Thus spoke the BSI…
Earthquakes and volcanic eruptions are rather rare in Germany, as are tsunamis. But tornadoes – oh dear – are rapidly climbing the natural disaster charts. In North Rhine-Westphalia in March this year. In fact, northern Germany is part of the European “Tornado Alley” that stretches from southern England to Poland.
Many of us still have to get used to thinking about natural disasters as a domestic threat. At the same time, flooding along the Elbe and Danube rivers has given us a small taste of what we can expect from climate change.
These considerations have to play a central role in the design of data centers. Chemical plants, airports, nuclear reactors, subterranean cavities, rivers, and so on and so forth. A wide variety of influencing factors have to be considered before the ideal site for a data center is found.
While some may find it a bit far-fetched, risk management in Germany often deals with predictions of the absurd, ones which cause mere mortals to shake their heads in disbelief.
Disaster mindset for IT: appropriate
When you’re responsible for an IT service that maps a central business process, however, you see things differently. Think of bank systems, for example. Millions of transactions daily, for which people have long since lost the ability to process them manually. Or the delivery of four million parcels every day. In such cases, the failure of an IT system can quickly become a very special kind of disaster: a business disaster.
It’s clear that crucial services like these have to be kept running. To ensure this is the case, companies usually define a disaster recovery strategy. The system is run redundantly. Usually at two different data centers, or at least in two different fire protection zones at one data center. If one side fails, the other takes over, ideally without any data loss or service downtime.
Companies don’t always decide on their disaster recovery strategy alone, however. Higher authorities often intervene. Let’s return to our banking example: BaFin, Germany’s Federal Financial Supervisory Authority, defines the rules here. Until now, the two data centers where the bank services run had to be at least five kilometers apart. The idea behind it: if a disaster brings one data center to its knees, the second one mustn’t fail.
New BSI requirements for geo-redundancy
Climate change or no climate change – Germany’s BSI (Federal Office for Information Security) concluded in 2018 that five kilometers are no longer enough considering the country’s potential disaster risk. To guarantee geo-redundancy, the agency recommended a distance of 200 kilometers between the two disaster recovery data centers, with an absolute minimum distance of 100 kilometers. In other words, from 5 to 200 in 2018.
Although the BSI speaks of a “recommendation”, BaFin has always followed BSI recommendations in the past, which mean banks and insurance companies have to seriously reconsider their disaster recovery strategies. The consequences for latency that such distances will have is another factor that will have to be taken to account.
Colocation – a simple way to geo-redundancy
Of course, the BSI publication not only addresses banks, but many other industry sectors as well. It remains to be seen how binding the regulations will be. Where geo-redundancy is concerned, it’s clear that a distance of at least 100 kilometers will be needed.
To meet these requirements, customers will have to find a second data center that’s at least 100 or 200 kilometers away. Colocation/housing could at least be considered as a potential solution here. The data center capacities are available quickly and the sufficient number of options (with a distance of 100/200 kilometers) should satisfy the company’s need for security as well. Another advantage of colocation is that the company can choose a longer-term solution at any time. Companies that already use colocation should make sure that there is sufficient distance between the two colocation data centers. Then they’ll be ready for the next disaster. But it would be even better if it were avoided altogether…