A safe, comfortable home for servers

New Weiss data center is part of a strategy to secure Rockefeller’s information infrastructure

by TALLEY HENNING BROWN

The university’s servers, a cluster of about 120 computers that operate Rockefeller’s Web sites, e-mail, file storage, financial and scientific databases and other services, have for years resided on racks located on the D level of Smith Hall Annex, a space not originally designed to house the advanced data infrastructure that Rockefeller now requires.
“The Smith Annex data center does not have adequate power supply or climate control systems by today’s standards. And since it directly borders the FDR Drive, there is always the slight possibility of damage in the event of an auto accident or a flood of the East River,” says Gerald Latter, associate vice president for information technology and chief information officer.
So, for the past several months, work has been under way on a new data center in previously unused space on the third floor of Weiss Research Building. The new facility, originally intended as a disaster recovery data center, will now become the main data center for The Rockefeller University when it is completed late this summer.
Two years ago Information Technology began providing redundancy of all critical services (including e-mail, financial systems, core Rockefeller network infrastructure and internet connection) in Weiss room 306. This year, after deciding to make that space the main data center, they began expanding and preparing the space for additional racks to house the main servers there. When the Weiss data center is ready, the Smith Annex room will house the redundant servers and act as the university disaster recovery site. It will also become a hosting center for laboratories’ servers.
The new data center will house 30 racks each capable of holding up to 35 modern compact servers, providing ample space for growth. It will have a separate control room, an uninterruptible power supply and a backup diesel generator. In the event of a power failure, the batteries can take over immediately and power the servers for the short while it takes to switch to the generator.
“The space in Smith Annex is larger than the one in Weiss, but square footage isn’t as critical as environmental factors for a room full of high-density computers,” says Mr. Latter. To keep computers running efficiently, new cooling, ventilation and dehumidification equipment is being installed.
The new room is even espousing eco-friendly technologies, in the form of its new air-conditioning units. “The new system is made highly efficient by using the heat-absorbing capabilities of a fluid as it changes state and by locating the cooling system close to the source of heat, saving on space and electricity,” explains Stuart Cohnen, manager of the data center. Most of the center’s infrastructure is being built outside the server room — in adjacent rooms and outside of Weiss at street level — to maximize server space. Additionally there are new technologies that will allow a single server to provide the services of multiple servers, which will help space, environmental and energy concerns in the future.
Armand Gazes, who directs server operations, says “IT continues to pursue a layer of redundancy in the form of a ‘lights-out data center,’” one that is located off premises and essentially unattended, so that in the event of a city-wide power failure or other broad emergency, the university’s computer systems could be safely run elsewhere.
Rockefeller is a member of the New York State Educational and Research Network (NYSERNet), a private nonprofit corporation that offers top-tier network services at a discount to research and educational institutions in order to promote collaboration. The university leases bandwidth and fiber optic pathways from NYSERNet and for the long term is considering, among other options, taking advantage of the disaster recovery site the organization has just completed constructing in Syracuse.
The investment in redundant facilities is part of a larger strategy to protect the university’s data not just from fire and floods, but from other threats as well. “Ten years ago, hacking was the province of pranksters who did little real damage. Now it’s the realm of stealing data for crime and money,” says Mr. Latter. The wide availability of malware (software designed to sneak inside a computer via the Web and wreak havoc) and the increasing sophistication of hackers and hacking technologies pose an increasing threat to systems and data.
With support from the administration, IT has created a new position, chief information security officer, which was filled in March by Marty Leidner, who also retains his position as project manager. Mr. Leidner will oversee a three-pronged approach to the security project: upgrading and increasing Rockefeller’s security technology; educating the campus community on the new security issues and measures that can be taken by the end user; and securing sensitive data through changes in technology and business processes. His broad-ranging expertise in management, business process analysis and technology makes him well-positioned to ensure that any inconveniences resulting from increased security are kept to a minimum.
On the technical side, Rockefeller has added a second firewall inside the existing one, surrounding systems that house especially sensitive data. IT is also looking into software solutions to prevent malware intrusions via remote access from infected home computers, and is working to increase the security of passwords that provide access to network applications such as e-mail, VPN and Oracle calendar.
Outreach efforts to keep the campus informed have already begun. Last month a letter was sent to all heads of lab and office directors explaining the new plans. Posters are being designed, as well as brochures and a security strategy Web page. The inaugural e-mail security bulletin went out to campus on May 17, and ISS News, the IT newsletter published every few months, has been emphasizing security. Mr. Leidner will be forming a Security Liaison Program, whereby every lab and office will have a representative who will act as a security liaison between his or her group and IT.
Finally, IT is working with departments that control sensitive data — such as financial information, personnel records and patient data — to ensure that sensitive data in electronic format is secured and outdated information is disposed of properly.