I was just reading about the Fukushima accident, and how most of the EDG's failed because they were water-cooled, and while the EDG's were located out of harms way, the pumps for providing cooling water were located on low ground and were damaged by the tsunami. http://fukushima.ans.org/report/accident-analysis
Yesterday I saw a story about the Datagram data center in NYC having to shut down. From their reports about the damage (http://www.datagram.com):
"As of 5pm on October 29, 2012, Datagram had thoroughly tested its emergency systems at 33 Whitehall, NYC fully staffed and awaiting the storm to hit Manhattan's shores. Once ConEd lost power to Lower Manhattan, Datagram's emergency systems kicked on maintaining power to Datagram's datacenter. Unfortunately, within a couple hours of the storm hitting Manhattan's shores, the building's entire basement, which houses the building's fuel tank pumps and sump pumps, was completely filled with water and a few feet into the lobby. Due to electrical systems being underwater the building was forced to shut down to avoid fire and permanent damage."
It's pretty obvious that, despite all the disaster planning done in the past, Datagram (and TEPCO, and others) have really neglected to appreciate the potential modes of failure for their backup power systems. In both cases, they misunderstood the threat to critical backup power infrastructure. If your EDG is on the roof but the fuel pumps and electrical switchgear is in the basement, what will happen during a flood? If your EDG's are on high ground but the pumps to cool them are not, what happens during a tsunami?
So you could store:
- tank full of diesel
- some compressed air cylinders
at a low level, and use them in the "everything is submerged" event.
17 stories = 46 meters
Energy required = 1621 * 46 * g = 732 kJ
Integrating PV=nRT, W = -nRT*ln(V₂/V₁)
assume you're going to compress the air to 150 psi, or 10 atm, so V₂/V₁ = 10. Assume T=10 degrees C. Solving for n, you need 880 moles of air.
Putting this back through PV=nRT, we get a modest 190 gallons of air (compressed).
So you need a 200 gallon tank with 150 psi storage. Look, here's one on craigslist for $400.
Also, I think you have made an error in your arithmetic.
Of course, if the diesel has water in it it's no good anyway. And the submersible pumps are mainly sludge or slurry pumps and (I suspect) not rated to handle fuel.
These data centers are well designed, but it's impossible to cover every disaster scenario.
It's easy for you to sit here after the fact and snipe at them. If you really think you can do better, go start designing them yourself. If you succeed, you'll do quite well for yourself.
Manhattan is a low-elevation coastal island in a region of the country prone to hurricanes. Flooding is an obvious disaster scenario. It's not like we're asking them to plan for nuclear war, here.
So what other reasons are fuel tanks placed in basements that outweigh the risk of putting them in the basement (everything except tornadoes would seem to be a con for basements)?
Additionally, "Flooding" would seem to be a fairly typical disaster scenario. Again, what does putting them in the basement prevent against that makes it a good alternative.
Plenty of people are designing better datacenters and using them, there is no need for the parent to go out and do anything. If customers hold internap/et al accountable, the problem should take care of itself.
(of course, they won't, but that's another matter :P)
1. Stop claiming they are disaster tolerant, because they aren't. Flooding is a common case.
The exact rule i'm aware of is "406.5.3 Storage tanks. Motor fuel storage tanks shall be installed below ground, except
as authorized by the rules of the Fire Department"
So get the fire department to authorize it.
2. Datacener folks should lobby new york city. Bloomberg would likely care.
3. Find something other than motor fuel, which is what is restricted :)
If all else fails:
4. Stop building disaster tolerant datacenters in new york. This is why a lot of financial folks who aren't HFT's build in Seacaucus, etc. There are very few people who need to place a DC in new york, and can't afford to be across the river.
(I'm very keenly aware of the bandwidth situation in both places, FWIW)
I'm sure if datacenters start moving across the river, Bloomberg would care.
Building codes and other restrictions are taken into account by the big boys (Google, Apple, Facebook, etc) when they build large datacenters.
If I had a website or service hosted at a data centre likely to go offline, I'd be annoyed if I were reassured that everything was taken care of right before the system went offline.
For those companies hosting production services on an island a few feet from sea level without a DR plan, I simply laugh. You deserve our scorn, not our production data.
> Submesible pumps or rig a block and tackle out of a window and haul jerry cans up that way safer thna carying open buckets by hand.
"The 17th and 18th floors of 75 Broad have been reserved for generator farms that can accommodate as many as 40 machines. Big doors will be installed in the facade of both floors so the generators can be rigged into the building.
A 41,000-gallon fuel tank is being installed in the basement, with a separate generator and three redundant pumps to supply the generators on the 17th and 18th floors. Each tenant will own its own generator -- E-Spire already has one installed outside on the setback on the 17th floor -- but the building will sell them fuel."
More importantly, though - and not to discredit any of the hard work that's been done - hopefully the companies take a look at why the problem was created in the first place. For instance: why were the generators on the 17th floor? Why were the pumps below ground? Why was the datacenter built in a floodzone in the first place?
This is not unlike a lot of problems we face in software - developers bearing the consequences of poor planning.
This site, the/a main one for the Huffington Post (Datagram), they're all in Zone A, when Zone B flooding was considered to be likely :-( http://project.wnyc.org/news-maps/hurricane-zones/hurricane-... ). I'm sure Manhattan Island datacenter space in Zones A and B cost less, but....
(I too use them for email and their siting has always been one of my biggest concerns.)
Why wasn't there an additional pumping room on the 3rd floor, pre-built, with a legal amount of diesel in reserve, and a additional pumps to take over from the basement pumps when those fail, thus saving your bucket brigade 14 floors of climbing?
Why are you carrying diesel in the open in 5 gallon buckets and not in fuel containers that were purchased years ago?
All in all seems somewhat half-assed.
Pumps are placed next to the fuel because pumping liquid over any significant vertical distance requires the pump to "push" rather than "pull". The fuel is placed in the basement because nobody wants to sit next to a tank full of diesel.
"Pumps are placed next to the fuel because pumping liquid over any significant vertical distance requires the pump to "push" rather than "pull". The fuel is placed in the basement because nobody wants to sit next to a tank full of diesel."
The proper design would seem to have two pumping stages. One from basement to 3rd floor, the other from 3rd floor to 17th floor.
If fire codes are such that one can't safely store 24 - 72 hours of fuel above flood level, don't advertise that your data center has reliable emergency power backup.
edit: Nope. http://news.ycombinator.com/item?id=4723814
And I doubt anyone who's in that building needs "credit" or "a mention in the post-mortem" more than they need the uptime they've paid for.
Was it actually connected to the outside world throughout the storm?
I have a hard time imaging that with the power out in large sections of the city some key router on the line wouldn't have also lost power.
If that's the case, the effort was put in just to keep the computers warm to prevent unplanned shutdown, not to actually provide uninterrupted service to the customer?
I'm not familiar with data center operation. If you're already cut off from the larger network at what point does it make sense to keep the machines running vs. shutting them down?
Or perhaps i'm just mistaken and they were actually connected throughout. In which case I find it amazing that the water knocked out pumps and necessitated other shutdowns but their network wasn't damaged in some way.
(I am a Squarespace employee)
Columbia Tower in Seattle, Firefighter Stairclimb event (I think you could agree a firefighter is probably on par with a soldier for fitness) - 63 stories carrying 50ish pounds of gear, average finish time, 48 minutes.
7 trips an hour up and down 17 stories = 119 stories.
Oh, and the firefighters are exhausted, drenched in sweat, require cooling down and up to an hour in rehab for each climb, with legs near collapse, burning like fire...
If I had to do this, I'd be going with the bucket brigade, every time (spoken as someone who has completed that stairclimb event).
I'd say the chance of one of their people getting hurt isn't really worth anyone's uptime.
Also all the single site prep in the world doesn't help if that one site is taken out completely. Keeping multiple servers in multiple areas is a must if 100% uptime, even during events like this, is key.
When constructing my earthquake preparedness kits I spent some time looking at what happened when folks were in earthquakes both in reasonable infrastructure places (Chile) and less reasonable (Haiti) and non-existant (Turkey). That led to having a 'suture kit' in my day pack because one of the common themes was that there were emergency personnel around who were trying to help but they were often without or short on basic supplies to treat severe lacerations. I have no illusions about being able to suture myself up if I needed it, but I do have hope that I could find someone with the skills to do so. And by having distributed emergency supplies with lots of people, it means that as more people collect the better supplied the resulting group will be.
So back to our flood, a number of buildings include a lift system on the roof for moving heavy things in and out of the building that can't go by elevator. One preparedness solution would be to have a way to utilize that system with a bunch of buckets that would let people do this without carrying up the water directly. If it could be made part of the regular gear that they have on site for doing lifts, that might be a positive thing overall.
Pulley system wouldn't work inside. There isn't a gap in the stairwells and it's not a straight shot up. Going over the side of the building would potentially work but there'd need to be a boom to get it off the side of the building and without some sort of power winch it's a matter of hauling one or two buckets up manually and I think that'd be lower throughput than the brigade system where you get 1-2 buckets in the time it takes to walk up two flights of stairs.
It'd be more a 'thereifixedit.com' solution than something you'd use on a daily basis, but it could (possibly) work.
Don't necessarily need 17 stories depending on internal layout.
Not nearly as much fun, though.
Besides that, I don't think the powers that be want people belching diesel exhaust just a few feet above street level.