Professional Documents
Culture Documents
Estudio Tecnico-Despliegue Data Center 73-End
Estudio Tecnico-Despliegue Data Center 73-End
5.2.16 Baths
The one that will be located closest to the main access point of the building will be mainly dedicated to
use by visitors and third companies, which access the data center. It will have suitable dimensions for
people with reduced mobility.
The bathrooms provided for the operative personnel of the data center have a shower available for each
gender.
lock
This room is not considered critical, as it could be evicted quickly in the event of a serious incident at the
Data Center. Thus, a material certification solution is proposed, but in the room, which guarantees the
functions that must be fulfilled.
- Electrical protections.
As described above, the system has been designed to meet Tier III level requirements. Therefore, it was
decided to use a simple Tier III design with the following characteristics:
- Double company power supply to the data center (at least one dedicated)
Project RG-T2785-P004 73
Machine Translated by Google
PHASE I
The electrical installation is based on a 2N redundancy, which distinguishes it from the infrastructure
branches (A and B). Each electrical branch is composed of the following elements:
• MV/LV transformer centers of a paid type for each electrical branch. For the transformers. In this
phase, a dry type transformer with a power of 1600 kVA will be installed. Distribution tables of Baja
Tensión.
Project RG-T2785-P004 74
Machine Translated by Google
• Primary and secondary distribution per busbar, for each electrical branch.
The operation of each one of the branches is completely independent so that any defect is
completely isolated and continuity of service is guaranteed. The coupling of a branch on the
other is not foreseen automatically or manually.
The protections will be three-pole made by means of an automatic switch with electronic
relay and wired sized in accordance with the intensities demanded.
PHASE II
Project RG-T2785-P004 75
Machine Translated by Google
The operation of each one of the branches is completely independent so that any defect
will be completely isolated and continuity of service will be guaranteed.
The coupling of a branch on the other is not foreseen automatically or manually.
The protections will be three-pole made by means of an automatic switch with electronic
relay and wired sized in accordance with the intensities demanded.
The topology of the system for supplying IT services and mechanical services is reflected
in the corresponding single-line scheme.
A connection to the medium voltage electrical network is provided (dedicated and exclusive
to the Data Center). It is advisable to ask ANDE for the possibility of a second line to
support the assistance. The electrical lines will be independent from the one from the
other, coming from different substations and different distribution rings.
In each of the distribution lines there will be a low voltage medium transformer of 1600kVA
to respond to the total demands of the installation.
Waters below the transformers, the generator sets will be located, each with its ATS, which
will have neutral undermining in order to avoid the loss of reference during a switchover
and under the floating neutral regime.
Project RG-T2785-P004 76
Machine Translated by Google
From each of the ATS, the low voltage distribution boards will be connected, which will distribute the energy
to each of the components of the system. The same frame will have its own protection against overvoltage.
Each low voltage distribution board will be separated into three parts. On the one hand, I supply IT equipment,
on the other hand, I supply mechanical equipment and, finally, for non-critical services.
Both low voltage distribution boards. They will be equipped with trim from the first brands ABB, Schneider
(the similar quality), and will have 20% of free space without equipping to allow future expansions. All
switches and internal elements will be remotely monitored by the BMS through auxiliary contacts.
The IT equipment supply line will be backed up by a UPS (the SAI) of 300kVA for each branch, which will
ensure the energy quality of the IT equipment supply, filtering all kinds of fluctuation, overvoltage, voltage
holes, harmonics, etc. Apart from the UPS equipment turnaround circuits (bypass), the electrical panel will
have its own turnaround circuit for equipment maintenance. The backup duration will be 10 min, above the
minimum stipulated by TIA-942 and BICSI-002.
The distribution of energy to the IT equipment will be carried out by means of a busbar for each of the rows
of racks, thus reducing the amount of wiring and improving its operation. Each rack will have its own PDU
according to the stipulated maximum power. All IT equipment must ensure double electrical supply.
In the service areas, each one of the refrigeration equipment in the IT room will be provided with double food
that will be managed by the equipment itself. The refrigeration equipment of the UPS rooms and batteries will
have a single supply but will not be redundant.
The control system - BMS of the Data Center will also be powered from
ÿ Electrogen groups.
ÿ UPS.
Project RG-T2785-P004 77
Machine Translated by Google
Each transformer is accompanied by its corresponding cells for connection to the electrical company and
measurement of consumption of active and reactive energy, in order to offer a hand-on project. They will be
assembled in prefabricated houses that will house the corresponding protective, measuring and sectioning
equipment.
If installed from 23 kV to 400 V transformer substations, connect them to each side of the electrical system.
The selected transformer is an encapsulated dry equipment of 1600 kVA, with the main
characteristics:
The characteristics of the equipment under the IEC 60076-11 standard are:
- Frequency: 50 Hz.
- Number of phases: 3.
Project RG-T2785-P004 78
Machine Translated by Google
A certain margin of movement will be maintained in the cable to satisfy the needs of an anti-seismic zone. The
anchoring of the equipment will be specially indicated in order to mitigate the effect of a seismo.
generator set
The generator sets are completely redundant, independent and each installed in its own standard 20 foot ISO
container cabin.
- Three-phase alternator, voltage 400/230 V, frequency 50 Hz, without brushes, with electronic voltage
starting the diesel engine at any time and allowing the quick connection of it
charge.
-
The group will be supplied with coolant and with a full oil pan.
- Includes protections for mobile elements (belts, fan, etc.) and elements
Project RG-T2785-P004 79
Machine Translated by Google
- Silenblocks game to dampen vibrations between the bench and the group
soil.
- Soundproofed metal cover suitable for outdoor installation, and suitable for
obtain an LWA acoustic power level of 97 dB(A), equivalent to an average level
of acoustic pressure of 69 dB(A) at 10 m. It will have practical doors for access
to the different parts of the group.
Each equipment will be equipped with its own ATS switching system with neutral
undermining and without bypass insulation.
A certain margin of movement will be maintained in the cable to satisfy the needs of an anti-
seismic zone. The anchoring of the equipment will be specially indicated in order to mitigate
the effect of a seismo.
Project RG-T2785-P004 80
Machine Translated by Google
Fuel tank of sufficient capacity to guarantee supply to the Data Center for 72 hours, steel,
double wall, with support pies, which meets the following requirements and accessories:
- A man's mouth cover with mouths for filling, suction, leftovers is included
of motor, ventilation, assembly of level detectors and overflow.
- The filling mouth is 3” with quick coupling for filling by union
airtight and charging tube inside the tank up to 15 cm from the bottom.
- The outlet for fuel suction includes a tube inside the tank with a check valve to
prevent the circuit from going down (if the outlet is at the top)
Trasiego system:
Equipment for automatic filling of the interior tank, mounted on its own group, from the
nodriza tank, comprising:
- Double electric gear pump of 1,000 l/h, to fill the water tank
group fuel.
- Maximum and minimum level detector mounted in the tank incorporated in the group.
- Fuel pumps maneuver board, containing the equipment for the operation of each
pump, with automatic-manual operation selector. This one
frame maintains the fuel between the maximum and minimum levels, putting in
march and stopping the bombs to receive the level detector signal. will also give
opening and closing signal for the solenoid valve at the inlet of the group tank.
- There will be an entry to receive a minimum level signal in the deposit nodriza that
it would cause the bombs to stop so that they do not work empty.
Project RG-T2785-P004 81
Machine Translated by Google
UPS
The UPS will automatically maintain the AC supply of the critical load within specific tolerances, without
interruption during failure or deterioration of the mains supply (for a specific period following the battery
operation time). The UPS can be expanded by means of additional modules in parallel of the same power with
the purpose of supplying the requirements of the growth of the load or of the la
module redundancy.
The most technically adequate solution would be to use a modular UPS system with modules of 30, 40 or 50
kW.
An alternative solution is to use modular UPS of greater size. Both solutions are energy efficient and reliable.
The same equipment will be used both to support IT equipment and to control the mechanical equipment. In
this way:
- UPS IT A: 300 kW
- UPS IT B: 300 kW
Therefore, the proposed solution can be considered for 2 modular UPS of 150kVA per branch, with the
following characteristics:
The synchronization between the same modules of the same group is necessary and an indispensable
requirement.
A certain margin of movement will be maintained in the cable to satisfy the needs of an anti-seismic zone.
The anchoring of the equipment will be specially indicated in order to mitigate the effect of a seismo.
The system will have an algorithm by means of which, analyzing the actual state of load of the UPS, it
connects and disconnects modules to keep the system in a high state of load to improve its energy
performance (always keeping the desired redundant modules active). This is especially interesting when the
load is seasonal, or when double-bus power systems are configured.
Another of the important characteristics is the possibility of working at temperatures up to 55ºC, with which
practically its functioning will not be affected if the room where there is a problem with the climate control.
Project RG-T2785-P004 82
Machine Translated by Google
The main technical characteristics for the UPSs to be installed in this project are:
General:
- Topology: Possibility of working in VFI, VI and VFD, with algorithm that switches
automatically from one mode to another in function of the needs of the red and the
charge.
- Protection against voltage return by the by-pass line (back feed protection).
Input/output box:
- Output switch.
- Battery switch.
- Manual by-pass switch with signal to the inverters for their protection before a
accidental sword.
Project RG-T2785-P004 83
Machine Translated by Google
Static bypass:
impedance.
Rectifier:
Inverter:
capacitive.
Project RG-T2785-P004 84
Machine Translated by Google
o Touchscreen liquid crystal display with mimic blocks, measurements of all of them
input and output electrical parameters, event logs, battery status, etc.
contemplated in the maintenance contract, which generates calls and e-mails of notice to
the maintenance staff, which prepares automatic monthly reports with, as a minimum, the
following information: event records; battery and internal temperature trend charts
UPS, load per phase (active and apparent) and voltage minimums and maximums
Batteries:
Each UPS will be equipped with two battery lines (to achieve battery redundancy in each module) that can
withstand the maximum allowable load for each unit for 10 minutes. The batteries will be sealed lead acid
(maintenance free), VRLA technology (valve regulated), 10-12 years of useful life according to Eurobat
classification.
One of the main causes of unforeseen outages in an installation is the failures in the UPS battery systems.
For this reason, we have included a battery monitoring system (Alber type), which basically consists of
hardware where a connection is made to each battery with the purpose of being able to record, in real time,
the different parameters that govern its behavior. The main features of the sound system:
Measurements:
o Measurement and record of the current of loading and unloading of each branch of
batteries.
o Measurement and recording of the flotation and discharge voltage of each battery
within the system.
Project RG-T2785-P004 85
Machine Translated by Google
o Measure and record of the internal resistance (not impedance) of each battery and
of the contact resistance between batteries.
Measurement accuracy:
Generated reports:
Project RG-T2785-P004 86
Machine Translated by Google
main cable
One of the requirements and compartmentalization of all distribution paths and capacity
components.
From the low voltage distribution boards, the electrical wiring will be distributed throughout the
Data Center, guaranteeing the Tier III level requirements and the recommendations of TIA 942 in
relation to safety distances.
The wiring will always be carried out using portable metal trays for power cables, with direct
connection to the land.
busbars
The distribution of power in the room will be carried out using busbars. These elements are
embarrados that substantially improve the characteristics of the IT rooms, offering:
Project RG-T2785-P004 87
Machine Translated by Google
- Energy efficiency: eliminating the wiring in the false floor and avoiding the
taponamientos for air circulation
- Low cost: Less material needed and lower installation cost than systems
traditional
- Reduction of risks by human error: all circuits are much more visible and
manageable
- Reduction of overload risk per phase: the conductor never physically changes from
place
The following figure shows the difference between the distribution of wiring through a
traditional system of PDU's and a system with Busbar.
intelligent PDUs
The distribution of power within each active rack will require the use of intelligent PDUs
to guarantee redundant power to each IT equipment that needs it. It is recommended to
use units of different color for the A side and the B side so that it is very visually
recognized if an IT equipment is connected to both sources.
Project RG-T2785-P004 88
Machine Translated by Google
The PDUs (Power Distribution System) must be manageable and controllable in terms of
current outlets, they are all electrical parameters of each current outlet can be known
remotely, as well as activating and deactivating them remotely. Its main features
sound:
- Local display (on the PDU) and optional remote (to install in front of the rack)
There will be no differential protections provided for the neutral régimen es TNS.
For the rest of the equipment, a C curve will be used, dimensioned according to the maximum consumption.
All ATS and STS, with the exception of the main ones, have an isolation circuit.
The main ATS, located below the generator sets, have neutral undermining in order to avoid
a floating and transient reference system.
Project RG-T2785-P004 89
Machine Translated by Google
tension between the neutral and the ground in the IT equipment, which would cause
untimely protection trips.
The electrical distribution boards will be equipped with protection for class I and II
overvoltage. These will be 4-pole network overvoltage protection devices. The status of
these protections, together with their electrical protections, will be remotely monitored by
the BMS through voltage-free contacts.
network analyzers
The electrical panels will be equipped with network analyzers to carry out measurements
and records of consumption at the different points of the installation. Its main features
sound:
- Measurements of tensions, currents, potentials and energies (active, reactive and apparent),
frequency, current and tension harmonics.
Mallados de terra
The function of the mallado de tieras is to increase the security of people and equipment
in the face of possible leakages from the current and guarantee the equipotentiality of the
entire installation. Aimismo una malla equipotential avoids current loops that could cause
communication failures, electrical noise and electrostatic discharges. We will also obtain
protection against external electrical disturbances.
The mall study will be carried out in accordance with the recommendations of TIA-942 and
BICSI 002, and according to current regulations.
Project RG-T2785-P004 90
Machine Translated by Google
The fall of a ray on the ground has two types of consequences: direct and indirect.
The traditional pararay systems ensure direct protection, deriving all the energy to the land. Now, the
secondary effects can be very important, and could affect the security of equipment and people.
The deionizing pararays are based on its principle in the deionization of the aire. The objective is to avoid
the saturation of electrostatic charge between the land installation and the atmosphere that surrounds the
installation, specifically to peacefully compensate the difference in electrical potential of the zone during the
first process of the formation of the rayo.
So, a deionizing pararays of electrostatic charge will be installed. It consists of two reinforcements of
different geometry, preferably made of aluminium, electrically separated by three insulators, all supported
by a mast with adequate electrical insulation, in addition to each of the insulators having a variable dielectric
type gas noble, in function of the atmospheric electrostatic field, so that each insulator, to compensate the
energy inside, cancels the saturation of electrostatic charges in the atmosphere of the protection zone that
are responsible for the formations of the rays, having its field of action sufficient to protect the whole plot
Selectivity Studio
A protection regulation studio will be presented, respecting selectivity and security criteria to protect loads,
equipment and people. All protections will be regulated according to this study during the final integration
phase.
5.3.5 Lighting
Lighting is necessary so that operators can see, read and work inside the Data Center. The system
corresponds to a fluorescent system, modifiable to led type once it is established for the operation of the
Data Center and for its daily use. The characteristics of the lighting system are:
- 500 lux in the horizontal plane and 200 lux in the vertical plane, according to TIA-942 and BICSI-002.
- 1 hour of autonomy.
Project RG-T2785-P004 91
Machine Translated by Google
To achieve the maximum level of efficiency and reduce the PUE of the Data Center to the
maximum from low power, it is necessary to use the most efficient air conditioning system available at
each local market.
In order to determine the technical solutions, the working conditions must be established:
To choose the most suitable technology, it is necessary to study with attention to the
equivalent annual climatic conditions. Comparing them against the limits recommended
by ASHRAE, one obtains:
Project RG-T2785-P004 92
Machine Translated by Google
Project RG-T2785-P004 93
Machine Translated by Google
Thus, the high values of humidity throughout the year of 6152 hours per year (70% of the
time) demonstrate that it will be essential to dehumidify the room throughout the year in
order to maintain certain correct conditions. This limits the use of direct expansion systems
or cold water at 7/12 ºC.
The possibility of using economizers for the use of direct free-cooling is discarded, if only
you could get to use every 2610 hours, the closing of the ports would not be completely
sealed, which would increase the humidity and the energy consumption.
The use of chilled water systems is not efficient as they are carried out at high temperatures
(cold water >15 ºC). Direct expansion systems condensed in air are much more efficient, with
state-of-the-art compressors such as invert or digital and electronic expansion valves.
The possibility of using a condensed water system with indirect free-cooling batteries drops.
Now, the preliminary analysis also allows full free-cooling to be carried out at a temperature
of 17-18 °C and a mixed mode up to a temperature of 27 °C, there is no associated energy
shortage. Even worse, the increase in consumption increases by 17%.
Therefore, the use of an air conditioning system based on direct expansion condensed to
the air is recommended.
These types of systems are based solely on a refrigerant circuit, which circulates between
the evaporator, located inside the room, and the condenser, located outside. The compressor
can circulate the refrigerant gas between both batteries in order to transfer the heat from
inside the room. To carry out the exchange, an expansion valve, suddenly lowers the
pressure of the refrigerant, decreasing in turn the temperature. The refrigerant gas will be
exposed to the internal hot air, if it is hot, cooling down the room air in turn. The compressor
absorbs the refrigerant, compressing it, and increasing its pressure and temperature to later
take it to the condenser. When the refrigerant is in contact with the outside air, which is at a
lower temperature, it dissipates all the internal heat. Subsequently, the refrigerant will reach
the expansion valve, starting the cycle once more.
Project RG-T2785-P004 94
Machine Translated by Google
air conditioners
From the IT load to be supported, the installation of:
Each equipment will consist of an internal unit (CRAC) and two external units (condensers),
the characteristics of which must be the following:
Project RG-T2785-P004 95
Machine Translated by Google
- EC fans
humidifiers
After the preliminary analysis, it was concluded that a humidification system is not necessary.
air renovation
The air renovation system will be carried out according to local regulations, aiming to reduce to the maximum
the number of renovations to what is strictly necessary, otherwise if
would continually introduce wet air to the IT room.
- EC fans
- EU4+EU8 filters
extraction of humus
A humus extraction system must be provided in order to renew the air in the room
after firing the extinguishing agent. The system must be designed in accordance with local regulations, and
be able to renew the entire room air in less than 30 minutes.
Project RG-T2785-P004 96
Machine Translated by Google
pasillo lock
It is necessary to close the pass with the appropriate materials for Data Centers, in order to ensure the
conditions in the cold pass.
The gate will be specially designed for a Data Center that guarantees an important energy supply. This
makes it possible to increase the energy efficiency of the equipment installed indoors due to temperature
optimization, thus achieving more refrigeration.
direct.
-
Access to the system is carried out through a sliding gate to optimize the space.
-
The height of the structure is for 42U cabinets.
air conditioners
The UPS room refrigeration equipment will have the same characteristics as the IT room, but with the
following dimension:
humidifiers
Without wetting system.
Project RG-T2785-P004 97
Machine Translated by Google
air conditioners
The battery room refrigeration equipment will have the same characteristics as the IT room, but with the
following dimensions:
humidifiers
air conditioners
The rest of rooms that do not correspond to IT equipment or electro-mechanical support infrastructures will
be cooled using standard high-efficiency comfort equipment, ensuring adequate interior conditions:
- Summer months:
- Winter months:
Project RG-T2785-P004 98
Machine Translated by Google
air renovation
For air renovation, IDA 2 facilities will be considered, so less than 60 m3 /h will be required
for stays.
The control and supervision system is a vital system to manage, understand and automate
the processes that occur within the Data Center. This will be based on an open protocol
BMS.
- Temperature sensors
- Humidity sensors
- Pressure sensors
- Power meters
- Equipment alarms
Project RG-T2785-P004 99
Machine Translated by Google
- Switches, mechanisms…
- Monitoring software installed in duplicate on a PC in the NOC room and in another security
point.
- GSM modem
The system will be designed to be completely redundant on 2N, ensuring fast response in the event
of an incident.
The definition of the parameters to be supervised and controlled will be defined during the
engineering of the project.
A global access control system based on biometric technology will be installed for the entire Data
Center that regulates access to only authorized personnel for each of the spaces.
So, in each one of the access ports there will be a device using a biometric sensor that only
authorizes the step of authorized persons without them being able to provide temporarily to third
parties.
The system will have a history of data that will allow you to know who has entered the different
rooms at any given time.
The access control will also be carried out at the level of the IT room and racks, preventing
unauthorized personnel from accessing IT equipment from any institution.
Likewise, the entire perimeter of the Data Center, as well as its interior, will be supervised by means
of a closed circuit television (CCTV) completely independent from the rest of the systems. The
system will allow the recording of images for at least a month to follow up on the operations and
actions that are carried out.
The system will have a capacity of up to 32 cameras in the entire installation and can be supervised
from the NOC room of the Data Center and from the security point.
With respect to the physical characteristics of the electronic security and passive protection
systems, the following are considered:
• Security gates. The landmark will have to be fixed to the wall with spárragos de sujection
and you will have 3 security brackets.
• For access to the IT room, a double control system should be available, as an example of a control
model: access formed by a card reader and a biometric (huella reader). This system will be defined
together with the rest of the access control models, it can be double-checked with the phone or
with the keyboard (PIN). For the rest of the rooms, a simple system is available, using card readers.
• Magnetic contact for mounting in doors, maximum separation of 9 mm. • APO (alarm by default)
associated with the magnetic contact of the door with access control so that it alarms in case it remains
open for a certain time. • Detectors with dual infrared technology and k-band microwaves with
minimum penetration into walls, supervised, tamper, LED light, detection with master adaptation and
temperature compensation to reduce false alarms triggered by the Data Center.
- early detection
- Conventional detection
- Automatic extinguishing
- Manual extinguishing
According to the criticality of the space, the lowest level of protection will be used.
early detection
The highly sensitive early system continuously monitors the presence of precombustion particles or
combustion at less than 4 alarm levels. From the first level, fire warning alarms are sent. In case of arrival
at the fourth level, the system would send an extinguishing trigger signal.
The most widely used system is VESDA, especially suitable for high sensitivity applications such as IT
spaces. The sensitivity is completely programmable, avoiding false alarms.
- Programmable relays
- Event registration
The rest of the rooms will be supervised using a conventional fire detection system.
conventional detection
The conventional fire system is made up of photoelectric optical sensors distributed in the
space to be supervised. In case of detection of humus in a zone, the system activates the
fire alarm, and in case of detection in two zones, the system authorizes automatic
extinguishing (if connected).
This system will be installed in all the rooms and spaces of the Data Center.
automatic extinguishing
The extinguishing agent is an essential element that can be used in a Data Center and must
fulfill the basic functions:
- Extinguish any fire that could affect the integrity and operation
- Ensuring the integrity and functioning of the IT equipment and the data they contain
both in case of fire and in case of false alarm.
The agents that fulfill these requirements according to the NFPA are:
- Inert gas of nitrogen and argon mixture, which is stored at high pressures and
- FM-200, which is stored at medium pressure and is not used due to its environmental impact, which
- Novec 1230, which is stored at median pressure and is also available for the most expensive solution,
currently it is the agent that offers the most ideal characteristics in the field of
Extinguishing agents based on water or another type of foam or liquid can seriously affect the integrity of
IT equipment.
The system will be designed using a calculation software provided by the equipment manufacturer, with
the objective of being able to guarantee the exact discharge flow rates from the pipes and ensure an
optimal concentration of gas at all points in the protected area.
In order to discharge the gas evenly in the room, there will be a network of pipes and diffusers distributed
both in the environment and in the technical area.
The system will be equipped with all the necessary accessories (SEVO type) to properly extinguish fires.
It is also contemplated to carry out pressurization tests (DFT) in the rooms in order to determine the level
of watertightness of each one.
In case of extinction, the system will respond in a way to isolate the affected area and ensure the
watertightness of the system so that the agent acts effectively.
The system will be controlled by an extinguishing center located outside each room, a central panel will
incorporate batteries for autonomy and a board/module with auxiliary relays.
The system will have block/stop and trip buttons in the event of an emergency at the entrance of the rooms
with automatic extinguishing, so that in the event of an untimely trip warning it is possible to interrupt the
trip warning on the control panel of the system. extinction, or in case of failure of the automatic triggering
system, the emergency trigger for triggering allows its activation by simple action of a person. There will
be luminous signs that
activated in case of trip warning; dichos letreros are located next to the puerta lintel
of access.
The action of the extinction system is programmed for cross detection. Es decir, the initiation of the
extinction will take place when the detectors go into alarm.
manual extinguishing
Manual extinction must be foreseen in the project according to local regulations. Now, it will be carried
out in accordance with the requirements of a data processing center. Therefore, for each one of the
spaces a different manual extinguishing system will be used.
No manual fire extinguisher will be required, due to the existence of manual trigger devices (pulsers) of
the automatic extinguishing system.
No manual fire extinguisher will be required, due to the existence of manual trigger devices (pulsers) of
the automatic extinguishing system.
common spaces
transformation hutches
outdoor areas
An equipped fire hydrant (BIE) will be provided for use only outside and inside the Data Center.
5.5.4 Racks
The racks must be specially designed for installations where security and stability are important factors to
consider.
The cabinets are very flexible, enabling the installation of all the diversity of IT equipment and networking
available on the market for standard sizes. Among others: structured wiring, networking, servers, IT
equipment…
The cabinets are manufactured in accordance with ANSI T1.336 and ANSI T1.336 regulations.
- Anti-seismic supports.
- Steel front door of a today with 83% perforation, and back door of
- Rack with light aluminum structure and union on the corners with piezas
solids for the profile anchorage giving greater rigidity to its structure.
40 racks for IT equipment distributed between the conventional room (30 racks) and the Safe Room (10
racks). All these racks will be closed with perforated panels on the front and back (with double door),
providing a key lock and combination.
All racks will be of the same height of 42 units (“u” of rack) for homogeneity and ease of closing the cold
passage.
In the rooms of service providers 1 and 2, the ability to install 4 racks in each one is contemplated
(assembling 3 at the beginning), as well as ODFs for finishing the fiber optic cabling.
The telecommunications room will have 2 MDA (Main Distribution Area – Core for communications) racks
and 6 GC (communications rack) type racks.
All racks will be anchored to the ground on a support structure in order to mitigate them.
earthquake effects.
All racks will provide a direct connection to the ground floor in order to comply with the requirements of
TIA-942 and BICSI-002.
distribution scheme
The data wiring has been designed according to TIA-942 and BICSI-002 criteria.
A hierarchical design has been followed, complying with all the requirements of the Tier III level, and the
maximum number of levels of the TIA-942.
It is considered one of the rooms of providers of access to communications. The cable accesses will be
physically separated on the outside by a distance greater than 20 meters, as stipulated in TIA-942.
From each access point, a connection to the primary entrances of the Data Center will be reached through
a flexible metal underground channel, as stipulated in TIA-942.
Es decir, each primary input will be connected with both access providers.
Both the primary entrances and the main distribution points will be located in the separate and independent
communication racks.
The liability limit of communication access providers ends right at the rack link.
From each primary access, fiber optic cabling of quality MM OM3 will start with the main distribution points.
There will be a fiber optic link MM OM3 between the main distribution points, from
way to increase redundancy.
From each main distribution point, 6 MM OM3 fiber links will be made to each horizontal distribution point.
The horizontal distribution points will be located in end-row racks in each row.
At each point of horizontal distribution, a prearrangement will be made between the end-row rack
and each rack with optical fiber and copper cable, according to the characteristics of the row:
copper cable
All copper wiring must guarantee the quality of the product and service.
All telecommunications outlets/connectors must be category 6A, 500 MHz, be designed for the termination
of a balanced twisted-pair copper cable with four pairs, and have at least the following characteristics:
- Be available in 12 colors.
- That its design allows its installation from the front or from the back of the front plate
allowing you to pass through the plate without the need for reterminaciones.
- That its design allows its assembly on the plate in a flat or angled orientation.
- That has the contacts diagonally to maximize distance between hilos and minimize
ANNEX
- Comply with and exceed the standards TIA-568-B.2-10, ISO/IEC 11801:2002 1st amendment, IEC
60603-7, IEEE 802.3an, IEEE 802.3af and TIA-968-A.
All patch panels must allow cross-connection and interconnection using modular cords,
complying with the requirements for mounting in 19” racks and having at least the following
characteristics:
- Allow the automatic connection to the land of its armored modules to be inserted.
- Be made of light steel with high mechanical strength with a durable finish
in black color.
- There are quick release tabs that allow you to easily uninstall the modules
individuals even in high density situations.
All F/UTP cables must be category 6A at 500 MHz and have at least the following
characteristics:
- Have a construction consisting of four pairs of solid copper conductors 0.57mm (0.02 in) (24AWG) in
- Have a cellophane film that surrounds the entire set of cable pairs, one
- Be available in different lining colors. Blue – CMR and CMP, Gray – CMX, and Violet -
LSOH
fiber cable
All interconnection centers, panels and fiber optic tray units must have the media and accessories that
allow cross-connection, interconnection, splicing, accommodation and management of jumpers and
pigtails; in addition to poseer at least the following features:
- Its size does not have to be larger, and it must be able to accommodate up to 48 ports
duplex in MPO cassettes with LC adapters in the other extreme, or bien 3 adapters
MTP-MTP up to 8 connectors each.
- You must have ciegas adapter plates for the future growth of the infrastructure
fiber.
- You must have adapter plates of 6, 8 and 12 ports (duplex) fiber that allow
- You must have adapter plates with hooking and removing mechanism using a floor
finger.
- You must have a front cover that can be used as a labeling surface and for
protect the jumpers. This cubicle must allow its relocation to another position
- The models with three adapters must be available with a sliding mechanism
that allows the panel to slide forward or backward, and must have insurance
detachables that allow you to remove the cabinet from the rack.
All multimode fiber optic cables used for data cabling must have at least the following characteristics:
request.
- Cable RazorCore with a diameter of 3mm (for 12 fibers), which must be available with
- Have a seamless connection system, which only consists of introducing the plugs in
existing Plug & Play installations, and include an adapter to join the alargo with the
end of the coil. .
The latest update of the TIA-942 regulations does not require any requirements in relation to emergency
shutdown systems – EPO (Emergency Power Off).
Likewise, the Tier Topology of the Uptime Institute declares that it is a system that introduces a unique
point of failure.
In this way, it is decided not to install any EPO system in the installation.
Now, during the implementation of the project and if it was necessary for the security of the maintenance
workers, the installation of individual EPO systems in those equipments can be contemplated, where it is
considered by SENATICs to avoid risks during the putting in operation of the equipments during its
maintenance. In no case will these systems affect the rest of the equipment in the operation of the Data
Center.
PHASE I
Number of Racks: 40
IT Power: 240 kW
PHASE II
Number of Racks: 80
IT Power: 480 kW
ÿ Support engineering.
ÿ Project management.
ÿ Quality controls.
ÿ Project planning.
- Carry out all the plans and documentation necessary to carry out the project
- Provide support for the stipulated controls for putting in motion and delivering
project
The optional direction of the project must be executed by a designated specialist, Project
Manager. The PM is responsible for:
- Approval of each of the phases of the project
- Coordination of installers.
Each departure is individually planned and all the information on schedules and time is shared
and adjusted with the installers.
Any correction required will be made by the specific installer. No installer can consider his work
finished until he obtains the approval signed by the PM
For each one of the phases of the project, the client's approval will be required (the
SENATICs or which is signed in representation for cuestiones) in order to proceed with the tasks.
The important points are: basic engineering and detail engineering.
For the main teams, factory tests will be required: Factory Acceptance Test, which must
be approved by the Commissioning team, the PM and the customer (the persons defined
for this purpose by SENATICs).
During the execution of the project, as they go on executing the matches, the commission
and the puesta will be carried out in an individual march of the systems. Approval of the
Commissioning and PM team will be required for each of them.
Before handing it over to SENATICs, a complete system test will be carried out: Integrated
System Test, in which the operation of the Data Center will be simulated using test
benches. Preliminaries will be carried out, the protocol of the data must be approved by
the participants in the process (Commsioning team, the PM and the SENATICs) beforehand.
Before the delivery of keys (formal completion of the work), an acceptance of the project
will be carried out: Site Acceptance Test. In the meantime, SENATICs will review each and
every one of the systems to verify that the requirements established in the contract of
construction of the Data Center.
Finally, a detailed training will be carried out for the personnel who will manage the Data
Center, and a brief training for the people that SENATICs deems appropriate.
The project is expected to be carried out within a period of 9 months from the moment
that the relevant permissions and approvals are obtained for its start.
All delays owed to third companies and/or obtaining permissions will not be considered
in the described forecast.
It is necessary that throughout the development of the project, from the most incipient
phase with the development of solutions and design, it is necessary to have a support
company that supervises and guarantees that all documentation and construction work
are aligned to obtain the certification. It will require the support of companies specialized
in this field, which must assess their experience with respect to concrete, contrastable cases.
6 Project departures
The continuation presents the content of the different matches considered in the Data
Center project. The best manufacturers and best solutions have been considered for each
case.
6.1 FOREIGN
6.1.1 Perimeter fence
High security fence specially designed in such a way that it cannot be climbed or cut. The
separation between wire centers comprises 12.7 mm (vertical) x 76.2 mm (horizontal)
6.1.1.1 1
Made up of electrowelded flat mallazo panels made from Type 5T22 steel wire (Standard
UNE 36 089) 4 mm in diameter (AWG 8).
The wall is subject to posts that are IPE 120 type beams embedded in concrete dies of 0.4 mx
0.4 mx 1 m.
6.1.1.2 1
The standard electrowelded steel wire panels will have a height of 4 m and a maximum depth of
2.5 m.
Automatic metallic sliding door with a sliding horizontal movement. Composed of a
6.1.1.3 rectangular frame with beams. With access control system included 1
Mechanized revolving door formed by three hojas 2.20 cm high, with a diameter of 2000 mm. Doors
6.1.1.4 and protection cylinder formed by tubular steel profiles. 1
Access control included.
6.1.1.5 Video intercom system for pedestrian and vehicular gates two
CCTV system made up of 8 infrared cameras (2 on each side of the outer perimeter)
6.1.1.6 1
6.1.2 Cementing
Cleaning concrete for cement slab, thickness 10 cm HM-20/B/20/IIa of bland consistency and
6.1.2.5 1
maximum size of arid of 20 mm, from truck.
6.1.3 Floor
Concrete flooring HM-30/b/20/I+F of bland consistency maximum size of gran. 20mm hollow with
6.1.3.1 mechanical interior transport and mechanical vibrating and manual finishing 1
6.1.4.1 Preparation of the total land that will cover the plot/wall Paved and 1
paved of the traffic areas for vehicles, including the proportional part of painting for its
6.1.4.2 1
delimitation Parking for cars (with different areas for visitors and customers, as well as for cargo
and material unloading)
6.1.4.3 1
Space conditioning for clean point where cages/recycling containers are located
6.1.4.4 1
Preparation of the land where the external services will be placed (Transformation centers
6.1.4.5 1
and associated generators and fuel depots)
data
6.1.4.8 Underground electrical conduits from generator sets to the Data Center two
monotubes) is included to facilitate the installation of the first fiber optic cables. Including
prefabricated concrete boxes to support installation and future maintenance.
6.2 CIVIL
6.2.1 Structure
Steel tubular steel pillars S275JR with a diameter of 323mm and a thickness of 6 mm up to 6
6.2.1.1 1
meters high.
Rectangular steel tubular metallic profiles S275JR for curtain walls with dimensions 250x160
6.2.1.2 mm and 6 mm thickness up to 6 meters in length. Workshop welds included. 1
Rectangular steel tubular metallic profiles S275JR for mullions and diagonals of cover
6.2.1.3 fence of dimensions 180x120 mm and 6 mm thickness up to 6 meters in length. Workshop 1
welds included.
Rectangular steel tubular steel profiles S275JR for 300x200 mm cube-shaped riostra
6.2.1.4 chariots and 6 mm thickness up to 6 meters in length. 1
Workshop welds included.
Steel profiles IPN400 in steel S275JR for secondary chariots covered with up to 6 meters in
6.2.1.5 1
length. Workshop welds included.
Refill HA-25/B/20/IIa of tubular pillars, with an average amount of 25kg/m3.
6.2.1.6 1
Acero en pletinas S275JR for supporting pillars in cementation. Anchor bolts included.
6.2.1.7 1
Workshop welds included.
Concrete for 12 cm corner cement slab HA-25/B/20/IIa of bland consistency and maximum arid
6.2.1.9 size of 20 mm, from truck, with an average amount of 15 kg/m2. 1
Intumescent paint for fire protection for an R120 protection of the structure (pillars and
6.2.1.10 1
profile) (Grosor up to 3000 ÿm)
Fire protection foam for an R60 protection of the cover (sandwich forged). RF120 will be
6.2.1.11 1
obtained with armor.
Solution finalized to be practicable in the area where the outdoor air conditioning units
6.2.3.1 1
can be housed.
Membrane with a surface density of 1.15 kg/m2 and a thickness of 1 mm, made of
6.2.3.2 1
an ethylene propylene diene (EPDM) sheet, placed on the adhesive
0.7 mm thick aluminum flat file, preformed and 45 cm in development, placed with mechanical
6.2.3.3 1
fasteners
Soft-walled PVC-U tube base, application area B according to UNE-EN 1329-1 standard, DN 75
6.2.3.4 mm, including special pieces and mechanically secured joints 1
6.3 INSTALLATIONS
6.3.1 Power, wiring and lighting 6.3.1.1 1600
kVA MV/LV transformer 6.3.1.2 1600 kVA MV/LV 1
1
Electric board of MT III+N (For TNS system) 3 cells of line +remonte
6.3.1.4 Automatic for general protection + Measure 3TT 3TI + 2 automatic cells for protection of
transformers with their corresponding relays
Climate unit, including indirect free-cooling system by means of a polymeric plate exchanger,
6.3.2.1 DX refrigeration system, EC fans, F5 filters, 3
Interface for monitoring
Redundant climate unit, with identical specifications to those mentioned in the previous game
6.3.2.2 two
6.3.2.3 Additional sensors in cold and hot, temperature, humidity and pressure 1
3
two
Detectors for generating sets rooms and transformation centers connected to a specific loop of
6.3.3.1 two
6.3.4.1 leakage detection system (included central management and cable with meter), connected to BMS 1
6.3.5 BMS
6.3.5.2 Controllers to recover all field signals, including walkways, input/output modules for both digital 1
and analog signals
6.3.6.3 CCTV system based on IP-POE technology, including indoor cameras and 16-channel video 1
recorders
6.3.6.4 Intrusion detection system (with central panel, volumetric and detectors) 1
6.3.7.2 Design of the second standard Tier III project (Basic and Constructive Engineering) 1
6.4.1.9 Pasacables 1
6.4.2.1 200x60x3000 mm data tray with refuerzo supports 6.4.2.2 100x60x3000 mm two
power tray with refuerzo supports 6.4.2.3 Rack Provider rooms 42U 600x1000, 1000 kg two
6.5.1.9 Pasacables 1
6.5.2.1 200x60x3000 mm data tray with refuerzo supports 6.5.2.2 100x60x3000 mm two
power tray with refuerzo supports 6.5.2.3 MDA (Main Distribution Area) type rack two
two
service cable 1
6.5.3.3 Lighting 1
6.6 IT Rooms
6.6.1 Structure - Safe Room RF120 EN1047-2 6.6.1.1
Panels walls 1
6.6.1.9 Pasacables 1
6.6.2.1 200x60x3000 mm data tray with refuerzo supports 6.6.2.2 100x60x3000 mm two
power tray with refuerzo supports 6.6.2.3 IT Rack (EDA) 42U 600x1000, 1000 kg 6.6.2.4 two
Distribution Rack (HDA) 200600 4 , 1000 kg 6.6.2.5 Blanking pannels for rack 800 mm 40
6
46
with hot-swap switches 6.6.3.4 High density rack junction box 32A 1
Overpressure air renovation unit, including external control, F9 filters, overpressure port and
6.6.4.2 1
RF120 fire port
Conventional fire detection and extinguishing center with optical sensors and centralized alarm
6.6.5.1 two
extinguishing system with metal fittings, pipes, nozzles and pressure gauge, manual
6.6.5.3 two
mechanical triggering
6.6.5.4 Door Fan Test two
Autonomous monitoring and control system including temperature and humidity sensors, water
6.6.6.1 detection and alarm reading (fire control unit, UPS, climate...). Communication via web access, 1
email, SMS and SNMP.
6.6.6.3 Access control, through double check with card and keyboard (PIN). two
6.6.6.4 Accessible CCTV Cameras, from the inside (safe area) two
Empty fiber patch panels - space for 3 cassettes 6.6.7.3 Cassette for 1
Latiguillo covers 5m 1
and certification 1
6.6.8.3 Design of the second standard Tier III project (Basic and Constructive Engineering) 1
6.6.8.7 Technical cleaning at the end of the project according to ISO14644 6.6.8.8 1
Material recycling containers 6.6.8.9 Launching and Site Acceptance Test (SAT) 1
6.7.2 Plumbing
6.7.3.14 UPS 300 kW, modular, with double battery pack 10 min two
Main cable in the interior of the room for the cooling system, SAIs, Racks, Lighting,
6.7.3.19 1
Extinguishing system, etc. (power only)
Redundant cabled inside the room for the cooling system, SAIs, Racks, Lighting, Extinguishing
6.7.3.20 1
system, etc. (power only)
6.7.4.2 Additional sensors per room, temperature and humidity 6.7.4.3 RF120 1
6.7.4.4 Conducts 1
Fire extinguishing plant, managed by a main detection plant, with optical sensors and centralized
6.7.5.1 1
alarm
6.7.5.2 Early detection system 1
Novec 1230 extinguishing system with metal fittings, pipes, nozzles and pressure gauge,
6.7.5.3 two
6.7.6.1 Access control, through double check with card and keyboard (PIN). two
6.7.7.3 Design of the second standard Tier III project (Basic and Constructive Engineering) 1
preparation for Uptime Institute certification 6.7.7.7 Technical cleaning at the end 1
6.8 Warehouse
6.8.1 Structure
6.8.2 Plumbing
6.8.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and RF90 1
fire port
Detectors and sirens integrated in loop with the detection system of the main central
6.8.5.1 1
6.8.6.1 Access control, through double check with card and keyboard (PIN). 1
management 6.8.7.4 As-built documentation and project memory 6.8.7.5 Technical cleaning 1
at the end of the project according to ISO14644 6.8.7.6 Material recycling containers 1
6.9.2 Plumbing
6.9.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and 1
RF90 fire port
6.9.5.1 Detectors and sirens integrated in loop with the main control panel 1
detection system 6.9.5.2 Manual extinguishing
1
6.9.6.1 Access control, through double check with card and keyboard (PIN). 1
6.9.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
6.9.6.4 Set of monitors for viewing security systems (Access Control and CCTV). 1
6.9.6.5 Set of monitors for viewing the fire system (detector placement diagrams and charts) 1
6.9.6.7 Complete work station (table, table, computer and high performance screen - continuous operation). 6
management 6.9.7.4 As-built documentation and project memory 6.9.7.5 Technical cleaning 1
at the end of the project according to ISO14644 6.9.7.6 Material recycling containers 1
and Finishes 1
6.10.2 Plumbing
6.10.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and RF90 1
fire port
Detectors and sirens integrated in loop with the detection system of the main central
6.10.5.1 1
6.10.6.1 Access control, through double check with card and keyboard (PIN). 1
6.10.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
6.10.6.3 Complete work station (table, table, computer and high performance screen - continuous 6
operation).
cleaning at the end of the project according to ISO14644 6.10.7.6 Material recycling 1
containers 1
and Finishes 1
6.11.2 Plumbing
6.11.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and 1
RF90 fire port
6.11.5.1 Detectors and sirens integrated in loop with the detection system of the main central 1
6.11.6.1 Access control, through double check with card and keyboard (PIN). 1
6.11.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
cleaning at the end of the project according to ISO14644 6.11.7.6 Material recycling 1
containers 1
6.12.2 Plumbing
6.12.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and 1
RF90 fire port
6.12.5.1 Detectors and sirens integrated in loop with the detection system of the main central 1
6.12.6.1 Access control, through double check with card and keyboard (PIN). 1
6.12.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
cleaning at the end of the project according to ISO14644 6.12.7.6 Material recycling 1
containers 1
and Finishes 1
6.13.2 Plumbing
Emergency lighting 1
6.13.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and 1
RF90 fire port
Detectors and sirens integrated in loop with the detection system of the main central
6.13.5.1 1
6.13.6.1 Access control, through double check with card and keyboard (PIN). 1
6.13.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
6.13.6.3 Complete work station (table, table, computer and screen). two
cleaning at the end of the project according to ISO14644 6.13.7.6 Material recycling 1
containers 1
1
6.14.2 Plumbing
Emergency lighting 1
6.14.4.2 Overpressure air renovation unit, including external control, F9 filters, overpressure port and RF90 1
fire port
Detectors and sirens integrated in loop with the detection system of the main central
6.14.5.1 1
6.14.6.1 Access control, through double check with card and keyboard (PIN). 1
6.14.6.2 Camera focusing on access from the outside to the living room, connected to the CCTV system 1
6.14.6.5 PC and set of associated monitors for managing security systems (Access Control and CCTV). 1
6.14.6.6 PC and associated monitor, for graphic system of the fire fighting system 1
cleaning at the end of the project according to ISO14644 6.14.7.6 Material recycling containers 1
In any country that wants to take a firm step towards the increasingly technological future, it
is also necessary to have an extensive fiber optic network, and with good capillarity through
the different regions, as well as good international connections, to have a center of data that
the central point is to manage, within itself, all the services that are going to be developed,
managing to maintain all the institutions in the vanguard point that are required.
This analysis covers the construction needs of the TIER III Data Center located in
Asunción, which will house all the necessary equipment for the provision of current and future
services of the SENATICs.
An estimation of the IT equipments to be considered has been carried out, but it will be
necessary to evaluate the services and the state of the mismos at the time that this new Data
Center is operational in order to define what are the real needs arrived at that moment. It's not
just the hardware, it's the model that decides, it's the services we want to offer, adapting the hardware to them.
The continuation presents the initial investment (CAPEX) to be carried out according to the
technical studio and operating expenses (OPEX) for the first 5 years3 .
The estimate for the investment costs would amount to $19,767,205.08, divided into four main
amounts that would comprise each of the phases of construction of the data center; the
support for the development of the project with the costs related to the support engineering,
the optional management, commissioning and initial support; and the costs of TIER
certifications with the estimations for the certification, including part of the consultancy and
the tasks of both design and construction.
3
All calculations have been carried out according to the type of exchange at the current date
TOTAL
$19,767,205.08
Figure 33 Total CAPEX for the implementation of the data center in Paraguay
Therefore, in order to reach the total cost indicated above, the continuation describes the
cost corresponding to each of these four main departures, explained in detail in the
previous chapters of Propuesta del centro de datos y Partidas del proyecto.
The first phase, which would be considered to be carried out during the first few months,
would require an investment of $10,755,283.26 split from the following manner in exterior,
civil, installations and equipment:
PHASE I
$10,755,283.26
FOREIGN
PERIMETER WALLWAY $185,445.94
URBANIZATION + CEMENTATION $921,091.30
$1,106,537.24
CIVIL
STRUCTURE $555,886.59
EXTERIOR LOCKS $453,797.76
INTERIOR DIVISIONS $90,822.27
TECHOS $25,507.50
INTERIOR FINISHES $98,985.70
WOODEN CARPENTER $17,688.00
METALLIC CARPINTERÍA AND CERRAJERÍA $122,815.19
EQUIPMENT $40,214.35
LOAD OF MODULES $32,095.86
CRANE AND AUXILIARY MEDIUMS $79,770.63
TRANSPORT $500,439.36
ASSEMBLY $70,812.00
SECURITY AND HEALTH $51,081.14
CALIDADITY AND ENVIRONMENT $34,054.24
$2,173,970.59
INSTALLATIONS
esteem. Affected from substation $191,834.80
WORKSHOP INSTALLATIONS $76,992.30
OPERATIONAL SUPPORT CENTERS $169,334.84
SECTION CENTER $76,133.06
TRANSFORMATION CENTERS $452,667.21
INST. ELECTRICITY $1,687,133.25
INST. PROTECTION AGAINST ATMOSPHERIC DISCHARGE $26,748.18
INS FUEL $62,517.00
INST. CLIMATIZATION $510,662.22
INST. FIRE $123,456.00
INST. FOUNTAIN $8,974.63
INST. SANITATION $7,407.00
INST. SPECIALS (WATER DETECTION) $20,331.00
INST. BMS $156,643.35
INST. SECURITY $185,451.88
TELECOMMUNICATION CHANNELING $38,556.00
$3,794,842.69
EQUIPMENT
RACKS $115,200.00
LOCKS PASILLOS FRIOS $75,024.00
SMART PDU'S $252,000.00
EQUIPMENT FOR CONNECTION WITH RED FO $326,000.00
$768,224.00
IT EQUIPMENT
perimeter security $342,000.00
balance $118,000.00
central switching $190,240.00
Switching storage $83,800.00
Main storage cabin $240,000.00
Cab copies back $140,000.00
computing $390,812.00
computing connectivity $36,000.00
Storage main cabin $200,000.00
back-up cabin $100,000.00
Blades UCS computing $488,515.00
Contingency $582,341.75
$2,911,708.75
The second phase, lasting approximately two months, would be considered to be carried
out after a year in operation after phase I of construction. This phase would require an
investment of $7,860,671.82 split from the same way as the first phase in exteriors, civil,
installations and equipment, but with some items disaggregated less due to which had
been implemented in the first year:
PHASE II
$7,860,671.82
FOREIGN
CEMENTATION $50,000.00
$50,000.00
CIVIL
STRUCTURE $409,001.88
EXTERIOR LOCKS $261,876.66
INTERIOR DIVISIONS $36,488.88
TECHOS
INTERIOR FINISHES $85,573.23
WOODEN CARPENTER
METALLIC CARPINTERÍA AND CERRAJERÍA $11,739.00
EQUIPMENT
LOAD OF MODULES $32,520.54
CRANE AND AUXILIARY MEDIUMS $72,232.50
TRANSPORT $415,792.32
ASSEMBLY $56,322.00
SECURITY AND HEALTH $41,456.14
CALIDADITY AND ENVIRONMENT $21,679.24
$1,444,682.39
INSTALLATIONS
WORKSHOP INSTALLATIONS
SECTION CENTER
TRANSFORMATION CENTERS $55,000.00
INST. ELECTRICITY $1,687,133.25
INS FUEL $10,520.40
INST. CLIMATIZATION $510,662.22
INST. FIRE $118,956.09
INST. FOUNTAIN $3,974.63
INST. SANITATION $7,407.00
INST. SPECIALS (WATER DETECTION) $11,106.25
INST. BMS $93,643.35
INST. SECURITY $18,556.25
TELECOMMUNICATION CHANNELING $8,556.00
$2,525,515.43
EQUIPMENT
RACKS $115,200.00
LOCKS PASILLOS FRIOS $75,024.00
SMART PDU'S $252,000.00
$442,224.00
IT EQUIPMENT
Storage main cabin $720,000.00
back-up cabin $336,000.00
Blades UCS computing $1,641,000.00
Switching UCS $21,600.00
Contingency $679,650.00
$3,398,250.00
The third main amount refers to support for the development of the project with the
costs related to the support engineering, requiring an investment of $637,500.00
distributed in the following way in the support direction, optional direction, commissioning
and initial support:
$637,500.00
Finally, the main room refers to the costs for the TIER certifications, requiring an
investment of $513,750.00 shared for the design and construction certification and, in
turn, with estimates for both the consultancy and the them
certification attainment rates:
$513,750.00
In summary, the investment planned for the first 5 years is exposed during the same
period, it is proposed to carry out the implementation of the first phase of construction
in the first sweet months, and after a year in the misma operation, a few new months for
the second level:
In the first year, the support engineering departures, optional management and
commissioning are imputed since they form an essential part of the construction of the
first phase of the data center, requiring support in the first year of operation for the
second year (which will correspond with the first year of commencing with the
management and operation of the data center).
The TIER III certifications are planned for their imputation in the second year, so it will
be fair to finish the first phase when it is necessary to consider this cost.
For the operation of the data center, the costs that are due to have in account the length of
the period that has been analyzed would be the following:
SELECTION OF CONTROL COMPANY THAT WILL CARRY OUT LAS PRUEBAS DE PUESTA EN MARCHA Y VALIDACIÓN
CONTEST FOR THE AWARDING OF THE TRABAJOS
URBANIZATION + CEMENTATION
FACTORY PRUEBAS
INTEGRATION PRUEBAS
PREPARATION OF PROCEDURES
TRAINING PROGRAM FOR THE PERSONAL INVOLUCRATED IN THE OPERATION OF THE DATA CENTER.
The Republic of Paraguay has a great deal ahead of itself to provide its institutions,
companies and citizens with the technological tools that allow them to continue
advancing, while helping them to be competitive in the global world in which we are.
At the time of planning the construction of the new Data Center provided by the
SENATICs, we must be very present that today the energy efficiency and what it leads to
when having the lowest environmental impact and the adequate use of resources, we
should consider that all the equipment is modular, to grow as needed.
The creation of the Data Center is proposed in a modular way, ensuring a smaller initial
investment and the possibility of future growth without interrupting the service.
One of the fundamental questions to guarantee the success of the project is to have the
appropriate travel companions, for which we suggest dealing with the following actions/
companies independently, which implies putting special care at the time of choosing the
engineering company that supports the development of the project in the initial phases
and during its implementation, the installer/constructor company that executes it (which
we suggest is an entity very specialized in the construction and implementation of the
Data Center), and the company that Realize all the steps of the puesta in march before
starting with the operation of the data center. All of them should be asked for a broad
experience in similar projects.
As part of the socialization of this technical studio, training provided by experts from Networld
Consulting is included for the purpose of transferring our technical knowledge to carry out the
technical implementations and the different aspects that we consider to be of assistance to the
SENATICs to obtain the maximum income for this project.
training proposal
5 Technical recommendations.
This training is about putting in value the main objectives of the data center operations services:
- Develop specific methods to optimize the operation and prolong the useful life of the
equipment and its components.
- Reduce maintenance costs and replacement materials that act on the factors that cause
wear and tear and help in the management of the piezas inventory
repudiate
- Supervise and manage consumables, such as fuel, electricity, filters, belts, water, lamps
and lubricants. Indication and application of means to optimize their use and indicating
the right moment for the acquisition of the mismos.
- Produce periodical reports that contain important information for management and
growth. In addition to predictive maintenance.
-
The regular monitoring of the plant through routes with the verification and inspection of the data
record that allows the observation of the trends.
- Complete record of all events and activities carried out, the generation of evidence and history.
- Analysis and treatment of failures through advanced methods that allow avoiding repetition of failures
and generating learning, avoiding similar failures in them
systems.
- Carry out all activities with a focus on quality and security (personal, good, processes and
environment).
- Monitoring of the services provided by other companies, observing and taking care to maintain the
levels of quality required for the environment and to avoid the occurrence of failures;
In the following table a tentative agenda is proposed for this phase of socialization of the project of the
design of the data center.
Finally, the continuation is part of the content of this training with the intention of showing
the best recommendations for the operation and management of the data center.
The working hours and the minimum composition of the resident technical team are
defined in the following way:
1 x Operation Manager
Journey: Commercial
Main Responsibilities:
1 x Administrative Assistant
Journey: Commercial
Main Responsibilities:
Responsibilities:
Technical follow-up;
4 x refrigeration mechanic
Responsibilities:
technical follow-up
Journey: Commercial
Responsibilities:
Routing of red cables and optical fibers within critical areas (Data Center, Communications
Area, etc.);
Journey: Commercial
Responsibilities:
The necessary equipment has been considered to manage the new data center at the operational level, as
well as the technical infrastructures (mainly electro mechanics and systems associated with the general
operation for the correct and safe operation of the Data Center).
The costs of other equipment are not considered, given that the specific resources for managing IT
services, for the NOC room and for CERT-PY, are considered to exist at the moment.
and therefore there will be no relocation, in addition to resources not directly associated
with the physical operation of the new data center.
In order to carry out a correct operation of our data center, once it is in operation, it is
important to define, from the design stage, a series of documents, policies and procedures
that organize everything correctly and allow us to carry out an efficient management of
our facilities. . It is important to be very clear from the beginning that they are said to be
documents.
We can say that on many occasions it is something very obvious, however we must
consider that there is no need to pay special attention to the maintenance contract for all
technical infrastructures. I say that document is vital and therefore the time that is
dedicated to defining the scope that we want to cover with el mismo will be highly
appreciated during the exploration of the data center. This document must clearly reflect
the tasks and basic and/or regulatory maintenance, as well as the extent to which it is
necessary to contact the main manufacturers of the different main systems (SAIs,
generator sets, rectifiers, static switches, air conditioning systems, BMS, fire protection,
CCTV, access control, etc.). Depending on the size of the data center and its own
resources for its management, we can assess whether it is worth having a single contract
with the main company and that it enters into agreements with the main manufacturers of
systems and equipment.
Before defining the maintenance plan that we want to develop, something that must be
based on the needs and criticality of the services that we are going to support, we will
have to define the economic and technical resources to cover it.
From the first moment that we start the operation, we must have an alarm escalation
procedure established. It is essential to specify how and where to receive the alarms that
originate from the different systems (normally received by a BMS system). Depending on
the solution that is implemented, it will be necessary to define the priorities of each and
every one of the alarms that we will receive, in addition to the protocols of action and
escalation to be applied in each case. Of course, in the maintenance agreements with any
of the maintaining companies or manufacturers (if we have a contract with them directly)
it is necessary to establish the SLAs and response times to perform the installation in
case of an urgent/emergency intervention.
Security guards must be part of the management of the operation of the data center, as
they are a vital part of identifying possible incidents during the supervision rounds of the
facilities, as well as notifying/scaling the alarms that may be received in the monitoring
system for this purpose (BMS), mainly at times when there may be no operational
personnel or maintenance technicians in the installation. For all that, it is important to
define a procedure from the first day where all the tasks and instructions that the guards
must carry out in their operative are defined.
(access management, control of keys, notification of incidents, escalation of alarms, etc.).
In order to have everything prepared and ensure compliance with specific measures in the
face of certain actions, it is necessary to have some Special Permissions defined
(Permission for Work in Caliente, Permission for Work in High Tension,…). In them it must
be perfectly recogido which requests the performance, the closing of the misma, the start
time, etc. It must be expressly stated that the completion of the work and permission must
be notified when they are finished.
Said permissions must be requested with at least 48 hours in advance of the data center
infrastructure manager and without their approval if the work can be implemented.
One of the documents that we trust is never intended to be used, but there is a need to be
very well defined, by itself it is possible to know perfectly how to act, it is the Evacuation
Procedure of all personnel who are in the data center in case de producirse dicha
necesidad. It is very important that all visits and collaborating companies know how to act
in case it is necessary to evacuate the installation. A good practice is to deliver basic
information on how to act in an emergency situation to all visitors, as well as to carry out
regular training to all those involved in the daily operation.
It is very recommendable to carry out at least one evacuation drill, by surprise, al year.
It will be necessary to measure the times that it takes to bring all the personnel to the
meeting point that is defined for that effect and that must be established in the procedure.
Following up with the questions that affect maintenance, we must document the procedures involved in these
questions. We could merge them into the big ones
groups:
• We will write step-by-step, well-documented, task-oriented procedures with verification boxes (Standard
Operating Procedures, SOP) and aligned with the definition of the work method to be developed and
the analysis of associated risks (both for the service that provides the equipment, system, process,
task, etc., as well as for the person or technicians who have to implement it). It must apply to all
providers and to all personnel, regardless of experience.
• Those who will cover support plans and which must be available for situations
unforeseen events (Emergency Operative Procedures, EOP).
It is necessary to define and prepare, with the greatest possible detail, all these procedures that will be
necessary in the face of certain situations that may arise:
SOP - Fuel refill (Main tank and the one that has its own group)
If the plant has a data center network, it is very important to generate documents that standardize all the
facilities, so that when more similar facilities are available, more facilities will arise in the operation and more
synergies can be achieved between the different centers.
Of course, all these procedures must be aligned with the daily operative of the systems and must be
maintained in a permanent update. It is necessary to keep all the operating procedures up to date and obtain,
if there are resable changes, the compliance of all those involved. Before the changes that can be produced
by improvements or actions that imply modifications, it is necessary to re-validate some of these variations in
the procedures with all the ones that have a relationship with the mismos. We must pay special attention to
ensure that workers and data center operators do not skip steps or seek steps because they are familiar with
the installation. It is necessary to avoid that, by daily routine, abbreviated ways in the way of acting are
produced. For that, it is highly recommended to have clear and well documented procedures, making it easier
for users to carry out the tasks and apply them. In a data center with a degree of maturity, ITIL (Information
Technology Infrastructure Library) methodologies have been implemented, which involves carrying out the
actions through Planned Work that must be approved by the departments and areas involved, and you can
request to refill documents ( Check List type) that guarantee that the verifications defined in the procedure are
carried out during its implementation.
We must dedicate the necessary time to carry out risk analysis for special operations, with the aim of analyzing
the possible situations that can be presented, as well as mitigating possible factors of human error. We ensure
that all special maintenance operations form part of IT change management and parallel review procedures.
Step-by-step procedures must be established for the complex tasks, marking or taking numbered time tags
with the actions that must be carried out to adjust to the steps of each task in all switches, switches,
protections and valves.
• Circuit breakers and main protections for the different control panels, switches
and circuit breakers for each PDU, current strips, etc. • The number of circuit
breakers, switches and protections must be correctly identified, in a single line, in
the single-line diagrams and in the control files that are generated.
• Label all the circuits that are being installed to supply the power to the racks/
cabinets in order to ensure that the tabs on the racks adjust to the switches/
disyuntors on the PDUs.
Within the maintenance plan, we must establish routine revisions that allow us to guarantee
that all those labeled correspond to the schematics.
We have to ensure that all single-line and schematic diagrams of the different systems
(mainly concerning the electrical distribution and air conditioning) are up-to-date, legible
and displayed on the walls of the different technical rooms of the plant, on the panels of
control and PDUs/distribution panels. The references that can appear in these diagrams
must correspond meticulously with the labels that we have placed.
A good maintenance policy includes carrying out daily physical checks of the plant in its
entirety, and even though we should not doubt them, we can only rely on the remote
monitoring systems (BMS or similar), as they can also fail as equipment. In this sense,
people with adequate training can be good at detecting problems.
Therefore, it is necessary to check that the PMP (Planned Maintenance Procedures) are
complete and comply with the recommendations of the manufacturer or a higher authority
(normally as required by the corresponding legislation).
A good practice that we have to remember in the maintenance procedures, but because of
its importance, it is necessary to explain to everyone who works and operates the data
center and it is to identify (if someone finally installs) all the buttons for the Emergency
Shutdown (EPO) ) and in the measure of the possibilities of protected jars. It happens that,
as in some installations, the EPO is located in the exits, they can be activated erroneously
during an emergency, as if the light switches or a pusher were used to release the door
opening.
Once we have all the documents, policies and procedures in place, we must keep in mind the importance of
the monthly compilation of KPIs and capabilities of our systems. Again, in function of the size of the data
center it can be carried out manually by the workers or we could implement a tool/software that allows us to
obtain many of them automatically. Of course, this second option has a cost and for that we must be aware
of if we really need it.
Metrics
It is very clear that it is important to obtain data and measure continuously to have real information that will
allow us to make the best decisions for our business. So if you ask us what do we expect from metrics?
sean:
• Sencillas.
Racks that can be used now. • Reserved • Assigned power not consumed. •
Racks. Power that can be used now. • Reserved
• Possible racks. • power.
If we start to evaluate some of the specific metrics for the Data Centers, we must decide that since then, the
metric has been more widely adopted for the facilities and the PUE. With it we will evaluate the effectiveness
of energy consumption (Created by The Green Grid in 2007). Mientras that the PUE is a ratio, the DCiE is a
percentage.
DCiE = 1/PUE = Energy of the IT equipment / Total energy of the installation x 100%.
This annex presents a detail of the start-up of the IT equipment that will comprise the first
and second phases of the construction stage of the proposed solution.
• Ability to adapt cloud computing to precise IT services, both for the end user and for
business and government environments in Paraguay.
The basis of a computing platform on the cloud is the physical infrastructure, the
connectivity of the infrastructure with the service applicants and the software that support
the services, taking the virtualization environment as a basic tool.
The decision to adopt a virtualization environment impacts the technical design and the
components that will be used in the creation of architecture as a service.
A virtual infrastructure allows sharing physical computing and storage resources between
different machines, using a common physical infrastructure. This work is carried out by
the virtualization hypervisor.
The cover corresponding to the virtualization hypervisor is software and is located between
the physical hardware and the operating system of the virtualized IT environments, being
the hypervisor's responsibility to guarantee the performance of the IT environments in production, maximizin
use of physical hardware between the different systems at all times, thus managing to
monetize from the service point of the infrastructure in production in the data center.
From Networld Consulting, we consider that you should opt for architectures certified by
different manufacturers as valid, and that their total compatibility and performance have
been proven on a large number of platforms, both between the hardware components and
the hypervisor.
For the physical construction of the computer on the cloud, the manufacturers must be
fully compatible with the previous architecture and have the availability of authorized
distributors in Paraguay or the surrounding country, which allows for the availability of the
correct technical support from the manufacturer, both the incidents and the incidents. , as
for the expansions and installations of the mismas.
In the design, a unified data center platform that combines the IT industry's standard using
servers with x86 architecture using Blade servers, rack servers, networks and high-
performance management in a single system at the level of communications with a security
environment with a pair of firewalls that allow you to have basic filtering services based on
the rule, as well as the most advanced systems based on attack identification and prevention
techniques.
The configuration of the IT infrastructure is fully customizable, in this case it has been
considered a fully redundant environment with a computing capacity provided by the UCS
servers. This infrastructure will be interconnected with two switching layers; a consolidation
of all the communications of the Data Center in the Core equipments and another specific
one inside each cabinet that intercommunicates the servers inside the same and the Core
switch. All equipment will be designed to support large band hooks. In the following points
each one of the equipment is explained with greater detail. The hardware ecosystem is
interconnected, ensuring the performance, security and ease of administration. The
components of this hardware would be:
switching core
Designed to meet the challenges of the new generation of data centers, including dense
multisockets, multicores and optimized services of virtual machines, in which the expansion
of infrastructure and the increasingly demanding workloads are common.
The switch must provide a unified structure on 10 Gigabit Ethernet for cluster, LAN and
SAN traffic. This unification allows the consolidation and use of previously separated
infrastructures and cables, which reduces the number of adapters and necessary cables
and eliminates redundant switches. This switch will simplify the administration of
Switching UCS
With a single point for connectivity and management inside the closet. Given the criticality
of this equipment, the recommendation of Networld Consulting is to implement them in
active passive. The team should manage all the I/O operations efficiently and safely in a
single point, ensuring I/O latency independently of each virtual server.
In the estimated design for the present computation on the cloud, the incorporation of 4
equipment is considered, which support in a space of 1 U of rack, 48 ports capable of
supporting up to 80 Gigabit Ethernet, Fiber Channel over Ethernet or native Fiber Channel connectivity.
Traditional blade servers replicate all rack components inside each chassis, avoiding
increased costs. The equipment considered to unify data management and data with the
blade chassis or server rack, concentrating up to three layers of red on one sole. In this
way, the entire system is converted into a distributed virtual blade chassis, separating the
complexity from the capacity, allowing to increase the capacity in the growth function, one
of the requirements of the cloud computing platform considered for Paraguay.
In the proposed architecture, it is considered to add a device that can double the bandwidth
of the blade chassis up to 160 Gbps, also using a card that can quadruple the bandwidth
up to the server through dual 40Gb interfaces, supporting 256 virtual interfaces.
It is also considered a team that offers a scalable and flexible solution based on a blade or
blade chassis. The chassis used in the proposed solution has a size of 6 rack units (6RU)
in height and can be mounted on a standard rack like the rest of the equipment proposed
in the Networld Consulting design.
With four single-phase power supplies, and interchangeable power sources in heat, the
high availability of power inside the chassis would be guaranteed. The rear part of the
chassis used contains two interchangeable fans in heat, four power connectors (one for
each power supply), and two I/O compartments. With respect to the processing capacity of
the backplane, something basic for not having botella cuellos in the architecture, it provides
up to 40 Gbps of I/O bandwidth for each blade server and up to 80 Gbps of I/O bandwidth .
The chassis would be able to support future 80 Gigabit Ethernet standards.
In addition, chassis made up of Blades were considered to be responsible for facilitating the virtual machines
that orchestrate the hypervisor using the computing resources, vCPU and vRAM.
Each of the proposed servers will have 2 Intel CPUs and 32GB RAM, with a capacity of two solid state drives
(SSD) or hard disk drives (HDD) and up to 80 Gbps of connectivity. In total 24 slots for DIMM memory modules
(RDIMM) or DIMM DIMM (LR) for up to 768 GB of total memory capacity. Being compatible with network
connectors that support Ethernet and FCoE (Fibre Channel over Ethernet).
These servers would provide the flexibility of growth that is needed for the service, being possible to feed the
chassis with the blades that are needed, if the growth of demand so requests, to scale in models until the
most powerful.
storage
An infrastructure in Nube has the origin and end of data storage, it is based on data in símismo, or because
through the stored data, the virtual environments that provide service to government and final users are
created.
The data storage must comply with the same design guidelines that have a Nube architecture:
• Availability.
• Cost reduction.
• High availability.
• Regulatory compliance.
• Confidentiality.
• Integrity.
• Etc.
There is a wide variety of storage architectures, both with regard to manufacturers, technologies and
hardware involved.
At Networld Consulting we propose an architecture based on hardware and software that meets the following
requirements:
• Fully integrated and verified with the rest of the components of the architecture.
• It starts from an initial architecture that allows the gradual growth in function of the
demand growth.
• The hardware architecture adapts to the services of the applicants, and in reverse.
This implies, in the case of storage, that it will be possible to model different types of storage, with
characteristics of disk performance, access speed,
speed of input and output of data, in order to create service packages that are
easily understandable and assignable to production environments, in function of
las necesidades, good performance or cost. For example, it will be possible to
carry out a storage assignment of low income and great capacity for the
assignment of government services at a low price.
• The architecture is verified and verified for its performance and stability, complying
with service standards that certify the stability of the same.
The storage architecture proposes to have as the service center some storage cabins
that allow to guarantee the availability of data storage in the face of the expected growth
of the demand in the next years.
The hardware and software elements of the storage architecture are the following:
Storage system that complies with the requirements that a service as necessary for the
cloud of Paraguay must fulfill:
• Simplicity. Hybrid storage solutions are the new standard of dedicated storage
systems, due to their speed of installation and deployment, flexibility and growth
capacity.
The data storage booths used for the proposal allow data storage in both SAN and NAS
mode. Hybrid storage is available, both flash type for data storage of fast access and
availability data, as well as 2.5"or 3.5" SAS disks.
Allows storage from 1.2 Terabytes (1200 Gigabytes) to 4.0 Petabytes (4,000,000 Gigabytes).
As an example of what this storage capacity supposes, it is estimated that in 1.5 Petabytes
10 billions of Facebook photos are stored. They use an architecture based on Intel
E5-2600 processors with native support for NAS, iSCSI and FibreChannel protocols. It is
important to highlight its duplication capacity in a 1:2 ratio, which implies doubling the
real storage capacity.
The proposed storage will have the capacity to allocate up to 5 TB per virtual machine in
the different phases.
back-up cabin
It is essential that the stored data contain a backup of the same, using an additional and
external hardware element, in which the backup copies will be stored in an automated
way, following the retention policy that is decided for each service, so as the periodicity
of the execution of this service of copying
support. Specific backup copy booths were considered consistent with an online
duplication storage system.
It has been considered that the storage cabin is in line with the main cabin, for this
service, it is intended to be able to estimate an initial infrastructure.
For the backup copy service, it is recommended to add software that is capable of
applying precise copying and retention policies, and that guarantees the correct
restoration of data, regardless of whether it comes from a server, a database or an
application. . The licensing of these softwares is aligned with the volume of saved data,
so it supposes a flexible cost increase and it is not necessary to make a high investment
in the comienzo of the service.
Storage switching
The balance service in a cloud environment is, next to the perimeter security, the entrance
gate to the services facilitated by the computer in the cloud.
When facing a design of the scope of the proposal for this Data Center in Paraguay, it is
necessary to count as optional with the services that could be demanded in a future,
according to the growth of the demand and evolution of the environment in the adoption
of the cloud.
For that reason, it is the balancing hardware for virtual environments that provides the
functionality of GSLB (Global Server Load Balancing), which allows the realization of
active-passive architectures in what refers to the data center, or even active-active,
distributing the loads of more interesting second sea computing for the service.
Regardless of the service that facilitates the cloud for companies or citizens (electronic
mail, Web publications, access to electronic government tools, data storage service, etc.),
the architecture will usually be the same.
There will be a series of virtual machines that will have the functionality to collect the
requests of remote users and create a nexus conductor with the final services (databases,
mailing boxes, production servers, etc).
It is at this point where the role of the balancers is paramount, in order to be able to
distribute service requests, coming from outside the cloud, to the front servers, using a
series of balancing protocols, which will have to go from Round- robin, the lowest latency
server assignment, persistent cookie assignment, etc.
The balancers carry out an additional work, which consists of actively verifying the
availability of all the elements that make up a specific service, preventing the assignment
of traffic to that destination from being carried out in the event of previously detecting the
existence of some incident that affect productivity and delivery times.
Having hardware capable of balancing service loads, it is possible to redirect the internal
traffic according to the parameters that the performance needs, guaranteeing new traffic
assignment to correctly operating components.
The services published on the Internet tend to be encrypted using SSL end-to-end, and more in
the case of Electronic Government.
Being able to count on a high-performance hardware tool that is capable of breaking the SSL
tunnel allows for the following primary objectives:
In addition to these services, and in the role of the hardware manufacturer selected for the
platform, it is possible to count on services of added value. For the proposed solution, a high-
performance option has been taken into account in the capacity of flow balancing, as the data
center and virtual environment balancer service incorporates an important number of security
functionalities such as DDoS service, WAF service , single sing-on, multitenant and data
acceleration, all activated by default without the need to incorporate additional licensing. These
equipments would be able to manage a flow of 30 Gbps, counting on a dedicated chip specifically
designed to break SSL traffic. In addition, Networld Consulting's recommendation is to have 4
active-passive units for each data center, thus being able to provide business continuity services.
When we use a Computing platform on a private cloud, the security of the service must be
analyzed and observed from the beginning, since having a robust design that includes security as
an additional directive to have in the account, will allow us to fulfill both expectations of users
according to international regulations.
In this sense, we must be aware of the main use that the cloud will have in order to focus the
security design on the main services in exploitation.
Taking this information into account, let's focus on the first three services, as they exceed
25% of demand:
electronic mail
The hosting of electronic mail services, both for third parties and for the operation of the
Electronic Government, is a key service in cloud environments. It provides us with the
classic values of cloud environments, such as service convergence, cost contained and
predictable, availability, adding to serve as a gateway and controlled output of
communication via electronic mail, something essential from the point of view of IT
security .
The major security gaps are the origin of the electronic mail access port, so a mail security
service on their own cloud computing platform will allow adding services to companies or
organizations that intend to migrate or adopt private cloud, resulting in an increase in
demand.
The incorporation of hardware elements that secures the mail housed in the Cloud
Computing can be adjusted in a way that increases the demand, it is necessary to consider
the classic antivirus and antispam services, as well as adding the embedded URL analysis
functionalities , analysis of adjuncts for the application of data loss prevention policies
(DLP), which is especially important in government environments.
The access to data located on the cloud platform, is used for processing or storage, or
consultation of Web services, keys in the Electronic Government, must be controlled and
insurance.
This is the point where the classic firewall concept should be introduced, but with a
series of improvements. The traditional firewalls were layer 4 firewalls, this is what you
want to decide, they understand the ports of origin and destination and IP address, but
not the applications that were being protected or denied.
With the incorporation of firewalls with Next-Generation technology, the firewall scales
up to the 7th layer of the OSI levels, being able to apply security policies by application,
and in this way, the security policies are aligned with the services demanded and hosted
in the cloud platform.
The firewall platform that provides perimeter security must be multitenant, that is, it must
be able to create completely isolated virtual environments, and tener capabilities
segmented by environments and the number of concurrent sessions.
The incorporation of these equipment to the platform makes it possible to guarantee the
perimeter security of the services to be published, as well as providing services of added
value, such as state-of-the-art firewalls, such as online IPS services, antivirus and
outstanding navigation control .
In the proposal of Networld Consulting, attending to all these points, a solution of 4 units
with firestops of 10 Gbps, 4Gbps of IPSec VPN performance, with 120,000 new sessions
per second up to 2 million new sessions and 25/125 virtual systems (base/max 2 ).
Allowance to admit 12 ports of 10/100/1000 Gb, 8 ports of SFP and 4 ports of SFP+ of 10
Gb. In addition to 2 ports of 10/100/1000 Gb of high availability, 1 port of management
with a bandwidth of 10/100 /1000 Gb and 1 RJ-45 console port.
As is well known, connectivity in the cloud is essential for the adoption of the service,
as it has a network backbone capable of providing the necessary capillarity, as well as
having a node connectivity in the location of the Data Center where it is located is
necessary for the exploitation of all the goodness of the cloud itself.
It is due to these connectivity needs that, from Networld Computing, we consider that
there will be connectivity through a private WAN network between, for example,
government agencies and data center services. In this circumstance, it is possible to
exploit a new service taking advantage of the security infrastructure of the Private Cloud.
When the security equipment is located in a data center with a powerful Internet outlet,
we are in an excellent environment to be able to route users' Internet browsing, applying
browsing filtering, antivirus, data protection control policies and visibility and traceability
of navigation.
We are in front of a new service with added collateral value that maximizes the services
minimizing costs.
One of the main reasons why computing in the public cloud is not recommended for
government environments or with sensible information, it is related to the security of
stored data.
It is necessary to bear in mind the high demand for precise security guarantees,
highlighting in particular the guarantees on confidentiality, availability and privacy.
It is contrasted by reports, such as the one carried out by the Cloud Security Alliance
(CSA) in 2015, that the situations on security incidents in the cloud have improved since
their adoption, both in volume (if there are fewer incidents or mismos), and in criticality
(the incidents that occur are of minor importance).
Having a computer environment allows you to control data with local legislation, but it is
recommended to comply with a series of international standards that must be evaluated
as good practices, which guarantee the correct management of information from the point
of view of the security
Serving the platform and management of the Data Center, you should have as a reference:
Since information is the main asset of the proposed service, the security of said
information, more than its location, medium or form, is the main objective of the security
architecture, taking as valid the classic concepts for its articulation: Availability, integrity
and confidentiality.
Availability
The service must be available at all times and before any circumstances available,
without disruption of the same under any premise.
The main security risks related to the availability of external attack vectors, distributed
denial of service (DDoS) attacks and attacks targeting web applications and exploiting
platform or code vulnerabilities for the site Web Application Firewall (WAF) services are
used.
The nature of the service, where we must protect the Cloud Computing platform from
attacks from the outside, it is recommended to incorporate a dedicated element for the
protection of denial attacks online.
Likewise, the incorporation of a WAF element will make it possible to prevent an attacker
from extracting information from the Nube platform by using a fall or vulnerability of Web
accesses in published environments, or avoiding modifying the information in said
environments, being especially critical when we refer to Gobierno Electrônico and data
from the population.
Source: Akamai
The anti-DDoS and WAF services are focused on accesses and requests for traffic from
the Internet, with public directions being linked to these services.
In the case of protection against DDoS attacks, given that this type of attack is closely
linked to consuming Internet access and associated resources (open sessions, latency
period, etc.), this Internet protection service for publishing content is usually offered by
the Internet access provider, given that you can put the appropriate technical means in
the Internet exchange areas with other Internet providers (Peering) for the protection of
access flows to the Internet Centers. data.
integrity
The integrity of information is basic in any business or productive environment, but it fits
in a service like the one that will offer the computing platform in the cloud for the
Electronic Government of the country, in which the information and guarantee that it says
information in the is modified without authorization is primordial.
To achieve this objective, Networld Consulting proposes approaches within the data
center services, regardless of their physical location:
confidentiality
It is necessary to be able to guarantee that the access to the information prevents the dissemination of
the misma in a non-controlled or authorized manner.
The security of information on the ground must be contemplated from its location in the Data Center, as
well as having control of it at all times, in order to be able to both analyze and filter, as well as having a
follow-up and location at all times. misma.
Based on this premise, it is recommended to incorporate services in the cloud mode for the management of
information access permissions (IRM), which allow the control of access to the files regardless of their
location. Said IRM services are the perfect complement to the solutions for preventing information loss
(DLP), thus ensuring both the modification of existing information and the extraction of information without
sending the modification.
As a third basic component of confidentiality, the solutions of cloud access security agents (CASBs) are
considered, whose objective are the points of application of cloud access security policies. The services of
CASBs consolidate in a single solution the policies of access to the data, being the perfect complement to
the services IRM and DLP.
Source: Gartner
PHASE I
PHASE II
In the departure of IT Equipment, the concept of a 25% contingency on this CAPEX has
also been included, in accordance with the best international practices for this type of
cases and with the aim of contemplating an adequate amount that optimizes the final
solution in the implantation time. This action involves $582,341.75 for the first phase and
$679,650.00 for the second phase, reaching the start of the IT Equipment for Phase I for a
total of $2,911,708.75 and a total of $3,398,250.00 for Phase I II, as indicated in the chapter
of Inventario de las inversiones to be carried out according to the technical studio.
This annex presents a detail of the operating expenses that are estimated for the operation of
the data center. The exercise has been carried out for the first five years. The experience and the
correct analysis during this period of operation will allow to obtain the most realistic forecast for
the following years.
supplies
The main departures to have in account related to the supplies would be the electricity, the water
and the gasoil.
Cost Energy
The cost of energy or electricity is considered from the tariffs of the National Administration of
Electricity of Paraguay (ANDE) in the tariff number 21. The characteristics would be a minimum
reserved power of 2,000 kW, a maximum reserved power of 6,000 kW and a supply voltage of
23,000 V.
Water
Based on the official rates of the Ente Regulador de Servicios Sanitarios (ERSSAN), the basic
charge and the charge per consumption are estimated for each year.
gasoil
From the official rates of the company of Petróleos Paraguayos (Petropar), the cost is estimated
for each year in which the fuel consumption would be incurred in the data center.
The main departures to have in account related to the operation and maintenance of personnel and
electro-mechanical maintenance and control.
Personal
For both phases, the need to have the following equipment to manage the data center operatively has
been estimated:
1 x Administrative Assistant
4 x Electrical Technicians
Based on the base salaries published by the SENATICs for its professionals, the average salary for
each operative profile has been estimated, amounting to $156,352.85 for this item.
every year.
phase y of the scope of the revisions the associated cost has been estimated. The points to have
in account would be:
Thus, for phase I this amount would amount to $273,647.15 and for phase II to $493,647.15.
This game consisted of two concepts: security guards and maintenance of security systems. From average
salaries in Paraguay and estimates for annual revisions, $150,000.00 has been allocated annually for this point.
security guard
The service will require security guards to cover 24 hours a day, 7 days a week.
ÿ PCI (Protección Contra Incendios).- 4 revisions per year per accredited company (annual,
semiannual and quarterly).
According to the best international practices and from an exercise of calculation of the
real OPEX in data centers and operatives, a percentage around 10%-12% of the CAPEX
accumulated annually has been considered to allocate to the forecast of the maintenance
of its own IT equipment.
Based on the characteristics of fiber optic access in the location of the data center and the
rates provided by the Paraguayan Communications Company (COPACO), the need for
accesses dedicated to the highest speed offered until the moment is estimated.
According to the best practices, a departure has been included to take into account the
possible operating expenses on the access to the fiber optic networks related to the
maintenance of the connection between the data center and the fiber optic trunk networks.
It has been estimated $117,720.00 for the start of the activity and $26,936.00 for the annual surplus.
In this annex, there are references to how to implement a data center, such as son:
Infrastructure Standards of
TIA-942
Telecommunications for Data Centers
Source: BCS
acronyms
Bibliography
- EN1047-2: Secure storage units - Classification and methods of test for resistance to
fire - Part 2: Data rooms and data container
- EN-1634: Tests of resistance to fire and humidity control of doors and elements
of closing holes, practicable windows and hardware for the building.
- ASHRAE TC9.9: Particulate and Gaseous Contamination Guidelines for Data Centers.
- ISO 14644: Airborne Particulate Cleanliness Classes in Cleanrooms and Clean Zones