IP embedded panels. New embedded TCP/IP access control panels such as these from Keri Systems, support a new generation of supervised network readers.  Administration is through a completely new SQL, client/server software package.


If you only think about IP video, think again.

Access control systems that use the Internet Protocol (IP) for communications are expected to see strong sales growth this year. It’s an easier sell to the chief security officer’s IT people – access control data is tiny compared to security video.

So it’s not surprising that IP isn’t just making waves in the video world; it’s also making gains in access control. Roy Crute, Akron Hardware, noted that IP, once reserved primarily for the largest systems, is finding its way into medium-size systems, too. Even in projects with under 20 openings.

Three factors have played a prominent role in the evolution of the latest form of networked access control.

No need for a PC with installed software. For larger, more complex applications that require data to be maintained within an organization’s own network, Brivo – known for its remote access monitoring over the Web, now has an IT “appliance”- based solution using a rack-mounted embedded Web platform capable of provisioning and managing multiple networked control panels.

WIDESPREAD IP CONNECTIVITY

The widespread enterprise deployment of LAN/WAN TCP/IP connectivity throughout office buildings and enterprise campuses has created a standardized platform for the connection of all types of physical security devices, including surveillance cameras, access control panels, intrusion alarm panels, intercoms and other related building sensors and controls. Using what security technicians call “relay magic” any device that has either voltage/relay outputs or inputs now can be connected to the LAN. Many vendors produce network-enabled devices for industrial processing and monitoring which can be used easily for physical security connections.

The second factor driving the new generation of access systems is the potential problems that occur if and when an access control head-end PC fails. Desktop computers and servers consist of a number of discrete components such as the motherboard, cooling fan, CPU and hard drives.

CSOs must consider a simple fact: Computer-related devices that have moving parts, such as hard drives and cooling fans, will fail one day. It’s only a question of when and how the failure will affect your system and security. So the reliance on typical desktop or server model network computers is most likely a guarantee of future system failures.

The third factor driving the new generation of networked access control systems is the wealth and breadth of inexpensive computer components. Here is also where there is return on your investment. Processor chips, flash memory, motherboards and connective devices are now inexpensive enough to be included in remote access control panels, allowing the development of full-blown network computer control boxes that are connected to your facility’s access hardware (readers, strikes, door contacts).

PoE in the access panel. New technology such as this 2-reader and 2-door Power over Ethernet IP-connected access control panel from GE Security is a solid ROI for security directors. Its plug-in installation significantly reduces costs and allows new doors to be efficiently controlled using on-line access systems.

USE OF WEB BROWSER SOFTWARE

So the latest access control systems use TCP/IP communications and Web browser software to fully exploit existing enterprise network connectivity. Each remote access panel is a full computer, with database storage, decision-making capabilities and Web server access for authorized users. 

That means that because decision-making processes are performed by the remote panels, the IP access platform design helps eliminate the possibility of high-security access systems falling into a default mode if there’s a central server or network connectivity failure.

Placing full-blown computers within remote access panels might appear to increase the potential for system failures, but these panels generally use all solid-state components, with no moving parts. Hard drive storage is replaced with flash memory, and power use is reduced so cooling fans are not needed. By eliminating moving components, the realistic mean time between failures and service life is greatly increased. Reduction of power requirements means that some products can be operated using network-delivered standardized Power over Ethernet (PoE).

While the component and power issues may seem rather mundane, the true power of third-generation access systems is that each remote panel is a Web server, and holds all operational software for the particular system. No longer do user PCs need to have vendor-specific software loaded into them, and upgraded when necessary. Your integrator just aims a typical Web browser, such as Firefox or Internet Explorer, at the IP address of a target remote panel, and the panel delivers any and all control, monitoring and manipulation capabilities to your command PC.

UPGRADING IS EASY

When access system software needs to be upgraded or patched for network security purposes, the upgrades are accomplished on the remote panels. The authorized user’s PC need not be touched. This also means CSOs and their monitoring staff can control the access system from any machine on the enterprise network, or over the Internet from your home, a mobile wireless device or remote office. If your PC fails, another Web-connected computer will provide the exact same system control capabilities.

Putting the power of the PC onto the edge of the access control grid means that these systems are infinitely expandable and scalable. A single panel can control one or several doors, while more panels can be added around a building (or around the world) to grow a system.

To achieve true integration, the latest access control systems embrace the concept of open standards.

Just as enterprise network computers can readily share data across different manufacturers of machines and operating systems, access control databases can be exported/imported to and from legacy systems, human resources (HR) and other enterprise systems. Now when an individual’s employment is terminated by the HR department the information can be transmitted instantly to the access control system to disable the former employee’s access privileges. Network-based databases can be interlinked using the standardized ODBC (Open Data Base Connectivity) method. Access databases can be stored on standard NAS (network attached storage) or other enterprise network storage drives, which can include critical access control information in system-wide data backup operations.

One primary security advantage of these edge access control panel/computers is that they typically use an embedded operating system, usually a derivative of Linux. These devices do not accept the downloading of any software programs outside of the specific access system manufacturer’s software upgrades. To enable the interfacing to computerized HVAC, lighting controls and other building systems, Web-based third-generation access control systems use software interfaces called APIs (application programming interfaces). These standardized interfacing tools allow programmers to craft custom communication methodologies between software-based systems, such as a new access control system with a legacy building automation system.

Communication of access system alarms and messages must be integrated with the enterprise network’s typical messaging methods. Third-generation access systems provide interfaces into the enterprise’s e-mail and instant message servers.

IP emergency phones. Loyola University of Chicago is using a Wide-Area Emergency Broadcast System (WEBS – from Talk-A-Phone) system. With WEBS, security officials can broadcast information to the campus at large or to specific parts of it, either inside or outside or both as needed.

WEBS AT LOYOLA UNIVERSITY

IP access is also part of paging, intercom, emergency telephone and emergency broadcasting systems.

Recent campus emergencies, such as school shootings, reinforce the importance of efficiently and quickly sharing vital information with all affected elements of the school population through a multi-layered, multi-system approach.

For example, Loyola University of Chicago exemplifies this layered approach to mass notification in an urban campus environment. As one part of emergency preparations, Loyola has instituted a reverse-911 system in which emergency messages are sent out to students. “We use voice mail and e-mail to send out alerts as well as message boards,” Loyola’s Director of Environmental Services, Bill Curtin reported. However, Loyola recognized that while these systems have the potential for significant benefits, they also have limitations that require redundancy be built into the system.

To meet this need, Loyola is using a Wide-Area Emergency Broadcast System (WEBS – from Talk-A-Phone) system. With WEBS, security officials can broadcast information to the campus at large or to specific parts of it, either inside or outside or both as needed. These broadcasts can be made remotely or on the scene through one of the emergency phone installations, including IP-based paging units. The ability to broadcast from a variety of locations gives security officials even greater flexibility in their response to an emergency. The goal, as Curtin stated, is to provide a way “to send emergency information campus wide to the people who are outside and unlikely to receive the information by way of other methods.”

The WEBS units that Loyola is in the process of installing will help fill in these gaps by providing a notification method not easily ignored. Should an emergency occur, loud messages can be transmitted instantly to selected areas of the campus, or to all units as needed. And, while a phone call can be slept through, the same is not as easily said of a blaring message pumped through high-powered speakers.

Loyola’s mass notification system will be built upon an already existing network of emergency phones. Loyola’s emergency phones are located in a variety of locations, including “exterior walkways, residence hall entrances, and in the buildings themselves,” according to Curtin, who added they are primarily used for “personal safety and reporting emergencies such as medical assistance.”

One of the advantages that led to Curtin’s installation of emergency phones at Loyola was their ease of use and reliability. A previous model at Loyola was “beginning to break down and we wanted an exterior phone that did not have to be enclosed in a box that required the box to be opened to access the phone.” The phones that Loyola had installed were ADA-compliant phones that allowed students to easily reach security with the press of a single button. “The products are always reliable,” Curtin remarked.

An added benefit is the strobe light. Constantly lit, these lights will begin to flash when the emergency button is pressed.  

SIDEBAR: A Blade Approach

CSOs will find that their IT departments are shifting to blade. The same thing can happen in IP access. A blade server is a server chassis housing multiple thin, modular electronic circuit boards, known as server blades. Each blade is a server in its own right. A few years ago, blade servers were only found in large data centers. Today, however, they represent the fastest growing segment of the server market for mid-sized businesses and in applications including physical access control. Some sources are taking the same “blade” expansion approach as is used in high-end network servers; remote access panel boxes are cans with multiple card slots available for the type and number of access control boards needed for a particular system situation. One slot holds the primary PC card, while other cards contain the number of inputs, relays and door strike power outputs required.