When it comes to building security, data centers are more like Fort Knox than one might expect, especially if the facility incorporates mantraps.
A huge heat exchanger spewing steam into the cold February morning air was the only thing distinguishing the building I was going to from other nearby buildings. This building was a newly renovated data center that a friend managed, and I was there to check out his toys.
As I walked up to the entrance, I noticed all the empty concrete planters spaced uniformly around the main door. Since this was Minnesota, they were just wide enough for two people or a snowblower to fit through. I remember my friend mentioning the architect called them, "Intrusion protection without sacrificing aesthetics."
While waiting at the front desk, I recalled my friend mentioning the security upgrades that were required due to the facility changing from a multidiscipline building to a mission-critical building. The differences being:
- Multidiscipline buildings are designed to house a data center plus office space. These facilities can only obtain basic-security ratings due to people working in the building who have jobs that are not related to the upkeep of the data center.
- Mission-critical buildings are single-purpose facilities. By limiting access only to those running the data center, and the increased physical security, these buildings can obtain higher security ratings.
My friend finally showed up and asked if I noticed anything different about the atrium. I did notice the floor to ceiling turnstile. Here is a list of what I missed:
- All exterior glass is now bulletproof.
- All window and door hardware is inside.
- Fire doors are exit only.
- Security cameras cover 100 percent of the building grounds.
The next step was signing in at the security desk. The guard asked me for two forms of ID, which I was told I would get them back when I left. My driver's license and credit card worked. I had to turn over my phone and any other electronics I had with me, so there went my idea of taking pictures. I was then issued a guest pass card (RFID) specific to me. I used the pass card to get through the turnstile. And I was in, or so I thought.
This data center requires three authentications to get to the most secured area. The first authentication was the turnstile. The next authentication step was the mantrap. To get into the most-secured part of the data center, employees have to get past biometric scanners.
According to my friend, the mantrap was the key component to securing the data center. Mantraps usually consist of a small room with two doors: one connected to the unsecured area and the second opening into the secured area. To gain access to the mantrap from either the unsecured or the secured side requires using the pass card. If my pass card checks out, the door unlocks, allowing me to enter the mantrap. Once inside, the door shuts rather quickly—this prevents tailgating (i.e., having more than one person in the mantrap at a time). With the door shut, I waved my pass card near the reader, and the door to the secure area opened.
The mantrap at the data center I visited was a bit unique—it was what I imagine it would feel like being in a glass jar. Rather than having swinging doors, the glass door rotated out of the way.
I did not think anything of it when my friend asked me to carry a box through the mantrap, as he was carrying his notebook. Once inside, my friend took the box and gave it to his associate, and we proceeded with the tour.
When it was time to leave, I held my pass card by the reader, and the mantrap door slid open. (Did I mention that I am slightly claustrophobic? Well I am, especially when I'm about to hop into something called a mantrap.) Once inside, the door slid shut. I waved my pass card by the reader, and nothing happened. I waved it again and still nothing. The door would not open.
I looked up, and my friend had this huge smile on his face. I said something I cannot repeat here. Next, he started to call the security desk, because they were the only ones who could override what I thought was a malfunctioning mantrap. Finally, the door opened, and I jumped out.
After my friend stopped laughing, he explained the mantrap weighs the occupant as a secondary measure against tailgating. A side benefit being the scale is sensitive enough to tell if someone is leaving carrying more than they came in with or vice versa. Remember my carrying the box for my friend? Well, I did not have the box coming out, so the mantrap sensing a different weight prevented the door from opening, and alerted security personnel. I need better friends.
I was impressed. I've watched movies where a super-stealthy spy tailgates into a secure facility and has the run of the place. That's not likely at this data center from what I saw. I can also see why bad guys, if at all possible, get what they want using the Internet.