My company has been in search of a 42u cabinet for our upgraded environment. After a couple of unplanned power outages that cycled our servers over the past few years, we decided to do due diligence and look around. We’re going from a 1/4 rack to a full, locking cabinet to support our PCI DSS compliance effort. If you’re wondering what it costs to collocate servers, here’s the skinny and I’m naming names:
Our requirements
Currently we have four servers and associated hardware (a couple of switches and a Cyclades console server) in a 1/4 rack with 1Mb/s of bandwidth. Our new infrastructure is a whopping total of 14 servers, 2 14-disk drive arrays and additional infrastructure. Most machines are 2U.
Surprisingly, bandwidth today is a commodity. What really sets you back is power. Good ole electricity. We didn’t know how much our hardware would take so we bought a Kill-A-Watt. You plug the server (or a power strip) into the Kill-A-Watt and the KAW into the wall and it measures your power use.
Most colo facilities have 20A circuits. Some bargain basement places only offer 15A. On these circuits, you’re not supposed to use more than 80% of the max. You can typically combine these for 30A or 40A of power. We found that our power needs were right around 20A so we’re starting with 30A and we’ll see if we can downgrade later.
The Players
So here it is, countless phone calls and emails later. Here’s the specs:
Colo | Location | Power | Bandwidth | Hands-On? | Price/Month |
---|---|---|---|---|---|
Advanced Colo | HE.net, Milpitas, CA | 20A | 1Mb | ? | $900 |
HE does have 20A cabs, but big price increase for 5A. Get 5Mb for $200/mo. | |||||
CRG West | Milpitas, CA | 20A | 1Mb | ? | ~$820/20A $930/30A |
Very confusing a la carte menu of options for power, cross connects, bandwidth, etc. Many people speak highly of the facility though. Not sure this is calculated correctly now that I’ve added it up. Power @ $11/Amp. | |||||
Datapipes | Santa Clara, CA | ||||
No availability! | |||||
GNI | CRG Facility, 55 Market, San Jose, CA | 20A | 1Mb | Some, then $65/hr | ~$865/20A |
This facility is almost full. Charges $0.25/KwHr | |||||
HE.net | Milpitas, CA | 15A | 1Mb | 15 mins Free | $599 |
To get more power, you buy more cabinets; +$599 for 15A more power. $200 per meg overage or get cabinet with 10Mb/s for $1000/mo | |||||
Herakles | Sacramento, CA | 20A or 30A | 1Mb | Yes | $908/20A $1033/30A |
One of 2 colos in Sac, runs entire facility off batteries and feeds batteries with grid power. Translation: much harder for power outages. Not subject to Cal-Iso power grid outages. | |||||
iLand | XO Facility, San Francisco, CA | 20A | 3Mb | ? | $1074 |
Includes a weekly security scan and server monitoring | |||||
iLand | 200 Paul, Palo Alto, CA | 20A | 2Mb | ? | $1,921 |
Cross connect, server monitoring and weekly security scan included | |||||
Layer42.net | Santa Clara, CA | 20A | 1Mb | No | $750/20A $925/30A |
Our current provider | |||||
United Layer | 200 Paul, Palo Alto, CA | 20A or 30A | 1Mb | ? | $1000/20A $1250/30A |
This guy was the best sales guy hands down. Very open, knowledgable about other facilities and pointed us to other people to try getting quotes from. Acknowledged their strengths and weaknesses and shared details on other facilities. |
The Verdict
If you want space and don’t need much power, Hurricane Electric at $599 is the cheapest but 15A of power is diddly squat when you have 42U of space available. Herakles is an interesting facility; they’re on a more reliable power grid and outside of the seismic zone. Apparently lots of companies use it for disaster recovery and their power-through-the-batteries model is really appealing given our power outage experience. However, it’s hard to bitch too much about their power outage when big providers like 365 Main and Rackspace suffer the same fate.
Ultimately, we are staying with Layer 42. Here’s why:
- Pricing – we can get 30A considerably cheaper than just about anywhere else
- Turnaround – 7 days from “go” to install and no setup fees
- Same IP Space – We’re keeping our existing IP space which means no DNS updates to mess with. We’ll even be able to bridge our existing rack and our new cabinet while we perform the migration.
- Layer 42 is a small business – we’re a small business too and when possible, we like to support other entrepreneurs.
That’s it in a nutshell… we move in Friday and have scheduled a migration window for this weekend. I’ll post an update in six months to report on our upgrade.
David Ulevitch said:
on December 13, 2007 at 12:38 am
We should grab lunch one day — Maybe I don’t understand your requirements, but you missed every major colo in the bay area in this list:
529 Bryant
11 Great Oaks
200 Paul
185 Barry
etc…
Most of the providers listed above are just middle men, charing up rates.
-David
David Mertz said:
on December 14, 2007 at 6:49 am
Since you have PCI issues, it appears you did not check out the service provider list on the VISA website.
If you are strict colocation, you still should be placing your servers in a data center which has been assessed for PCI Compliance.
If you are looking for managed services, again, you should be looking for a hosting provider which has been assessd for PCI Compliance.
By placing you servers in a data center which has been assessed for PCI, you are able to kick of a number of line items on the PCI DSS Standard. Further, one of the recommendations under PCI is to use PCI Compliant vendors.
David Mertz
Compliance Security Partners
816 256-2125
[email protected]
brian said:
on December 14, 2007 at 8:25 am
@David U – definitely re: lunch, I’m working in Los Gatos during the days. Where are you?
My experience has been it’s hard to work with the facilities directly as a small customer. Although in the past this was trying to get 1/4 and 1/2 racks. Maybe a full cabinet is easier? At any rate, staying where we’re at for now is our best option. Decoupling the IP-space move from the new install and the fast turnaround (we’re moving in today, 4 days after signing) are both working for us.
@David M – The Visa CISP list has a whopping total of 4 colocation providers. Only one of them is local (Datapipes, AFAIK) and they are full. Not many options there.
We asked everyone if they were either PCI DSS or SAS-70 certified. Here’s the problem: very few data centers want to be SAS-70 because it costs hundreds of thousands of dollars (their words, not mine). Many of these facilities have been audited by a customer for their PCI efforts but none of the above providers had been certified themselves. Thus, the certification belongs to the customer and is beyond our use. We did speak with a couple of SAS-70 certified people in SF and Oakland but their pricing was, surprise!, much higher.
We chose to go the locking cabinet route vs. an open rack specifically for this reason. Combined with facility security, restricting cabinet access to the keyholders (us) will let us satisfy the PCI requirements. Having the facility audited for our own needs is beyond our price/scope at this point (we’re level 3).
Danny Howard said:
on December 14, 2007 at 3:01 pm
Hello,
For what it is worth, whenever I need to refer to the practice of hosting servers in a datacenter, I’ll talk about “colocation” which means that I want to locate something with something else. Alas, this term is new to our language, and isn’t in the dictionary.
There is a different word in the dictionary, collocation, which according to Wikipedia “is defined as a sequence of words or terms which co-occur more often than would be expected by chance.”
Alas, many times I have seen people run “colocation” through a spell checker and blindly accept that “collocation” is the correct spelling. I do not hold such people in high esteem.
Cheers,
-danny
brian said:
on December 15, 2007 at 8:46 am
@Danny – After many twelve hour days, in a moment of weakness, I gave in to the Wordpress spell checker. Oh, I knew it was wrong, but it felt so good! Alas, I have earned myself a seat in the fourth level of your editorial purgatory. Alas, indeed.