I can hear you now… "Not another article on the boring topic of fire suppression!" Well, I promise if you ignore your growing angst and an urge to shift to another page, any other page, I will make it worth your time.
Like data centers (once called computer rooms or electronic data processing centers), the approach to containing a fire in what is now the nerve center of your organization has significantly changed. It isn't enough to simply install a smoke alarm and a few sprinkler heads. This only works if you don't mind having your business down for days or weeks after a fire.
In this article we'll look at the business outcomes you should consider when writing a check for fire suppression services and how to achieve them.
Before purchasing a fire suppression system, it's important to understand what it is your trying to achieve. Yes, you're trying to put out future fires. But that is an incomplete requirement. The real business requirement is to put out the fire and get your business back up and running within hours.
The components of a business-friendly suppression system include:
- A detection system that detects actual fires and not a leak in your cooling system (more on that later…)
- An alarm that includes both a loud noise and flashing lights (a regulatory requirement in most jurisdictions)
- Portable fire extinguishers placed in critical locations
- Emergency power-off switch
- Emergency suppression system delay or cancel (more on that when we talk about false alarms)
- A suppression agent that:
- doesn't destroy your equipment; and
- doesn't take so long to clean up that you pass right by your maximum tolerable downtime threshold
Like all physical security controls, the number of dollars you spend and the system you select depend on the business risk you are willing to accept. With that in mind, let's take a closer look at the elements of today's data center fire suppression solutions.
You would think a detection system has a simple job: detect a fire. The problem arises when you begin to consider what a detection sensor sees as a fire.A few years ago, our suppression system decided to dump Inergen in our data center on a Saturday night. Since no one was present, we couldn't hit the switch to delay the release. If we had, we would have found that one of the sensors detected the gas emitted by a leak in the cooling system as a fire. Since we had a contract with a data center cleaning and restoration company, we quickly called them; it took 24 hours to return the data center to normal.
The moral of the story? Make sure your detection system is tuned not to react to possible false alarms caused by other components in your data center. Another consideration is just as important. If your sensor detects smoke, it should also want to see heat before ruining your day.
Alarms are pretty simple; they make a loud noise and people walk quietly to the exit. That's fine if you're using systems that cause no harm to humans. However, many types of suppression materials (covered later) are intended only for areas with no human presence. So you should integrate the alarm into the suppression release process, allowing an adequate human evacuation period to elapse before putting out the fire.
The flashing light is not only a good idea when one or more employees have hearing problems. It is also useful when the alarm is trying to rise above the ambient decibels generated by hundreds of servers, storage devices, etc.
Portable fire extinguishers
First, the primary purpose of the portable fire extinguishers hanging on support posts in your data center is not to encourage your server engineers to bravely stand between a fire and that new enterprise server platform they just spent days getting to work right. Rather, they are intended to ensure people in the data center have a way out when fire is blocking the exits.Second, make sure your fire extinguishers are placed properly (see Fire Extinguisher Placement) and contain the appropriate suppression agent. For more information on this topic, see Fire Extinguishers or Online Safety Library:Fire Extinguishers. These sites explain their use and types required for various combustible materials.
Emergency power off switch
This isn't something I plan to spend a lot of time on. It's important to take away that no large facility with scores of electrical or electronic devices should ever be without a big red button on the wall that, when pushed, immediately cuts all power. However, use sparingly. Hard power shutdowns are not computer friendly. (Can you say backups?)
Selecting the right suppression agent
So we finally arrive at the one item in our list that can either allow quick recovery or weeks of finger pointing. Selecting the suppression agent to put out actual fires is a decision made with all critical business process stakeholders at the table. The discussion should include the following options:
- Wet pipe – Wet pipe systems are basic water sprinklers installed in commercial buildings. Charged with water at all times, they release plain water in the presence of heat, smoke, or manual intervention. Although they work great in most areas of the business office, they have one big disadvantage when placed in the data center. THEY DUMP WATER ON YOUR EQUIPMENT. If you think a hard power shutdown is bad, try to recover 300 servers, several storage devices, and other critical infrastructure once hundreds or thousands of gallons of water is dumped on them. If you opt to go with water, make sure your hot site contract is current and your team is well practiced. Because putting a fire out like this constitutes a catastrophic event. And you might have trouble explaining why your data center is down for two weeks.
- Pre-action or dry pipe – Pre-action systems work just like wet pipe solutions with one exception; the water is not kept in the pipes. This system is marketed to businesses as safer than wet pipe, because water-charged pipes can accumulate moisture via condensation. This moisture can then drip down on critical equipment. However, the problems associated with putting out a fire with water still remains.
- Gaseous agents – These types of systems provide immediate fire suppression with relatively short system and business process recovery times. Gaseous agents deny a data center fire access to two of the three elements necessary for combustion: heat and oxygen.
- Agents such as HFC-227ea, FM-200, and HFC 125 remove heat from fire. This is what water does, but these agents won't destroy your equipment.
- Carbon dioxide and Inergen remove oxygen from the environment.
In addition to these traditional systems, some companies have released what they call fire prevention systems. These proactive approaches reduce the normal amount of oxygen in the data center, reducing the opportunity for a fire to really get started if sufficient heat and fuel present themselves. Before running out and buying one of these systems, check with local and federal safety regulators. Most are still on the fence, teetering between acceptance and their belief that these systems reduce oxygen to levels harmful to human health.The final word
So as you can see, implementing fire suppression as a physical security control is not so easy. It requires knowledge of business risk acceptance, understanding of maximum tolerable downtime, and the right budget. And as always, it requires the cool, calm security manager who brings the right people to the conversation and enlightens them in how properly dealing with Prometheus' gift sometimes requires a little wisdom.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.