AFAIK, there's no way to securely compartmentalize someone else's rack, which is why I've been going down this road.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Jason Canady" <ja...@unlimitednet.us> To: nanog@nanog.org Sent: Saturday, February 13, 2016 10:30:21 AM Subject: Re: Shared cabinet "security" Mike, Are you leasing a full cabinet and sub-leasing out portions of it? Not sure how you can define what other customers do, unless they're your customers. Split cabinets are ideal, as you the sections are compartmentalized. -- Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure www.unlimitednet.us ja...@unlimitednet.us twitter: @unlimitednet On 2/13/16 11:25 AM, Mike Hammett wrote: > Right, but that doesn't limit one's ability (intentional or not) to pull out > the wrong power cord or smack someone's loosely ran cables, etc. We're > sorting out some standards now and I think it'll largely involve color > coding, wire looms, horizontal cable management and a "cabinet practices" > document defining standards for use in the cabinet. This is meant to protect > customers from themselves and each other. > > IE: Someone is removing a power cable and the pull the wrong one out of the > PDU. Maybe they pull the right one out of the PDU, but it's wrapped around > someone else's power cable and theirs gets pulled out along the way. Stuff > like that. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > ----- Original Message ----- > > From: "Greg Sowell" <g...@gregsowell.com> > To: "Mike Hammett" <na...@ics-il.net> > Cc: "NANOG list" <nanog@nanog.org> > Sent: Saturday, February 13, 2016 10:16:17 AM > Subject: Re: Shared cabinet "security" > > > Mike, > I've seen people use shelves to segregate cabinets. I've seen some that screw > from both sides and eat very little space. > Greg > On Feb 13, 2016 8:07 AM, "Mike Hammett" < na...@ics-il.net > wrote: > > > Getting a cabinet in someone else's datacenter (Equinix, Coresite, Telx, > etc.) and having sub-tenants. Most networks aren't going to need more than a > handful of U in a datacenter, but the more significant the datacenter, the > less likely they are to provide partial cabinets... which makes no sense. > Sure, some networks need large chassis routers chewing up 10U - 20U, but > there are far more networks that need routers that take up 1U, 2U, something > like that. For many networks, the sheer cost of the space in the datacenter > doubles their overall cost per megabit. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > ----- Original Message ----- > > From: "Bevan Slattery" < be...@slattery.net.au > > To: "Mike Hammett" < na...@ics-il.net > > Cc: "North American Network Operators' Group" < nanog@nanog.org > > Sent: Saturday, February 13, 2016 2:36:34 AM > Subject: Re: Shared cabinet "security" > > > Sorry. I'm not sure I get from which angle you are coming at this from. Happy > to clarify for you and anyone interested if you can help me out here. > > > Cheers > > [b] > > On 13 Feb 2016, at 12:58 PM, Mike Hammett < na...@ics-il.net > wrote: > > > > > > There are more options when you're not just using someone else's datacenter. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > ----- Original Message ----- > > From: "Bevan Slattery" < be...@slattery.net.au > > To: "Mike Hammett" < na...@ics-il.net > > Cc: "North American Network Operators' Group" < nanog@nanog.org > > Sent: Friday, February 12, 2016 4:44:34 PM > Subject: Re: Shared cabinet "security" > > In a past life we worked with our supplier to create physically separate > sub-enclosures.1/2 and 1/3. Able to build in a separate and secure cable path > for interconnects to the meet-me-room and connection to power supplies. > > Can be done and I think there are now rack suppliers that do this as > standard. Been out of DC space for a few years now. > > [b] > >> On 13 Feb 2016, at 6:58 AM, Mike Hammett < na...@ics-il.net > wrote: >> >> >> That moment when you hit send and remember a couple things… >> >> Of course labeling of the cables. >> >> Maybe colored wire loom for fiber and DACs in the vertical spaces to go >> along with the previously mentioned color scheme? >> >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> Midwest-IX >> http://www.midwest-ix.com >> >> ----- Original Message ----- >> >> From: "Mike Hammett" < na...@ics-il.net > >> To: "North American Network Operators' Group" < nanog@nanog.org > >> Sent: Friday, February 12, 2016 2:53:17 PM >> Subject: Re: Shared cabinet "security" >> >> >> I am finding a bunch of covers for the front. I do wish they stuck out more >> than an inch (like two). >> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx >> >> >> It looks like these guys stick out 1.5”. That may be workable… >> http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanager/files/1717-SSCV.pdf >> >> >> I guess those covers are really only useful for servers. That really >> wouldn’t work with a switch\router. Switches and routers are going to be the >> bulk of what we’re dealing with. >> >> I am finding locking power cables, but that seems to be specific to the PDU >> you’re using as it requires the other half of the lock on the PDU. >> >> I did come across colored power cords. I wonder with some enforced cable >> management, colored power cables, etc. we would have “good enough”? You get >> some 1U or 2U cable organizers, require cables to be secured to the >> management, vertical cables in shared spaces are bound together by customer, >> color of Velcro matches color of the power cord? Blue customer, green >> customer, red customer, etc. Could do the cat6 patch cables that way too, >> but that gets lost when moving to glass or DACs. >> >> I thought about a web cam that would record anyone coming into the cabinet, >> but Equinix doesn’t really allow pictures in their facilities, so that’s not >> going to fly. Door contacts should be helpful for an audit log of at least >> when the doors were opened or closed. >> >> Financial penalty from the violator to the victim if there’s an uh oh? >> >> I’m not trying to save someone from themselves. I’m not trying to lock the >> whole thing down. Just trying to prevent mistakes in a shared space. >> >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> Midwest-IX >> http://www.midwest-ix.com >> >> ----- Original Message ----- >> >> From: "Mike Hammett" < na...@ics-il.net > >> To: "North American Network Operators' Group" < nanog@nanog.org > >> Sent: Wednesday, February 10, 2016 8:59:08 AM >> Subject: Shared cabinet "security" >> >> I say "security" because I know that in a shared space, nothing is >> completely secure. I also know that with enough intent, someone will >> accomplish whatever they set out to do regarding breaking something of >> someone else's. My concern is mainly towards mitigation of accidents. This >> could even apply to a certain degree to things within your own space and >> your own careless techs >> >> If you have multiple entities in a shared space, how can you mitigate the >> chances of someone doing something (assuming accidentally) to disrupt your >> operations? I'm thinking accidentally unplug the wrong power cord, patch >> cord, etc. Accidentally power off or reboot the wrong device. >> >> Obviously labels are an easy way to point out to someone that's looking at >> the right place at the right time. Some devices have a cage around the power >> cord, but some do not. >> >> Any sort of mesh panels you could put on the front\rear of your gear that >> you would mount with the same rack screw that holds your gear in? >> >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> Midwest-IX >> http://www.midwest-ix.com >> >> > > > > > >
