One of the most important issues of a physical security of a server equipment as well as a security of the entire IT-infrastructure is tracking and controlling access to server rooms. A tracking system must notify system administrators and technical specialists about any access to a server room or protected object 24 hours a day 7 days a week with a possibility to browse a history of events in any moment of time. Such way of informing allows system administrators to control an access to the object without using expensive access control systems, which contain different types of electronic locks, components of employee identification via electronic maps, coded key locks and other security elements.
In this article, an example of organising the system of tracking access to server room on the basis of NetPing device and a monitoring system PRTG Network Monitor will be examined. The essence of the system is in monitoring a door opening/closing sensor, which is connected to a NetPing device by means of the PRTG monitoring system, as well as building a graph of opening a door within different time intervals.
Requirements
To organise tracking of opening/closing a door in a server room, there is a need to have:
- a device for monitoring sensors/remote controlling of power supply sockets NetPing (models: UniPing server solution v4/SMS, UniPing server solution v3, NetPing IO v2, NetPing 8/PWR-220 v4/SMS, NetPing 2/PWR-220 v4/SMS, NetPing 2/PWR-220 v1/SMS, NetPing 2/PWR-220 v3/ETH);
- security sensor;
- a server with a deployed monitoring system PRTG Network Monitor in a corporate network of a company. A description of the PRTG Network Monitor, as well as a user guide for installing and configuring a system, can be found at the official website of the Paessler developer, a list of system requirements for deploying the PRTG Network Monitor can be found here.
Configuring a NetPing Device
In this example, a monitoring device UniPing server solution v4/SMS will be used. A configuration of UniPing server solution v4/SMS for monitoring door opening/closing in a server room will consist of three main stages:
- Connecting a security sensor to an IO line of a device (in the example one IO line 1 is used). The information about how to connect a security sensor to a device can be seen in a user guide;
- Configuring SNMP community at the page «SETUP» of a device web interface (a value «SWITCH» is used by default):
- Configuring an IO line at the page «DISCRETE IO» of a device web interface (configuring an operation mode of an IO line «input», filling in memo and encoding a logic level):
A full list of settings of a UniPing server solution v4/SMS device can be browsed in a firmware description.
Configuring the Monitoring System PRTG Network Monitor
All settings of the PRTG Network Monitor are realized in a web-interface of a system. After authorization in a system, there is a need to go to the page with a list of devices and sensors. To do this, choose the tab «Devices» in the main horizontal menu and click «All» in a drop-down list:
The page «Group Root» displays all added devices and sensors, which are controlled by the PRTG system:
To organize tracking of opening/closing a door in a server room, there is a need to add a previously configured device UniPing server solution v4/SMS to this page. Before adding UniPing server solution v4/SMS to PRTG, it is recommended to add a special group for determining a hierarchical order and a common functionality of all devices that are in a group. Adding a group is performed at the tab «Devices», menu item «Add Group»:
At the first stage of adding, there is a need to indicate an initial location of a new group in the hierarchy. For example, choose «Local probe» and click «Continue >»:
At the second stage of adding a new group, there is a need to configure parameters, indicated at the page:
where:
Group name – is a name of a group for identification. A name will be displayed on default in a tree of devices and in all error notifications.
Credentials for SNMP devices – data for connecting to a device with the aim to monitor them via an SNMP protocol. There are two ways to configure parameters «Credentials for SNMP devices». The first one is: there is a need to inherit parameters, configured at the first start of the PRTG in the Guru configurator, by checking «inherit from Local probe». The second one is: to remove a checkmark «inherit from Local probe» and fill in an offered form by corresponding parameters, taken from a web-interface of a device UniPing server solution v4/SMS.
After clicking the button «Continue >» a new group «Server Room Monitoring» will be created. Then there is a need to add a device UniPing server solution v4/SMS to a new group with a sensor that tracks door opening in a server room. To add a new device into the PRTG, there is a need to click the button «Add Device»:
In this example, a configuration of adding a new device from the account PRTG System Administrator at the master node is described. For other accounts, interfaces of nodes, not all parameters indicated in a description can be available.
At the page «Add Device to Group Server Room Monitoring», fill in main parameters, indicated on the picture:
where:
Device Name – is a name of a device for identification. A name will be displayed on default in a tree of devices and in all error notifications.
IP Version – is choosing a version of an IP protocol for connecting to a new device.
IPv4-Address/DNS Name – is an IP-address or a DNS-name of a new device.
Device Icon – is choosing an icon for a device from the list. An icon will be displayed in a tree of devices. If necessary, it is possible to add own icon. To do this, a file with the icon needs to be copied to the PRTG server in a folder via the path: C:\Program Files (x86)\PRTG Network Monitor\webroot\icons\devices\
Sensor Management – is choosing a type of a device detection. In this example, a manual mode of adding without automatic detecting a device will be examined. For more detailed learning the modes of automatic detection and additional settings, there is a need to address the article «PRTG Manual: Add a Device».
Credentials for SNMP devices – are data for connection to a device with the aim to monitor via an SNMP protocol. In the example, parameters are inherited from the group «Server Room Monitoring». If there is a need to indicate parameters, which are different from the inherited ones, there is a need to remove a checkmark «inherit from Server Room Monitoring».
After clicking the button «Continue >» a device UniPing server solution v4/SMS will be added to the page «Group Root»:
The next step of configuration is to add a sensor, which will determine the amount of door openings in a server room during a certain time interval. To add a sensor, click the button «Add Sensor», which is located at the page «Group Root» next to a UniPing server solution v4/SMS device:
In this example, a configuration of adding a sensor from an account PRTG System Administrator at the master node is regarded. For other accounts, interfaces or nodes not all parameters indicated in this description can be available.
In the window «Add Sensor to Device UniPing server solution v3/SMS [192.168.137.100] (Step 1 of 2)» in the process of adding a sensor, set a filter according to parameters «TARGET SYSTEM TYPE?» and «TECHNOLOGY USED?», as shown at the picture below. Afterwards, choose a suitable type of addable sensors «SNMP Library»:
Choose a necessary oidlib-file for UniPing server solution v4/SMS in the list «Please select a library file» and click the button «Оk»:
OID libraries (oidlib)-files – are the files, which are used in the PRTG for monitoring and controlling devices using an SNMP protocol. Oidlib-files are obtained by converting MIB-files (Management Information Base) by special software Paessler MIB Importer and Converter.
On default, in the list «Please select a library file» there is no oidlib-file for UniPing server solution v4/SMS, therefore it needs to be added. To do this, download oidlib-file «DKSF 70.5.R OL» at the page of a description of a device in the section «Documentation and Files» and copy it to the PRTG server to a folder via path C:\Program Files (x86)\PRTG Network Monitor\snmplibs\.
PRTG will offer to choose necessary sensors to add them to UniPing server solution v4/SMS:
Unfortunately, PRTG Network Monitor monitoring system does not allow to request devices via an SNMP protocol more frequently than once in 30 seconds for a paid version and more frequent than once in 60 seconds for a free one. Therefore, a value SNMP OID of a logic level of an IO line in the mode «input» («Logic 1» – a door is opened, «Logic 0» – a door is closed) is not recommended to use, because at a momentary opening/closing a door (up to 30 seconds) the PRTG system will not be able to detect such events.
To bypass this restriction, there is a need to use a value SNMP OID of a pulse counter of IO lines, to which security sensor is connected. A pulse counter will show the amount of opening door in a server room for a certain period of time, for example, for each 60 seconds. Therefore, instantaneous opening / closing of the door will be fixed in the statistics of the PRTG Network Monitor monitoring system.
A selected sensor «np io: 1/Pulse counter» IO line 1 will appear in the list of sensors of a UniPing server solution v4/SMS device:
The last stage of setting is configuring a sensor «np io: 1/Pulse counter» for a convenient representation of values in the table and visual building of a graph. To do this, click the sensor «np io: 1/Pulse counter» and in a window that appears «Sensor np io: 1/Pulse counter» go to the tab «Settings»:
At the tab «Settings» fill in parameters, represented on the picture below, and click the button «Save»:
where:
Sensor Name – is a name of a sensor for identification. A name will be displayed on default in a tree of devices and in all error notifications.
Unit String – is a parameter that responds for representing a measurement unit of returned values.
Multiplication – is a multiplicator, a parameter that multiplies obtained original values of a sensor for an installed coefficient. In case of the example, original values are multiplied by 60 for a correct building of a graph.
Scanning Interval – is an interval of requesting a UniPing server solution v4/SMS device via an SNMP protocol.
Afterwards, there is a need to go to the settings of the channel «np io pulse counter»:
And fill in the parameters represented at the picture below:
where:
Name – is a name of a channel for identification.
Unit – is a parameter that is responsible for displaying a measurement unit at the channel.
Result
As a result of configuring a UniPing server solution v4/SMS device and the PRTG Network Monitor monitoring system described above, system administrators will be able to analyze the graph of opening the door in a server room with the interval of each 60 seconds. I.e. a graph shows how many times and when the door was opened.
The similar data representation is given in a form of a table. A table also shows, how many times and when the door was opened in a server room.