My trip to a nuclear bunker - a rather safe place for your Cloud

Last Monday I visited a data centre housed in a nuclear bunker.  Visiting data centres isn't usually that inspiring - rows of server racks, cabinets with uninteruptible power supplies (UPS) and the like.  This one's different, which is why I want to tell the story.  Can you think of anywhere safer for your data than an underground bunker capable of withstanding nuclear attack?  But I must start with two disclosures.  The first is that this company is our latest customer - we're helping them with product messaging, website content and social media strategy.  The second, you may know anyway, is that I'm a bit of a business geek and I never tire of doing the tour of a new company or industrial site.  I'm fascinated by the way organisations set themselves up, from the layout of the office to the machinery on the "shop floor", and all the processes in between - whether it's an agency using words, design and a bit of technology to heavy manufacturing and big machines making "things" I get excited.  This visit was a bit more than special though.

I've known The Bunker for years.  I thought they had just picked a cool name for their company.  I hadn't realised they have an ex-RAF nuclear bunker at Ash in Kent and an ex-USAF nuclear bunker that some would recognise as Greenham Common, Berkshire.  Ash was the radar station and Cold War command centre, directly linked to Greenham Common which housed the missile silos for a nuclear response.  During the tour we saw the actual Plessey terminal that would have initiated a retaliatory strike - I couldn't see any red button, but that's effectively what this piece of kit was.

Approaching and moving around the site is much like visiting any military site - fences, guard posts, and iron gates to negotiate with photo ID checks at various points and CCTV everywhere.  A guy called Ben conducted the tour.  The Ash bunker is inside a modest Kent hill, and Ben pointed out the two separate connections to the National Grid, one of which is dedicated to The Bunker so that no residential or other properties are on the same circuit.  Backing up each grid connection is a generator - each chosen from a different manufacturer to minimise the chances of a common fault.  Down inside the bunker we saw the UPSs that give them half an hour to switch over to generators if the grid power ever goes down.  Ben told us the bunker was extended a few years before the radar station was decommissioned, and that extension holds the tanks for 250,000 litres of diesel.  That gives them 80 days worth of power on generators to survive a major power outage or incident.  Ben mentioned N+1 redundant air conditioning, but I didn't quite get what that was about.  Then we went through the big green blast door, through a further manned security gate and a single person turnstile, to go down below and enter a world that felt rather like walking on to a James Bond or Bourne style movie set - Blofeld not included!  

The concrete walls of the bunker are 3m thick and the main operational area is 30m underground - along corridors, down stair wells and through more blast doors.  On the way Ben pointed out cabinets and cables for The Bunker's connections to the Internet and the outside world.  They have a fully resilient self healing ring network with 10 Gb capacity.  That provides multiple circuits meshed together.  It's as redundant as you can get, as traffic can reroute so every individual client connection has multiple backups.  Apparently they can also connect to clients via microwave or satellite too.  Further in we went through a double door "air lock" to go in to one of the co location server rooms.  These were blast doors that had both an airtight seal to keep gas out, and an interlocking tongue and groove to maintain a complete Faraday Cage circuit around the server room.  That means that the kit inside would be protected from both an EMP event (an electromagnetic pulse designed to knock out all electronics) or a  sophisticated cyber attack using radio signals.  Inside the server room there were the usual racks of kit.  I like them, although I realise some would find that a bit boring.  However, I was impressed by their fire suppression system, with separate controls and feeds to each individual rack.  If a fire occurred in a particular rack, the system would deal with it locally, and so keep as much of the rest of the installation protected and running as possible.  Actually this was as far as we could go.  Deeper in to the bunker through more blast doors there are other co location rooms, the main server room, and other managed service rooms.  Visitors like us, and The Bunker's own general staff aren't allowed in, even if escorted.  Only a specific short list of personnel have that level of security clearance.     

Back out through the airlock and along the corridors, we didn't pass any of Blofeld's henchmen in their uniforms.  We were, however, shown the last remaining Plessey radar terminal and 70s style phone to show off a bit of Ash's history as a missile command and control centre.  Awesome, although I wasn't allowed to touch any buttons (and none of them appeared to be red)!  As we moved out Ben explained how, on the software side of things, The Bunker are PCI DSS compliant (that's the stringent payment card processing security standard) across all of the 12 levels of that accreditation.  Ben also explained about how all personnel are vetted, CRB checked, and certified annually in line with their ISO27001 status.  It's quite clear they have the most comprehensive set of physical, human and digital security systems in place that I've ever experienced.

I found it quite inspiring - partly because of the experience of going behind the scenes at this kind of ex-military facility, and partly because because of the attitude and commitment of all of the people I met there - they live and breathe security.  And then there was the "red" button!  Now I need to find an excuse to visit Berkshire.   

photos courtesy The Bunker