I wanted to know if anybody had any recommendations as to how to keep the server room secure from employees. There is a lock on the door, however, anybody with a building master (maintenance, owners, custodians, etc) can open it. It would be nice if it required the key and also had a proximity card lock so that we could log entry and restrict it further. Has anyone done this before? What are some other ways to make sure it is secure?
Are those nice biometric and what have you devices of yours attached to UPS power? Is the entire chain, from reader, electric lock, any switches / distribution layer, to the authentication server and its database on emergency power?
I'm just asking because a few years ago we had the largest regional power loss in 25 years around here. I know of one major installation where they to their horror discovered that they couldn't enter their server room while the electricity was out. Their emergency procedures required them to power down non-essential servers, because their UPS power couldn't run the air conditioning at full output, so the server park heat output exceeded the A/C cooling when on emergency power. So they stood outside their server room, and wondered how hot it was getting in there...
I would suggest to keep it simple, with a good certified steel door, a steel door-frame that is well fastened to solid walls, and 2 good mechanical locks on the door (say 1 Medeco and 1 Kaba).
You can of course replace one of the mechanical locks with a swipe card, to gain a entry log during normal operation. Just be sure that the electric lock automatically disengages if power is out. Strictly speaking, this makes you more vulnerable against a James Bond style burglary, where the attackers cut power to the building before going in. This is a small risk, but one I'd much rather take than risk being locked out of my server room during an emergency.Tweet