Slashdot Mirror
Escape from Data Alcatraz
nihilist_1137 writes "Zdnet is reporting on a new information facility that is built to surive the worst.Triangular in shape, two of the sides house offices while the third, a large rectangular block if taken in isolation, contains two data centres, as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion."
"Remember thealamo.com!"
Seriously, though... you're saying they can stand up to repeated shelling by artillery? Or infantry-placed demo charges? Or anything else an invading force is likely to have?
WHY????
If you're being invaded, you've got more important things to worry about than if your company's web site will stay up!
The other half of this is: What if the invasion is an invasion of illegal immigrant workers? Can this thing survive having a janitor who's been slipped a hundred bucks (three weeks pay) to pull out a wire here and there?
If we all die from nuclear fallout who will reboot the NT servers?
Remember that you are unique, just like everybody else.
Never Underestimate The Power Of Human Stupidity.
Trapped in Time... Surrounded by Evil... Low on Gas.
I read the article. It is fine. Plenty of interesting points and all that jazz. However, I have the ask the obvious questions: Is it secure from hacking? Seriously. I read the article and it seems like a physically secure place, but is it secure electronically? From "real" attacks? From the kinds of attacks that happen all of the time?
(start sinister laugh)
I can just see some script kiddie taking the place down. That would be too funny.
(end sinister laugh)
How to Download YouTube Videos
Built initially to house currency, the Hostworks data centre in the suburb of Kidman Park, Adelaide is a tribute to the profligacy of Timothy Marcus Clark, [snip] Nestled in a semi-industrial area, with minimum road signage, it is at once unassuming, virtually impenetrable and to this day an inspirational feet of excess engineering.
Unassuming feet? What, size 5 1/2 D?
"The Ministry of Truth -- Minitrue, in Newspeak -- was startlingly different from any other object in sight. It was an enormous pyramidal structure..." [George Orwell, 1984]
Kinda scary.
We wave the flag of freedom as we conquer and invade.
At first this seems almost like a joke. Who would invest this much time and energy into such a fortress just to house data? Well... banks for one. Imagine banks from around the world storing their data here in a highly encrypted form, updated at least daily. it would require alot of bandwith to say the least, but wouldn't that security be worth it to investors?
Less crucial information that needn't be updated regularly could find a home here at a discounted price. Take for example, building plans. Every city, county, and State in America has a plan somewhere for every building its ever built that lists (among other things) the locations of all wiring and plumbing. This isn't terribly confidential information (though it very well may become so for large buildings with a realistic threat of terrorist attacks) and could be modestly encrypted with read access only granted to the owner.
Copyright owners might be interested in it as a way of saving back-ups of their paper-work that cannot be destroyed by some freak accident.
I for one don't like these ideas because they represent too many eggs in one basket. When information security is required, it is my personal belief that having it stored in a known location that every hacker in the world would drool over to get inside is a bad idea. History has shown, however, that not everyone (indeed few people) listen to me.
Slackware forever. Honestly, what else would you trust when it absolutely positively has to be stable, secure, and easy
Remember the Maginot Line? Impregnable? How easy was it to get around that? Data is useful in direct proportion to its accessibility - cut the connections into this place and it's toast. No frontal attack necessary.
:)
Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.
Still, it sounds like a cool place, and probably has a better climate than Sealand
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
By far, the cheapest and most effective method of redundant systems is to just safe your money and not buy fancy equipment for one place, but to spend it on cheap equipment is several places. That way, who cares if someone takes out an entire hosting center, leaving only a 100 ft dep crater. You still have servers running in California and Asia.
The Domain Name System doesn't rely on a huge Fort Knox-like system. It simply has 13 (?) different places throughout the world where amazingly cheap (for its importance) equipment resides. Even if North America sinks to the bottom of the Ocean, DNS should still happily resolve.
Expensive (but impressive) measures are not the answer to reliability. Geographic diversity of cheap systems is the answer most most applications. Today, we have incremental transfer protocols such as rsync that will even transfer massive databases back and forth by only sending the changes. It's largely marketing, unwarrented by technical considerations, that make companies spend so much money on these extra sigmas of reliability.
It's an impressive building designed to withstand all sorts of disaster movie ideas. So what?
As we've all seen time and time again the real threat to computer systems does not come in the form an earthquake, tidal wave, or random highjacked 767. The real threats rear their ugly heads when some idiot user doesn't update his M$Outlook security package, or takes his password out of the dictionary.
I'm not trying to say that physical threats to computer systems aren't important. By all means they are usually the last thing people think about. But the data here is only being protected from physcially being damaged and or lost. There's nothing in that article about firewall's, encryption, open access ports, faulty software, defective hardware, etcetera ad naseum.
The protection of data by the building is just one part of the problem of everything becoming digital. It's by no means the end all solution.
I read Slashdot for the
http://www.hostworks.com.au/networks.html
2 Connections to Telstra and 2 to Optus at different exchanges
"Hostworks Control Centre features over half a gigabit per second of connectivity. This is delivered via four high capacity divergent path links connected to Optus and Telstra.
As a matter of policy, Hostworks ensures that it always has four times the capacity of its peak traffic loads."
I don't care how secure they think it is. Give Danny Ocean three weeks and he'll get anything he wants from there.
(Or George Clooney, in a pinch. Yeah, I liked the movie. Cash vault, sure.)
Simple way to take down the site....
3 Letters.... E M P
Haha!!...
And as long as the dot-com boom continues to revolutionize the way we all shop, work, and live, these kinds of 99.999% reliable sites will be very important to us! Because there will be sites other than Amazon and Ebay that cannot withstand even an hour of down time without endangering the very existence of the companies with those sites!
The future lies in big buildings paying big money for big reliable redundant systems with big corporations paying big rent to make sure their big connectivity is almost permanent! Luckily the new pop-up ads will pay for it all!
Why, the only thing stopping people from getting to the completely-reliable sites located there is the fact that 99.99999999% of the routers on the net aren't in that building! But the last two nodes of any traceroute will be absolutely rock-solid! As long as there is some money left to pay bright, qualified network engineers, including 24x7 manned duty! Way to go!
(Phew. I didn't think I had a reserve of enough sarcasm to complete the post.)
This sort of excess overspending and the lack of emphasis put on _real_ security (i.e. data security rather than physical security) ignores the vastly more likely threat to most company's web servers and database servers (and frankly that's what most of the boxen in these places are - huge rooms full of Yahoo and eBay machines). I'm not saying that a certain degree of security isn't appropriate, but withstanding foreign invasion? Please. The invaders are looking to break in with their armored brigade to the Exodus data center!!! Oh no!! Come on. A modest degree of armed guard presence, a low profile, some generators and massive UPS system - fine, this all makes sense. But you can go overboard.
Anyway, don't take my word for it. Just look at Exodus' stock. Their excesses seemed to ignore the fact that the service they provided just wasn't worth the outrageous amount of money they were charging for it, and these days, the more budget conscious hosting/data center/colo companies are the ones left standing.
"...bomb resistant..."
Notice that it does not say explosion resistant.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
http://www.hostworks.com.au/networks.html
Remember back in 2000 when an accident took out a huge fraction of Australia's international bandwidth? Better make sure those "divergent path links" don't just end up in the same undersea cable....
While having your servers nice and secure in a physically impenetrable fortress is all very well and good, it's sort of the physical equivalent to cryptographic security-by-obscurity. It provides a false sense of security, and doesn't address critical vulnerabilities.
Let's face it - someone who wants to take your website down isn't going to do it by physically storming the building! Unless, of course, they're the government - in which case they'll also cut off your internet feed. What good is your 7-week's worth of diesel going to do you then?
Furthermore, it doesn't make any difference how physically secure your boxen are, if you're running an OS with networking vulnerabilities, or are vulnerable to DOS attacks.
The most secure solution is complete redundancy/distribution, in both physical and network space. The most obvious example is Freenet, which sadly isn't quite mainstream-useable yet.
Store your documents in a distributed fashion across thousands of machines. Encrypt them, so even the individual user doesn't know what his cache contains. Cryptographically sign each piece of content you produce. How is anyone going to fuck with your site when it's in a thousand different places?
Physical security--how quaint. Even if you greatly overengineer it, a widely distributed network of nodes using cryptographic techniques is likely to be much cheaper and no less secure. And it's also likely to be more resilient.
> I actually prefer Missile silos for ulitmate security.
Assuming you mean reusing old missle silos, it's a bad idea, for several reasons.
1.) The old silos were not designed to handle the electrical load that a datacenter requires.
2.) Missile silos are designed to protect against nuclear strike, but not much else. Foot soldiers would make short work of such facilities. Think heavier-than-air tear gas or burning jet fuel if you don't know why.
3.) Missile silos are generally full of asbestos and other nasty stuff that would be very costly to remove.
4.) Most missile silos have water leakage problems. This wasn't much of an issue when the only thing that got wet was the tail of the rocket booster, but computers are understandably less durable in such circumstances.
5.) Data connectivity was a non-concern then (they only needed a telephone, and then only until nuclear war began), so getting them wired would be prohibitive. Just about the only answer is satellite link, but that's not secure from destruction from the air.
6.) Missile silos were not siege-ready; that is, they didn't have weeks of supplies in case they were locked in. The assumption was that by the time they had a problem with supplies, the missile would have already launched.
Virg
> 3 Letters.... E M P
Two words in return: Faraday Cage. This deals with the big electromagnet as well. As for the junkyard magnet, you could just arrest or disable the crane operator before he could get it near the building.(bfg)
Virg
I remember about 10 years back taking a tour of a major financial institutions data centre based in Edinburgh, (Scotland). The place had been built for mainframes, but they were in the middle of replacing them with a "more modern" client server paradigm (I'm spending _far_ too much time listening to my boss!). This meant that they had collosally huge rooms, chilled to about 10 degrees C, virtually empty.
There were essentially two data centres in one building, each with its own exceptionally large UPS system with rooms full of wet-cell batteries, and each with two backup generators. Naturally there were separate power feeds into the building (three separate sub-stations if memory serves). The most memorable part tho' was walking through the separating wall - 10 feet thick re-inforced concrete which, we were told, had been designed to withstand an impact from a 747. They were under the local airports flightpath - an airport whose runways will never take a 747, but anyway. The wall runs diagonally to the flightpath, but if it lands right on top they've still lost the facility.
The thing that always strikes me about all these types of centres is that they seem to ignore (or just don't talk about) the human factor. Most disaster recovery plans are just as bad. Picture the scenario - half of your facility has just been taken out by some disaster, you probably just lost half of your collegues. I won't describe the scene, but you can imagine what horrors might be going on on the other side of the 10 foot concrete wall from you - how well will the average person be able to cope emotionally, never mind how well they'll be able to do their job? I imagine a lot of people simply wouldn't be able to face coming into work in those situations.
All that said of course, from what I hear those who survived the WTC proved me wrong, but then they were making a stand against the terrorists, and I really admire that. What if though, for the sake of this scenario, the disaster had been caused by human error, natural disaster or whatever. How would people have coped and done their jobs under those circumstances. I think a lot more people would have refused to come into work, even in the disaster recovery site, and those that did would probably have been a lot more distracted and lack motivation, at least once the immediate response to the disaster was over.
Stealing a rhinoceros should not be attempted lightly.
Random Anecdote:
In Tsutomu Shimomura's book Takedown (about the hunting and capturing of Kevin Mitnick), Shimomura describes how a snow plow would constantly sever wires running between the trailer he had his computer in and the data center next door. His solution was to wrap super strong kevlar cable around the the vulnerable data cable. This solution worked a little too well-- the snow plow caught the kevlar cable, and indeed it did not break and neither did the data cable; instead the snow plow ended up pulling off the entire side of the trailer the kevlar cable was attached to!
There are some kind of applications that work fine in isolation, and if this is one of them, cool. But most real-world businesses need to be connected to the rest of the world - either the Internet, or privatge networks (e.g. bank data centers talking to ATMs). The article doesn't mention physically redundant communications, though I assume they probably did use a fiber ring of some sort, which means it takes *two* backhoe hits before they're off the net and not just one. But if they're this paranoid, and not just hyping themselves, they need some radio or satellite connectivity, enough voice diversity (or cell phones) so they can talk if their phone connection gets cut, and ideally geographical diversity so that if something does go seriously wrong (flood, earthquake, etc.) they can run from their other location.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks