Consider These Essential Capabilities When Evaluating a Rack-Level Electronic Lock Solution
September 23, 2021
Electronic lock and access control systems automate monitoring, documenting, and control of access and allow fast reprogramming if access rights change or a credential is lost or stolen.
When evaluating access control systems, then, it's critical to consider these essential capabilities as you select a rack-level electronic lock solution that will meet your security requirements.
Electronic Locks
Electronic locks secure the doors on cabinets, sense access attempts and indicate a door latch (lock) opened or closed condition. They are typically a swinghandle with an integrated solenoid that operates the latch to opened or closed condition, a proximity sensor that indicates condition of the latch opened or closed, and an access card reader that senses and reads values from presented keys. The lock also carries a mechanical key override to handle door openings during a power outage.
Access card readers need to be compatible with the card types provided to individuals within an organization. Types of access cards can vary from 125 kHz proximity cards to simple 13.5 MHz smart cards, to next-generation smart cards with one-time passwords. With access card technologies changing very rapidly, it is ideal if the swinghandle and the reader are separate integrated modules. Some models may also include an integrated keypad or biometric reader.
Single-Factor or Multifactor Authentication
Depending on the level of security required, multiple levels of authentication may be preferred. Some electronic locks may include an additional keypad for a unique PIN entry. More advanced solutions may include a biometric reader. If using biometric authentication, privacy laws need to be considered. It is best if it is used alongside an RFID card where the biometric imprint is stored on an individual’s badge rather than a centralized database.
Door Sensors
An electronic locking solution for the cabinets needs to monitor not just the cabinet lock status but also status of the door itself. It is critical that an effective locking solution be able to collect input from multiple doors on the cabinet. In the event a door is opened, a warning notification should be provided immediately, followed by additional warnings if the door is left open for an extended duration.
Wiring and Network Connections
There are three types of network connections. The first is through rack intelligent power distribution units (PDUs), the second via a separate networked controller module and the third in which the locks are connected to a building’s security access panel. In the first two scenarios, the locks are managed by IT through a data center infrastructure management (DCIM) software solution while the latter is managed through the building security system, which is also used to manage access within the entire campus.
Networking Through PDUs
Advanced rack PDUs can now integrate with environmental monitoring sensors and access control. This means power management, environmental monitoring and access control can be handled at once, via a straightforward, easy-to-use web interface, all networked under one IP address.
With an integrated PDU system, there is no need for a dedicated controller for the electronic locks. The locks also get powered up through auxiliary ports on the PDU. Operators can monitor, manage and authorize each cabinet access attempt wherever the cabinet is situated through remote management to the PDU, which is already part of the data center cabinet ecosystem. This significantly reduces the initial cost of deployment of cabinet-level locks as well as ongoing operating costs. Using this integrated, intuitive interface, data center operators are easily able to provide log reports for critical audit trails for regulatory compliance. It also reduces the need for wiring the electronic access systems to security panels, eliminating another unnecessary expense.
Card IDs can be stored within the PDU web interface. The PDU firmware should support either a standalone list of authorized users or integrate with third-party databases that control user access and rights management. For centralized authentication, either enterprise authentication services (i.e., those supporting networking protocols RADIUS, LDAP, Active Directory) or a DCIM solution can be used.
Networking Through a Separate Controller Module
Electronic locks can also be managed through a dedicated controller module located in every cabinet. While this does increase the initial hardware cost, ongoing operational costs can still be significantly reduced by networking several locks through advanced IP consolidation technology. The PDUs that support IP consolidation allow multiple PDUs to connect through a single physical network connection, IP address and interface, thereby reducing network overhead to monitor at the rack level. For example, some IP consolidation solutions allow up to 32 controllers to be networked under only one IP address with an alternate second connection for failover capability. This means MTDCs and colocation providers do not have to pass on unnecessary networking costs to their tenants.
Like the PDU-integrated system, authentication and management could be provided through interfaces that IT organizations already use. For the widest range of compatibility and security for the network, ensure that the PDU or the dedicated controller supports the IPv4 and IPv6 protocols for TCP/IP addressing with static or dynamic address assignments. Simple network management protocol (SNMP) v1, v2c and v3 protocols should be used for third-party DCIM software integration. The web interface should support HTTP or HTTPS sessions with definable ports. Network connections should support encryption and certificates. The email server connection should be outbound only with transport layer security (TLS) and definable ports. For ease of maintenance, the controller module should support bulk configuration and firmware upgrades. The firmware should log every system change.
Networking Through Security Access Panels
With this approach, cabinet-level electronic locks get connected to a Wiegand technology-based security access panel that in turn communicates with a building access control solution. The security panels provide power to the locks. The advantage of this approach is that it leverages the same access control system that is used for campus security. On the flip side, it requires wiring from each electronic lock and door sensor to a centralized panel. This typically involves an electrician to wire the handles, including installation of conduit or a pathway structure to secure or isolate the electronic lock wiring from network and power cables. Given the high number of cabinets on a data center floor, this solution requires installation of additional access control panels for connecting the handles on the cabinets. It is powered and controlled from that system and that system’s software.
If you want to know more about what to consider, and explore rack-level solutions that can help you enhance data and equipment security, read our Solutions Brochure.
Posted by Brittany Mangan, Digital Content Specialist at 9/23/2021 11:36:19 AM