Last week I had to move my server to a different data center. This wasn’t by choice, but rather because the company hosting my co-located server decided to quit renting and buy their own place. So, at half-past midnight, I drove to a dimly lit industrial park near Amsterdam to move my server a total of 500 meters from one overly secured building to another.
Moving a production server is a serious matter, because down-time can usually be measured in dollars, or in my case, cents. Therefore, I carefully planned the evening well in advance. I packed all the tools I might need, along with my identification, a map to the data center, a passcode to enter the building, the combination to my server rack and, last but not least, the keys to my server. Yes, my server has a locking bezel on it, because it gives me a feeling of added security. That is, until now.
You see, while packing my bag for the evening, I found two sets of keys with the Dell logo. I have two Dell servers, so I wasn’t sure which set of keys I would need to take with me. One server is on-site, so I decided to try the keys on that server. Whichever set of keys didn’t work on this server were obviously for the other server. Makes sense, right? So, I try the first set and they work. Then just for fun, I try the second set… they work too. Perhaps there is a third set of keys somewhere that I should be looking for, or perhaps all Dell servers use the same keys… naaa, that couldn’t be! Well, I threw both sets of keys in my bag, grabbed an extra crowbar… just in case the keys didn’t work and off I went into the stormy night.
To pick up the server, I had to scan my finger, show my identification, give them the passcode, unlock the door with a smart card, unlock the server rack with a combination and finally use my little Dell key to unlock the bezel, so I can get at the screws that hold the server in place. As luck would have it, the little Dell key fit, so I didn’t need the crowbar, after all. In fact, both sets of keys fit. Hmm… I wonder if Dell only makes one key that fits all the locking bezels they make. Well, in the same server rack were 10 Dell servers (Dell’s doing quite well, apparently). Just out of curiosity I tried my little Dell key on each of the servers, one by one. The key fit all of them. Yes, any Dell key can unlock any Dell server.
Perhaps this was intentional, after all, we’re just trying to secure our server against baddies, and other Dell owners can’t possibly be baddies, therefore it’s okay if we all share the same key. It’s the Dell-owner circle of trust! Or, more likely, Dell was pinching pennies at the little key outlet store. In the end, what does it really matter? That little key is just a security blanket to give you the warm, fuzzy idea of control. The real security is in the guards at the door, the fingerprint scanner, the passcode, the ID check, the smart card and the combination locks. If the master thief has made it past all those things, no plastic bezel is going to thwart their wicked plans!
Also, we have to assume that all people who are authorized to open this server rack have a strong interest in respecting all the servers in it, lest someone not respect their server. A co-located server rack is a microcosm of Kant’s Categorical Imperative or Big Bird’s Golden Rule. And… just in case morality doesn’t work, the audit logs and security cameras most certainly will!
So, really the bezel is a joke in this instance and Dell probably knows it. In any case, I did put the bezel back on the server after I had placed it in the new data center… but I didn’t lock it!
