I don't think I've ever met a professional sysadmin who could defeat the evil maid attack. All the ones I've met would refuse to think about an attack vector if it implied they could not boot their servers.
Yep. Classically, we abdicate responsibility as soon as physical security is breached. With virtual machines the problem is mostly the same, but it moves from "true physical" to "virtual physical" -- once the host environment is breached, all bets are off.
Any sysadmin that claims to be able to protect against a physical access attack or its contextual equivalent is either lying or incompetent. In neither case should that sysadmin be considered "professional".
It won't stop a private individual, either, not even one with a budget of approximately $0. Cold boot and similar attacks, even just yanking the memory or forcing a CMOS reset, are trivial. Please tell me you don't do this for a living.
We are talking about live servers. Monitoring should detect server going down, raising suspicion of a physical attack.
The evil maid attack would be useful against the system admin's workstation. Securing NOCs is beyond the scope of this discussion, but it is not difficult.
I don't think I've ever met a professional sysadmin who could defeat the evil maid attack. All the ones I've met would refuse to think about an attack vector if it implied they could not boot their servers.