Micrsoft maintains data centers around the world, including US locations in San Francisco, San Antonio, Chicago, and Quincy, Washington. Some of these house tens of thousands of systems each and draw tens of megawatts from the electrical grid. Just the first building at the Quincy facility measures 470,000 square feet with a perimeter spanning 1.3 miles. Some centers are massive complexes; others are based on the new container model for data centers. With these, the shipping container itself is a sort of system, and when enough servers within the container fail, the entire unit is swapped out rather than serviced on-site.
Each data center is rigorously controlled through industry standard physical security measures, from physical access through power and network outage protection. Barring a natural catastrophe, it is highly unlikely that a data center’s ‘round-the-clock service’ would ever be interrupted. Nevertheless, as mentioned, these sites are redundant. Should disaster strike one site, immediate failover to another is invisible and undetectable to end-users.
Microsoft staff manages and monitors each site, but the number of staff with key access is kept to a bare minimum. Admin passwords are changed religiously. Permissions even for the tickets to open data center access are granted by the network operations director, and all security processes are regularly audited by third-party assessment contractors.
On a smaller scale, BPOS customer data is stored on clustered severs, with data backed up redundantly through Microsoft’s System Center Data Protection Manager 2007. This is a block-level protection approach utilizing both disk and tape to replicate data constantly. One of the advantages of Data Protection Manager is that it enables users to perform Exchange, SharePoint Online, or SQL database restores any time they please without having to maintain a 24x7 synchronization with a remote service. Microsoft’s cloud model handles that function seamlessly.