Remote physical security and reducing downtime in the data centre

Physical security has traditionally meant locked doors, access cards, biometric finger scans and video surveillance but increasingly physical security strategies are being supplemented with KVM solutions. In this article, Paul Smith, UK country manager for Avocent discusses how KVM solutions can provide secure remote physical access to the data centre and its role in enhancing logical security, auditing and reporting, and alert management layers.

INTRODUCTION
Today’s data centre environment is normally subject to extremely tight controls to enable managers and administrators to maintain control over who has access to equipment and data.

Generally speaking, the IT infrastructure is exposed to two main types of risk:
* Loss or alteration of data;
* Discontinuation of service.

The threats that constitute these risks typically come from one or more of the following sources:

The role of any security strategy should be to evaluate the above risks and reduce their potential impact on the company’s IT assets as much as possible. For example, threats of outside attacks should not be ignored, but the above figures indicate that human error may have a greater impact on IT performance.

To reduce these threats, IT administrators in the data centre environment should implement a physical security plan that makes servers accessible to only authorised personnel. This rigid approach limits the type of access available to individual users and provides administrators with a greater level of control.

SECURITY STRATEGY COMPONENTS
The increasing multiplicity of data centre locations and often the geographical dispersion of IT administrators increases the importance of a sound security strategy. To work effectively, the strategy should establish guidelines and responsibilities to protect the information assets of a company.

Physical security
Apart from physical theft and tampering, the physical security challenge can also include the protection of valuable servers and IT equipment from accidental damage and spillages. In some rack-based server environments a ‘crash cart’ is used to resolve server problems; a cart holding a keyboard, video display and mouse. When a server crashes, the technician identifies the faulting server, plugs in the crash cart and takes local control of the server.

These work environments are uncomfortable and insecure. They also result in higher support costs from reduced productivity; and increased risk of personal injury from rolling a cart through and around racks.

The components of physical security are as follows:
Public: areas that all employees can access
Controlled: areas that can and must be locked when unattended
Very controlled: areas where access is restricted to registered or authorised users

IT management is increasingly facing growth in very controlled environments, especially as data centres increase in size and are in different geographic “lights out” locations. Authorised personnel may be required to enter and exit using special issue access cards and biometric finger scans. Video surveillance cameras in the building may monitor all activities in strategic locations.

The question for many IT managers is how to supplement physical security strategy. The answer is to give secure, remote access and control of data centre servers and devices to authorised personnel no matter where they or the devices are located.

Logical security
A logical security strategy requires the IT manager to identify and authenticate users. User IDs need to be established to identify the person connecting to the system.

Logical security includes defining and protecting resources. What resources can users access when they have been authenticated?

Logical security also involves defining the administrative authority. Who has the authority to administer both user passwords and their levels of access?

An important issue in managing servers and devices is that some may have their own unique management interface, authentication and password lists. There is no centralised user access management between systems. It would be of benefit to the administrator if logical security for all devices could be managed from a single platform.

Auditing and reporting
All effective auditing and reporting systems include the ability to track user access to data centre devices. The administrator should be able to access log files indicating who has accessed what device, when, and, indeed, what IP address they used. Under these conditions, auditing and reporting constitute a powerful passive agent. As noted in the introduction, sixteen percent of data centre security threats are the result of disgruntled or dishonest employees and audit trails of activities act as a strong deterrent to those types of threats.

There are a number of suspicious activities that constitute security events and administrators will know to be wary of the following:

* System access denied
* Invalid password
* Password revoked
* Resource access denied

Another useful facility in administrator audit mode is stealth control which enables the administrator to watch activities and changes on a server or device in real-time, without the user being aware and take immediate action to disable the user, if required.

Presently, many systems will not allow the administrator to cross reference audit information between different devices, requiring them to manually collate the information into a usable report. In these circumstances, a common interface for logging all user access and a widespread audit trail would be of great benefit to the administrator.

Alert management
It is important for administrators to have the ability to react immediately when the computing environment is exposed to a potential threat. Administrators must have access to detect, alert and resolve problems in real time.

The alert system should support SNMP MIB-II for integration with an existing enterprise management tool such as Tivoli, OpenView or Unicenter. The SNMP traps should be based on user-defined levels.

User applications influence physical security
In the main, there are two types of user access requirements to the data centre. The first type is real-time access where end users are working full-time on computers and require complete bandwidth access. Some examples of these environments are:

Test labs where multiple users simultaneously access and monitor testing simulation on hundreds of servers. Access to such servers is critical because testing simulation typically requires a large amount of hardware, software and integration testing.

Demo labs where multiple users need to monitor live testing on hundreds of servers from various locations throughout the lab.

Designer environments including website designers, CAD houses and graphic production companies. The operators need high-resolution full motion video access to many locations in the building.

Apart from physically securing the servers, the real-time access scenario also has requirements for logical security, auditing and reporting, and alert management.

The second user access type is administrative-level access. IT administrators are faced with the daily challenge of managing many different and distributed systems across the enterprise. In many cases the administrator needs to have full administrative-level access to servers and devices no matter where they are located. Every administrative function conducted on a target device, including full-power recycling, watching screens as a machine boots-up and access to BIOS settings, needs to be conducted as if the target device is in the same room. This level of access is required both on locally and remotely.

It is important that the administrator controls all administrative-level access to servers and devices. The management platform should secure all device access by leveraging the directory system already in place, allowing the administrator to use a single user name and password repository.

Device-level rights must be assigned based on a user’s name so that administrators have access to more devices than, for example, an entry-level technician. Auditing and reporting of all activity is also important to keep track of “who does what” within the network infrastructure.

The challenge is more complex when administrative-level access to secure servers and devices is required from multiple remote locations. Not only should the links be encrypted and secure, the actual access needs to be controlled through common authentication and tracking procedures.

THE ROLE OF KVM IN ENHANCING PHYSICAL SECURITY
There are some very clear requirements for effective management of physical data centre security. The administrator needs the ability to locate servers and devices in a physically secure area. Ideally, the administrator should have full access to all of these servers and devices and conduct any configuration or administrative function without having to visit the server room. At the same time, control would be maintained over logical security, auditing and reporting, and alert management.

What is KVM?
KVM negates the need for countless keyboards, monitors and mice within the corporate data centre – providing single console BIOS-level control and access over servers and other connected network devices from local and remote locations.

This is facilitated by connecting directly to the keyboard, video and mouse (KVM) ports of target devices, enabling operators and users to access multiple computers as if they were sitting directly in front of each machine. Although many server management functions can be performed remotely through network management systems tools such as Tivoli, OpenView or Unicenter, some more basic levels of server configurations can be accomplished only through KVM access.

An example of this is the boot process in which the BIOS and the operating system configuration and set-up take place. This process occurs before the networking layer is operational on the given server, so network-based tools cannot be used.

In recent years the scope of KVM technology has expanded beyond the local control of multiple racks of servers over a proprietary network. KVM control of target devices from any location is now available over standard protocols such as an IP network. KVM technology has expanded to allow access and control of serial devices such as headless servers, routers, power strips and environmental systems. Additionally, administrators can now maintain and troubleshoot all their servers and serial devices from anywhere using one screen and management software.

The simplification of management through a single-seat scenario allows for better management of firewalls, host and network-based intrusion monitors and access control – vital parts of the security landscape for any data centre manager.

A single-seat KVM over IP solution provides secure access to servers and network devices from a single software interface, allowing the same common software to be used to access and control other layers of security such as firewalls and network-based intrusion monitors.

A KVM solution enables a proactive – as opposed to reactive – security approach to data centre management. This is the logical step forward for most network administrators. It helps afford significant long-term cost savings in comparison to some of the more reactive solutions such as pure intrusion detection – where potential hackers may already have access to the network.

About Avocent
Avocent is a leading supplier of connectivity solutions for enterprise data centres, service providers and financial institutions world-wide. Branded products include switching, extension, intelligent platform management interface (IPMI), remote access and video display solutions.

Additional information is available at: www.avocent.co.uk

•Date: 3rd August 2004 •Region: World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here