Operating Expenses and the Hidden Element of Cost

Every day, we often consider the long-term consequences of our decisions, as well as the immediate obvious effects. Take purchasing a car for example. If one car costs $18,000, but another priced at $22,000 has a far better consumer report rating and exceptional fuel economy, we might weigh our desire to save money up front against the risk of paying high fuel prices and maintenance costs down the road. The true cost of the car isn't what you pay to buy it. It's what you pay to maintain and drive it too.

So shouldn't the same decision process be applied to security technology buying decisions? After all, we know this principle is true for powered electronics (such as racks of servers and storage). The true (total) cost of owning isn't simply the initial Capital Expense (CAPEX). It's also every facet of the cost of running them. This is what's known as the Operating Expense (or OPEX). Unlike Capital Expenses which can be modified through spontaneous discounts (especially during tough economic times), Operating Expenses cannot be discounted, eliminated or deferred. You cannot run your server without electricity, or simply switch off the air conditioning and let your equipment overheat.

Still, there are two particularly interesting truisms about OPEX as it relates to the security industry. First, most buyers and system integrators often overlook it-which can mean a missed opportunity to make a better purchasing decision, or in the case of the integrator, a missed opportunity for consultative selling. Second, OPEX can be a remarkably high component of one's Total Cost of Ownership (TCO), so not including this cost can lead to an uninformed (and perhaps less than optimal) purchase decision. And aside from the bottom line implications of OPEX, there are other reasons to care-reasons that have less to do with cost and more to do with another trend, going 'green.' That's because there's a direct correlation between some components of OPEX (power consumption for example) and one's carbon footprint. So understanding and evaluating OPEX is important on many levels.

Now that we know why OPEX is important, here are some pointers to help you measure it. OPEX for security systems can include many things, but in this article, I will highlight three: power, cooling and rack space.

Power: You need electricity to power the equipment. A 1 kW device (e.g. a server plus one disk array) typically consumes 8,760 kWh of energy each year. No, that's not a typo; that is 8.76 Megawatts-hours. Using the U.S. Government's national average (http://www.bls.gov/ro3/apwb.htm) of 13.3 cents per kWh, it would cost about $1,113 per year, or over $5,500 over the typical OPEX lifespan of five years, to power a single 1kW device. In terms of environmental impact that is 29 tons of CO2 using U.S. standards for power generation.

Cooling: All equipment generates heat, which is measured in BTU/h. Our same 1 kW device (noted above) would generate around 3,400 BTU/h. (The exact number would depend on its workload, operating schedule and efficiency.) Data centers, or any rooms where racks of equipment are housed, need to be cooled with air conditioning. There is a cost associated with that as well. In this case, the cost would be the power used by the cooling unit required to remove the 3,400 BTU/h. Some air conditioners are more efficient than others, by design or because of age, and this is referred to as the Seasonal Energy Efficiency Ratio or SEER (http://en.wikipedia.org/wiki/Seasonal_energy_efficiency_ratio). A brand new cooling system has a typical SEER rating of about 10, telling us that we will need to consume another 3,000 kW per year for our single 1 kWh device. That is, $380 per year ($1,900 over five years). If the cooling system is older or less efficient this number will be higher (http://www.coloradoenergy.org/procorner/stuff/ac_seer.htm).
Before we tackle rack space let's do a quick 'so-what?' For the sake of argument let's say that a video security system needs five servers and each one needs two RAID disk arrays. Assuming they are modern well-respected brand names, I can calculate that they will consume (for power and cooling) 220,000 kWh over five years, which totals to $28,000 in electricity costs alone and a cost of 147 tons of CO2 to the planet. Put into perspective, your personal carbon footprint for flying from New York to Los Angeles is less than one ton. It is a sobering thought and explains why the European Union is considering investing $1.4 trillion in renewable energy infrastructure.

Rack space: If you've ever rented an apartment or had a mortgage on a house, you know "space is not free." The same holds true for security equipment. There's a cost associated with that space too. Let's say a building costs $1 million per year to lease and maintain, and the server room consumes two percent of that floor space at a cost of $20,000 per year. It may not come out of the security budget, or the IT budget for that matter but someone somewhere in your organization is paying for it. Then there's the additional cost of the IT staff, backup procedures, training, etc. It is hard to determine a cost for a single rack unit in a data center because there are so many variables, but we know it is not free. In an outsourced data center (e.g. http://www.hostventures.com/colocationprices.html) you could pay up to $125 per rack unit per month for a fully managed server, or at least $12,000 per rack per year. To carry through our cost example above even further, our five servers and 10 RAIDs would need 25 RU (which could fit comfortably in one rack), although I have personally created quotes for systems needing over eight racks.

The total five year OPEX, taking into account all three elements above (power, cooling and rack space) would therefore be about $88,000.

Contribution to five year OPEX by three criteria: power, HVAC and rack space.

List price for this equipment would likely be in the range of $150 to $200K, suggesting that OPEX can easily account for one-third of the Total Cost of Ownership. And this does not even take into account other potential OPEX costs, such as vendor support and maintenance, administering the system, personnel training and certification, routine operating system upgrades and other maintenance.

Other common items that we have not factored in here, neither for CAPEX nor OPEX, include: rack-mounted encoders and decoders, UPS systems, patch panels, video distribution amplifiers, code mergers, central servers, network switches and redundant storage, etc. All of these security system components need power, cooling and rack space. Furthermore, enterprise network switches can cost $100 to $200 per port (CAPEX), so the number of ports a solution requires is a factor you should consider when evaluating competing solutions.

Put bluntly, for every two dollars you spend on CAPEX you need to put another dollar aside for OPEX.
One final important point regarding OPEX is that keeping OPEX costs down starts with choosing the right solution. Don't be enticed by a deeply discounted solution (that offers a lower CAPEX) until you first analyze the OPEX.

For example, in the case of VMS solutions, some vendors' software may be designed to run more efficiently than others, allowing them to record double the number of cameras on a given network video recorder; handle double the recording bandwidth; run more channels of video analytics on a server; or even maximize the usable amount of storage on a disk array rather than losing up to 45 percent of it as overhead.

As you can see, calculating OPEX is not difficult, and well worth your time. I do it with a simple spreadsheet. If you don't have such a tool then simply add up the total number of rack units needed for all your equipment and find some co-location rental prices from the Internet (that already have everything factored in), such as the one found on this Web site: http://www.hostventures.com/colocationprices.html. This will give you an instant ballpark figure, and help you bring the hidden costs of OPEX into clear view.

Dr. Bob Banerjee is senior director of Training and Development, NICE Systems' Security Division. Banerjee develops programs and initiatives to educate, train and support NICE's network of security systems integrators and dealers and provides thought leadership for NICE's security industry outreach. He holds a Ph.D. in Artificial Intelligence from the Advanced Research Center at the University of Bristol, England.