次の方法で共有


Securing Server Racks with RFID at the Microsoft Enterprise Engineering Center

In 2009 the EEC was completing the it major remodel and part of our new design was to secure each rack from unauthorized access.  I set out to create a solution on a limited budget.
 
Reason to secure racks:
The EEC works with Microsoft top customers to test and validate Microsoft products for the Enterprise.  The facility in Building 25 of main Campus (https://www.bing.com/maps/?v=2&where1=Microsoft%20Building%2025%2C%20WA&q=microsoft%20building%2025&form=LMLTSN&cp=47.64513799999999~-122.13020552380371&lvl=17&sty=r&encType=1) has 7 separate customer labs that allow for 8-16 people per lab.  We have 2 server PODs that have 15 and 18 Rittal 42U server racks.  We use the Rittal LCP+ in-row cooling which gives us a closed loop and allows both front and rear doors to be closed. 

Side note: Our business model required that we have a visually appealing design.  This required that we have transparent glass on front doors.  The LCP+ system also required that the doors be non-perforated so no ambient air was pulled into cooling system.
 
Our light touch system deployment automation (SNaPs aka Green Monster) along with having more than 1 customer onsite at a time poses several issues. 

For example:  

  1. How do you audit physical access to servers inside of a rack?
  2. How do you allow customers physical access to only servers that they have reserved? 
  3. How to you allow customers physical access to their servers without providing them access to the back? 
    1. Preventing access to the rear of the racks reduces the risk that cables will be moved.  By knowing which power, network and KVM ports systems are connected to allows for easier automation (see project SNaPs).

These along with many other items drove the decision to secure each rack. 

Requirements:

  1. Inexpensive solution - less than $4,000 for 33 racks with 66 (2 doors per rack) access points
  2. Integrate with existing RFIDs issued to Employees/Partners and customers 
  3. Integrate with 24volt Electromagnetic locks that were available on our Rittal racks https://www.rittal-corp.com/products/product_details.cfm?n1Id=5&n2Id=53&n3Id=182&pn=7320721 
  4. SQL based backend for ACLs and Auditing 
  5. Easy to use User Interface (UI) 
  6. Access KIOSK must run Windows 7 
  7. C# based UI (WinForms or WPF) 

An option that was considered was to integrate the 24v locks with the Microsoft facilities building access control system.  While this option would have been ideal it had a few issues.

  1. Cost:  At ~$1000 per door (we have 33 racks for a total of 66 doors) to integrate the cost would have been very high.  This is the cost that our team would pay to be have a connection into the building security system.
  2. Audit log access: Access to audit information is not readily available to teams that are not part of Microsoft physical security teams 
  3. API to control access permissions (badge to door mapping): This is not an offering by the access control team

Because the building access integration was not an option I had to come up with another solution.  I determined what components I needed and set out to create a Proof of Concept.
 
Components (After countless searches on Bing I had found all the parts I needed for a solution.):

  1. All-in-One touch screen PC that was inexpensive and supported Windows 7 (at the time was not released) 
    1. This was a tricky one.  Because Windows 7 had not been released finding a system that was small and had current driver support - https://www.tangent.com/t_thinclients/lcd_515_517.htm
  2. USB based RFID badge reader - RFIdeas pcProx Enroll reader https://www.rfideas.com/products/pcprox_readers/pcprox_enroll/index.php
    1. This was easy.  Anyone visiting Microsoft's Cafeterias has probably seen the badge readers used at the registers for employee meal accounts
  3. 24v DC Relay system that had programmatic ability to be controlled (preferably over Wired Ethernet) - SeaLevel O-440 https://www.sealevel.com/store/440e-ethernet-modbus-tcp-to-32-reed-relay-outputs.html
    1. Hardest item to find:  C# APIs, 24v DC @~100mAmps / relay and have enough ports to keep costs down (remember I have 66 doors to secure)
  4. 24v power supplies to power locks when engaged - SeLevel TR108 https://www.sealevel.com/store/accessories/power-supplies/tr108-100-250vac-to-24vdc-at-2-7a-desktop-power-supply-requires-power-cord.html
    1. The power system must support having 66 locks engaged at a time (Full Open mode).  @~100mAmps per lock it was a significant amount of current

Video that shows concept:

UI Showing limited User access based on RFID badge scanned. User has limited access to only front doors.  And NO access to P1-R1

UI Showing FULL access based on RFID badge scanned. Includes Lockdown button to disable all relays and open all to allow fast open of all racks.

End-To-End scenario

  1. User (Employee, Partner, Customer) uses RFID to enter POD.  RFID access to room is managed with building access control system. 
  2. User "taps" RFID to reader attached to Touch Screen directly inside pod door 
  3. Badge reader queries SQL DB (using badge SN) to get "Allowed Doors" list 
  4. Based on "Allowed Doors" list UI updates to provide user with unlock options for permitted doors 
  5. User selects 1 or more doors they wish to have engaged for access and submits request 
  6. System creates audit entries in SQL, updates current status of door lock (engaged/disengaged) in SQL, calls "relay control" to engage locks on selected doors 
  7. User then walks to selected doors 
  8. User presses door handle release button to actuate handle into unlocked position 
  9. 60 Seconds after locks were marked as engaged (aka unlocked) command sent to relay control to disengage lock to prevent further access

Rittal Lock notes:
The Rittal locks have 4 handle positions:

  1. Locked - cannot be opened and 24v lock is not energized 
  2. Energized - 24v lock has been powered and user can press "access button" on lock to move to position
  3. Unlocked - Door is unlocked but not opened.  Handle is in "released" position and can be moved to position 4 (Opened) or locked (position 1).  At this point the 24v lock can be energized or not
  4. Opened - Door handle is in "up" position and door will swing open on its own.  24v lock can be engaged or not.  Door handle can be locked without closing door (which prevents door from being closed without unlocking again).

Key Access: Each lock ships with a set of keys (that by default is the same for all locks).  Because our physical security requirements are not that high simply collecting the keys was enough for us.  In some scenarios a unique keyed core might be required.
 
Handle position sensor:  Each lock/handle assembly has a sensor to detect if the handle is in positions 3 or 4 (Unlocked or Opened).  My solution did not utilize this feature but some simple additions in hardware would allow it.  This sensor along with adding a contact sensor to the physical door could provide the pieces to create solution that would notify you if the door was left unlocked or opened.  We decided to use policies rather than technology for that.
 
Project source can be downloaded at https://code.msdn.microsoft.com/Inexpensively-improving-d6e0f6d1

[Video]