[187605] in North American Network Operators' Group
Re: Shared cabinet "security"
daemon@ATHENA.MIT.EDU (Mike Hammett)
Sat Feb 13 09:05:50 2016
X-Original-To: nanog@nanog.org
Date: Sat, 13 Feb 2016 08:05:43 -0600 (CST)
From: Mike Hammett <nanog@ics-il.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
In-Reply-To: <006ABF2D-1558-4781-A160-4B96CEAD81B5@slattery.net.au>
Errors-To: nanog-bounces@nanog.org
Getting a cabinet in someone else's datacenter (Equinix, Coresite, Telx, et=
c.) and having sub-tenants. Most networks aren't going to need more than a =
handful of U in a datacenter, but the more significant the datacenter, the =
less likely they are to provide partial cabinets... which makes no sense. S=
ure, some networks need large chassis routers chewing up 10U - 20U, but the=
re are far more networks that need routers that take up 1U, 2U, something l=
ike that. For many networks, the sheer cost of the space in the datacenter =
doubles their overall cost per megabit.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
http://www.ics-il.com=20
Midwest-IX=20
http://www.midwest-ix.com=20
----- Original Message -----
From: "Bevan Slattery" <bevan@slattery.net.au>=20
To: "Mike Hammett" <nanog@ics-il.net>=20
Cc: "North American Network Operators' Group" <nanog@nanog.org>=20
Sent: Saturday, February 13, 2016 2:36:34 AM=20
Subject: Re: Shared cabinet "security"=20
Sorry. I'm not sure I get from which angle you are coming at this from. Hap=
py to clarify for you and anyone interested if you can help me out here.=20
Cheers=20
[b]=20
On 13 Feb 2016, at 12:58 PM, Mike Hammett < nanog@ics-il.net > wrote:=20
There are more options when you're not just using someone else's datacenter=
.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
http://www.ics-il.com=20
Midwest-IX=20
http://www.midwest-ix.com=20
----- Original Message -----
From: "Bevan Slattery" < bevan@slattery.net.au >=20
To: "Mike Hammett" < nanog@ics-il.net >=20
Cc: "North American Network Operators' Group" < nanog@nanog.org >=20
Sent: Friday, February 12, 2016 4:44:34 PM=20
Subject: Re: Shared cabinet "security"=20
In a past life we worked with our supplier to create physically separate su=
b-enclosures.1/2 and 1/3. Able to build in a separate and secure cable path=
for interconnects to the meet-me-room and connection to power supplies.=20
Can be done and I think there are now rack suppliers that do this as standa=
rd. Been out of DC space for a few years now.=20
[b]=20
> On 13 Feb 2016, at 6:58 AM, Mike Hammett < nanog@ics-il.net > wrote:=20
>=20
>=20
> That moment when you hit send and remember a couple things=E2=80=A6=20
>=20
> Of course labeling of the cables.=20
>=20
> Maybe colored wire loom for fiber and DACs in the vertical spaces to go a=
long with the previously mentioned color scheme?=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
> ----- Original Message -----=20
>=20
> From: "Mike Hammett" < nanog@ics-il.net >=20
> To: "North American Network Operators' Group" < nanog@nanog.org >=20
> Sent: Friday, February 12, 2016 2:53:17 PM=20
> Subject: Re: Shared cabinet "security"=20
>=20
>=20
> I am finding a bunch of covers for the front. I do wish they stuck out mo=
re than an inch (like two).=20
> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s=
_sf%20series%20security%20covers_96-035/96_035s_sf.ashx=20
>=20
> It looks like these guys stick out 1.5=E2=80=9D. That may be workable=E2=
=80=A6 http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanag=
er/files/1717-SSCV.pdf=20
>=20
> I guess those covers are really only useful for servers. That really woul=
dn=E2=80=99t work with a switch\router. Switches and routers are going to b=
e the bulk of what we=E2=80=99re dealing with.=20
>=20
> I am finding locking power cables, but that seems to be specific to the P=
DU you=E2=80=99re using as it requires the other half of the lock on the PD=
U.=20
>=20
> I did come across colored power cords. I wonder with some enforced cable =
management, colored power cables, etc. we would have =E2=80=9Cgood enough=
=E2=80=9D? You get some 1U or 2U cable organizers, require cables to be sec=
ured to the management, vertical cables in shared spaces are bound together=
by customer, color of Velcro matches color of the power cord? Blue custome=
r, green customer, red customer, etc. Could do the cat6 patch cables that w=
ay too, but that gets lost when moving to glass or DACs.=20
>=20
> I thought about a web cam that would record anyone coming into the cabine=
t, but Equinix doesn=E2=80=99t really allow pictures in their facilities, s=
o that=E2=80=99s not going to fly. Door contacts should be helpful for an a=
udit log of at least when the doors were opened or closed.=20
>=20
> Financial penalty from the violator to the victim if there=E2=80=99s an u=
h oh?=20
>=20
> I=E2=80=99m not trying to save someone from themselves. I=E2=80=99m not t=
rying to lock the whole thing down. Just trying to prevent mistakes in a sh=
ared space.=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
> ----- Original Message -----=20
>=20
> From: "Mike Hammett" < nanog@ics-il.net >=20
> To: "North American Network Operators' Group" < nanog@nanog.org >=20
> Sent: Wednesday, February 10, 2016 8:59:08 AM=20
> Subject: Shared cabinet "security"=20
>=20
> I say "security" because I know that in a shared space, nothing is comple=
tely secure. I also know that with enough intent, someone will accomplish w=
hatever they set out to do regarding breaking something of someone else's. =
My concern is mainly towards mitigation of accidents. This could even apply=
to a certain degree to things within your own space and your own careless =
techs=20
>=20
> If you have multiple entities in a shared space, how can you mitigate the=
chances of someone doing something (assuming accidentally) to disrupt your=
operations? I'm thinking accidentally unplug the wrong power cord, patch c=
ord, etc. Accidentally power off or reboot the wrong device.=20
>=20
> Obviously labels are an easy way to point out to someone that's looking a=
t the right place at the right time. Some devices have a cage around the po=
wer cord, but some do not.=20
>=20
> Any sort of mesh panels you could put on the front\rear of your gear that=
you would mount with the same rack screw that holds your gear in?=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
>=20
