Glossary - Co-location
(a.k.a., colocation, colo; or mis-spelled as collocation {arranging in proper order})

A type of service offered by ISPs with facilities called "data centres" where customers (often businesses) keep internet servers and related equipment permanently connected to the internet.  Costs are generally structured as a monthly co-location fee, plus usage based on either the total amount of data transferred or the calculated average bandwidth utilization (often described as a "95th percentile" calculation).

The three most common reasons people choose co-location over shared hosting services or dedicated cable/DSL connections are:

Security		When eMail messages, customer data, trade secrets, and other sensitive information, are accessed through protected areas of a web site (or other protocols), on a shared hosting service a possibility of unauthorized access still exists if a script is installed that can read any file on the system.  Even if proper security measures are in place in a shared hosting environment, informed decision-makers may still be concerned that something unforseen could happen, such as the hosting company's staff not following procedures perfectly, or applying an update that introduces security flaws, etc.
Performance	Popular web sites demand more from internet servers as more data is transferred, which may lead to performance degradation and/or increased usage costs.  In addition to providing faster connectivity, which can often reduce, and even eliminate, speed bottlenecks, co-location providers usually offer lower rates for higher volume usage.
Control and Flexibility	Requirements to install or customise products that web hosting companies can't or won't allow may be a severely limiting factor for internet site developers.  Major changes to the web host's systems can also cause sophisticated or highly customised web sites to malfunction.  Co-located internet servers can be built and configured to satisfy an entire set of specific requirements, with stringent security measures tuned to meet the needs of developers.  As your system requirements increase, upgrades can be scheduled for non-peak hours in order to better accommodate your users.

Although many co-location customers prefer to use their own equipment, some providers are also in the business of selling computers specifically for use in their data centres, often with leasing options that can minimize long term costs in concert with regular upgrades.  A variety of "managed services," which usually just means "managed hosting" (or "managed web hosting"), often comes with a requirement that the equipment be purchased or leased from the co-location provider.

Choosing a co-location provider

Time-saving tip When you begin, be clear about your intentions: will you be co-locating completely self-managed servers that you currently own;   will you purchase or lease managed servers from the provider; or   will you be utilizing a combination of these? Knowing this, you can save time by asking the right questions first about the types of services you need.

There are many aspects to consider when choosing a co-location provider in what has become a highly competitve, and sometimes confusing, industry.  The following points, which are often specified in marketing materials as well as co-location contracts, will hopefully bring some clarity to the not-so-easy task of selecting the right provider.

1. Anti-spam policy

This is one of the most important considerations because it can have a devastating impact on the long term reliability of a provider's internet connection.

In an effort to strengthen their anti-spam reputations, some ISPs increase staffing in their internet abuse departments to prevent service reliability problems.  Although this is a clear indication that an ISP is aware of the negative consequences of supporting spammers, it doesn't necessarily mean that they are "anti-spam."

In addition to blacklists, various free online databases, such as SPEWS.org and SpamHaus.org, provide helpful information about ISPs that known spammers use for internet access.  Customers are increasingly using these types of resources before choosing an ISP because unreliable eMail service is a serious inconvenience to those who depend on it.

ISPs that allow spammers to use their systems eventually run the risk of having their entire network blocked by an ever-increasing number of internet servers.  Some internet server administrators act sooner than others when it comes to implementing and updating blacklists and filters, thus for both ethical and practical reasons it is essential that ISPs take the spam problem seriously by refusing to engage in business with all spammers.

2. Access to equipment

Policies range from unsupervised, unescorted access at all hours, to pre-scheduled access that includes staff shutting down and moving the equipment to an isolated area.  Most co-location providers who don't allow unescorted access outside normal business hours have procedures for contacting a pay-per-incident escort for time-sensitive emergencies that can't wait until the coming business day.

The fees for escorted access vary depending on the provider's policies, and the costs are usually higher for more frequent or after hours access.  If your systems require physical maintenance on a regular basis, escorted access can be a costly inconvenience.

3. Physical security and safety

In unescorted access facilities, security systems are especially crucial considerations due to the possibility of theft or accidental damage caused by other customers.  Although some co-location providers operate video surveillance systems, very few actually maintain archives of the recordings, which defeats the whole purpose when evidence is needed at a later date (e.g., by law enforcement officers or investigators with court orders which can sometimes be unexpectedly delayed).

Doors at some facilities have electronic locks that require specially encoded cards or keys, or biometric signatures (e.g., thumb or finger prints), etc., and most of these systems maintain access logs that also record times and dates.  Additionally, data centres with a system of two doors which cannot be opened simultaneously are more secure than facilities with only a single entrance door.

The following safety features should always be present:

• fire extinguishers, tested regularly as per the local fire department's recommendations
• fire alarm switch, in case smoke detectors fail in the event of a fire
• light switches, if there is a problem with the lighting
• first aid kit
• telephone that can call 911, the ISP's after-hours support staff, and the building's or alarm company's security desk, in case the exit gets blocked or some other serious emergency arises; if local and toll-free calls are also permitted, this can be especially convenient if you need to contact technical support for a product that you use

Facilities that are staffed at all hours, including weekends and holidays, may also provide unescorted access to equipment in constant full view of employees.  Even though it is impossible to prevent all possible acts of theft or damage, having the right security systems is an excellent preventative measure.

4. Internet connection performance (speed)

Quick speed reference Type Speed Modem (56k) 0.055 Mbps DS1 / T1 1.544 Mbps ADSL 2-7 Mbps Ethernet 10 Mbps CableModem 7-35 Mbps DS3 / T3 45 Mbps Fast Ethernet 100 Mbps OC-3 155 Mbps OC-12 620 Mbps OC-48 2,480 Mbps OC-192 9,920 Mbps

Co-location customers typically benefit by gaining faster and more reliable internet connectivity, usually connected over fewer hops to multiple internet backbones.

Depending on a variety of factors, including financial limitations, a data centre could have internet connections ranging from a single fractional DS1 or DS3 connection to multiple OC-192 or equiviliant high-speed connections, redundantly connected to multiple internet backbones.

Connections to more internet backbone providers can result in better reliability since competitors generally don't experience the same problems simultaneously.  However, more connectivity doesn't always translate to better reliability for a variety of reasons, including low-quality backbone connections obtained at discount rates (e.g., fractional DS1 connections in an environment that demands a full OC-3), router configuration problems, the infamous back-hoe operators (e.g., issues beyond you or your ISP's control such as physical damage to outdoor cabling), spam-friendly backbone providers whose IP ranges or entire networks are blocked, and much more...

Note:  The difference between fractional OC-12 and full DS3 connections can be misleading because the CIR (Committed Information Rate) for the fractional connection could be too low.  The CIR, commonly measured as a percentage, is a promise by the connectivity provider to ensure that a certain level of performance will consistently be available.  A higher CIR generally yields better performance (especially during peak times), but also costs more.

For ISPs with dedicated staff who are experts in both past and current routing technologies, and are of the opinion that 50% utilization is high for an internet connection, it's often an indication that they are pro-active rather than re-active when it comes to making sure there is enough bandwidth.  ISPs that take a pro-active approach to internet resource management and standards generally don't experience serious performance or reliability problems.

5. Internet security

Some co-location providers offer firewall services, often for no additional cost.  If you are not familiar with the basics of internet security, then these services are worth considering (although learning the basics of internet security is still highly recommended).  Those with a comprehensive understanding of internet security typically don't utilize these services because they can competently configure and manage security themselves.

Computer systems that send spam, transmit viruses, attempt to hack into other systems, etc., are normally disconnected immediately by responsible ISPs.  Hopefully your prospective co-location provider has strong policies in this regard; if they do, ask how they dealt with any customers who violated these policies in the past.  If their approach protected other customers (e.g., they promptly disconnected the offending system), then their systems are less likely to be blocked by third parties that you need to communicate with now and in the future.

6. Electrical power

If the co-location facility doesn't have a backup power system in place, consider getting your own UPS (Uninterruptible Power Supply) to ensure automated graceful system shutdowns in the event of power outages.  You might also insist that the routers connecting you to the best backbone also have a UPS in order to reduce the potential for service interruptions.

One rarely considered reason for using a UPS is to protect your systems from the possible damage caused by minor power fluctuations and power surges.  Before you purchase a UPS, contact the manufacturer directly and ask the "pre-sales support" department about the different ways equipment is protected (e.g., is power provided directly from the battery at all times, or only during a power loss?); your intention should be to find out which models provide more consistency, and learn how the technology works, in order to make an informed decision.

7. Air conditioning

It's a well-known fact that computers operate better in colder climates because when components overheat, the result can range from minor instability to complete systems failure.  One indication that staff may be monitoring environmental conditions is if a thermometer and humidity gauge are mounted in the facility in plain view.

An informal way to determine if the air conditioning is cold enough during a tour of the co-location facility is to stand in the data centre for at least 5 minutes with your jacket off (often easiest while stopping to ask questions).  Although it's generally a good sign if you begin to shiver or feel a slight chill coming on, a thermometer should still be used to accurately measure room temperature.

8. Insurance

Insurance regulations often vary between jurisdictions, and can sometimes be very complicated.  Even when insurance is required by law (the local government business license office can confirm this for you), it's not uncommon for co-location providers to leave it up to their clients to get the proper coverage.

If the co-location provider has insurance coverage, find out the details as they pertain to your equipment.  If not already specified, you may need to hire a lawyer to add wording to the contract requiring the provider to notify you if they terminate their insurance policy, or change the coverage in any way that effects you.

When insurance is required, ask your co-location provider who they deal with and if you can get a rider on their policy (this could result in slightly lower insurance costs for you, and possibly a discount your provider too).  If the needed insurance simply doesn't exist (which is common), then you'll need to talk to your co-location provider about updating the contract accordingly (and be sure to consult a lawyer about this too).

9. Value added services

Additional services sometimes include automated tape backups, a variety of uptime and security monitoring options, reciprocal link opportunities (usually with other clients), etc.  Make sure you research the details before signing up, especially since most services can be added at any time.

Although we hope this information will be helpful to you in selecting the right co-location provider, we strongly encourage you to do further research prior to making a decision.

Copyright © Inter-Corporate Computer & Network Services, Inc.  All rights reserved.
All trademarks are the property of their respective owners.