Cloud or Colo? Why not both?

Cloud or Colo? Why not both?

Every organization seeks to derive maximum value from its data, whether it’s to enhance the customer experience, improve decision-making or create competitive advantages. At the same time, there is a cost to storing and managing data, a cost that only increases as the volume of data grows.

This leads many organizations to question whether they should deploy their data in the cloud or in a colocation facility. In most cases, the answer is “both” — the key is to choose the optimum platform based upon cost, security and other factors.

Many organizations move to the cloud because it’s relatively easy. With just a few clicks they can gain access to enterprise-class infrastructure that would take months or even years to build out on-premises. They also get an environment that is more flexible and scalable while saving significant capital and operational expenses. It seems like the ideal solution.

But when the bills for cloud services start rolling in month after month, many business executives begin to question whether the cloud is the best solution. They wonder if it makes more sense to put applications and data in a colocation facility instead. 

Well, colocation is essentially the same as an on-premises environment except that you’re renting the space, power, cooling and physical infrastructure. You still have to manage the IT equipment, and relatively few organizations can do that with the same kind of efficiency as a cloud provider. The IT team is left to wonder how they’re going to build and operate an environment that delivers the kind of performance, availability and scalability that you can get in the public cloud. 

That’s where Rahi Systems can help. Our team has expertise across cloud, colo, and on-premises environments and can assist organizations in the selection of the right platforms to meet their business and IT requirements. We typically start with a full physical inventory of the existing IT equipment — the servers, storage, and network gear — and an assessment of the on-premises IT architecture. We also identify which applications are currently running in the cloud.

In addition to the technical assessment, we can perform a financial and ROI analysis. We help customers understand their cloud versus on-premises spend and do a side-by-side comparison. This helps us determine the best mix of cloud and on-premises services.

Our cloud team can then assist with the design and implementation of the cloud platform, and the migration of applications and data. If services need to stay on-premises, our data center infrastructure team can handle the buildout of additional data center space if needed, and the deployment of industry-leading IT solutions. We can also move applications out of the cloud and back into on-prem facilities or local points of presence.

All of this is done by Rahi’s in-house team — we don’t outsource to third parties. And we are able to do this globally through our strategic locations in North America, Europe, and the Asia-Pacific region.

Cloud versus colo is seldom an either-or proposition. Most organizations will use a mix a both. The larger question is how technology can help the organization maximize the value of its data. Rahi can help you determine the best way to do that.

A Look at AWS Transit Gateways

A Look at AWS Transit Gateways

Amazon Web Services introduced the AWS Transit Gateway service in November 2018 to enable customers to connect multiple Virtual Private Clouds (VPCs) without having to rely on point-to-point IPsec tunnels. AWS Transit Gateway enables a hub-and-spoke model with centralized control of traffic routed among VCPs. This reduces operational costs and management complexity and makes it easier to scale the network as more VPCs are added.

First, some background. A VPC is a logically isolated section of the AWS cloud that gives you control over IP addresses, subnets, routing tables and network gateways. This makes it possible to put protected resources in a private-facing subnet and web services in a public-facing subnet, adding layers of security as needed to control access. 

Amazon found that organizations were setting up Transit VPCs with firewalls or routing instances in their core to create a global network connecting multiple VPCs and remote resources. However, it required a lot of manual work or careful scripting to set up all of the IPsec tunnels needed for dynamic routing. The AWS Transit Gateway service was developed to address this common customer challenge.

The Transit Gateway makes it possible to create a shared VPN for multiple VPCs within one AWS region. The Transit Gateway contains a master routing table that also enables you to connect to services such as authentication and monitoring that are implemented in various VPCs. You can even create a security VPC that sits between the Transit Gateway and the Internet and provides firewall, web application filtering, data loss prevention and other services. The traffic flowing between the Internet and your protected resources gets allowed or denied according to policy.

You can leverage other Amazon tools, including the CloudFormation modelling and provisioning tool, Lambda serverless computing, and the CloudWatch monitoring and alerting tool. However, the Transit Gateway only supports AWS connectivity, although it’s possible to link to other clouds through IPsec VPN connections. 

Transit Gateways currently do have some limitations. Transit Gateways do not support multi-region connectivity. You are adding more hops before traffic is reviewed by the firewall, so added latency may be an issue. Also, your routing table is going to get bigger and bigger because you won’t be able to use route aggregation. You have to consider whether a Transit Gateway will be beneficial given these limitations.

When designing a Transit Gateway, we first look at the customer’s connectivity requirements. What is the data flow model between VPCs? Does anything need to be isolated or do all the VPCs need to talk to each other? These are some of the questions we will ask as we sit down with the customer to whiteboard the solution. We will then perform discovery and design the network according to best practices, and move forward with implementation, deployment and validation.

One of the success criteria we look for is whether the Transit Gateway is able to “attach” to every resource that we have asked it to attach to. Is the routing information correct? Is the data traffic flowing as designed? Furthermore, given that we have a hub-and-spoke model, we also need to look for asymmetric routing. A packet needs to enter and exit the network in the same way to minimize any discrepancies.

Organizations with multiple VPCs need an efficient way to interconnect them and to connect to remote services. The Rahi Systems’ Network Services team can help you leverage the AWS Transit Gateway service to simplify this process.

Why You Need Audio & Video Specialists with Expertise in IT Systems

Why You Need Audio & Video Specialists with Expertise in IT Systems

Not that long ago, audio and video components and IT systems were distinct elements of the corporate environment that intersected in only limited ways. Each had its own connectivity requirements and was administered by specialists who only understood their domain.

Those distinctions are virtually eliminated now. Audio and video conferencing systems, digital signage, and more now attach to the data network. Administrators must understand not only the requirements of Audio & Video equipment but the impact that equipment has on IT systems.

That’s a challenge for many Audio & Video professionals. Most have had relatively limited exposure to data networking requirements, making it difficult to integrate Audio & Video and IT systems. 

Audio & Video equipment still has its own, unique protocols. In terms of audio, for example, Dante is commonly used for media networking. Dante enables the distribution of uncompressed multichannel digital audio over Ethernet networks with low latency. It is relatively easy to set up and configure and is supported by many manufacturers of professional-grade audio equipment.

But just because Dante is simple from an audio perspective doesn’t mean there aren’t complexities when it comes to the data network. Dante is by default a unicast data flow, which can cause problems if Internet Group Protocol Management (IGPM) Snooping isn’t configured properly on the data network switch. 

There are other protocols to consider as well. As we discussed in a previous post, the Audio Video Bridging (AVB) standard that enables the delivery of Audio & Video streaming services over Ethernet must be supported by every network switch within that domain. The implementation of multicast networks to support audio and video conferencing and other use cases comes with its own set of network design considerations.

Someone who doesn’t know what they’re doing can cause network performance problems or in a worst-case scenario even bring down the network. We obviously want to avoid that at all costs, so we sometimes set up a separate, dedicated network infrastructure for running Audio & Video systems. If we’re able to work closely with the customer’s networking team, we can also set up a separate VLAN for Audio & Video equipment.

Increasingly, however, Audio & Video systems need to integrate with the IT infrastructure. This is primarily due to the adoption of soft codec video conferencing systems that run on a PC or Mac Mini rather than dedicated hardware. The benefit of this approach is that it’s very lightweight and less expensive. But let’s say you want to use an iPad or a touch panel to control that video conferencing system. The controller has to be on the same subnet as the PC, and it has to access the Internet because it’s a web-based service. The controller isn’t going to be bandwidth-intensive but you still have to ensure that the network is configured properly for performance and security.

That’s why working with Rahi Systems on Audio & Video projects is so beneficial. We have a team of Audio & Video specialists with extensive, hands-on experience in the latest technologies, and engineers with industry-leading expertise in the design and implementation of enterprise-class networks. These two groups collaborate as needed to deliver an end-to-end solution for our customers.

Today’s Audio & Video solutions connect to the data network, and are increasingly integrated with the IT infrastructure. Rahi Systems has the expertise to ensure that these diverse systems work well with one another.

Ensuring that Aisle Containment Meets Fire Suppression Requirements

Ensuring that Aisle Containment Meets Fire Suppression Requirements

Organizations continue to prioritize aisle containment as a means of controlling energy costs and protecting data center equipment from overheating. In a previous post, we explained how aisle containment prevents the mixing of hot and cold air by isolating each aisle of equipment. Whether you opt for hot- or cold-aisle containment, you’re essentially creating a room within a room by attaching ceiling panels, walls and doors to the cabinets within an aisle.

Aisle containment is regarded as a best practice in terms of energy efficiency. However, it can be at odds with fire suppression requirements. Organizations that don’t do it right may not pass inspection by the local fire authority, and could be faced with disapproval by their insurance carrier.

Data center fire suppression methods include traditional water (mist) sprinklers and clean agent (gas) systems. Sprinkler systems are primarily used to protect the building, while clean agent systems are better suited to protecting IT equipment. Some data centers have a combination of both.

Because suppression systems drop the fire extinguishing agent from above, an aisle containment system represents a barrier that can prevent the agent from reaching a fire. National Fire Protection Association (NFPA) standards call for 1.2 meters to 1.8 meters clearance between a sprinkler head and any obstruction. Ideally, the configuration of the IT equipment and aisle containment system would be considered early in the design of the sprinkler system to ensure these clearances are met.

Often, however, data centers are housed in an existing facility where the sprinkler system has long since been installed. In that case, the aisle containment system must be designed to accommodate fire suppression. One option is run sprinkler heads under the aisle containment roof — a costly and potentially risky proposition. Another is to use drop-away roof panels.

Drop-away panels are made of a material that shrinks at high temperature such that the panels drop to the floor. The panels are lightweight and theoretically would not harm a person standing in the aisle. However, the sprinkler system might be activated before the panels drop away and the water would not reach the fire. If the panels do shrink, they’re destroyed and must be replaced.

Rahi Systems, in partnership with Enconnex, has designed a better solution. Our aisle containment system features roof panels with electromagnetic holders that are tied into the fire alarm system. If the fire alarm is triggered, power is cut to the holders causing the panels to tilt downward out of the way of the sprinkler system. The panels do not have to reach a particular temperature to be activated, and can be set up again after they’re deployed. 

Rahi Systems has successfully installed its electromagnetic panel system in Loudoun County, VA., one of the most active data center markets in the U.S. Loudoun County was the first jurisdiction to point out some of the issues with drop-away panels, and has been strictly enforcing the fire code with regard to aisle containment systems. County authorities have approved Rahi Systems’ system.

It’s important to recognize, however, that it isn’t just a Loudoun County issue — data center operators everywhere need to be cognizant of fire suppression requirements when implementing aisle containment. It’s an expensive and time-consuming proposition to replace an aisle containment system that doesn’t pass fire inspection. Contact Rahi Systems to discuss our electromagnetic panel system and full line of aisle containment products.