Server Security: Keeping the "Box" Safe

by ServerWatch Staff

By Karl Magsig This tutorial will focus on physical hardware security. A companion tutorial will focus on strategies for keeping data safe.

By Karl Magsig

This tutorial will focus on physical hardware security. A companion tutorial will focus on strategies for keeping data safe.

By Karl Magsig

  • All servers are located inside individually locked cages.
  • All servers are on APC Silicon power back-up systems, which is state of the art in uninterruptible power supplies.
  • The entire co-location site is protected by a 125Kva diesel back-up generator. This generator will run for between one and two weeks straight without requiring refueling.
  • 10/100 network connections are available for all co-location servers. Enterprises can choose between 10 Mbit and 100 Mbit network connections to their cages. This enables them to connect directly with gigabit switches connected to three separate Internet connections on OC-3 and OC-12 lines through Savis, Level-3, and Goodnet Internet Service Providers. It also provides each cage with a Level-2 Internet connection, which is basically one step away from the main Internet backbone.
  • All servers are automatically checked every five minutes, 24 hours a day, seven days a week, to minimize possible down time. If a server goes down, a minimum of three WebNexus technicians are notified immediately via pager to ensure proactive technical support.
  • Lockdown cages are accessible by appointment only, and access is granted only to people included on an authorized list that the client provides to WebNexus.
  • Web Nexus offers the option of on-call support for all co-location equipment. For a small monthly fee, the vendor provides technical support staff to take care of co-location equipment and to perform operations such as rebooting a server or changing a back-up tape.
  • SonicWall Firewalls for all lockdown cages and VPN access to client office networks is available. Each lockdown cage can be connected through a SonicWall Firewall device that provides data security, including anti-virus protection, NAT, and DHCP services. It also includes VPN access to corporate networks. These firewalls support industry standard IPSec protocols.
By Karl Magsig

For an enterprise, the costs of providing its own redundant Internet connections can run into thousands of dollars on a monthly basis. Since that's the prime business of a co-location service provider, the vendor will most likely have the fastest Internet connection available, or close to it.

Also, maintaining staff around the clock to monitor server status can be quite expensive for an enterprise, and thus makes using a co-location provider seem more affordable.

Further, if an office loses power for some reason, the enterprise will have peace of mind knowing its servers are still safely running at the co-location site. While back-up power sources in case of power loss is always an option, it may be more cost-effective to simply use a co-location service that already has power back-up systems in place.

By Karl Magsig

In some cases, the client leases only the computer equipment housed at the co-location provider (as is the business plan for HavenCo). Again, this is a matter of personal preference; many enterprises have a certain comfort level knowing they actually own the hardware in use. However, non-ownership of hardware can also have its advantages, such as lower maintenance costs and scheduled upgrades.

While most service plans offered by co-location providers include technical personnel who will respond quickly in case of trouble, it's not quite the same as being there, or having a trusted individual there to handle the crisis. In some cases where the co-location provider is not in the same area or region as the customer's home office, there can be different, often unexpected, natural or environmental disasters. For example, someone running an office in Kansas and evaluating possible security hazards may not consider the possibility of an earthquake near an office in California.

By Karl Magsig

The enterprise controls the environment its servers are in, from temperature and humidity to system accessibility. It controls what kind of lock is on the room (if any,) and who has access to it. The sys admins knows who is in the office on a daily basis and has more control over who and what is allowed near the servers. If a server does go down, the enterprise has own staff of experts on hand to handle it.

This article was originally published on Monday Jan 29th 2001
Mobile Site | Full Site