Data Center Management of South China University of Technology

The phenomenon of incomplete security management systems in colleges and universities, lack of compilation in team building, and weak awareness of teachers and students' network security have pose a great threat to college network security management. Therefore, formulating a scientific and complete data center management system is an important task for college data centers.

Based on the current operation and maintenance system of college data centers, this article analyzes the evaluation objects and corresponding evaluation indicators in the "Information Security Technology Network Security Level Protection Evaluation Requirements", and clarifies the security requirements of the management object. On this basis, explore the management system of the data center, improve the data center management domain, and ensure the safe operation of the data center of college data centers.

University data center operation and maintenance system

The core ideas of the operation and maintenance system are technical and management norms. Under the guidance and constraints of the standard specifications and management systems, the operation and maintenance team uses appropriate operation and maintenance tools to achieve the four operation and maintenance targets of the data center, namely security, stability, efficiency and low cost. The operation and maintenance architecture is shown in Figure 1.

Figure 1 University data center operation and maintenance system

1. Operation and maintenance object

The services provided by college data centers include the following aspects: the construction and operation and maintenance of the data center infrastructure; the operation and maintenance of the whole school information system, such as campus portal, unified certification, one -cartoon system, mail service, cloud service, high performance calculation, etc. ; Provide the hosting services for IT devices for the secondary unit of the school. Therefore, operation and maintenance objects include the infrastructure, IT equipment, operation and maintenance tools and operation and maintenance personnel of the data center.

2. Operation and maintenance work

The conventional transportation of college data centers is divided into inspection and maintenance. The inspection object is mainly the object that the intelligent system cannot monitor. Combined with artificial inspections and intelligent monitoring, timely discover failure or potential hidden dangers, and implement corresponding fault maintenance Essence In addition, as an open research place, colleges and universities are more likely to be invaded and attacked by hackers or illegal organizations. Therefore, it continues to improve emergency plans and exercises, assist in dealing with emergency events, and assisted in acting in the national heavy insurance period.

3. Operation and maintenance organization

Most of the data centers of colleges and universities adopt a hybrid management model to outsourcing the professional and difficult operations to third -party professional technical operation and maintenance units. The school's operation and maintenance personnel are responsible for the construction and management of the data center and the operation and maintenance of the core business. While ensuring the professional maintenance needs of the data center, we will take into account the saving manpower and financial resources of colleges and universities.

Information system security level protection evaluation requirements

The standard of information system level protection provides technical standards for the country's implementation of information system security construction, security inspection, and security rectification. Among them, the "Information Security Technology Network Security Level Protection Evaluation Requirements" formally implemented in 2019 shall divide security control points into safety control points, cloud computing security expansion requirements, mobile computing security expansion requirements, IoT security expansion requirements for IT technology and applications , Requirements for the expansion of the security of the industrial control system; in accordance with the requirements of different security levels, define the security items of security control points from the aspects of security technology and safety management. Among them, each safety item consists of four parts, namely evaluation objects, evaluation indicators, evaluation implementation and unit judgment.

1. Safe physical environment

The infrastructure of the physical environment index data center, including data center machine rooms, related auxiliary rooms, electrical systems, ventilation and air -conditioning systems, fire protection systems, intelligent systems, etc., providing guarantee services for the operation of IT devices and information systems. Among them, the content of safety assessment includes physical access control, lightning protection (fire, water, tide), anti -theft, anti -destruction, temperature and humidity control, power supply, etc.

2. Safety calculation environment

The computing environment includes computing devices, computing systems, and data. Safety evaluation contents include identity identity, access control, malicious code prevention, invasion prevention, data backup, data integrity, data confidentiality, and personal information protection.

3. Safety management

Safety management evaluation objects are personnel and documents, including system administrators, security auditors, security administrators, and computer room administrators. Documents include management documents (strategies, systems, procedures), record documents, etc.

Data Center Management System Architecture

The rules of Hayan pointed out that behind each serious accident, there must be 29 minor accidents, 300 attempts, and 1,000 accidents. The accident is the result of the accumulation of quantitative accumulation. The premise of the safe and stable operation of the data center is to discover system failures in time, timely resolve system failures, and avoid people. Therefore, the primary work of data center operation and maintenance is to establish a scientific and standardized management system to improve preventive maintenance and predictive maintenance capabilities, replace people's governance with institutional governance, clarify work responsibilities and boundaries, clarify operation and maintenance work flow and standardize system operations.

Combined with the above -mentioned university data center operation and maintenance system and information system security level protection assessment requirements, the data center management system can be divided into management specifications and technical entity classes (as shown in Figure 2).

Figure 2 University data center management system architecture

1. Management specifications

The machine room is a key place for data centers. Water, electricity, fire, and human damage are the key factor affecting the safety of the computer room. The environmental requirements of the computer room, the in -depth and inspection requirements of the computer room, the requirements of the inspection, the requirements of the on -site inspection, the requirements of the on -site inspection, and the requirements of the personnel Personnel responsibilities, emergency plans and processing processes, thereby standardizing the safety management of the computer room.

2. Technical entity class

Providing safe and stable campus services is the operation and maintenance goal of data centers. Among them, hardware failure, equipment error operation, and artificial destruction are the security influencing factors of IT devices; permissions control and network configuration vulnerabilities, software program illegality, system error operation, IT device failure, and artificial destruction are the influencing factor of information system security. Therefore, specific procedures are formulated from the aspects of access control, software verification, system operation, system configuration, data backup and recovery. Exploration and implementation of data center management system

South China University of Science and Technology is one of the earliest universities in China to start informatization construction. Among them, the Information Network Engineering Research Center is responsible for the backbone network of China Education and Scientific Research Computer Network, the backbone network of the Guangdong Province Education and Scientific Research Computer Network (GDERNET) School cloud, one -cartoon system, and the planning, construction, operation and maintenance and services of information systems.

Data center management system requirements exploration

1. The needs of the new management model

With the expansion of the school campus and the needs of the high -speed development of informatization, South China University of Technology will build and operate data centers in three campuses, and limited operation and maintenance personnel can no longer support the operation and maintenance needs of data centers. Therefore, under the conditions of personnel preparation, the Information Network Engineering Research Center actively explores the management model of the data center, outsourcing the operation and maintenance of infrastructure such as power, fire protection, and air conditioning to third -party professional companies. At the same time, in the hybrid management model, the data center management system needs to formulate a corresponding management system in terms of duty systems, computer room management, operating procedures, and information confidentiality, and coordinate management data centers. The operation and maintenance personnel and third -party operation and maintenance personnel are coordinated to achieve data. The efficient and safe operation and maintenance of the center.

2. Requirements for network information security

In accordance with the requirements of the Ministry of Education for the protection of the security level of the education industry's information system, the information security level protection level of the school's school homepage and a cartoon system of South China University of Science and Technology is the third level. Among them, the safety management system of evaluation items requires a comprehensive security management system composed of security strategies, management systems, operating procedures, record forms, etc. for various management content and personnel.

Data Center Management System Research

In 2015, the data center of South China University of Science and Technology revised the management system based on the operating needs at the time, involving the duty system, computer room security, fire safety, information system networking security confidentiality, network center security emergency plan and other systems. With the construction and network security requirements, the management objects and security requirements involved in the old system cannot meet the needs of the current efficient and safe operation of the data center of the school. In addition, starting from 2018, South China University of Technology's school homepage and one -cartoon system conduct a third -level information security and evaluation of information security. The results issued by the evaluation reports each year have mentioned the problem of improvement of the management system.

Based on the above needs, the universal framework of the data center of South China University of Science and Technology studies the data center of the university is based on national laws and regulations and the spirit of the documents of the relevant departments of the higher level. The management system of the center.

Management specification system

The security of the data center is the basic guarantee of the information of the whole school. The most uncontrollable factor in threatening the security of the data center is human factors. Personnel and operating specifications are the core of the system.

1. Hosting service system

Clarify the category of hosting services and the specifications of the hosting equipment, the data center is responsible for the physical security of the hosting equipment, and the control unit is responsible for the operation and maintenance of the equipment.

2. Machine room management system

The target target of the machine room management system is the personnel and equipment of the machine room. From the aspects of computer room environment, machine room entry and exit, the work category of the computer room, the operating and maintenance terminal of the computer room, and the use of the authorized card and account to avoid people's safety incidents.

3. Machine room duty management system

Clarify the duty time, professional requirements, work content, and work requirements of duty personnel, and provide good custody services for the whole school.

4. The fire management system of the computer room

Clarify the fire responsibilities of data center personnel and enhance the fire safety awareness of personnel. The main content of the system includes the daily inspection content of fire facilities, the regulations for safe use of the fire, and the emergency emergency plan and processing process.

Technical entity

IT devices, application systems, and data constitute the ecosystem of digital campus services, so it is necessary to strengthen the management of equipment, systems, and data.

1. Equipment safety management system

Clarify the management responsibilities of equipment administrators, regulate the management of equipment from the three aspects of inspection, operation and maintenance, timely discover faults or hidden dangers, eliminate equipment failures, and achieve extension of the life cycle of the equipment.

2. System safety management system

Clarify the system requirements before the information system goes online, the system administrator responsibilities, the operation and maintenance of system operation and maintenance, the system's access control, the safety event plan and disposal process, and the system destruction requirements after offline.

3. Password management system

Aiming at the passwords of the computer room entry and exit, operation and maintenance terminals, equipment management, and system management by data centers, equipment, and system administrators, clarify the requirements of password settings, password use specifications, and prevent the password from being guessed and leaked.

4. Backup and recovery management system

Formulate backup recovery schemes and operating procedures for systems, configuration files, and data, and stipulate verification and preview requirements to ensure the correctness and availability of the backup data.

5. Storage medium safety management system

Formulate management regulations for storage media in terms of storage, use, and destruction to protect data in the medium and avoid leakage of data. 6. Data security management system

According to the management principles of "who is hand, who uses, who manages, and who is responsible", clarify the responsibilities of data managers and users, standardize data storage, data access, data inspection, and destruction of the destruction of data Data event plans and processing processes to reduce the impact of accidents.

In the construction of the Guangzhou International Campus, South China University of Technology has built large data centers in the international campus in accordance with the A -level standard, and upgraded the data center of the Wushan Campus and the University City Campus, laying a solid foundation for the development of the school's informatization. At the same time, the data center of how to transport the three -place campus campus scientifically and effectively is a problem that the school must solve.

The article analyzes and clarifies the management objects and network information security requirements of data centers from the aspects of operation and maintenance systems and network information security. Combined with the actual situation of the school, it will comprehensively explore the management specifications and technical physical categories of the data center. At present, the system has been implemented in the three campuses. While meeting the requirements of the third level of information security, the requirements of the third level of information security conducts standardized management of personnel, IT equipment, system and other objects through the system, and achieved efficient and safe operation and maintenance goals.

Author: Ai Fei, Huang Jianbo, Su Xuanrui, Liu Zhiquan (South China University of Technology Information Network Engineering Research Center)

Responsible editor: Chen Yongjie

- END -