IT systems and facilities are critical to University operations and the failure of a system or service can disrupt campus operations. It is therefore necessary to provide reliable infrastructure for systems operations in order to minimize the chance of service disruptions. Information security is also a concern and an environment must be maintained that minimizes the risk of a security breach. These objectives are met at CU Boulder, like most organizations, through the use of an appropriately designed and managed Data Center.
A Data Center is a specially designed computer room with high standards to ensure the integrity and proper functioning of its hosted computing and communications environments. These facilities are strategic assets that require active management in order to effectively support the mission of the University on an ongoing basis. The Data Center is a restricted area requiring a much greater level of control than normal work spaces. Only those individuals who are expressly authorized to do so may enter this area. Access privileges will be granted to individuals who have a legitimate business requirement to be in the Data Center.
This document establishes guidelines for access and physical security related to the Data Centers. The procedures and policies described in this document have been developed to help maintain a stable and secure Data Center environment as well as improve stability and security of the systems for all customers and must be followed by any and all individuals working in or visiting the Data Center. Failure to comply with these rules, or other behavior deemed inappropriate or that poses a risk to these facilities or their systems, may result in the loss of access and the incident reported to the employee’s supervisor and/or Director.
- All Data Center customers are required to be affiliated with the University of Colorado and possess a BuffOne Card.
- Every user is required to have a PIN number set on their BuffOne card.
- Authorization applies only to the named individual, is not transferable, and does not permit that individual to extend access to any other person.
- Third party vendors providing support for IT systems are permitted in the facility only with a Data Center customer escort.
- Any tours of the facility must be coordinated directly with OIT Data Center Management staff.
- Data Center and security doors will remain locked or secured at all times. Doors to the Data Center are never to be propped open.
- Extreme caution should be exercised to ensure that unauthorized persons do not gain access to the facility by “tailgating”.
General Work Rules
- Customers must carry proper UCB identification with them at all times within the Data Center. Falsifying or withholding one’s identity or refusing to cooperate with Data Center personnel is a violation of these rules.
- Escorted vendors are required to have proper state and/or company issued identification at all times when performing work within the Data Center.
- Data Center management staff reserves the right to exclude any individual from the facility. Anyone requested to leave the Data Center must do so peacefully and immediately.
- All Customers and Visitors agree to report any violation of these Rules or University policies, or any other suspicious or improper activity to the OIT Data Center management staff.
- Customers and Visitors are solely responsible for their personal belongings and property while on the premises.
- Touching, inspecting, documenting, photographing or any form of tampering with OIT or other customer(s) equipment is strictly prohibited. Persons seen engaging in such activity will be reported and may be subject to expulsion from the facility.
- The use of tobacco products of any sort shall be prohibited on all university-owned and operated campus grounds both indoors and outdoors. For more information please see CU's No Smoking Policy.
- Customer and Visitor use or visitation of Data Centers is contingent upon compliance with all University policies and rules.
- Food and drink are not permitted within the Data Center, including sealed containers.
- Liquids of any type are not allowed in the Data Center.
- All unpacking activities must occur outside the Data Center in designated staging areas. Absolutely no cardboard, plastic, packing peanuts, paper wrap, wood or other such materials are allowed in the Data Center.
- The Data Center team must be consulted for any new equipment to be installed in the Data Center. It is advisable to consult with the Data Center team as early as possible to confirm the necessary space, power and cooling will be available upon arrival for your equipment.
Data centers can be hazardous due to the presence of high voltage electricity and trip hazards. In order to minimize the risk of personal injury, the following rules will be observed.
- Avoid safety cones, barricades, caution tape, or other safety equipment that has been installed to guide you around hazardous areas including open floor tiles.
- The Data Center & staging area must be kept as clean as possible. All individuals in the Data Center are expected to maintain a clean working environment and clean up after activities as required. Boxes and trash should to be disposed of properly.
- Closed-toe footwear will be worn at all times while in the Data Center. Extreme caution should be used when wearing high heel shoes; this footwear may pose a risk while walking across certain perforated floor tiles.
- No network cables or power cord should be strung along the floor creating a trip hazard.
- Due to the noise volume within the Data Center itself, the use of hearing protection is recommended. The use of noise canceling headphones, earphones, etc. for the enjoyment of personal music is not recommended and my not be a suitable substitute for hearing protection.
Equipment Standards and Security
- Customer-owned equipment, and the software run on said equipment, remains the property and responsibility of the customer.
- Customer is responsible to ensure that their equipment and software is in compliance with University and campus IT policies and standards, including but not limited to the campus' Acceptable Use Standard and Secure Computing Standard for Servers. In particular, it is the customer's responsibility to ensure that their equipment is being used for appropriate and allowable purposes and that their equipment is running current, supported operating systems and software.
- Customer is responsible to ensure that operating system and application security updates are applied in compliance with the Vulnerability Management Standard.
- In the event of an emergency, exit the facility immediately and dial 911. Do not stop to collect personal belongings, and do not activate the Emergency Power off Button (EPO).
- The EPO is only to be used in the event of a life threating electrical emergency, such as electrocution or electrical fire. Activating the EPO in a situation that is not a life threatening electrical emergency will have a grave impact on the University, its departments and critical IT services.
- Violations of these rules or any nonemergency Data Center incidents should be reported to the Data Center Manager. Emergencies should be reported directly to the University of Colorado Boulder Police Department (CUPD) immediately or by calling 911.