We tell how we implemented an electronic visit registration system with biometric technologies in the data center: why it was needed, why we again developed our own solution and what benefits we got.
Inlet and outlet
Visitor access to a commercial data center is an important point in the organization of the facility. The data center security policy requires accurate tracking of visits and trend tracking.
A few years ago, we at Linxdatacenter decided to digitize all visit statistics for our data center in St. Petersburg. We have abandoned the traditional registration of access - namely, filling out a log of visits, maintaining a paper archive and presenting documents at each visit.
Within 4 months, our technical specialists developed an electronic visit registration system combined with biometric access control technologies. The main task was to create a modern tool that meets our security requirements and at the same time is convenient for visitors.
The system provided full transparency of the picture of visits to the data center. Who, when and where got access to the data center, including server racks - all this information became available instantly upon request. Attendance statistics are unloaded from the system in a few clicks - it has become much easier to prepare reports for clients and auditors of certifying organizations.
The starting point
At the first stage, a solution was developed that allowed entering all the necessary data on the tablet at the entrance to the data center.
Authorization took place by entering the visitor's personal data. Further, the tablet exchanged data with a computer at the security post via a dedicated secure communication channel. Then a pass was issued.
The system took into account two main types of request: application for temporary access (single visit) and application for permanent access. The organizational procedures for these types of applications in the data center are significantly different:
- The application for temporary access indicates the name and company of the visitor, as well as a contact person who must accompany him throughout the visit to the data center.
- Permanent access allows the visitor to move independently inside the data center (for example, this is important for customer specialists who regularly come to work with equipment in the data center). This level of access requires a person to undergo an introductory briefing on labor protection and sign an agreement with Linxdatacenter on the transfer of personal and biometric data (fingerprint scan, photograph), and also implies the receipt of all the necessary package of documents on the rules of work in the data center by e-mail.
When registering for permanent access, the need to fill out an application each time and confirm your identity with documents completely disappears, just put your finger to authorize at the entrance.
Change!
The platform on which we deployed the first version of the system is the Jotform constructor. The solution is used to create surveys, we independently finalized it for the registration system.
However, over time, during the operation, some bottlenecks and points for further development of the solution were revealed.
The first difficulty is that Jotform was not βfinishedβ for the tablet format, and the forms to fill out after reloading the page often βfloatedβ in size, going beyond the screen, or vice versa, folded. This created a lot of inconvenience during registration.
There was also no mobile application, so we had to deploy the system interface on a tablet in the βkioskβ format. However, this limitation played into the hands - in the "kiosk" mode, the application cannot be minimized or closed on a tablet without "Administrator" level permission, which allowed us to use a regular user's tablet as a registration terminal for access to the data center.
During the testing process, multiple bugs began to surface. Numerous platform updates led to freezes and crashes of the solution. This happened especially often at the moments when updates covered those modules on which the functionality of our registration mechanism was deployed. For example, questionnaires filled out by visitors were not sent to the security point, were lost, etc.
The smooth operation of the registration system is extremely important, since both employees and customers use the service on a daily basis. And for periods of βfreezingβ, the entire process had to be returned to a 100% paper format, which was unacceptable archaism, led to errors and, in general, looked like a huge step back.
At some point, Jotform released a mobile version, but this upgrade did not solve all our problems. So, we had to βcrossβ one form with another, for example, for the tasks of training and introductory briefing on the principle of a test.
Even with the paid version, an additional Pro Level Extended License was required for all of our access tasks. The final price/quality ratio turned out to be far from optimal - we received expensive redundant functionality, which still required significant improvements on our part.
Version 2.0, or "Do It Yourself"
After analyzing the situation, we came to the conclusion that the easiest and most reliable way out is to create your own solution and transfer the functional part of the system to a virtual machine in your own cloud.
We ourselves wrote software for forms on React, deployed all this using Kubernetes, in a productive way at our facilities, and as a result, we got our own system for registering access to the data center, independent of third-party developers.
In the new version, we have finalized the form for convenient registration of permanent passes. When filling out the form for access to the data center, the client can go to another application, undergo express training on the rules of being in the data center and testing, and then return back to the βperimeterβ of the form on the tablet and complete the registration. Moreover, the visitor himself does not notice this movement between applications!
The project was implemented quite quickly: the creation of a basic form for admission to the data center and its deployment in a productive environment took only a month. From the moment of launch to the present day, we have not registered a single failure, let alone a βfallβ of the system, and have been saved from minor annoyances such as a mismatch between the interface and the screen size.
Whoop - and you're done
Within a month after the deployment, we transferred to our own platform all the forms we needed in our work:
- Access to the data center
- Application for the production of works,
- Induction training.
This is how the application form for work in the data center looks like.
The system is deployed in our cloud in St. Petersburg. We have full control over the operation of the VM, all IT resources are reserved, and this gives us confidence that the system will not break and will not lose data under any scenario.
The software for the system is deployed in a Docker container in the data center's own repository - this greatly simplifies system configuration when adding new features, editing existing features, and in the future will make it easier to update, scale, etc.
The system requires a minimum amount of data center IT resources, while fully meeting our requirements in terms of functionality and reliability.
What now and what's next?
In general, the admission procedure remains the same: an electronic application form is filled out, then the visitorsβ data βfly awayβ to the security post (name, company, position, purpose of the visit, accompanying person in the data center, etc.), the lists are checked and a decision is made on admission.
What else can the system do? Any analytics tasks in a historical perspective, as well as monitoring. Some clients request reports for internal personnel control purposes. With the help of this system, we track the periods of maximum attendance, which allows us to plan work in the data center more efficiently.
Future plans include transferring all existing checklists into the system, for example, the process of preparing a new rack. The data center has a regulated sequence of steps for preparing a rack for a client. It describes in detail what exactly and in what order needs to be done before launch - power supply requirements, how many remote controls and patch panels to connect for switching, which plugs to remove, whether to install access control systems, video surveillance, etc. Now all this is being implemented within the framework of paper workflow and partially on an electronic platform, but the company's processes are already ripe for the complete migration of maintenance and control of such tasks to a digital format and a web interface.
Our solution will develop further in this direction, covering new back-office processes and tasks.
Source: habr.com