Secure Operation
Managing and operating a datacenter requires to follow tailored processes to reap expected results from the datacenter. While considering standard operating procedure (SOP); security in all the aspects is a most needed aspect. Datacenter SOP should be developed based on Standards like ISO 27001 and best practices like ITIL, which will provide the clear understanding on the control’s requirements such as Administrative, Technical and Physical.
SOP should have minimum following aspects in it;
Security of Datacenter
The datacenter should take all the required security measures to guarantee the confidentiality, integrity, availability of their client’s information, networks and services. Appropriate technical and organizational measures should be identified and put in place to ensure minimum level of security.
A comprehensive Information Security framework that includes the essential components such as but not limited to;
- Risk Assessment and Management;
- Configuration Management;
- Change Management;
- Incident Management;
- Secured application acquisition, development and maintenance;
- Business continuity plan and Disaster recovery plan;
- Vulnerability assessment and Audit;
- Internal and external penetration testing and
- Legal and Regulatory compliance identifying, maintaining and monitoring.
Data Centre Team is solely responsible for security of the Data Centre Infrastructure, Network and
Communication Infrastructure and Servers and Applications.
The required minimum Service Levels and the management of Data center should include but not be limited to:
- Measurement and Reporting of Service Level achieved
- Service Level target for external Service Providers
- Data Centre commitment on what must be provided to Customers
IT Infrastructure Resources Management:
HVAC – Heating, Ventilation, Air conditioning (Cooling, Humidification, De-humidification)
- Operations Parameter for Data Centre Room
- Minimum required standby Spare Parts available on-site
- Regular monitoring Duties and Responsibilities
- Monitoring external Water Supply for HVAC Status and condition of UPS – Uninterrupted Power
Supply - Minimum required standby Spare Parts available on-site Racks
- Regular Duties and Responsibilities
- Required Spare Parts available on-site
Internal Network and Communication Infrastructure Management
- Core Switches
- Cabling
Network and Communications management
- Broadband connections
Servers and Applications management
- Servers Management life cycle
- Rack-Mounting of Servers and Cabling
- Installation of Operating System
- Installation of Monitoring Agents and connect to Monitoring System
- Installation of Agents for Backup-System and configuring Backup
- Regular Monitoring by Manual Checks and / or automatic Warnings and Alarm from Monitoring
System - Infrastructure Applications
- Domain Name Servers (DNS)
- Central Authentication Server
Common ICT Processes
- Day to day operations procedures
- Emergency Reboot of Servers as and when required
- Regular Reboot of Serves Scheduled / unscheduled
- Onsite Spare Parts / Reserve Parts for Servers planning and making available
- Replacing faulty parts / parts with limited life time in Servers
- Regular Restoration Tests of Servers and Services
- Access control Process for allowing customer / visitor Data Centre
- Processing access Requests to locked cages / locked racks
- Capacity Management for Data Centre
- New acquisition / Project triggered processes
- Adding / Modify new Hardware to the Data Centre
- removing of Hardware and other Equipment
- Software Life-Cycle Management of Data Centre related software
- Third party / vendor of Support Contracts
- Regular recurring processes
- Data Centre Capacity Planning / Management
Disaster Recovery Planning
- DR – Tests
- Fail-over Test from public Power Supply to UPS
Asset management
Resources:
- Human Resources – Roles and Responsibilities
- Shift / Rota Planning
- Staff Technical Training and Certifications
- Capacity Building