Patent Application
20120229633
The present invention is directed toward a network equipment rack associated with a camera and toward a method of providing security for equipment mounted in the rack, and, more specifically, toward a network equipment rack having a camera configured to monitor the vicinity of the rack and toward a method of capturing at least one image of persons attempting to access equipment mounted in the rack.
Security is an important concern in data and communication centers and in other facilities that house computer and/or network and/or telecommunications equipment. Part of this security comprises software that monitors network use and file access and that determines what actions are being taken by various users of a network. The software may also control access to network resources via the use of passwords or other identifiers. However, the physical computers, routers, storage devices and cabling that interconnects these elements must also be protected to prevent unauthorized access to data or a network or system.
An additional layer of security may be provided by conventional access control technology that uses passwords, access cards and/or biometric information in order to limit physical access to secure areas. Conventional security cameras may also be used to monitor a data center or the entrances thereto. These conventional security arrangements are relatively effective in preventing unauthorized persons from entering a data or telecommunications center. However, they do little to prevent a person who is authorized to be in the secure facility from engaging in unauthorized activities. That is, once an individual is permitted to access the data and communications equipment in a facility, for maintenance purposes, for example, he may also be able to take other actions, accessing or copying or modifying protected data, for example, that are prohibited. Using conventional monitoring techniques, it may be difficult to determine which one of a group of persons authorized to be in a secure facility has impermissibly accessed or changed data.
One field that has established policies for data security is the payment card industry (PCI), and the PCI has developed a data security standard (DSS) to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. There are twelve PCI DSS requirements within the standard, which are herein incorporated by reference. One of these requirements, Requirement 9.1.1, provides: “9.1.1 Use video cameras or other access control mechanisms to monitor individual physical access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months, unless otherwise restricted by law. Note: ‘Sensitive areas’ refers to any data center, server room or any area that houses systems that store, process, or transmit cardholder data. This excludes the areas where only point-of-sale terminals are present, such as the cashier areas in a retail store.”
To comply with this section of the PCI DSS, a video camera and recording system should be in place to observe and monitor access to sensitive data center areas. The solution of the background art is to mount a standalone analogue camera system in the networking area. The standalone nature of camera system is similar to those used for security in a convenience store, wherein the video is stored on a DVR connected to the camera and the images are stored for the required time period before being overwritten. While such an arrangement may narrow down the list of persons who have accessed particular data when a security breach is found, it may be difficult to distinguish between authorized and unauthorized persons who performing actions at a given location. It would therefore be desirable to provide a method and device that make it easier to determine who is accessing or modifying a given piece of network, computer, data storage and/or telecommunications equipment.
This and other problems are addressed by the present invention, a first aspect of which comprises a network equipment rack that includes a first support and a second support spaced from the first support by a given distance. The first and second supports are configured to support a plurality of network modules in a space therebetween. At least one module is mounted in the rack between the first and second supports, and a camera panel is mounted in the rack between supports. The camera panel includes a panel member having a first end connected to the first support and a second end connected to the second support and an aperture through the panel member between the first end and the second end and a camera mounted in the aperture.
Another aspect of the invention comprises a device comprising a rack having a first support and a second support spaced from the first support by a given distance, where the first and second supports are configured to support a plurality of network modules in a space therebetween. The device also includes a camera, and at least one network module is mounted in the rack between the first support and the second support. The at least one network module includes a plurality of ports, each port being configured to receive a connector, and the at least one network module is configured to generate a signal in response to a connector being added to or removed from one of the plurality of ports in the at least one network module. The camera is in communication with the at least one network module and is configured to capture at least one image in response to the signal.
A further aspect of the invention comprises a method that involves providing a rack, mounting at least one network module in the rack, the at least one network module including a plurality of ports, associating a camera with the rack, and capturing at least one image with the camera in response to a connector being inserted into or removed from one of the plurality of ports.
These and other aspects of the invention will be better appreciated after a reading of the following detailed description together with the attached drawings wherein:
The present invention now is described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Like numbers refer to like elements throughout. In the figures, the thickness of certain lines, layers, components, elements or features may be exaggerated for clarity.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the specification and relevant art and should not be interpreted in an idealized or overly formal sense unless expressly so defined herein. Well-known functions or constructions may not be described in detail for brevity and/or clarity.
As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. As used herein, phrases such as “between X and Y” and “between about X and Y” should be interpreted to include X and Y. As used herein, phrases such as “between about X and Y” mean “between about X and about Y.” As used herein, phrases such as “from about X to Y” mean “from about X to about Y.”
It will be understood that when an element is referred to as being “on”, “attached” to, “connected” to, “coupled” with, “contacting”, etc., another element, it can be directly on, attached to, connected to, coupled with or contacting the other element or intervening elements may also be present. In contrast, when an element is referred to as being, for example, “directly on”, “directly attached” to, “directly connected” to, “directly coupled” with or “directly contacting” another element, there are no intervening elements present. It will also be appreciated by those of skill in the art that references to a structure or feature that is disposed “adjacent” another feature may have portions that overlap or underlie the adjacent feature.
Spatially relative terms, such as “under”, “below”, “lower”, “over”, “upper”, “lateral”, “left”, “right” and the like, may be used herein for ease of description to describe one element or feature's relationship to another element(s) or feature(s) as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is inverted, elements described as “under” or “beneath” other elements or features would then be oriented “over” the other elements or features. The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the descriptors of relative spatial relationships used herein interpreted accordingly.
The phrase “network equipment” is intended to describe various types of computer and/or communications equipment of the type that may be mounted in a rack and used for sending and/or receiving data over a communications network. This phrase thus includes servers and related devices for storing or processing data, routers and switches, and communications modules of the type that allow for the interconnection of various electrical or optical cables or fibers.
A camera panel 28, illustrated by itself in
The camera 42 may comprise, for example, an internet protocol camera that is configured to send captured images and/or video to a storage device (not illustrated) that may be located in or near the rack 10 or remotely. A suitable camera is available from Axis Communications (http://www.axis.com) of Chelmsford, Mass., as model M3011, and the “Axis M3011 Network Camera User Manual” is hereby incorporated by reference. The camera 42 may be configured to capture one or more images, which may comprise individual still images or a video stream, upon the detection of motion or on receipt of a signal produced by various types of sensors in communication with the camera 42. Furthermore, the camera 42 may be configured to detect motion only immediately in front of the rack 10 so as to only capture images of persons close enough to the rack 10 to access the network modules 20 mounted therein. In this manner, a file can be provided that relates primarily to persons accessing a given rack 10, and the images may be time-stamped to provide a record of who accessed equipment on a given rack 10 and the time of the access. The camera 42 may optionally include a light source 43 that is actuated when the camera 42 is capturing images. Persons in front of camera 42 might instinctively look at the light source 43 when it turns on, and this helps ensure that a person will be facing the camera 42 when image capture begins.
The camera 42 may be actuated in response to signals other than those produced by a motion detector. For example, as illustrated in
Alternately or in addition, the network modules 20 may be of the type that output a signal each time a connector 24 is inserted into or removed from one of its ports 22. Such a system is sold by the assignee of the present application, CommScope, Inc. of North Carolina under the trademark “iPatch,” and a reference manual for the iPatch system entitled The Systimax iPatch System Panel Manager Guide, CommScope, Inc., June 2009, is incorporated herein by reference. The camera 42 may be connected to a suitable iPatch controller in order to capture an image, series of images or video each time a connector 24 is inserted or removed from one of the ports 22, and the captured images may be associated with other stored iPatch data such as information identifying a port that was accessed and the time of the access. In this manner, a record of the connection changes at the network modules 20 can be associated with images of the person making the changes in order to better determine whether a particular change was authorized. Beneficially, the camera 42 may be configured to record substantially continuously and then selectively overwrite images that are not needed. In this manner, when the iPatch system sends a signal to the camera 42 to indicate that a change has been made, the camera 42 may save images from several seconds before and several seconds after the change to increase the likelihood that a recognizable facial image of the person making the change is captured and not, merely, for example, an image of the top of a person's head when the person is looking down while adding or removing a patch cord 26.
The camera panel 50, illustrated without the camera 52 in
The camera 42 of the first embodiment could be mounted in a pivotable camera panel such as camera panel 50 or the camera 52 of the second embodiment could be mounted in a non-pivoting camera panel such as camera panel 28 of the first embodiment. Alternately, a camera could be mounted at a different location on a rack or mounted near a rack in a manner that still allows the capture of a facial image of a person making change to modules in the rack.
The present invention has been described herein in terms of several preferred embodiments. Modifications and additions to these embodiments will become apparent to persons of ordinary skill in the relevant art upon a reading of the foregoing disclosure. It is intended that all such modifications and additions comprise a part of the present invention to the extent they fall within the scope of the several claims appended hereto.
The present application claims the benefit of U.S. Provisional Patent Application No. 61/451,341, filed Mar. 10, 2011, the entire contents of which are hereby incorporated by reference.
| Number | Date | Country | |
|---|---|---|---|
| 61451341 | Mar 2011 | US |
