Physical and logical security for new datacenter

Data center design
Physical security
Am looking for best practice recommendations for implementing both physical and logical security for a new data center build. This request for help was originally submitted to the Research Assistant on

Answer Wiki

Thanks. We'll let you know when a new response is added.

This can turn into quite a long topic and I anticipate that my response will be further groomed by other members of the community. To get the discussion started, however, here are a few things to consider

First and foremost, physical location of the data center; it should be as discrete possible. That means no signs with “data center” on it, etc. You may also want to consider going with no windows or at a minimum, tinted or one way mirror windows.

There definitely needs to be controlled access to the building(s), floor(s) and computer room(s). There are the typical ID cards that can be swiped to enter and exit the facility for security logging purposes; as well as a sign in mechanism — preferably electronic which can also be linked into the change management system.

Of course, no matter how strong the door lock, don’t circumvent it with slip ups in construction, such as using lowered tiles for the ceiling, where someone can simply climb over the wall from an insecure area into the data center. Also, no external door hinges!

To further preserve security, entrance to the facility can be granted only on a two person basis, so that no one is alone in the data center. In fact, physical access to the data center should be permitted only when necessary, such as to perform hardware installation and maintenance. Server administrators may use remote access for day-to-day activities. There are several mechanisms by which to accomplish this, such as terminal services, other remote clients, remote access boards, IP-based KVM and so on.

There are yet other considerations such as fire suppression systems, redundant power and other utilities. Hopefully, these help to get the thought motors going on the subject.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • FacilityGuru
    A 'Best-Practice' method should be seeing who is using the best methods to accomplish the tasks. Physical & Logical Security should include location of the facility. LIke noted above, it should be non-descript. Check-out and tour other facilities, both sides of the spectrum, low and high. Your entry and exit points should have a 'Man-trap' and or double-access doors (hand-scan/card into one door, then hand-scan/card through the second door), Or locked loading dock door, a staging area, then hand-scan/card into secure area. Cameras should be at every entry point and critical area, to include; Generators, UPS's, switch-gear, POP room and NOC entry points. As far as physical security controlling systems go, I feel HIRSCH is the best, Lenel is a close second. You want flexibilty, growth potential and heirarchy-abilities. If you need some more detailed information, that happens to be my background, contact me off-line. Facility-Guru Austin, TX
    95 pointsBadges:
  • Kevin Beaver
    There's really a lot to think about when it comes to secure data center design. The sky's the limit on what you can put in place and spend. The key is to keep it realistic and focus on your highest -payoff areas such as access control and surveillance. I've written and presented on this subject at the following links: Locking Down Today's Data Centers Locking down the data center of tomorrow (webcast) Hope this helps and best of luck!
    27,515 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: