[187616] in North American Network Operators' Group
Re: Shared cabinet "security"
daemon@ATHENA.MIT.EDU (Mike Hammett)
Sun Feb 14 08:51:06 2016
X-Original-To: nanog@nanog.org
Date: Sun, 14 Feb 2016 07:48:57 -0600 (CST)
From: Mike Hammett <nanog@ics-il.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
In-Reply-To: <4F06A3E4-6771-48BC-804F-4302CB8EE9DA@semihuman.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
*nods* I've seen half and third cabinet designs employed in a couple datace=
nters. I've seen product sheets for quarter and sixth rack (with the sixth =
introduced in this thread).=20
To me, those seem like ideal cabinets to put in MMRs, which traditionally h=
ave full cabinets. By count of networks, there are far more networks that e=
mploy routers smaller than say 4U than there are ones that use larger than =
say 12U.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
http://www.ics-il.com=20
Midwest-IX=20
http://www.midwest-ix.com=20
----- Original Message -----
From: "Chris Woodfield" <rekoil@semihuman.com>=20
To: "Mike Hammett" <nanog@ics-il.net>=20
Cc: "Bevan Slattery" <bevan@slattery.net.au>, "North American Network Opera=
tors' Group" <nanog@nanog.org>=20
Sent: Saturday, February 13, 2016 6:33:04 PM=20
Subject: Re: Shared cabinet "security"=20
I've seen colos sell half-racks where both the top and bottoms of the racks=
have their own cabinet doors. It's not a common thing though.=20
-C=20
> On Feb 12, 2016, at 18:58, Mike Hammett <nanog@ics-il.net> wrote:=20
>=20
> There are more options when you're not just using someone else's datacent=
er.=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
> ----- Original Message -----=20
>=20
> From: "Bevan Slattery" <bevan@slattery.net.au>=20
> To: "Mike Hammett" <nanog@ics-il.net>=20
> Cc: "North American Network Operators' Group" <nanog@nanog.org>=20
> Sent: Friday, February 12, 2016 4:44:34 PM=20
> Subject: Re: Shared cabinet "security"=20
>=20
> In a past life we worked with our supplier to create physically separate =
sub-enclosures.1/2 and 1/3. Able to build in a separate and secure cable pa=
th for interconnects to the meet-me-room and connection to power supplies.=
=20
>=20
> Can be done and I think there are now rack suppliers that do this as stan=
dard. Been out of DC space for a few years now.=20
>=20
> [b]=20
>=20
>> On 13 Feb 2016, at 6:58 AM, Mike Hammett <nanog@ics-il.net> wrote:=20
>>=20
>>=20
>> That moment when you hit send and remember a couple things=E2=80=A6=20
>>=20
>> Of course labeling of the cables.=20
>>=20
>> Maybe colored wire loom for fiber and DACs in the vertical spaces to go =
along with the previously mentioned color scheme?=20
>>=20
>>=20
>>=20
>>=20
>> -----=20
>> Mike Hammett=20
>> Intelligent Computing Solutions=20
>> http://www.ics-il.com=20
>>=20
>> Midwest-IX=20
>> http://www.midwest-ix.com=20
>>=20
>> ----- Original Message -----=20
>>=20
>> From: "Mike Hammett" <nanog@ics-il.net>=20
>> To: "North American Network Operators' Group" <nanog@nanog.org>=20
>> Sent: Friday, February 12, 2016 2:53:17 PM=20
>> Subject: Re: Shared cabinet "security"=20
>>=20
>>=20
>> I am finding a bunch of covers for the front. I do wish they stuck out m=
ore than an inch (like two).=20
>> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/=
s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx=20
>>=20
>> It looks like these guys stick out 1.5=E2=80=9D. That may be workable=E2=
=80=A6 http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanag=
er/files/1717-SSCV.pdf=20
>>=20
>> I guess those covers are really only useful for servers. That really wou=
ldn=E2=80=99t work with a switch\router. Switches and routers are going to =
be the bulk of what we=E2=80=99re dealing with.=20
>>=20
>> I am finding locking power cables, but that seems to be specific to the =
PDU you=E2=80=99re using as it requires the other half of the lock on the P=
DU.=20
>>=20
>> I did come across colored power cords. I wonder with some enforced cable=
management, colored power cables, etc. we would have =E2=80=9Cgood enough=
=E2=80=9D? You get some 1U or 2U cable organizers, require cables to be sec=
ured to the management, vertical cables in shared spaces are bound together=
by customer, color of Velcro matches color of the power cord? Blue custome=
r, green customer, red customer, etc. Could do the cat6 patch cables that w=
ay too, but that gets lost when moving to glass or DACs.=20
>>=20
>> I thought about a web cam that would record anyone coming into the cabin=
et, but Equinix doesn=E2=80=99t really allow pictures in their facilities, =
so that=E2=80=99s not going to fly. Door contacts should be helpful for an =
audit log of at least when the doors were opened or closed.=20
>>=20
>> Financial penalty from the violator to the victim if there=E2=80=99s an =
uh oh?=20
>>=20
>> I=E2=80=99m not trying to save someone from themselves. I=E2=80=99m not =
trying to lock the whole thing down. Just trying to prevent mistakes in a s=
hared space.=20
>>=20
>>=20
>>=20
>>=20
>> -----=20
>> Mike Hammett=20
>> Intelligent Computing Solutions=20
>> http://www.ics-il.com=20
>>=20
>> Midwest-IX=20
>> http://www.midwest-ix.com=20
>>=20
>> ----- Original Message -----=20
>>=20
>> From: "Mike Hammett" <nanog@ics-il.net>=20
>> To: "North American Network Operators' Group" <nanog@nanog.org>=20
>> Sent: Wednesday, February 10, 2016 8:59:08 AM=20
>> Subject: Shared cabinet "security"=20
>>=20
>> I say "security" because I know that in a shared space, nothing is compl=
etely secure. I also know that with enough intent, someone will accomplish =
whatever they set out to do regarding breaking something of someone else's.=
My concern is mainly towards mitigation of accidents. This could even appl=
y to a certain degree to things within your own space and your own careless=
techs=20
>>=20
>> If you have multiple entities in a shared space, how can you mitigate th=
e chances of someone doing something (assuming accidentally) to disrupt you=
r operations? I'm thinking accidentally unplug the wrong power cord, patch =
cord, etc. Accidentally power off or reboot the wrong device.=20
>>=20
>> Obviously labels are an easy way to point out to someone that's looking =
at the right place at the right time. Some devices have a cage around the p=
ower cord, but some do not.=20
>>=20
>> Any sort of mesh panels you could put on the front\rear of your gear tha=
t you would mount with the same rack screw that holds your gear in?=20
>>=20
>>=20
>>=20
>>=20
>> -----=20
>> Mike Hammett=20
>> Intelligent Computing Solutions=20
>> http://www.ics-il.com=20
>>=20
>> Midwest-IX=20
>> http://www.midwest-ix.com=20
>=20
