Considerations and Challenges of Enterprise Access Control Solutions
Enterprise access control is not for the faint-hearted.
Enterprise access control solutions deliver end users an elevated level of capability, allowing users to apply policy enforcement to business risk and to secure physical and IP assets to a global standard. The ability to manage staff access globally, to track staff and assets, can mean easier integration and reduced operating costs. However, enterprise access control is not for the faint hearted. It’s a process that requires careful planning and execution.
Enterprise access control is a wonderful concept. The ability to manage staff and assets globally puts considerable power into the hands of managers – the expanded capabilities of the latest access control and security management solutions only makes this power greater. But the notion of enterprise access control and the application are two very different things. It can be challenging to get your head around the topology of an enterprise solution, let alone system design and the nature of programming.
According to Daniel Joubert at Inner Range enterprise access control systems differ significantly from site to site.
“They will generally be IP based systems that are modular and scalable,” Joubert explains. “Enterprise sites that span multiple geographic locations require an IP-centric architecture for the deployment of controllers and their connection to the head-end software. Over time, enterprise sites can significantly increase in dimensions, a modular platform such as Integriti is easily able to scale to accommodate any size enterprise site.
“When compared to multiple single-site installations an enterprise system reduces the operator training costs, improves situational awareness and reduces the ongoing cost of maintenance and site administration,” he explains. “An enterprise access control system, such as Integriti, offers a single unified front end that works as an aggregation point for all the sites sub-systems.
“Enterprise systems offer significantly better integration to other systems such as CCTV, building management, active directory and visitor management, just to name a few.”
According to Joubert, the key selection considerations when it comes to enterprise access control depend on the application, to considerable extent.
“No two enterprise sites have the same requirements, in some cases, the true requirements of a site are unknown until the solution is in use,” he says. “When selecting an enterprise access control solution, it is essential that the system is agile and scalable to accommodate a diverse range of installations. For instance, our Integriti solution provides the flexibility for deployment in large or small buildings on sites that are in close proximity or span the globe.
“Importantly, the Integriti platform was designed to allow easy upgrades of both legacy Inner Range products and other manufacturer’s systems. Integriti offers a cost-effective replacement path for Inner Range’s legacy products due to its comprehensive backwards compatibility. Integriti is also able to replace third-party systems while using existing cards, readers and door hardware. Additionally, Integriti supports any end of line configuration allowing existing detection devices to be used and reducing the overall cost of an upgrade.
“Integriti’s deployment architecture supports both a flat distributed IP based deployment or a deep RS485 LAN based topology. This versatile architecture provides the best of both worlds making Integriti the ideal choice for replacing localised systems while leveraging the sites existing topology.”
Joubert says features integrators should be looking for to assist with installations are those that simplify the process and enhance support.
“Integrators require features that simplify installations and ultimately reduce commissioning time,” he says. “Handy features such as the auto-discovery of hardware and peripheral devices or module beepers to locate physical hardware can have a beneficial impact on an installation.
“Integriti’s flat IP-based or deep RS485 LAN deployments allow installers to leverage existing architecture and provide the flexibility to overcome installation hurdles. No installation will be completed without issues, a system that is backed with skilled and responsive technical support is often the most valued feature for the integrator.”
When it comes to enterprise applications, the real heavy lifting of the system over many years is going to be done by the end user and its security or facilities management staff. That means potential customers need to carefully consider feature sets to ensure they get exactly what they need.
According to Joubert, end users should insist on a system that is easy to use above any specific feature.
“An easy to use system empowers end users to take control of the management of their site,” he says. “An enterprise system that can combine all of a site’s bespoke systems into a simple intuitive dashboard will significantly reduce operator training and the total cost of ownership.
“Additionally, a system that can be tailored to the experience level and capabilities of the operator will assist in site management. Restricting what an operator can see and how they can interact with the system will reduce much of the risk associated with human error. Operators will inevitably make a mistake and when this happens the system must provide a full audit trail of every programming change. This allows unwanted changes to be easily reverted.”
The most challenging aspects of installing an enterprise access control system is planning, says Joubert.
“Due to the scale of an enterprise access control system, often the most challenging aspect of installation is planning,” he says. “Installers need a system that is agile and flexible that can be used to resolve, rather than create problems. The physical deployment of the access control modules and door hardware is always a challenge since the integrator is restricted by the products deployment topology. You need a solution with a flat or deep topology and flexible deployment options, including wireless door hardware and detection devices.”
Something users need to consider is how much more important the security management system is in an enterprise application and they’ll also need come to decisions on mobile management, as well as global credential choice.
“The importance of security management is largely determined by the site, however, an integrated intruder detection and access control system provides a platform to build solutions based on the unique needs of sites,” says Joubert. “An integrated system also provides the operator with complete visibility of the entire site and all the sites subsystems. This visibility improves response times when dealing with critical events such as duress alarms while providing the ability to control doors and lockdown a site.”
Integrating enterprise solutions with subsystems such as CCTV, visitor management is challenging with enterprise solutions and integrators and end users need to be across the general process, as well as establishing the pitfalls of managing this process globally.
“It is not only possible but expected for enterprise solutions to provide integrations to many subsystems,” says Joubert. “End users expect enterprise systems to do more than just simple access control. For example, integration between access control and building management lower the running cost of buildings by tracking room occupancy. One pitfall of an integrated enterprise solution is access to support from multiple manufacturers, especially when a manufacturer is not located in the same time zone.”
Over at Alarmcorp, technical director, Jeff Rushton, explains that components of a global access control solution can vary. But he says that for a solution like Vanderbilt SiPass, a basic system requires a server to run the management software, and the client gains access to the system through remote workstations via a thick client or web browser.
“The network consists of a number of advanced central controllers (ACC’s), which store all of the site’s information and event history,” Rushton says. “Each ACC can control anywhere from 1 to 96 doors and the card readers can be any technology, in fact multiple card technologies can be assigned to the same cardholder. The client’s other connected systems, including payroll, lifts, CCTV, intercoms, etc, can be connected to SiPass via Ethernet or serial.
According to Rushton, in its most basic form, the obvious advantage of enterprise access control is global management of sites and cardholders.
“Many global organisations now standardise on an enterprise platform that has worldwide acceptance, they can then have the system installed and supported locally, but the overall control and reporting is done via the company’s headquarters,” he explains.
Rushton’s key selection considerations when it comes to enterprise access control include multiple reference sites, similar in size and complexity to the proposed project; as well as the flexibility and openness to integrate to other platforms to either control or take control of your system.
“Level of security is important, too,” he says. “It’s imperative that the correct card/reader technology is chosen to facilitate a smooth migration from current to future technologies. And the selection of integration partners is paramount – they need to be chosen wisely to ensure the highest level of technical competence is held within the organisation.”
Gunnebo turnstiles help manage traffic flow.
When it comes to upgrading an existing local solution to an enterprise solution, Rushton says anything can be upgraded and he points out that time and cost are the deciding points.
“For most existing local solutions, the only component that would remain would typically be the cards and readers, pretty much all other hardware would be replaced,” he says. “In saying that, if the reader technology is old, then an upgrade should include replacing this hardware as well. In our case, the migration from an old Vanderbilt Sipass system to the latest Vanderbilt SiPass MP2.75 system can be done with minimal hardware changes.”
When it comes to features important to installers and integrators, Rushton argues the simplest tools can be the best.
“One key example with the Vanderbilt SiPass solution is that PCB’s have multi-coloured LED’s on board to show the status of key processes, ie from communication right through to the state of every relay and input,” he explains. “This allows the integrator to easily identify the state of the entire system, greatly reducing installation and service times. The SiPass system also has a number of reports and live status feeds that can be utilised to diagnose any fault.
“Frankly, the installation process is typically the easiest part of the work. The most challenging component is the interpretation of the end users’ requirements, understanding their work processes and ensuring the system is programmed with the flexibility to encompass those processes. The introduction of an enterprise access system should not hinder the current operation of a business. For medium to high end complex systems, it’s important to create a flow chart with the customer, develop the forms and paper trail that is required and ensure that these are completed and submitted, well before the hardware installation.
“For end users meanwhile, key features include complete offline access with all data being held outside the main server and the ability to store and manage multiple card technologies for a single user is important. Ongoing security is critical, so the ability to restrict login access down to a floor or department ensures only approved staff have access to sensitive information. More broadly, the system needs to be open and flexible to connect to a variety of third-party systems.”
Rushton is not convinced by mobile management of enterprise solutions.
“Let’s assume in an enterprise application, we have manpower constantly operating the system, monitoring access and alarm conditions (which should be the case in 100% of installations),” he explains. “In such a case, I don’t believe mobile management is required, as all instructions are relayed via control room staff. The SMS is required to be able to suppress an alarm, only when a series of programmed checks occur to satisfy the alarm status.
“The programming of alarm points needs to ensure only actionable events are displayed to an operator with clear instructions and a list of actions required for this event. The resolution process should include the operator logging the procedure and response as well as attaching any supporting information to the entry.”
Integrating sub-systems is one of the big challenges of enterprise solutions and Rushton says multiple levels of integration should be available with a well-designed enterprise access control solution.
“Most integrations require a third party to write the interface between the two systems and test the operation,” he explains. “For example, a large organisation might use a human resources platform to start and terminate staff. Without an HLI, the HR staff might be required to send employee details to the security department to have them manually enter or change employee access details.
“However, with a full integration between the portals the HR staff could simply select the department and the start/stop dates of employment and they could then issue a card to the employee as part of their induction process, this would save a significant amount of time a greatly reduce any errors.”
Rushton explains that here are 2 main pitfalls to third-party interfaces:
1)The level of demarcation, if there is a fault whose problem is it? The security integrator, the HR system, or the interface between them?
2)The second issue relates to software revisions. Once an interface is written and tested, any changes to the software to the HR or security system may cause the interface to cease working, and this would require the interface to be rewritten.
Another consideration of any enterprise solution is selection of proprietary or open systems and which offers best integration and SDK support.
“Both types of systems have a place, and manufacturers of both will tell you why their system architecture is better,” Rushton explains. “Open systems include a variety of SDKs or other open protocols, and the process to connect third party products is a relatively simply one.
“The ability to integrate is paramount. If the SDKs are supplied with full documentation from the manufacturer then the need for them to offer whole-hearted support will be greatly reduced. For proprietary systems SDKs are not generally available and the entire integration process is controlled by the manufacturer, with the end user having limited input over competitive pricing and delivery timelines.”
According to Hikvision, the main components of an enterprise access control solution are central management server, controllers, card readers, locks, exit buttons, etc, and the key selection considerations of the system are system stability and security. Important features for installers are ease of set up, good functionalities for different scenarios and excellent post-sales support. Meanwhile, users need ease of operation, system security, system stability and ease of expansion.
“When it comes to advantages compared to multiple single-site installations, enterprise access control is managed by a central server,” says Hikvision. “This means it can monitor all the door status and search logs in the entire system. An enterprise access control system is much easier to operate, expand, and integrate.
“It is possible to upgrade an existing local solution – generally you need to replace multiple single-site devices with enterprise access controllers and create a new database for the whole system. Challenges are like to include things like setting up a perfect database with all user information, alarm linkages and access levels.”
Hikvision says it has integrated its access control with CCTV and visitor management.
“The general process for the integration with CCTV would be popping up the video clip when there is an access control event that needs to be monitored and reported. The network lag and visit card recycling are always pitfalls. We see that open systems are popular in the market and better integration capability develops a bigger market for enterprise access control. SDKs and support from the manufacturer are also extremely important when a system is being integration for some large and complex application.”