Enterprise Access Control Solutions
by Security Electronics and Networks | @Access Control Articles | April 6, 2010, 7:00am AEST
A MARKET is a sort of commercial ballroom dance in which manufacturers and distributors flaunt their assets and integrators and installers accept or reject what’s on offer by committing to a particular product. The point here is that while integrators can ‘vote’ for the success of a new product or technology by using it, they can only contribute to the success of products that are offered to them. While integrators might contribute to upgrades, they are generally not plugged into R&D teams.
This fundamental makes it interesting to consider what installers really think about products and functions in the key areas of enterprise access control, PSIM and unification – the bringing together of multiple solutions on a single user interface.
According to Dean Monaghan of Integrators Australia, from his perspective, the key capability of enterprise access control solutions is non-proprietary Ethernet hardware with high capacity offline abilities that supports WAN based architecture. Monaghan says vendors are starting to realise the importance of this capability and are introducing server redundancy measures as core software components.
While PSIM and unification’ have long been touted as having an impact in all areas of building management. The question is whether this will impact on enterprise access control? Will we see, in the real world, access control, intruder detection, lift control, video, air conditioning bound together from all manufacturers – or does it depend on application?
“PSIM and Unification are great buzz words to describe functionally which has always been available, that is inter-system reasoning capabilities,” Monaghan explains. “What is exciting is that this type of technology is becoming closer to mainstream as vendors compete; end users are becoming savvier and demanding of their applications and this is driving competition.”
Something else that’s of interest is whether integrators see a more direct push towards IP in access control with networked door controllers and even encrypted readers running on WANs, or whether they think the demands of distributed architecture mean there will always be a role for more traditional control modules that give local management independent of networked components.
According to Monaghan, TCP/IP is a great medium for data transmission for many different applications and is the best for some.
“It’s not, however, always well suited for certain localised telemetric-type systems such as access control,” he says. “When people explain that they are going to IP based access control their reasoning is often ‘because it’s better’ or ‘more modern’. This is simply a myth. In many localised installations, an Ethernet-based backhaul is inferior in terms of security and reliability to traditional communications.”
Monaghan says there are some challenges installers and integrators should look out for when trying to install and commission enterprise access control solutions
“We have successfully delivered enterprise systems as a collaborative arrangement between departments,” he says. “Other technology industries are used to working in this fashion however traditional security integrators are not. The business processes involved in this type of delivery are important and unfortunately foreign to some integrators who are more accustomed to a single reporting path to a head contractor or end user.
“Our toughest install so far has been Melbourne Cricket Ground was upgraded from a legacy type EACS which completely failed and was totally un-documented. I think design documentation is of upmost importance and overlooked by many.”
What would Monaghan like to see more of from manufacturers in terms of product capability?
“Unification of intruder detection and access control capabilities,” he says. “Many of the global vendors seem to shy away because of local regulatory compliance hurdles. This leaves the door open for a small number of localised manufacturers to move at a snail’s pace in terms of product development.”
Over at Kings Security, a company that has installed some serious enterprise solutions, Peter Roche would like more in the way of remote access/management and smarter front-end management software that was more networkable.
Roche, too, sees opportunities for unification.
“There are lots of opportunities here for unification,” he says. “I think first in the security space (access, intruder and video) with the possibility of outside industry BMS, etc, being added.”
There’s no doubt that when thinking of enterprise access control it’s tempting to think of huge global systems handling vast global corporations. Yet at the same time, these systems are just as well suited to multi-site organisations with a multi-site workforce.
“Yes,” agrees Roche. “Enterprise access control systems such as Lenel, Pacom or ProWatch are all capable of global or national multi-site management.”
Roche hungers for a shift towards IP across all parts of access control and intruder alarms.
“Yes, I hope so…it has to come. Access control and intruder detection systems can’t stay on an analogue platform forever. If we want true unification with video then something has to change,” he says.
For Roche, the key considerations of enterprise access control solutions include ease of administration, remote management, SQL databases reporting modules with secure management being web-based. And he says key challenges include site infrastructure including networks and client willingness to learn new systems.
“Things the makes a major access control installation easier include system design, engineering, staging, factory acceptance and testing – and good construction document – it’s all in the planning!” he says.
According to Roche, the enterprise solutions he thinks are best come from Lenel and Pacom Systems but there are a few things he’d like to see more of, including open architecture, SQL databases and reporting modules.
Skipper of Logical Services, Brendan Bain thinks that the viability of unifying solutions including security and building management depends on application.
“Just because a product can interface to another product doesn’t always make it a practical solution,” says Bain,
“And just because we can connect something over IP doesn’t always make it practical or more secure for that matter. We might end up opening the back door to all the IP-based viral issues and then have to spend additional time and money to protect our projects. Closed circuit still has so many advantages over IP.”
Bain agrees enterprise are ideally suited to multi-site applications.
“Absolutely, as soon as you have even 2 linked remote sites requiring autonomous operation in the event of cross site communications the enterprise access control solution is necessary for reliable and simple client management. This could aid a simple shop with a separate warehouse as well as global corporations.
“Key considerations for end users thinking about enterprise solutions include autonomy of sites should they be disconnected from any server or headend infrastructure, ensuring software compatibility with today’s wide range of operating systems including mobile platforms, software useability for the end-client and ongoing royalty payments and annual subscription costs to software manufacturers.”
When it comes to installer challenges, Bain puts his finger right on it.
“The biggest challenge is the vast array of IT platforms encountered and configurations they require. It seems more and more manufacturers are trying to be more Microsoft-friendly but at the same time more and more corporations are trying to avoid Microsoft wherever possible. From our perspective, all our installations are tough, some are just tougher than others. Tough is the new normal.
“As for things that make major enterprise access control installations easier, nothing today makes it easier because as soon as you master a platform it is superseded and you need to move on to the next one,” he explains.
“At the moment the reduction in installation time of physical backbone cabling is usually consumed by setting up IP connections. No complaints as I love technological advancement but this is a challenge for installers.”
According to Bain, the best enterprise access control solution in his opinion comes from Inner Range.
“We are really excited about the Inner Range Integriti and Infiniti platforms,” he says. “It seems IR has concentrated on including the best features in the industry in both hardware and software, with low installation costs and no ongoing annual subscriptions for anything.
“The new Integriti system by Inner Range does not require some form of IP-connected intelligence to provide full functionality so it is a winner for us and our clients.”
What would Bain you like to see more of from manufacturers in terms of product capability?
“Just a continual release of additional product features but with backward compatibility to a manufacturers own legacy equipment set,” he says.
Over at Metro Integrated Security, Ashley McCormack says that from his perspective, the key capabilities of enterprise access control solutions include having legacy controller integration, peer-to-peer topology, and an open platform SDK for systems integration.
As far as the potential for unification of multiple systems including access control, intruder detection, lift control, video and air conditioning, McCormack says this will depend on application and the size of the organisation requiring it.
“Enterprise access control has a very physical responsibility,” McCormack explains. “I can see the convenience in being able to control access or lockdown access from a central dash board. However, I think this poses a danger if the system is compromised.
“I think that PSIM should have access to an open format for real-time data from controllers but not for control. PSIM control of access could in the case of network readers and locks require open network control to the edge, and this would be the network’s greatest vulnerability.
“All systems working in harmony? It will be the way centralising services in larger organisations, however facilities systems are a cost of doing business so ROI on combining infrastructure needs to be a requirement.
“Additionally in a perfect scenario a PSIM platform could be a good servicing tool and may be able to assist with the demarcation of services, identifying whose side of the fence the issue lays. However, at present mismatching firmware and incompatible SDK’s also pose unique challenges.
“I would expect for it to work successfully a unifying open network communication standard, perhaps we could call it ONACIF. But at the end of the day code is code and it all comes down to time, money and smarts. Security is about ease of use and difficulty to disable.”
When it comes to enterprise applications, McCormack things multi-site applications and multi-site staff are the perfect fit.
“Absolutely. In my opinion, I think that this is the best approach. At the end of the day, regardless of the best intentions of a global enterprise approach, all sites need local control,” he says. “There is a danger of globally centralising databases and thereby compromising response time of services and information.
“I know of systems where the facilities staff have no local control of their access systems and must send applications to the designated control point for their organisation to do simple things like names, cancelling cards, and running reports. I don’t think it is affective for day-to-day running.
“I think the mobile (multi-site) workforce presents a unique opportunity. Especially as they tend to work outside the 9-5 work day. Being able to monitor after hours site access is essential for facilities staff and when structured correctly can assist with duty of care, fitness for work and Workplace Health and Safety responsibilities. It’s all in the reporting.”
McCormack sees an ongoing push towards IP in access control with networked door controllers and even encrypted readers running on WANs but he has reservations.
“It will go there but I am not convinced it is the most secure way to go. You can encrypt all you like – it is the network vulnerability that is overlooked from internal and external attacks. Every device that is a plug-and-play set-up means that you are placing infrastructure at the edge and opening the network to vandalism and brute force attacks. You might as well have an open RJ45 jack next to the reader and save on the need for a service call for reader repair.
“I have seen networked readers communicating multisite to a centralised database. These can use a VLAN on the existing client network to save costs on infrastructure. Unless the client is happy to pay for a back up 3/4G connection, network goes down so does the security. I haven’t met an IT manager yet that would allow such exposure on their network. As old as it is, RS-232, 485 and Wiegand have their place.”
McCormack says key considerations for end users thinking about buying enterprise access control solutions are budget and application.
“I believe a system must be fit for purpose. What do they want controlled? Who is going to control it? What type of report and archiving will they need? Which department will be responsible for the control and service?
“Challenges for installers, if a system is standalone include just having sufficient knowledgebase in your system design. Or the challenge can be with integrating multiple systems or with some integration applications.”
According to McCormark, Metro’s toughest jobs have involved installing security in IT departments.
“Access is still a very physical system and explaining the need for system structure is a repeated education exercise. There still is a problem with end users wanting remote access and IT department’s not allowing holes in their security.
“If you want to make a major installation easier it is about establishing a good relationship with the IT and Facilities departments. The days of using dedicated security network infrastructure are becoming less and less. Once IT is on board and it sees security as a support service to the IT department, the rest is easy. Just don’t mention CCTV or the word bandwidth.”
McCormack says something he’d like to see more of from manufacturers is greater security.
“We are entering an age where programming code is a universal second language and this calls for greater security in our systems. As we push towards integrated networks and engineering software gives way to browser interfacing to devices for system setting changes and unifying our systems,” he explains.
“We are opening up an easily recognisable format.Proprietary protocols to date have meant local system knowledge to do any harm. If we are not careful with open network approaches we will see front doors popping open from the other side of the world.”