Word of the Day: Data Center Chiller

A data center chiller is a cooling system used in a data center to remove heat from one element and deposit it into another element. Chillers are used by industrial facilities to cool the water used in their heating, ventilation and air-conditioning (HVAC) units. Round-the-clock operation of chillers is crucial to data center operation, given the considerable heat produced by many servers operating in close proximity to one another. Without them, temperatures would quickly rise to levels that would corrupt mission-critical data and destroy hardware.

The development of powerful chillers and associated computer room air conditioning (CRAC) units has allowed modern data centers to install highly concentrated server clusters, particularly racks of blade servers. Like many consumer and industrial air conditioners, however, chillers consume immense amounts of electricity and require dedicated power supplies and significant portions of annual energy budgets. In fact, chillers typically consume the largest percentage of a data center's electricity.

Manufacturers also have to account for extreme conditions and variability in cooling loads. This requirement has resulted in chillers that are often oversized, leading to inefficient operation. Chillers require a source of water, preferably already cooled to reduce the energy involved in lowering its temperature further. This water, after absorbing the heat from the computers, is cycled through an external cooling tower, allowing the heat to dissipate. Proximity to cold water sources has led to many major new data centers being sited along rivers in colder climates, such as the Pacific Northwest. The chillers themselves, along with integrated heat exchangers, are located outside of the data center, usually on rooftops or side lots.

Manufacturers have approached next-generation chiller design in a number of ways. For large-scale systems, bearingless designs significantly improve power utilization, given that the majority of chiller inefficiency results from energy lost through friction in the bearings. Smaller systems use SMART technologies to rapidly turn a chiller's compressor on and off, letting it work efficiently at 10% to 100% of capacity, depending on the workload. IBM's "Cool Battery" technology employs a chemical reaction to store cold.

To maintain uptime, data center managers have to ensure that chillers have an independent generator if a local power grid fails. Without a chiller, the rest of the system will simply blow hot air. While any well-prepared data center has backup generators to support servers and other systems if external power supplies fail, managers installing UPS and HVAC systems must also determine whether a facility provides emergency power to the chiller itself. Data center designers, for this reason, often include connections for an emergency chiller to be hooked up. Multiple, smaller chillers supplied with independent power supplies generally offer the best balance of redundancy and efficiency, along with effective disaster recovery preparation. As recent major outages at hosting providers like Rackspace have demonstrated, however, once knocked offline, chillers may take too long to cycle back up to protect data centers, during which time servers can quickly overheat and automatically shut down.

Failure mode and effects analysis: Process and system risk assessment

Failure mode and effects analysis (FMEA) is widely used by corporations, manufacturing firms and the U.S. military to evaluate processes or systems (e.g. an incident-response process or a three-tiered application). It prioritizes potential failures by impact severity, probability of occurrence and likelihood of detection.

FMEA risk ratings and narrative rationale can be used to quantify exposure to management and facilitate remediation. Most recently, FMEA was incorporated into Six Sigma and the Information Technology Infrastructure Library (ITIL).

Read this tip

Word of the Day : The 1998 Data Protection Act

The Data Protection Act of 1998 (DPA 1998) is an act of the United Kingdom (UK) Parliament that defines the ways in which information about living people may be legally used and handled. The main intent is to protect individuals against misuse or abuse of information about them. The DPA was first composed in 1984 and was updated in 1998.

The text of DPA 1998 contains six major sections called Parts, followed by 16 explanatory notes called Schedules. The Parts outline the basic rights of data subjects, methods in which data may be handled by those who possess it, special exemptions and modes of enforcement. The Schedules explain the Parts in greater detail and elaborate on diverse contingencies and legal interpretations.

The fundamental principles of DPA 1998 specify that personal data must:

• be processed fairly and lawfully.
• be obtained only for lawful purposes and not processed in any manner incompatible with those purposes.
• be adequate, relevant and not excessive.
• be accurate and current.
• not be retained for longer than necessary.
• be processed in accordance with the rights and freedoms of data subjects.
• be protected against unauthorized or unlawful processing and against accidental loss, destruction or damage.
• not be transferred to a country or territory outside the European Economic Area unless that country or territory protects the rights and freedoms of the data subjects.

Trap malware with honeypots

Trap malware with honeypots
Honepots combine the best aspects of detective and preventative technologies in the fight against malware. Honeypots are systems specifically deployed to be compromised. While the development of commercial honeypots seems to have lost steam, there is a plethora of innovative and freely available honeypot technologies. When carefully deployed, they can strengthen an enterprise's defensive posture in several ways:

• Slow down an intruder's progress by having him waste time breaking into a system that offers no value to the intruder. For instance, the free LaBrea tool stalls port scans and worm propagation activities by creatively responding to an intruder's network connections.
• Decrease the rate of false positives, which often plagues network IDS. Since a honeypot, by definition, should not participate in production activities, almost any connection to it is an indication of malice. A free tool Honeyd emulates servers, devices, and even networks to increase the span of such monitoring without requiring multiple physical systems.
• Capture malware samples for analysis. Since malware is a part of most modern intrusions, capturing it before it finds its way to a production system assists in incident response. One of the free tools that can assist in this task is Nepenthes, which can capture malicious software propagating over the network. With copies of malicious samples at hand, they can be analyzed to understand their capabilities. (Coincidentally, I teach a SANS Institute course about this.)
• Understand the intruder's intentions by observing his interactions with the compromised environment. This can be accomplished by deploying a series of honeypots to fool the intruder, whether a human or a program, about the authenticity of the targeted system. The bootable Honeywall disk, distributed for free by the Honeynet Project, can help enable this, and includes excellent monitoring tools.
• Determine whether your users visited malicious websites by employing a client-side honeypot that crawls and examines Web pages. Drive-by downloads, which exploit vulnerabilities through the Web browser, are a common infection technique. Consistently blocking this threat vector may be hard, but you can still detect the incident quickly. If your organization has a mechanism, such as a proxy server, that records visited URLs, you can use the free Caffeine Monkey tool from SecureWorks to automatically examine those sites for Web exploits.