Global Foundation Services Blog

Offering Support to Help Victims of the Japanese Earthquake

GFS1 — Sat, 12 Mar 2011 01:43:48 GMT

By Charlie McNerney, GM, Business Management, GFS

On Friday, March 11th, 2011, a magnitude 8.9 earthquake hit Japan followed by a series of tsunamis, causing widespread damage. In response, Microsoft activated its Disaster Response protocol. We are currently accounting for all our employees and assessing all of our facilities for any impact.

We are saddened by the devastation caused by the earthquake in Japan. We are reaching out to our customers and partners to conduct impact assessments, and we are providing those impacted by the earthquake with free incident support to help get their operations back up and running. There has been no disruption to our cloud based and hosted services, and we continue to monitor the situation closely. Microsoft also has a cloud-based disaster response communications portal running on Windows Azure that is available to governments and nonprofits to use for communication between agencies and with citizens.

More information on Microsoft’s response to the disaster is on our Microsoft Corporate Citizenship website which will be updated with any new developments.
News and Resources:

• Search Bing for the latest quake information
• Get the latest news from MSNBC
• See updated images
• Watch related videos
• Get breaking news on Twitter

//cm

Shedding Light on Our New Cloud Farms

GFS1 — Tue, 04 Jan 2011 15:00:00 GMT

By Kevin Timmons,
General Manager of Datacenter Services

It’s an exciting time for Microsoft’s datacenter program. In addition to operating one of the largest global datacenter footprints in the industry, we have been super busy working on multiple next-generation, modular facilities that are in various phases of construction.

One of our most innovative new datacenters is set to open in Quincy, WA in early 2011 and incorporates key learnings from award-winning facilities that Microsoft opened last year in Chicago and Dublin. The Dublin facility uses server PODs and outside air economization to cool the servers, which significantly reduces cooling expense and infrastructure costs. We took a slightly different approach with our Chicago datacenter which utilizes water-side economization for cooling and improves scalability by using IT Pre-Assembled Components (ITPACs.) An ITPAC is a pre-manufactured, fully-assembled module that can be built with a focus on sustainable materials such as steel and aluminum and can house as little as 400 servers and as many as 2,000 servers, significantly increasing flexibility and scalability. You can learn more about our ITPACs by going to the ITPAC video.

View our Modular Datacenter slide deck

The expansion in Quincy takes these ideas a step further by extending the flexibility of PACs across the entire facility using modular “building blocks” for electrical, mechanical, server and security subsystems. This increase in flexibility enables us to even better support the needs of what can often be a very unpredictable online business and allows us to build datacenters incrementally as capacity grows. Our modular design enables us to build a facility in significantly less time while reducing capital costs by an average of 50 to 60 percent over the lifetime of the project.

When Phase 1 opens in Quincy it will be located adjacent to our existing 500,000-square-foot facility. However, the new datacenter is radically different. The building will actually resemble slightly more modern versions of the tractor sheds I spent so much time around during my childhood in rural Illinois.

Tractor shed in my home town of Mt. Pulaski, IL

The building’s utilitarian appearance belies its many hidden innovations. The structure is virtually transparent to ambient outdoor conditions, allowing us to essentially place our servers and storage outside in the cool air while still protecting it from the elements. The interior layout is specifically designed to allow us to further innovate in the ways that we deploy equipment in future phases of the project. And, like any good barn, the protective shell serves to keep out critters and tumbleweeds. Additional phases have been planned for the Quincy site and will be built based on demand. Those phases will incorporate even more cutting-edge methods to deploy servers and storage in ways that have never been seen before in the industry.

We will open other modular datacenters later in 2011 in Virginia and Iowa and I’ll be sharing more information about those facilities at that time. Our modular approach to design and construction with these facilities will allow us to substantially lower cost per megawatt to build and run our datacenters while significantly reducing time to market. This is the holy grail for most datacenter professionals…. fast, cheap and reliable – what more could you ask for?

We’ve been sharing our research and best practices around modularity with our partners and others in the industry for a number of years and I’m thrilled to see the industry begin moving in this direction. By sharing our learnings, we’ve helped others build more sustainable facilities and reduce our collective carbon footprint.
Stay tuned for more information about our future datacenter projects in 2011.

//Kev

Watt Matters in Energy Efficiency!

GFS1 — Mon, 13 Dec 2010 15:00:00 GMT

By Dileep Bhandarkar, Ph. D.
Distinguished Engineer
Global Foundation Services, Microsoft

I recently had the privilege to deliver a keynote speech titled “Watt Matters in Datacenters” at the Server Design Summit in Santa Clara, CA on December 1, 2010. My keynote focused on energy efficiency in datacenters and the need for holistic optimization of the server hardware and datacenter infrastructure. I have covered this topic in a previous blog but wanted to take this opportunity to discuss some of the work that we have been doing with our industry hardware partners to optimize server design for cloud computing.

As part of our commitment to driving efficiencies in our datacenters, we have been working actively with server OEMs, microprocessor manufacturers, disk drive vendors, memory suppliers and other component suppliers to increase the efficiency of server designs. We share our detailed requirements, develop concept designs, and work with our partners on optimized designs that are then shared out and available to the industry at large. We firmly believe that this strong partnership approach and sharing our best practices is the best way to advance the state of the datacenter industry and meet our cloud computing needs.

I also presented some opportunities that server designers should consider to further optimize for cloud computing including:

Better Alignment with Datacenter Technologies
480V 3 phase power supplies at rack level
In rack UPS instead of current central UPS
Rightsizing of platforms for major workloads
Low Power DIMMs and Processors
Tiny CPU cores – Atom? Bobcat? ARM?
System on a Chip for lower platform power
Dynamic Power Capping
Designs for higher temperature operation
Rack level power and cooling
Enhanced support of virtualization

After the holidays, I will discuss these topics in greater detail in an upcoming white paper. I witnessed a huge amount of interest in what I shared at the Server Design Summit and have made my presentation available here.

Wishing you and yours a very happy holiday season!

- Dileep

Find more information on our datacenter strategies on GFS’ web site at www.globalfoundationservices.com

Microsoft’s Cloud Infrastructure Receives FISMA Approval

GFS1 — Thu, 02 Dec 2010 18:00:00 GMT

By Mark Estberg, Senior Director of Risk and Compliance,
Global Foundation Services

Although cloud computing has emerged as a hot topic only in the past few years, Microsoft has been running some of the largest and most reliable online services in the world for over 16 years. Our cloud infrastructure supports more than 200 cloud services, 1 billion customers, and 20 million businesses in over 76 markets worldwide.

Today, I am pleased to announce that Microsoft’s cloud infrastructure has achieved another milestone in receiving its Federal Information Security Management Act of 2002 (FISMA) Authorization to Operate (ATO). Meeting the requirements of FISMA is an important security requirement for US Federal agencies. The ATO was issued to Microsoft’s Global Foundation Services organization. It covers Microsoft’s cloud infrastructure that provides a trustworthy foundation for the company’s cloud services, including Exchange Online and SharePoint Online, which are currently in the FISMA certification and accreditation process.

This ATO represents the government’s reliance on our security processes and covers Microsoft’s General Support System and follows NIST Special Publication 800-53 Revision 3 “Recommended Security Controls for Federal Information Systems and Organizations.”

Government organizations require specialized compliance and regulatory processes. Operating under FISMA requires transparency and frequent security reporting to our US Federal customers. And we are applying these specialized processes across our infrastructure to even further enhance our Online Services Security & Compliance program. The company has been designing and testing our cloud applications and infrastructure for over a decade to continually address emerging, internationally-recognized standards. We are focused on excelling in demonstrating our capabilities and compliance with these laws and with our stringent internal security and privacy policies. As a result, all our customers can benefit from highly-focused testing and monitoring, automated patch delivery, cost-saving economies of scale, and ongoing security improvements.

Microsoft’s Chicago datacenter (a FISMA-approved facility), provides over 17 football fields worth of cloud computing capacity.

The company opened its first datacenter in September 1989 and today its globally-distributed, high-availability datacenters are managed by our Global Foundation Services (GFS) group. GFS’s Online Services Security & Compliance team has built upon the company’s existing capabilities, including being one of the first major online service providers to achieve our ISO/IEC 27001:2005 certification and SAS 70 Type II attestation, which also met the FISMA requirements. We have also gone beyond the ISO standard, which includes some 150 security controls and developed over 300 security controls to account for the unique challenges of the cloud infrastructure and what it takes to mitigate some of the risks involved. The additional rigorous testing and continuous monitoring required by FISMA have already been incorporated into our overall information security program, which is described in several white papers located our Global Foundation Services web site.

More information about FISMA is available at the National Institute of Standards and Technology web site.

Information Security Management System for Microsoft Cloud Infrastructure

GFS1 — Fri, 12 Nov 2010 18:10:00 GMT

By Mark Estberg, Senior Director of Risk and Compliance, Global Foundation Services

I often hear questions that are variations of “How does Microsoft secure its cloud?” and “How does Microsoft manage compliance in the cloud?” The answer is similar to how any enterprise operates a comprehensive security program and is based on our information security program described in a white paper titled “Securing Microsoft's Cloud Infrastructure.” The paper describes a framework that includes risk based decision making, defense in depth and a compliance framework.

How we operate that program is as important as the instructions in a recipe. Ingredients alone – such as 1 egg, ½ teaspoon salt, 1 cup of flour and 2 tablespoons of water – are not enough information to make pasta without additional instructions. For Microsoft’s cloud infrastructure, you can think of the control framework we describe in “Microsoft’s Compliance Framework for Online Services” and security controls that are part of our defense in depth capabilities as “ingredients.” How we operate the program – the Information Security Management System – can be thought of as the “recipe,” or instructions.

The Information Security Management System – the “recipe” – is described in a paper that we are releasing today called “Information Security Management System for Microsoft Cloud Infrastructure.” This paper is another step in our effort to share how Microsoft approaches cloud security and which, I believe will promote the continuation of an important industry discussion on cloud security.

Security Best Practices for Developing Windows Azure Applications

GFS1 — Fri, 11 Jun 2010 16:07:00 GMT

By Mark Estberg, Senior Director of Risk and Compliance, Global Foundation Services

Security challenges exist in the cloud and applications must take these challenges into account.

Our team recently collaborated with other security experts to publish a white paper which describes these challenges and recommend approaches to design and develop more secure applications for Microsoft’s Windows Azure platform. The Windows Azure provides Platform as a Service capabilities that give developers flexibility and access to highly scalable compute and storage.

I would like to thank Microsoft’s Security Engineering Center and Online Services Security and Compliance teams that worked to provide this paper which builds on the security principles that the company has developed through years of experience managing security risks in traditional development and our large scale operating environment.

We hope that by sharing our best practices that we can help others in the industry provide a more secure cloud computing experience and develop common standards for those practices to benefit customers globally.

The paper can be found via this link.

Rightsizing Servers to Achieve Cost and Power Savings

GFS1 — Wed, 16 Dec 2009 19:18:00 GMT

For Production Datacenters - White paper published

This week our team published a new white paper on “Rightsizing Servers to Achieve Cost and Power Savings,” written by Dileep Bhandarkar and Kushagra Vaid, distinguished engineer and principal hardware architect in our Global Foundation Services (GFS) datacenter team. The paper offers best practices on how GFS is lowering its total cost of ownership (of its servers) and achieving power savings for the company’s production datacenters. The paper can be found on GFS’ web site at www.globalfoundationservices.com on the Infrastructure page here and is discussed in Dileep’s blog post under the same title. More information is posted on Microsoft’s Environmental Sustainability blog post.

Today more than ever, IT departments need to make sure that the servers they deploy are as efficient as possible in terms of acquisition cost and energy consumption. This paper describes how GFS, the team that manages and operates the company’s vast production datacenters, rightsizes its servers to achieve maximum efficiency. The paper details the processes used for collecting detailed performance data using representative workloads, and then analyzing that dataset to select balanced servers that are optimally sized for “production scenarios”. By sharing these best practices, Microsoft hopes to help other industry IT departments stretch their purchasing budgets significantly to help achieve organizational goals even in times of constraint.

/gfs

Continuing to Share Best Practices on Security and Privacy for the Cloud

GFS1 — Mon, 16 Nov 2009 18:04:00 GMT

By Mark Estberg, Senior Director of Risk and Compliance,

Global Foundation Services

Microsoft has released several papers over the last couple of months on how we secure the cloud infrastructure, manage online service security, and how we developed and manage our compliance framework. Together, these papers describe some of the factors that are necessary to deliver a trustworthy cloud environment. Recently, another paper was released describing how we address potential security vulnerabilities during the development of “client and cloud” applications by using a methodical Security Development Lifecycle (SDL) process. This paper provides insight both in how Microsoft applies SDL to services that we offer in the cloud as well as guidance on how these same concepts can be applied by anyone developing their own cloud applications on platforms, including Windows Azure. This paper called “Security Considerations for Client and Cloud Applications” is available at http://www.microsoft.com/sdl.

Additionally, the paper illustrates how services at the Software as a Service (SaaS) and Platform as a Service (PaaS) cloud layers rely on capabilities at the Infrastructure as a Service layer (IaaS). The two other papers, “Securing Microsoft's Cloud Infrastructure” and “Microsoft’s Compliance Framework for Online Services,” go into more detail about security at the IaaS layer and how this extends up the stack to SaaS and PaaS. These papers are available at www.globalfoundationservices.com/security.

Microsoft will continue to release papers revealing our online, live and cloud security best practices in an effort to provide insight into the key learnings we are gaining from providing online services to customers 24x7x365 since 1994. We hope such sharing will help to advance an industry dialogue that will benefit the entire cloud ecosystem and our customers.

Introducing the Microsoft Compliance Framework for Online Services

GFS1 — Mon, 26 Oct 2009 05:00:00 GMT

By Mark Estberg, Senior Director of Risk and Compliance,

Global Foundation Services

Sometimes it can seem like half the battle of securing online services involves satisfying audits and otherwise demonstrating that you are complying with industry and government regulations. Just like any online service provider, Microsoft is subject to a large number of regulations, statutes and industry requirements. Our service delivery and operations teams found themselves spending increasing amounts of time responding to a variety of audits that often asked for the same types of information repeatedly over the course of a year. In addition, compliance obligations are increasing and becoming more complex as Microsoft moves into new markets and businesses and also as regulations and industry standards change.

We are often asked how we have built and then operate our framework, so today we are releasing a white paper to share our approach. The white paper includes our approach, processes, and reference tables.

To put our approach to this problem in context, it’s important to have some background about Microsoft’s online environment. My group is part of the Global Foundation Services (GFS) division within Microsoft. GFS provides the cloud infrastructure for over 200 Microsoft services ranging from familiar consumer-oriented services such as Windows Live Hotmail and Bing to business-oriented services such as Microsoft Dynamics CRM Online and Microsoft Business Productivity Online Standard Suite from Microsoft Online Services. This environment also includes the Windows Azure platform which is used to host online services built by third parties.

We developed a compliance framework for online services to better manage our obligations in this large environment and to minimize the impact to our operations teams. The compliance framework is a set of processes and documentation that we put together that are based on the ISO 27001 security standard. We use this framework to manage a large variety of obligations which include the Payment Card Industry Data Security Standard, Sarbanes-Oxley requirements and obligations imposed by the Health Insurance Portability and Accountability Act. These are in addition to our own business and customer driven security requirements.

There are two major components of the framework. The first is a control set (often referred to as a controls framework) that maps our obligations to a single set of controls rather than independent requirements. The second component is the compliance process and predictable audit schedule that minimize disruptions to our teams and reduce the number and impact of audits. This framework results in third party validation and certifications which allow us to clearly communicate our capabilities to our customers. For example, Global Foundation Services is ISO 27001 certified and we also have Statement of Auditing Standard 70 Type I and Type II attestations. This structure is represented in the following illustration:

How we manage our processes is critical to the success of our compliance program. We have based our compliance framework processes on the “Plan, Do, Check, Act” steps found in ISO 27001. We execute this process on a regular rhythm and also when our environment changes.

Microsoft’s compliance framework for online services provides confidence that we are meeting our obligations, minimizes audit disruption to our teams and allows us to communicate our capabilities through third party verification. A standard does not exist for cloud security and this is a challenge for all online service providers and customers. We are sharing our approach to contribute to an industry dialogue. Our hope is that by sharing best practices with industry counterparts we can improve together and customers can benefit.

This white paper is one of a series that introduces the OSSC team’s strategic approach to cloud security. For more about how OSSC manages security risks to the cloud infrastructure, read the Securing Microsoft’s Cloud Infrastructure white paper.

Microsoft Celebrates Chicago Data Center Grand Opening

GFS1 — Wed, 30 Sep 2009 16:59:00 GMT

Microsoft’s cloud computing infrastructure takes another big step forward this week with the grand opening of our Chicago data center. At more than 700,000 square feet, this facility significantly expands our ability to meet the demand generated from our Live, Online, and Cloud Computing services offerings for our customers. To find out more read today's posting on our Microsoft Data Centers blog.