Unterföhring, 22.06.2020

As secure as can be...

ColocationIX GmbH uses digital locking technology to optimise access control in data centres protected inside a fallout shelter.

Is it possible to make a fallout shelter even safer? Yes, it is and, what's more, it also makes things more convenient. The proof can be found in Bremen, where ColocationIX GmbH has equipped its data centre housed in a converted fallout shelter with digital locking technology by SimonsVoss Technologies GmbH (Unterföhring). Customers who book IT capacities here and the service provider's employees benefit from the advantages of the electronic access control system.

ColocationIX is a professional service partner for outsourcing IT server structures. In 2011, the company purchased a former nuclear fallout shelter from the Federal Government and began converting it into a data centre. The location provides protection against storms and earthquakes. A direct fibre optic connection to the key DE-CIX, AMS-IX and LINX internet nodes and a connection to China ensure high availability at high speed. Designed in accordance with ISO EN 50600 Class 4, ColocationIX offers the greatest possible physical protection – even an aircraft crashing into the shelter would not cause any damage. ISO 27001 certification guarantees fail-safe data security and ensures GDPR-compliant data processing. The security architecture meets the requirements for critical infrastructures.

 

Core expertise in digital and physical security

Customers, including market leaders in a wide range of industries, place their IT hardware in the data centre and lease the infrastructure – for example, a server cabinet, including power, cooling, bandwidth and other items, in a single package. Or they might only process their data there and make use of managed services such as private hosting or a private cloud. ColocationIX is one of the most modern data centres in Europe with its future-oriented level of physical and digital security and award-winning energy-efficient climate control concept.

“But there is nothing that can never be optimised further,” explains Andres Dickehut, ColocationIX GmbH partner. “Digital and physical security are among our core fields of expertise. This also includes a highly secure access control system which manages access to zones and rooms and precisely logs who has been inside the building and when and where that was.”

By opting for digital locking technology, ColocationIX combined the security-related upgrading of the shelter's previously purely mechanical outer shell security system with tailor-made administration and control of all access events.

 

Defined requirement profile

The ColocationIX team responsible first established the requirement criteria and then drew up a first rough plan based on these. Apmann Daten- und Kommunikationstechnik GmbH & Co. KG was responsible for the detailed planning of the system and its precise configuration, installation and initial operation.

The electronic locking system requirements profile included:

  • Maximum security for components
  • Issuing of authorisations at individual locking device level
  • Access event logging
  • Easy installation and maintenance
  • Central administration
  • Long-term support from the manufacturer

After intensive research, the company opted for System 3060 by SimonsVoss Technologies GmbH, based in Unterföhring, near Munich. Andres Dickehut: “Networking enhances convenience throughout the entire system and all processes are logged. This allows access events to be tracked on an individual basis. Combined with the video surveillance and biometry detection solutions that we already had, the system can also quickly determine who is currently located or has been in a particular section of the building or at a particular time in an emergency, for example.”

 

System structure

The following SimonsVoss System 3060 components are used in the ColocationIX data centre:

  • WaveNet for controlling and logging locking cylinder events
  • Locking cylinders with Lock Nodes for event logging
  • SmartRelays in the lift and for RC6 doors
  • Transponders used as a key
  • PIN code keyboards
  • LSM software for managing the system

The entire locking system is networked with the management system. Locking cylinder networking is ensured via WaveNet routers with power over Ethernet (PoE), which function as access points. The basis PoE network switches are connected via fibre optics. The WaveNet components are networked via a switch infrastructure, which, in turn, interconnects the switches using fibre optics.

Due to the building’s physical structure with thick concrete walls and ceilings, at least two WaveNet access points were installed on each floor, more in some cases. Data is exchanged with 3060 locking cylinders via their emitters/receivers (Lock Nodes) and with other devices via the networked WaveNet routers.

SmartRelays use high-security doors with a resistance class RC6 rating to control door unlocking. They are operated with transponders in conjunction with PIN code keypads. Flexibility also played an important role for ColocationIX: “If required, the digital locking system can be expanded at any time and programmed or configured centrally,” explains Andres Dickehut. “By contrast, the individual components such as locking cylinders are completely autonomous and also function in the event of a management system failure.”

 

Three-factor person authentication

The converted nuclear fallout shelter has eight floors in its interior, five of which are used exclusively for the actual data centre itself. As a general rule, access is only granted to people who have been previously registered and authorised for the area concerned. Security personnel, video surveillance and a mantrap control access to the shelter’s fenced area. Customers generally only gain access to the data centre when accompanied by an authorised ColocationIX employee.

To maintain security at a maximum level, three-factor authentication was implemented as the basis for access to the authorised floors, specific server rooms and closed racks. Authentication is provided by approval on an individual basis by the data centre staff or using a PIN code, a transponder with encryption and biometric detection. All requirements must be met to gain access to the data centre. The three systems do not have a common single point of failure and therefore deliver the highest level of security in access control.

 

Self-administration

Alongside planning for the digital locking system, SimonsVoss has also provided training sessions on System 3060 with ColocationIX GmbH’s administrators to ensure things run smoothly after commissioning. Andres Dickehut: “These seminars were the ideal basis for our in-house experts to become acquainted with the basic configuration with all components and familiarise themselves with the necessary steps and procedures before operation. We manage the system completely ourselves, including issuing access authorisations and programming locking media.”

 

The ColocationIX data centre at a glance

Building

  • Over 2,500 m² space on 8 floors
  • Reinforced concrete outer walls and ceilings 2 m thick
  • 5 self-contained data centres, divided into 10 security zones

Physical Security

  • Built in compliance with EN 50600 Class 4 and Tier 4, operated according to ISO 27001
  • Multi-level access authentication with logging: entrance security personnel, code, transponder, biometrics, metal detector and turnstile
  • 24/7 video surveillance, alarm monitoring
  • Lightning protection in compliance with class 1
  • Permanent oxygen reduction in server and technical rooms
  • 10 separate fire compartments
  • Separate extinguishing systems in corridors, stairwells and offices
  • Fire compartments upgraded to between F30/T30 and F120/T120 as required
  • Early fire detection with activation at alarm centre
  • VdS fire alarm system with fire service override

Virtual security

  • Intrusion Prevention Systeme, DDoS Mitigation inklusive Remote Triggered Black Holing (RTBH) und mehrfache Firewalls
  • Regelmäßige Security- & Datenschutz-Audits
  • Netzwerk- und Services-Monitoring
  • Information Security Management System nach ISO 27001
  • Zusätzlicher Standort für Datensicherung

 

SimonsVoss Technologies GmbH, with headquarters in Unterföhring near Munich and a production and logistics center in Osterfeld/Saxony-Anhalt, has been part of Allegion™ since September 2015 and is thus part of a globally active network. Since the market launch of its digital locking and access control system "3060" in 1998, the company has modernised its (once predominantly mechanical) locking technology in line with modern technological standards and is now regarded as a European technology leader in the field of battery-powered electronic locking and access control systems.

 

About Allegion™

Allegion (NYSE: ALL) is a global pioneer in access control, with leading brands including CISA®, Interflex®, LCN®, Schlage®, SimonsVoss® and Von Duprin®. With a focus on door and access security, Allegion offers a wide range of solutions for people and property - homes, businesses, schools and more. Allegion achieved a turnover of 2.7 billion US dollars in 2018 and is active in almost 130 countries. www.allegion.com

Press contact

Gabriele Weichesmüller
Marketing & PR Communication Team

SimonsVoss Technologies GmbH
Feringastraße 4
85774 Unterföhring, Deutschland
marketing-simonsvoss@allegion.com