So, you've taken the decision to decommission your data center?
Sooner or later, a data center will need to be decommissioned (whether fully or partially) for one reason or another. For example:
Upgrading IT assets and equipment in your data center for improved performance, security, and/or reliability
Relocating your data center
Partially or fully transition into cloud storage
In such scenarios (and more), a proper decommissioning process is important mainly for two things: ensuring a smooth transition to the new system (and/or location) and protecting data privacy, integrity, and security.
Most, if not all, data centers involve the storage and transmission of sensitive and confidential data in their day-to-day operations. Without a proper decommissioning process, unsecured data may be intercepted and exploited by unwanted parties, exposing your organization to potential legal and financial implications.
This is why having a data center decommissioning plan is crucial before performing any decommissioning process, and in this guide, we will learn how to develop one.
By the end of this guide, you'd have learned about:
Overview of data center decommissioning process
Why data center decommissioning is crucial
Best practices in developing a data center decommissioning plan
A step-by-step guide to developing a decommissioning plan
Without further ado, let us begin with the basics.
Data Center Decommissioning: Overview
Why do you need a data center decommissioning process and plan in the first place?
It's crucial to understand that a data center has a relatively short lifespan when compared to typical commercial buildings. A traditional commercial building has an average lifespan of up to 100 years, but for data centers, the average is 'only' around 15 to 20 years.
While the building itself and the physical infrastructure can last quite a long time (on average, up to 60 years), IT equipment and assets that power the data center have a much shorter lifespan. Software assets must be regularly updated every three to four years, and hardware assets will also need regular upgrades to maintain reliability.
Without these regular updates, the vulnerabilities within these IT assets may be exposed by cybercriminals, and older assets may simply stop working.
In short, it can compromise the data center's overall performance and the security/integrity of data stored within and transported to/from the data center.
There are two main scenarios in which a data center decommissioning process is required:
1. Replacing older IT equipment
Decommissioning older IT assets and replacing them with new assets can be easier said than done in practice. Even if it's something that's performed regularly in organizations, careful planning is still required.
An important issue when partially decommissioning and replacing assets in a running data center is to minimize downtime by taking dependencies between assets into account.
2. Retiring the data center
A data center may need to be retired for one reason or another, for example, when a company decides to migrate its whole operations to a cloud-based environment, relocate the data center, or simply when an organization closes down its operation.
In practice, retiring a data center will require a careful decommissioning plan, which can be quite complex. Depending on the size of the data center, there may be a lot of IT assets that require decommissioning, turning the data center decommissioning process into a very complex project.
Not to mention, there may also be local, state, and federal regulations that you'll need to comply with when performing the decommissioning process. In such cases, the assistance of certified professionals may be required to ensure compliance with relevant regulations.
Why Would You Need a Data Center Decommissioning Plan?
You'll need a data center decommissioning plan to ensure the whole process can be executed smoothly, which is important due to four main reasons:
1. Data Security
A data center decommissioning plan should identify the correct steps to ensure the privacy, integrity, and security of data stored within the data center.
Critical data should also be backed up to prevent loss of information, and depending on the applicable regulations, you may be required to keep a backup of data stored on physically destroyed/recycled equipment as proof of what information was stored on the IT equipment.
A proper data center decommissioning process should also involve ensuring a proper audit trail by maintaining a list of all decommissioned assets, data of decommissioning, what exact steps have been performed, and so on.
Depending on your industry and location, keeping a comprehensive audit trail may also be legally required.
3. Access control management
In retiring old equipment or retiring the whole data center altogether, management of user authentication is a must. User IDs must be removed from the retired equipment or the whole system so they can no longer access the system/network.
When assets are replaced with new ones, this process should also ensure transferring of user IDs from the old IT assets to the newly installed ones.
7S of Data Center Decommissioning
While the actual decommissioning process will vary on a case-by-case basis, all decommissioning processes should consider these 7S factors:
Size: decommissioning a 1,000 sqft data center would require a different approach than decommissioning a 1 million sqft data center. The bigger the size, the more equipment, and IT assets you'll have, and the more you'll need to pay attention to security.
Security: as in, data security, but also physical security of your data center. Ensuring the security and integrity of data should be the main focus of any data center decommissioning process,
Sensitivity: how crucial is the data center to the organization's current day-to-day operations? Is the data stored within the data center has been 100% migrated to the cloud or new location, or are there data and assets to be decommissioned that are still mission-critical?
Software: depending on the size of the data center to be decommissioned, as well as the sophistication of the decommissioning plan, you will most likely need the help of software solutions in the decommissioning process. You'll need a software solution to identify and track the assets to be decommissioned, and another for tracking progress (i.e., GANTT chart software.) Ideally, you'll want software solutions that are specifically designed for IT asset decommissioning. Your options can be limited, and these software solutions can be expensive, and this is where getting the help of a professional data center decommissioning company can help.
Saleability: to maximize ROI, it's crucial to accurately identify which IT assets in your data center are still valuable, and if so, what's the accurate valuation? Don't underestimate the value of your older IT assets, even if they are not in good condition at the moment.
Sophistication: refers to complete and accurate documentation of your data center decommissioning process from start to finish. Depending on your data center size, the purpose of decommissioning, and the IT assets to be decommissioned, you may have different criteria for what's perceived as sophisticated documentation.
Sequence: in what order should the steps of decommissioning be performed? In practice, we'll need to consider many different factors like dependencies between software and hardware assets, the overall complexity of the process, and more.
Developing a Data Center Decommissioning Plan: Key Principles
A robust and comprehensive data center decommissioning plan is required to ensure a smooth decommissioning process for the reasons stated above.
A data center decommissioning plan should cover at least the following areas:
The right course of action for each IT asset that is decommissioned, whether to sell, reuse, dispose of, or recycle the asset, among other options.
When replacing older IT assets with new ones:
Planning how the older IT asset will be removed to give space to new assets.
Planning data backup and restoration from the old equipment to the new
Planning transfer of user ID and authentication to new devices
Ensure secure and eco-friendly IT disposition/recycling process
Secure data wiping when disposing of/decommissioning storage devices or any IT assets that store data
Maximizing ROI of Decommissioned Assets
A key consideration when planning a data center decommissioning process is to maximize the ROI of each IT asset to be decommissioned by considering:
The average market value of the decommissioned IT asset.
The condition of the decommissioned IT asset (whether it's possible to repurpose or sell the asset, used CPU or GPU.)
Whether the decommissioned IT asset contains sensitive or confidential data. Secure data wiping may require additional costs.
Cost of the new IT asset that will replace the decommissioned IT asset.
Based on these considerations, we have three main options:
Repurpose: if the resale value of the asset is relatively low, but it is still in a usable condition, then we can repurpose the asset. (i.e., using older hard drives as external drives.)
Disposal: if we can't sell or repurpose the asset, or if it's not possible to securely wipe the confidential data stored within the decommissioned asset, then physical destruction and/or recycling may be the only viable option.
A proper and comprehensive data center decommissioning plan should discuss in detail the different courses of action that will be taken for each decommissioned IT asset.
Remember that your data center is unique, so there's no one-size-fits-all approach you can use when developing your data center decommissioning plan. The plan should be custom-tailored to the unique needs of the data center in question, so we can ensure the smooth execution of the decommissioning project.
Partnering with ITAD Vendor vs. Decommissioning In-House
Before anything else, there's one decision you should make: could you do the data decommissioning process on your own? Or will you need outside help?
Even if you technically can do this in-house, will it be cost-effective? Will you be better off using your valuable time to perform your organization's critical tasks instead?
Especially if you are in a heavily regulated industry (i.e., healthcare), getting a professional vendor to help might be a good idea. You wouldn't want to retain 100% of the potential liability just to save some money. Instead, it's probably better to pass that potential liability to a professional ITAD company that is R2v3 & RIOS certified, as well as insured, so they can also cover your potential losses.
Don't forget that you'll also want to protect the integrity of your data, as well as your equipment's potential value.
It's best to look for an ITAD vendor who can provide references to decommissioning projects similar to yours. Ask for certifications and insurance documents when evaluating different vendors, and obviously, identify how much you are willing to spend for their help (your budget.)
Unless you already possess a considerable security infrastructure, it's probably better to partner up with a credible ITAD vendor. They will be the ones developing the data center decommissioning plan (together with you) and executing the project, and you can simply supervise and monitor.
Data Center Decommissioning Plan: Step-By-Step Checklist
Now that we've covered the high-level considerations of how we should plan a data center decommissioning process, in this section, we will move on to a step-by-step guide on the data center decommissioning process.
Even if you are working with an ITAD vendor in decommissioning your data center, you should work together with the vendor to put together a comprehensive project plan. While they may be the ones performing the heavy lifting, carefully evaluate their plan before giving your approval.
With that being said, let’s begin with the first step.
Step 1: Defining the scope of work
The first step in developing your plan is about outlining all the details of the decommissioning process, and we should begin by defining the scope of work:
The total size of the data center
The purpose(s) of the decommissioning project
KPIs to measure the success of the project
Timeline of the project (when the project must be done)
Establish a decommissioning project team (disregard this if you are working with a vendor.)
Assign a project manager
List all the stakeholders that are going to be involved in the project
Step 2: Identifying assets
The next step is about identifying assets that will need to be decommissioned. Pay attention to dependencies when planning asset decommissioning: one of the assets you were thinking of retiring may actually run a critical application that is a dependency on another.
How many assets need to be removed?
Use network discovery tools to identify assets, and follow up with physical reviews.
List of all hardware and software assets that need to be decommissioned
Identify pieces of equipment that may require special considerations/technical expertise to move them
Develop a detailed IT asset map listing equipment and location of items to be decommissioned. Compare with your CMDBs as needed.
Contact a Data Center Decommission vendor to determine what you are going to do with each piece of equipment/asset: reuse, sell, destruction/recycle, etc.
Step 3: Developing a comprehensive plan
Based on the itemization you’ve done in the previous phase, in this phase, you can start planning the execution of the decommissioning project.
Develop an execution plan
List of all the activities to be performed
PIC for each task
Roles and responsibilities of different stakeholders
Develop a schedule/timeline for the decommissioning project.
Identify whether the decommissioning project will coincide with work hours (especially peak hours) and whether you’ll need to issue notifications about potential service downtime
Establish backup systems and workflows to make sure there is not going to be a critical loss of power or data
Identify and cancel vendor maintenance contracts for affected equipment
Prepare tracking numbers for assets that are going to be decommissioned
Prepare a list of contacts for potentially affected stakeholders and the preferred method of communication for each
Reconfirm the asset list. Recheck everything and identify all assets again as needed
Removal instructions for emergency generators and auxiliary equipment
Removal instructions for cooling systems, including cabling, piping, ductwork, and additional tools
Step 4: Preparing tools, supplies, and labor requirements
Prepare the tools and labor requirements at each step of the decommissioning project:
Packing materials (bubble wrap, tape, poly bags, etc. )
Identify Who will oversee and execute each task (if you are using external vendors, make sure to perform the necessary background/security check ahead of time)
Step 5: Secure data wiping and/or physical destruction of assets
Gather relevant stakeholders ahead of the actual decommissioning process, discuss the details and gather input
Identify the types of data your organization routinely transports and/or generates, decide how you should deal with each category of data
Establish clear data eradication protocols. Define whether there are any critical steps that will require human supervision and authorization before proceeding
Decide on appropriate data eradication method for each storage device and/or each type of data: physically destroying the drive (shredding/incineration), degaussing, using software tools to securely wipe data, etc.
Be clear and comprehensive in your organization’s expectations around the process of secure data eradication and/or physical destruction
Identify which devices will be transported offsite for eradication/destruction, and which will be sanitized on-site
During the actual decommission, safely disconnect the equipment from the network and tag assets for decommissioning.
Step 6: Packing and transportation
Use appropriate asset management software to track all assets
(For assets that will be recycled) Label each piece of decommissioned assets to indicate where it is going and the owner of the device
Attach printouts to the equipment with instructions for where the equipment would be moved for each asset
Prepare a dedicated space for packing assets depending on the number of decommissioned equipment and/or required size.
Use the appropriate packing materials for each asset, as you’ve planned in the previous steps
For on-site decommissioning, make sure to follow the steps laid out in the project plan for clearing the teardown space
Step 7: Evaluation
Re-check with the IT and accounting teams whether decommissioned assets have been recorded properly
Coordinate with your chosen IT Asset Decommissioning (ITAD) vendor to confirm the secure eradication of data.
Get Certification of Destruction (CoD) for relevant assets/data
Calculate the total value recovered and returned to your IT budget (with sales of used equipment, etc. ). Appropriate ITAD providers will assist you with each stage of the decommissioning process to ensure you are maximizing your return from unused assets
Review all relevant documentation before and after the process to ensure compliance
To summarize, your data center decommissioning plan should consider seven different steps:
Defining the scope of work
Identifying assets to be decommissioned
Developing a comprehensive plan
Preparing tools, supplies, and labor requirements
Secure data wiping and destruction of assets
Packing and transportation
Besides careful planning of the data center decommissioning project, it’s also crucial to
choose the right partner that can help you in securely executing the decommissioning project.
Look for an IT asset disposition specialist that offers holistic data center decommissioning service as your partner. Big Data Supply Inc. is an R2v3 & RIOS (Responsible Recycler) certified IT asset recycling company that can be your partner in ensuring an environmentally friendly and data security-compliant decommissioning process for your data center.