Access Control: Selecting Management Systems
by Security Electronics and Networks | @Access Control Articles | August 28, 2011, 7:00am AEST
RIGHT up front let’s talk about distributed multi-server environments. We need to get this under our belts immediately because as we move on to local access control management next month, the nature of applications is going to have a major impact on the way we want the features of access management systems expressed.
Simply, if all you’re doing is handling a single site; then door controllers and a central server, or door controllers and a dedicated workstation; may be all you need. But if you’ve got a multi-site or multinational application on your hands then you will need to think multi-server for reasons of economy in both comms and operational support. That’s what we’ll talk about here.
A good multi-server access control solution will be linked in an hierarchical structure or peer-to-peer in a distributed environment using affordable and available data networks. Because this is access control and because your local door controllers are intelligent in their own right, network demands are low and they are intermittent. You don’t need Gb/s with 99.99 per cent uptime for remote access control.
In an hierarchical structure, a designated central control centre located where suitable, has monitoring, support and administrative control over other servers. This location may be in head office or in a location where overall costs are lower – everything depends on the nature of the business and its geographical spread.
“A good multi-server access control solution will be linked in an hierarchical structure or peer-to-peer in a distributed environment using affordable and available data networks”
The other model is peer-to-peer, which allows any site to monitor and manage all the access control and integrated security functions of any other site. Along these lines, the system can be built so that all sites have the ability to monitor and manage local operations and functionality if they chose. All this depends on the underlaying nature of the management solution installed.
So – we have an access control management solution that can be managed locally, or managed by a central location, or managed by security staff at any other company facility, or all 3, depending on the needs of the moment. What features and functionalities does our system need?
We need cardholder management which allows us to manage cardholder details, authorisation levels and the sites to which they are authorised access. Again, the complexity of this depends on the nature of the business to which the functionality is being applied. In an enterprise solution you need global management of cardholders.
Alongside cardholder management you also need the ability to handle evacuation reporting. Including aggregation servers in your access control system means that should a serious event take place; whether it be fire, earthquake or social upheaval; you’ll have the last known locations of all cardholders on a given site. One of the great strengths of a multi-server solution is the fact any other server in a network can be designated the task of cardholder status for all staff in the entire network.
Another key piece of functionality will be the ability to monitor alarms and hardware, including locking devices, and to manage remote alarm events, including completing reports. There may also be the need to shunt relays or access integrated control devices in order to manage remote plants or hardware.
There are going to be network consideration in an enterprise access control system. These will cover communications security, response to network failure, a model for disaster recovery as well as the ability to report system status to multiple locations.
Obviously, access network data comms needs to be small in size and tough, with use of industry standard encryption keys being vital. You’ll also need secure authentication between network points and there should be adequate protection from external network attack.
Because local controllers form the heart of an access control system, network failure does not cause system-wide failure. But for monitoring and management you need a local server to allow full system functionality if a central location is offline for an extended period.
Defending that local server with failover support depends on considerations like network design and dollars but it’s best practise from a network and security point of view. Your access control solution should be capable of hot standby in the event of local server failure.
Good access control system designs should allow remote servers in a multi-server access control solution to link to a hot standby in the event of failure to establish the nature of the failure, the extent of the disaster event, if this has occurred, and to support the local site through monitoring and management and administration of access control and integrated systems, which may include fire control, evac, CCTV and more.