DEG: the perfect host

The Data Electronics Group (DEG) was founded in 1974 as a field engineering-based business to install, integrate, maintain and carry out network administration for computer equipment used by airport and airline staff tending to key activities (including the tagging of bags and checking-in of passengers). Today, a lone division of DEG still provides field service support to SITA operations in Eire airports, as well as to Equant and Bloomberg Financial Services in Dublin, Belfast, Shannon and Cork.

In 1990, rather than setting up its own capability, Equant decided to outsource data hosting associated with its substantial financial services client base in Dublin. On the strength of winning this contract, DEG established its first customised – or as DEG prefers to call it ‘customer-centric’ – Data Centre at Harolds Cross, right in the heart of Dublin. Thus the core business of DEG as we know it today – data hosting – was born. This particular Data Centre was designed and set up to meet Equant’s own specifications, and remains a dedicated, ‘customer-centric’ Data Centre solely used by Equant and its clients.

Following a private investment round in 1999, DEG purchased a new facility in Ballycoolen, North West Dublin. Having invested in the initial fit-out of this 40,000 square feet facility, DEG and similar service providers then found the market slowed up considerably. Prior to this slowdown, Ireland – and in particular Dublin – had become a top location for many Data Centre providers, but the resulting ‘dot.com collapse’ created overcapacity, which then precipitated the decline of several Data Centre players.

This situation presented DEG with a further opportunity to expand its offering. In turn, the company was able to acquire the hosting infrastructure of the Wolfe Group in 2001, and then bought Inflow and its highly sophisticated Data Centre in Clondalkin, Dublin a year later.

Subsequent to the Inflow acquisition, DEG relocated its customers from the Ballycoolen facility to the new Clondalkin Data Centre at Kilcarbery Business Park (KBP). Today, this serves as DEG’s principal location and headquarters. As a result, the Ballycoolen Data Centre is available for service as an additional site. It’s ideal as a permanent, dedicated facility or for overflow/disaster recovery operations from KBP. DEG has also invested further in the KBP site, spending millions of Euros over the last few years to bring it up to scratch.

Daniel Tinkiel – DEG’s chief operations officer – arrived in January 2002, at the point when the full effects of the technology downturn were being felt in Ireland. During this period the data hosting and co-location services industries contracted rapidly throughout the country, from 25 suppliers in 1998 to just five by the end of Tinkiel’s first 12 months in post.

DEG made its primary goal to offer 100% Internet access availability. Now, the company’s focus is on the delivery of managed services as an additional layer of value to its offering using the knowledge, experience and service-oriented mindset of its engineers.

Environmental security at KBP

The temperature on the data floor at the KBP site is fixed at 20 degrees Centigrade, with 55% humidity. The overall environment within the Data Centre is constantly monitored for temperature and humidity levels. If the temperature on the data floor moves up or down by two degrees or more, or the humidity levels rise or fall by 5%, alarms are then automatically triggered. The situation will be investigated (and rectified) immediately by either the building management system or DEG’s on-site engineers.

Each chiller from the set of two has four compressors when only two are actually needed to provide sufficient cooling of the Data Centre. In practice, the compressors will be rotated to reduce the load on each. Maintenance contractors also conduct the regular servicing of each unit.

Air is constantly tested for particles. The smallest of changes in air quality will trigger an alarm which must then be investigated by DEG’s own trained fire officers. Any increase of particle levels can, for example, be an early indication of an isolated fire in a device.

Opitical and ionisation smoke detection units are situated right across all ceilings and voids (and under the floor) of the Data Centre. Further physical protection is offered through a very high specification fire prevention system that, on detection of any fire, pumps an inert gas from an outlet in the ceiling both under the floor and across the ceiling void. This gas reduces the mix of oxygen in the air from 19% down to 13%, at which point a fire cannot sustain itself (but people can still breathe, and there’ll be no impact on any equipment).

Three tiers of power

DEG achieves 100% power availability at the KBP site by having multiple 10 kilovolt feeds courtesy of ESB (Ireland’s well-known power supplier). To ensure that the power supply in the Data Centre is totally secure, the company uses two different suppliers of oil for the back-up generators just in case the mains electricity supply should be cut off.

Four PowerWare Uninterruptible Power Supply (UPS) units set in two pairs run back-to-back with an automatic by-pass control switch if one fails (thus there is no power ‘black out’ even if the second UPS goes down). Every bank of UPS units is backed-up by an independent generator. That means there are three tiers of power available which, together, provide maximum resilience for the Data Centre.

DEG runs a complex MESH network by way of ensuring total Internet availability. A full MESH network is a local area network (LAN) employing one of two connection arrangements. A complete MESH topology such as that deployed by DEG means that all nodes – switches and router devices – are connected directly to each other using redundant paths. The design offers greater resilience to the connection between devices.

Every customer has access to two high-speed data cables. If one malfunctions, Internet access is achieved through the second. More than this, the MESH is fully cross-connected and interconnected through three layers of switching and routing such that the MESH enables the optimum routing of all data packets based on the destination and the location of other data traffic at that time. The system not only provides 100% availability, but also maximises the speed of data transportation and delivery.

BT, Colt Telecom and Cable & Wireless all make use of DEG’s infrastructure, peering each other and sharing data traffic so that DEG’s customers are able to gain access to the optimum route and maximum speed for all of their data. Bandwidth provision to DEG’s Data Centre is rendered almost limitless by the fact that one of the two Global Crossing transatlantic data cables comes ashore close by, providing upwards of 17 Terabits per second (17,000 Gigabits per second) at source.

Over time, DEG has enhanced its service offering by building-in many value-added managed services covering the first six layers of what’s commonly known as the Open Systems Interconnection (OSI) Seven Layer Model, starting with physical (cabling) through data links, the network, the transport layer, the session and then the presentation layer. DEG now provides fully-managed services covering all these elements of the model.

For example, DEG offers managed services for popular operating system-embedded applications such as Citrix thin client solutions, Microsoft Exchange, Apache, Tom Cat (Linux), SQL-based databases and information security applications (including load balancing and firewall management). The company provides remote firewall management and administrative support to Cisco PIX and Nokia Checkpoint IP ranges of firewalls, regardless of location. For one client alone, DEG manages no less than 150 firewalls located around the globe, preventing problems like hacking, etc.

DEG also monitors the health of devices being used to store and transmit information in the Data Centre. Functionality within operating systems is used to check the performance of devices and the ‘environment’ in a given box.

The company employs Hitachi Data Systems’ storage devices. Hitachi Data Link Manager provides intelligence to ensure that a rapid decision is made, for which route data traffic should take if another channel becomes backlogged or fails completely.

Two storage units are equipped with RAID-1, RAID-5 or RAID-10 arrays operating in parallel, combined with virtual storage operation between the servers and both RAID arrays for real-time (or ‘true copy’) between two units. In other words, a total of four copies of data are held in real-time at any one moment.

Physical security solutions

External security at the perimeter of the KBP Data Centre is provided through CCTV cameras and a team of security officers who regularly patrol the Business Park. On entering the building, a second layer of security includes an in-house team that demands photographic identification from all visitors. This document must be left at reception in exchange for a pass to enter the building. DEG staff who have authorised individuals to enter the Data Centre must pre-register them on a log of visitors for that day, while also verifying that they are who they claim to be in the reception area before letting them go any further.

The building itself is divided into three types of zone – free transit, controlled and restricted areas – each demanding a different level of security. Regardless of clearance, any authorised visitor may pass through the free transit areas once they have announced themselves (and having provided the necessary identification to security staff).

To be in a controlled transit zone, visitors must first enrol in DEG’s hand geometry system. This works by measuring the width and length of each person’s finger, in addition to the size of the palm in three dimensions. This data is then ‘crunched’ into a specific single number that's totally unique to the individual. The system is even able to use an algorithm to adapt to certain ageing characteristics of each person’s hand.

There are a total of 16 IR Recognition hand geometry systems located at each entry point to all controlled and restricted zones. The systems are optimised to throw up the minimum number of false acceptances and false rejections. Visitors are only allowed to visit the restricted areas of the building – like the Meeting Room – if they are accompanied by a high-ranking officer of the company.

The cabinets housing customers’ servers are locked, with all keys held in the Network Operation Centre (or NOC, the highly-secure ‘nerve centre’ of the building). Cabinets may only be opened by senior members of DEG’s staff when in the presence of authorised customers or their contacts. Some customers demand additional physical security in the form of high-specification caging around all of their equipment so that no-one can be close to it without permission.

Moving towards IP security

Over 60 network cameras supplied by Axis Communications (UK) cover all entrances, and are positioned to provide full coverage on the Data Centre floors. One camera is trained on the front of the server cabinets that run in rows along the centre of the building. A second covers the backs of all cabinets on site. All of the 210 Series cameras installed on the Data Centre’s first floor collect six frames per second on motion such that anyone entering restricted zones will be recorded for the duration of their stay.

Ultimately, the intention is to replace all of the old CCTV cameras with new network models but, to date, 32 analogue-based cameras remain in situ on the ground floor and for monitoring the building’s external areas. These cameras provide images through two CCTV multiplexers to two 241S video servers (again supplied by Axis) that digitise and transfer video data via two Allied Tellesyn 8350 Gb, 48-port IP switches. These are interlinked through a fibre optic backbone using high-speed UTP to an Intel Dual Xeon 9.6 Terabyte server, which holds all of the video surveillance systems' output.

A 24-strong hard disk drive 3Ware RAID device ensures additional reliability at the data level. All images are collected at six frames per second, and retained for 30 days.

It’s interesting to note that none of the cameras are viewable by customers or staff on a remote basis. Clients of the Data Centre must visit the building if they want to view the facilities set aside for them. They are not allowed to view anyone else’s hardware, though. Any breach of that rule is a breach of contract, and could lead to that customer’s relationship with DEG being terminated.

DEG moved to IP because Tinkiel and his team recognised some key benefits of doing so. First, the quality of rendered images from the new cameras makes it possible to be sure of identifying all individuals caught on camera. “This is vitally important for us if we need to involve the police in taking action to arrest anyone following an incident,” states Tinkiel. “Thankfully, no such incident has arisen to date. Maintenance of the system is also far easier. We had persistent connection problems with the co-axial set-up. They’re gone now.”

Tinkiel keeps all of the recordings on a dedicated server that runs on a totally separate network. By running the surveillance system on a separate network, additional resilience is assured. There are no bandwidth constraints affecting overall system performance.”

Total migration over time

Tinkiel then explains why, through time, he wants to migrate the entire surveillance system to IP. “I have always been a firm believer in the convergence of all technologies over time,” stresses Tinkiel. “Voice, data, video... Everything should be transported and stored using IP-based technologies and protocols. The more diverse technologies and networks you have in place, the greater the burden of maintenance and upgrade. A single IP network infrastructure is the way forward.”

The decision to ‘go IP’ was made even easier because Tinkiel decided to implement integration with other security systems including access control solutions. Without all systems running on IP, this sort of integration becomes much more difficult and expensive.

During the renovation of the site, when the network surveillance system was put in, DEG was able to reduce the number of racks devoted to video surveillance equipment from three to just one. The surveillance system is now much simpler, more manageable and – most importantly – produces better images.

Milestone XProtect Enterprise Version 5.0 is being deployed to view all rendered images. Some add-on functionality courtesy of Matrix View enables a number of cameras to be viewed simultaneously on a desktop-based split-screen in the NOC, or on the large plasma screens that dominate this part of the building.

DEG selected network and storage integration specialist Encom to help specify, install and configure the new IP surveillance equipment. Encom engineers already had a strong background in network design and installation (including remote access and wireless technologies). This expertise was absolutely key when being brought up to speed in the area of IP surveillance.

Encom was appointed by Tinkiel as a sub-contractor to the main contractor back in March last year, with the total refit of the building being carried out at an estimated cost of 17.8 million Euros.

For DEG, IP surveillance has provided an important additional level of physical security at the KBP Data Centre. The fact that the network cameras installed offer the potential for integration with high specification hand geometry-based access control makes this a future-proof investment for the client.