In my last blog on DCIM Policies (Part 1) we discussed about “Risk Management” and the various “DCIM Policies” that fall under this category. Now moving on to the next category that is “Governance”, which will be covered in this blog (Part 2).
Streamlined governance with chain of command, checks & balance system, and audit trails are few of the universal best practices any organization adopts to ensure voluntary or statutory compliance measures. This applies to Data Centers as well. The policies that we will cover under Governance are Security Policy, Data Retention Policy, Approval Policy and SLA Policy.
- Security Policy: Includes role-based access. Where ever possible we must always use auditing in our environment. This will help keep track of commands run on these systems and the resulting impact. On a similar note, we must not use shared or generic accounts like “Administrator” if we can avoid it; these commands should be linked to individual accounts (preferably privileged accounts used only to perform this sort of work; we should normally use a limited account where possible).
- Data Retention Policy – is an organization’s established protocol for retaining information for operational or regulatory compliance needs. Data management and retention is a major growth area in both cost and energy consumption within the data center. It is generally recognized that a significant proportion of the data stored is either unnecessary or duplicated. Particular care should be taken to understand the impact of any data retention requirements. There are essentially three main objectives in developing a data retention policy, which can be summarized as follows:
- To keep important records and documents for future use or reference;
- To dispose of records or documents that are no longer needed; and
- To organize records so they can be searched and accessed at a later date.
- Approval Policy for Provisioning and MACs: Provisioning of power, space, cooling and network ports when adding more customers, applications and IT devices can be a contentious one as there are conflicting demands of finite amounts of these resources. An approval process with linkages to Power and Network Chains ensures that one has not over provisioned or under provisioned any section that can lead to a power or network trip. A somewhat similar situation arises out of Move-Add-Change (MAC) – an approval process ensures that everyone knows about, agrees upon, and supports the proposed change(s). The changes and the associated approvals should be retained per the data retention policy so that one can trace back to events as well as analyze if any change resulted in an improvement or otherwise.
- SLA Policy: An SLA in a data center contract serves 3 main purposes:
- Establishes specific levels of availability that are guaranteed by the data center.
- Sets communication protocol for any issues or uptime-impacting events that may arise.
- Lays out policies and procedures revolving around planned maintenance events by the data center (timing of such events, the communication procedures, etc.)
DCIM must provide users with secondary data storage areas which are identified by the retention policy and level of data protection. Non-editable archiving to secondary storage and purging must be automated in the data retention policy, which should also include Workflow approvals and Move-Add-Changes. Archived data also presents substantial opportunities for cost and energy savings.
These agreements typically contain numerous measurable components that all revolve around meeting these key objectives. Automatic Alerts to customers have to be generated depending on allowed variance on each SLA component, which may be measured on daily, weekly, monthly or quarterly/annual basis.
The “DCIM Policies: Automating Data Center Standard Operating Procedures” whitepaper outlines the importance of automating data center standard operating procedures, and how these policies help to avoid data center failures, help in better governance and driving efficiency improvements.