• Free for qualified executives and consultants to industry

  • Receive quarterly issues of Area Development Magazine and special market report and directory issues


Tackling The Risk Factors of Third-Party Data Centers

Third-party data center users need to assemble an experience team — including IT professionals, engineers, real estate advisors, attorneys, and others — to help reduce risks on all fronts.

Data Centers 2017
Third-party data centers involve complex dynamics. They carry several layers of risk that must be carefully qualified by tenants before a final relocation decision is made. Data center real estate brokers are well qualified to take the lead on relocation and evaluation — and to help identify vendors to properly support the assignment.

The overall process begins with a “data center road map” created by an IT consultant working with the CIO or CTO. The “map” spells out the new center’s detailed requirements and should set forth an approach that increases redundancy, resiliency, security, and operational efficiency — all of which reduce risk in the new venue. While finishing the “map,” the type of service — wholesale, collocation, managed, and/or cloud services — will become evident. Then the real estate broker will explain the tenant’s options in the desired geographical area.

When it comes to third-party data center decision-making, the four top risks are site and building, MEP design, operations, and contracts.

Site and Building
After narrowing down the site search to the two or three best wholesale or collocation options with professional RFI/RFP grading systems, the location team should conduct their due diligence on each prospective location.

No site is perfect, and most providers have grown by acquisition. They didn’t build or design every center they own or lease. The tenant must thoroughly evaluate the site and its services, confirm that the operations conform to the design the landlord has described, and verify its service capabilities. This report can take up to two weeks to prepare because of the complex evaluation criteria: the neighborhood; security; the mechanical, engineering, and plumbing (MEP) plans; and also for the review of operational manuals.

Human error is the primary cause of data center outages, so tenants must know how personnel and visitor access is managed. Manmade threats around the property must be examined, such as airports, chemical plants, nuclear fallout, easements, and a range of other potential sources of exposure. Buildings should feature a crash-proof perimeter fence, and security guards and camera at the site entrance, in the lobby, and at the loading dock. Once the tenant enters the building, there should be a mantrap, security camera, biometric/card readers to the hall and the cage.

Finally, natural disasters are assessed, which can include such items as hurricanes, seismic conditions, rivers, the 500-year flood plain, and other possibilities. If venues lack some measures, risk should be weighed accordingly.

MEP Design
Next comes investigation of the MEP design and layout. The location team should review and visually verify the tier rating, MEP qualification, and single-line drawings. Remember that third-party provider’s salespeople may potentially convey inaccurate information during site tours.

The team should understand the electrical capacity, current draw and age of the generators, uninterrupted power supplies (UPS), power distribution units (PDU), cooling equipment, and water serving the candidate location. The electrical and mechanical engineers should inquire about the electrical substation design, capacity, electrical draw from the center, and the precise path electrical lines take on the pole or underground to the building from two separate directions. Questions include:
  • Does the provider schedule load testing, and how often?
  • How many fuel delivery contractors are used, and are there generators on their fuel pumps?
  • Are fuel providers in a flood zone?
  • Will fuel tankers arrive 24 hours before an expected storm?
The location team must visually evaluate the dual fiber paths into both sides of the building. Telco consultants should focus on the primary and redundant lines coming from two separate paths from the central offices. For trader or bank tenants with dozens of cross-connects and latency-sensitive users, more work is required.

This evaluation and data will help protect the tenant in the lease negotiations and the structuring of Master Service Agreements (MSA), Service Orders (SO), and Service-Level Agreement (SLA) credits. This evaluation helps tenants understand the risks and how to address them in the design, in the operation, and within the agreements.

Human error is the primary cause of data center outages, so tenants must know how personnel and visitor access is managed. How do people enter each building area?

The location team must scrutinize the operations on tour and in the manuals to evaluate the potential for human error or unauthorized access. Tenants should impose limits on the number of permissible security breaches over set time periods. If multiple breaches occur for this event or others, the SLA should provide recourse in the form of a credit or, potentially, termination. Questions include:
  • How many people are on site providing all center-related services during business hours — and, more importantly, during off-hours?
  • Are there enough personnel to keep the facility secure and operational, and to address repairs to base-building electrical, cooling, and telco/network systems the tenants share?
  • Are there qualification standards for all vendors permitted entry?
  • Are there primary and secondary contractors to address emergencies after hours — and who must arrive within one hour?
Users should understand the operations manual and portal on the provider’s website so they can order work, follow project work, and terminate services. Almost every center is designed and operated differently. Tenants thus need an MEP team with years of experience — and one that’s familiar with different designs. The team should ask:
  • Is there a network operations center on site?
  • Alternatively, is there remote monitoring of equipment, environmentals, building security, and people throughout the facility?
While “data center industry certificates” help tenants understand center operations, they don’t always protect tenants in the license or lease, except with such specialized certificates as HIPAA. Annual operational “third-party certificates” help disclose operator quality, however, because operators pay for them themselves. They show whether internal checks and balances exist. Indeed, the user’s company may require these certificates to verify compliance with accounting standards and/or Sarbanes-Oxley.

The Contract
Because centers vary so widely, each requires its own unique and customized agreements and transactions. And agreements and transaction structures each carry risks. Missteps can incur substantial financial losses. Other risks include limitations on space, power, telco, cross-connect costs, and equipment upgrades.

Users must first determine their space and power requirements, lease terms, and rent structure. Tenants should then judge whether their footprint and power would shrink or grow over the term of the agreement, MSA/SLA or SO. The data center road map helps provide answers.

Amid rapidly changing technology, tenants must make educated guesses about power and space. Incorrect predictions can be costly. The setting may not permit many changes in space, for example, until lease expiration. And when leases or licenses expire, space changes may be difficult, even if tenants renew.

Tenants can avoid paying for unused power or unneeded space. For example, a tenant may foresee the need for more cabinets. In today’s collocation centers, tenants may choose to use nine-foot cabinets, which are probably not present now. This can provide for future growth within a smaller footprint. Tenants can also accommodate future growth by taking space for more cabinets than are currently present. Users pay for these cabinets for the entire term, expecting to grow into them.

tenants need a data center attorney who understands data center design and its complexities. Tenants can ask for a first right of refusal on contiguous space. These rights are usually triggered within the first 12 months but not needed until the second or third year. This happens because most collocation data halls are modest in size, and providers are continuously leasing cages or units around the tenant’s unit. A tenant’s next request for additional space would be in the same data hall or the next-closest data hall under construction. But the further tenants move from their original installation, the more cabling is required, which increases risk.

If users think demand will decline because of a move to the cloud or other reasons, this should be negotiated up front. Providers may be able to position such a tenant next to a user expecting greater power usage, or in space compatible with downsizing.

For users of 750 kW to more than 1 MW, tenants should negotiate for possible growth. User strategy can be guided by the engineer’s due diligence report, which indicates how much additional power will be needed — and when. This helps ensure that landlords will add — and pay for — the necessary equipment to accommodate tenant needs. The tenant should also request a power ramp up front to avoid paying for unusable total power, because it takes months to move servers into a new center and grow into the contracted power. It is also essential for the tenant and the engineer to clearly understand and negotiate the Power Utilization Efficiency (PUE) rate. Tenants should want to achieve a rate of 1.2 to 1.7 in an operational center. Tenants should request periodic capacity updates on equipment, and receive notice when power-related decisions must be made that affect equipment upgrades or expansion. Users truly must comprehend all technical aspects of their capacity-related options. By understanding all possibilities and knowing how they would work out in “real space,” tenants are less likely to run out of space and power. They’ll also be less likely to pay for unneeded space or unused power.

Collocation users can reduce the odds of overpayment through three transaction types: metered, breakered, and draw cap. Collocation tenants may request a metered transaction for IT draws between 65 kW and 145 kW, but that can depend upon the market, the provider, and MEP design.

Most collocation rent structures are breakered and/or draw cap. The best option is the draw cap. Under breakered structures, landlords calculate 100 percent of the breaker’s kilowatt (kW) capacity to determine the tenant’s monthly power draw, used or not. Tenants pay rent on 100 percent of breaker capacity, though actual usage never exceeds 80 percent of any circuit. If the tenant likes to use oversized circuits, it will only cost the company more money, so the tenant needs to request the draw cap model. If the provider does not grant the request, find a new provider.

The draw cap is the best structure for small collocation users. Tenants estimate their power use — factoring in some growth — for 100 percent use of the power or more over the five- or 10-year agreement. This ensures access to immediate capacity. If more power is needed over the term, users pay only their contracted price per kW for that added amount. This structure also means users can tap oversized circuits without paying additional rent. This may save money long-term, because users won’t have to ask providers to install larger breakers when needs grow. Providers, however, will charge for the new circuit and for installation costs, when required.

In all cases above, the tenant should understand its important long-lead items to order, and time that with the commencement of the buildout and server relocation/migration so that the tenant receives the full benefit of the concessions negotiated.

Finally, tenants need a data center attorney who understands data center design and its complexities. The lawyer should know that the generator is connected to the UPS, PDU, Remote Power Panels (RPPs), and the servers so they can protect the tenant and reduce risk. The ideal attorney should have many years of experience — and should have completed at least 20 of the same-type transactions the tenant is now buying into.

Attorneys must understand user priorities and whether changes are needed in the MSA, SLA, and SO to mitigate risk. These documents do not easily or clearly communicate, and they will be some of the most complex documents that the IT and real estate departments will ever encounter. The attorney and engineer need to assess and understand the operational documents on the provider’s website. Then they should be attached to the executed agreements.

Final Advice
No single professional consistently knows the best solutions when it comes to third-party data center selection. The real estate professional knows the vendors, availabilities, services, and best providers to accommodate the tenant. That’s why users require an experienced team to help reduce risk on all fronts.

Each center’s requirements differ — and tenant priorities differ, too. Every transaction and process must be customized to suit the tenant’s needs. Happily, this customization process will inevitably engender valuable and novel solutions that are sure to serve the tenant’s long-term interests.

Exclusive Research