These days, even small companies spend hundreds of thousands of dollars on computer equipment. Protecting that investment is critical—and keeping servers and associated equipment in a controlled environment is an essential part of protecting that investment.
But how do you set up a server room that’s secure and effective? Rather than discussing expensive, custom-built computing facilities, I’m going to examine practical steps that will work in most of the organizations we deal with.
The server room is sometimes given low priority when premises are located. But if you have the chance to offer input on the room at the planning stage, these suggestions can help you strengthen your case. And even if the server room is something of an afterthought, you’ll benefit from thorough—and realistic—planning.
Plan the room
Size it up. Begin by determining how much space your current collection of equipment consumes. This includes racks and cabinets, freestanding servers, external units (backup units, UPSs, and so on), monitors, at least one chair and desk, the safe, and documentation storage. Next, add your expected growth in equipment (and then round up!). Remember that if you put everything in the room, then run out of space six months later and have to relocate to a bigger room, you will have another “downtime” project to run.
Prepare it. This room is going to have completely different power requirements from other offices on the site. Draw up your equipment list and lay out the room on paper. When you’ve completed the planning exercise, count the power sockets you are going to need (and will need for expansion) and get the electrician. Decide which pieces of equipment and power rails are going to be protected by UPS devices. Find out if a “clean” filtered power supply or surge protection is available—if you have the resources.
When the power is going in, decide on the position and number of data points in the room. Make sure they are easily accessible once desks, shelves, and racks have been moved in. (It may be neater to have them at floor level in offices, but convenience is more important here.)
Pay close attention to how you are actually going to connect your servers to the network. You may be very close to your network’s heart if the patch panels, punch down blocks, routers, and the rest are in the same room. But be sure you don’t create a packet bottleneck when you move your servers. You don’t want overloaded subnets.
Finally, make sure the room is ventilated, air conditioned, or just cool—depending on your budget. In an enclosed space, your equipment can create some heat, so if summer warms the room up, it’s going to get especially hot.
Announce it. If the room you take on was formerly used for another purpose, make sure everyone within the organization knows what the new function of the room is and explain that it no longer has any other function. This may be a problem only if you cannot secure it properly, but you really don’t want people using your carefully planned room for storage if you can help it.
Secure it. Put a lock on the door and keep track of who has copies of the keys\access cards\combination. There is little point working through this exercise in control if “anyone” can walk in. Once the room is secure, make sure that there is always someone on site who has access, in case of emergencies.
Lay out the room’s contents
Give yourself elbow room. Whether you have racks of equipment or just a couple of freestanding servers on desktops, give yourself some space at the back of your computers to get to the cables. You will save much time and effort when it comes to that inevitable time when you need to unplug, move, or open the server. Leave enough space between the back of the equipment and the wall to walk behind and access plugs and cables without stretching (and accidentally nudging other cables). Keep the cabling tidy, and you will thank yourself later.
Set up a keyboard, video, and mice switch. When you have the computers in place, you will need to control them one way or another. The ability to operate more than one computer from a single keyboard, video, and mice (KVM) switch is often essential in a server room, usually due to lack of space. Again, this convenience need not be reserved for high-end, rack-based computer installations. The Belkin OmniView is a good example of a device that allows you to flip between control of different servers, either with a hotkey combination on the keyboard, a button on the switch itself, or in some cases, even a foot switch. While it is possible to configure PC servers in a “headless” manner (without monitor or keyboard), you will almost always benefit from having this ability—usually when you have a problem to solve quickly.
Provide yourself with workspace. If you have the space, include a PC in the server room to work on, and preferably configure it for Internet access. You may need to add it into the KVM switch to save space by using the same monitor and keyboard. With this facility, you have a workstation for researching problems, running batch jobs, and operating monitoring/performance software.
The server room may also be a good place to put a bookshelf for manuals and a fireproof safe for the backup tapes and disaster recovery manuals and procedures. And make sure you have enough desk space to set paper and pen down!
Document the setup. After you’ve installed the equipment in your room and tested it to make sure it all sits on the network happily, document it. Draw a diagram of the equipment in the room. Document which ports each piece plugs into, which server does what, and which pieces of equipment each UPS covers. Colored cables are often used in server rooms, where the concentrated amount of cable can be confusing. Perhaps blue cables go from server to patch panel, while standard gray is for PC cabling and yellow is for the hotline to the pizza shop. If you have a labeling machine, the server name and network address are always useful when stuck directly to the front of the machine.
Keep the plans. When you have shoehorned every last piece of equipment into the former cleaner’s cupboard you now call home, and you’ve written down how it all connects, how many UPSs you needed, and how much space it required—keep the plans. Some time in the future you will either need to: a) break it all up and relocate it; b) put together an almost identical room for the same organization; or c) put together an almost identical room for your next job.
Sign in/out. If you are the only person with access to the server room—or at least the only one who should have access to it—then signing a visitor’s book may be academic. It’s a way of tracking who’s had access to the server room, but you may find change control documentation adequate.
Change control. This is just about the most important operating procedure and piece of documentation you could maintain. We will explore change control documents and authorization in detail in future articles. However, even if this is only a logbook detailing self-authorized changes, it is essential.
What should you log?
- operating system updates
- configuration changes
- server application updates and fixes
- network hardware swap outs and additions
If something has been altered in the server room, it will probably have a direct or indirect effect on a number of users. If you log each change in detail, you will have far greater insight into future problem solving when you can look at the history of each piece of hardware.
Logical security. If you have made your server room physically secure, you might assume that your servers are safe. However, when it’s so simple, it’s pointless not to lock the server consoles with a password or log off when you have completed a session.
Disaster planning. When the worst does happen, and some type of disaster hits the server room, your documentation and media store will be as important as your cabling.
Restoring a server configuration, or data, will be quicker if you have a written procedure that you or someone else can follow step by step. Rebuilding a server from scratch will be easier and more faithful to the original if you have the documentation detailing the operating system components originally installed, along with the updates applied under Change Control.
In all these cases, protecting the documentation and the media is important. Either use a fireproof safe or make copies and store them separately.
Just how many of these suggestions you take on board will depend on your individual situation: your available space, your resources to prepare the room (money and people), and of course, your time.
Three final points:
- Your investment in computing equipment warrants separating and protecting it.
- Good planning can keep those investments providing a return and help keep downtime to a minimum.
- Putting a server room together in an established network can provide a fresh focus on procedure, control, and security.
Have a comment?
If you’d like to share your opinion, please post a comment below.