CAcert System Admins discussion list

[Ian G <iang AT iang.org>]

Hi Bas,


On 31/07/2009 21:14, Bas van den Dikkenberg wrote:

> I see it correct you want to split critical systems and non critical
> systems, correct


Yup!

> What I sugest we can do we can split the rack in to parts, with 2 locks.
> That way they are psycaly split.
> You request a second uplink from the isp.
>
> This way can also get another point you can put the power counter in the non
> secure rack, that way you don't the provider has never to in the secure part
> of the rack. And you can install a monitor device wich can register the
> opening of secure part of the rack.
>
> The good thing of this part its low in cost, and you don't have to have two
> full racks with diverent locations


This is a good suggestion .. but the physical security was not really 
the issue here.

The main issue is the complications it brings into the Access Engineer 
team and the critical systems administration team.

If anything, splitting the rack into two physical parts might make it a 
little bit more secure, but it also means more complications because now 
the AEs need two sets of keys or we need two sets of AEs.  And they 
still have to go in every time the infrastructure guys need a reset, 
because BIT can't do it for us.  A lot of load that could be shed.

This is all personal effort we can get rid of by moving the entire 
infrastructure stuff out.  That's the plan!

BTW, personally, when I was auditor, I was unhappy about the signing 
server being as easily accessed when the rack door was open.  I would 
have preferred to see a separate, small locked mini-cage within, with 
just the signing server.  Then, the AE wouldn't have to have a heart 
attack every time the sysadm reaches in to poke a cable.  From that pov, 
I like your suggestion a lot!

(But that's over to you guys now.)


> Bas van den Dikkenberg
> (I am currently in the hospital because of that I can respond slowly)



No problems .. get better!