Cable termination, patch panels, patch cables and racks are designed to prevent emanations, cross-connecting or cross-patching systems of differing classifications as well as following good engineering practice.

]]> This section covers information relating to the configuration and installation of patch panels, patch cables and fly leads associated with communications systems.

]]> Reference should also be made to:

]]> The controls within this section are applicable to all communications infrastructure located within facilities in New Zealand. For deployable platforms or facilities outside New Zealand the Emanation Security Threat Assessments (Section 10.7) of this chapter of this manual MUST be consulted.

]]> For patch cables, the same connectors can be used for different classifications if the length of the higher classified patch cables is less than the distance between the higher classified patch panel and any patch panel of a lower classification.

]]> For Fibre optic patch panels are sometimes also described as fibre distribution panels. Their principal function is to safety terminate the fibre optic cable and provide connection access to the cable’s individual fibres.

]]> Fibre patch panels are termination units, providing a secure, organised chamber for housing connectors and splice units while organising, managing and protecting fibre optic cable, splices and connectors.

]]> Fibre patch panels can be either rack mounted or wall mounted and are usually placed near terminating equipment and connected with patch cables. Free standing patch panel racks are also available. Patch panels may also be mounted within standard equipment racks.

]]> Rack mount panels may have flat or angled faces to assist in organising the cables themselves. Angled panels are intended to direct patch cables into vertical cable managers on either side of the rack. This facilitates maintenance and reduces the requirement for horizontal cable management.

]]> Fibre patch panels can accommodate fibre adapter panels (also called connector panels), associated trunk cables, connectors, patch cords, and usually integrate cable management.

]]> There are several components in a fibre patch panel which may include:

Chassis or frame;
Drawer to facilitate access for installation and maintenance;
Cassette;
Coupler panels (adapter panels) – to hold the connector couplers;
The connector couplers (connector adapters);
Splice tray – organises and secures splice modules;
Patch cable management trays.

]]> While well over 80 different fibre optic cable connector types have been manufactured, there are between 15 and 20 types in common use.

]]> A multimedia modular panel allows copper and fibre cables to be terminated in the same rack mount space. It accommodates several different adapters, suited for Cat6a/6/5e/5 Ethernet cables and fibre patch cables.

]]> Standardised rack layouts and cable management are important for engineering support, security, equipment cooling and to minimise accidental or unnecessary outages. Many data centres will dictate a hotside (hot air out) and coldside (cold air in). The hotside is generally the rear of equipment and the rack. The coldside is generally the front panel of equipment and rack. The ducting of hot/cold air is often also standardised.

]]> Standardising rack layout and cable management minimises problems caused by:

Accidently not being able to locate end points of network and patch cables without tracing the cable end to end.
Physically impeding access to equipment.
Positioning of equipment and cables such that airflow (cooling) is impeded. As the density of equipment in racks increases, cooling becomes an increasingly important factor. Poor rack design combined with dense rack utilization can contribute to internal rack temperatures significantly higher than ambient room temperatures.

]]> Standardising rack layout and cable management also assists in the maintenance of separation and segregation between RED/BLACK systems.

]]> Separate RED/BLACK racks are easier to manage, build and maintain and reduce the opportunity for accidental or deliberate cross-connection of RED/BLACK systems. Ideally separate RED/BLACK racks should be used.

]]> In small installations (typically single workstation) shared racks are unavoidable. In such cases a shared rack configuration is permissible provided separation elements and controls are properly implemented. Extra care must be taken to avoid accidental cross-connection of systems. The following illustrates a standardised shared rack configuration where RED/BLACK and power systems are separated:

Figure 11: Separation of RED/BLACK

]]> In order to maintain the integrity of RED/BLACK separation, cables for power and data should be separately bundled as power RED or BLACK and data RED or BLACK. Cables should be run with as much distance between the bundles as can be practically managed, within the constraints of cable feeds and rack configuration. Ideally RED and BLACK should be on opposite sides of the rack. Cables should be no longer than required to avoid overlength cables compromising separation.

]]> In some instances there may be a requirement for external technical or other uncleared personnel to access BLACK equipment and components for servicing, repair or replacement. Care must be taken to maintain the integrity of RED equipment and components. This can be especially problematic in shared rack configurations as described above.

This requirement should be identified before installation takes place and segregation measures implemented. Ideally physical separation of BLACK from RED is the best solution, recognising however, this may not always be possible or practical. Other solutions may include, for example, a shared rack that has two doors with the RED door locked and alarmed so that BLACK equipment can be accessed without compromising the security of RED equipment. Discussion with the GCSB may identify other practical solutions.

]]> Further References available below:

Reference	Title	Publisher	Source
ISO/IEC 11801-5:2017	Data centres	ISO	https://www.iso.org/standard/62247.html
ISO/IEC TR 14763-2-1:2011	Information technology -- Implementation and operation of customer premises cabling -- Part 2-1: Planning and installation - Identifiers within administration systems	ISO	https://www.iso.org/standard/55236.html
ANSI/TIA-606-B	Administration Standard for the Telecommunications Infrastructure of Commercial Buildings	ANSI	https://www.ansi.org
ANSI/TIA-942	Telecommunications Infrastructure Standard for Data Centers	ANSI	https://www.ansi.org
PD IEC/TR 62691:2016	Optical fibre cables. Guidelines to the installation of optical fibre cables	International Electrotechnical Commission (IEC) Available through Standards New Zealand	https://standards.govt.nz
PD IEC/TR 62362:2010	Selection of optical fibre cable specifications relative to mechanical, ingress, climatic or electromagnetic characteristics. Guidance	International Electrotechnical Commission (IEC) Available through Standards New Zealand	https://standards.govt.nz
IEC 60794-2-31 Ed. 2.0 b(2012)	Optical fibre cables - Part 2-31: Indoor cables - Detailed specification for optical fibre ribbon cables for use in premises cabling	International Electrotechnical Commission (IEC) Available through Standards New Zealand	https://standards.govt.nz
IEC 60794-2-11 Ed. 2.0 b(2012)	Optical fibre cables - Part 2-11: Indoor optical fibre cables - Detailed specification for simplex and duplex cables for use in premises cabling	International Electrotechnical Commission (IEC) Available through Standards New Zealand	https://standards.govt.nz
AS/NZS 2967:2014	Optical fibre communication cabling systems safety	Standards New Zealand	https://standards.govt.nz
AS/NZS 14763.3:2017	Information technology - Implementation and operation of customer premises cabling - Part 3: Testing of optical fibre cabling	Standards New Zealand	https://standards.govt.nz
AS/NZS IEC 60825.2:2011	Safety of laser products - Part 2: Safety of optical fibre communication systems (OFCS)	Standards New Zealand	https://standards.govt.nz
AS/NZS ISO/IEC 24764:2012	Generic cabling systems for data centres	Standards New Zealand	https://standards.govt.nz
AS/NZS 61386.1:2015	Conduit systems for cable management - Part 1: General requirements	Standards New Zealand	https://standards.govt.nz
AS/NZS 61386.21:2015	Conduit systems for cable management - Part 21: Particular requirements - Rigid conduit systems	Standards New Zealand	https://standards.govt.nz
AS/NZS 61386.22:2015	Conduit systems for cable management - Part 22: Particular requirements - Pliable conduit systems	Standards New Zealand	https://standards.govt.nz
AS/NZS 61386.23:2015	Conduit systems for cable management - Part 23: Particular requirements - Flexible conduit systems	Standards New Zealand	https://standards.govt.nz
AS/NZS ISO/IEC 29125:2012	Telecommunications cabling requirements for remote powering of data terminal equipment	Standards New Zealand	https://standards.govt.nz
BS EN 61300-2-37:2016	Fibre optic interconnecting devices and passive components. Basic test and measurement procedures. Tests. Cable bending for fibre optic closures	British Standards Institution (BSI) Available through Standards New Zealand	https://standards.govt.nz
BS EN 60794-2-31:2013	Optical fibre cables. Indoor cables. Detailed specification for optical fibre ribbon cables for use in premises cabling	British Standards Institution (BSI) Available through Standards New Zealand	https://standards.govt.nz
BS EN 50411-2:2008	Fibre organisers and closures to be used in optical fibre communication systems. Product specifications. General and guidance for optical fibre cable joint closures, protected microduct closures, and microduct connectors	British Standards Institution (BSI) Available through Standards New Zealand	https://standards.govt.nz
BS EN 60794-2-30:2008	Optical fibre cables. Indoor cables. Family specification for ribbon cables	British Standards Institution (BSI) Available through Standards New Zealand	https://standards.govt.nz
BS EN 60794-2-21:2012	Optical fibre cables. Indoor optical fibre cables. Detailed specification for multi-fibre optical distribution cables for use in premises cabling	British Standards Institution (BSI) Available through Standards New Zealand	https://standards.govt.nz

]]> Cross-connecting a system to another system of a lesser classification through a patch panel may result in a data spill. A data spill could result in the following issues:

inadvertent or deliberate access to information and systems by non-cleared personnel; and/or
information spilling to a system of another classification.

]]> Cross-connecting Cables run to patch panels are best managed by bundling similar classifications or groups together. RED/BLACK separations should be maintained at all times. A simple approach to this is to bundle and run RED cables up vertical rails of the cabinet and BLACK cables up the opposite side. Where multiple cabinets are installed sides may be alternated to ensure RED/RED and BLACK/BLACK groupings are maintained by running cables groups up/down/across separate rails in the cabinet or in separate conduits.

]]> Agencies MUST ensure that only approved cable groups terminate on a patch panel.

]]> RED and BLACK cables must be separated and bundled.

]]> Cables equipped with connectors specific to a classification will prevent inadvertent cross-connection. These connectors can be keyed or have specific profiles to prevent connection to other systems.

]]> In areas containing cabling for multiple classifications, agencies MUST ensure that the connectors for each classification are distinct and different to those of the other classifications.

]]> In areas containing cabling for multiple classifications, agencies MUST document the selection of connector types for each classification.

]]> In areas containing cabling for systems of different classifications, agencies SHOULD ensure that the connectors for each system are different to those of the other systems.

]]> In areas containing cabling for systems of different classifications, agencies SHOULD document the selection of connector types.

]]> Appropriate physical separation between systems classified CONFIDENTIAL or above and a system of a lesser
classification (RESTRICTED and below) will:

reduce or eliminate the chances of cross patching between the systems; and
reduce or eliminate the possibility of unauthorised personnel or personnel gaining access to classified system elements.

Refer also to 10.1 – Cable Management Fundamentals for the discussion on RED/BLACK concept and cable separation.

]]> Agencies SHOULD physically separate patch panels of different classifications by installing them in separate cabinets.

]]> Where spatial constraints demand patch panels of different classification are located in the same cabinet, agencies MUST:

provide a physical barrier within the cabinet to separate patch panels;
ensure that only personnel cleared to the highest classification of the circuits in the panel have access to the cabinet; and
obtain approval from the relevant Accreditation Authority prior to installation.

]]> Standardised layout of rack and cabinets facilitates maintenance and reduces risk of accidental cross-connects. Cabinets may also include UPS or other power supply equipment which is most appropriately housed at the bottom of the cabinet. RED/BLACK separations of equipment and cables should be maintained. Refer to 10.6.16 in the Context above.

]]> Agencies SHOULD arrange the installation of cabinets as follows:

RED equipment at the top;
BLACK equipment in the centre;
Power equipment at the bottom.

]]> A rack diagram is a two-dimensional elevation drawing showing the layout or arrangement of equipment on a rack. It may show the front and the rear elevation of the rack layout. It does not have to be drawn to scale. This provides essential information when maintenance or development is undertaken or new equipment installed.

]]> Agencies SHOULD record equipment layouts and other relevant information on rack diagrams.

]]> Keeping the lengths of fly leads to a minimum prevents clutter around desks, prevents damage to fibre optic cabling and reduces the chance of cross patching and tampering. If lengths become excessive then agencies will need to treat the cabling as infrastructure and run it in conduit or fixed infrastructure such as desk partitioning. Secure patch cords properly to keep them off the floor or the base of racks, where they can be stepped on.

]]> Agencies SHOULD ensure that the fibre optic fly leads used to connect wall outlets to IT equipment either:

do not exceed 5m in length; or
if they exceed 5m in length:
- are run in the facility’s fixed infrastructure in a protective and easily inspected pathway;
- are clearly labelled at the equipment end with the wall outlet designator; and
- are approved by the Accreditation Authority.

]]> It is important that any metal trays or metal catenary are earthed for both safety and to avoid creating any fortuitous conductors. Effective earthing also depends on properly bonding all conductive elements of a cabinet, rack or case housing any equipment. Bonding requires good mechanical and electrical connection between conductive elements through bolts and nuts and/or earth straps or jump leads. Specialist bonding hardware is widely available.

]]> All earthing points MUST be equipotentially bonded.

]]> All conductive elements of a cabinet, rack or case housing any equipment MUST be earth bonded.

]]> Good cable management facilitates maintenance, promotes air flow and cooling, reduces risk of accidental cross-connects or disconnects and supports safe operation.

]]> Cabinet rails MUST be installed to:

provide adequate room for patch cables and wire managers;
provide adequate space for cable management at front, sides, and rear; and
arrange switches and patch panels to minimize patching between cabinets & racks.

]]> The labelling principles include the following:

Labelling is logical and consistent, across all locations, matching the project drawings;
The labelling scheme identifies any associated physical locations (building, room, cabinet, rack, port, etc.);
Labelling is easily read, durable, and capable of surviving for the life of the component that was labelled;
The labelling system, and the identifiers used, are agreed upon by all stakeholders; and
Labelling is all-encompassing and include cables, connecting hardware, conduits, firestops, grounding and bonding locations, racks, cabinets, ports, and telecommunications spaces.

]]> Specific labelling requirements include:

All labels use a permanent identifier;
The labelling/numbering scheme is logical in its organisation, using alphanumeric characters for ease of reference;
Each cable and each pathway is labelled on each end, and each label identifies the termination points of both ends of the cable;
All labels are legible, defacement resistance, and have high adhesion characteristics and durability;
Labels are placed so they can be read without disconnecting a cable;
Labels for station connections may appear on the face plate;
All jack, connector, and block hardware are be labelled on either the outlet or panel; and
All labels match with the any installation and maintenance records.

]]> Agencies SHOULD implement the principles and specific cable labelling requirements described above.

]]> It is important to separate copper data cables and power cables as all power feeds, line and connectors have the potential to emanate, create magnetic fields and cause interference with copper data cables if laid in close proximity to each other. Good practice is to:

Label power cords at both ends to minimise the risk inadvertently disconnecting the wrong power cord;
Colour code power cords and power strips;
Use locking power cords, receptacles, or retention clips.

]]> Agencies SHOULD follow best practice described above for the installation of power cables.

]]>