Lessons learnt from WannaCry for Enterprise


There are a lot of online articles that talk about the WannaCry ransomware and I have listed half a dozen reference links at the end of this article for your further reading pleasure. While the news reports says 200,000 computers are affected, the number of connected computers in today’s world numbers about more 10,000 times that (Forrester Research predicts number of PC numbers 2 billion by 2016).

A virulent Trojan horse was released on 12th May 2017 via a phishing email and a hospital employee opens it on his/her computer and clicked to open the attachment zip file that launches the attack. The WannaCry Trojan horse spreads itself via further emails to contacts on that particular person’s contact list which spreads within and also to persons external to his/her hospital network. What is more potent is that the WannaCry Trojan horse also spread within the network (bounded by boundary gateways like firewalls and content filters that blocks Microsoft Server Messaging Block – SMB from going across the network boundary) to other Microsoft OS based devices and servers via SMB vulnerabilities AND files shared through file-sharing applications such as DropBox and other cloud based drive that allows Windows-Explorer upload. The WannaCry Trojan horse uses known exploits as EternalBlue and DoublePulsar of which patches were available on 14th March 2017.

The extent of the spread is widely reports, UK NIH hospitals are clustered together organizationally and presumably also in terms of its network to share IT resources such as servers. See the reference links for more details.

What did the ransomware writers did right?

  1. Phishing email
  2. Exploiting near zero-day exploits
  3. Exploit File Sharing trend
  4. Locking up important looking documents that enterprise may not have up-to-date backup copy

What perpetuated the spread?

  1. Human (judgement) error:
    1. Staff with no security training or awareness
    2. A compelling phishing email
    3. A connected enterprise that has limited internal security screening/gateway devices
    4. Manually stopping a security patch cycle
  2. Absence of a file modification alert tool that sends out alarm when files are inadvertently modified (by Trojan horse) for critical IT servers
  3. Security Policy and implementation – there should be restrictions to use of file sharing applications within enterprises.
  4. Resource issue: continued use of outdated/unsupported OS
  5. Lag in security patching either through policy or dictated by production cycle (e.g. quarterly instead of monthly security patch following Microsoft recommendations)
  6. Lack of an enterprise security monitoring capability like a 24×7 security operations center that can quarantine and block the spread. A under-staffed ICT security team or lesser focus on ICT security

There are online posts that discussed what the ransomware writers did wrong. See reference link 6.

I will just focus on those contributors that I classify as under the human error category.

A phishing email can be very compellingly written, but one that has a file attachment should be judged with suspicion especially from an external source. All enterprise should indoctrinate their staff on filtering such email, and should enable their email software with mail phishing filtering capability automatically turned on.  It is made worse most of the time with those staff with computer access thinking that what they do will not affect the enterprise’s ICT security stance.

Lessons Learnt

An enterprise network should be segregated in terms of layers of trust, with the most important servers protected by a ring of security gateway devices such as firewalls supplemented by intrusion-detection-devices, and any protocols for server-to-server communications such as SMB should only be allowed on a case by case basis. The lack of such layer of trust and an open-network environment is what allows the propagation to spread so quickly in those reported cases than enterprise that does any of the following measures:

  1. Train and regular reminded of staff to be wary of phishing emails
  2. Quarantine email from external source with file attachment
  3. Limit incoming and outgoing file sharing application and the protocols associated with these applications
  4. Create layers of trust for enterprise IT resources. For example, web based application access to critical servers only and through secured and patched application servers that are protected by firewalls and automated security monitoring tools
  5. Automated security patching process

Any of the above would have and had been proven to stop the spread of Trojan horse like WannaCry.

James Scott, from the Washington DC-based Institute of Critical Infrastructure Technology said this “you’re only as strong as your weakest link within your organisation from a cyber-perspective”

Don’t let the weakest link be worse than a link, i.e. totally unprepared.

Oh and by the way, don’t pay the ransom if your computer had been affected. Built the computer from last good backup, apply security patch, and move on from there.


  1. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
  2. https://www.ft.com/content/82b01aca-38b7-11e7-821a-6027b8a20f23
  3. https://en.wikipedia.org/wiki/EternalBlue
  4. https://www.wired.com/beyond-the-beyond/2017/04/double-pulsar-nsa-leaked-hacks-wild/
  5. http://fortune.com/2017/04/15/microsoft-shadow-brokers-patch/
  6. https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur-mistakes/


Lessons learnt from WannaCry for Enterprise

From the trenches of Asia data center build projects


There are issues faced by yours truly and colleagues in data center build projects in China and elsewhere. Some of these experiences and lesson learnt will be shared in this post. For reason of protecting the people involved, some specifics are obscured (e.g. country/location) while not affecting the message being shared.

Labor Strike

At about half way into the build programme for a data center in a city in south pacific, the electricians union called for a strike because compensation negotiations with the electrical installation companies broke down for the four year collective agreement. The labor strike went on for 10 full days and 7 half days. For those half day strike, the electricians worked until 11:30am and walked off. Our project schedule had very small buffer. While the client is apprised of the labor strike situation but their legal counsels do not agree that this fall under force majeure condition of our agreement. We did manage to catch up by paying for some overtime days after the strike period was over and the representatives from the client delay their take-over date by four precious days and we avoided penalty. We should look out for and plan a bit more buffer whenever such collective agreement are up for renewal.


Different country has different practice when it comes to budget, in particular buffer. In Singapore, we do not budget for a buffer, it is usually budget in such an arrangement that should the budget not exceed by 5%, then it will be covered from a central fund or some prior arranged account for contingency.

When we worked on a project in Australia, the design firm had to explain to us that the buffer of 10% is expected to be used and savings, if any, are a blessing.

In China, the budget is fixed and cannot be exceeded and there is no buffer by the final round of budget review by senior management. The other thing about the budget number is that almost certainly all data center equipment vendor and contractors will learn of this number, somehow.

While on the topic of budget, the budget for data center design contract is roughly the same in Singapore and Australia, which is around 3-5% of the whole project cost.

In China, the guideline by the building regulations give non-mandatory guideline on all design contractors to be 3-5% as well, however the competition for contract and normally the awarded design contract comes up to under 3%, sometimes not even 1%. Quality and resource allocation by the design firm do suffer as a consequence of the cut throat competitive pricing by the data center mechanical and electrical design companies in China. For example, they will only send technical liaison to be on-site once or twice just for project meetings during the build phase as it is the norm in China that the main contractor takes over the drawings and be responsible for the drawings thereafter, the design company endorse the drawings after the build programme is done with very little work to verify or inspect. More on this in my future post.

Electricity Supply (last mile)

Securing power supply for the data center facility is critical and our Beijing project in an industrial park had it secured through another company that purely acts as go-between with the power company that supply to the industrial park. We were promised the MV electrical cables will be laid and connected within six months. One month before this six months was up, the power company called for a meeting and a third party electrical cabling contractor was invited by the power company to be in the same meeting. We were told that the power company requires this third party electrical cabling contractor to be engaged through us or our middle man company to finish the last mile of electrical cabling from nearest power substation to our premises and additional cost of 1Mil RMB are to be paid by us to this new party. We were shocked and various ways to escalate, negotiate to take away this new party, and so forth took another half a year before we relented and find the budget to achieve this. The worst thing is, a new problem crops up afterwards that the power company said since we have delayed in contracting to this new party, the electrical cabling path has to be changed as the previous planned-for path to our premises is not possible since it had been given to another electrical cable for a separate project. The situation now is, we and the adjacent building complex owner are to share a MV transformer room that is to be located in one of our neighbor’s building ground floor and then the MV cable run from their complex to ours. Again, it is a take-it-or-leave-it attitude from the power company. Our project ended up taking three years to complete. So China speed can be fast, but it can also be slow and end up being a lousy compromise.

New Rules retrospectively applied to existing site

On the same Beijing project mentioned above with the last mile electricity supply obstacle, we have another problem which was new regulations imposed after the Beijing TV tower fire incident (2009) that we need to have two sources of water for fire fighters to use. They issued the regulations and all building that are to be retrofitted are to comply. When we bought over the former textile building complex and submitted our plan to change of use, the industrial park management and the fire service bureau issued the directive that we are to comply with the new rules. The complex as-is has only one water pipe which according to the new regulations is insufficient provision. We either dig a well connected to swimming pool size water storage tank or have two swimming pool size water storage tanks. We did the latter. Our green grounds were dug up and we put in the two 30m X 20m X 4m tanks with associated water pumps.

On-site inspection is a must

On two separate occasions while in Shanghai, I inspected two green field sites. Supposedly one is zoned and ready and the draft drawings looks promising until I visited the site after a two hours drive. It was farm land, with old residential single-level building with village folks still around and no road has been built. The plans are just paper, nothing has been done yet. After 5 years, the project has not taken off from the paper.

In a tier-3 (it is a China definition of their city standard, tier 1 cities are the likes of Beijing, Tianjin, Shanghai, Shenzhen, tier 2 are usually the provincial capitals and more developed cities) city in Anhui, we are to retrofit the ground and second floors of one 12 years-old factory building. The paper as-built drawing plans took 5 days to locate from the state-owned conglomerate’s building management company. We were pondering how best to re-locate the water sprinkler pipes on the ground floor such that the no-water time can be reduced to the shortest possible duration. When the building management office folks came by to look at the water sprinkler pipe, they made a comment that the water sprinkler pipe is dry. I thought the water sprinkler is a pre-action dry-sprinkler system but puzzled as it is a factory building that do not require such a complicated system. It turns out that I was mistaken. The water sprinkler system is supposed to be charged with water, but the pipe had leaks and some pipe or valves were broken and it has been dry for quite some years.

When the fire service bureau representative came by to review our drawing plans for the retrofitted floor, he nary inspected the relocated water sprinkler system. I reminded myself to always look for the nearest exit out of the building everyday I go to that building.

On an data center site inspection in GuangDong province, I came across a case whereby the design company endorsed original documentation showed dual incoming MV electricity supply while in fact the building has only one electricity supply.


How each country handle defect list is different. In China, defect list is sometimes overlooked if the main contractor’s boss and the project owner’s big boss are friend and that was the reason for awarding to that main contractor in the first place. When the relationship turn soar for whatever reason, the defect list grows and grows and it was used as a reason for non-payment of remaining sums of the project. It is not good to mix business and relationship.


A few days before the Chinese New Year holidays, a main contractor asked the sub-contractor to hire some workers to stand in front of the gate of a Shanghai data center company to block incoming car and worker transport buses. The police were called and these protestors were moved to the side of the entrance. After two days of this organized protests, the protest stopped as the police warned the sub-contractor of serious consequences. A romor has it that the sub-contractor’s manager and his colleagues responsible for organizing the protesters were “dealt” with.

Impulsive Decision and Big Grand Upscale (高大上)

Impulsive decision making (拍脑袋做决策) without expert advice by key decision maker is a major problem in Chinese organizations. Many cloud data center projects were announced throughout China, while only a fraction are actually completed and in operation. Most of them have not reached 50% occupancy and are loss making. One organization I know has its cloud strategy in 2015 to have 30,000 racks capacity in 3 years, without regards to market demand and the worst thing is those cities it planned to build its large scale cloud data centers (6,000-10,000 racks capacity each) are in less developed cities which do not need such scale without consideration of the competitors whom are not sitting still. The leaders wants big grand projects, the saying in Chinese is 高大上.

Finding the Gems among all the “promising” projects

In China and elsewhere in Asia, it is a challenge to sieve through all the announced plans by the local governments, the cloud players, and big data center park scale developers to see the gems and find the worthy project. There are data center projects that are more sure footed and data center service providers that are on firmer grounds and growing from strength to strength.

From the trenches of Asia data center build projects

Rebel forces in the China Data Center Market


The headline picture is ChongQing city LiangJiang New District XinShui High Tech Park, whereby there are five data center buildings built or in the process of construction. Two of them are by a server manufacturer called Inspur.

Chinese server manufacturers are going a completely different route versus non-Chinese server manufacturers. The likes of IBM, HP, Dell are offering their services on in-the-rack (i.e. server) and on-top-of-hardware (i.e. software and services), and are most definitely not building data center using their own money.

In China, it is the other way around. The Chinese server manufacturers are funding and building data centers through-out China in a frenzy!

The following five server manufacturers are Chinese owned companies:

  •  华为 (Huawei)
  • 浪潮 (Inspur)
  • 曙光 (Sugon)
  • 紫光 (Unisplendour – majority owner of H3C)
  • 中兴 (ZTE)

Besides they are all server manufacturers, they have built multiple large scale colocation data centers in China.

Huawei need no introduction, and perhaps ZTE as well. The rest of the server manufacturers mentioned above are relatively unknown outside of China. But, they are well known in China.

Huawei had built more than three cloud data center facilities in China (reference 1, 2). For the data center facility sector, Huawei has containerized data center solution, their own UPS, CRACs/CRAHs. LV switchboards, Back-up generator and chillers are sourced from external parties and re-badged as Huawei. They also have their own Huawei BMS software.

Both ZTE and Sugon are state-owned enterprises, while Inspur had transited from state-owned to private ownership, a portion of its shares is still partially owned by the Chinese government.

Inspur had built a data center facility with capacity of 8,000 racks in ChongQin for China Unicom as a built-operate model. (reference 3). Inspur announced plans to build seven large data center facilities and 50 smaller ones through-out China. (reference 3, 4)

Apple will use Inspur to build and operate a data center in China, according to news. (reference 5).

Sugon is well known in China for their super-computer cluster but they also have server line of product. They have built super-computer data centers in three cities (Wuxi, ChengDu, and Nanjing) and also cloud data centers in many cities. They had announced plans to cover 100 cities. They had ventured outside of China and built a data center in Slovenia for Slovenian ICT company Arctur.(reference 6, 7)

Unisplendour is public listed on Shenzhen stock exchange. Unisplendour had bought 51% of HP’s ownership of H3C and started making and selling HP servers that are branded as H3C in China. Unispendour announced that it will spend 2.2B RMB dollars to acquire or to build data centers. They had announced plan to build a data center facility in FangShan district of Beijing, the built-in area of the building will be 39,725 sqm (about 427,500 sqft) (reference 8).

ZTE had buit a data center facility with rack capacity of 13,000 racks in ChongQing for China Mobile as a built-operate model. (reference 9). ZTE is explicitly stating via their website that they provide a total data center solution from planning, building all the way to hand-over. (reference 10). They were looking outside of China to build data centers to meet the demand of Chinese companies that needs to set-up network point-of-presence (POP) or host their applications and data.

For example, in ChongQing, there are at least two server manufacturers involved in building and managing data centers on behalf of China Unicom and China Mobile, which in turn are for cloud service providers like Baidu and Tencent.

This has been going on for more than 4 years and thus quite a number of data center facilities had been completed> Inspur has been leading the charge, followed by the rest and not surprisingly Huawei was among the last to do so (Unisplendour is slow because it had only acquired the 51% shares of H3C in 2016). Huawei was probably hesitant to encroach onto IDC space but couldn’t forego the market share and potential revenue.

In China, the background and the incentives are vastly different from elsewhere which is why these manufacturers have enter the data center build-operate-(optional)transfer cycle. The data center builds are under an umbrella or a framework package deal whereby the city or district government wanted a public-private-partnership deal that is headlined by smart-city or government-cloud initiative, which usually ties together the following:

  • smart-city projects – communities (residents and busineseses) projects – employment (skilled manpower)- infrastructure (cloud, network, servers, storage) – data center

So the data center is the underpinnings for the whole deal, and the server manufacturers sees the volume of network/servers/storage required (when it is 10s of thousands of racks = 100,000 servers = multiple times investment versus data center core and shell plus electrical and mechanical infrastructure).

The server manufacturers will work with partners to deliver the entire package or supplement with their in-house capability to develop some of the big data / cloud solutions. So these server manufacturers view these huge projects as opportunities for growth. The other thing is that in China, there is very few big third party co-location data center service providers that has the reach and deep pockets compared to these mostly state-backed server manufacturers. Therefore, this creates a unique situation for the Chinese server manufacturers to enter the data center build-operate-(optional)transfer model. Note that these data centers are built by appointed main contractors and not strictly by these China server manufacturers.

Intertwined in this mix is that the Baidu/Alibaba/Tencent (BAT) are also one of such partner with the Chinese server manufacturers in those smart-city projects, thus not necessary that the server manufacturers are squeezing out the BAT in the smart city projects. For example, the Inspur built data center in ChongQing LiangJiang new district, is known as the Baidu ChongQing LiangJiang Data Center.

How this will play out in the future remains to be seen. For the moment, it is worth noting that the China server manufacturers can be a channel or a partner to work with in the China data center market as well as overseas.


  1.  http://mt.sohu.com/20170308/n482702087.shtml
  2. http://news.eastday.com/eastday/13news/auto/news/china/20170209/u7ai6476772.html
  3. http://www.liangjiang.gov.cn/Content/2015-06/19/content_90027.htm
  4. http://www.ebrun.com/20150716/141014.shtml
  5. http://www.gold678.com/dy/P/67321072
  6. http://cn.chinagate.cn/news/2016-11/16/content_39716087.htm
  7. http://www.jifang360.com/news/2014422/n402358123.html
  8. http://news.idcquan.com/news/60548.shtml
  9. http://fiber.ofweek.com/2016-09/ART-210022-8120-30033419.html
  10. http://www.zte.com.cn/cn/solutions/cocloud/201508/t20150825_443862.html
Rebel forces in the China Data Center Market

Data Center site selection in tiny Singapore and elsewhere in Asia – Pitfalls to avoid


I stay in the Northern area of Singapore, and helicopter flies over or nearby my apartment block daily because there is a military airbase within 1km. One fine afternoon, I heard a loud crash sound. If you typed in Apache Helicopter Crash Woodlands into Google Search, you will see an image like the above picture.

The crash took place on 30th September 2010, and in the background of the photo is a 3M factory. This crash site is along Woodlands Ave 12 where a multi-level data center facility of 25,000 square meters will be built. The military helicopter airbase is only about 200meters away and the helicopters do fly over the Woodlands industrial and housing estates. Potential clients will be quite worried when they can see helicopter lifts off or flies over the data center facility.

Would you choose a data center site that has the following known issues:

  • Within 2km of flight path
  • Within 300m from a helicopter airbase
  • Within 300m of a helicopter crash site
  • Within 200m from a railway track
  • Within 100m from a river/storm water drainage
  • Right next to a flooded junction
  • A big storm water drain pipe that goes underneath a carpark where we wanted to build a data center building
  • Within the power station compound
  • In an open campus technology park that disallow erecting of fence
  • The authority will change the purpose of the area from that is suitable for data center to favor oil and chemical industry
  • The next door neighbor is a storage warehouse (potentially storage of flammable material)
  • MV Transformer or Backup Generator at below ground level (existing building)

I and my fellow colleagues had encountered all of the above situations before.

If you key in Singapore Cable Landing Station into Google Map, you will learn that it is only 500m away from one of the closest runway of Changi International Airport.


Most did not know that the Changi cable landing station is so close to the airport runway. So data center should have its international circuit routed to more than just the Singapore Cable (Changi) landing station, there are more than one other cable landing station, the ones that I know off are Katong and the Western Singapore cable station.

The thing is, Singapore is a small island, 720 odd square kilometers with airbases in the north, west, and east. The central area is a water catchment and nature reserve. It is therefore a compromise of all the recommended distances away from man-made elements (BICSI-002, Table 5-1).


Courtesy of Gary Ng (http://www.maphotosg.com/constraints-rsaf-air-bases/)


In China, the case of allocation of land and decision by the top man without technical inputs is what put me and my colleagues in very difficult situation. One of the data center site that the top man had already decided before passing to me for technical design is within 200meters of a river and a railway track. I was told to have the fire escape stairwells away from the railway track and I have to make sure no open windows on the walls facing the railway track. Still, all potential clients will give our site a pass except one. This potential client came back to us because the other sites that they looked at do not have the capacity to house their quantity of racks (1,000 racks).

The recommended distances away from the high risk areas are available from the various data center design standards/guidelines/best practices such as the TIA942, BICSI002, EN50600 etc. Mark out those absolutely cannot be accepted attributes, and give marks/weightage as part of the site assessment.

At the end of the day, when you tally up the scores of the various sites that you have visited, pick out the top two plus one more and present to the client or your boss that commission the site assessment study.

One good advice that one of my colleague had found out about a already built data center building (Building A by owner A), is that there is seemingly a new data center being built further down the road and he asked the representative of our site about the new building (Building B) and learnt that it is being commissioned by an C who is existing client in building A. So new buyer of building A will suffer when C moves out.

I did a site assessment of a built data center in southern China and I saw something that is not right, i.e. no smoke detector in the generator yard, but they said that a little device on the pillar is the smoke detector. I asked for the model number and they are stumped. On second visit, smoke detectors are present where they were absent.

There are a few key pointers to the site selection:

  1. Site visits (noticed the plural form) at least once per day, evening and night
  2. Assessment Checklist
  3. Map review (Authorities plans and maps)
  4. Past incidents of the site
  5. Check out what businesses are the neighbors doing (next door, and one more door further down)
  6. Last but not least, get a third party to do the checking and assessment
  7. Review client list (if assessing an existing data center building)



  1. http://www.maphotosg.com/constraints-rsaf-air-bases/
  2. https://www.mindef.gov.sg/imindef/press_room/official_releases/nr/2010/sep/30sep10_nr2.html
  3. https://www.linkedin.com/pulse/sharing-data-center-site-selection-evaluation-james-soh
Data Center site selection in tiny Singapore and elsewhere in Asia – Pitfalls to avoid

Holistic human error reduction in Data Centers

I did a presentation on the topic of human errors and how to reduce them in a DataCenterDynamics conference in Bangkok in March 2017. You can find the pdf version of the presentation slides via this link: Human error is biggest challenge to availability-2017-02-16-for-web-publishing.

Two articles that I have written on this area are listed below:

Part 1: https://newwitblog.wordpress.com/2017/02/18/human-error-the-biggest-challenge-to-data-center-availability-and-how-we-can-mitigate/

Part 2: https://newwitblog.wordpress.com/2017/03/06/human-error-the-biggest-challenge-to-data-center-availability-and-how-we-can-mitigate-it-part-2/

Holistic human error reduction in Data Centers

A list of Singapore Colocation Data Centers


For Enterprise looking for data center co-location service provider, google search will yield pages of pages of links.

Apparently, there is a few website that list the data centers (see reference 2 to 5) of which some of the listed data center colocation service providers were no longer available, but this post is to list those that offers co-location service to enterprises, and lists the web page that contains contact information. The list will only contain data centers that are ready to take in customer’s 1 rack full of IT gear.

This post will help an enterprise that is searching for Singapore data center co-location service provider to house at least one rack with IT gear, and not specifically looking for managed service. However, we do not distinguish between those that offers whole rack, or private cage, or private data hall. If the enterprise is looking for colocation plus managed services, then the likes of HPE, IBM, Dimension Data, Atos-Origin will be able to bundle the hosting facility (be it a private suite / data hall or a private cage) from one of the service provider below and managed service.

Some of the data center co-location service providers listed below has more than one data center facility in Singapore.

1. 1-Net Singapore




3. Ascenix Singapore


4. AT&T


5. CenturyLink


6. Colt


7. CyrusOne


8. DataPipe


9. Digital Realty Singapore


10. Epsilon


11. Equinix Singapore


12. Fujitsu


13. Global Switch


14. InterNap


15. IO


16. KDDI Telehouse Singapore


17. Keppel Data Centres




19. LeaseWeb


20. M1


21. NewMediaExpress


22. NTT


23. Racks Central


24. SingTel


25. Starhub


26. ST Electronics DCS


27. ST Telemedia


28. T-Systems


29. Tata Communications


30. Telekomunikasi Indonesia International (Telin SG)


31. Telstra


32. ViewQwest


33. Icon-Webvisions


34. WebZilla


Note: some of these data center co-location service provider are themselves leasing physical data hall from a large scale data center co-location service provider.

Just for completeness sake, here are some hyperscale data center, i.e. data center built by the enterprise that offers cloud services for the enterprise. Given that they have cloud set-up in Singapore, there will be speed advantage to consider cloud services from the following providers:

a. Aliyun aka Alibaba Cloud


b. AWS

https://aws.amazon.com/ (Singapore is one of the Availability Zone that you can pick)

c. Microsoft Azure

https://azure.microsoft.com/en-us/regions/ (Singapore is one of Azure’s region)

d. Google (Jurong West)

https://cloud.google.com/about/locations/ (Singapore is one of Google’s cloud zone)

e. Softlayer



1. https://www.google.com/maps/d/viewer?mid=1EG49nDzDZ-NLjVyqbkmDLS4V5TE&hl=en&ll=1.3304834515591697%2C103.83486799999991&z=12

2. http://www.datacentermap.com/singapore/singapore/

3. https://cloudscene.com/search/data-centers?searchTerm=Singapore&pDc=1&pSp=1&pFb=1&pMar=1&sDc=providers&sSp=pops&sFb=markets&sMar=facilities

4. http://wiredre.com/singapore-data-center/

5. https://www.datacenter.sg/

A list of Singapore Colocation Data Centers

A list of data center mechanical and electrical design consulting firms in Singapore


In two separate occasions, a common question came up – what are the data center mechanical and electrical design consulting firms can they call for submissions, as they only knew at most one or two.

Well, quite a lot apparently. The list below are those that had at least done a data center project or data center technical review in Singapore:

  1. ARUP
  2. Aurecon
  3. Bescon Consulting Engineers
  4. Cundall
  5. DSCO
  6. HurleyPalmerFlatt
  7. I 3 Critical Facilities
  8. J Roger Preston
  9. M+W Group
  10. Meinhardt
  11. NTT Facilities (formerly Pro-Matrix)
  12. Plan One Engineering Services
  13. RED Engineering
  14. SJ Thames
  15. TW International Counsel
  16. Wah Loon Engineering
  17. Worley Parsons

I am not associated with any of the above company in a business capacity.

You can easily obtain the company contact information from google search of these companies’ website. If you would like another mechanical and electrical design consulting firm to be listed, please let me know with a project reference information (just project name) and I will update as and when I am able to.


  1. http://www.datacenterjournal.com/selecting-a-data-center-consultant/
  2. https://www.linkedin.com/pulse/making-sense-data-center-standards-james-soh-%E8%8B%8F%E6%97%AD%E6%B1%9F
  3. https://www.bca.gov.sg/PanelsConsultants/panels_consultants.html
A list of data center mechanical and electrical design consulting firms in Singapore