Design of computer room in data center of military enterprise
Time of issue:2022-03-11
The construction of the computer room project refers to the environmental construction that integrates multiple professional technologies such as construction, electrical, HVAC, security, and network, and provides support for the stable and efficient operation of computer networks and systems, based on the premise of reasonable functional division. Therefore, the construction of the computer room project must ensure that the computer room environment meets the requirements of various electronic equipment such as computers and staff on temperature, humidity, cleanliness, electromagnetic field strength, leakage prevention, power quality, vibration, lightning protection and grounding. Military enterprises, as weapons and equipment scientific research and production units, carry a large amount of classified information in their computer rooms. Therefore, this paper discusses the security design of computer rooms in military enterprises.
01 Design standards and basis
While meeting the requirements of national standards such as "Data Center Design Specifications", "General Specifications for Electronic Computer Sites", and "Computer Site Safety Requirements" in terms of site, security, power supply and distribution, etc., the data center room of military enterprises must also meet the requirements of the State Security Bureau, Mandatory requirements of security and confidentiality management departments such as the State Administration of Science, Technology and Industry for National Defense in standards such as graded protection evaluation and weapon confidentiality qualification certification.
02 Security design ideas for data center computer room of military enterprises
The construction of the computer room is a systematic project, which mainly includes decoration, electrical, HVAC, weak current, and fire protection. When military enterprises are constructing computer rooms, in accordance with the requirements for graded protection evaluation and confidentiality qualification certification, they should first determine the level of computer room construction according to the security level of the classified information system, and design and construction with reference to key parts. Fire safety requirements are met.
2.1 Environmental safety
There are a large number of equipment in the computer room, which will generate a lot of heat during operation, and the high temperature and temperature will not only seriously affect the normal operation and service life of the equipment, but also cause great harm to the life safety of the staff. Therefore, the design of the computer room It is necessary to meet the requirements of people and equipment on temperature, temperature, cleanliness, etc.
2. 1. 1 Decoration
In order to ensure the normal operation of the classified information system, the material of the computer room should be non-flammable and airtight, non-discoloring, dust-proof, easy to clean, corrosion-resistant, small in deformation, and have good anti-static, sound absorption and Decorative material for shielding effect.
A large amount of static electricity will be generated in the computer room. Static electricity will not only cause random failures, malfunctions or calculation errors during the operation of the classified information system, but may also cause some components in the equipment to be broken down and destroyed. In addition, the problems caused by static electricity are not only difficult for hardware personnel to detect, but sometimes also make software personnel mistaken for software failures and interfere with normal scientific research and production work. Therefore, anti-static materials should be selected in the computer room.
2.1.2 HVAC system
(1) Air conditioning system. There are a large number of electronic equipment in the computer room, which generates a huge amount of heat. A special precision air-conditioning system is required to control the ambient temperature and temperature. While considering the redundant design of the air-conditioning system in the computer room, if the cooling method is air-cooled, the height difference between the indoor and outdoor units should also be considered. If the height difference between the indoor and outdoor units is too high, there will be many hidden dangers in the air-conditioning system. Difficulty in oil return, frequent compressor failures, difficulty in starting in winter, and cooling capacity attenuation.
(2) Water supply and drainage system. The water supply and drainage pipes of the computer room should be made of closed-cell rubber and plastic materials for anti-condensation and heat preservation. At the same time, the ground of the main engine room should be waterproofed as a whole, and drainage floor drains should be set up. The emergency drainage of the computer room should use floor drains. In the event of a flood, the water should be discharged to the designated area. The main water supply pipeline should also be equipped with an on-off valve, which should be linked with the water leakage alarm system to automatically cut off the humidification water supply when a water leakage alarm occurs.
(3) Fresh air system. In order to ensure the freshness and stability of the air in the equipment room and meet the health requirements of the staff in the equipment room, it is necessary to ensure positive pressure in the equipment room to prevent untreated air from infiltrating the equipment room or harmful gases, smoke or mixtures from staying in the equipment room. In the design of the computer room, a separate, sufficient, adjustable, and unified fresh air system should be established. At the same time, the fresh air entering the computer room must be pressurized and then enter the computer room.
(4) Empty the system after the disaster. Set up a post-disaster emptying system in the gas fire-extinguishing area to quickly discharge the exhaust gas after the gas fire-fighting is completed, so that personnel can enter the maintenance equipment.
2.1.3 Electrical system
(1) Power supply and distribution system. The power supply and distribution system of the computer room is the core of the entire computer room. The power supply and distribution system of the equipment in the computer room adopts a redundant power supply structure according to the grade of the computer room. The safety and availability of the power supply and distribution system in the computer room are the basic guarantee for the normal operation of each system in the computer room.
In order to provide stable and uninterrupted current and voltage to the equipment and confidential information systems in the computer room, and to save data and shut down the system for a certain period of time after an abnormal power failure, the computer room should be equipped with a regulated power supply device, which can be connected through cables Lead to the precision column cabinet, and connect to the power distribution in the cabinet through the industrial connector to ensure the operation of the confidential information system in the computer room. At the same time, in order to ensure the uninterrupted cooling of the computer room after the power failure, a regulated power supply that supports the operation of the confidential information system at the same time is configured for the precision air conditioner, access control and other equipment in the computer room. It should be noted that, in order to ensure the security of confidential information, server equipment and non-server equipment cannot share the same set of regulated power supplies.
(2) Lightning protection grounding system. The electronic equipment in the computer room has the characteristics of high density, high speed, low voltage, and low power consumption, which makes it very sensitive to various electromagnetic interferences such as lightning overvoltage, power system operating overvoltage, electrostatic discharge, and electromagnetic radiation. Therefore, the lightning protection design of the computer room should be comprehensively planned, comprehensively managed, and multi-protected, and the external lightning protection measures and internal lightning protection measures should be considered as a whole to achieve safety and reliability, advanced technology, economical and reasonable, and convenient construction and maintenance.
The metal shells of all equipment in the equipment room are reliably grounded, and are collected to the grounding terminal box in the equipment room so that the metal shells of all equipment in the equipment room form an equipotential. The grounding in the equipment room includes: AC working ground, safety protection grounding, antistatic grounding, DC logic grounding of computer system, etc.
(3) Lighting system. While the working lighting system is configured in the computer room, it should also be equipped with an emergency lighting system to ensure that personnel can do emergency treatment or evacuate along the passageway to the exit or emergency exit safely and quickly. Emergency lighting fixtures should use self-contained battery lamps, which can be continuously lit for 90 minutes after power failure, and emergency evacuation indicator lights should be set at main entrances and exits.
2.1.4 Environmental monitoring system
In order to improve the security of the maintenance and management of the computer room, an environmental monitoring system should be built in the computer room to monitor many environmental variables such as power supply, temperature, humidity, water leakage, and air dust content, as well as equipment such as regulated power supply, air conditioning, fresh air, dust removal, and dehumidification. The running status is recorded in real time. When the equipment parameters are abnormal, the system can alarm to the outside world in time, and record the operation status and alarm information into the database, which can be used for query and accident tracing, reducing the burden of the maintenance personnel in the computer room and improving the reliability of the system. The content of monitoring includes: power distribution, temperature and humidity, regulated power supply, air conditioning, water leakage and so on.
2.2 Physical Security Design
The physical security of the computer room of military enterprises needs to take protective measures such as access control, intrusion alarm, and video surveillance to prevent unauthorized personnel from entering and obtaining confidential information and equipment.
2.2.1 Video Surveillance System
A video surveillance system is set up at the main entrance and exit of the computer room and in the equipment area to record the video in real time and can be queried and played back. The hard disk video recorder is set up in the duty room to realize 7×24h monitoring to ensure that problems can be found and dealt with at the first time. Video images can be saved for more than 180 days, enabling scene traceability.
2.2.2 Intrusion Alarm System
Set up dual-detection detectors in the data center, and access the dynamic ring system for centralized monitoring. During the fortification time, once someone invades, the system will automatically alarm.
2.2.3 Access Control Management System
The computer room area should be equipped with access control equipment, and a two-factor authentication method should be adopted to allocate user access rights as needed according to protection requirements, use hardware devices or biometric technology to identify user identities and rights, and strictly prevent unauthorized users from logging in and accessing. Unauthorized personnel entering the computer room shall go through the approval procedures, and can enter only after the approval is passed, and at the same time, they need to be accompanied by the personnel of the unit throughout the process. When entering the computer room, you cannot carry devices with wireless communication functions such as mobile phones. You need to place the wireless communication equipment in the electromagnetic shielding cabinet at the door, and record the operations after entering the computer room.
The access control system is linked with the fire alarm system. When there is a fire alarm, the access control of all evacuation passages must be powered off and unlocked.
2.3 Information Security Design
2.3.1 Location of computer room
The computer room should be far away from relatively independent and airtight places such as foreign-related institutions, and in a relatively independent airtight space, taking into account factors such as waterproofing and load-bearing. Equipment room, and non-essential water pipes do not pass through the top or bottom of the equipment room.
2.3.2 Shielded enclosure or cabinet
The computer room is the operating carrier of the confidential information system of military enterprises. In order to prevent the leakage of confidential information during the operation of various electronic equipment such as servers, switches, and storage, and to prevent the above equipment from being interfered by external electromagnetic waves during operation, when constructing the computer room, it should be Consider the anti-electromagnetic leakage design of the equipment room.
The distance between the location of the computer room and the controllable boundary is greater than 100m, the radio interference field strength in the computer room should not be greater than 126dB in the frequency range of 0.15 to 1000MHz, and the magnetic field interference field strength in the computer room should not be greater than 800A/m. If it cannot be satisfied, it is necessary to comprehensively consider building an electromagnetic shielding computer room or electromagnetic shielding cabinet according to the scale of the computer room and capital investment, so as to effectively prevent the leakage of confidential information.
2.3.3 Integrated wiring
The integrated wiring system is a standard structured wiring system used to transmit confidential information such as data, pictures and videos. Therefore, shielded twisted pair or fiber optic wiring system should be used. When shielded or unshielded twisted pair is used, if the isolation distance is not To meet the requirements, a line jammer should be installed.
2.4 Fire safety design
The computer room is a closed space, and the equipment in the room is of high value and consumes a lot of electricity. If a fire occurs in the computer room, not only the direct economic loss of the fire will be serious, but also due to the destruction of information and data, it will seriously affect the progress of scientific research and production. The losses are more serious. Therefore, an automatic fire alarm system and a gas fire extinguishing system should be built in the computer room.
The automatic fire alarm system, as the first means of finding fire and the trigger source for automatic activation of fire extinguishing equipment, should cover the entire computer room area. Smoke detectors, temperature detectors, sound and light alarms, alarm bells and other equipment should be installed in and outside each gas fire protection zone. The trigger event of the alarm device in the protection zone is any type of single detector alarm, and the prompt still remains. The personnel in the protection area should be evacuated immediately; the alarm device outside the protection area and the gas spray indicator light will act at the same time, that is, immediately after the gas is sprayed, it will be activated to remind personnel not to enter. In addition, an emergency start/stop button is set outside the door of each protection zone to control the start and stop of gas spraying.
The computer room is a place where military enterprises centrally store a large amount of classified information. Once the information is lost, it will bring huge economic losses and losses of scientific and technological achievements. Therefore, when designing the computer room, it is necessary to strictly follow the design and implementation of environmental security, physical security, information security, etc., not only to deploy a large number of technical means and security products for the protection and monitoring of the computer room, but also to establish and improve the corresponding management. system, strengthen the training of operation and maintenance personnel, formulate comprehensive and effective emergency plans, ensure that various technical measures and tools play an effective role, and ensure the safe and stable operation of the computer room.