[185996] in North American Network Operators' Group
Re: Rack Locks
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri Nov 20 20:55:36 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <707FECBBE7FEE241ABE4CAAF4025A0BE03984B46@corpmail.burlingtontelecom.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Fri, 20 Nov 2015 19:55:14 -0600
To: Kevin Burke <kburke@burlingtontelecom.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Nov 20, 2015 at 2:37 PM, Kevin Burke
<kburke@burlingtontelecom.com> wrote:
> What kind of experience do people have with rack access control systems
> (electronic locks)? Anything I should pay attention to with the
Overpriced, overkill for most real-world uses?
High-Tech technology for technology's sake?
Avoid them if you can. Within six months or so, at least once, there will
probably be some glitch delaying or denying required prompt access.
[snip]
> Background
> We have half a dozen racks, mostly ours. Mostly I want something to log
> who opened what door when. Cooling overhaul is next on the list but one
It probably makes sense if there are more than a handful of people with
unobserved physical access, and high frequency of access, or there's a
trust issue, high-risk consideration. Or you have to satisfy a
"Checkbox Auditor".
You're not going to be able to look at a log and see Joe opened it at 2:45AM
12 months ago, and ever since then, the servers are not quite right.
Consider manual procedures
Example: Electronic access control to the actual rooms.
A Robo-Key system (RKS), Keyvault, or Realtor lockboxes on
each server rack ^_^
Physical locks on cabinets. Key vault that supports multiple combinations.
Then you don't need exotic hardware, just a good lock, and sound key control
procedures.
I am imaging if you need to automate control of individual keys;
that there will be more competing solutions for this than specialty rack locks.
Logging procedures for key access...
Send an e-mail when someone opens the vault.
Simple magnetic reed switches on all cabinet doors.
Send an e-mail when a cabinet door is opened.
Quite a few standard alarm panels can do those types of things.
Assign someone to periodically check handwritten logs and check for
discrepancies. ^_^
> at a time. Even with cameras those janky make nobody happy.
--
-JH
