I have worked at a few hosting companies and seen two schools of thought on this
- Do not allow customers into the server room. The argument is basically it raises security (this news story is normally provided as a reason that security is only good if you know the people) and privacy and that if you provide a local terminal for them it is good enough.
- Allow customers into the server room because people need access to their machines and it makes a good show piece.
Is there any reasons (such as legal, compliance etc...) that you should not allow people into the server room?
says it all, really :)
Assuming that the hardware for each client is segregated in separate cages, etc. then I see no reason not to let people in to the server room. However for highly sensitive critical data, e.g. Banks, Police etc I would only ever what an extremely small number of qualified people in that room. When it comes to customers how do you know they are qualified and equally not malicious. Not worth the risk.
In these situations where the slightness downtime or loss of data would incur huge issues it is always safe to err on the side of caution.
In my experience 75% of service/system outage is down to a 'layer 8'/wetware problem - people spilling drinks, pressing buttons they shouldn't, tripping over cables, even 'testing' RAID failover for no damn reason!
Keep people out, one way of doing this is to have a manual entry log with a 'reason for entry' field that they have to write themselves - that'll stop people without a good reason.
Personally if I was host my equipment somewhere else, and they wouldn't let me in to work on it, I'd be pretty annoyed. I understand you need to keep your facility secure and letting anyone off the street in is a bad idea, but if I'm paying you to host my equipment, then I have a vested interest in the security of my system, I'm not going to do anything to compromise that.
There should be security, I should need ID or a password or iris scan to get into the DC, but stopping me all together would just make me take my business elsewhere.
Physical Access to a machine == opportunity to root the machine.
Do not allow anyone into the server room who you do not want to give access to the equipment on the machine. Or, have physical access (along with KVM or other local/console means) to the controls of the machine restricted if you are going to allow others physical access to the machine room.
The best practice in my mind is to either prevent access entirely to non-admins, to provide a security escort while someone's in the server room who is not authorized for global access (i.e. vendors), or to keep key-locked hardware in place and restrict keys to subsets of authorized users/admins. The last part is the best-practice for most colocation spaces where you as a customer will rent space.
Also: If you have the opportunity, make sure you have an "airlock" system that requires two forms of access, which prevents "tailgating". In our case, these are punch and card-scan locks. The entry into the foyer requires that you punch a code into a lock. Once you're in the foyer, you need to scan an ID card to enter the actual server room.
Beyond just "It's really a good idea", there's certain industry specific SAP's, laws, or regulations that might be involved. In an educational or government institution, I have specific laws I need to be sure are enforced in regards to access to student information. Similar requirements exist for companies who are publicly traded; they must comply with SOX. The medical industry, or any industry that handles associated identity information along with medical history, must follow HIPPA. Any company that stores credit card transactions must comply with their merchant agreements, which are usually VERY explicit about what the machines are allowed to store and who has access to the machines. Your industry's mileage may indeed vary.
Security has already been mentioned as a reason not to. Another is health and safety. DC's can be dangerous environments for the untrained. These can both be mitigated of course by policies such as "You must be accompanied by a trained member of staff for example. Our data center requires that staff are not given access unless they have done the appropriate course. And customers certainly are not allowed access unless accompanied.
I had a server coloc'd with a local data center that required an escort for access. Nothing like having a box down, having to stand around waiting for someone to become available so you can fix it. Then, that person gets to stand there bored, just watching. In that case, it was several hours. We do our servers in-house now...
SAS70 Compliance if you are doing that or Sarbanes Oxley has a provision for IT Controls around Financial Systems.
Think about this: Does a bank allow its customers to go into the vault and deposit or withdraw money into/from their account? The answer is: Only if the account boxes are individually secured, and even then they may have a guard accompany you. But the best thing for high security scenarios would be that they bring out your box to you when you need it, which high security banks do.
Allowing customers access to their own kit seems like a fundamental 'right'. The colo's security should be observant and structured enough that rack-by-rack access by customers is safe.
If other customers feel they require more security, then they can go off and get their own cage or room.