ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo

    IT Discussion
    colocation physical security
    6
    18
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NashBrydgesN
      NashBrydges
      last edited by

      So it turns out that a new client I picked up has their gear colocated at the datacenter in Waterloo that is the same as the CloudAtCost datacenter. In fact, the datacenter website "sells" cloud servers called "CloudPRO" and is showing pretty much the same video on their site as on the CloudAtCost site.

      Client is renting a 1/4 rack at this datacenter and the racks do not have separate sectioned off space so if another customer rents a 1/4 rack for example, their gear would be in the same rack as my new client's gear with no physical separation between the 2. Customers who rent 1/4 rack or more are allowed to come and go as they please 24/7 unescorted however they aren't provided any locking capabilities since they share the rack space with other clients. I know when renting a single U or 2U space, that's typically how they're setup but for those instances, I believe the standard practice is that you need to be escorted as this is how they provide physical security.

      I've only really dealt with 3z in Toronto and they have the lockable 1/8, 1/4 and 1/2 rack options. Am I wrong in thinking this should be an alarm bell? What's common practice across colo locations you have worked in? Are shared racks allowed unescorted access?

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • jt1001001J
        jt1001001
        last edited by

        The data center we colocate in provides sectioned racks for 1/4 and 1/2 customers. Single and 2 u rentals get shared rack space so customers are required to lock their gear either with bezels or have to order locking panels. We can come and go as we please with ID and Keycard access and our racks have separate combination locks to open them. We currently rent full rack but we started with a 1/2 rack.

        1 Reply Last reply Reply Quote 0
        • IRJI
          IRJ
          last edited by

          I wouldn't host there if they paid me to do it...

          1 Reply Last reply Reply Quote 1
          • 1
            1337
            last edited by

            Do they log who comes and goes? Are there security cameras?

            1 Reply Last reply Reply Quote 0
            • NashBrydgesN
              NashBrydges
              last edited by

              Yeah they have key fob access so I assume access to building and rooms is logged. I’ve also spotted UniFi cameras facing every aisle.

              ObsolesceO 1 Reply Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @NashBrydges
                last edited by

                @NashBrydges said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                Yeah they have key fob access so I assume access to building and rooms is logged. I’ve also spotted UniFi cameras facing every aisle.

                That's all fine and dandy after the fact, after the damage has been done. One of the risks in Colo, but still not as much as alternatives.

                1 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @NashBrydges
                  last edited by

                  @NashBrydges said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                  I've only really dealt with 3z in Toronto

                  Those guys are awesome, that's who I use in Canada!

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @NashBrydges
                    last edited by

                    @NashBrydges said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                    Am I wrong in thinking this should be an alarm bell?

                    Everything about this should set off alarms. Your gear is basically being handed to an anonymous third party. And the datacenter is run by known crooks!

                    1 Reply Last reply Reply Quote 1
                    • IRJI
                      IRJ
                      last edited by

                      If I was running anything with ColoudAtCost, I would assume its a spot instance. In other words, it could be spun down at literally any time. Sometimes spot instances are ok for some testing functions, but its not something I usually see with colo.

                      The amount of downtime these guys have had in the past, not to mention the shady business tactics, you cannot trust them at all. I am sure they are cheap as hell.

                      I wouldn't trust their physical security at all. They have blatantly lied to customers before and they'll do it again. Just because they have cameras doesn't mean they give a shit. If something bad happened, I doubt they would disclose anyway. When you are a crook legal contracts mean nothing.

                      1 Reply Last reply Reply Quote 1
                      • 1
                        1337 @Obsolesce
                        last edited by

                        @Obsolesce said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                        @NashBrydges said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                        Yeah they have key fob access so I assume access to building and rooms is logged. I’ve also spotted UniFi cameras facing every aisle.

                        That's all fine and dandy after the fact, after the damage has been done. One of the risks in Colo, but still not as much as alternatives.

                        A locked rack is like telnet with 1234 as password. It will only keep honest people out.

                        Because a datacenter has a customer that uses shady business practices doesn't mean anything. The same video doesn't mean it's the same owners. It could mean that they just used the datacenters video.

                        So I wouldn't worry about other customers having access to a customers "locked" rack versus "unlocked" rack. But I would weigh in physical security as part of the value you are paying for. And also to account for the risk that data end up in the wrong hands. If the risk is acceptable or not, depends on the customer and their data.

                        scottalanmillerS 3 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @1337
                          last edited by

                          @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                          Because a datacenter has a customer that uses shady business practices doesn't mean anything. The same video doesn't mean it's the same owners. It could mean that they just used the datacenters video.

                          Except Cloud@Cost is just one "face" of a datacenter company. The issue isn't the datacenter having a shady customer, although certainly they must, but that the datacenter IS the shady company here.

                          The bigger concern isn't the other customers stealing your stuff, but the datacenter itself (and then maybe blaming other customers.)

                          1 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @1337
                            last edited by

                            @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                            So I wouldn't worry about other customers having access to a customers "locked" rack versus "unlocked" rack. But I would weigh in physical security as part of the value you are paying for. And also to account for the risk that data end up in the wrong hands. If the risk is acceptable or not, depends on the customer and their data.

                            This is a vendor so bad, both unethical and incompetent, that it would be the vendor equivalent of running servers but not having RAID or backup for your data.

                            In general terms we say "if data is worth backing up, it isn't worth storing". In server terms, if a server is worth powering on, it's worth not putting at C@C (or whatever name they use today.)

                            1 Reply Last reply Reply Quote 0
                            • 1
                              1337 @scottalanmiller
                              last edited by

                              @scottalanmiller said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                              @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                              Because a datacenter has a customer that uses shady business practices doesn't mean anything. The same video doesn't mean it's the same owners. It could mean that they just used the datacenters video.

                              Except Cloud@Cost is just one "face" of a datacenter company. The issue isn't the datacenter having a shady customer, although certainly they must, but that the datacenter IS the shady company here.

                              The bigger concern isn't the other customers stealing your stuff, but the datacenter itself (and then maybe blaming other customers.)

                              But where are the proof for what you said? How do you know it's not another colo customer?

                              scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @1337
                                last edited by

                                @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                A locked rack is like telnet with 1234 as password. It will only keep honest people out.

                                That's why top end datacenters don't let anyone in.

                                On Wall St., even the internal IT staff weren't allowed in the datacenters.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @1337
                                  last edited by

                                  @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                  @scottalanmiller said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                  @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                  Because a datacenter has a customer that uses shady business practices doesn't mean anything. The same video doesn't mean it's the same owners. It could mean that they just used the datacenters video.

                                  Except Cloud@Cost is just one "face" of a datacenter company. The issue isn't the datacenter having a shady customer, although certainly they must, but that the datacenter IS the shady company here.

                                  The bigger concern isn't the other customers stealing your stuff, but the datacenter itself (and then maybe blaming other customers.)

                                  But where are the proof for what you said? How do you know it's not another colo customer?

                                  Doesn't matter. It's the datacenter that we are concerned about. That risk alone makes the whole situation unacceptable. That there is also the risk of the other colo customers is just icing on the cake of "nope" that we already have. Not knowing which bad actor in this case doesn't change anything.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @1337
                                    last edited by

                                    @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                    But where are the proof for what you said?

                                    Besides their corporate filings and postings online? We aren't claiming anything that they've not announced themselves. It's public info, not something in question or disputed.

                                    1 1 Reply Last reply Reply Quote 0
                                    • 1
                                      1337 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                      @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                      But where are the proof for what you said?

                                      Besides their corporate filings and postings online? We aren't claiming anything that they've not announced themselves. It's public info, not something in question or disputed.

                                      Well, if it's truly the datacenter that is shady, then I would strongly urge my customer to move their gear elsewhere as quickly a possible. Locked rack or not.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @1337
                                        last edited by

                                        @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                        @scottalanmiller said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                        @Pete-S said in Turns Out My New Client Has Colocation At CloudAtCost Datacenter In Waterloo:

                                        But where are the proof for what you said?

                                        Besides their corporate filings and postings online? We aren't claiming anything that they've not announced themselves. It's public info, not something in question or disputed.

                                        Well, if it's truly the datacenter that is shady, then I would strongly urge my customer to move their gear elsewhere as quickly a possible. Locked rack or not.

                                        Exactly, that's what we're thinking. It's the datacenter (aka Cloud@Cost) that is scary here.

                                        1 Reply Last reply Reply Quote 0
                                        • 1 / 1
                                        • First post
                                          Last post