SourceSecurity.com US Edition
Home  |  Settings  |  Marketing Options  |  eNewsletters  |  About Us  |  FAQs    Join SourceSecurity.com on LinkedIn
REGISTERTerms
Leadership

Network / IP - Case Studies

Axis secures the modern-day Fort Knox

Data Electronics Group (DEG) opts for Axis IP-Surveillance solution in its Dublin-based data centreData Electronics Group opts for Axis Communications' IP-Surveillance solution to provide additional layer of physical security in its Dublin-based data centre.

Data Electronics Group (DEG) was founded in 1974 as a field engineering-based business installing, integrating, maintaining and carrying out network administration for computer equipment used by airport and airline staff for key activities such as tagging bags and checking in passengers.  Today one division of DEG still provides field service support to SITA operations in Eire airports as well as to Equant and Bloomberg Financial Services in Dublin, Belfast, Shannon and Cork.

During 1990, rather than setting up their own capability, Equant decided to outsource data hosting associated with its substantial financial services client-base in Dublin to DEG.  On the strength of this contract DEG established its first customised data centre at Harolds Cross in the heart of Dublin.  The core business of DEG today - data hosting - was born.

Following the Inflow acquisition, the company relocated its customers from its Ballycoolin facility to the new Clondalkin Data Centre at Kilcarbery Business Park (KBP).  Today this serves as Data Electronics Group's principal location and headquarters.

Declared customers of DEG's datacentres today include Global Crossing, Vodafone, Mitsubishi Electric, Fujitsu and Dublin Airport Authority.  DEG now has a total of 90 data centre customers and more than 350 customers altogether.  The company was recently recognised as the fastest growing technology firm in Northern and Republic of Ireland, in the Deloitte & Touche Fast 50 Awards.  It took 14th position for same award taken across Europe as a whole.  Total growth in revenue over the past five years amounted to 4,376 per cent.  Annual turnover today stands at more than 8.5 million Euros.

"Security is our watchword in this business - we need to offer our data centre customers 100 per cent availability of high speed internet access, storage, recovery, specialist managed services, and power to keep all data systems up and running," says Daniel Tinkiel, chief operating officer at DEG.  "By running the video surveillance system on a separate network additional resilience is assured and no bandwidth constraints affect the performance of the system."

Data centre security investment - environmental security at the KBP site

The temperature on the data floor at Kilcarbery Business Park (KBP) site is fixed at 20 degrees centigrade and 55 per cent humidity.  The environment within the data centre is monitored constantly for temperature and humidity levels so that if the temperature on the data floors moves up or down two degrees centigrade or more, or humidity moves up or down five per cent, alarms are triggered and the situation investigated and rectified immediately by the Building Management System or by DEG's engineers when required.

Protection against fire

Optical and ionization smoke detection units are situated right across all ceilings, voids and under the floor of the data centre.  Further physical protection is offered through a very high specification fire prevention system.

Three tiers of power management ensure 100% power availability

DEG achieves 100 percent power availability at the KBP site by having multiple 10 kilovolt feeds coming from ESB (the Irish power supplier).  In order to ensure the power supply in the data centre is totally secure the company uses two different suppliers of oil for the back up generators in case the mains electricity supply is cut off.  Uninterruptible Power Supply (UPS) units set in two pairs, run back-to-back with an automatic by-pass control switch if one fails so there is no interruption of power even if the second UPS goes down.

DEG runs a complex MESH network to ensure total Internet availability.  A full MESH network is a local area network (LAN) that employs one of two connection arrangements.  A full mesh topology such as that deployed by DEG means that all nodes (switches and routers devices) are connected directly to each other using redundant paths.  It is designed to offer greater resilience to the connection between devices.

Ensuring high quality 100% internet availability for customers

Every customer receives access to two high-speed data cables.  If there is a loss of service in one, internet access is achieved through the second automatically.  But more than this, the mesh is fully cross-connected and interconnected through three layers of switching and routing so that the mesh enables the optimum routing of all data packets based on the destination and the location of other data traffic at that time.  So this system not only provides 100 per cent availability but also maximises speed of transportation and delivery of data.

Such is the resilience and quality of service offered by DEG that most of the world's telecoms carriers have decided to utilise DEG's infrastructure.

Physical security - entering the building

External security around the perimeter of the KBP data centre is provided through CCTV cameras and a team of security guards covering the business park.  On entering the building a second layer of security includes a private security team, which demands photographic identification from all visitors.  This document must be left at reception in exchange for a pass to enter the building.  DEG staff which have authorised these individuals to enter the data centre must pre-register them on a log of visitors for that day and verify that they are who they say they are in reception before letting them go any further.

Zoning provides further protection

The building itself is divided into three zones which demand different security levels - free transit areas, controlled transit areas and restricted areas.  Any authorised visitor, regardless of clearance, can go through the free transit areas once they have announced them-selves and provided a legitimate form of identification to security staff.  To be in a controlled zone, visitors must be enrolled in DEG's hand geometry system.  This system works by measuring the width and length of each finger and the size of the palm in three dimensions.  This data is crunched into a specific single number, which is totally unique to the individual.  It even is able to use an algorithm to adapt to certain ageing characteristics of each person's hand.  There are a total of 16 hand geometry systems located at every entry point to controlled and restricted zones.  The system is optimised to throw up the minimum number of false acceptances and false rejections.  Visitors are only allowed to visit the restricted areas of the building if a high-ranking officer of the company accompanies them.

Cabinets and cages

The cabinets that house customers' servers are themselves locked and all keys held in the NOC (Network Operation Centre) - the highly secure nerve centre of the building.  Cabinets are only opened in the presence of authorised customer contacts by senior DEG staff.  Some customers go further by demanding additional physical security by installing hi-specification caging around all their equipment so that no one can come close to their equipment without permission.

The IP-Surveillance system

Axis' 60 network cameras cover all entrances and are positioned to provide full coverage on the data centre floors.  One camera is located to cover the front of the server cabinets, which run in rows down the length of the building.  A second covers the back of all cabinets.  All 60 AXIS 210 Network Cameras installed on the first floor of the data centre collect six frames per second on motion so that anyone that enters restricted areas of the building will be constantly recorded.  The intention is to replace all of the old CCTV cameras with new network cameras but to date 32 analogue-based CCTV cameras still remain in place on the ground floor and on the outside of the building. 

These cameras provide images through two CCTV multiplexers to two AXIS 241S Video Servers which digitise and transfer video data via two Allied Tellesyn 8350Gb 48-port IP switches, interlinked through a fibre backbone using high speed UTP to an Intel Dual Xeon 9.6 Terabyte Server - which holds all video surveillance system output.  A 24-hard disc drive 3Ware RAID device ensures additional reliability at the data level.  All images are collected at six frames per second and retained for 30 days.

No surveillance cameras are viewable by customers or staff remotely.  Customers must come to the building if they want to view the facilities set aside for them and they are not allowed to look at anyone else's equipment.  Tinkiel reinforces: "Any breach of these rules is effectively a breach of contract and could lead us to terminate our relationship with the customer."

The benefits of moving to IP-Surveillance

DEG saw several key benefits from the new IP-surveillance as compared with the older CCTV system being phased out across the site.  Firstly the quality of images produced by the Axis network cameras made it possible to be sure of identifying all individuals caught on camera.  Tinkiel explains: "This is important for us if we need to involve the police in taking actions to arrest anyone following an incident, although fortunately no such incident has happened at DEG data centres to date.  Maintenance of the system is also much easier.  We had false connection problems with the coaxial-based which will increasingly be a thing of the past."

"We wanted to ensure that if there is a security incident we have proof of the event which has triggered it.  We keep video recordings on a dedicated server running on a totally separate network.  Again by running the video surveillance system on a separate network additional resilience is assured and no bandwidth constraints affect the performance of the system."  Tinkiel explains why he wants to migrate the whole surveillance system to IP over time: "I'm a firm believer in convergence of all technologies over time - voice, data, video - everything should be transported and stored using IP-based technologies and protocols.  The more diverse technologies and networks you have the larger the burden of maintenance and upgrade if you do not put them on a single IP network infrastructure."

The decision to go IP was made even easier because Tinkiel decided to implement integration with other security systems including access control systems.  Without all systems being on IP this sort of integration becomes much more difficult and expensive.

During the renovation of the site when the network surveillance system was put in, DEG was able to reduce the number of racks devoted to video surveillance equipment from three to just one.  It is now much simpler, more manageable and most importantly it produces much better pictures than was possible before.

Milestone XProtect Enterprise Version 5.0 is being used to view images.  Some add-on functionality called Matrix View enables a number of cameras to be viewed simultaneously on a split screen on the desktop in the SOC or on the large plasma screens that dominate this part of the building.  DEG selected network and storage integration specialist Encom to help specify, install and configure the new IP-Surveillance equipment.

"I'm a firm believer in convergence of all technologies over time - voice, data, video - everything should be transported and stored using IP-based technologies and protocols.  The more diverse technologies and networks you have, the larger the burden of maintenance and upgrade if you do not put them on a single IP network infrastructure."

Axis' 60 network cameras cover all entrances and are positioned to provide full coverage on the data centre floorsA future-proof investment with high integration potential

For DEG, IP-Surveillance has been able to provide an important additional level of physical security at its KBP data centre.  The fact that the Axis network cameras offers the potential to integrate into DEG's high specification hand geometry-based access control system makes this a future proof investment which genuinely adds another layer of security for DEG's data centre customers.  Tinkiel summarises: "Security is our watchword in this business - we need to offer our data centre customers 100 per cent availability of high speed internet access, storage, recovery, specialist managed services, and power to keep all data systems up and running.  They want to know that we are able to monitor the actual devices that house their mission-critical data, minute-by-minute, 24 hours a day.  If anything happens they need to know who has been in the proximity of these devices, when and why.  All this information is now trapped on video in dedicated servers for at least 30 days.  I would not hesitate to recommend this solution to others who are specifying physical security systems for highly secure sites."


See privacy and cookie policy
SourceSecurity.com
Browsing from the Americas? Looking for SourceSecurity.com US Edition?
View this content on SourceSecurity.com US Edition, our dedicated portal for our Americas audience.
Do not show me this again
International EditionUS Edition