From Bailing Wire to Biometrics
NAPs were generally set up in university computer room closets, old, damp central offices, or as in the case of the largest NAP of the era, MAE East (MAE stood for Metropolitan Area Ethernet, or Exchange, depending on who you ask), a parking garage in Tysons Corner, Va. Considering the applications for the Internet were limited to e-mail, gopher and other antiquated applications, this bailing wire and masking tape approach suited the Internet perfectly.
Experiments led to alternative NAPs such as the Palo Alto Internet Exchange (PAIX), adding security and other features to support newer networks. However, the players on the Internet also changed, quickly making the original PAIX experiment inappropriate for larger enterprises, government and other sources of online content.
Enter IBXsA new design was required – one that would accommodate the burgeoning growth of interconnecting networks, operate in multiple locations, record robust audit trails and meet security audits. Most importantly, the new design would need to incorporate a security system that could scale without impacting operational efficiencies, with speed of access to equipment being paramount.
The managers of PAIX took these limitations and began working on a new design. The new datacenters, known as Internet Business Exchanges, would be an average of 100,000 to 200,000 square feet, incorporating hundreds of individual clients, yet set a new security standard in the industry. With the assistance of Richard Mohr of Andersen/Mohr Associates, Equinix Inc. of Foster City, Calif., began to develop this new security profile and apply it to an aggressive construction plan.
The requirements were stringent: perimeter security, such as concrete embankments or bollards, to assist with blast radius enforcement; thick concrete and Kevlar in the outer envelope of each building to meet the service level agreements of financial customers; extensive and comprehensive digital video surveillance, archived for a minimum of 30 days; easily referenced audit trails that included the general location of visitors at all times; the capability to instantly remove electronic access, even if the individual was inside the building; and mantraps and interlocking doors, designed to prevent “piggybacking” or sneaking in behind an authorized visitor.
Because of the nature of its client-oriented business, the company was faced with preserving access speed to equipment within its centers while ensuring ultimate security. If a client such as Yahoo!, Microsoft, IBM or the federal government arrived at the front door of an IBX, access needed to be processed quickly, while meeting the stringent security measures that often caused delays at traditional datacenters.
Biometrics to the rescueThe company looked to the use of advanced software combined with biometrics to address this paradox. Initially, the design team designated five levels of biometrics between the outside of a facility through to the individual client’s equipment cages. This meant placing biometrics on the exterior doors and mantrap interlocking doors, as well as on interior spaces, such as customer care areas, and finally, without exception, on individual cages. Each client within a “neighborhood” needed to conform to the most stringent security levels required within that zone, or security would be compromised for all clients. This meant the installation of thousands of biometric devices in each facility. These devices would need to be easy to control, require little to no maintenance, and have virtually zero failure rates.
On the hardware side, the company field-tested fingerprint, retinal, iris and hand geometry recognition. Speed and reliability being primary requirements, fingerprint systems tended to fail on external doors and required high maintenance. Iris systems were in their infancy stage, and thus had an unacceptable rate of failure. Retinal systems were rejected by customers, not surprisingly, because these customers were uncomfortable with placing their heads in a yoke and having a beam shot into their eyes. Hand geometry solutions remained. Fortunately this solution met the requirements, and was reasonably priced to deploy in large scale. Ingersoll-Rand’s Recognition Systems (Campbell, Calif.) biometric hand readers were deployed throughout Equinix’s IBXs.
The model succeedsIn 1999, Equinix opened the first of its advanced IBX centers in Ashburn, Va. Similar IBX centers have since been deployed in major markets in the U.S. and Asia-Pacific. By 2004, Equinix was operating over 1.3 million square feet in five countries. Through its service model and advanced datacenter features and security, Equinix has attracted every major network and content site into its facilities. Over 95 percent of the world’s Internet networks and users are available in each center, where every major domestic and international network has deployed its hubs. The largest retail and investment banks; the majority of the futures, commodities and options trading infrastructure; and the largest system integrators have located their massive infrastructure within the company’s walls. IBM has chosen to use the company as their location to host their massive global e-business customers.
Finally, with Equinix on the GSA schedule, the federal government has become a large customer, using the company’s IBXs for critical infrastructure in multiple locations. As the leading provider of network-neutral data centers and Internet exchange services, the company now operates 14 highly secure Internet datacenter hubs, representing over 1.3 million square feet, in five countries. Thus is the Internet, at least a few important pieces of it, protected through biometrics.