WEBVTT

00:00.090 --> 00:06.000
If you want to keep your I.T. infrastructure up and hopping you better make sure that you don't let

00:06.000 --> 00:09.310
your electronics get too hot or too wet.

00:09.360 --> 00:14.920
And that's why I want to talk about heating ventilation and air conditioning better known as H-back.

00:14.940 --> 00:21.450
No I'm not going to turn you into an H vac expert but I as the security person for an I.T. infrastructure

00:21.690 --> 00:28.300
are very interested in making sure that all my computers are running in a happy happy good temperature.

00:28.350 --> 00:30.110
Good humidity environment.

00:30.120 --> 00:35.190
Now the number one rule when it comes to electronics is that pretty much the cooler you run a piece

00:35.190 --> 00:37.660
of electronics the happier it is.

00:37.770 --> 00:41.210
And HVAD is the tool by which we make that happen now.

00:41.320 --> 00:49.330
HVAD AC has two very different kind of worlds the first HBC world is the office environment the same

00:49.420 --> 00:53.050
office environment that you and I are walking around and taking care of.

00:53.050 --> 00:59.380
In that case we're trying to set up an ATV a system that's designed to be good for human beings which

00:59.380 --> 01:03.360
is going to be some type of room temperature I'm going to get into what that number is.

01:03.550 --> 01:08.390
And a good relatively humidity so that people can be comfortable.

01:08.410 --> 01:14.470
The second type of HVAD are what I'm going to just call server rooms and this type of situation we're

01:14.470 --> 01:22.180
talking about super powerful super sophisticated super expensive AC systems whose only job is to keep

01:22.180 --> 01:28.140
those racks and racks and racks of servers nice and cool and running in a 24/7 environment.

01:28.330 --> 01:35.860
Now luckily for us we don't have to go into tons and tons of detail on HBC what we do have to be aware

01:35.860 --> 01:41.620
of are some fairly scattered terms that you'll see on the exam that I want you to be comfortable with

01:41.860 --> 01:46.960
and probably the first one is going to be an infrared camera infrared cameras aren't important design

01:46.960 --> 01:50.780
element for any H-back system with infrared cameras.

01:50.800 --> 01:53.590
Also known as thermal images whatever it might be.

01:53.620 --> 01:58.700
These guys are sensors that look in the infrared range for heat sources.

01:58.870 --> 02:01.630
Using tools like this we can determine leaks.

02:01.630 --> 02:08.410
We can determine big heat emitters and then we can use shielding or insulation or whatever we need to

02:08.410 --> 02:11.770
do to be able to make our systems better.

02:11.770 --> 02:16.780
Next is zone based AC zone based HVAD.

02:16.810 --> 02:19.100
Well Peeno let me just show you a picture.

02:19.270 --> 02:22.350
So here's a little diagram of three offices.

02:22.360 --> 02:27.820
Now if you look carefully you'll see that each one of these offices has its own thermostat.

02:27.820 --> 02:31.470
However we only have a single HVAD system.

02:31.590 --> 02:36.690
Now if you look very carefully you'll see we have little louvers on everything little doors.

02:36.700 --> 02:41.800
So really what's happening here even though we have a single system people can control the relative

02:41.800 --> 02:47.970
heat or cool for their one little zone simply by adjusting their thermostat which will then open and

02:47.970 --> 02:53.550
close louvers which will control the amount of air going into each one of these systems.

02:53.560 --> 02:59.490
The last thing I want to cover and probably the big one for the exam are hot and cold aisles.

02:59.620 --> 03:06.700
If you think about a regular office in a regular office we usually have a c coming up from the floor

03:07.210 --> 03:12.130
and then we have some type of return air that's up in the plane homes in the ceiling.

03:12.130 --> 03:14.560
Now for rigor office environment that's great.

03:14.680 --> 03:19.360
But let's take a look at this diagram and I can show you some of the challenges we run into when we

03:19.360 --> 03:21.340
start going into the server rooms.

03:21.340 --> 03:27.490
Now if you take a look at this diagram we basically have an edge on look at all of these rows and rows

03:27.490 --> 03:31.840
and rows of server systems and they generate a lot of heat.

03:31.840 --> 03:38.800
So what we typically do is we have cold air coming up from the plenum on the floor and it usually comes

03:38.890 --> 03:40.420
up between two rows.

03:40.420 --> 03:45.210
We call this the cooled aisle now from the cold aisle.

03:45.370 --> 03:51.760
It will then go ahead and take that heat and push it out to the opposite aisles on either side of the

03:51.760 --> 03:57.650
cold aisle and then pull that up through the roof itself in what we call warm Isles.

03:57.670 --> 04:02.760
In fact in most systems today what we have is what we call a contained system.

04:02.890 --> 04:08.770
And in this case what really takes place is the cold air comes up through the plenum but it's actually

04:08.770 --> 04:12.640
pulled out through the real rocks themselves.

04:12.760 --> 04:18.340
And in that case the whole idea of cold aisle and warm out kind of disappears because the air is all

04:18.340 --> 04:20.680
contained within the electronics itself.

04:24.760 --> 04:29.290
One of the cool things about today's H-back systems is that they're pretty much in and of themselves

04:29.290 --> 04:35.860
their own little networks a standard HD system is going to have some type of controller system that's

04:35.860 --> 04:37.370
running an operating system.

04:37.450 --> 04:45.130
Even the individual little thermostats are often PCs if not PLCC that have their own operating systems

04:45.130 --> 04:47.490
and controls and interface and everything.

04:47.500 --> 04:53.030
The bottom line is is that today's VAX systems need their own security.

04:53.050 --> 04:57.850
So if you're going to be dealing with an H vac system here's a couple of things I want you to think

04:57.850 --> 04:58.530
about.

04:58.540 --> 05:05.230
Number one if at all possible do an air gap keep your H vac system completely separated from the rest

05:05.230 --> 05:10.610
of your network and I when I say separated I mean an air gap no connectivity whatsoever.

05:10.720 --> 05:16.630
If you can't do that at the very least consider putting in a plan to isolate your H vac system from

05:16.630 --> 05:18.130
the rest of your network.

05:18.130 --> 05:23.950
This is actually fairly common because in a lot of H-back systems you'll see stations all over the place

05:24.250 --> 05:29.770
where technicians can go up to do controls to the H-back system not not talking to thermostat I'm talking

05:29.770 --> 05:32.110
about big control systems.

05:32.110 --> 05:37.960
Now if that is the case this is one place I'm not a big fan of Mac filtering but here's one place where

05:37.960 --> 05:43.960
Mac filtering can actually work by setting up your Mac filtering so that only those workstations that

05:43.960 --> 05:48.900
are known to be supposed to be operating the H-back system have access.

05:49.060 --> 05:51.940
Mac filtering can be a real plus in that type of scenario.

05:53.090 --> 05:56.100
The last one is well a bit of a problem.

05:56.120 --> 05:59.610
The reality is is that none of us take care of our own systems.

05:59.630 --> 06:05.240
Invariably we have third parties will certainly install them but on top of that to maintain them and

06:05.240 --> 06:08.220
to keep them up and running and keep everything happy.

06:08.600 --> 06:16.160
And unless you actually want to pay for a third party technician to be in your location 24/7 we usually

06:16.160 --> 06:19.800
have remote monitoring which is a very common thing to do.

06:19.940 --> 06:25.820
And unfortunately there have been some fairly public security breaches as a result of bad guys using

06:25.820 --> 06:30.310
third party remote monitoring functions to get into a primary network.

06:30.320 --> 06:35.510
So if you're going to be having that type of stuff work out with your service level agreements to make

06:35.510 --> 06:41.540
sure that your vendors your suppliers your maintainers whoever it might be at the very least are using

06:41.540 --> 06:45.170
VPN access to get into your fax system.

06:45.260 --> 06:46.690
And if you can really do it right.

06:46.700 --> 06:48.860
Throw in a 2.1 x.

06:49.250 --> 06:52.060
All right so we've covered a couple of very basic points here.

06:52.070 --> 06:57.200
Keep in mind the exam is not going to hit you very hard on H-back it expects you as a security person

06:57.440 --> 07:00.670
to have an understanding that there can be issues that come up.

07:00.680 --> 07:03.930
However when it comes to actually keeping these things up and running.

07:03.950 --> 07:05.370
Leave it to the pros.