Datacenter star audit

The Datacenter Star Audit (DCSA) is one of several services^[1] of eco – Association of the German Internet Industry e.V. (German) and was designed as a seal of approval for data centers. It examines and evaluates objectively infrastructure and services. The assigned stars (DC Stars) provide information about the quality and scope of services offered. The audits focus on the data center's security and on the availability and redundancies of the facility's infrastructure.

Known DCSA-certified data center operators are^[2][3]: GfK AG, Host Europe GmbH, intergenia AG, IP Exchange I.T.E.N.O.S. GmbH, noris network AG, Pironet NDH AG, Siemens AG, Telemaxx Telekommunikation GmbH

Background

In recent years various certificates and classifications have emerged in the IT landscape. They all pursue different goals. In the area of data center security, certificates have mostly developed to qualify infrastructure in addition to providing a clear focus on applications and products of data centers.

The DCSA has, in addition to a certification of safety, the overriding objective of creating more transparency in the market and making a clear design of services comparable to the data center. It is based on a selection of criteria and the level of award helps to direct potential customers in their request for tenders for a data center.

The result for the data center operator and its end customers is a benchmark situation that offers the opportunity for comparison with other operators and for the appropriate diagnosis and repair of their own weaknesses.

Versions

The certification was first introduced in March 2005 at CeBIT.^[4]

On 1 October 2009 there was an extensive review of the audit.^[5] The fundamental focus was now on the following four main categories

• technology
• facility
• procedures
• staff

Version 2.0 introduced different weightings on certain criteria for colocation and webhosting operators. Technical developments, for example in the field of fire protection (OxyReduct, Permatec) were included in a revised questionnaire.

In addition the environment (hazardous materials, floods, etc.), the space available for the technology, fire protection systems and protection zones were defined in the criteria for certification.

In the field of technology the granularity of detail increased. Redundancies are not only assessed, but the level of electricity supply and points substations are also measured.

Audit process

The audit process can be divided into 7 steps. It can be wrapped up in 3–4 weeks (according to experience of data center operators) from the date the contract documents are sent until the certification is received.^[6]

Step	Procedure
1. Sending the contract documents	The data center operator receives in addition to the audit contract, the questionnaire (RfI), instructions for the questionnaire (guide for customers), license guidelines as well as the guidelines for the logo usage.
2. Answering the questionnaire	The questionnaire used for the audit consists of about 220 questions pertaining to the categories facility, staff, technology, and procedures. To facilitate the process, the data center operator will receive a guide for customers which explains the questions in detail and lists possible answers. The auditors are available for questions during the entire audit process.
3. Questionnaire evaluation by the auditors	After the data center operator fills out the questionnaire, the auditors examine the plausibility of the answers.
4. On-site consultation with the auditors	Questionnaire is discussed Maps are discussed Certificates are verified Technical documentation is assessed
5. Data center inspection	Questionnaire is examined Maps are verified Facilities are examined Procedures are traced back The data center's proximity is assessed
6. DCSA evaluation	The results taken from the verified questionnaire and the on-site inspection are used for the DCSA assessment. In considering a point system, a specified and objective classification will be carried out according to a point system. Each category and subcategory will be weighted accordingly by using a particular code. According to the assessed performance level (%), the results can be matched to one of the five performance grades (DC Stars).
7. Awarding certificate and insignia	After the successful certification, the data center operator receives a DCSA certificate and insignia. During the validity period of the audit (24 months), the digital logo material made available may be used for marketing purposes in the context of the licensing policies.

Assessment criteria

The evaluation of a data center is carried out on the basis of a large questionnaire for the four categories: facilitiy, staff, technology and procedures as well as on the basis of a comprehensive inspection by the eco authorised auditors (eAA).

Criteria	Topics	Weight
Facilities	Access control and security Protected zones and fire control Raised floors Position in the building Facility feedings Scalability Structure of the building Cleanliness of the data center	25%
Technology	Transformer / Main distribution for medium and low voltage Power supplier AC and DC power supply Emergency power supply, emergency shutdown, lightning protection Air conditioning and air filtration Temperature and humidity Carrier	35%
Procedure	ITIL conformity Continuity management Existing certifications Access procedure Data security	20%
Staff	Staff size Multilingual staff Accessibility and availability Qualifications Quality management	20%

Performance and fulfillment grades

Performance grade 1 ★

• Basic air conditioning (n)^[7]
• Basic power supply (n)
• A UPS (perpetual quality power, overvoltage protection, etc.) designed with (n)
• 5 minutes hold-up time to shut down the operation systems
• Devices for the detection of fire (smoke alarm) and for fire fighting (fire extinguisher)
• Architectural separation of the computer room from other spaces by the minimum F30/T30 (German-specific rating system for fire-resistance)
• Several fire sections in the data center are not necessary
• Heat dissipation performance: 220–320 W/m²
• Minimum physical access protection (steel doors/security locks/windowless room or secured window) and a warning system/break-in security
• Certified staff for the operation of the servers (network technology/operation system)
• Stable network connection (min. 1 internet access provider, 1 independent network connection)
• Basic supply routes

Evaluation Period: 1 Year

• Limited operation because of maintenance: 2 downtimes over 14 hours
• Availability of the data center: 99.2% per year
• 2–3 outages per year with a downtime of respectively 5 hours^[8]

Performance grade 2 ★★

• Basic air conditioning (n)
• Basic power supply (n)
• A UPS (perpetual quality power, overvoltage protection, etc.) designed with (n)
• 8 minutes hold-up time to shut down the operation systems
• Devices for the detection of fire (smoke alarm) and for fire fighting (fire extinguisher)
• Architectural separation of the computer room from other spaces by the minimum F30/T30 (German-specific rating system for fire-resistance)
• Several fire sections in the data center are not necessary
• Heat dissipation performance: 220–320 W/m²
• Physical access protection (steel doors/security locks/windowless room or secured window) with a mental identification feature and a warning system/break-in security
• Certified staff for the operation of the servers (network technology/operation system)
• Stable network connection (min. 2 providers, 2 independent network connections)
• Basic supply routes

Evaluation Period: 1 Year

• Limited operation because of maintenance: 2 downtimes over 12 hours
• Availability of the data center: 99.671% per year, annual downtime 28.8 hours
• 2–3 outages per year with a downtime of respectively 4 hours

Performance grade 3 ★★★

• Air conditioning (n)
• Redundant power supply (n+1)
• Diesel generator
• A UPS (perpetual quality power, overvoltage protection, etc.) designed with (n)
• 8 minutes hold-up time to shut down the operation systems
• Devices for the detection of fire (smoke alarm) and for fire fighting (fire extinguisher)
• Architectural separation of the computer room from other spaces by the minimum F30/T30 (German-specific rating system for fire-resistance)
• Several fire sections in the data center are not necessary
• Heat dissipation performance: 430–800 W/m²
• Process of an individualised authentication (biometrics or mental identification feature)
• ITIL process maturation grade 2 (mostly documented and adjusted to the ITIL model)
• Physical access protection (steel doors/security locks/windowless room or secured window) with logging and a warning system/break-in security
• Certified staff for the operation of the servers (network technology/operation system)
• Stable network connection (min. 2 Internet access providers, 2 independent network connections)
• Basic supply routes

Evaluation Period: 2 Years

• Limited operation because of maintenance: 3 downtimes for 12 hours
• Availability of the data center: 99.671% per year, downtime 22 hours
• 2 outages per year with a downtime of respectively 4 hours

Performance grade 4 ★★★★

• Air conditioning (n+1) + UPS connection
• Redundant power supply (n+1) and 2 facility feedings
• Diesel generator
• A UPS (perpetual quality power, overvoltage protection, etc.) designed with (n)
• 8 minutes hold-up time to shut down the operation systems
• Devices for the detection of fire (smoke alarm) and for fire fighting (fire extinguisher)
• Architectural separation of the computer room from other spaces by the minimum F30/T30 (German-specific rating system for fire-resistance)
• Several fire sections in the data center are not necessary
• Heat dissipation performance: 430–1400 W/m²
• Process of an individualised authentication (biometrics or mental identification feature)
• Access to the data center: at least 2 door systems
• ITIL process maturation grade 2 (mostly documented and adjusted to the ITIL model)
• Physical access protection (steel doors/security locks/windowless room or secured window) with logging and a warning system/break-in security
• Certified staff for the operation of the servers (network technology/operation system)
• Stable network connection (min. 2 Internet access providers, 2 independent network connections)
• Basic supply routes

Evaluation Period: 5 Years

• Limited operation because of maintenance: 2 downtimes for 4 hours
• Availability of the data center: 99.982% per year, downtime 1.6 hours
• 2 outages per year with a downtime of respectively 4 hours

Performance grade 5 ★★★★★

• Air conditioning (n+2) + UPS connection (n+1)
• Redundant power supply (n+2) and 2 facility feedings (n+2 can be realized with a technical circuit and substantiated by service level agreements)
• 2 x diesel generator
• A UPS (perpetual quality power, overvoltage protection, etc.) designed with a minimum of (n+1)
• 20 minutes hold-up time to shut down the operation systems
• Devices for the detection of fire (smoke alarm) and for fire fighting (fire extinguisher), VESDA system
• Architectural separation of the computer room from other spaces by the minimum F60/T60 (German-specific rating system for fire-resistance)
• Several fire sections in the data center are necessary
• Heat dissipation performance: >= 1500 W/m²
• Process of an individualised authentication (biometrics or mental identification feature)
• Access to the data center: at least 2 door systems
• Optical turnstile for customer entrance
• ITIL process maturation grade 4 (completely documented and adjusted to the ITIL model)
• Documented Procedures (e.g. with the help of ISO 27001, ISO 20000, ISO 9001)
• Physical access protection (steel doors/security locks/windowless room or secured window) with logging and a warning system/break-in security
• Certified staff for the operation of the servers (network technology/operation system)
• Stable network connection (min. 5 Internet access providers, 2 independent network connections)
• Supply routes doubled

Evaluation Period: 5 Years

• No limited operation because of maintenance
• Availability of the data center: 99.991% per year, downtime 0.8 h
• 1 outage per year with a maximum downtime of 4 h

Fulfillment grade

In considering the calculated performance grade (%) derived from the questionnaire's responses and the inspection, the result can be assigned to one of the five fulfillment grades (DC Stars).^[9]

Fulfillment grade	Percent	Stars
1	35 – 54%	★
2	55 – 64%	★★
3	65 – 74%	★★★
4	75 – 89%	★★★★
5	90 – 100%	★★★★★

Validity

The validity of the audit is 24 months. Data centers can be re-assessed after this period.

See also

• Computer security
• Data center classification
• ITIL
• Quality audit
• Redundancy

References

1. eco services
2. List of DCSA certified data centers
3. eco certifies data centers
4. eco-Verband führt Zertifikat für Internet-Datenzentren ein (German)
5. DCSA 2.0: Data center certification enhanced
6. the DCSA audit process
7. n = number of redundant components
8. Also see: TIA-942, p. 5. (downtime and availability are DCSA-modified values for the european data center market)
9. Requirements for DC Stars

External links

• dcaudit.de Datacenter Star Audit