Fundamental Requirements
- As defined by the Uptime Institute, a fault tolerant data center has multiple, independent, physically isolated systems that provide redundant capacity components and multiple, independent, diverse, active distribution paths simultaneously serving the computer equipment. The redundant capacity components and diverse distribution paths shall be configured such that “N” capacity is providing power and cooling to the computer equipment after any infrastructure failure.
- All IT equipment is dual powered and installed properly to be compatible with the topology of the site’s architecture. Transfer devices, such as point-of-use switches, must be incorporated for computer equipment that does not meet this specification.
- Complementary systems and distribution paths must be physically isolated from one another (compartmentalized) to prevent any single event from simultaneously impacting both systems and distribution paths.
- Continuous cooling is required.
Performance Confirmation Tests
- A single failure of any capacity system, capacity component, or distribution element will not impact the computer equipment.
- The system itself automatically responds (‘self heals’) to a failure to prevent further impact to the site.
- Each and every capacity component and element in the distribution paths can be removed from service on a planned basis without impacting any of the computer equipment.
- There is sufficient capacity to meet the needs of the site when redundant components or distribution paths are removed from service for any reason.
Operational Impacts
- The site is not susceptible to disruption from a single unplanned event.
- The site is not susceptible to disruption from any planned work activities.
- The site infrastructure maintenance can be performed by using the redundant capacity components and distribution paths to safely work on the remaining equipment.
- During maintenance activity where redundant capacity components or a distribution path shut down, the computer equipment is exposed to an increased risk of disruption in the event a failure occurs on the remaining path. This maintenance configuration does not defeat the Tier rating achieved in normal operations.
- Operation of the fire alarm, fire suppression, or the emergency power off (EPO) feature may cause a data center disruption.
Engine-Generator Systems
Tier III and IV engine-generator systems are considered the primary power source for the data center. The local power utility is an economic alternative. Disruptions to the utility power are not considered a failure, but rather an expected operational condition for which the site must be prepared.
Site on Engine-Generator Power
A Tier III or IV engine-generator system, along with its power paths and other supporting elements, shall meet the Concurrently Maintainable and/or Fault Tolerant performance confirmation tests while they are carrying the site on engine-generator power.
Manufacture’s Run Time Limitation
Engine generators for Tier III and IV sites shall not have a limitation on consecutive hours of operation when loaded to “N” demand.
Regulatory Run Time Limitation
Engine-generator systems often have an annual regulatory limit on operating hours driven by emissions. These environmental limits do not impact the consecutive hours of operation constraint established in this section.