data centers

THE TELECOM DATA CENTER OF THE FUTURE will look much like the Internet data center of today.

But as service providers migrate to racks of ATCA chassis encrusted with Linux server cards, the fact that they are essentially on the Internet means they will have to focus more on security.

The move to VoIP is the looming event that keeps telecom data center managers awake at night, and many are already thinking about how to accommodate the new technology.

Nominum's Paul Mockapetris

Midwest Data Center Inc. is a storage, Internet and hosting facility located in a highly secure facility in Rock Port, Mo., about halfway between Kansas City, Kan., and Omaha, Neb. Housed in a hardened tornado-resistant concrete facility adjacent to a telco switching center, the company provides a highly secure, controlled facility with multiple power backups.

Midwest Data also uses multiple systems to manage and ensure security in the facility, for both data security and physical security. Topping the list for data security is the SonicWALL Inc. firewall. The product “is so feature-rich,” says Michael Goins, data security analyst at Midwest Data. “It also implements intrusion prevention and detection.”

Midwest Data also employs virtual private networking software and Avaya Inc. virtual LAN software to provide securely encrypted tunnels to transmit data to and from clients and within its facility. Besides standard strong security features such as triple DES and SHA1 (secure hash algorithm), Goins also adds data compression, which gives the company up to 6mbps speed on a T1, as an added security feature.

Midwest employs typical physical security features, such as coded card access, biometric access that reads a whole hand and digital video surveillance.

On a separate front, Verizon Communications Inc. offers managed data center services to customers, in addition to running its own data centers for services, such as the company Web site.

To manage its current infrastructure, Verizon has developed many tools internally, says Bob Butler Jr., vice president of data center operations at Verizon. One that monitors an entire service is called Sea of Green, after the array of lights that operators like to see on their consoles. When the system is working well, all lights are green; when performance is degraded, they are yellow; and they turn red if there is an outage. Another internal tool, called Sentinel, monitors the actual infrastructure rather than services.

“We are trying to get to what I call ‘unattended event situations,’ where the application is robust enough so, if it encounters a hardware or software failure, it fails over through automation,” says Butler. The application would take action to correct the problem and send a notification to an operator of what happened.

As Verizon prepares to add new systems in both its data centers and central offices to support VoIP, change management is coming to the forefront. Here, however, Butler is not anticipating automation. “I’m not aware of anything that’s out there or available for predicting the results of a parameter change,” says Butler. With the complexity of a typical data center, “it is difficult to do any prediction of what a change will do. That is why we focus on doing real load testing and verification of changes when they go in,” Butler adds.

For other tasks, such as diagnosing faults, Verizon is looking at off-the-shelf solutions for the first time. “In the marketplace, they say these products will autodiscover for you,” says Butler. “That would be a great help in diagnoses of slow-response issues.”

VoIP creates unique data management issues in the data center, the foremost being management of ENUM databases. Managing and securing such databases is the unique expertise of Nominum Inc., a company whose executives include Paul Mockapetris, chief scientist, who invented the domain name system (DNS).

ENUM, says Mockapetris, “replaces a lot of the databases in the current phone system with DNS lookups.” An ENUM database may include a large amount of information other than the phone number, some of it mandated, such as whether a phone is at a prison and whether the customer will receive telemarketing calls.

With that kind of data about callers, security will be critical. “The security problems initially will be minimal. All providers doing VoIP with ENUM are going to put the call and data in protected bandwidth,” says Mockapetris. The main security challenge in the future likely will be how to do direct IP-to-IP exchanges between VoIP carriers without compromising data, such as ENUM. “Now we use POTS as the bridge of last resort,” says Mockapetris. “We have to figure out how to exchange data and signaling info directly.”

Data management and privacy policy also will be important. “Who owns that data, because the consumer is getting more ownership of their phone number than before number portability,” says Mockapetris. “Those providing that kind of data like to keep that control and [it] remains to be seen whether they will or won’t.”

scaling databases

AS THE PHONE SYSTEM MIGRATES EN MASSE TO VOIP, THE DEMANDS ON ENUM servers will rise to an entirely different scale from today.

“That is why the database-model thinking about ENUM is being done now,” says Nominum Inc.’s Paul Mockapetris, the company’s chief scientist and inventor of the domain name system (DNS). “Today we guarantee that ENUM servers not only answer queries, but also process updates at the same time. We are making sure we can do industrial- strength ENUM. It is a different problem from the way people think about doing DNS in a conventional setting.”

One carrier approached Nominum with a request for an ENUM server that would be able to turn over 5 percent of the database each day. “Not that it’s going to happen right away,” says Mockapetris, “but if you have 100 million phone numbers to worry about, you are going to have to do 5 million updates. If we get cell phones that use Wi-Fi, which we will, then they are going to say, ‘We would like to be able to let a Wi-Fi phone roam a bit and do registration as they move from one cell to another.’” Each registration involves an ENUM lookup.

“So industrial-strength ENUM is a lot harder in practice,” says Mockapetris. “If you can’t do 100 million phone numbers, go home, and there are people out there with bigger designs than that.”