Re: Physical Security During Construction?

[Bill Terry <wterry () BARD EDU>]

All -
While I generally agree with Hugh's list, below, one may find that
escorting workers in and out may be unmanagable.
That being the case you may consider - vendors and sub-contractors need
to be on-board with the list below - perhaps signing an agreement as
part of the contract.  Depending on the size of the job, foremen and /
or all workers could have a temp ID for data center door(s).  You may
consider getting the workers to wear picture company IDs and wear shirts
that identify the company.

Accidents will happen, not just with vendors.  I have seen skilled
electricians and HVAC teams, working for our institution and extremely
familiar with our equipment and procedures, bring down entire large data
centers.  While such events are not encouraged, they certainly can be a
chance to test and review emergency operations and disaster recovery.
Planning, communication (both ways), understanding, and humor are key.
Also pays to identify contact personnel for the project including
computer center, Facilities/B&G/ and the vendor as well as campus security.

I've led or participated in three or four of these and am starting
another.  With adequate planning, communication (both ways),
understanding, and humor, most happen without a hitch.

Bill Terry
Bard College

Hugh Burley wrote:
> Availability has been the most significant risk I have seen with
> construction workers over the years.  Accidental power and cooling
> disruptions being the two I have personally experienced.
>
> I think the most important things to ensure are that you are aware of
> who is on-site, when they are entering and leaving the data centre,
> what they are doing, and that all workers entering the data centre are
> aware that they are working in a fragile environment. IT staff should
> escort workers in and out of the data centre, especially first thing
> in the morning and at the end of the day.
>
> Things construction workers need to be told:
> Anyone entering the data centre must be bondable
> Anyone touching any console will be barred from future access to the
> data centre
> Only IT staff may move network, and server hardware or peripherals
> Use utility power not data centre power for tools (ensure these are
> clearly marked)
> Ensure dust and metal particles are kept separate from servers
> (plastic barriers should be in place)
> Ensure the data centre is professionally cleaned (daily if possible
> during construction)
> Ensure that servers, data cables, and power cables are
> not accidentally bumped
> Ensure that no changes to power are done without a full explanation to
> and approval from IT
> Ensure that room temperature is maintained or systems are shut down
> prior to A/C disruptions
> Ensure IT staff are available for system startup and shutdown
>
> Hugh Burley
> Thompson Rivers University
> ITS - Senior Technology Coordinator
> Information Security
> BCCOL - 222D
> 250-852-6351
>
> >>> "Michael J. Wheeler" <mwheeler () PITTSTATE EDU> 22/08/2009 9:29 am >>>
> We will be undertaking a construction project in our datacenter. The
> doors
> to the data center are currently protected by PROX-locks.  Walls will be
> built, new A/C system installed, as well as new electrical wiring.
> Obviously, this will be a project that runs over a relatively long period
> of time -- especially with the requirement that we maintain operations
> during the construction.
>
> Has anyone gone through a similar project while keeping the data
> center up
> and running? How do you handle the physical security while construction
> workers are coming in and out?
>
> We had planned on issuing them PROX-cards that were only good during
> business hours and making them swipe every time they came in. But, what
> about while they are in there working? We do not have cameras in the data
> center, and I can't imagine having an FTE dedicated to sitting in
> there and
> 'babysitting' them for the duration of the project.
>
> Do you just intrinsically trust your contractors, their sub-contractors,
> and sometimes their sub-contractors? General security practices say "heck
> no!", but I was wondering what others have done in this scenario.
>
> --
> Michael J. Wheeler
> Assistant Director, Systems and Networking
> Pittsburg State University
> Phone:  620-235-4610
> E-mail: mwheeler () pittstate edu