There is no doubt that we live in a litigious society.  And among all the industries in this complex economy, the healthcare industry may be affected by the threat of law suits more than any other.  The Health Insurance Portability and Accountability Act (HIPAA) adds to the already long list of reasons to sue a healthcare provider.  That is not to say we do not need this federal mandate to require that our personal medical information is kept safe and confidential.  In this age of identity theft and other forms of personal intrusion, we need all the safeguards we can get.  Firelock vaults are one element in a conscientious healthcare provider’s comprehensive data protection program that keeps our information safe and mitigates their risk of litigation.

As our medical records continue to migrate to completely digital formats, this information must be accessible to authorized personnel but protected from intruders.  It must also be protected from corruption by taking backup copies of the information off-line with backup tapes or removable hard drives.  These backup copies must be stored in a Class 125 data vault to comply with NFPA 232, which ensures that even if the temperature around the vault reaches 2,000-degrees F. in a catastrophic fire the interior will remain below 125-degrees F.–the point at which digital information is lost.  If the integrity of the information is not maintained it is a violation of HIPAA requirements.

These Firelock vaults are also used to protect IT equipment which hosts electronic medical records.  Server vaults can keep temperatures from reaching the threshold where electronic equipment is damaged or destroyed, enabling healthcare providers the ability to relocate this equipment to a secondary site and get the vital patient records back online where healthcare providers need them.  By employing these best practices, healthcare organizations can mitigate risk and meet the needs of their patients when it matters most.

A nationwide network of offsite data protection firms is also able to provide disaster recovery services when their clients are in need.  Because these services are available through the Secure Media Vault Associates (SMVA) it is possible to utilize the facilities of an SMVA member in another region if the nature of the disaster requires temporarily relocating operations.  This gives DR planners much more flexibility and many more options when formulating their disaster response protocols.

Many of these companies have helped their clients through major natural disasters, long-term power outages, fires, etc.  In addition to traditional disaster recovery/business continuity services these locations are also able to host containerized data center modules, such as Firelock’s Secure Agile Vault Environment, or SAVE units. 

SMVA network members all offer their clients a much higher level of data protection than their competition.  Unlike the national chains of offsite data storage companies, these owner-managed independent companies in the SMVA network utilize Firelock Class 125 data-rated fireproof vaults with optimum environmental conditions for the protection of their clients’ data tapes.  In addition to protecting data backup tapes, these vaults are used to protect the IT equipment (for E-vaulting and co-location) that hosts their clients mission critical information.  They also utilize the latest technology in barcode tracking of media and GPS monitoring of their media transport vehicles. 

The standards of excellence they uphold in their data storage business are applied the their disaster recovery services.  These service capabilities combined with the flexibility of the many network locations gives SMVA clients unbeatable disaster recovery options.

Managed hosting companies are often the sole custodian of their client’s mission critical information.  Statistics vary, but the majority of companies that lose their vital information go out of business within the next year.  Protecting this information is rarely seen as a priority for this industry, as uptime and cost per GB of storage tend to be the key selling points hosting companies emphasize.  Not all companies are the same, of course, and a small but growing contingent of managed hosting companies is investing in server vaults for their data center to ensure the survival of their clients’ data, even if their facility is hit by a disaster.

This concept of offering clients a higher level of protection for a premium price is not a new one in the data protection industry.  For nearly twenty years a network of offsite data storage companies has been using Firelock media vaults to differentiate themselves from the competition and grow their businesses.  In any market with a lot of competition the product and or service becomes a commodity, and in a commodity market the lowest price almost always wins.  To avoid this margin-shrinking phenomenon the Secure Media Vault Associates (the network of Firelock-equipped offsite data storage companies) invested in true data-rated vaults and are able to charge premium prices for their services.  Their clients recognize the value of the investment their service providers have made to protect their backup data and are willing to pay extra for this level of security.

By providing a data center with real data protection capabilities these hosting companies can win new business without slashing their prices to be the cheapest vendor.  They can also go after clients that have more stringent information protection requirements, like healthcare companies with HIPAA regulations and financial service firms with FTC mandates to satisfy.  A Class 125 server vault is an excellent way for a managed hosting company to carve out a very profitable niche in a crowded market.

One of the things data center operators frequently ask me is how we are able to maintain the integrity of the vault with their cooling system’s needs for coolant lines penetrating the vault.  The answer is the insulated pipe penetration assemblies we install to protect this critical area.  Without the ability to adequately cool the server room equipment the data center will not function properly, and if the server room is not protected everything is lost in a disaster.

One very attactive option for cooling is the LiquiCool® Rear Door Heat Exchanger (RDHx) system offered by Coolcentric.  This type of system utilizes the airflow generated by the server equipment to push the warm air through the radiator-like heat exchangers in the units that replace the rear doors of the server cabinets.  This cools the air before it exits the rack and keeps the temperature in the server room at optimum levels.  Coolcentric’s RDHx system is very energy efficient and reliable because there are no fans or other moving parts on the server cabinets.  A Coolant Distribution Unit monitors the temperatures within the individual racks and increases or decreases the flow of chilled water to each unit as needed to achieve maximum efficiency.  Over time the total cost of ownership of RDHx systems is lower than conventional HVAC systems due to the reduced power consumption.

Coolcentric offers this product with a coolant line manifold that is located inside the vault, so only a single pair of supply and return lines is needed to penetrate the vault structure to connect to the water chiller unit.  This is ideal for maintaining the integrity of Firelock’s Class 125 data vaults.  Of course the coolant penetrations are just one component of the total vault system.  The vault structure, doors, dampers and cable penetrations must all meet the stringent Class 125 rating (the ability to maintain the temperature below 125-degrees F. even if the exterior temperature reaches 2,000-degrees).  As the old saying goes, ” a chain is only as strong as its weakest link.”  The same is true for data center design.  All components must work together to create a functional and safe environment for mission critical data center operations.

To protect its mission critical information a large healthcare provider is including a Class 125-Three Hour server vault in their data center renovations.  As part of their security protocols they do not want to be named but their spokesperson stated: “Protecting our clients’ medical records is paramount, and this is one way we can fulfill our duty to provide the absolute best care for them.”

This vault is capable of maintaining the interior temperature below 125-degrees F. for at least three hours, even if the exterior temperature reaches 2,000-degrees F.  This is the rating required in the National Fire Protection Association’s standard NFPA 75, which details the specifications for the protection electronic equipment.  Only the most critical data centers currently adhere to this stringent standard, while less important facilities are typically just equipped with a fire suppression system inside the server room.  The flaw in this method of protection is it only helps if the fire starts inside the server room.  If the fire starts somewhere else in the building and burns its way into the server room the equipment will already be destroyed by the time the fire suppression system is activated.

One of the reasons this organization decided to protect their data center is the federal government’s HIPAA requirements on safeguarding patient data.  Protecting the equipment where this information is stored and processed helps this organization stay in compliance with HIPAA mandates.  Another deciding factor is the federal government’s initiative to have all medical records converted to digital format.  By protecting their data center facility with a Class 125 server vault they already have the infrastructure in place to protect these digital records.  It’s good to see an organization being proactive in their approach to protecting mission critical information.

Over the past 25 years Firelock has built over 1500 modular fireproof vaults to protect IT equipment and other heat-sensitive assets.  In that time very few of these vaults have had the same dimensions as previously installed vaults.  Each vault is custom-sized to fit in an existing room or to provide for the client’s exact interior space requirements.  When length, width and height is easily customized it creates an almost infinite number of  vault size permutations.  This is why it is easy for Firelock to customize the Secure Agile Vault Environment (SAVE) units for each customer’s needs.

Of course building inside a shipping container limits the vault dimensions to some degree, but containers can be had in multiple sizes and the length of the vault can be customized.  The standard SAVE unit is constructed with a 40-foot shipping container and allocates space for a vestibule in front of the vault and a mechanical room behind it.  It also includes eight server racks, an overhead cable management system, internal fire suppression, Vette’s LiquiCool Rear Door Heat Exchanger system and the HVAC equipment to support it.  The SAVE unit can be delivered with all of these components, some of these components, or with just the vault itself.  It’s all up to the customer.

If the water chiller and support systems are not needed inside the SAVE unit, the mechanical room can be eliminated and the vault can be expanded into that area.  If the unit will always be operated in an indoor space, such as a warehouse, and weather protection and improved physical security is not required then the vestibule area can be eliminated.

With a history of customizing fireproof vaults to fit each individual customer’s needs, Firelock is able to do the same for the SAVE solution.  Just as it is with all Firelock vaults–it’s all about the customer.

One of the most difficult aspects of server room design is managing the temperature inside this critical area.  As the density of server racks increases and the heat generated by the IT equipment escalates year over year it is no wonder data center designers must consider their cooling options carefully to maintain optimum server room temperatures.

One option we have found to be an excellent solution in high density data centers is the Vette Corporation line of rear door heat exchangers for server racks.  These systems cool the exhaust air from server cabinets before they enter the airspace within the server room by circulating chilled water through the unit.  Because this design utilizes the airflow from the fans in the server equipment there is no power consumption from the cooling units, resulting in significant operating cost savings.

To protect against ambient heat, especially in hotter climates, the R-33 insulation rating of Firelock vaults is a major advantage in maintaining the correct server room climate.  All cooling system penetrations in Firelock server vaults, such as for coolant lines and ducted air, are specially designed and installed to prevent the heat from a fire from damaging or destroying the most critical area of the data center.  And of course the vault structure and doors are capable of maintaining the temperature below 125-degrees F. for at least two hours (up to four hours in larger server vaults) even if the outside temperature reaches 2,000-degrees.  Heat must be held below this critical threshold to protect the IT equipment and the vital information it holds.  After all, mission critical data centers must be protected from all threats–from within and without.

When most people think about security for the data center, the focus is on firewalls that keep hackers out of the network.  These countermeasures are absolutely essential for protecting the data hosted on the network.  One issue that isn’t emphasized enough is the need for physical security–keeping unauthorized personnel and other intruders out of critical areas in the data center.  The server room is especially vulnerable and in need of extra security, due to the value of the components in the server racks and the information they contain.

Electronic equipment must also be protected from heat exposure.  Fortunately, improved physical security is a beneficial by-product of the modular fireproof server vaults by Firelock.  The wall and roof panels used in the construction of these vaults is not specifically designed to stop intruders (these vaults are capable of maintaining interior temperatures below 125-degrees F. for two to four hours, depending upon the size of the vault, even if the fire outside the vault reaches 2,000-degrees F.) but it would take a significant amount of time to breach them.  If a motion sensor or other intrusion detection system is installed outside the vault area, this extra time gives security personnel or the police a chance to arrive before the server room is compromised.

The double door system is another major improvement to physical security in the data center.  The outer door is an 1,100-pound fire door with a combination lock.  When the door closes it automatically throws 10 steel bolts into the locked position in the steel door frame.  This would be a very difficult door for an intruder to open after the combination lock is engaged.  The inner door is a steel door with a conventional door handle and lock that is often converted to a magnetic lock that can be activated by swipe cards or biometric access control systems.  These electronic lock systems are ideal for controlling access to the critical vault area during business hours and keeping track of authorized personnels’ entry and exit times.

With all the threats to IT operations that exist in the world, it’s a distinct advantage to have one integrated part of the data center that can protect against both fire and intrusion.  Vaulting the server room with a modular data chamber protects mission critical data both ways.

When  comparing the specifications for fireproof server vaults, there is a distinct difference between the ASTM E119-00a testing standards found in the U.S. market and the EN1047-2 standard that dominates Europe, Asia and South America.  For example, the American test requires a five-hour fire test, with a blast furnace heating the vault to over 2,000-degrees F. to measure how long a vault structure can maintain temperatures below the critical 125-degrees F. threshold.  The same vault structure must then be exposed to a hose stream test to ensure it still has the structural integrity to resist the pressure of fire fighting efforts around the vault.

In contrast, the EN1047-2 test procedure only requires the vault structure to be exposed to heat from the furnace for one hour, after which the furnace is turned off and only the residual heat in the test area remains as the source of elevated temperatures outside the vault.  Even more surprising is the fact that a new vault structure is then used for the hose stream test, rather than the one that was exposed to heat.  Most fire testing experts agree this is not an accurate procedure to test real world capabilities.

Because of these different test procedures, Firelock vaults are designed and constructed very differently from those that are designed to meet the EN1047-2 requirements.  Every component of Firelock vaults is capable of meeting the Class 125 rating required to protect electronic equipment and the data stored within.  The European-spec vaults have some fire protection value in the vault structure (though not as robust as the ceramic fiber-core panels utilized by Firelock) but the other components are far from meeting the Class 125 rating.  For example, the EN1047-2 spec requires a single door with an outward swing and a “crash bar” opening mechanism to speed egress from the vault area.  The door is not much different than a standard steel commercial door, and it is not unusual for them to have windows.  Needless to say, this is a far cry from the Class 125 double door assembly employed on Firelock vaults.  The same is true for the cable and air duct entry points, where light-duty units are installed to ease speed of installation.

Does this mean IT infrastructure and information in Europe, Asia and South America are less valuable than the same type of assets in the U.S. market?  Not likely.  I believe it is more a matter of U.S. testing authorities recogizing then need to apply real world conditions to encourage the development of products that will protect American assets when the worst case scenario becomes a reality.

Our dependence on IT operations to keep businesses running and profitable has never been greater.  To prevent costly downtime, and perhaps even save the enterprise entirely, all threats to the data center must be addressed.  One threat that immediately comes to mind for data center planners is a catastrophic fire, which is why fire suppression systems are ubiquitous in mission critical server rooms.  These fire suppression systems are effective for extinguishing fires that start inside of a server room, but are useless when the fire burns its way in from anywhere else in the facility.  In fact, the heat of catastrophic fire will destroy equipment, and the data on that equipment, long before the fire penetrates a typical wall structure.  To truly protect IT infrastructure and information assets a data vault must prevent flames, smoke and heat from penetrating the structure.  That is why Firelock Data Protection Systems has seen increased demand for the server vault application of its fireproof modular data vaults in the past few years.

 Firelock has been building data-rated fireproof vaults for over 20 years, with Fortune 500 companies, government agencies, and offsite storage firms among its clients.  Utilizing a modular panel system with a core of ceramic fiber (a high temperature industrial insulating material), double door assemblies, insulated penetrations for cables and coolant lines, and insulated air duct dampers, Firelock builds data vaults with a minimum Class 125-Two Hour rating.  Depending upon the size of the vault, a Class 125-Four Hour rating can be achieved.  This means the temperature inside the vault remains below 125^o F. for the specified period of time with temperatures over 2,000^o F. outside the vault.  Here is a table with the ratings for corresponding vault sizes: 

 Traditionally these Class 125 vaults have been utilized to safeguard magnetic media, such as computer backup tapes.  Countless organizations safeguard their mission critical backup data in Firelock vaults, either in their own facilities or with an offsite storage service provider.  Recent trends in data center design are making Firelock’s server vaults a more and more attractive option for protecting mission critical IT infrastructure. (more…)