Data center security - What to use for access control?

dsmjeff
dsmjeff used Ask the Experts™
on
Hi. Were moving our server room to a new location. We are wanting to do things right regarding wiring, security, etc. I'm looking online for access control into the room. Does anyone recommend a fingerprint reader system for access to the room? Any other thoughts?

Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
I guess that depends on how tight you need the security to be.    Is it for your own benefit, regulatory compliance, or some mix of the 2?  

The 2 data centers I've helped build for 2 banks used the following (highly summarized)

1. Control access to main building where you needed a keycard and had to pass by the front desk security officer.  
2. Same Keycard granted you access into the computer area.  
3. The computer area was really sections of different technology where different vendor equipment was stored behind different doors.   I say doors, but it was all glass walled, glass doors so no privacy.  All cisco switches were kept in one room, server cabinets in another, mainframe in another, etc...  that way, both employees and vendors only had access to the equipment they needed to get to.  
4.  Security camera are a must positioned at all doors, facing racks, behind racks, etc...  
5.  Logged access, most control systems give you logs of access through different doors, etc...  so you can see who's coming in at 1AM.  
6.  Secure the room with smoke detectors, UPS with generator backups, etc...  to keep the power on for the security controls.  


If you can be more specific about your needs, I'll be happy to offer suggestions.

Author

Commented:
My only problem w/ keycards is if you lose them. I'd prefer a finger print access point on the doors.

This is not for a bank, but we do host other companies servers at our location, so it does need to be secure. Thanks for the other tips.

Any thoughts on the finger print?
Top Expert 2010

Commented:
I have no real issue with fingerprint scanners for access control....  so long as you get a central management control center with the same reporting options as traditional keycard systems.    

I actually looked into a biometric solution once, (not for access control like this though), but was talked out of it by the 'higher-ups' because they had issues with forcing people to give the business their fingerprint along with all of them being germ-o-phobes and hardly wanting to touch anything int he building unless it was disinfected... *chuckle*
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

>Any thoughts on the finger print?

Objections (good and bad)

1. "germs" - invalid, unless you're installing powered self-opening/closing doors

2. Privacy.  Fingerprints are a very serious means of identification traditionally for tracking of criminals.  I was offended when my own bank asked for my fingerprint on a check I was cashing.

3. Privacy.  You can run some background checks on potential employees.  Here in California, some of them require signed consent from the subject of the investigation.  You'll need advice of counsel and some documentation stating your need and current and future uses of the print, plus the methods you're using to safeguard that information.

4. "Something you have"...it's easy to lose a card or keyfob...and easy for anyone else to lift it and use it until it gets cancelled.  I'm pretty sure I'd notice if someone stole my finger.  Also, cameras would record someone leaning over the scanner trying to breathe on it to steam it up, or spray some chemicals, or use transfer tape, etc.

5. Enrollment.  With multi-finger enrollment, you need to document the enrollment process.  What's to stop an admin from enrolling 9 fingers from the subject, then sticking his own finger in for the left pinky?  Would take you quite a while to figure that one out, wouldn't it?  You'd need camera surveillance correlated to the fingerswipe...and a reason to be looking in the first place.  Some people use this as a backup password to their laptops.  A co-worker, supervisor, admin, or spouse enrolls a finger..."just in case you're hit by a bus."

Author

Commented:
Does anyone have a thought about actual vendors or brands regarding the finger print access and / or the smart card?

Thanks
The brands of the hardware are probably not as important as the relationship with the system integrator.  Do you have one, or are you doing this all in-house?

Integrating local access control with alarm, building access, logging software, plus the wiring and door hardware...gets to be a multi-contractor job pretty quickly.

Author

Commented:
So far, the plans are to do it all in house. But w/ out understanding the total complexity of the job, I'm not sure. That's why I'm posting here for info.
Top Expert 2010
Commented:
aleghart is correct in that this can become a very big job very quickly.   Calling in a 3rd party data center designer might not be out of the question, especially if you've never done this before.    It requires alot more than what we could possible provide in a forum like this.... IMHO
One room, one door, no cameras, no automatic logging...you could DIY with a single  replacement.  $500-1000 for keypad+HID card reader.  Replaces existing door lock set.  Example.

But, this is not institutional grade.  A 10-year-old with a flexible steel ruler could pop this open in a second.  Unless you put a metal guard on the door for another $20-50...but it's ugly...and it won't stop a good kick from opening the door.

Institutional/commercial grade lock sets are mortise-type.  There is a steel box enclosing the lockset inside the door, so you don't see it.  The handles are attached with sheer bolts to stop you from jumping on the door handle or hitting it with a hammer to open it.  The door is drilled at the factory for wiring to power up the latch.  Then you need a power supply (with battery backup) and a door controller.  Then install the access control device (or reader connected to master controller).  There is a special hinge that carries power from behind the door frame into the wooden door.

The door, hardware, and wiring alone will run over $1,000 and require low-voltage contractor, carpenter, and a door supplier authorized for modifying doors with fire ratings (if the door is rated).

Then, you have to look at the camera system...to catch that kid with the ruler.

lockset1.jpg

Author

Commented:
Very helpfull. Thanks!
Top Expert 2010

Commented:
Excellent.  Any other questions then?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial