What kind of experience do people have with rack access control systems
(electronic locks)? Anything I should pay attention to with the
Overpriced, overkill for most real-world uses?
High-Tech technology for technology's sake?
Avoid them if you can. Within six months or so, at least once, there will
probably be some glitch delaying or denying required prompt access.
[snip]
Background
We have half a dozen racks, mostly ours. Mostly I want something to log
who opened what door when. Cooling overhaul is next on the list but one
It probably makes sense if there are more than a handful of people with
unobserved physical access, and high frequency of access, or there's a
trust issue, high-risk consideration. Or you have to satisfy a
"Checkbox Auditor".
You're not going to be able to look at a log and see Joe opened it at 2:45AM
12 months ago, and ever since then, the servers are not quite right.
Consider manual procedures
Example: Electronic access control to the actual rooms.
A Robo-Key system (RKS), Keyvault, or Realtor lockboxes on
each server rack ![:slight_smile: :slight_smile:](https://community.nanog.org/images/emoji/apple/slight_smile.png?v=12)
Physical locks on cabinets. Key vault that supports multiple combinations.
Then you don't need exotic hardware, just a good lock, and sound key control
procedures.
I am imaging if you need to automate control of individual keys;
that there will be more competing solutions for this than specialty rack locks.
Logging procedures for key access...
Send an e-mail when someone opens the vault.
Simple magnetic reed switches on all cabinet doors.
Send an e-mail when a cabinet door is opened.
Quite a few standard alarm panels can do those types of things.
Assign someone to periodically check handwritten logs and check for
discrepancies. ![:slight_smile: :slight_smile:](https://community.nanog.org/images/emoji/apple/slight_smile.png?v=12)