Physical and Logical Security

Two types of security must be addressed in the data center design. It is important to limit access of unauthorized people into the data center proper, and to prevent unauthorized access to the network.

Physical Access Restrictions

Access to the data center should be strictly regulated , limited to personnel necessary to keeping the equipment in operation. It should not be necessary for anyone else to enter the data center. Those allowed access should have a clear understanding of the sensitivities of the hardware to avoid accidental contact with buttons , cable connections, terminals, or emergency response controls.

All points of access should be controlled by checkpoints, and coded card readers or cipher locks. Figure 3-3 shows these two restricted access features for entry into secure areas.

For added security, cameras can be installed at entry points to be monitored by security personnel.

Logical Access Restrictions

The ability to access the physical console of a system over a network has many advantages, including:

• The ability to administer machines in a different region, even a different country

• The ability to work remotely, from house, hotel, or even a conference

However, this also means that anyone on the network could gain unauthorized access to the physical console. Ways to reduce this risk include:

• Creating several levels of authentication

• Placing limits on who can log in to the console servers

• Putting consoles on an administrative network that can be accessed only from the Command Center, and only over authentication through a VPN

Network security is an important issue, but it's not within the bounds of this book to recommend network security practices. There are, however, many articles on the subject at http://www.sun.com/blueprints/online.html. At this website you'll also find information on "The Solaris Security Toolkit" by Alex Noodergraaf and Glenn Brunette.