10 Critical Questions to Ask Your Colocation Provider

Whether you’re moving your IT infrastructure to a colocation provider for the first time or looking to switch to a new provider, finding the right partner to keep your operations running 24/7/365 is a critical piece of the puzzle. Working with a colocation partner can provide the benefits of lowering operational and personnel costs, increasing reliability and performance and re-directing resources. 

When conducting your search for a colocation provider, be sure to visit prospective facilities to assess staffing, security, and support and come prepared with questions based on your business’ data storage needs. To help with this process, here are the 10 key questions you should ask any colocation provider:

1. How redundant is your data center?

The redundancy of a data center’s critical systems is a crucial factor in ensuring its uptime. The most important critical system is power. Here are some tips on what to look for in a truly redundant data center and what to be wary of in providers that are not:

• Data centers with the highest levels of redundancy provide a Redundant Isolated Path Power Architecture. This means at least two independent, parallel paths of power all the way from the utility to your racks so issues can be isolated to single paths.
• If a provider is using paralleling technology in their critical subsystems, they are not operating in a truly redundant way. In a paralleled system, the Uninterruptible Power Supply (UPS) and generators are connected, which introduces complexity – ultimately a disruption could cascade across the entire infrastructure, bringing down the entire power system. 
• Truly redundant data centers operate only Online UPS systems. “Online” means that the computers protected by the UPS are always powered directly by the UPS, which offers a more stable method of power conditioning and delivery. A very redundant version of Online UPS system is a Double Conversion Online UPS system. 
• Many data centers often run on “Offline” or “Line Interactive” UPS systems, which means that during normal operation, they really aren’t powering the computers connected to them. During normal operation, an Offline or Line Interactive UPS system only protects against extreme surges or failures of power. This is not a truly redundant way to operate a data center and something to be wary of.

2. How secure is your data center?

A data center should employ comprehensive security measures, from the physical characteristics of the building location all the way to the individual cameras located throughout the data rooms. Characteristics of a secure data center include:

• Location and Structure – The building is in a geographically stable location, easily accessible but in a low traffic area, there are no outward-facing windows from the data center rooms, and all outside critical systems are fenced off and monitored.
• Physical Security Systems – All entrances and externally located critical equipment should be alarmed, caged, require dual-factor authentication for entrance and surveilled by cameras that feed into the Network Operations Center (NOC), which should be manned 24/7/365. Additionally, advanced systems should be in place to continuously report the status of the electrical and mechanical infrastructure to the NOC staff. The following is a suggested list of items to ask if, and how, they are monitored:
  • Intrusion 
  • Fire 
  • AC power failure 
  • Generator failure 
  • Temperature / Humidity 
  • Breaker trips 
  • Leak Detection
  • UPS failure
• Logical Security Systems – Logical security refers to the specific controls put in place to govern access to computer systems and data storage. While physical security acts as an exterior defense, logical security is more deeply ingrained into the system to prevent intrusion.
• Third-party Audits – All security systems should be audited by a third party to determine whether or not that data center has met the standards of security. The highest such standards are SAS70 Type II and SSAE SOC 1 Type II. 

3. What certifications and audits does your data center have?

A data center must have controls in place that comply with industry-recognized standards. Standard audits and certifications for data centers include SSAE (a replacement of SAS 70), PCI (payment card industry) and HIPAA (for protection of sensitive electronic protected health information). Before searching for a colocation provider, you should understand the compliance standards and certificates that are required for your industry. Learn more about the different Compliance & Security requirements here.

4. How connected is your data center?

The connectedness of a data center is an important indicator of the reliability of its network and the flexibility you will have as a customer to find a network solution that works best for your business needs. A data center should provide bandwidth from multiple tier-1 backbone providers. While bandwidth built on two of these provider backbones is acceptable, bandwidth built on three such backbones is truly enterprise-class. 

Your provider should also give you the flexibility to scale as you grow and accommodate the installation of additional equipment and networking capacity, on-demand. Does the data center have the flexibility, in their contract terms, the design of their facility, and the responsiveness of their support group to accommodate that need quickly and effectively? 

5. What level of support does your data center provide?

Make sure that your data center’s Network Operations Center is staffed 24/7/365 by on-site engineers that can provide hands-on help in the event of a problem or emergency. While you might not foresee the need for help inside your rack, consider the benefits that an experienced network engineer can provide in the way of remote hands when you need a server reboot or technical support above the hardware layer at 3 AM.

Some additional questions you can ask to help clarify the level of support a prospective data center partner offers:

• Do they provide server reboots or can they go deeper? 
• Do they stop at the network layer or can they provide help all the way through layer 7, also known as the application layer, of the Open Systems Interconnection (OSI) Stack? 
• Who staffs their data center after hours: a security guard or onsite engineers?
• How are trouble tickets handled and problems escalated?
• What staff members are on-call both during and after business hours?
• Is everything automated or do human beings answer the phones, respond to tickets and troubleshoot problems in your rack?

6. Can they provide managed hosting services, or managed servers, in addition to colocation?

Managed servers are single or multiple server installations with dedicated power and bandwidth, hosted within the data center. They are best suited to customers who would prefer that the data center own, operate and monitor the equipment on which their applications are running. 

If a data center provider offers both colocation and managed hosting, they should have the ability to augment a customer’s hardware infrastructure with resources on-demand. This hybrid hosting solution enables significant flexibility to grow and scale of resources. When a layer of virtualization is added to a managed hosting configuration, the customer can reap the benefits of cloud computing in what is known as a private cloud. 

In addition to managed hosting options, ask the data center provider if they can support other managed services including managed storage, managed backups, and managed devices. While your business may not need this now, you should have the flexibility of supplementary services if your needs change.

7. Does your data center help with compliance such as HIPAA and PCI? If yes, at what level?

If your business interacts with sensitive customer data, whether that is financial, or health-related, or any other kind of sensitive data, it is important that your data center can help with ensuring your business is compliant with rigorous and consequential compliance standards. It’s critical you understand the compliance nuances of your industry before starting the process of selecting a colocation provider. 

Two of the most common standards are HIPAA and PCI – 

• The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. There are 12 PCI DSS requirements for compliance and a data center that boasts PCI compliance should be able to help customers configure their network to accomplish requirements 1-6 and 8-12. You can learn more about PCI DSS compliant hosting here.
• The Health Insurance Portability and Accountability Act (HIPAA) establishes requirements for the use, disclosure, and safeguarding of electronic protected health information (ePHI). If a data center is truly your partner in HIPAA compliance, they will work with you to build a comprehensive, fully-compliant solution that addresses the confidentiality, availability and integrity of ePHI. You can learn more about HIPAA compliant hosting here.

8. What level of support can you provide for disaster recovery and business continuity?

A data center partner that is a disaster recovery site should have the highest levels of security, redundancy, reliability, and infrastructure necessary to house your servers. They should also be able to provide optimal support remotely since, by definition, your disaster recovery site will be located remotely from your business operations.

Some additional considerations when vetting a data center partner for disaster recovery:

• They should work with you to help identify your Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is the duration of time in which you have to get back online before you’re negatively impacted, while RPO is the age of files that must be recovered from backup storage for normal operations to resume i.e. how much data you can afford to lose. Ask what they can guarantee in RPO and RTO.
• Do they provide cloud-based disaster recovery solutions? If so, this is a good option if you’re looking for a secondary infrastructure where you can spin up resources on-demand or replicate data in the event that they need to failover to the disaster recovery site in an emergency. 

9. What kinds of resources and tools are available to help me be successful as a customer?

Whether or not you plan on making regular trips to your data center, it is best practice to find out what tools and resources the data center makes available to customers and whether these tools are accessible and available for use 24/7/365. Most data centers require customers to bring everything they need to work in their server cabinet or rack. But a true data center partner should have many of these tools and resources onsite along with staging areas and diagnostic equipment should you need them.

10. Have other customers been successful in partnering with your data center?

It’s important to understand how other customers have been successful in partnering with this data center provider. Customer references and case studies are a strong indication of how the data center goes about solving unique challenges and delivers on what was promised. Have a list of questions to ask the data center’s references

Additional questions you can ask to learn more about the providers customer base:

• What is the average customer tenure?
• How can the data center accommodate current and new customer growth? 
• What is the average customer size or footprint?