 1 It s common sense to know what IT assets you have and to manage them through their lifecycle as part of the IT environment. In practice, asset management is often separate to the planning, operations
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationEnsure that all windows servers are patched and virus checked to the correct levels and that changes are made in line with ISO standards
Job description and person specification Senior ICT Officer Reports to: ICT Manager Purpose This role supports the provision of a high quality and measurable ICT infrastructure support service whilst delivering
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationDude Solutions Business Continuity Overview
Dude Solutions Business Continuity Overview Table of Contents Overview.... 2 Primary and Disaster Recovery Data Centers.... 2 Network Infrastructure.... 3 Emergency Processes.... 3 Power and Cooling Systems....
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationINFORMATION SECURITY- DISASTER RECOVERY
Information Technology Services Administrative Regulation ITS-AR-1505 INFORMATION SECURITY- DISASTER RECOVERY 1.0 Purpose and Scope The objective of this Administrative Regulation is to outline the strategy
More informationNetworks - Technical specifications of the current networks features used vs. those available in new networks.
APPENDIX V TECHNICAL EVALUATION GUIDELINES Where applicable, the following guidelines will be applied in evaluating the system proposed by a service provider: TABLE 1: HIGH LEVEL COMPONENTS Description
More informationUCLA AUDIT & ADVISORY SERVICES
UCLA AUDIT & ADVISORY SERVICES Edwin D. Pierce, CPA, CFE Director September 4, 2015 10920 Wilshire Boulevard, Suite 700 Los Angeles, California 90024-1366 310 794-6110 Fax: 310 794-8536 SENIOR VICE PRESIDENT/CHIEF
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationDavid Cuthbertson. Mapping Services, Systems & Servers. Chairman BCS-SMSG
David Cuthbertson Chairman BCS-SMSG Mapping Services, Systems & Servers david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Tel 0870 950 4651 Mob 07717 883177 Square Mile Systems 1 Why Map
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationData Centers & Technology:
Data Centers & Technology: Risk in the digital landscape Presented by; Ralph de Mesquita Principal Risk Analyst, Risk Engineering UK Agenda Rise of cloud providers Four scenarios: where are the insurable
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationWHITE PAPER. Title. Managed Services for SAS Technology
WHITE PAPER Hosted Title Managed Services for SAS Technology ii Contents Performance... 1 Optimal storage and sizing...1 Secure, no-hassle access...2 Dedicated computing infrastructure...2 Early and pre-emptive
More informationRFP Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service
RFP 2017 845 Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service Version 1 Contents Project objectives... 1 Background... 1 Scope... 1 Timeframe and Cost... 4 Stakeholders, roles and responsibilities...
More information(Data Center Networks & Cloud Computing Security)
BPSDC (Data Center Networks & Cloud Computing Security) Lecture 3 Data Center Standars Service Level Agreement 2 Building a Data Center is just a Start What is Service Level Agreement (SLA)? An official
More informationCase Study Automating Data Centre Infrastructure Diagrams
Case Study Automating Data Centre Infrastructure Diagrams Daniel Nunn, UK Data Centres Manager ICM Business Continuity ICM Overview Phoenix IT Group 2400 employees Acquired ICM in 2007. Other group companies
More informationVisualising Your CMDB With Visio
Visualising Your CMDB With Visio David Cuthbertson Square Mile Systems Square Mile Overview Develop AssetGen toolsets, training and techniques for operational management of complex IT infrastructure Focus
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationSERVICE DESCRIPTION MANAGED BACKUP & RECOVERY
Contents Service Overview.... 3 Key Features... 3 Implementation... 4 Validation... 4 Implementation Process.... 4 Internal Kick-Off... 4 Customer Kick-Off... 5 Provisioning & Testing.... 5 Billing....
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationOver IP Group. Data Centre Infrastructure Management (DCIM)
Over IP Group Data Centre Infrastructure Management (DCIM) Mission To Protect the World s Network Through Innovation Let s Get Connected Over IP Group Agenda The Aim of CenterOS DCIM What is the CenterOS
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationIntroduction to SURE
Introduction to SURE Contents 1. Introduction... 3 2. What is SURE?... 4 3. Aim and objectives of SURE... 4 4. Overview of the facility... 4 5. SURE operations and design... 5 5.1 Logging on and authentication...
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationBUSINESS CONTINUITY. Topics covered in this checklist include: General Planning
BUSINESS CONTINUITY Natural and manmade disasters are happening with alarming regularity. If your organization doesn t have a great business continuity plan the repercussions will range from guaranteed
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informatione2e Managed Customer Cloud Infrastructure Service Service Definition Document
1 e2e Managed Customer Cloud Infrastructure Service Service Definition Document OVERVIEW A range of Cloud infrastructure managed services where the customer buys or already owns the Infrastructure but
More informationInformation Services IT Security Policies L. Network Management
Information Services IT Security Policies L. Network Management Version 1.1 Last updated: 11th August 2010 Approved by Directorate: 2nd July 2009 Review date: 1st August 2011 Primary owner of security
More informationCourse Description. Audience. Prerequisites. : Course CTDC : Certified TIA-942 Design Consultant. Course Outline :: CTDC ::
Module Title Duration : Course CTDC : Certified TIA-942 Design Consultant : 3 days Course Description Data centres are at the core of many organisations. Downtime of the data centre could lead to major
More informationDCIM Software and IT Service Management - Perfect Together
DCIM Software and IT Service Management - Perfect Together A White Paper from Raritan 2015 Raritan Inc Overview Information Technology is so fundamental to every business today that every organization
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationAvoiding High Density Spaghetti - Managing High Density Modular Cabling Systems
Avoiding High Density Spaghetti - Managing High Density Modular Cabling Systems David Cuthbertson Square Mile Systems Disclaimer All references to manufacturers or products are for illustration only and
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER
ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER IT Audit, Information Security & Risk Insight Africa 2014 Johnson Falana CISA,MIT,CEH,Cobit5 proverb814@yahoo.com Overview Information technology
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCritical IT Facilities at the Edge
Critical IT Facilities at the Edge Mark Howell Global IT Facilities Planning & Engineering Ford Motor Company Critical IT Facilities at the Edge What are critical IT facilities at the Edge? Why are critical
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationSAS SOLUTIONS ONDEMAND
DECEMBER 4, 2013 Gary T. Ciampa SAS Solutions OnDemand Advanced Analytics Lab Birmingham Users Group, 2013 OVERVIEW SAS Solutions OnDemand Started in 2000 SAS Advanced Analytics Lab (AAL) Created in 2007
More informationData Processing Amendment to Google Apps Enterprise Agreement
Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google
More informationDATA CENTRE & COLOCATION
DATA CENTRE & COLOCATION RISING DEMAND FOR HOSTED SERVICES When it comes to hosted IT infrastructure, organisations are looking for highly resilient, highly available and highly scalable facilities at
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationPIM Pretium Intelligent Management
Cable Systems PIM Pretium Intelligent Management Dirk van Moll Private networks, EMEA What is Intelligent Patching? Discovering, documenting, monitoring, and managing the physical network connections and
More informationIT CONTINUITY, BACKUP AND RECOVERY POLICY
IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY Effective Date May 20, 2016 Cross- Reference 1. Emergency Response and Policy Holder Director, Information Business Resumption
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationIBM Site Enablement Services
IBM Site Enablement Services Resilience for Your Data Centre 13/05/2005 Why Site Enablement Services? Hardware and Software are becoming increasingly dependable, but the environment in which they operate
More informationBME CLEARING s Business Continuity Policy
BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationData Center Design and the ANSI/TIA-942 Standard
Data Center Design and the BICSI Regional Meeting Ellicott, MD Rick Foster RCDD,TLT Communications Infrastructure Group July 27, 2006 What is ANSI/TIA-942? Published by TIA in April 2005 Telecommunications
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationEX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101
EX0-101_ITIL V3 Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ Exin EX0-101 ITIL Foundation V 3.0 & ITIL Foundation Version: 8.0 Exin EX0-101 Exam Topic
More informationHP MSA Family Installation and Startup Service
Technical data HP MSA Family Installation and HP Services Service benefits Allows your IT resources to stay focused on their core tasks and priorities Reduces implementation time, impact, and risk to your
More informationKantanMT.com. Security & Infra-Structure Overview
KantanMT.com Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions...
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationHP StorageWorks MSA/P2000 Family Disk Array Installation and Startup Service
HP StorageWorks MSA/P2000 Family Disk Array Installation and Startup Service HP Services Technical data The HP StorageWorks MSA/P2000 Family Disk Array Installation and Startup Service provides the necessary
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationISO Implementation
ISO 27000 Implementation Justin David G. Pineda Asia Pacific College Best Practice Implementation Proposal for Plato Airlines September 5, 2015 [1] Table of Contents ISO 27000... 1 Project Overview...
More informationMemorandum APPENDIX 2. April 3, Audit Committee
APPENDI 2 Information & Technology Dave Wallace, Chief Information Officer Metro Hall 55 John Street 15th Floor Toronto, Ontario M5V 3C6 Memorandum Tel: 416 392-8421 Fax: 416 696-4244 dwwallace@toronto.ca
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationThe ITIL v.3. Foundation Examination
The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 4, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.
More informationITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F
ITSM20F_Umang Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0 http://www.gratisexam.com/ Exin ITSM20F IT Service Management Foundation based on ISO/IEC 20000 (ITSM20F.EN) Version:
More information10 Reasons Why Your DR Plan Won t Work
10 Reasons Why Your DR Plan Won t Work Jim Damoulakis CTO, GlassHouse Technologies, Inc. Sept. 29, 2005 DR Vision Imagine Prepared to handle multiple categories of disaster Clearly documented policies
More informationHOW WELL DO YOU KNOW YOUR IT NETWORK? BRIEFING DOCUMENT
HOW WELL DO YOU KNOW YOUR IT NETWORK? BRIEFING DOCUMENT ARE YOU REALLY READY TO EXECUTE A GLOBAL IOT STRATEGY? Increased demand driven by long-term trends of the Internet of Things, WLAN, connected LED
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationDATA CENTER COLOCATION BUILD VS. BUY
DATA CENTER COLOCATION BUILD VS. BUY Comparing the total cost of ownership of building your own data center vs. buying third-party colocation services Executive Summary As businesses grow, the need for
More informationHow To Document Campus Infrastructure Offices, Hospitals, Universities, Airports, Etc. 29 th November 2012
How To Document Campus Infrastructure Offices, Hospitals, Universities, Airports, Etc. 29 th November 2012 David Cuthbertson, Director Square Mile Systems Ltd www.squaremilesystems.com Some Background
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationMapping and Auditing Your DevOps Systems
Mapping and Auditing Your DevOps Systems David Cuthbertson, CEO Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Personal Background Personal Experience Industry
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationObjectives of the Security Policy Project for the University of Cyprus
Objectives of the Security Policy Project for the University of Cyprus 1. Introduction 1.1. Objective The University of Cyprus intends to upgrade its Internet/Intranet security architecture. The University
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationITIL and IT Service Management
Background and Introduction to ITIL and IT Service Management Agenda/Learning Objectives What is ITIL The history of ITIL The key components of version 3 (the Lifecycle) The key advantages and Objectives
More informationenalyzer enalyzer security
enalyzer enalyzer security A documentation that provides an in depth description, that can be read as is, or forwarded to IT departments demanding more technical information. Copenhagen, May 2018 www.enalyzer.com
More information