Server rooms

Server rooms and data centers must be operated as closed security areas in accordance with BSI IT-Grundschutz. It should be noted that for small installations with a maximum of two servers, module INF.5 “Room and cabinet for technical infrastructure” can be used as an alternative. For large server rooms, however, the requirements of module INF.2 “Data center and server room” are mandatory.

Below you will find a summary of the basic requirements. These requirements must be met:

A server room must be operated as a closed security area with clearly demarcated zones in which all technical and organizational specifications are defined and documented. It must be ensured that administration, logistics, IT operations and support areas are clearly separated from each other. BSI - INF.2.A1

To prevent the spread of fire and smoke, fire and smoke compartments must be formed that offer protection for the technical equipment above and beyond the minimum requirements of building regulations. These sections must be implemented both in data centers and, as far as possible, in server rooms. BSI - INF.2.A2

All components relevant to the operation of a data center must be supplied via an adequately dimensioned uninterruptible power supply (UPS). It should be noted that the control of air conditioning systems must also be connected to the UPS and the batteries must be operated within the recommended temperature range and serviced regularly. BSI - INF.2.A3

In addition to the UPS, a parceled emergency shutdown of the power supply must be provided so that in the event of danger, only affected areas are de-energized and unintentional shutdowns are avoided. The emergency stop switches must be protected against unintentional or unauthorized operation. BSI - INF.2.A4

As IT components only work reliably under defined climatic conditions, it must be ensured that the temperature and humidity are always within the prescribed limits. These parameters must be continuously recorded and used to analyze the cause of any deviations. BSI - INF.2.A5

Access to the server room must be controlled by means of an identity and authorization management system. Every access option must be logged, regularly checked for compliance and documented in a concept. BSI - INF.2.A6; BSI - ORP 4

All doors and existing windows must be kept permanently locked and must offer a level of resistance to attacks that corresponds to the defined level of protection. Privacy screens ensure that views from outside are prevented. BSI - INF.2.A7

A comprehensive fire alarm system must be installed and connected in such a way that all alarms are forwarded and serviced immediately. In addition, a state-of-the-art extinguishing or fire prevention system must be used; alternatively, sufficiently dimensioned hand-held fire extinguishers must be provided, the use of which must be known to all authorized persons. BSI - INF.2.A8 und .A9

Inspection and maintenance intervals must be observed for all structural and technical components, based on the manufacturer's specifications and standards. The results of all work must be recorded and any fire bulkheads must be checked for integrity. BSI - INF.2.A10

The infrastructure - including leakage, air conditioning, power and UPS systems - must be monitored automatically so that faults can be reported and dealt with immediately. For server rooms without permanent on-site support, remote display systems must be installed to trigger an alarm in good time. BSI - INF.2.A11

Finally, only cables that directly serve to supply the IT infrastructure may be laid in server rooms. Any necessary routing for other areas must be documented, justified and monitored in order to minimize hazards. BSI - INF.2.A29