Rack Locks

Jimmy Hess mysidia at gmail.com
Sat Nov 21 01:55:14 UTC 2015

On Fri, Nov 20, 2015 at 2:37 PM, Kevin Burke
<kburke at burlingtontelecom.com> wrote:
> What kind of experience do people have with rack access control systems
> (electronic locks)?  Anything I should pay attention to with the

Overpriced, overkill for most real-world uses?
High-Tech technology for technology's sake?

Avoid them if you can. Within six months or so,  at least once,    there will
probably be some glitch delaying or denying required prompt access.

> Background
> We have half a dozen racks, mostly ours.  Mostly I want something to log
> who opened what door when.  Cooling overhaul is next on the list but one

It probably makes sense if there are more than a handful of people with
unobserved physical access, and high frequency of access,  or there's a
trust issue, high-risk consideration.    Or  you have to satisfy a
"Checkbox Auditor".

You're not going to be able to look at a log and see Joe opened it at 2:45AM
12 months ago,  and ever since then,  the servers are not quite right.

Consider manual procedures

Example:   Electronic access control to the actual rooms.
A Robo-Key system (RKS),  Keyvault, or Realtor lockboxes on
each server rack ^_^

Physical locks on cabinets.    Key vault that supports multiple combinations.
Then you don't need exotic hardware,  just a good lock, and sound key control

I am imaging if you need to automate control of individual keys;
that there will be more competing solutions for this than specialty rack locks.

Logging procedures for key access...
Send an e-mail when someone opens the vault.

Simple magnetic reed switches on all cabinet doors.
Send an e-mail when a cabinet door is opened.
Quite a few standard alarm panels can do those types of things.

Assign someone to periodically check  handwritten logs and check for
discrepancies. ^_^

> at a time.  Even with cameras those janky make nobody happy.

More information about the NANOG mailing list