Escape from Data Alcatraz

nihilist_1137 writes "Zdnet is reporting on a new information facility that is built to surive the worst.Triangular in shape, two of the sides house offices while the third, a large rectangular block if taken in isolation, contains two data centres, as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion."

Foreign Invasion?

[InfinityWpi]

"Remember thealamo.com!"

Seriously, though... you're saying they can stand up to repeated shelling by artillery? Or infantry-placed demo charges? Or anything else an invading force is likely to have?

WHY????

If you're being invaded, you've got more important things to worry about than if your company's web site will stay up!

The other half of this is: What if the invasion is an invasion of illegal immigrant workers? Can this thing survive having a janitor who's been slipped a hundred bucks (three weeks pay) to pull out a wire here and there?

Re:Foreign Invasion?

[linzeal]

At a certain datacenter facility which will remain nameless we had repeated attempts and successes of theft. All the cases that were eventually resolved were shown to be IT workers, yet everything was blamed on the janitors who were "decontracted" over and over to the point where they had to pay people to travel in excess of 60 miles to clean the place.

Want to know how we caught one of the fuckers? Get some "Super Phosphorescent Pigments" make sure its NONTOXIC and coat thinly an item that has been stolen in the past and put it in a place where it is easily stolen with no video cameras. Install blacklight in a cubicle, wait till object is taken and invite people to come over and look at it with a blacklight poster. The thief is the one with the glowing hands.

Re:Foreign Invasion?

[ZPO]

Simply from the physical construction and security perspective:

EXTERNAL---

1 - Parking lot is too close to the building (a reasonably sized car/truck device could do serious structural damage.

2 - "ram proof"??? Not hardly. I don't see a double berm system. Some of those nice decorative tree planters that are actually 2 foot thick reinforced concrete might help

3 - No view of the perimeter. Does it have a ditch, double fence line, k-rails to require a zigzag entrance.

(plenty more)

INTERNEL ---

1 - From what I can see all conduits are directly attached to unistrut on the ceilings. Big problem if you take a good shock to the building (ie - it's rigid)

2 - Equipment is not isolated by springs/rubber mounts from the floor. Same shock damage possibilities as above.

3 - No water collection trough around the sides of each room. I don't see floor water sensors either.

4 - Water drip pans under all chilled water and condensate lines.

5 - *1* generator? For the cost of the facility it would have been a pittance to go with two and have full redundancy when running on local generation.

All in all it's a decently engineered place. It just needs the final touches...

Re:Foreign Invasion?

[RPayne]

WHY????
If you're being invaded, you've got more important things to worry about than if your company's web site will stay up!

Well, for one thing, not every web site is a .com web site selling something to the populous under attack. For another, there are businesses that maintain financial and other resources that are needed to fight back in the event of an attack. Information is also a currency, even excluding the 'financial' markets, in the current world.

As to the point of:
What if the invasion is an invasion of illegal immigrant workers? Can this thing survive having a janitor who's been slipped a hundred bucks (three weeks pay) to pull out a wire here and there?

Do janitors making a hundred bucks in three weeks have access to your data center? One would hope that since the physical access to the data center is at least as important as the network access to it, the only people cleaning up in the data center are those that are being paid, and therefore have accountability for, maintaining the integrity of that data. Are you aware that the people with the highest clearance requirements in many of the government facilities, at least in the U.S., are for those responsible for the trash and cleaning of those facilities? Who is more capable of walking off with a garbage bag full of papers, the person working in the cubicle with no printer, floppy drive or outside net connection, or the person paid to separate and carry out bags of trash?

Re:Foreign Invasion?

[dattaway]

Artillery? Why worry about carnage when the pen is mightier than the sword. Our laws will wipe out any data center with a series of lawsuits, lobbying, and consitutional rights fiascos. Bombs will be welcome when the lawyers get done with the victim's site.

Re:Foreign Invasion?

[SpacePunk]

That generator has to get oxygen from somewhere. Find the pipe, stopper it up, and kill the engine.

-

Re:Foreign Invasion?

[MisterBlister]

Why not just try installing a video camera in a concealed location?

I'm no lawyer, but I don't think the "glowing hands" argument would stand up in court.. How do you know the guy didn't just touch the coated box, previous to it being stolen? Unlikely, perhaps, but perfectly plausable.

Re:Foreign Invasion?

It doesn't have to stand up in court. Just threaten to turn the thief in unless she returns the stuff. Then, fire her.

Re:Foreign Invasion?

[-=OmegaMan=-]

I would have personally opted for a less Scooby Doo-esque method, like the previously mentioned video cameras or the newly discovered "Security Guard," but, whatever gets ya goin.

If you really wanted to get crafty you could have used TOXIC glow in the dark paint, then, when someone died in their cubicle, WHAM! Hit em with the black light to determine if it was natural causes or theivery.

Re:Foreign Invasion?

Fuck it. We know there are 3 pipelines coming out of it, let them bunker down and work on their systems. We can just kill the pipelines. You ever see a man with no arms or legs, they just kinda sit there.

Re:Foreign Invasion?

[linzeal]

The problem was manifold. The managers did not want to spend money on another security guard and employees rebelled at the thought of losing their "privacy" to security cameras. The only major breach of security could of been prevented with a 60 year old physical security guard when 6 arab men almost made off with a M40. The thing was 10 feet from the door when the person monitoring the cameras finnaly wised up and realized they were not supposed to be there. Only then did we get physical security after 9:00pm (when you need it most).

Re:Foreign Invasion?

[MrResistor]

IIRC, silver nitrate works pretty well. It's clear, but stains skin blue. The stained can't be washed off, you have to wait for the stained skin to come off naturally. Of course, you don't have the thrill of that moment of realisation, but you don't need a blacklight either.

Re:Foreign Invasion?

[mpe]

"ram proof"??? Not hardly. I don't see a double berm system. Some of those nice decorative tree planters that are actually 2 foot thick reinforced concrete might help

Also depends what they were thinking of it being rammed with I'm sure the people who built the Pentagon thought it was "ram proof".

Re:Foreign Invasion?

[dattaway]

I noticed ONE generator. Need redundancy, even if you do have lots of batteries and UPS supplies. And generators do fail. That generator will supply power for months or weeks, not hours like batteries will.

I used to work with a generator similar to this and hope they have a good service contract with mechanics on site just in case. Ours was an emergency backup generator and used sparingly for electrical surplus curtailment (when the electric company runs out of power for peak demands and tells us to curtail usage unless we want to pay large fines.) Well, after a year, it tossed a valve through the cover. The next year, the shaft from the 2800hp CAT twin turbo to the Marathon 1.6MW 480 volt three phase generator broke. Sheared the shaft in two from cracks due to undamped vibrations. Both times, we were in the dark.
Generators, especially ones over 1MW are very large machines and are subject to catastrophic failure. Redundancy is recommended.

Re:Foreign Invasion?

What would /bin/laden/ want with a backbone router? Talk about your DOS.

Re:Foreign Invasion?

[revclyde]

My ISP has a decently engineered building (recently built). Read about Magma's Internet Data Centre.

Of course, something not mentioned in the promotional bits is that whenever the system goes on emergency power, the diesel generator is switched on, and fuel trucks are dispatched (flashing lights and blaring klazons anyone?) to the site for in-use refueling.

Re:Foreign Invasion?

[DrSpin]

You have missed the point

They are waiting for Bin Laden to download the plans, and then they will go and get him.

Re:Foreign Invasion?

Any data centre that does not have all its servers and equipment securely caged where janitors can't get at them *and* a procedure that guarantees an audit trail of who had access to which cabinet and when, does not deserve to stay in business.

Re:Foreign Invasion?

[redcliffe]

All the invaders have to do is cut the data lines going out to the internet. Simple!

Re:Foreign Invasion?

[ozbon]

I think you mean "the problem was manifest" - I could be wrong, but I don't think manifold means what you think it means, senor...

Re:Foreign Invasion?

I wack off with Toxic glow in the dark liquid all the time. I would have been wrongly accused.

Re:Foreign Invasion?

[linzeal]

manifold (mn-fld)
adj.
Many and varied; of many kinds; multiple: our manifold failings.
Having many features or forms: manifold intelligence.
Being such for a variety of reasons: a manifold traitor.
Consisting of or operating several devices of one kind at the same time.

One Problem

[docstrange]

If we all die from nuclear fallout who will reboot the NT servers?

Re:One Problem

[xZAQx]

Oh, now THAT's funny. Mod parent up.

Re:One Problem

[analyst99]

If we ALL die, will anyone be around to care who will reboot the NT Servers ?

Re:One Problem

[TheGreenLantern]

The NT admins, of course. Total global destruction is no excuse not to wear your pager on the weekends, mister!

Re:One Problem

[ThatComputerGuy]

If an NT server crashes in the forest, will anyone give a damn?

Re:One Problem

[rastachops]

The spambots ;)

Re:One Problem

[psych031337]

If we all die from nuclear fallout who will reboot the NT servers?

And who will use the various Unix and Linux derivates when we are all dead, but they don't fail. Might this be the beginning of digital evolution?

Re:One Problem

[jeffy210]

Just put it behind some drywall and stick NetWare 3.1 on it... garunteed uptime

Re:One Problem

Install Netware before or after the drywall is up? Netware being a fungus I guess can survive on decomposition if the power goes..

Re:One Problem

NT admins are like cockroaches. They will survive any disaster. Stomp on one, two more pop up.

Re:One Problem

[thedbp]

It'll be the same NT techs - they're much more like cockroaches than you might imagine. they're stupid, determined, move in groups, supplant any intelligent life through suffocation, and will more than likely outlast real humans.

Re:One Problem

[Talanvor]

And who will use the various Unix and Linux derivates when we are all dead, but they don't fail. Might this be the beginning of digital evolution?

Nah, a Linux box will float to the bottom of the sea asking the blue faerie to come alive. Then these half-assed looking aliens come down and explain that cloning doesn't really work because the Universe said so.

Re:One Problem

[mobets]

they were robots... :)

I don't care...

[7608]

I don't care if it was built to withstand a direct nuclear attack... give me FIVE customers from the last helpdesk I worked at, and I'll make sure the place is reduced to rubble by day's end.

Never Underestimate The Power Of Human Stupidity.

Re:I don't care...

By direct nuclear attack I am guessing that they are saying that the device can be set off in the parking lot and they will survive. Does anyone else think this is not likely? Unless they are buried several hundred feet below the ground and I missed that in the article.

Primary Concerns at Defcon 1

[supertedusa]

Thank god that freecreditreport.com and anything associate with the X10 camera would still be available if a nuke wiped out my neighborhood.

Secure vs. Secure for Real

[webword]

I read the article. It is fine. Plenty of interesting points and all that jazz. However, I have the ask the obvious questions: Is it secure from hacking? Seriously. I read the article and it seems like a physically secure place, but is it secure electronically? From "real" attacks? From the kinds of attacks that happen all of the time?

(start sinister laugh)
I can just see some script kiddie taking the place down. That would be too funny.
(end sinister laugh)

Re:Secure vs. Secure for Real

[Ravensfire]

Ahh, but that's probably not their concern! The clients, who are using the machines, should be responsible for the electronic security of the machines. This facility covers the physical security of the machines.

Re:Secure vs. Secure for Real

[morcheeba]

You're right. amazing. not a single mention of electronic security, unless you count the oh-so-high-tech physical access cards. Sure, they have redundancy, but what about backups? I'd love to hear about a company deploying some high-tech data security measure.

Admitedly, some of this extra security is left over from when the building was a traditional bank vault. But, did money really need armored cooling towers? Did they add those on for the computers? Is armor going a little too far, or since the rest of the place is a vault did they feel that they had to keep up the image?

Don't they have editors at ZDNet?

[ptrourke]

Built initially to house currency, the Hostworks data centre in the suburb of Kidman Park, Adelaide is a tribute to the profligacy of Timothy Marcus Clark, [snip] Nestled in a semi-industrial area, with minimum road signage, it is at once unassuming, virtually impenetrable and to this day an inspirational feet of excess engineering.

Unassuming feet? What, size 5 1/2 D?

Re:Don't they have editors at ZDNet?

Don't they have editors at Slashdot?

That should be 36DD, since those are the only sizes we really care about. Feet? Who cares! Let's talk about boobies!!

Where are the pictures?

[MattRog]

It would be nice to see a couple pictures of the interior like most data centers, even if it is a secure area. At least maybe some flash animations. :(

Re:Where are the pictures?

[zmokhtar]

Here you go:

Pictures of Hostworks

All That Money...

[AixGE]

"And, of course, we spared no expense with our software, either: We installed the latest versions of IIS, Windows XP and Outlook on every machine in the datacenter to make absolutely sure that no one can get unauthorized access to anything on our servers! Everybody knows that software you pay a lot for is more secure than that free stuff. Microsoft says so!"

Odds..

[dj28]

I would much rather have a data center that concentrates more on getting patches and other server-based security issues applied rather than chasing the very slim chance of a foreign invasion. I think it's more likely for someone to crack my colo than it is for a fire to melt it.

Re:Odds..

[davidesh]

"Hostworks takes complete responsibility for the provisioning and management of the operating system environment, in line with the SLA for each customer. This includes responsibility for appropriate deployment of patches and configuration changes. Hostworks continuously monitors public and manufacturer supplied information sources to ensure that performance and security are maintained at the highest possible levels"

Re:Odds..

[Genjuro+Kibagami]

Hmmm, it's not actually, check the current massive firestorms in .au, these are not uncommon over here.

Assuming you're a decent admin, a firestorm burning shit up is much more likely than you having one of your machines cracked.

link

[davidesh]

http://www.hostworks.com.au/datacentre_tour.html

let's see if it can withold a /.'ing

Smoke on the Water

[baby_head_rush]

Some stupid with a flare gun burned the place to the ground.

Interesting...

[Ricky+M.+Waite]

"The Ministry of Truth -- Minitrue, in Newspeak -- was startlingly different from any other object in sight. It was an enormous pyramidal structure..." [George Orwell, 1984]

Kinda scary.

Re:Interesting...

not really. orwell was most certainly talking about a pyramid with a four sided base, like the ones of the giza plateu. not to mention the fact that this building is not a pyramid at all, but rather a triangular shaped building with vertical sides anda more or less flat roof.

Build redundancy with distribution

[Genady]

Yeah, very nice. However if you're big enough to house servers there you should be big enough to have servers in multiple smaller/less available locations and have Akamai or some other internet wide distributed provider load balance between them.

Looks like a big basket to me. Would you put all your eggs there?

Who does THIS sound like?

[Unknown+Bovine+Group]

Built initially to house currency, the Hostworks data centre in the suburb of Kidman Park, Adelaide is a tribute to the profligacy of Timothy Marcus Clark, former head of the State Bank of South Australia. Nestled in a semi-industrial area, with minimum road signage, it is at once unassuming, virtually impenetrable and to this day an inspirational feet of excess engineering.

I think Jon Katz has taken a pseudonym!

Missile Silos

[Alien54]

I actually prefer Missile silos for ulitmate security.

Remember, we now have to deal with the possiblity of using large aircraft as weapons :-(

and Silos are designed to take pretty heavy hits and physical attacks.

Invasion??

[DAldredge]

I am SURE that this building can survive a hit by a 2,000 pound bomb or a daisycutter. This is not the 1800's, the invaders would have enough weaponry to level this building...

Re:Invasion??

[onosendai]

Ah, but what you have to remember is 'security but obscurity'.

Geographically, Adelaide is the least likely mainland city that would be attacked in time of war (Darwin & Perth are major ports, Melbourne & Sydney are large finacial centres and Brisbane is strategically well-placed for control of the South Pacific), and that Australia is still one of the more remote 1st world counties.

Militarily, even though we may send our troops onto foreign soil from time to time (Timor, Somalia, Afghanistan), there's been no _real_ military threat to mainland Australia since WW2 when the Japanese bombed Darwin, and 'sailed' submarines in to Sydney harbour. Also consider that the only countries that have the ability to send that kind of attack (consider distance, weaponary etc) are considered our strongest allies (US, Britain etc)

Adelaide seems an ideal place to locate a facility like this, we're manuervering ourselves as the e-capital of Australia (Motorola's SE-Asia HQ, EDS, a 802.11b network over the inner city's tourism precinct) and we're on top of some major pipes that span the country (not to mention the fact there's some very eager CS/IT graduates coming through who'd love to play in a place like this (; )

Re:Invasion??

[Wild+Wizard]

just to add to that military invasion bit
there are 2 ways for a foreign power to get to Adelaide
1. Through the entire country (Dumb)
Fight through the entire country to attck 1 facility why bother
2. Via the southern ocean (Even Dumber)
while invaders are bouncing in the waves the RAAF gets them with anti ship missiles from the fleet of orions which are based in Adelaide

What for?

[chrysalis]

This is nice, but it protects a single point of failure. If you want to take these servers down, just attack the provider they depend on...

Re:What for?

[jred]

You mean providers. I think they said they have 3 distinct providers. 3 pipes, at least...

Re:What for?

[davidesh]

http://www.hostworks.com.au/networks.html

2 Connections to Telstra and 2 to Optus at different exchanges

"Hostworks Control Centre features over half a gigabit per second of connectivity. This is delivered via four high capacity divergent path links connected to Optus and Telstra.

As a matter of policy, Hostworks ensures that it always has four times the capacity of its peak traffic loads."

Re:What for?

[Genady]

Even with three providers that doesn't assure the absence of a single point of failure. Even assuming that the telco dmarc's are located in different parts of the building, do those com lines come in from the same central office? Or do they eventually take a identical path somewhere?

Company I worked for used to have 5 different providers that came into their data center at different points and they called this good redundancy. Until the day when a barge clipped all 5 lines going under a bridge on the Mississippi.

Re:What for?

[SerpentMage]

Exactly. The problem with this kind of thinking is that it is mainframe thinking all over again. The key to keeping things up and running is to make it redundent.

I find it so sad in the information world we keep thinking single data point and single information point. And people keep thinking things like FreeNet, GNUTella, etc are just "copyright" violators. In fact they are the future of the Internet. But the suits would much rather sell single point of failure systems.

C'est la vie, maybe one day

Re:What for?

[foobar104]

http://www.hostworks.com.au/networks.html

Remember back in 2000 when an accident took out a huge fraction of Australia's international bandwidth? Better make sure those "divergent path links" don't just end up in the same undersea cable....

Re:What for?

[Wild+Wizard]

thats only 1 of the links used by 1 of the providors (Telstra)
Optus dosent use that cable at all and is the other providor used
2 providers using 2 cables plus the other links they both have

Good Investment

[Rebel+Patriot]

At first this seems almost like a joke. Who would invest this much time and energy into such a fortress just to house data? Well... banks for one. Imagine banks from around the world storing their data here in a highly encrypted form, updated at least daily. it would require alot of bandwith to say the least, but wouldn't that security be worth it to investors?

Less crucial information that needn't be updated regularly could find a home here at a discounted price. Take for example, building plans. Every city, county, and State in America has a plan somewhere for every building its ever built that lists (among other things) the locations of all wiring and plumbing. This isn't terribly confidential information (though it very well may become so for large buildings with a realistic threat of terrorist attacks) and could be modestly encrypted with read access only granted to the owner.

Copyright owners might be interested in it as a way of saving back-ups of their paper-work that cannot be destroyed by some freak accident.

I for one don't like these ideas because they represent too many eggs in one basket. When information security is required, it is my personal belief that having it stored in a known location that every hacker in the world would drool over to get inside is a bad idea. History has shown, however, that not everyone (indeed few people) listen to me.

Re:Good Investment

[cnkeller]

This is a great idea, but who cares if the servers are physically sercure if the communications lines and/or softare running on the servers isn't? I wonder what the capacity for point-to-point fiber is (running under the assumption that fiber is difficult if not impossible to splice in the middle).

Re:Good Investment

[Nelson]

Has a bank's data security been compromised lately?
That's how I'd temper the worthiness of something like this.

Re:Good Investment

[2Bits]

Copyright owners might be interested in it as a way of saving back-ups of their paper-work that cannot be destroyed by some freak accident

That's easy. Publish it on the usenet. Short of total Earth destruction, that piece of work will never get lost.

Re:Good Investment

[Chanc_Gorkon]

One more place where you would WANT this is a hospital. They have to work through tornados, hurricanes, Earthquakes and everything. Sometimes a server being up or down can save someone's life! ALOT of hospitals in Florida have this kind of a Data Center. NO single points of failure...EVER. Be it air conditioning, power, internet, computers, water supply and even food. Yes even FOOD. Remember admins and operations folks need food especially in a danger type situation (you'd have you folks come in before if you know a hurricane is going to hit....besides the center is safer then your house anyway).

Re:Good Investment

[actappan]

Banks don't tell us when their security has been comprimised. If they did, no one would ever put any money there. Of course some have been comprimised - but you'll never hear about it on the five o'clock news or ever idiot in america (and pretty much every where else) would be franticaly packing wads of cash into coffee cans to be burried in their back yards.

Re:Good Investment

[MindStalker]

What? are you kidding, we've already lost HUGE chucks of old usenet. Its taken major work to find them again and put them online in archives. Usenet is not permanent by no means, things get old is simply dissapear frequently.

Re:Good Investment

[monkeydo]

In the US, banks are robbed at the rate of about 8,000 a year. Assuming most of these happen during the time the bank is open that's about 2 bank robberies an hour somewhere in the US. I'd call that a breach of security. So, how many bank robberies have you seen reported in the news lately?

Re:Good Investment

[Chanc_Gorkon]

Where in HECK did I say anything about USENET in my post?? Why don't you try reading the post before replying.

Re:Good Investment

Banks don't tell us when their security has been comprimised. If they did, no one would ever put any money there. Of course some have been comprimised - but you'll never hear about it on the five o'clock news or ever idiot in america (and pretty much every where else) would be franticaly packing wads of cash into coffee cans to be burried in their back yards.

Just to let you know, I work in IT for a large US bank. I've been here for four years, and there is not a lot that someone form the outside can do to compromise our data security. Branches are still on proprietary circuits; all internet traffic to or from the branch banks must come and go via two giance data centers in different cities. Each of those sites have triple firewalls with DMZs... and trust me, they watch that stuff closely.

All incidents (since I've been there) regarding fraud have been internal; most by unimaginative tellers who get caught at the end of their shift because of the nasty habit the managers have of double-checking all balances.

Customer data being taken usually only happens when someone hacks our ouside vendors we use for credit checks and check ordering.

Re:Good Investment

[MindStalker]

Thats weird, I posted this in reply to the guy who said "That's easy. Publish it on the usenet. Short of total Earth destruction, that piece of work will never get lost." I don't know how it got attached to your comment :(

History

[legLess]

Remember the Maginot Line? Impregnable? How easy was it to get around that? Data is useful in direct proportion to its accessibility - cut the connections into this place and it's toast. No frontal attack necessary.

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

Still, it sounds like a cool place, and probably has a better climate than Sealand :)

Re:History

[Geek+In+Training]

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

Right you are, but of the giant space they've already allocated for racks, how much is currently used, like 5%? Your comment seems to assume that 100% of their racks are already full.

I'd imagine they set up a giant space for 24 months worth of business growth to fit in, and put in a contingency for 300% above *that*. That way they can see how the demand acts over the next year or two, and react accordingly by adding more physical space.

That's just my SWAG*, though.

*For newbies, that's "Scientific, Wild-Assed Guess."

Re:History

How easy was it [the Maginot Line] to get around that?

It was very difficult to get around. Germany had to attack and subdue an entire country (Belgium) before they could attack France. The Maginot Line was a stunning success. It kept Germany from directly attacking France.

Re:History

[dillon_rinker]

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

You seem to be implying that the physical space required to store data doubles...that doesn't seem reasonable. I've seen top-of-the-line IDE hard drive capacity grow from 2.1GB to 100GB in my 5 years in this industry; I'd think the amount of physical space required to store data could actually shrink over time, even if the amount data is doubling every couple of years.

I am, of course, talking through my hat, as I've never managed a large data store. Let me know if I'm drawing all the wrong conclusions...

Re:History

Germany's attack through Beligum was merely a diversionary maneuver to lull the French into thinking that they would be fighting the war they had prepared for -- A replay of the WWI Schleiffen attack with static trench warfare on France's northern frontier and with much of the carnage occurring in another country ( Belgium ). The attack that broke Frances back was a concentrated armor attack through the Ardennes Forest ( between Belgium and the northernmost extent of the Maginot-line ) which the French had assumed to be impassable to a modern army, and against which they had made no preparations.

The Maginot Line was a horrific failure because of the false sense of security it instilled in the French high-command, and because its tremendous expense ($$$$$) prevented France from fielding a modern defense. The way in which air-power and armor rendered the tactics of the previous war irrelevant was central to German military thinking and ( apparently ) completely lost on the French. The Spanish Civil War was the proving ground for Germany's stuka & panzer blitzkreig strategy, but if anyone in France noticed, there was not enough money available after building/maintaining the Maginot line to do anything about it

Re:History

[jrp2]

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

I don't know, in the last 12 months my guess is ISP datacenters (Exodus and the like) have been shrinking, along with their customer base. I go to one of Exodus' datacenters in Santa Clara about once a month to maintain our server rack, the place is getting emptier and emptier every time I go.

Good backup solution, bad availability

[xn2]

Triangular in shape, two of the sides house offices while the third, a large rectangular block if taken in isolation, contains two data centres, as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion.
Let's see... a Web site is a certain machine to which people connect, if you can't connect to it it's useless. You don't need to bomb the place, you just need to cut the fiber coming out of the building...

Re:Good backup solution, bad availability

[zachhendershot]

This ladies and gentlemen makes perfect sence to me. There are just too many weaknesses in our communication fabric to justify this sort of protection for a simple server that relies of this very fabric.

Re:Good backup solution, bad availability

[susano_otter]

This ladies and gentlemen makes perfect sence to me. There are just too many weaknesses in our communication fabric to justify this sort of protection for a simple server that relies of this very fabric.

I imagine that if the thought would occur to someone so prone to grammar, punctuation, and spelling mistakes, it has probably also occurred to the designers of the facility. I imagine also that they have taken steps to address this issue, and that most of their security is, in fact, not publicy documented.

Re:Good backup solution, bad availability

[zachhendershot]

You have made an excellent point, sir.

Re:Good backup solution, bad availability

>>and that most of their security is, in fact, not publicy documented

When will these people learn that security through obscurity won't work :)

Re:Good backup solution, bad availability

[Amazing+Quantum+Man]

But that's security through obscurity!!!!

They should publicly document all their security measures, using an open documentation license, so that everyone could examine the security for flaws!

you want safety for your data?

[Stone+Rhino]

I got your data safety right here. They answer to nobody, since they have their owm government.

Re:you want safety for your data?

[fishbowl]

>They answer to nobody

Oh, they'll answer to the United Kingdom (of Great Britain and Northern Ireland)
alright, just haven't been asked yet!

When she asks, she'll be asking nicely, with a cruiser and harriers just in case she gets the wrong answer.

Re:you want safety for your data?

Damn straight mate!

Re:you want safety for your data?

Imperialist poofter.

Your silly little island is going to get more and more isolated from the continental superpower we're building right now.

Re:you want safety for your data?

Nice Fake, isn't it?

Look at the picture: http://www.sealandgov.org/images/sealand_sm.jpg

Physically securing data

[richie2000]

I was close to being in charge of a small-scale version of this concept last year (financing fell through) - we had the bunker/air raid shelter staked out and all. We were going to offer secure web hosting but mostly going for the off-site data backup and storage market - kinda like an underground Sealand, without the AAA. :-)

Size Matters

[HardCase]

There was a very good point that was pretty much glossed over in the article.

What happens if they outgrow their facility? I mean, what they have seems pretty well designed for anything short of a war, I guess, but how do you cope with success?

Then again, I guess the obvious answer would be to build another one, assuming that growth==success==more money (although I'm not so sure that I'd assume that!)

They claim room for 300% growth, but still...it certainly sounds like they're virtually the only game in town...er, on the continent. Is 300% enough?

-h-

Re:Size Matters

[Segfault+11]

Well, it depends on what the original size was...

Short on details but interesting...

[bteeter]

The article is pretty high level, but interesting none the less. I'm skeptical that is really as secure as they say it is. It would seem that any building which relies on outside connections would be vulnerable if those connections were cut. Not to mention that the air towers that were mentioned could be closed off, etc.

It seems to me that the best defence would be geographically distributed datacenters synced up on a regular basis. Of course you would have to deal with data syncing, and perhaps a master-slave relationship amongst the datacenters, but these are relatively simple problems to solve, compared to preparing for a nuclear or other attack...

Take care,

Brian
--
Only a few Free Palm m100's left...
--

But can they.....

[JumboMessiah]

survive a direct attact when the ditch witch I rented three hours ago cuts through all the fiber conduits down the street.

Looks nice, but...

[inerte]

... traditionally, data is not cracked by attacking its physical form. Kevin Mitnick :-) always said the easier way to get information was only some small and simple conversations with people who work where one wants to crack.

"So, where do you go on vacations? Are you married? What's your spouse's name? What's your favorite sports team? Any music style preferred?", etc...

um what if....

[booyah]

oh say someone decides to crash a couple of 767's full of jet fuel on it......

You have to consider the extremes that someone may go to to take out what every may be hosted there nomatter how short term it would be...

Or in a more realistic world a good ol DDOS attack... Or your bandwidth carrier goes under....

the world is a harsh place for people who claim to be secure

Big Deal

[SiliconJesus]

Most 'good' datacenters have the same things. Multiple connections to power, water, electricity - good physical security et al. I've worked at and visited many datacenters, and nothing here outside of the ability to withstand explosives is all that different from anything else I've seen stateside. The big difference is that they're dumb enough to advertise it.

I'm glad ZDNet has the time to waste on stories like this. Physical security is nothing without a secure network to run in. All the `dead man zone's` in the world mean nothing if it isn't backed up on the network side by a good solid firewall.

Re:Big Deal

[Peaker]

And software security is nothing without physical security.

Besides, a firewall is not a solution, a pure capability system like EROS or Vapour is.

Cheap geographical redundancy, not $$$ gimmicks

[EaglesNest]

When I worked the overnight shift at one of Qwest's many hosting centers, I loved to give early-morining tours. We'd impress everyone with all our layers of redundancy. The more expensive a system, the more impressed our tourists would be with it. Still, having three different diesal engines - each the the size of a locamotive, or having triple UPS protection, or dry localized fire-retardent, or triple redundant air conditioning and filtering, or three different OC-48 lines isn't the most important thing about redundancy.

By far, the cheapest and most effective method of redundant systems is to just safe your money and not buy fancy equipment for one place, but to spend it on cheap equipment is several places. That way, who cares if someone takes out an entire hosting center, leaving only a 100 ft dep crater. You still have servers running in California and Asia.

The Domain Name System doesn't rely on a huge Fort Knox-like system. It simply has 13 (?) different places throughout the world where amazingly cheap (for its importance) equipment resides. Even if North America sinks to the bottom of the Ocean, DNS should still happily resolve.

Expensive (but impressive) measures are not the answer to reliability. Geographic diversity of cheap systems is the answer most most applications. Today, we have incremental transfer protocols such as rsync that will even transfer massive databases back and forth by only sending the changes. It's largely marketing, unwarrented by technical considerations, that make companies spend so much money on these extra sigmas of reliability.

Re:Cheap geographical redundancy, not $$$ gimmicks

[monkeydo]

This isn't really insightful. There are quite a few posts here talking about the foolishness of puuting all of one's eggs in one basket. This may be true for real eggs and baskets, but in the world of data centers, not quite so.

Imagine at the two extremes, this secure facility and a small building in an industrial park. For the cost of this facility you could build many smaller less secure facilities, but each of them would be trivially destroyed.

While it is certainly true that three secure hosting facilities is better than one secure hosting facility, one secure hosting facility is still better than three less secure ones.

Geographic diversity of cheap systems is the answer most most applications.

A server that costs one third as much and fails three times as often isn't a bargin. Even if said cheap server only fails twice or one and half times as often you will still end up paying more in the long run.

As for DNS, I believe that the root servers run on E10K's and similar, if you consider that equipment cheap then I's like to have your job.

Re:Cheap geographical redundancy, not $$$ gimmicks

[paranoidia]

This is a good point, and your DNS example fits well, but there is a big difference between the article and your point. DNS is meant to be publicly available. The redundancy is so everyone everywhere can get access even if a few "nodes" go down. The article is talking about securing a lot of data, both from destruction, but also from theft. With many different centers like you suggest, it would be very hard to secure every one to a point where you could feel safe. With a chain of nodes holding sensitive data, the weakest node brings down the rest. So having only one place of holding the data, and putting lots of $$$ into it is better in this situtation than "Cheap geographical redundancy".

Re:Cheap geographical redundancy, not $$$ gimmicks

[Bobzibub]

Depends upon what kind of attack you plan on defending against. If your enemy is joe with a back-hoe, then you're better off with three geographically dispersed, less secure sites. Wouldn't you agree? Check this out:
http://www.info-sec.com/abuse/abuse_062097a.html -s si

I was touring one of these secured data sites once and (being the shit I am) I asked the techie-sales dude there if they'd secured the site against tempest. He hadn't heard of the technology. Thick bullet-proof glass but no sign of gounded chicken wire.

The roof wasn't shielded as far as I could see either, and there were other businesses on floors above.

So ymmv.

Re:Cheap geographical redundancy, not $$$ gimmicks

[mpe]

Imagine at the two extremes, this secure facility and a small building in an industrial park. For the cost of this facility you could build many smaller less secure facilities, but each of them would be trivially destroyed.

But it is a far more difficult task to attack many different targets at once. Regardless of if you are using commandos, missiles, bombers or human guided improvised cruise missiles.
Also I don't recall any mention of this building having anti air and anti tank capability.

Re:Cheap geographical redundancy, not $$$ gimmicks

[monkeydo]

If your enemy is joe with a back-hoe, then you're better off with three geographically dispersed, less secure sites. Wouldn't you agree?

No, I wouldn't agree. What we are talking about is a battle of probabililties. The most likely vulnerabilities can be protected against at one site more cheaply than multiple sites. The "backhoe" attack is easily defended against with seperate entry points to different wire centers.

One very good reason for disparate location is regional events out of your control. It is difficult to protect yourself from a massive power outage affecting most of Califonia, or natural disaster. Even if your facility has power, etc required support services may not be available. Your site may have 14 days of diesel fuel in the basement, but how long are your NOC monkeys going to watch the screens if they can't be relieved because all the roads are closed?

I fully support having multiple redundant locations, but that is no excuse for doing them cheaply.

On the other hand, if you have two locations and each one is not able to seperately withstand foreseeable negative events what do you do when they are both affected? What if a hurricane takes out you east coast and an earthquake hits the west? Each facility still needs to be as independatly survivable as possible, otherwise you don't really have redundancy, you just have "extra".

Re:Cheap geographical redundancy, not $$$ gimmicks

[monkeydo]

But it is a far more difficult task to attack many different targets at once.

It's only difficult if you make it difficult. If your datacenter is in your garage it hardly takes an infantry division to wreck it. If you only need one bomb/commando/missle per target you only need 10 bomds to take out ten targets. On the other hand of you need ten bombs, commandos and missles to take out each target you will probably have a difficult time taking out just one or two.

Re:Cheap geographical redundancy, not $$$ gimmicks

I fully support having multiple redundant locations, but that is no excuse for doing them cheaply.... Each facility still needs to be as independatly survivable as possible, otherwise you don't really have redundancy, you just have "extra".

your argument is pathetic. If you'd ever held a management job implementing a failsafe plan you would know that (1) there is such a thing as a budget and (2) there is significant infrastructure and technology required to make distributed redundancy work.

wannabe.

Re:Cheap geographical redundancy, not $$$ gimmicks

[mpe]

If your datacenter is in your garage it hardly takes an infantry division to wreck it.

How many garages could you buy cost of one of these "data forts". Let alone the sort of weapons you need to mount on them and shielding everything. Wouldn't do to sucessfully shoot down a missile and have the fire control radar crash all the computers.

If you only need one bomb/commando/missle per target you only need 10 bomds to take out ten targets. On the other hand of you need ten bombs, commandos and missles to take out each target you will probably have a difficult time taking out just one or two.

Putting 10 bombs on 10 targets and putting 10 bombs on *one* target are somewhat different tasks. Not only do you need 10 delivery systems vs one unless the attacks are very closely coordinated expect quite a bit of resistance after the first attacks. Also using garages has the useful "difficult to see the wood for the trees" attribute. So maybe they blow up a few of your data centres and some garages :)
You could go one state further and put the actual computers on trucks...

It can only be as secure as the network/server.

[s0l0m0n]

Physical security is a Good Thing (tm), but what about Network security. It'd be a familar gut wrenching feeling for the suits who came up with the idea to build the most secure Data warehouse in the world and then run IIS as the server.

Besides, what location in the real world is actually physically secure? I'm sure that Bin Laden told his followers that the caves they were going to hide in were 'secure'...

Give me a dozen well trained military operatives, and a couple of geeks and I could take the place, by force and subterfuge. Give me a herf gun and I can make thier secure facility useless.

Hell, Molly Millions could probably take this place on her own.

Re:It can only be as secure as the network/server.

[Corvidae]

Hell, Molly Millions could probably take this place on her own.

Yeah, but if there's a razorgirl around now, we're in deeper shit than we all thought. ;)

and this means what?

[Xaleth+Nuada]

It's an impressive building designed to withstand all sorts of disaster movie ideas. So what?

As we've all seen time and time again the real threat to computer systems does not come in the form an earthquake, tidal wave, or random highjacked 767. The real threats rear their ugly heads when some idiot user doesn't update his M$Outlook security package, or takes his password out of the dictionary.

I'm not trying to say that physical threats to computer systems aren't important. By all means they are usually the last thing people think about. But the data here is only being protected from physcially being damaged and or lost. There's nothing in that article about firewall's, encryption, open access ports, faulty software, defective hardware, etcetera ad naseum.

The protection of data by the building is just one part of the problem of everything becoming digital. It's by no means the end all solution.

One man can crack it

[isdnip]

I don't care how secure they think it is. Give Danny Ocean three weeks and he'll get anything he wants from there.

(Or George Clooney, in a pinch. Yeah, I liked the movie. Cash vault, sure.)

Re:One man can crack it

[gnovos]

For any number of movie villians, simply typing the password "override" will get them full access to the system, including the parts of the building that aren't even connected to the network!

Wow... This is just too easy....

[Peridriga]

Simple way to take down the site....

3 Letters.... E M P

Haha!!...

Re:Wow... This is just too easy....

[caesar-auf-nihil]

Or ECM.
Decommissioned ECM pods now sitting in Russian Aerodromes and/or US Military Surplus sites from the 60's had the power to fry radar electronics from a mile or so away.
FCC regs don't require shielding from this type of high power frequency.

Heck - a good electromagnet or a junkyard magnet could do a similar number on the place.

Re:Wow... This is just too easy....

[TheConfusedOne]

No, no, no. Close, but no. E *L* P While the sysops are running away with their ears bleeding you just walk in the front door. Though, maybe we could just list the places web site on Slash Dot and watch the fun...

Re:Wow... This is just too easy....

[wedg]

Actually, the reinforced concrete (crossed steel bars within the concrete) usually creates a sort of makeshift Faraday cage which effectively negates most EMP within. The guys over at NORAD and ze Pentagon have known this for a long time.

But it does depend on whether the building is reinforced, and how long the steel cabling is within it, etc. But the effect should not be so severe, reguardless. And remember, the EMP only affects unshielded electronics. They could simply invest $100 in wiring and build a giant Faraday cage around their server farm.

EMP

[Maditude]

So basically, all it'd take to take this center out is a big Electro-Magnetic Pulse generator...

Harumph!

[tbone1]

And I bet they still can't get away from the Jehovah's Witnesses.

Secure?

[3ryon]

Don't get me wrong, without physical security you have no security. However, I'm sure that all of the physical security impresses the pants off the Customer's Executives who aren't aware that their data is only as secure as the helpdesk.

l33t H4xor: This is Bob Bigswingingdick, could you reset my password for me?
Helpdesk: Sure thing, but I can't give you the password over the phone, I'll have to give it to your boss.
l33t H4xor: Did you not hear me correctly, This is Bob Bigswingingdick, I don't have a manager. By the way, tell me who your manager is.
Helpdesk: That won't be necessary sir, I'll take care of you.

Why not host in a cave then??

[liposuction]

These guys host your machines 85' underground. Constant temp and humidity all provided by mother nature.

Check it out.
http://www.usdco.com/

That's great!

[Tony+Shepps]

And as long as the dot-com boom continues to revolutionize the way we all shop, work, and live, these kinds of 99.999% reliable sites will be very important to us! Because there will be sites other than Amazon and Ebay that cannot withstand even an hour of down time without endangering the very existence of the companies with those sites!

The future lies in big buildings paying big money for big reliable redundant systems with big corporations paying big rent to make sure their big connectivity is almost permanent! Luckily the new pop-up ads will pay for it all!

Why, the only thing stopping people from getting to the completely-reliable sites located there is the fact that 99.99999999% of the routers on the net aren't in that building! But the last two nodes of any traceroute will be absolutely rock-solid! As long as there is some money left to pay bright, qualified network engineers, including 24x7 manned duty! Way to go!

(Phew. I didn't think I had a reserve of enough sarcasm to complete the post.)

Re:Well now

[ganiman]

Ok, so what did any of this have to do with a big data center? Clearly, you have some things you need to vent.

Australia

[R2.0]

When was the last time Austrailia was the target of attack? I'm betting when the English showed up, and before that the Aboriginies (sp?). I'll hedge my bets and allow a random Japanese air raid during WWII. Building a super secure facility in a secure country seems like taking a refrigerator to Antarctica to hold your beer.

Re:Australia

> like taking a refrigerator to Antarctica to hold your beer

To keep it from freezing.

Re:Australia

Last time? Well, today we see pictures of huge fire in .au on TV.

Re:Australia

[MattGWU]

Actually, the fridge would keep the beer from *freezing*, assuming it were insulated well enough from the external cold.

So 1999

[Fnkmaster]

This is very 1999. Back several years ago I was looking at several colocation facilities for my company, including Frontier GlobalCenter in NYC and the Exodus data center in Waltham, MA. They spent so much money on whiz-bang protection from invading armed forces, etc. etc. Not to mention the slick electrically opaque glass between the conference room and the NOC, so they can press a button and you watch the "opaque" glass at the end of the room fade away to see the ridiculous NOC with way too many flashing lights and screens with little bandwidth bars that was all for the benefit of potential customers.

This sort of excess overspending and the lack of emphasis put on _real_ security (i.e. data security rather than physical security) ignores the vastly more likely threat to most company's web servers and database servers (and frankly that's what most of the boxen in these places are - huge rooms full of Yahoo and eBay machines). I'm not saying that a certain degree of security isn't appropriate, but withstanding foreign invasion? Please. The invaders are looking to break in with their armored brigade to the Exodus data center!!! Oh no!! Come on. A modest degree of armed guard presence, a low profile, some generators and massive UPS system - fine, this all makes sense. But you can go overboard.

Anyway, don't take my word for it. Just look at Exodus' stock. Their excesses seemed to ignore the fact that the service they provided just wasn't worth the outrageous amount of money they were charging for it, and these days, the more budget conscious hosting/data center/colo companies are the ones left standing.

Re:So 1999

[alen]

You are so right. I work for a clec that is surviving this time and picking up customers from the chapter 11's and chapter 7's. One of our switch rooms is a leased space in an industrial building and looks pretty ugly. Our datacenter for our internal network for nt and exchange is in a small room in a non-descript building. Nothing fancy. Even the testing lab where we take the potential customers to is nothing special. Just another room in a bland suite in a bland building.

Re:So 1999

[Triple+Helix]

Completely agreed. I've been working for the last 36 hours moving my company's production site from the Austin, TX Exodus to our corporate office just outside the city. For a mere two racks, a cabinet, and enough floor space for a Hitachi 7700 storage system, we were paying close to $20k per month (power not included). For the cost of one month's rent at Exodus, we threw together our own server room, with some great discounted UPS and generator systems from a local auction, with four times the floor space! Granted, we don't have bullet-proof glass and armed guards, but is that really worth a quarter million dollars per year? When we moved in a year ago, we had to fight for cage space in a 25000 sqft facility. Now that we're gone, there's just a couple of occupied cages left. No surprises there.

Here's the weak link

[owlmeat]

"Doors throughout the complex are secured with a Honeywell Access Control System, and staff working at the facility are supplied with a proximity card."

US national labs rejected proximity cards years ago because they could be surreptitiously read out and cloned.

Really?!!

[garoush]

"...is built to survive the worst."

You got to be kidding. I don't think *anything* can survive the: "/. effect"

Site Survival

[ackthpt]

Ok, so it survives, but what if the cable running into the facility is cut off?

I live/work in a seismically active area and the possibility of conduits/access tunnels being ripped and shifted are a real concern for water, power, and communications (not to mention the commute.) Seems wiser to have mirrors, particularly in sites which each are unlikely to suffer any one of disaster types.

Secure data centers, reality & redundancy

[bourne]

• All data centers are designed to impress customers, and the true level of security is never as high as the hype/promise.
• The only true data center survivability lies in redundancy

I've been a customer at Exodus, and I've toured a number of other data center sites. The centers are generally designed to impress visitors - the "dead man zone" room being a perennial favorite - and to suggest a level of security that isn't truly there. There's a reason that the government doesn't build secure sites in the middle of an industrial park, yet that's often where you find colo/data centers. Also, the number of "sales prospects" triapsing through the data center should suggest that the true security level is lower than advertised.

As far as survivability goes, no matter how much work you put into the power, the redundant data lines, the physical security, there is no true survivability in a single site. (Look at 9/11 - how many WTC companies basically said "we'd have been dead if we didn't set up off-site disaster recovery after the '93 bomb"). Any single building can be disrupted by a determined attacker. You have to use multiple sites to be truly survivable (again, look at the Internet - the whole idea was a distributed, survivable network.

Re:Secure data centers, reality & redundancy

[mpe]

Any single building can be disrupted by a determined attacker

Also it's harder for someone to attack multiple targets at the same time. An invading army would probably be more concerned with securing actual communications systems than those simply housing data anyway...

From the article

[nanojath]

"...bomb resistant..."

Mmm, comforting. But hey, what you're selling here is a somewhat false sense of security (your website staying up means dick if your economy collapses, for example. So you gotta play the worst case scenario card.

Re:From the article

[sharkey]

"...bomb resistant..."

Notice that it does not say explosion resistant.

Re:From the article

[Beckman]

I don't think that company webservers are what's being discussed, this wouldn't really be cost effective.

Perhaps medical databases, or other massive datasets upon which lives are dependent.

Here's the weak link...

[owlmeat]

"Doors throughout the complex are secured with a Honeywell Access Control System, and staff working at the facility are supplied with a proximity card, which allows them access only to a specified area."

US national labs rejected the use of proximity cards years ago because they could be surreptitiously read and cloned.

Re:Well now

[negacao]

Grin, at least I got a good laugh out of this. "anything, excepting the few heroes of the revolution that have their own roach filled apartments and must give blow jobs in parks monthly" I'm thinking this guy was one of the roaches. :-P Or maybe somebody that paid for the blowjobs? Oh, by the way, my boss is curious as to why I have to give blowjobs to pay the rent.. I think that most of the "cells" you speak of probably make 6 figures, easily. I do.

Sure, it's secure, but...

[billmaly]

Wouldn't the best security (or at least pretty good) be to NOT advertise it on one of the most heavily trafficked sites on the net? I mean, if you want to physically destroy servers and the hardware that supports them, don't you need to know where they are? Thanks to ZD's article, now we and all other nefarious types know. Thanks John Dvorak! :)

Data Alcatraz

I think they have plenty of beowulf clusters in this building and I also think they run the Linus OS.

Limited Thinking in Post-Eleventh World

[LittleGuy]

[Brown] stops for a moment before continuing the tour and points out some details which make it impossible to escape from the dimly lit metal and glass cell in which he stands.

"It is called the dead mans zone because even if someone manages to get this far into the building, they won't make it any further, and they certainly won't be able to escape," Brown says.

That's assuming that whoever intrudes wants to escape alive.

How does this prevent cyber-martyrs?

Tank in a swamp

[bryan1945]

Well, the building seems as secure as anything I've ever heard of, but they never mention what their communication lines are. This is ok if they are primarily concerened with data safety (which they obviously are!), but this kinda falls down if they are trying to provide data accesibility (sp?). Of course, they might (probably?) have the standard fibre plus wireless and satellite. At least I would hope so, otherwise you just have this impenatrable mass in the middle of muck that can't move and can't talk to anyone, but you can't touch without getting your ass blown off.

Security through obfuscation

[UberQwerty]

Making a big, strong safehaven like this and telling everyone negates its effects. Telling everyone about how great your security is gives it a shorter lifetime than the completely not-scure (either from hacking or from "foreigh invasion") computer I'm using to type this. A shitload of physical defences and paranoid geeks are great for security, but not nearly so good as keeping a secret.

I say build it in the middle of a desert, six feet underground, under cover of night.

Pr0n!

[Wag]

It's reassuring to know when the world is enduring The Apocalypse an outlet for pornagraphy will exist for future generations.

Air conditioning

[maladroit]

"There are two ways to attack a data centre ... kill the power, and ... attack the air conditioning."

They at least got that right - I'm reminded of the old SAGE systems, massive tube-based computers that were part of the nuclear missile system. These monsters were in huge buildings, with 4-foot-thick reinforced concrete walls that could withstand almost anything ... but the cooling system was outside the building. One blast there and the system would melt itself into oblivion.

Sabre Data Center

[jeffy210]

Has anyone ever looked at Sabre's Data Center?

"The facility is designed to withstand the forces of an F5 tornado"

Australia isn't exactly pro-liberty

[rdl]

Amazingly, for a country originally populated by convicts, Australia seems to be outpacing the US for the honor of being the worst western country in terms of individual liberty (UK, US, AU...it's a three horse race I think). If it were me in that part of the world, I'd pick New Zealand. Unless I were serving AU-domestic customers specifically, I see no reason anyone would colo there; they might as well at least use the US where things are cheap.

Nice specifications, though. A single generator for on-site power is probably a bad idea, though, even with 2 substation feeds; any outage which could take down a substation could easily be system-wide, and some of those take a long time to restore. Witness the 9-11 situation where 111 8th and 60 Hudson (2 of the 3 important NYC carrier facilities) were on extended generators). 111 8th's generator 1) ran out of fuel 2) didn't start due to dust clogging the air filters. And powering up a 2MW diesel every 6 weeks for testing is also bad; should be done weekly or better.

I think it's rather telling that no one is building out bare colos like Exodus, Frontier GlobalCenter, etc. did back in the mid-1990s; there's a glut of raw space except in very specific markets. Managed services or differentiation (by security, expansion of over-capacity carrier hotels, low pricing, etc.), but not by massive up-front capital spending.

More than one place...

[mlknowle]

The real solution is to house the data in multiple facilities in different countries; and the only security focus should be on protecting the data from theft, not from destruction.

If someone really wants to blow up a builiding, they can do it. It is a lot harder if that building is only part of a redundant network.

The real threat is made out of dead trees

All the nickel metal hydride UPSes in the world won't help much in the event of someone showing up at the door with a piece of paper that has laser toner sintered onto it forming the letters S-U-B-P-O-E-N-A, or maybe W-A-R-R-A-N-T. Those scenarios figure a lot bigger in my threat model than do foreign invasion, nuclear power accident, or similar. This data center doesn't seem to do much to protect against them.

Even Havenco isn't as secure against legal threats as they'd like their customers to believe, because as described in their FAQ, they reserve "the right to cancel at will if the customer's web site or service is endangering [Havenco's] access to Internet connectivity". They claim to use that primarily against spammers - but what happens if Disney and AOL-Time-Warner, which together control a whole lot of backbones, politely inform Havenco that site X has to go, or else all Havenco's customers' traffic will be unroutable on Disney's and AOL-Time-Warner's networks?

Note, too, that Havenco forbids content illegal in Sealand, which at the moment consists of and only of "child pornography" - and that sounds perfectly all right, we're decent folk who don't want to support those yucky child pornographers - until you realise that child pornography is not actually defined in Sealand law (Does it include text? Does it include photographs of adults who look younger than 18? Does it include drawings and paintings made without a model?), and that Sealand has not yet determined its official position on "regulations regarding copyright, patents, libel, restrictions on political speech, non-disclosure agreements, cryptography, restrictions on maintaining customer records, tax or mandatory licensing, DMCA, music sharing services, or other issues", and these facts are explicitly stated in Havenco's AUP. You just have to trust that the Prince of Sealand won't do anything you disagree with when it comes time to decide those issues, and that he won't cave in to pressure from other nations or large corporations. How much trust are you willing to put in one person?

Re:The real threat is made out of dead trees

Good points - we should not forget how much of the internet (or at least the critical bits) are owned by so few.

In the UK we have a warrant that allows immediate access to, and seizure of, any equipment that can be shown to be involved in copyright voilation - doesn't even need proof, just reasonable liklihood.

The point you make about content is also very valid, but can have a more interesting side to it. There has been a case in the UK of an individual publishing porn on the net (run of the mill stuff). He assumed that because he hosted in a country where the material was legal, he was OK. However, the court took the view that the act of uploading (via FTP) from the UK to anywhere was an act of publishing, therefore he was publishing material prohibited material (in the UK) in the UK, therefore illegal, therefore a conviction.

No matter where you host, or who you host with, you have to rely on service providers (of many kinds) and pass through juristictions who may decide that it *is* their business what you transmit through their terroritry (even if you don't live there, host there or have any site visitors there)

No Flood Protection?

[Sir+Tandeth]

The article didn't mention water detectors or sump pumps. These items caused me to fail an audit of an otherwise impeccable raised-floor facility.

Re:Foreign Invasion? Yeah, by USA

[ackthpt]

Ok, don't hit that flamer button just yet, but isn't this always the great stuff that gets thrown back in the face of people everywhere?

People have facitlies built, like those mentioned

The government turns to the Dark Sideê and the good ol' USA starts bombing

The varmints hide out and take advantage of these great designs

Granted, there's a ~50 year old design that does a pretty good job of overcoming modern engineering marvels... the B-52.

Re:/. effect

Är Du lycklig nu?
Har Vi tid
innan allting tar slut?

Real security

[Animats]

What I'd like to see is this:

• An operating system with machine-checked proofs of correctness down to the hardware (VHDL) level.
• Passwords are not used. Security is based on physical access to secured terminals, plus biometrics.
• All crypto is in hardware, and meets NSA standards.
• All apps have minimal, and I mean minimal, privileges. Anything run from the outside, like a servlet, runs in a jail.
• Separate red (insecure) and black (secure) systems, interconnected by an upgrader/downgrader that parses everything and only permits a very limited set of transactions, such as the usual credit card operations. The red system doesn't need the heavy security stuff, but the black system does.
• Proof of correctness on the upgrader/downgrader.
• The red machine boots from CD-ROM, and the memory protection hardware supports "make this read-only until the next boot".

The software development for this would be expensive, and performance would be modest, but highly secure, limited-purpose back-end systems would be far better than what we have now.

Bullet resistant

[foobar104]

Designed as a southern Fort Knox, the structure is earthquake proof, bomb resistant, and provides anti ram capabilities.

From the movie Strange Days by James Cameron:

MACE
Take it easy. The glass is bullet resistant.

LENNY
Bullet resistant? Whatever happened to bullet proof?

Can you imagine...

[Amazing+Quantum+Man]

A Beowulf Clus--aarrruugh!

Drops dead and dies as a mob of angry /.'ers begins lynching him

What the fuck is wrong with you people?!

What the hell is wrong with you people?

Your post is pure hatred and harassment. You should get arrested for this.

Errr... geographical redundancy?

[strags]

While having your servers nice and secure in a physically impenetrable fortress is all very well and good, it's sort of the physical equivalent to cryptographic security-by-obscurity. It provides a false sense of security, and doesn't address critical vulnerabilities.

Let's face it - someone who wants to take your website down isn't going to do it by physically storming the building! Unless, of course, they're the government - in which case they'll also cut off your internet feed. What good is your 7-week's worth of diesel going to do you then?

Furthermore, it doesn't make any difference how physically secure your boxen are, if you're running an OS with networking vulnerabilities, or are vulnerable to DOS attacks.

The most secure solution is complete redundancy/distribution, in both physical and network space. The most obvious example is Freenet, which sadly isn't quite mainstream-useable yet.

Store your documents in a distributed fashion across thousands of machines. Encrypt them, so even the individual user doesn't know what his cache contains. Cryptographically sign each piece of content you produce. How is anyone going to fuck with your site when it's in a thousand different places?

Re:Errr... geographical redundancy?

[mpe]

Let's face it - someone who wants to take your website down isn't going to do it by physically storming the building! Unless, of course, they're the government - in which case they'll also cut off your internet feed. What good is your 7-week's worth of diesel going to do you then?

If the building isn't as secure as you think it is the 7 weeks supply of diesel may simply help it burn better. IIRC WTC 7 contained a large store of fuel...

kind of makes you think... of ways to defeat it!

[supernova87a]

How about this -- is it invulnerable to someone surrounding the place with a giant loop of wire, and pulsing it to erase all the magnetic media?

(I guess that would have to be a pretty strong current, but how about those fictional (?) EMP bombs?)

As with anything else....

[Malk-a-mite]

The weak point in any security setup is normally the human element.

Nothing here changes that.

Can it survive /.'ing?

[MagikSlinger]

So if Slashdot relocates to Australia, does that mean we can still rely on Slashdot to give us live up-to-date information as the country is being invaded and bombed back to the stone age?

More importantly, can it survive a DDoS?

Can it survive the /. effect?

Re:History Ok, a solution...

[ackthpt]

Build your datacenter as an 802.11 linked beowulf cluster mounted on the back of squirrels. Safe from everything but Hawks and Bicyclists.

well, that is good to know....

[the_2nd_coming]

so now, in 50 years, when we destroy ourselfs we can rest assured that the internet will survive!!!! thank-god

Sorry to be morbid

[foobar104]

I don't mean to be morbid, but from reading the article it seems clear that this building couldn't handle a fully fueled passenger jet being crashed into it.

It's all well and good to defend against those who want to steal, but beyond a certain point, you can't really defend against those who wish to destroy.

So how do they make money?

[Infonaut]

The big players in the hosting market have tried this already - and have failed. Exodus and NaviSite both have very physically secure facilities, but these types of setups cost a lot of money to build and maintain.

If you can't convince clients that it's worth the extra money to have all of this physical security, you can't make money.

In the midst of a global slowdown, are companies going to want to spend that extra money, rather than investing in distributed data warehousing approaches?

Re:So how do they make money?

You, sir, are an asshole.

You're welcome.

Re:kind of makes you think... of ways to defeat it

[s0l0m0n]

(I guess that would have to be a pretty strong current, but how about those fictional (?) EMP bombs?)

Who says EMP bombs are fictional?

Winn Schwartau (sp?) covers this technology in medium depth in his book 'Information Warfare' (which is btw a VERY good book on Information terrorism and counter e.terrorism, as well as providing a good design for a closed cell architecture for terrorist oragnization. A MUST read in this day and age).

With a mediocre knowledge of Electrical Enigineering, one could pretty easily be constructed, or at the very least one could construct a powerful high energy radio frequency gun, with the proper power supply. It sounds like the facility is located in a fairly insdustrialized area, meaning that the power infrastructure to power it is probably already there to be hijacked.

There is always a way, and it doesn't always involve crashing a 767 into it *grin*.

Safe enough from /.?

[neoevans]

I say we show them, and any other companies boasting security of data, just how secure they really are.

Slashdotters UNITE!

There must be tens, no, dozens of people who read Slashdot! We could hack these companies just to show them it can be done!

We could take over the world!

Just as soon as I get this Vic-20 up and running...

Physical security, yes. But can it survive....

[wholesomegrits]

an economic downturn? An exodus of companies with silly business models that scale negatively -- @home, adcritic just to name a few.

Can it survive Capitalism? Forget a foreign invasion.

Re:Foreign Invasion? Yeah, by USA

B52 in and of itself doesn't overcome anything. Those 20 ton, modern bombs are what gets the job done.

Familiar

[Luminous]

Anyone else think this is teh 21st Century version of the Titanic?

It was built to secure the data of the world.
It was built to withstand natural disasters.
It was built to withstand armored assault.

One man would bring it down.
One man would free the information.
One man - Lord Legba!

Coming to a theater near you this summer.

how quaint

[markj02]

Physical security--how quaint. Even if you greatly overengineer it, a widely distributed network of nodes using cryptographic techniques is likely to be much cheaper and no less secure. And it's also likely to be more resilient.

Re:Foreign Invasion? Yeah, by USA

[ackthpt]

Those 20 ton, modern bombs are what gets the job done.

Heaviest bomb I've seen listed is the 15,000 lb (7.5 ton) "Daisey Cutter"

Much of carpet bombing still is done with 500 lb iron bombs.

Proofreaders?

Does ZD employ any of em?

and to this day an inspirational feet of excess engineering.

Imagine

They spent a lot of money for site protection, but at the end, a simple worm like Nimda or CodeRed or something new can bring everything down.

Nit Pickery

[virg_mattes]

To pick a nit, you mean "security through obscurity", not obfuscation. Obscurity means "nobody knows it's there." Obfuscation is creating confusion.

I say build it in the middle of a desert, six feet underground, under cover of night.

To which I say, satellites can see in the dark (the better to watch your construction, my dear), and they can also see these sorts of facilities six feet underground from the rather notable heat signature. Keep in mind, even if the facility is properly cooled, all that heat has to go somewhere, and the bleedoff point will give away the operation. It's the same method employed to find military bunkers in the desert. When a satellite looks down and sees a heat plume coming from nowhere, it's short work to investigate why.

Virg

Re:Nit Pickery

so that means if you build it in the lava tubes on the side of a dormant volcano, the satalites would be none the wiser... except when they wondered why all of that construction equipment was going into the side of that volcano, or why there was a really long cable running out of there

Using Missile Silos

[virg_mattes]

> I actually prefer Missile silos for ulitmate security.

Assuming you mean reusing old missle silos, it's a bad idea, for several reasons.

1.) The old silos were not designed to handle the electrical load that a datacenter requires.
2.) Missile silos are designed to protect against nuclear strike, but not much else. Foot soldiers would make short work of such facilities. Think heavier-than-air tear gas or burning jet fuel if you don't know why.
3.) Missile silos are generally full of asbestos and other nasty stuff that would be very costly to remove.
4.) Most missile silos have water leakage problems. This wasn't much of an issue when the only thing that got wet was the tail of the rocket booster, but computers are understandably less durable in such circumstances.
5.) Data connectivity was a non-concern then (they only needed a telephone, and then only until nuclear war began), so getting them wired would be prohibitive. Just about the only answer is satellite link, but that's not secure from destruction from the air.
6.) Missile silos were not siege-ready; that is, they didn't have weeks of supplies in case they were locked in. The assumption was that by the time they had a problem with supplies, the missile would have already launched.

Virg

Re:Using Missile Silos

[modemboy]

I'll have to disagree with you on number six there, they did keep provisions for people in the silos, at least according to the famous abandoned missile silo site. I quote:

In the event of an attack, the machines would definitely have lasted much longer than the people, even though they kept provisions to feed 150 people for 1 month without having to go to the surface. Behind the camera is the main environment room. From url http://www.triggur.org/silo/air.html

I also think that the silos were pretty attack proof, most had double sets of hardcore steel doors.

Re:Using Missile Silos

[jjeffers]

I'm going to have to disagree with your analysis of missile silos. I won't pretend to be an expert but I have visited a few sites including the Pima Air and Space Musem TITAN missile silo.

The undergroud complex have massive air handling systems, security, and power generation subsystems.

"4ft thick concrete with 2inch rebar every 8inches"

"2 battery backups and a 500HP Diesel generator"

"Everything after the second blast door is isolated from shock"

"100,000-gallon [water] tank"

Anyhow, what your argument fails to address is that if you are building a data center in a missile silo, why would you have to reuse the commodity equipment. Obviously all of the equipment wasn't designed to support thousands of computers, but the point is that the structure can be reused for that purpose with stellar results.

-Jim

Re:Foreign Invasion? Yeah, by USA

[Rand+Race]

First of all, a 10,000 Lb (weight) B43 hydrogen bomb has a yield of a megaton (using TNT as the basis). So a ton may well refer to weight or yield. However, the M110 General Purpose conventional bomb, weighing 10,000Kg or about 11 tons (US), is the heaviest bomb currently in the American conventional arsenal and it yields no more than 3 tons or so. Ultra small nuclear weapons, like a W54 backpack nuke yielding about 22 tons, are about as close as you'll get to a bomb that yields 20 tons.

Not being a pedant, you just piqued my interest and I figured someone else may enjoy the fruits of my research.

Your .sig... (Warning: offtopic but important.)

We wave the flag of freedom as we conquer and invade.

Give me a historical example in the most recent century how we (the United States and its allies) have "conquered and invaded," and NOT left the country more open, more free, than when we arrived.

(The only answer with any legitimacy might be Vietnam, because we gave up on conquering and cut our losses.)

Look today at Japan, Germany, Korea... established or emerging world powers, with a bright future for peace and prosperity. Kuwait was a free nation, we repelled invaders from a foreign dictatorship and returned its sovreignty.

And you MUST admit, Afghasistan's prospects for freedom look MUCH improved over six months ago.

I'm no war hawk, but the military historians who pointed this out recently sure do seem to have a point. Let us not forget that blood was shed on our soil as well, to ensure our freedom... the blood of americans, french, spanish, and other peoples in a fight to overthrow a King's power here. In the 1770s and again forty years later!

Look where we are now!

What they sell is perception...

not actuall data security. Your normal bank manager don't know shit about computers, networks or any of that stuff. To try and convince them of security measures that are essentialy virtual, no physical evidence of your security, no matter how good your redundancies or encryption is, it will difficult to convince Joe Bankmanager that it is good. But show him a three foot thick concreat filled steel door and he'll say, "WOW! this place looks really secure." I'm sure hostworks knows that most of this stuff is crap and gimmicks, but their betting that it's crap and gimmick that will sell.

They Forgot...

[Renraku]

What about things to protect the data with? Armed guards, military/police support on request, advacned detection methods, and a 'lock-down' state in which no one can get out or leave until lock down is called off from the inside. They have to get ready for a siege, if they want to take it all the way. Also, it'd be nice if they started expanding farther and farther underground. That'd give 'data mining' a whole new meaning.

and Three...

[yzquxnet]

just crack the data center. cracking into the data center would quit possible actually be the easiest. If you consider that most people would more than likely electrocute themselve trying to cut the power. HVAC, most people don't even know what it is. Where as sitting down at your computer and cracking the system would be far easier. At least in terms of actually trying. Whether your successful or not is another factor altogether.

Not So Easy

[virg_mattes]

> 3 Letters.... E M P

Two words in return: Faraday Cage. This deals with the big electromagnet as well. As for the junkyard magnet, you could just arrest or disable the crane operator before he could get it near the building.(bfg)

Virg

Re:Not So Easy

[Peridriga]

Faraday Cage blocks outoing EMP signals, not incoming.

Re:Not So Easy

[cronik]

Sorry, that's incorrect.

A properly designed faraday cage will refect most of the EM spectrum and dissapate the rest to ground (depending on both the polarization and the phase). The cage dosent deterine inside from outside, it simply provides a boundry.

Redundancy isn't everything...

[dublin]

It matters *where* your redundancy is.

At least one firm in the World Trade Center had what they thought was a very safe backup procedure: Their data center in one tower was backed up to the second. In their minds anything that would take out *both* towers would obliterate Manhattan, and therefore was considered too remote to worry about...

Re:Redundancy isn't everything...

[DerekLyons]

At least one firm in the World Trade Center had what they thought was a very safe backup procedure: Their data center in one tower was backed up to the second. In their minds anything that would take out *both* towers would obliterate Manhattan, and therefore was considered too remote to worry about...

FWIW Manhattan was virtually obliterated. A significant (large) percentage of the office space outside of the WTC is unuseable and will remain so for quite some time. Services to lower Manhattan are not fully restored and will remain problematical for quite some time. Denial of Service (Mission Kill) is every bit as effective as outright destruction.

Not so unique...

[Biolo]

I remember about 10 years back taking a tour of a major financial institutions data centre based in Edinburgh, (Scotland). The place had been built for mainframes, but they were in the middle of replacing them with a "more modern" client server paradigm (I'm spending _far_ too much time listening to my boss!). This meant that they had collosally huge rooms, chilled to about 10 degrees C, virtually empty.

There were essentially two data centres in one building, each with its own exceptionally large UPS system with rooms full of wet-cell batteries, and each with two backup generators. Naturally there were separate power feeds into the building (three separate sub-stations if memory serves). The most memorable part tho' was walking through the separating wall - 10 feet thick re-inforced concrete which, we were told, had been designed to withstand an impact from a 747. They were under the local airports flightpath - an airport whose runways will never take a 747, but anyway. The wall runs diagonally to the flightpath, but if it lands right on top they've still lost the facility.

The thing that always strikes me about all these types of centres is that they seem to ignore (or just don't talk about) the human factor. Most disaster recovery plans are just as bad. Picture the scenario - half of your facility has just been taken out by some disaster, you probably just lost half of your collegues. I won't describe the scene, but you can imagine what horrors might be going on on the other side of the 10 foot concrete wall from you - how well will the average person be able to cope emotionally, never mind how well they'll be able to do their job? I imagine a lot of people simply wouldn't be able to face coming into work in those situations.

All that said of course, from what I hear those who survived the WTC proved me wrong, but then they were making a stand against the terrorists, and I really admire that. What if though, for the sake of this scenario, the disaster had been caused by human error, natural disaster or whatever. How would people have coped and done their jobs under those circumstances. I think a lot more people would have refused to come into work, even in the disaster recovery site, and those that did would probably have been a lot more distracted and lack motivation, at least once the immediate response to the disaster was over.

Re:Not so unique...

Actually, sociologists study this sort of thing in the form of hurricanes, floods, tornados, and earthquakes. In general, people don't go crazy and lose their minds, but work together to help victims and repair the infrastructure. Chaos seems to pull people together and make them cooperate instead of running around screaming. On the other hand, most people would probably put a greater emphasis on saving their friends and relatives than running the nightly backups. But it's probably easy to find geeks without nearby relatives.

Re:Your .sig... (Warning: offtopic but important.)

sudan, croatia, serbia.

backhoe

a backhoe can cut their data cables

Re:backhoe

Really? How would that work? Whould that make the place blow up?

Warning: Offtopic

[Ricky+M.+Waite]

I apologize for veering offtopic, but this sort of patriotic pro-military intervention propaganda gets the best of me.

Now, just one example? Noam Chomsky describes one such example of "conquering and invading" quite well:

"It should be unnecessary to point out that massive terrorism is a standard device of powerful states.... Some cases are not even controversial. Take the US war against Nicaragua, leaving tens of thousands dead and the country in ruins. Nicaragua appealed to the world court, which condemned the US for international terrorism ("the unlawful use of force"), ordering it to desist and pay substantial reparations. The US responded to the court ruling by sharply escalating the war, and vetoing a security council resolution calling on all states to observe international law. The escalation included official orders to attack "soft targets" -- undefended civilian targets, like agricultural collectives and health clinics -- and to avoid the Nicaraguan army. The terrorists were able to carry out these instructions, thanks to the complete control of Nicaraguan air space by the US and the advanced communications equipment provided to them by their supervisors."

While I do agree that war is sometimes necessary, like in revolution and related things, imperialism (which is exactly what the US and it's allies have been doing for as long as they've been recognizable military powers) is in no way justifiable. Sure, sometimes it may "help," but this "help" usually just leaves the country more dependent on outside forces, and many times just places it under control of some other more "friendly" country. And there are more than enough examples of harmful United States militarism to overshadow it's "good" military activities.

Anyways, offtopic, but I just had to get my word in.

Re:Warning: Offtopic

So you've preferred communists in our own backyard?

Thankfully your side never won...

Re:Warning: Offtopic

...but this sort of patriotic pro-military intervention propaganda gets the best of me...

Look boss, I live every day of my life as a conscientious objector. I consider myself a peacemaker; I do what I can to help people who are too close to the situation resolve their differences by logic and intellectual dialogue whenever possible.

But when I sat in front of a television screen and watch three thousand of my fellow human beings (forgetting totally about the opportunitic, faux patriotic US propaganda that has been circulating as of late), I think right-thinking PEOPLE around the WHOLE EARTH realized the magnitude of the situation we find ourselves in.

This was not a military target, like Pearl Harbor. This was John Q. Mommy and Daddy, Brother and Sister, Son and Daughter.

As human beings we are all outraged. And yes we can take the high road and decry violence and try to legislate it away, or "love it away" like your drug-loaded forefathers... I'm as idealistic as anyone else to hope that someday that will work.

But here and now, logically, there is no way to negotiate with terrorists and have a mutually agreable outcome.

"We" don't come waving the banner of freedom as we "invade and conquer." We-- the world-- come together to cry out for our lost human brothers and sisters; find where the evil lies; pick up our pickaxes and scythes; and tear down the wicked weeds where they stand.

The country that they have been harbored in will become better, the world will become better, and only evil loses. And when I say "evil," I'm not talking about any religion. Basic morality tells you that someone who kills thousands and then sings praise for the act is EVIL.

That is our world's reality. So in conclusion: No, you don't have to like the military, but when they are potecting your ass from some hellspawn who wants to blow you up, you should at least thank them for it.

ram proof?

2 - "ram proof"??? Not hardly. I don't see a double berm system. Some of those nice decorative tree planters that are actually 2 foot thick reinforced concrete might help



Your mom thought her chastity belt was ram proof. To her surprise, I flipped that bitch over and did her from behind.

Re:ram proof?

[innocent_white_lamb]

Your mom thought her chastity belt was ram proof. To her surprise, I flipped that bitch over and did her from behind.

The AC intended this as a rather weak joke. However, he has come up with an unintentionally insightful observation here.

When dealing with matters of security, it is awfully easy to overlook the weak point in a system. People who "belong" generally walk in and out the front door, for example, so when thinking of security you (as a "belong-er") think in terms of reinforcing the front door and installing a burglar alarm. However, in a lot of cases the garbage disposal chute, the sewer outlet and the air conditioning vents on the roof get forgotten about, and become a weak point in the system.

"Nobody would crawl through four inches of slime to get in through that garbage disposal chute." Right....

Re:ram proof?

[ZPO]

Actually I come from the hyper paranoid military intel world. If it's an orifice it's a weakness. We had motion detectors in our air ducts.

I was just doing a quick back-of-the-envelope job from what I could see in the pictures.

Chomsky is a traitor

Chomsky is a goddamn pinko (along with the "intellectuals" like Susan Sontag) and should have been tried for treason a long time ago. Perhaps the new anti-terrorist laws will finally allow this, but I'm not very hopeful. The liberals have an uncanny skill in defending the very enemies within. Like the Devil quoting the Bible they use the Constitution. Makes me wanna puke.

Seen it all before....

This is nowt new.

This place has been going since '98: www.thebunker.net

"A former NATO nuclear bunker, it is the most physically secure non-governmental site on earth for data storage and hosting." Well that's what they say... [that'll be the CRT induced cynicism.]

Ali [ at london . c0m ]

Kevlar to the rescue (sort of)

[Ukab+the+Great]

Random Anecdote:

In Tsutomu Shimomura's book Takedown (about the hunting and capturing of Kevin Mitnick), Shimomura describes how a snow plow would constantly sever wires running between the trailer he had his computer in and the data center next door. His solution was to wrap super strong kevlar cable around the the vulnerable data cable. This solution worked a little too well-- the snow plow caught the kevlar cable, and indeed it did not break and neither did the data cable; instead the snow plow ended up pulling off the entire side of the trailer the kevlar cable was attached to!

What about connectivity?

[Faust7]

as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion.

Okay, good structure, check.

Anyone remember what happened to CNN, MSNBC, etc. after the WTC thing? The sheer number of accesses brought them right down. It was a perfect testament to the fragility of the Web. This ought to be addressed as well; we may not always have Google's famous cache to fall back on.

Re:What about connectivity?

[DrVxD]

It was a perfect testament to the fragility of the Web
The fragility lay not with the web but with the affected hosts. For instance, the BBC site seemed to cope with demand for most of the 11th. (Since I live in the UK, my first stop for current affairs news is usually the BBC rather than CNN).

Re:/. effect

[rbruels]

...innan allting tar slut?

Wow. tar slut. A person who excessively engages in the archiving of files.

Ryan
tar slut

I find these overkill datacenters vary hilarious,

[PalmKiller]

After all they real attacks will be from hackers all around the world. I was told a while back about a datacenter in dallas owned by SWB. It has power grids from both dallas and fort worth, and backup generators and diesel storage tanks and first dibs on fuel. Now thats nice for power outtages, but then it has bone density scanners, and temp and floor tile sensors and guards and all this crap for nothing...after all no one is actually going to take the time to GO there to attack a clients systems. Its a total waste of money to put your system in one of these mil spec places...sheesh its just to impress that bosses or very stupid admins.

Fire Fire Fire !!!

[Erik_]

The Hostworks site cracks me up, when you can read:

"We maintain the centre at a permanent 17-19 degrees Celsius," says Brown. "And as the heat exchanges are located within the centre they are protected from both the natural elements, and from direct attack."

"Fire prevention and control is provided through a FM200 fire suppressant system under the floor, and dry pipe sprinkler systems."

"On-site diesel storage capacity for over 40 days of full site operation."

Anyone seen the progression of the fires around Sydney. I wonder what effect it would have on such a nice building if it ever got close enough.
Here is a recent report from the Washington Post, SYDNEY, Australia -- Bush fires, many set by arsonists, raged as close as 12 miles to Sydney on Friday after flames 20 feet high consumed more than a hundred outlying homes. Fire officials also warned that hot, dry, windy weather over the next few days could trigger a second wave of destruction along the 370-mile-wide fire front surrounding the city...

Cool...

[vjmurphy]

... when the nuclear war comes, I'll still be able to get Star Trek newsgroups and porn. The Internet will live on.

Nothing compared to the Amadeus Data Processing Fa

[C60]

Okay, I'm going to preface this by admitting I've never been inside the Amadeus facility. I have however lovingly devoured the Amadeus coffee table book on the history of their facility, as well as spent plenty of time talking with the folks from Amadeus about their facility. Now I've searched and searched for publicly available info on the ADP, but can't find anything. Google pulls up obscure references to it, but nothing that describes the facilities in detail.

My issue with the Hostworks facility is that it's designed to handle physical currency, not data. You can fit a hell of a lot more electronic currency in 1 square foot than you could ever fit physical currency.

The Amadeus Data Processing Facility (aka the ADP [no relation to the ADP you see on your paychecks]) in Erding Germany is the Fort Knox of data facilities. It's designed to not only protect the servers physically, but to also protect the transactions within the facility

Amadeus is the European equivalent of Sabre in the US. They have roughly a 90% market share of the European market, 10% of the US, and a lot of the rest of the world to boot.

Their facilities are oriented towards traditional transaction processing systems (Tandem/Himalaya machines) rather than "normal" servers. While there is overlap in methodology there are a *lot* of differences. For the most part, they manage all the machines.

This facility supports all of the Amadeus traffic (both queries and bookings for hotels, cruises, airlines, car rentals, even travel insurance.), as well as the data processing for a number of international airlines (British Airways is one), and supposedly several international banks as well.

The facility is oriented around (roughly triangular) firecells, of which there are 3 for machines. These are massively over built. They were originally designing for hundreds of mainframe style machines, and (literally) tons of copper cabling in each firecell.

Each primary walkway is secured at multiple points. You're escorted at all times by a guard who doesn't have the ability to open any doors. Doors can only be opened by a guard remotely. At every point a guard can verify what he's seeing on the camera by direct visual observation.

Cooling is completely isolated from electrical which is completely isolated from network cabling which is completely isolated from the machines. Machines are the at the center of the firecells with corridors for cooling, electrical, and other support systems surrounding it. Each of the corridors is physically secure from all of the others.

ADP has enough generator power to run the entire town of Erding in the event that Erding loses it's main power source(s). Rumor has it that this has happened on numerous occasions.

Geographically isolated in a "easily defensible location". (One of those comments that kinda sticks in your mind when you hear it)

If they don't know you're coming you are stopped by armed guards before you're in sight of the building.

There is a No-Fly zone around their facility. (How this is enforced I don't know...)

Every Tandem is actively mirrored by another in a seperate firecell on a seperate floor. If your Tandem in cell-1 floor-2 goes away, the mirror in cell-3 floor-1 keeps the transaction from being lost.

The list goes on and on. Someone out there in the /. universe has to have heard of this facility and can probably fill in or correct details, but the Hostworks facility is by no means truly unique.

Not BackHoe-Proof - Two cuts and you're off-net

[billstewart]

There are some kind of applications that work fine in isolation, and if this is one of them, cool. But most real-world businesses need to be connected to the rest of the world - either the Internet, or privatge networks (e.g. bank data centers talking to ATMs). The article doesn't mention physically redundant communications, though I assume they probably did use a fiber ring of some sort, which means it takes *two* backhoe hits before they're off the net and not just one. But if they're this paranoid, and not just hyping themselves, they need some radio or satellite connectivity, enough voice diversity (or cell phones) so they can talk if their phone connection gets cut, and ideally geographical diversity so that if something does go seriously wrong (flood, earthquake, etc.) they can run from their other location.

Re:Foreign Invasion? Yeah, by USA

[Genjuro+Kibagami]

Foreign Invasion, Australia being invaded by the USA?

Somehow I don't think so.

Re:Foreign Invasion? Secure? Above Ground?

Ok, its extreme, but a nuke on top of this would kill it. If we're assuming worst case scenarios this would be up there.

The article referenced appears to just be a puff-piece, any half decent data-centre does all this and probably more.

Luckily in the UK we the The Bunker (http://www.thebunker.com). Built in an ex Air Force facility it offers protection against: nuclear attack, terrorist attack, electro-magnetic pulse, HERF weapons, electronic eavesdropping and solar flares. (Not actually used them but they have to be the coolest colo you can get!)

I have actually used a data centre in the past, which checked (carefully) any equipment you took out, but not what you took in. (Think about what you could hide in a large rackmount or tower case thats not exactly electronics - HERF guns, Semtex).

If you really want a tour-de-force of paranioa in hosting/comms/data-centres I suggest Cryptonomicon (Neal Stephenson) not only a great book but a great lesson in just-because-im-paranoid-it-doesnt-mean-they-arent out-to-get-me and how to cover your arse at corporate level.

In the end you need multiple-hardware (all of it!), multiple connections, multiple service providers (e.g. credit/debit card handling), in multiple ISPs in multiple countries on multiple continents if you really need to run 24x7 and guarantee uptime that will ensure that you're open for business even if all your customers have just been sent back into the stoneage.

Re:Foreign Invasion? Yeah, by USA

[Captain+Nitpick]

First of all, a 10,000 Lb (weight) B43 hydrogen bomb has a yield of a megaton (using TNT as the basis).

The 2100 Lb B43 is no longer in the US arsenal, having been replaced by the 2400 lb B83. Perhaps you have the weight confused with the 10,000 lb B41, which had a much higher yield.

However, the M110 General Purpose conventional bomb, weighing 10,000Kg or about 11 tons (US), is the heaviest bomb currently in the American conventional arsenal and it yields no more than 3 tons or so.

Firstly, I can find no evidence of a M110 bomb existing, other than one-line entries in copy/pasted lists on free hosting sites.

Secondly, the only aircraft capable of lifting and dropping a 7.5 ton Daisy Cutter is a C-130 (a B-52H's bomb racks aren't built to hold anything that big). This is enough to make me doubt the existance of a 11 ton bomb, which would require aircraft specially modified to handle it.

Ultra small nuclear weapons, like a W54 backpack nuke yielding about 22 tons, are about as close as you'll get to a bomb that yields 20 tons.

On this point, you're quite right. Getting a 20 ton yield out of conventional explosives is going to require a big bomb.

Theres always something else

Theres is *no* absolute guarantee of security, or continued service. Its simply a matter of throwing money (and good sense) at the problem until you reduce the level of risk to one that you can tolerate.

All data centres (whether private or commercial) have their weaknesses, and all are all-too prone to human error. Whenever I've lost service with a large colo, its been someone on their side cocking up routing tables, kicking out cables or mangling DNS.

I worked for a (UK) government department who used two (private) data centres - each could provide service for the other. They also had a third, which was never used, but was kept up to date and operational in case one of the others ceased operation. Each centre also had redundancies (duplicate of everything on hot standby - mainframes, servers, control desks, comms equipment). They had two power supplies, taken direct from different power stations, massive UPSs (two of course), a generator, all comms lines were duplicated. In fact about the only thing that didn't have redundancy was the kettle in the kitchen!

Two thing occurred whilst I was involved on one on these sites:

A power line failed, UPSs kicked in but with a spike/brown out which reset all equipment - including some which didn't come back up. The generator tried to start up - but due to rabbits living in it didn't get too far (neither did the rabbits after that).

During a particulary hot summer, the rooms got slightly too hot (not hot enough to destroy the equipment tho.) The halogen systems kicked in, destroying equipment near the halogen outlet and freezing half the wall off. Of course, this also triggered the emergency power cut-off in case it was an electical fire.

In both cases, the failover to the on-site redundancy didn't go too smoothly and a small army of engineers had to go on site to recover (including myself).

On top of all this, one of the site was built on a sloping bank which had subsidence, meaning that the whole building was slowly moving downhill, and tilting. Eventually, it will stretch all those carefully installed dually redunant comms and power cables.

In summary: theres no such thing as absolute guarantees. You can throw money and time at these things until the risk is reduced to an acceptable level or your arse is covered. *BUT* there is nothing better that an enforceable contract for loss of business and consequential damages with all your providers and a healthy does of insurance for any loss of provision.

If you do find an ISP/Colo that is willing to cover consequential damages, please tell the world, I for one would be very grateful!

fiber cut

just cut the fiber going to the data center.

man's ego

[argStyopa]

"...and you know, I heard this ship is unsinkable!" overheard at dinner, 50 deg 12 min W, 41 deg 46 min N, 2230 hours, 4/15/12

Re:Foreign Invasion? Yeah, by USA

[ackthpt]

Foreign Invasion, Australia being invaded by the USA?

No, think Qatar or UAE or somewhere else with questionable government and lots of money from a natural resource, like oil. Iraq's bunkers were built by German contractors, The cave complex in Tora Bora (Afghanistan) was built with CIA help. What's to convince you that such nice secure facitilities aren't built in the wrong places? IMHO, don't let them become wrong places. Be a good global neighbor and cut the legs out from under people like Hussein and Bin-Laden with justice and compassion.

But then, you just never do know those aussies, with their leaders' strange attitudes toward the web...

cut the pipe

why not go down the block and cut the fiber lines running to the building? Just flip open a manhole and cut away.

Re:Nothing compared to the Amadeus Data Processing

[marvinalone]

you'd have to add secrecy to the list. i live less than twenty miles from that facility and have never heard about it so far...

UK has had one of these for ages...

[adders]

Goto thebunker.net and your find a hosting companies that is running in an ex-government nuclear bunker.

The Bunker is a real bunker, designed to survive a nuclear war. This high tech relic of the Cold War is built to more stringent specifications than other secure colocation facilities.

How to sell your hosting service...

[jhoug]

This is a well placed marketing story whose underlying goal is to sell space. There is a glut of hosting space available right now, and these people are doing a good job of getting seen. This facility has above average physical security due to the original use of the building they bought. The data center itself seems average.
The real selling points of HSPs are bandwidth and uptime (Power, Ping, and Pipe in the jargon). Professional services sweeten the pie and put a (theoretically) knowlegeable person on site.
For real HA, setup in multiple centers, and buy enough bandwidth to keep data live in both locations. What impresses people on touring the facilities are the ancillary functions that support this - generators, dead zones, mantraps, hard walls, biometric access control, fire sniffers, security guards, battery rooms, fuel storage tanks, NOCs.
What HSPs can't supply is data integrity. This is the job of the customer.

Physically secure but easy to shutdown

Ok it can resist everything but what happen when major internet routers remove that host from their routing tables ?

Bam it's gone...

Wow.

You must have a really, really small penis...

"Remember thealamo.com!"

[leuk_he]

"Remember thealamo.com!"
Seriously, though..

I am missing something here. What are you referencing to? If i go to thealamo.com i arrive at some hotel/casino. google only find advertisements.

please explain.