NC State Data Center Management – Governing Principles and Procedures

 

Contents

Governing Principles

Effective Date: September 24, 2008

Introduction

NC State University’s Data Centers serve as the principal locations for the university’s centrally-supported data servers, data storage and backup systems, mainframes, and other mission-critical computing resources. The implementation and adherence to appropriate standards and procedures as well as service level agreements for the management of these facilities is necessary for the physical security of university information and digital assets. The Office of Information Technology (OIT) ComTech DataCenter Mgt group is the university unit responsible for the normal operations of these facilities.

OIT ComTech DataCenter Mgt exercises no control whatsoever over the content of the information passing through or stored on equipment in the Data Centers. It is the sole responsibility of the department that owns the data to ensure that the information it and its users transmit and receive complies with all applicable laws, regulations and procedures. (See also REG 08.00.02 – Computer Use Regulation).

The following principles are fundamental to the efficient operation and use of NC State University’s Data Centers in a manner that can ensure the physical security of the university’s data assets. They apply to Data Centers 1 (Hillsborough Building) and 2 (Administrative Services III Building) and, as may be deemed appropriate, to the Poe Data Center.

Principles of Operation

Value Protection

NC State University has made significant investments in the expansion and upgrade of Data Center facilities. Data Center space is very expensive, and its use should be managed to promote the highest and best return value. The environment of Data Centers 1 and 2 includes precision cooling, conditioned UPS (Uninterruptible Power Supply) power, backup power generator, and special provisions for racks and routing equipment. The facilities must be managed to maximize the benefits to the university and avoid the need for building additional space, even as the need for centrally-supported information technology systems, data storage and backup facilities continues to expand.

Governance

The Vice Chancellor for Information Technology, through the Office of Information Technology that he/she administers, has final authority over the principles of use, guidelines, procedures, service level agreements, and conflict resolution for the university Data Center facilities. The OIT ComTech DataCenter Mgt and a representative planning and advisory committee will establish and oversee operational guidelines/procedures as well as develop service level agreements.

Management Responsibilities

In keeping with industry best practices and in accordance with established guidelines and procedures, the OIT ComTech DataCenter Mgt is responsible for the normal management of the university Data Centers. Normal management responsibilities include the following:

  • maintaining and distributing the guidelines/procedures for the use of the Data Centers;
  • timely communication with appropriate staff,
  • documentation to ensure compliance with state and university audit requirements;
  • allocation of space and other resources;
  • access control of all storage/operational rooms;
  • physical security; and,
  • all space/equipment planning activities.

The OIT ComTech DataCenter Mgt Director of Operations is responsible for the normal daily operation of the university Data Centers. Normal daily operation responsibilities include the following:

  • maintaining and distributing the guidelines/procedures for the use of the Data Centers;
  • 24×7 staff support;
  • timely communication with appropriate staff;
  • documentation to ensure compliance with state and university audit requirements; and,
  • physical security.

The operating guidelines/procedures will contain the methods for implementing the normal management and operations of the data centers. Service level agreements will contain the roles/responsibilities and expectations of all involved parties and may be specific to the individual data center. The guidelines/procedures/agreements must have the final approval by the Vice Chancellor for Information Technology prior to implementation. To the extent practical, industry best practices for data center operations should be incorporated into the guidelines/procedures/agreements.

The Data Center Advisory Committee works with the OIT ComTech DataCenter Mgt to establish the operating guidelines/procedures, develop appropriate service level agreements, and ensure effective communication, cooperation, and responsiveness between all involved parties.The Committee will review the guidelines/procedures/agreements to ensure compliance with audit requirements and to address issues that may arise such as adequate notification of upcoming equipment purchases, installations, access requests, etc.

The Data Center Advisory Committee meets at least quarterly but may be convened when necessary as determined by the committee chair. The Data Center Advisory Committee is co-chaired by OIT ComTech DataCenter Mgt and a rotating member of the Advisory Committee. The Data Center Advisory Committee is comprised of voting members who are directors or heads of departments entitled to access to the data center facilities.

The Vice Chancellor for Information Technology will approve changes to the operating guidelines/procedures, the composition of the committee, and will resolve any disputes that may arise regarding Data Center management, use, or access.

Environment, Equipment and Space Planning

OIT ComTech DataCenter Mgt will notify all parties including the Planning and Advisory Committee when data center use activities do not comply with the established operating guidelines/procedures. OIT ComTech DataCenter Mgt must inform the Advisory Committee and affected parties of any events (e.g., observations, maintenance and issues) regarding the data center facility and environment that may have an impact on the stored equipment/devices. The Committee and affected parties must be notified sufficiently in advance of these events in order to prepare for potential configuration changes to the equipment.

Physical Security

Personnel authorized for access to the data centers must be approved by the Vice Chancellor for Information Technology or his/her designee. In order to protect university data and comply with audit requirements, access to data centers and rack space must be restricted. Authorized personnel must use card-scan authentication to register their presence in and departure from restricted areas. Guests are permitted access only when accompanied by authorized personnel. Guests must register their presence and departure as specified by the established guidelines. Staff will have access to all areas of the data centers as authorized and specified in the operating guidelines/procedures/agreements.

Layout

The layout and architecture of the data centers should be configured for the efficient use of space, power and air conditioning and to enable appropriate support for equipment and data. All use of the space must conform to specifications (such as “hot” and “cold” aisles, etc.) as outlined in the operating guidelines/procedures/agreements unless specific exemptions are granted. Exemptions will be arranged only for compelling and unavoidable reasons and must have the prior approval of the Data Center Advisory Committee.

Disaster Recovery and Business Continuity (DRBC) Plans

All equipment and data in Data Center facilities are associated with appropriate DRBC plans, which are provided and maintained by the OIT directors, who may also designate equipment and/or data not critical to the university. OIT ComTech DataCenter Mgt will be informed exactly of its role in each plan and will be trained to take appropriate measures in the event of a disaster.

Documentation and Reporting Responsibilities

OIT ComTech DataCenter Mgt is responsible for the distribution of the established guidelines/procedures to appropriate units and personnel. In keeping with Internal Audit stipulations, the NC State Data Center Procedures document will be posted on a secure web page and will be readily accessible to authorized personnel.

OIT ComTech DataCenter Mgt will produce a semi-annual report on the use, management and oversight of the Data Center facilities to be reviewed by the Data Center Advisory Committee and submitted to the Vice Chancellor for Information Technology.

Approval:

                             On file                                             Sept. 24, 2008      
Vice Chancellor for Information Technology                         Date

[Back to Contents]

Procedures

Effective Date: August 11, 2008

The NC State University Office of Information Technology (OIT) is responsible for ensuring physical security, power, cooling, and space for IT equipment within the university’s data centers. The university data center environment consists of Data Center I (Hillsborough Street), Data Center II (Sullivan Drive), and the Poe facility (Poe Hall). This document identifies procedures that allow ComTech DataCenter Mgt to effectively plan and maintain these facilities on behalf of the NC State OIT Organizational Resilience Unit.

Physical Security

All access to the university data centers is controlled by a proximity card access system. Only staff approved by OIT management may have access to the facilities. Other department staff or visitors must be identified at the time of access and may only enter with authorized escort.

  • To obtain a proximity card, staff must first complete the Security ID Badge Request Form and present the completed form to the All-Campus office.
  • To obtain authorization, the employee’s supervisor must contact OIT ComTech DataCenter Mgt via e-mail (oit-iso-dcm@lists.ncsu.edu) to request access for the employee.  The criteria for access is a staff member that has a need to enter the data centers on a regular basis to either install/remove hardware; and/or is on pager duty and has responsibility for diagnosing hardware problems that are located in the data centers.
  • OIT ComTech DataCenter Mgt will then assign agreed-upon access to the employee.
  • Visitors must be escorted by authorized staff at all times and are required to sign in/out of the computer room.
  • Employees leaving the university will have access terminated as soon as the employee’s department notifies OIT ComTech DataCenter Mgt by email. OIT ComTech DataCenter Mgt will produce a semi-annual report of staff with access to both data centers and the Poe facility, which will be sent to department Directors for validation.
  • All staff must wear a NC State ID badge while in the data centers.
  • If a proximity card is lost or stolen, its holder must immediately notify OIT ComTech DataCenter Mgt via email (oit-iso-dcm@lists.ncsu.edu) so access can be suspended.

Equipment

All departments must make their best efforts to plan and inform OIT ComTech DataCenter Mgt in advance of any changes in the use of the facilities that would have a significant impact on the data center resources. This is necessary to ensure the appropriate allocation of resources and a reasonable time to prepare and respond to requests. OIT ComTech DataCenter Mgt will notify all parties, including the university’s Data Center Advisory Committee, when use activities do not comply with the established NC State Data Center Procedures. Installing/removing equipment out of any data center must be coordinated with OIT ComTech DataCenter Mgt with due diligence. Data Center occupants must inventory all equipment and systems supported. This information should be included in each department’s Business Continuity Plan.

Equipment orders must be reviewed with OIT ComTech DataCenter Mgt prior to purchase to ensure adequate space, power and cooling. OIT ComTech DataCenter Mgt will make every effort to ensure that all agreed-upon specified provisions are in place when needed/specified, within the limits available within the facility.

Power

  • All specifications for power requirements should be communicated at the time of the equipment notification (See Equipment section above) via email (oit-iso-dcm@lists.ncsu.edu) to OIT ComTech DataCenter Mgt, which will coordinate all electrical work within the data centers.
  • OIT ComTech DataCenter Mgt and Operations are responsible for monitoring the overall total power usage/consumption in the data centers and informing the departments of any concerns, such as when a UPS reaches the warning level.

Racks for Servers

  • All racks will have smart Power Distribution Units to allow for power usage monitoring (by staff installing equipment and OIT ComTech DataCenter Mgt operations). Placement of racks must be coordinated with OIT ComTech DataCenter Mgt.
  • Fillers or blanking panels must fill all rack space that is not occupied by equipment in order to improve cooling efficiency.

Air Conditioning

  • Scheduled repair and maintenance are handled by Facilities.
  • Issues with the Air Conditioning systems are submitted to and reported by OIT ComTech DataCenter Mgt or operations.
  • OIT ComTech DataCenter Mgt operations is responsible for monitoring the overall temperature in the data centers and must report any significant issues to designated departmental contacts as soon as possible.
  • Individual units within the data centers may monitor temperatures local to their resources.

Computer Room Housekeeping

  • Computer room is damp-mopped every two weeks.
  • No cardboard or flammable materials are to be openly stored in any data center. OIT ComTech DataCenter Mgt can provide storage facilities at Data Centers I and II if necessary. Occupants may provide their own storage facilities within the Data Centers, subject to approval from OIT ComTech DataCenter Mgt.
  • Food and drink are allowed for the operators at their monitoring stations.  NO food or drink is permitted outside the monitoring stations area.
  • All cables must be completely contained within the server racks and wiring ladders, whenever possible. All cabling must be consistently routed, bundled, and secured so as to present a safe, neat, and professional appearance. No cabling is allowed on the floor at any time. Unused cabling is to be immediately removed. All patch cabling should be of an appropriate length to allow proper routing without excessive length. It is the responsibility of the user to provide the proper cabling.
  • When installing equipment, all packing materials and unused accessories are to be removed ASAP.
  • Where possible, equipment should be unpacked outside the computer room to prevent dust and dirt. OIT ComTech DataCenter Mgt will designate an unpacking area where possible.
  • Installation of equipment must be coordinated with OIT ComTech DataCenter Mgt. (See Equipment section above).

Department Content

A Department acknowledges that OIT ComTech DataCenter Mgt exercises no control whatsoever over the content of the information passing through the Department’s equipment and that it is the sole responsibility of the Department to ensure that the information it and its users transmit and receive complies with all applicable laws and regulations and these procedures. See also REG 08.00.2 – Computer Use Regulation and REG 08.00.3 – Data Management Procedures.

Approvals:

Data Center Advisory Committee Co-Chair (On-file)  Date:  Aug. 11, 2008

Data Center Advisory Committee Co-Chair (On-file)  Date:  Aug. 11, 2008