1. The network system of super computer center should adopt three-network isolation design scheme, that is, production network, server network and administration network. They are isolated through physical or logical network isolation measures to promote the security of production network.
2. For large-scale super computer center, administration network (including office network, dormitory network, etc.) should use separate broadband and network equipment and reach the physical isolation from production network and server network. Administration network remotely operates production network through access gateway and jump server. All operations should be AAA matched (authentication, authorization and audit).
3. For small and medium-sized super computer center, firewall can be used to logically isolate production network and administration network through security policy. In the meantime, the operations of production network should have security log records.
4. The Internet access design of super computer center should take bandwidth requirement and the number of fixed IP addresses of public network into account. The Internet access of super computer center requires to choose the enterprise broadband lines of at least 2 service providers. Upstream width and downstream width are equal.
The number of servers and the computing formula of bandwidth demand: bandwidth (Mbps) = number of machines /150
For instance, the up and down bi-directional bandwidth of each enterprise broadband should not be lower than 20Mbps in the super computer center with 3000 servers.
The computing formula of fixed IP addresses of public network:
The number of IP addresses = the number of machines /10000
For instance, the number of fixed IP addresses of each enterprise broadband should not be less than 2 in the super computer center with 20000 servers.
For the super computer center with poor natural conditions and poor network quality, the design of escape route under extreme cases except for 2 service providers’ enterprise broadband networks should be also taken into account.
5. Super computer center should be equipped with special hashing security protection server to perform real-time analysis on the hashing data uploaded by server and block illegal hashing.
The computing formula of the number of servers and the number of hashing security protection servers: the number of hashing security protection servers = the number of servers / 40000
For instance, at least 1 hashing security protection server should be equipped in the super computer center with 30000 servers.
6. The internal network design of super computer center should take price-performance ratio and some redundancy into account.
7. Business features of super computer center determine its multi-terminal and low-concurrency data model. Therefore, considering the multi-terminal characteristics of super computer center, its switching network should use Layer 3 structure, distribute terminals to the switchboard of aggregation layer, reduce the processing requirements of the switch board of core layer. Layer 3 structure can promote overall price performance.
8. For medium and large super computer center, some redundancy should be taken into account. The equipment of aggregation layer, core layer and breakout gateway all connect in the way of hot backup and dynamic routing is used to realize real-time failure detection and switching via protocol. Redundancy can effectively promote the continuous work time of super computer center.
9. Super computer center should save the operation logs of all network equipment and management servers to cloud.
1. The wiring system of super computer center should be designed according to the requirements of this code, and the design of wiring systems of other areas should meet the relevant requirements of current national standard Code for Engineering Design of Generic Cabling System GB50311.
2. The layout of weak electricity cable should be isolated from forceful electric power cable in the factory of super computer center. The horizon distance between weak electricity cable and forceful electric power cable is not less than 20cm. When crossing, shielding film should be added to weak electricity cable.
3. Super computer center should have special and lockable computer room with an area not less than 6 m2. The computer room should have cooling and heating equipment without leakage of air or rain.
4. The network design of super computer center requires at least two service providers’ dedicated Internet accesses. Considering the physical security of service provider’s cables, the routes of the 2 service providers’ cables must not overlap when entering computer room and it is preferable to enter computer room from two different directions.
5. The two ends, distribution frames and information outlets of all cables of the wiring system in super computer center should have clear and wear-resistant labels.
6. When cables laid through wire casing or cable tray, the installation position of wire casing or cable tray should be consistent with architectural decoration, electrical, air distribution, fire protection, etc. When wire casing or cable tray is laid out below the top surface of super computer center, the top of wire casing or cable tray should not be less than 300mm from top crossbeam or other obstacles.
7. The minimum distance between the copper cable and power cable or distribution bus duct in the wiring system of super computer center should be determined according to the capacity of racks and cable protection mode. Implement according to the requirement ≥ 5KVA in table 10.2.13 of Code of Design on Super Computer Center GB50174.
1. Security system should be composed of video surveillance and control system and access control system, and coordinated control function should be available between the systems.
2. Outdoor security system should take anti-lightning protection measures, power cord and signaling line should have shielded cable, lighting protector and cable shield should be earthed, and earthing resistance should not be bigger than 10 Ω.
3. Security system should adopt digital system and supports remote monitoring.