Shared cabinet "security"

Mike Hammett nanog at ics-il.net
Sun Feb 14 13:48:57 UTC 2016


*nods* I've seen half and third cabinet designs employed in a couple datacenters. I've seen product sheets for quarter and sixth rack (with the sixth introduced in this thread). 

To me, those seem like ideal cabinets to put in MMRs, which traditionally have full cabinets. By count of networks, there are far more networks that employ routers smaller than say 4U than there are ones that use larger than say 12U. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Chris Woodfield" <rekoil at semihuman.com> 
To: "Mike Hammett" <nanog at ics-il.net> 
Cc: "Bevan Slattery" <bevan at slattery.net.au>, "North American Network Operators' Group" <nanog at nanog.org> 
Sent: Saturday, February 13, 2016 6:33:04 PM 
Subject: Re: Shared cabinet "security" 

I've seen colos sell half-racks where both the top and bottoms of the racks have their own cabinet doors. It's not a common thing though. 

-C 

> On Feb 12, 2016, at 18:58, Mike Hammett <nanog at ics-il.net> wrote: 
> 
> There are more options when you're not just using someone else's datacenter. 
> 
> 
> 
> 
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 
> 
> ----- Original Message ----- 
> 
> From: "Bevan Slattery" <bevan at slattery.net.au> 
> To: "Mike Hammett" <nanog at ics-il.net> 
> Cc: "North American Network Operators' Group" <nanog at nanog.org> 
> Sent: Friday, February 12, 2016 4:44:34 PM 
> Subject: Re: Shared cabinet "security" 
> 
> In a past life we worked with our supplier to create physically separate sub-enclosures.1/2 and 1/3. Able to build in a separate and secure cable path for interconnects to the meet-me-room and connection to power supplies. 
> 
> Can be done and I think there are now rack suppliers that do this as standard. Been out of DC space for a few years now. 
> 
> [b] 
> 
>> On 13 Feb 2016, at 6:58 AM, Mike Hammett <nanog at ics-il.net> wrote: 
>> 
>> 
>> That moment when you hit send and remember a couple things… 
>> 
>> Of course labeling of the cables. 
>> 
>> Maybe colored wire loom for fiber and DACs in the vertical spaces to go along with the previously mentioned color scheme? 
>> 
>> 
>> 
>> 
>> ----- 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> Midwest-IX 
>> http://www.midwest-ix.com 
>> 
>> ----- Original Message ----- 
>> 
>> From: "Mike Hammett" <nanog at ics-il.net> 
>> To: "North American Network Operators' Group" <nanog at nanog.org> 
>> Sent: Friday, February 12, 2016 2:53:17 PM 
>> Subject: Re: Shared cabinet "security" 
>> 
>> 
>> I am finding a bunch of covers for the front. I do wish they stuck out more than an inch (like two). 
>> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx 
>> 
>> It looks like these guys stick out 1.5”. That may be workable… http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanager/files/1717-SSCV.pdf 
>> 
>> I guess those covers are really only useful for servers. That really wouldn’t work with a switch\router. Switches and routers are going to be the bulk of what we’re dealing with. 
>> 
>> I am finding locking power cables, but that seems to be specific to the PDU you’re using as it requires the other half of the lock on the PDU. 
>> 
>> I did come across colored power cords. I wonder with some enforced cable management, colored power cables, etc. we would have “good enough”? You get some 1U or 2U cable organizers, require cables to be secured to the management, vertical cables in shared spaces are bound together by customer, color of Velcro matches color of the power cord? Blue customer, green customer, red customer, etc. Could do the cat6 patch cables that way too, but that gets lost when moving to glass or DACs. 
>> 
>> I thought about a web cam that would record anyone coming into the cabinet, but Equinix doesn’t really allow pictures in their facilities, so that’s not going to fly. Door contacts should be helpful for an audit log of at least when the doors were opened or closed. 
>> 
>> Financial penalty from the violator to the victim if there’s an uh oh? 
>> 
>> I’m not trying to save someone from themselves. I’m not trying to lock the whole thing down. Just trying to prevent mistakes in a shared space. 
>> 
>> 
>> 
>> 
>> ----- 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> Midwest-IX 
>> http://www.midwest-ix.com 
>> 
>> ----- Original Message ----- 
>> 
>> From: "Mike Hammett" <nanog at ics-il.net> 
>> To: "North American Network Operators' Group" <nanog at nanog.org> 
>> Sent: Wednesday, February 10, 2016 8:59:08 AM 
>> Subject: Shared cabinet "security" 
>> 
>> I say "security" because I know that in a shared space, nothing is completely secure. I also know that with enough intent, someone will accomplish whatever they set out to do regarding breaking something of someone else's. My concern is mainly towards mitigation of accidents. This could even apply to a certain degree to things within your own space and your own careless techs 
>> 
>> If you have multiple entities in a shared space, how can you mitigate the chances of someone doing something (assuming accidentally) to disrupt your operations? I'm thinking accidentally unplug the wrong power cord, patch cord, etc. Accidentally power off or reboot the wrong device. 
>> 
>> Obviously labels are an easy way to point out to someone that's looking at the right place at the right time. Some devices have a cage around the power cord, but some do not. 
>> 
>> Any sort of mesh panels you could put on the front\rear of your gear that you would mount with the same rack screw that holds your gear in? 
>> 
>> 
>> 
>> 
>> ----- 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> Midwest-IX 
>> http://www.midwest-ix.com 
> 



More information about the NANOG mailing list