Information Technology Reference
In-Depth Information
Logical Security
Physical security is actually the least of your worries. Very few bad elements would go
so far as to try to enter a data center because of the high risk of getting caught. The most
valuable commodity is data, and it is not physical. System intrusions are common, and it
is estimated that data center systems are besieged at least a hundred times a day. Most or
all are unsuccessful attempts that the system handles by itself.
As for administering devices, multilevel authorization should exist, and engineers and
operators should be given only minimal access, only that which is needed to complete their
tasks. Access to the server console should be through a separate network that is available
only via the local NOC. If a NOC from other time zones is given control at times, network
connectivity should run to that specific location only and run parallel to the organization's
internal backbone. Strong encryption is required at the very least.
Because the most logical point of entry of any attacker is the network, this is where
security has to be at its finest. It should be applied in a tiered fashion:
Tier 1
This is your edge protection, the first line of defense, using hardware and software
firewalls specifically calibrated for the center's needs.
Bastion hosts
belong here. A Bastion
host is a special-purpose computer that is designed and configured to withstand attacks on
the network.
Tier 2
This is the next layer, which separates publicly accessible devices such as DNS and
web servers from the internal network. Typically, the devices used here are still firewalls,
and in some cases both tier 1 and 2 layers reside in the same physical device. VPN tunneling
for passing confidential data can be set up parallel to the firewall.
Tier 3
This is an additional layer that can be implemented when you need additional
separation from the overall network for environments that store highly critical information,
such as a database of classified files or bank records.
Traditional vs. Cloud Hardware
Traditional IT and cloud computing could not be more different in application and concept.
They are not total opposites, and they actually have the same goal in mind, which is to get
business processes done. But the approaches and concepts are very different. The key differ-
ence between cloud computing and traditional computing is
scalability
, which is to say that
one is scalable and the other is not. Traditional computing, as we define it in the industry, is
not scalable at all.
Traditional IT hardware infrastructure is built with capacities in mind. It answers ques-
tions such as how big or how many, so it aims for a certain number, a maximum capac-
ity. So when you're building a traditional data center, the first on the list during design is
the capacity of the system, its maximum. This means that you can use as little or as much
as you want as long as it is within that capacity requirement. In this case, there is a very
large chance that the system will be underused, and it's usually never used to its maximum
Search WWH ::
Custom Search