Colocation Strategies for Meeting--and Proving--SLA and Regulatory Requirements

Colocation tenant demands are always evolving. Our current situation is a perfect example. Before COVID-19, many companies had disaster data recovery plans—but very few probably included the words "global pandemic."

An enterprise’s data strategy needs to evolve with changing conditions, technological innovations and regulation requirements. That means in order to survive, colocation facilities need to as well. As a data storage provider, you need to be able to both meet your service level agreements (SLAs) and prove you’re doing it.

SLAs: More Than Metrics

Often SLAs are boilerplate, technicality forgotten soon after they are signed. Smaller companies lack the technical resources or manpower to follow up on vendor failures. For larger companies, following up on them may not even be worth it.

But SLAs can be useful tools for adapting to change, if we shift to thinking about them in terms of processes, not just checklists for uptime or availability. In other words, with SLAs it’s the journey, not the destination.

Because SLAs need to be flexible, they should be separate documents from contracts. Rather than just signing off on boilerplate SLAs, determining SLAs should be a tool clients and vendors use to ensure they are on the same page. They need to be more than just a description of services, expected service levels and the penalties of a breach. They need to include descriptions of the metrics by which those levels will be measured and the duties and responsibilities of each party.

It should also include a process for how metrics can be added, removed or adjusted. Setting a proper baseline is just as important as defining what you are measuring; without historical data on which to base metrics, there will need to be a process in place to revisit and readjust the settings at a future date.

There is an almost infinite number of metrics that can be monitored as part of an SLA, but it’s best to keep it as simple as possible, including how metrics are collected. Clients should think realistically about the time or effort they’re willing to invest in collecting metrics manually or analyzing the data.

This is where monitoring capabilities come in. More sophisticated monitoring benefits both the colocation facility and tenant. A vendor that is able to prove how they met an SLA agreement has an advantage over one that can only say they did or didn’t.

Monitoring environmental conditions is a particularly good example of how more granular monitoring and automation capabilities can benefit the facility as well as the tenant. By using a combination of wireless environmental sensors and monitoring software to automatically adjust cooling capacity to IT load (instead of depending on spot checks, wall thermometers and manual adjustments), facilities can prove to clients that they are meeting temperature, humidity and air pressure requirements at all times.

More importantly, the facility itself can realize significant cost savings if it has been overshooting on cooling in order to hit minimum temperature goals. At a large colocation facility in Texas, Panduit was able to reduce refrigeration power consumption in one data hall from 149.9kW to 137.4kW and fan power consumption from 64.3 kW to just 37.9 kW.

Data Security: Maintaining Regulatory Compliance

Data is global, so, at Panduit, we keep up to date on regulations requirements for more than a hundred countries. Most colocation data centers won’t have to deal with nearly as many, but all have to deal with some. Even a cursory overview of major regulations like PCI DSS, HIPAA and GDPR is outside the scope of this blog. Despite the differences among standards, the ability to meet compliance standards—and prove it—is relevant to all of them.

Being able to show prospective tenants existing compliance reports gives you an advantage. If a healthcare entity is looking to outsource hosting to a colocation facility that isn’t already HIPAA-compliant, for example, the cost of evaluating compliance and proving due diligence is on them. Compliance reports can also provide prospective tenants a useful point of comparison when evaluating options.

While COVID-19 may have quickened the pace of our transformation into a more cashless, digital society, most facilities are familiar with the types of firewalls, encryption and other security measures required by long-standing regulations like HIPAA and PCI DSS.

In the last few years, GDPR has forced data centers to rethink their data removal process. While procedures may already be in place for deleting data when customers come to the end of their contracts or removing personal data due to privacy concerns, companies must now be able to provide proof data has been destroyed. For data centers, this means more requests for server audit logs and shredded hard drives.

In addition to the rollout of GDPR, 2018 also brought updates to the EU’s lesser-known Markets in Financial Instruments Directive (MiFID). MiFID II requires extensive monitoring of financial transactions, and, like GDPR, affects any company doing business in EU markets. The main implication for colocations is the need to provide equal "access to network service" time (latency) between all financial clients.

While financial clients are looking for low latency, to provide the equal access required by MiFID data providers may actually have to increase latency to level the playing field among multiple clients. Adding to this challenge is the fact that automated high-frequency trading on financial markets means transactions are happening in terms of millionths of seconds.

Given that there can be a significant difference between physical length of the cable housing and the actual length of the optical fiber within, the solution is much more complicated than just measuring out more cable, give or take a few feet. Panduit’s firsthand experience supporting MiFID II latency equalized deployments have led us to develop new methods to validate optical length measurement and allow data centers to prove their MiFID II compliance.

Taking the time to define your processes and implement monitoring solutions can help you benefit from—not just adhere to—SLAs and regulatory requirements. By using SLAs and compliance documents as means rather than ends, colocation facilities and their tenants can get—and stay—on the same page.

Learn more about Panduit’s colocation and data center solutions here.

Mike Gallagher is Senior Business Development Manager of Global Data Center Solutions, Panduit. In this role, he leads global strategy for the colocation business. Mike’s team is responsible for understanding customer needs and positioning Panduit solutions for success. Key focus areas include market analysis, go-to-market planning, and evangelizing Panduit’s colocation offering among stakeholders across Panduit and its partner organizations. Mike has more than 20 years of technology industry experience. Prior to joining Panduit in 2017, he worked in the data center protection solutions industry for a Silicon Valley Fortune 500 software company, where his many accomplishments included the launch of a data center appliance that was named storage product of the year by CRN magazine.