In Data Centers, Ease Vs. Risk in Net-Based Power Management
Remote access to data center functions, including server and network operations, are now routine in many facilities. But users still worry about security.
Thu, April 12, 2012
Computerworld — From the comfort of your couch, maybe via a tablet in hand, you can now turn on and off a data center generator that could be as large as a house.
This capability isn't really surprising. Remote access to data center functions, including server and network operations, are now routine in many facilities. Anyone using a cloud service to manage environments is doing it remotely.
But the ability to remotely manage critical power systems at data centers using megabytes of power -- and to also back those systems up with massive generators -- still makes some people uncomfortable. They see the capability as a potential security risk.
Emerson Network Power has taken consumer-like capabilities, touch screens and support for multiple devices and made it part of its Asco Powerquest, a power monitoring, control and reporting system.
What were once hardwired connections in a control panel have now been made digital with a touchscreen. The system, on display at a recent Afcom data center conference in Las Vegas, offers a system overview, with primary colors used to indicate the system status.
These power systems can be turned on and off over the Internet, a capability being driven, in part, by changes in the National Electrical Code. Those changes require generator testing for industries that provide critical services, said Bhavesh Patel, the director of marketing for the Asco line.
The users of these systems often conduct generator tests off hours, and have generation systems scattered in multiple facilities, said Patel.
"The hospital industry needed this because they don't have the people to conduct those tests overnight or on the weekend, which is the most preferred time," said Patel.
Even so, Philip Berman, who heads the data center practice at PricewaterhouseCoopers and is a former CIO, isn't comfortable with remote management over the Internet. "I err on the side of reducing risk," he said. "I would much rather have a pair of smart hands on the ground."
Yves Carriere, a data center manager for a facility he didn't want named, was blunt: "If you can remotely shut it down, that means that somebody can hack into your system."
Neither Carriere nor Berman ruled out the use of remote management, but said they would need convincing of its security.
Patel cited things like the ATM infrastructure, which already runs off the Internet, and even remote surgery as evidence that a high level of trust can be created for even the most critical systems.
Patel pointed to the use of 128-bit encryption, and said a user's device has to have software installed on it as the first level of authentication.