In a press release, VMware revealed a roadmap that is focused on IT services in support of Business.  As expected, there is a lot of focus on the Cloud in this strategy.  Earlier posts in this forum highlight how foundational the Cloud has become in enterprise IT roadmaps.  What is more interesting in this announcement is the focus on IT as a service.  In this post, we are focusing only on the content of VMware’s press release because of its statements about product strategy.  It is recognized that additional color and content apply from the conference more broadly.

Those familiar with our background will recognize that IT as a Service is very close to home for us.  In the VMware press release, we find good “apple pie” content such as “IT as a Service is the transformation of IT to a more business-centric approach, focusing on outcomes such as operational efficiency, competitiveness and rapid response.  This means IT shifts from producing IT services to optimizing production and consumption of those services in ways consistent with business requirements.  This changes the role of IT from a cost center to a center of strategic value.”  What though, is VMware’s role in this concept?

Well, certainly VM can be a fundamental infrastructure service, that much is for sure.  Subsequent content in the press release returns to discussion of the Cloud.  An interesting point is made about support for an “open ecosystem,” which is very important for an agile enterprise architecture strategy.

In our opinion, the overall message about virtualization and Cloud computing options being enablers for IT services and the projected impact on Business agility and efficiency are good points to drive home.  The fact that VMware is a key player in Cloud computing is a given.  It’s a bit of a stretch though, to say that VMware establishes a service oriented enterprise IT environment.  It can be an important component, to be sure, but an enterprise IT service framework is created by IT strategists, Business management, and enterprise architects through planning and creation of a holistic IT Governance framework rather than selection of a provider for infrastructure components.  The announcement though, is a very well crafted message that is appropriately worded for VMware’s audience and the Cloud community more broadly.

So what does this mean for us chickens?  Well, there’s quite a variety of opinion in the industry so far.  The official company line(s) are of course that this will lead to technology that improves security for network connected devices of all types (something we certainly can benefit from), and of course that there is a great opportunity for more sales of security software if every new CPU is seen as an opportunity for that.  However, there is a good bit of open endedness around this.  We’ll at least give you our opinions.

For one thing, while the idea of a hardware-integrated security foundation has appeal, this is a concept that will take many years to spread through the enterprise IT footprint.  There are lots and lots of platforms in the enterprise now that cannot take advantage of this, and refresh cycles will have to run their course for more contemporary silicon to establish broadly in the enterprise.

To cut to the chase, if you agree that the security product market is in a state of transformation, then there is much food for thought with this merger.  For the past few years, McAfee held a solid second place in the security software market behind Symantec and in front of Trend Micro.  With McAfee a part of Intel, Trend Micro is the only remaining pure-play security vendor in the front of the pack.  That could spell opportunity for Trend Micro, at least so far as the merger may prove a near-term distraction to McAfee.

As a McAfee user myself, it worries me that my supplier of something as critical as PC security software is potentially swizzling its business model.  I’m probably not alone in that I’m comfortable with the other choices I have for security software, and that may be a valuable indicator of some of the risk exposure of this merger.

The fact that this is just one example of a security product company being purchased by hardware or services companies (similar moves have recently happened with HP, IBM, RSA, Fortify, and others), we think is evidence of changes ahead in how security features exist or are accessed by the various layers of the stack.  We’ve seen the traditional OSI stack shrink considerably over the past decade, and we think this is also a part of that evolutionary progression of data processing architectures.  Where it goes next will be interesting to watch.

We’d like to know if there are particular topics or questions you’d like to see addressed in this book.  Please post comments with your thoughts and suggestions.  Selected comments will receive a discount offer when the book is released.

After a period of many months during which there seemed to be little movement in the container world, the past few months have shown numerous new container product releases and announcements of new container concepts from an even wider array of suppliers.  It seems too, that the idea of “containers” is busting out from the limitations of shipping container form factors.  This development, we think, is indication of an approaching evolutionary step in the use of containerized space as a useful modular scaling option.

We will introduce a few of these new developments here, in order to present a view of the direction of new work in this area, and save detailed discussion on individual products for later posts.

One of the more interesting concepts is from a provider that we, at least, didn’t see coming in this space and that is Wipro.  Wipro has announced its FluidState data center concept.  “FluidState” stands for Flexible, Lean, Upgradable, Intelligent Datacenter and is said to be a mashup of technology from Cisco, Hitachi, HP, and EMC (seems like a lot of overlap there, doesn’t it?).  This concept has speed of deployment at its core, with a claim of one-week setup time and can even be scaled down with business demand.  That’s a very interesting design feature indeed.

Another entrant in this space is from i/o Data Centers.  The i/o Anywhere Data Center is positioned as a service product, where the modular solution is delivered to the customer in a matter of weeks and includes all of the critical infrastructure as well as the payload floor, and comes with a 100% uptime SLA.  With pictures speaking more than words, the following video gives a great impression of the level of scalability and modularity of this solution.

Furthermore, a vote of comfort for this solution comes from the use of this same architecture in i/o’s own commercial colocation facility business.  Such facilities can be built in increments ranging from 1,400 square feet to 20,000 square feet, and there is even an option for solar power assistance.

A third player new to coverage here is the Australian company, Datapod. Datapod is releasing a system of data center component modules, with infrastructure based upon APC’s InfraStruXure product set.   Datapod containers come in a variety of sizes up to 20-feet, and can include both IT and infrastructure equipment or an assortment of specialized modules.  The following is a video from APC showing assembly of a Datapod data center:

The fourth entrant we’ll share today is from Colt.  Unlike most of the other players in this space, Colt’s modules are in 500 square meter increments, deployable in under four months.

Normally recognized as a network and IT services company, Colt will build and test the entire data center facility in the manufacturing plant, before shipping it to the end customer.  Colt created a new Colt Data Centre Services Division to manage this part of their business.

The products and concepts introduced here are different from container-based offerings we’ve covered before, in that we see forward progress toward an agile, modular approach to building general enterprise class data center facilities that are not necessarily based on high density data processing footprint locked into a specific vendor.  This is evidence of the evolutionary step we’ve been hoping for from the container area.

This week, I had the pleasure of touring a data center developed and operated by a provider that has sites in only two cities in the US so far.  I’m intentionally not mentioning the name of the provider, but would like to share some of the things they’re doing that impressed me.  I was impressed because these are basic energy efficiency and capacity optimization features that for many larger providers, are deliberated to the point of indecision, but for these guys are done almost casually and with ease.

The first of these is cold aisle containment.  The plastic blinds solution that often gets mired in fire code and aesthetics complications are in use at this provider.  The fire code issue is addressed by ceiling clips that disconnect under heat, thus freeing the space for sprinkler coverage.  Empty cabinets are blanked from the inside with contact paper, rather than the more expensive commercially produced blanking panels.  The contact paper, by the way, is not fire retardant and as such we can’t endorse this approach… but even commercially available full-cabinet panels are not expensive.

Another feature is free air cooling.  This particular facility is in Atlanta, Georgia, and other Atlanta operators that I’ve met feel that the climate in Atlanta is right on the edge of what is efficacious for free air use.  This operator has adopted the new expanded ASHRAE temperature guidelines, and uses free air for at least part of the day, everyday for a five month period.  Doing so is said to have shaved 5% off of their energy bill.

The third is the use of well water for make up in cooling towers.  Granted, this operator is hardly alone in taking advantage of free ground water, but in an urban setting I found it rather unique.

Granted, none of this is revolutionary at all.  My purpose in sharing it is because I’ve seen many larger operators pass on these same low cost, readily available options for reasons that are logically sound but perhaps overcomplicating the issue.  Then again, maybe it’s simply a reflection of the agility available to smaller operators with a smaller audience approving operational changes.

A colocation facility that has cardboard and other such material in customer cages shows very poorly.  That is, new customers touring the site as a potential future data center will not be impressed by the apparent state of operational controls when trash is visible in cages.

More importantly though, storage of cardboard and packaging material on the IT floor is a security risk.  This material is likely the most flammable of any present in the environment, and fire is an availability and safety exposure.

We are strong advocates of the “no cardboard on the IT floor” policy in the operational guidelines.  Many facilities, especially those in carrier hotels, don’t have the necessary space for a customer staging area that is necessary to practically implement such a policy.  Some such facilities implement a time limit after which all cardboard and packaging material have to be removed from the floor or it will be discarded at the operator’s discretion.  The latter approach is especially difficult to manage though, because of the simple fact that things leave the floor with much more difficulty than entering the floor.

There are more dimensions to this issue than those of the operator and tenant.  The suppliers of IT equipment themselves have an opportunity to impact this issue as well as their own bottom line.  An article by Claudia Girrbach reprinted by Data Center Pulse outlines this vendor dimension of the issue in good detail.  Among these recommendations are elimination of unneeded items in the shipment (or awareness of unnecessary redundancy of items in a shipment), right-sizing of packaging, use of sustainable material sources in packaging,  and design of packaging so that it’s more easily broken down once received.

Facilities that manage this issue well have a “no cardboard on the floor” policy, supported by adequate receiving and staging space, comprehensive recycling programs for waste packaging material, and an enforced policy for how tools, parts, and other material that must be kept in the customer cage are to be stored (e.g., approved closeable plastic bins.  Sites like these show much better and deliver a much more favorable security risk profile.

Over the past few weeks there has been a lot of press for the Stuxnet (Trojan) worm.  What is interesting to share with you about this malware du jour is that rather than targeting personal information or productivity on a person’s PC, this critter is designed specifically to target control systems commonly used in manufacturing plants and other industrial facilities including critical public utility infrastructure.

Stuxnet exploits a previously undisclosed vulnerability in Windows to access management software for Siemens SCADA (Supervisory Control and Data Acquisition) systems that are commonly found in manufacturing, industrial, and utility systems.  These types of systems are typically not connected to the Internet, but the malware travels by USB device (e.g., a thumb drive).  Once the malware discovers the Siemens application software, it copies project files to an external web site.  Other actions are not yet reported, but it’s clear that with access to key control systems, serious disruption could be accomplished even beyond theft of manufacturing process information.  Stuxnet has the ability to upload code to programmable logic controllers (PLCs) in SCADA systems.  The PLCs determine how industrial systems operate.

Microsoft has published a security advisory, explaining how to diminish chances the worm will spread on local networks, once infected.  Changes to the Siemens software appear to be more complex though, to prevent the worm as currently crafted, from infecting systems without disrupting operations on a wider scale.

So where did this Stuxnet malware come from?

Aside from the detailed knowledge of how Siemens control systems are architected, the level of sophistication leads some to believe that this was truly created by a nation-state.  Who could that have been?

Iran has been hit the hardest so far, along with India and Indonesia.  It’s difficult to know if any of these countries were targets or if they happened to be infected because of the traffic of engineers between those countries.  Other Middle Eastern and Southeast Asian countries also experienced attacks, but so did Ecuador and the United States.

At any rate, the interesting point here is that we have an example of malware that can truly be used as a weapon to disrupt critical infrastructure for public safety as well as industry and economy.  Furthermore, the attack vector need not involve the public Internet.  In the US, President Obama has recognized the investment deficit in cyber security and has announced what is called a Comprehensive National Cybersecurity Initiative.    It’s long been known that the US has fallen behind countries like Russian and China in the areas of cyber warfare and cyber security.

We have entered a new era in information system security.

This month I had the pleasure of moderating a panel discussion at the monthly meeting of the Association of Telecom Professionals (ATP).  The event was titled, “Atlanta: Global Network Gateway to the Cloud.”  The ATP did a wonderful job of assembling thought leaders from nearly all dimensions of the Cloud Ecosystem.

Representing the ranks of cloud service providers were Matthew Elkourie, CTO of ColoCube (an IaaS provider) and Steve Mannel, Global Industry Executive with Salesforce.com (a PaaS and SaaS provider).  The network layer was represented by Paul Savill, VP of Product Management at Level3.  Rounding out the panel was the enterprise user perspective, chaired by Intercontinental Hotel Group VP of Global Technology, Mr. Gustaaf Schrils.

After attending and participating in a number of cloud events over the past couple of years I have to say that I was surprised at much of the dialogue emerging from this distinguished panel.  First was the level of sophistication and operational polish that exists with contemporary cloud services today.  ColoCube is enjoying success and growth in the market and this results from a rock solid and secure product.  Salesforce, of course, is becoming a household name in the cloud space, and after listening to Steve Mannel’s commentary, they’re far from resting on laurels.  More great stuff is on the horizon from these guys.

Level3 demonstrates how important cloud services are to network service providers.  Paul Savill outlined the product strategy for the audience, demonstrating that access to cloud-based services is not only here and now but also here to stay on the enterprise technology roadmap.

Driving that point home was the content shared by Gustaaf Schrils.  As a company with global presence, globally distributed customers, and electronic touch by these customers on the order of over ten times per second, IHG is the poster child of early twenty first century business.  The extent of the cloud strategy of IHG is impressive indeed, with clear direction public, private, and hybrid.  The cloud is fundamental to IHG’s technology roadmap.

For those selling cloud services or cloud enabling services, consensus was that business is on the upswing and adoption is steadily increasing.  One of the notable surprises for me was in the area of security.  As anyone following the cloud is aware, the topic of security has long been at the top of the issues list.  However, it was the unanimous view of this panel that cloud security is today a diminishing concern.  That is certainly not to say that security is no longer important, but rather that cloud services and underpinning technology and operations are maturing to the point that security carries more confidence than it did, perhaps even a year ago.  This is welcomed news indeed and I think does reflect forward movement on the cloud maturity curve.

I’d like to hear your views, and to hear whether the dialogue from this panel discussion is consistent with what you’re hearing.  Post and tell us.

The new guidance from The Uptime Institute includes characteristics of data center operations in the categories of Management and Operations, Building Characteristics, and Site Location.  This augmentation of the four-tier model is long anticipated, and we think these are appropriate categories to encompass the quality of operations procedures (MOPS/SOPS) as well as the risk management factors that are directly impactful to the successful management and operation of the facility.

The point of including the operational sustainability factors into the Tier standard is to facilitate computation of a score for a data center’s operational elements, reflecting the potential impact of these elements on the long-term availability performance of the site’s topology score.  This is then articulated as a suffix to the tier rating in a three-level color code- bronze, silver, gold.  For example, a Tier III data center with exceptional assessment of operational elements may receive a rating of Tier III-Gold.

As a matter of course, The Uptime Institute reserves the exclusive right to assign an operational sustainability score to a facility, just as it does for the infrastructure topology tier rating.  Within the information published so far by The Uptime Institute describing this operational sustainability scoring system, no guidance is revealed for scoring beyond yes/no, other than the prioritization of which factors are seen to be more impactful or important than others.  Specifics regarding how the assessment takes place are simply not published at this time.

More on the elements of Operational Sustainability

The Operational Sustainability assessment of a given facility involves discovery and evaluation in three major categories:

1.     Management and Operations

2.     Building Characteristics

3.     Site location

The incident database compiled by The Uptime Institute reveals that as much as 70% of availability incidents are due to human error.  This is within the range of other research in this area as well (we’ve seen statistics as high as 80%).  As such, perhaps the most important element of operational sustainability is that of Management and Operations.

Within the Management and Operations category, The Uptime Institute defines four areas of assessment:

1.     Staffing and Organization- Referring to the proper number and qualifications of personnel comprising the operations team in the data center, as well as shift coverage and well defined roles and responsibilities which are taken in high regard by management.

2.     Maintenance- Referring to the rigor of the preventative maintenance programs, housekeeping, maintenance management, service level agreements, and life-cycle planning.

3.     Training- referring to personnel training programs for policies and procedures, incident response, et. al., and the source of training including OJT, vendor delivered training, and external educational sources.  The experience and competency of the staff is key to maintaining systems and components.

4.     Planning, Coordination, and Management- Referring to the full scope of data center management factors including capacity planning, operational planning, policy creation and enforcement, et. al.

While there is certainly depth beyond what the Institute has published regarding this model so far, we think there are other factors that deserve mention in this category.  One of these is the strength of Methods of Procedures (MOPS) and Standard Operating Procedures (SOPS).  MOPS and SOPS are foundational components of data center management and the core of effective maintenance programs.  They are often drawn upon component vendor recommendations and construction or commissioning contractor guidance, but also include the wisdom of experience and expertise of the operations and management staff of the site itself.

Governance is another area that may be implied by the Planning, Coordination, and Management topic, but one, which among other things infuses the operational framework with risk management and business planning factors.

Building Characteristics is the second element included in the Institute’s model.  Building characteristics are further defined by four sub categories as follows.

1.     Building Features- The specifics around this metric are few, but it makes sense that building features be included as a category in this context, since the shape and architectural layout of the space can directly impact not only operational complexity but also the MEP topology and scale able to be installed in the building.

2.     Infrastructure- Characteristics of the building itself that impact MEP infrastructure installation, maintenance, and operations

3.     Operating Conditions- The Uptime Institute’s paper describes here the notion of operating set points of infrastructure components.  This is certainly an operational topic impacting availability (not to mention efficiency), but seems oddly positioned as a “building characteristic.”

4.     Pre-Operational- Included here are proper commissioning and documentation for handoff to the operational team.  This is certainly an important step in the timeline of data center development.  It would seem though, that an organization going to the effort and expense of certification would likely be of sufficient maturity to include commissioning and staff training as a part of the operational readiness plan.

The third category of the Operational Sustainability model is Site Location.  Certainly this is important in the overall risk profile of a facility and rather fundamental to tier level certification by The Uptime Institute.   The Uptime Institute consolidates this topic into two areas:

1.     Natural Disasters

2.     Manmade Disasters

This is probably a sufficient category set for site selection, as any threat coming to mind could arguably be placed into either of these two categories.

At the end of it all, The Uptime Institute will assess their findings for a particular site in this regard and award a Gold, Silver, or Bronze score, which is then used as a suffix with the tier rating.  The reader is encouraged to read The Uptime Institute’s white paper on this subject themselves for further information, but the paper does not go into detail regarding how the assessment process plays out, nor detail about how scoring takes place.

Closing Comments

This guidance on operational sustainability is new from The Uptime Institute, so as of this writing, few miles have been traveled with the expanded tier standard.  The release was much anticipated though, and while the time since release has not been long; it’s surprising at least to us how little dialogue has resulted.  As always, the guidance from The Uptime Institute is well regarded and based on solid research and thought leadership.  We suppose though, that the reason for the low level of attention for the new expanded guidance is due to the same reasons the MEP infrastructure tier guidance is so popular.

To say it another way, the four-tier model for data center availability has gained significant mind share because it provides a (very easy) model for a business to align with a certain level of data center specifications.  Whether a given business is well served by that approach alone is the subject of another discussion.  However, the absence of operational considerations was noticeably lacking in the four-tier model until now, and led to lengthy debate between provider and buyer about historical availability performance versus tier-model predictions.  The audience that embraced the four-tier availability model probably does not as easily internalize this operational guidance.  It’s an important topic, but is perhaps beyond the “happy place” of the business audience, or at least does not offer the same immediate value as the preceding four-tier model.  For the technical audience, on the other hand, it is perhaps difficult to give the new model the credit it’s due when it is presented as a sort of appendage to the tier model.

While we have very high regard for the work produced by The Uptime Institute and recognize the value it brings to many mission critical facilities discussions, we think that a model that more holistically includes infrastructure and operations, as well as a basis in a risk management assessment is more relevant to data center planning.  We suggest the reader look at the BICSI-002 guidance, recently published and presented. What is also missing, in our opinion, is inclusion of historical availability performance of the site and its team, but then The Uptime Institute’s tier methodology is a predictive model, and the inclusion of such factors might confound the underpinnings upon which that methodology is built so we will leave that point to the side.

We’re interested in your thoughts on this topic, and especially if your organization is considering certification for Operational Sustainability by The Uptime Institute.  It would be very interesting to hear your views on how this new extension to the model may impact your facility.

The four-tier model from The Uptime Institute was developed through thoughtful analysis and extensive empirical data from facilities of member organizations.  One of the reasons that enterprises have gravitated to this model is that it gives guidance as to what level of availability is necessary for certain business models and business characteristics.  While this is helpful, the level of abstraction of this framework of guidance is high.  A coarse application of guidance can lead to inaccuracy of planning.  In the case of data center projects, this exposes the possibility of over building or at least spending that is not accurately targeted.  For example, a coarse application of these guidelines could cause planning for a facility designed for one segment of the business’ applications at the expense of all the other enterprise applications.

Interesting also is the fact that while a facility may be uncertified or even non-certifiable to a particular tier level, its true availability performance often outperforms even higher tier ratings (especially in the case of quality providers).  The Uptime Institute model has sometimes drawn criticism because it excludes factors contributing to operational excellence, as well as risk management factors that vary significantly based on geographic location alone (as well as other things).  The Uptime Institute is working on modifications to its guidance for precisely these reasons, and we look forward to those developments.

In the mean time,we now have the new BICSI-002 standard released (finally) in June 2010.  The newly released standard is “BICSI-002-2010, Data Center Design and Implementation Best Practices.”  This document is long awaited by the industry, and will likely be adopted as an ANSI standard as well.  The document contains advice relevant to IT telecommunications management, security management, operations management, facilities, A&E, and Construction.

Our focus today is with what BICSI has advised regarding data center availability models, and we’ll leave the rest for later discussions.  There is a lot to like in the new BICSI work, and we’ll share it at a very high level for you here.  Along the way we’ll be drawing comparisons to The Uptime Institute’s data center tier model.  This is because our readers are known to be familiar with that model and it’s therefore a useful barometer.  We in no way mean to slight either organization in doing so.

The BICSI-002 standard includes three Annex sections that are subtitled, “informative,” and as such is technically separate from the standard itself.  However, this is where BICSI delivers its guidance on this topic.  For our discussions here, we’ll acknowledge that disclaimer but still refer to this tier model as the “BICSI model,” for the sake of convenience.

The BICSI model establishes five facility availability classes- F0 through F4.  These somewhat align, by the way, to The Uptime Institute’s tier classification model if you agree that the lowest level (only basic environmental and energy requirements) is implied.  While the specification of each tier level is articulated differently than that of The Uptime Institute, what we think is valuable to the enterprise is the process steps involved in reaching a determination of which tier level is appropriate for the business.  This is in contrast to identifying a business model from a list of characteristics that most closely match the enterprise.

Rather than four broad definitions of business characteristics, the BICSI model leads one through an analysis of the mission critical risk level for the business applications, an estimate of corresponding downtime (planned and unplanned), impact analysis of downtime, to arrive at the necessary facility availability class.  The standard document even includes a worksheet reminiscent of a simple tax form that one can use for each mission critical application in the enterprise to map against a corresponding facility class (availability tier).

Each of the BICSI model’s availability classes are defined in terms of four areas:

1. Component redundancy increases reliability by providing redundancy for critical, low-reliability components within the systems.
2. System redundancy increases reliability even further by increasing redundancy at the system level.
3. Quality control ensures that high quality is designed into the facility and thus reduces risk of downtime due to failure during initial installation or premature wear.
4. Survivability refers to reduction of downtime risk by protecting against external events such as physical forces, security breaches, and natural disasters.

Given that, the five BICSI availability classes are defined as follows (and we borrow from the BICSI-002 specification).

Availability Class F0

The objective of Class F0 is to support the basic environmental and energy requirements of the IT functions without supplementary equipment, with avoidance of capital cost as the dominant driver.  In this case, there is a high risk of downtime due to planned and unplanned events.  However, in F0 facilities, it is assumed that maintenance can be performed during non-scheduled hours and long downtime has very little impact on operations.

Tactics for Class F0

Component redundancy:        none

System redundancy:               none

Quality control:                      standard commercial quality

Survivability:                          none

Application:  A critical power distribution system separate from the general use power does not exist in this model.  There is no backup generator and no redundancy of any kind for power or air conditioning exists.

Typical facility performance characteristics for Class F0

Annual maintenance windows:    >400 hours

Target availability:                        <99%

Scope of impact:                          Local data center

Availability Class F1

A Class F1 facility supports the basic environmental and energy requirements of the IT functions, and there is a high risk of downtime due to planned and unplanned events.  however, in Class F1 facilities, maintenance can be performed during nonscheduled hours and the impact of downtime is relatively low.

Tactics for Class F1

Component redundancy:        none

System redundancy:               none

Quality control:                      standard commercial quality

Survivability:                           none

Application:  The critical power distribution system would include power conditioning, but no redundancy of any kind is used for power or air conditioning.

Typical facility performance characteristics for Class F1

Annual maintenance windows:    100-400 hours

Target availability:                        <99%

Scope of impact:                          Local or regional data centers

Availability Class F2

The objective of Class F2 is to provide a level of reliability higher than that of a Class F1 in order to reduce the risk of downtime due to component failure.  In a Class F2 facility, there is a moderate risk of downtime due to planned and unplanned events and maintenance activities can be performed during unscheduled hours.

Tactics for Class F2

Component redundancy:        provided for critical components

System redundancy:               none

Quality control:                      premium quality for critical components

Survivability:                          moderate hardening for physical security and structural integrity

Application:  In this Class, the critical power system includes redundancy in those parts of the electrical distribution system that are expected most likely to fail.  These would include any products that have a high parts count or moving parts, such as UPS, controls, air conditioning, and generators.  Additionally, it may be necessary to specify premium quality devices that provide longer life or better reliability.

Typical facility performance characteristics for Class F2

Annual maintenance windows:    50-99 hours

Target availability:                        99.9%

Scope of impact:                          Local, regional, or multiregional data centers

Availability Class F3

The objective of Class F3 is to provide additional reliability and maintainability to reduce the risk of downtime due to natural disasters, human-driven disasters, planned maintenance, and repair activities.  Maintenance and repair activities will typically need to be performed during full production time with no opportunity for curtailed operations.

Tactics for Class F3

Component redundancy:    provided for critical and non critical components, as well as to increase maintainability.  Redundancy is not provided where the compone is part of a redundant system already.

System redundancy:               may be  provided without component redundancy

Quality control:                      premium quality for all components

Survivability:                          significant hardening for physical security and structural integrity

Application:  The critical power system must provide for reliable, continuous power even when major components or subsystems are out of service for repair or maintenance.  To protect against unplanned downtime, the power system must be ale to sustain operations while a dependent component or subsystem is out of service.

Typical facility performance characteristics for Class F3

Annual maintenance windows:    0=49 hours

Target availability:                        99.99%

Scope of impact:                          all data centers, even some local data centers with high availability

requirements and low maintenance windows, may need to be Class F3.

Availability Class F4

The objective of Class F4 is to eliminate downtime through the application of all tactics to provide continuous operation regardless of planned or unplanned activities.  All recognizable single points of failure from the points of connection at the utility to the points of connection at the critical loads are eliminated.  Systems are typically automated to reduce the chances for human error and are staffed 24×7.  Rigorous training is provided for the staff to handle any contingency.  Compartmentalization and fault tolerance are prime requirements for a Class F4 facility

Tactics for Class F4

Component redundancy:    provided for all critical components and to increase maintainability.  Redundancy is also provided for noncritical components.

System redundancy:            provided with component redundancy so tha overall reliability is maintained even during maintenance activities.

Quality control:                     premium quality for all components

Survivability:                          all building systems are self-supporting in any event and are protected against the highest levels of natural forces.

Application:  The critical power system in a Class F4 facility must provide for reliable, continuous power even when major components or subsystems are out of service for repair or maintenance.  to protect against unplanned downtime, the power system must be able to sustain operations while a dependent component or subsystem is out of service.

Typical facility performance characteristics for Class F4

Annual maintenance windows:    0 hours

Target availability:                        99.999%

Scope of impact:                          multiregional or enterprise-wide data centers

One may notice that the availability class definitions touch upon the characteristics of the MEP infrastructure as well as the operational scenario applied to the facility.

This BICSI model does not directly map one-to-one with the tiers of The Uptime Institute model, but many comparisons are immediately noticeable.  In future articles, we will be drilling down on these comparisons in more detail.

We’d appreciate your comments and thoughts about the BICSI model, especially as it relates to your interest in the The Uptime Institute model.