 |
Download "Whitepaper_ELM_Security_System.PDF" (485kB) |
ELM Security System
Electronic Locking & Monitoring
|
|
Issue: September 2006 Release: 1.0
|
EMKA Beschlagteile GmbH &
Co.KG |
Table of contents
1 Preface
2 Introduction
3 Access Control
4 Electronic locking and
monitoring
5 Easy integration
6 Summary of benefits
of electronic systems
7 Increased
„uptime“ by environmental monitoring
8 ELM Security System by EMKA
9 Software
Methods for data security are described in various laws and regulations. In
addition to general confidentiality requirements and business prudence we
now have BS 7790, DIN ISO 17799 und Sarbanes-Oxley, demanding greater data
security.
In the twentieth century and before it was gold and diamonds that required
the ultimate protection. Today’s gold is data: hard drives have replaced
bullion. On-line retailers must guarantee their customers’ security to stay
in business. Co-location centers must demonstrate their commitment to
security to attract customers.
Of course huge efforts and much progress have been made in the fields of
encryption and the safeguarding of networks from hackers. It is also
important to optimize physical security.
Typically physical security has concentrated on perimeter access control and
this is certainly vital, but the security of the actual racks and cabinets
has, perhaps not been given the attention it deserves.
Requirements for control cabinets or equipment in server rooms and data
centers have clearly changed. Today’s requirements are:
● Increased data security
● Protection against unauthorized access
● Logging of all event
● Parameter driven supervision
● Trigger planned tasks
● Integration into high level management systems
Integrated system solutions must meet the following requirements: reliable,
scalable and cost-efficient. A suitable locking system also belongs to this
application.
EMKA with its Electronic Locking & Monitoring (ELM) - Security System is the
one-stop-shop for those demands. The modular design allows easy adaptation
to a specific requirement.
Various mechanical “systems” are employed:
This may be rationally acceptable if very few people have access to
the building and room that houses the data cabinets, and the value of the
data is low. However the perception to internal or external customers may
raise questions.
If a key goes missing is it lost, stolen or copied? Do we hope for the
best, or re-key affected locks? A major key control issue.
A significant step up in security and convenience, especially for a
co-location center, still a significant “key control” problem. What happens
if a master key may have been compromised?
The problem with keys
In a co-location center, for example, access must be available to both the
company renting the cabinets in the data center and the building owner.
Master key systems are used for convenience, however if a master key is goes
missing there is a major dilemma. Say the cost of changing a lock is $50 and
there are 500 locks which should be changed, someone might well decide that
the risk is not so great after all. Keys leave no trail – it is impossible
to tell who was last in a cabinet, most can be easily copied, many are left
lying around.
Electronic locks can eliminate these problems, but their implementation
requires serious thought.
This can offer both enhanced security and greater convenience.
Most electronic access methods allow event logging (which, from where, when
and who), real time monitoring, and alarms. All should allow easy
de-authorization, which is much more likely to be effective than collecting
keys from ex-employees.
The network must be password protected to restrict access to some of the
data to authorized people; ideally several levels of access should be
available.
Various access methods are available; their main characteristics of the most
popular are summarized below:
| ACCESS METHOD | Advantages | Disadvantages |
| Remote from a control room
|
Secure
|
Requires manned control room |
| Keypad
|
Secure, over 1 million codes possible
|
|
| Proximity card
Most types of prox cards can be used |
Secure, if different card is used from that
which allows room entry
|
Card may be stolen
|
| Cell Phone
|
Secure / extremely secure Convenient |
Expensive |
Table 1: Access methods
Security theory states that, for excellent security, two of the following are needed for access: something you know; something you are; and something you carry. The most practical, economic and convenient solutions are 1) and 2) above
The method of monitoring the system impacts on its usability and effectiveness...
| MONITORING METHOD, REAL TIME | Advantages | Disadvantages |
| Computer screen – standard software | OK in conjunction with alarm
|
Must be watched all the time Need a dedicated screen |
| Alarms can be audible in the room, remote at a network terminal, by email, cell phone, etc | Good to alert operator
|
Often not specific |
| Pop-up Software that launches monitoring program, sends SNMP traps, emails etc. | Allows “passive” monitoring
|
|
| Graphical active display | Gives instant overview of status of doors
and environmental conditions
|
Best if used in conjunction with alarms |
| MONITORING METHOD, HISTORY | ||
| Notepad file log on terminal | Easily save to Excel of similar | Can run out of capacity |
| New Notepad file logged each day | Easy to find and examine Unlimited capacity |
Table 2: Monitoring methods
Depending on the building security system and the preferences of the
building managers, integration on some level between the data room and the
rest of the building may be desirable. An electronic system should be
flexible enough to achieve this at different levels.
It may be best to use the same ID cards to control both room and cabinet
entry (not always a good idea). Some applications require the building
monitoring system to be able to see cabinet door and temperature status;
others to receive alarms and launch a separate monitoring program. Use of
SNMP protocol and traps greatly assists in integration.
● Much more difficult to steal a key and a password than just a key.
● An automatically generated log is a great deterrent.
● Alarms on all doors and side panels.
● Easy invalidation of codes.
If security is top notch on the parts we can see then it may be assumed that
it is also taken seriously on the parts that we cannot see.
● Inoculates against Sarbanes-Oxley or HIPAA problems.
● Defense against liability (both corporate and personal) if problems occur.
● Gives confidence to customers and prospective customers.
● Emphasizes to employees the importance of security.
● When an employee leaves his code is easily invalidated.
● If a prox card is lost there is no need to re-key locks.
● No one needs to keep track of who has keys and chase them when they go
missing – this can be a real problem with master key systems.
● No need to change cylinders
● No more big bunches of keys
● No more locksmiths’ bills
Using the same network that operates and monitors the security functions,
environmental conditions such as temperature and humidity within cabinets
can be monitored and, in some cases, automatically controlled. Some systems
can energize fans at one temperature and send an alarm if the temperature
continues to rise.
In addition to the prime function of increasing “uptime” by preventing data
loss or damage due to excess heat, temperature can be monitored to observe
the effect of ducting changes or the addition of blade servers. It is
possible to log a temperature history to evaluate server performance.
Other functions can be monitored including vibration (to detect forced
intrusion), smoke, current draw and anything that a transducer can measure,
all these can be set to open or close contacts, to energize fans, for
instance and / or to send alarm signals. A temperature sensor could be set
to turn on fans at one temperature and at a higher temperature to send an
alarm.
The EMKA Electronic Locking & Monitoring System (ELM system) allows access
control for all types of cabinets and offers furthermore monitoring and
control of ambient conditions.
The ELM system offers various functions, e.g.:
● operating locks
● evaluating sensor data
● handling operator inputs
Several functions of the same type are integrated in a module; e.g. a
„handle module“ which can operate up to 8 independent swing handles or a
„sensor module“ which can drive up to 4 sensors. Modules are interchanged by
cables and communicate via CAN-Bus (Controller Area Network) protocol.
The whole system is controlled by a „communications module“. It handles the
communication to all modules and is the user interface for setup and for
vertical communication to supervisory systems via LAN (Ethernet) and SNMP
(Simple Network Management Protocol). Up to 10 password controlled
workstations with adjustable access levels can have simultaneous access to
the system via LAN connection.
Apart from the communications module, which is needed only once in an ELM
system, many other functional modules can be present in an application.
One ELM system can handle up 64 modules of the same type and up to 100
modules in total. Max. cable length from the communications module to the
geographically last module is about 1000 m. Up to 512 locks or 256 sensors
with 256 relays can be operated by a single communications module.
The ELM system offers different operator interfaces for user identification
and opening handle like keypads, proximity cards, cell phones and PC/Laptop
operation.
Each event is logged in the system. Local or remote alarms can be derived
there from.
The modules of an ELM system are available in three different form
factors:
● Single modules in a metal housing; type - "BOX";
plug&play connection; external power supply required
● Single modules with a holder for DIN rail mounting; type - "KIT" ;
connection via terminals; external power supply required
● Multiple modules customized in a 19'' rack, 1U
plug&play connection, built-in power supply unit
More complex ELM applications may be realized as a combination of single modules and 19'' racks.
Fig. 1: ELM System overview
Fig. 2: System structure
Benefits:
● „Plug an Play“ system
● Modular design
● Network ability
● 19“ technology
● Up tot 512 locks or 256 sensors connectable
● Control via software ELMcontrol
● SNMP protocol for easy integration into management software like
HP OpenView
The software ELMcontrol allows easy configuration and monitoring of the
electronic locking system EMKA-ELM via PC under Microsoft Windows®.
Data exchange between ELMcontrol and an ELM application can be via network
or serial RS 232 interface through the communications module of the ELM
system. Network communication uses Simple Network Management Protocol -
SNMPv1 (RFC1157). This allows seamless integration of the ELM-Systems in 3rd
party SNMP-management software (e.g. HP OpenView). Data exchange via network
interface is only allowed for authorized users due to security reasons.
ELMcontrol software runs under Microsoft Windows 98, Microsoft Windows ME,
Microsoft Windows NT 4.0, Microsoft Windows 2000 or Microsoft Windows XP.
ELMcontrol uses TCP/IP as network protocol.
Free download of ELMcontrol software is available under
http://www.emka-electronic.de/E/index_E.htm section download /software/SNMP
management software ELMcontrol. Software and manual will be installed after
running setup.
Configuration settings for the ELM system performed via ELMcontrol are
directly checked and saved in the system’s memory. ELMcontrol only operates
with an ELM system connected and powered.
ELMwatcher is a software for receiving and displaying SNMP trap messages
which are sent by an ELM system. It allows processing of messages received
and offers different methods to inform the operator about a specific event
like an open door or a sensor giving alarm. ELM trap messages can be
displayed as a list, saved to files or transmitted as SMS to a dedicated
phone number. ELMwatcher can display trap messages with all details or
combine multiple messages with the same content. Any sound file can be
played when receiving a trap message or the start of a program can be
initiated automatically.
ELMwatcher requires Microsoft Windows 98, Microsoft Windows ME, Microsoft
Windows NT 4.0, Microsoft Windows 2000 or Microsoft Windows XP and network
protocol TCP/IP.
Free download of ELMwatcher demo software is available under
www.emka-electronic.de/E/index_E.htm section download /software/SNMP trap
receiver software ELMwatcher. Software and manual will be installed after
running setup.
| ELMcontrol allows easy configuration and monitoring of the electronic locking system EMKA-ELM via PC under Microsoft Windows®. < Fig. 3: System-Manager |
|
| All modules and are viewed in structured lists with intuitive icons and text messages.
|
|
| Commands like opening a handle can be
performed.
Events stored in the ELM-System are displayed and saved in log files. < Fig. 5: Managing access permissions
for handles |
|
| ELMcontrol can handle multiple ELM systems. The operator can easily switch to the desired system. Data exchange can be via Ethernet-LAN, internet or RS232 or USB interface. Fig. 6: Quick information about alarm messages > |