“Sim-sim, open up!”: Access to the data center without paper magazines
We tell how we implemented a system of electronic registration of visits with biometric technologies in the data center: why was it needed, why did we again develop our own solution and what advantages did we get.
Login and Logout
Access of visitors to a commercial data center is an important point in the organization of the facility. The data center's security policy requires accurate tracking of visits and tracking dynamics.
A few years ago, we at Linxdatacenter decided to completely digitalize all the statistics of visits to our data center in St. Petersburg. We abandoned the traditional registration of access - namely, filling out a visit journal, maintaining a paper archive and presenting documents at each visit.
Over 4 months, our technical experts have developed a system of electronic registration of visits in combination with biometric access control technologies. The main objective was to create a modern tool that meets our safety requirements and at the same time is convenient for visitors.
The system provided full transparency of the picture of visits to the data center. Who, when and where got access to the data center, including server racks - all this information became available instantly upon request. Visiting statistics are downloaded from the system in a few clicks - reports for clients and auditors of certification organizations have become much easier to prepare.
At the first stage, a solution was developed that made it possible to enter all the necessary data on the tablet at the entrance to the data center.
Authorization took place by entering the personal data of the visitor. Next, the tablet exchanged data with the computer at the guard post through a dedicated secure communication channel. After which a pass was issued.
The system took into account two main types of requests: application for temporary access (single visit) and application for permanent access. The organizational procedures for these types of applications in the data center are significantly different:
- The application for temporary access indicates the name and company of the visitor, as well as the contact person who must accompany him throughout the visit to the data center.
- Permanent access allows the visitor to independently move inside the data center (for example, this is important for customer specialists who regularly come to work with equipment in the data center). This level of access requires a person to undergo an introductory briefing on labor protection and sign an agreement with Linxdatacenter on the transfer of personal and biometric data (fingerprint scan, photograph), and also implies the receipt of the entire necessary package of documents about the rules of work in the data center by e-mail.
When applying for permanent access, the need to fill out an application each time and confirm your identity with documents completely disappears, just put your finger to authorize at the entrance.
The platform on which we deployed the first version of the system is the Jotform constructor. The solution is used to create surveys, we independently modified it for the registration system.
However, over time, some bottlenecks and points for further development of the solution revealed during the operation.
The first difficulty is that Jotform was not “finished” for the tablet format, and the forms for filling after page reloading often “floated” in size, going beyond the screen, or vice versa, minimized. This created a lot of inconvenience during registration.
There was no mobile application, it was necessary to deploy the system interface on the tablet in the “kiosk” format.However, this restriction played into the hands - in the “kiosk” mode, the application cannot be minimized or closed on the tablet without the “Administrator” permission level, which allowed us to use a regular user tablet as a registration terminal for access to the data center.
In the process of testing, multiple bugs began to pop up. Numerous updates to the platform led to freezes and crashes of the solution. This happened especially often at times when updates covered those modules on which the functionality of our registration mechanism was deployed. For example, questionnaires filled in by visitors were not sent to the guard station, they were lost, etc.
The uninterrupted operation of the registration system is extremely important, since the service is used daily by both employees and customers. And during the periods of “freezing” the whole process had to be returned to 100% paper format, which was unacceptable archaism, led to errors and, on the whole, looked like a huge step back.
At some point, Jotform released a mobile version, but this upgrade did not solve all our problems. So, we had to “cross” one form with another among ourselves, for example, for the tasks of training and induction coaching on the basis of the test.
Even with the paid version, an additional extended Pro license was required for all of our clearance tasks. The final “price/quality” ratio turned out to be far from optimal - we got expensive excess functionality, which still required significant improvements on our part.
Version 2.0, or Do It Yourself
After analyzing the situation, we came to the conclusion that the easiest and most reliable way out is to create your own solution and transfer the functional part of the system to a virtual machine in your own cloud.
We ourselves wrote the software for forms on React, deployed all this using Kubernetes in a productive capacity and as a result we got our own, independent from third-party developers, access registration system in the data center.
In the new version, we finalized the form for convenient registration of permanent passes. When filling out a form for access to the data center, the client can go to another application, undergo express training on the rules of finding in the data center and testing, and then return back to the "perimeter" of the form on the tablet and complete the registration. Moreover, the visitor himself does not notice this movement between applications!
The project was implemented quite quickly: the creation of a basic form for admission to the data center and its deployment in a productive environment took only a month. From the moment of its launch until today, we have not registered a single crash, much less a system crash, and saved ourselves from minor troubles such as the interface mismatching with the screen size.
Whack - and you're done
Within a month after the deployment, we transferred to the own platform all the forms we need in our work:
- Access to the data center,
- Application for work,
- Introductory briefing.
This is how the application form for the work in the data center looks.
The system is deployed in our cloud in St. Petersburg. We fully control the operation of the VM, all IT resources are reserved, and this gives us confidence that the system will not break and will not lose data in any scenario.
The software for the system is deployed in the Docker container in its own data center repository - this greatly simplifies the system setup when adding new functions, editing existing capabilities, and also makes updating, scaling, etc. easier in the future.
The system requires a minimum amount of data center IT resources, while fully meeting our requirements in terms of functionality and reliability.
What is now and what's next?
In general, the admission procedure has remained the same: the electronic application form is filled out, then the visitors' data “fly away” to the security post (name, company, position, purpose of the visit, an accompanying person in the data center, etc.), the lists are reconciled and a decision is made about admission.
What else can the system do? Any analytic tasks in historical perspective, as well as monitoring. Some customers request reports for internal staff control purposes. Using this system, we track periods of maximum attendance, which allows us to more efficiently plan work in the data center.
Future plans include transferring all existing checklists into the system - for example, the process of preparing a new counter. The data center has a regulated sequence of steps to prepare the rack for the client. It is written in detail what exactly and in what order must be done before launch - power requirements, how many remote controls and patch panels for switching, what plugs to remove, whether to install access control systems, video surveillance, etc. Now all this is being implemented as part of a paper workflow and partly on an electronic platform, but the company's processes are already ripe for the complete migration of maintenance and control of such tasks into a digital format and a web interface.
Our solution will further develop in this direction, covering new back-office processes and tasks.