cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Bas van den Dikkenberg <bas AT dikkenberg.net>
- To: Ian G <iang AT iang.org>
- Cc: "cacert-sysadm AT lists.cacert.org" <cacert-sysadm AT lists.cacert.org>
- Subject: RE: all non-critical services outage
- Date: Fri, 31 Jul 2009 22:09:33 +0200
- Accept-language: nl-NL, en-US
- Acceptlanguage: nl-NL, en-US
Ian,
Why can't give BIT access to non secure part of the rack,
And they can do reset for us ?
Bas
-----Oorspronkelijk bericht-----
Van: Ian G
[mailto:iang AT iang.org]
Verzonden: vrijdag 31 juli 2009 21:46
Aan: Bas van den Dikkenberg
CC:
cacert-sysadm AT lists.cacert.org
Onderwerp: Re: all non-critical services outage
Hi Bas,
On 31/07/2009 21:14, Bas van den Dikkenberg wrote:
> I see it correct you want to split critical systems and non critical
> systems, correct
Yup!
> What I sugest we can do we can split the rack in to parts, with 2 locks.
> That way they are psycaly split.
> You request a second uplink from the isp.
>
> This way can also get another point you can put the power counter in the non
> secure rack, that way you don't the provider has never to in the secure part
> of the rack. And you can install a monitor device wich can register the
> opening of secure part of the rack.
>
> The good thing of this part its low in cost, and you don't have to have two
> full racks with diverent locations
This is a good suggestion .. but the physical security was not really
the issue here.
The main issue is the complications it brings into the Access Engineer
team and the critical systems administration team.
If anything, splitting the rack into two physical parts might make it a
little bit more secure, but it also means more complications because now
the AEs need two sets of keys or we need two sets of AEs. And they
still have to go in every time the infrastructure guys need a reset,
because BIT can't do it for us. A lot of load that could be shed.
This is all personal effort we can get rid of by moving the entire
infrastructure stuff out. That's the plan!
BTW, personally, when I was auditor, I was unhappy about the signing
server being as easily accessed when the rack door was open. I would
have preferred to see a separate, small locked mini-cage within, with
just the signing server. Then, the AE wouldn't have to have a heart
attack every time the sysadm reaches in to poke a cable. From that pov,
I like your suggestion a lot!
(But that's over to you guys now.)
> Bas van den Dikkenberg
> (I am currently in the hospital because of that I can respond slowly)
No problems .. get better!
- all non-critical services outage, Daniel Black, 07/31/2009
- Re: all non-critical services outage, Ian G, 07/31/2009
- Re: all non-critical services outage, Maurice Kellenaers, 07/31/2009
- RE: all non-critical services outage, Bas van den Dikkenberg, 07/31/2009
- Re: all non-critical services outage, Ian G, 07/31/2009
- RE: all non-critical services outage, Bas van den Dikkenberg, 07/31/2009
- RE: all non-critical services outage, Bas van den Dikkenberg, 07/31/2009
- Re: all non-critical services outage, Ian G, 07/31/2009
- Re: all non-critical services outage, Mendel Mobach, 07/31/2009
- Re: all non-critical services outage, Ian G, 07/31/2009
- RE: all non-critical services outage, Bas van den Dikkenberg, 07/31/2009
- Re: all non-critical services outage, Henrik Heigl - cacert.org, 07/31/2009
- Re: all non-critical services outage, Maurice Kellenaers, 07/31/2009
- Re: all non-critical services outage, Ian G, 07/31/2009
Archive powered by MHonArc 2.6.16.