Gaining Value Through IP Access Control Upgrades
Face it. There are a lot of systems out there that have just gotten technologically ancient.
Overall not a fast-moving sector of the industry anyway, many electronic access control systems go back 15 to 20 years. And, according to integrators, what is “new” to the average enterprise security executive has actually been around for a number of years waiting to be justified.
But nowadays, the time seems to be ripe for an access control make-over. Enterprise security executives are growingly frustrated with lack of features and difficult to use operation of their existing systems. Budgets for new technology, while remaining conservative, have loosened in an improving economy. Newer access systems now gain weight, thanks to easier integration with other systems including security video, intrusion and building controls.
Maybe most important, IP-enabled solutions bring flexibility, a level of open architecture, ease of install/use, ability to run on network infrastructure, scalability, mobility and even cost savings in many cases. IP access also can accommodate existing or planned investment in a diversity of readers. At the end of the day, one strategy is to protect and preserve an enterprise’s investment in its readers.
Time for Something New
"Our previous access control system was old and clunky, and the accompanying management software was no longer supported; so we knew it was time for something new,” says Benny Brown, network engineer at Calvary Chapel Fort Lauderdale. A new software-centric solution takes physical control panels out of the equation; it’s also easy to scale using the church’s existing and robust network framework. “With a central server and a bridge that is literally just a card reader and controller, it’s simple to scale,” adds Brown.
To Royce Jeffries, vice president of security and risk management at Cornhusker Bank in Lincoln, Nebraska, although his systems were working, some equipment and technology were becoming obsolete. This was an opportunity to implement a better, more unified long-term strategy across all bank facilities. Moving from locks and keys to an IP access control system is helping the bank realize tighter control over branch access. With support for dual authentication, the bank was able to implement both a proximity card and PIN authentication for employees, for instance.
Chris Fender, security operations manager at Florida Hospital, Orlando, went an access step beyond by networking in license plate recognition (LPR) to increase security and convenience with automatic access control for the garages, allowing staff to enter and exit based on their enrolled license plates without having to use an ID badge.
Expansion when Needed
At Fox Point, Wisconsin-based St. Eugene School, a Web-enabled system “now easily keeps tabs on who has access to the building and when. It’s no longer a time-consuming process, and that’s a relief,” comments Terry O’Neill, St. Eugene School building supervisor. Adds integrator Robert Munger, founder, Munger Technical Services of Milwaukee, “Our recommendation came down to value without the high price point, and the technology’s ability to expand as needed.”
Of course, there are IP access control solutions and access integrated with security video, but there also are organizations that use IP-enabled intercom technology.
A case in point: the London Underground and its maintenance depots. A previous intercom system was made up of numerous disparate technologies and obsolete equipment and would have been too expensive to upgrade or repair. As a result, Transport for London invested in a totally new IP intercom system, together with a new surveillance and access control system.
There is value to enterprise security executives to view in more detail how each of these end user colleagues faced and succeeded at their various IP access projects.
For example, Calvary Chapel Fort Lauderdale (CCFL) is an evangelical mega-church with more than 25,000 worshipers and campus locations across Florida. The main multi-building campus spans a 75-acre area including Calvary Christian Academy, a pre-K to 12th grade school that serves 2,000 students. With more than 1,000 staff, volunteers, students, visitors and worshippers entering the campus throughout each week, CCFL has made access a priority by investing in the new access control system (Freedom from Viscount Systems) to safeguard against unauthorized individuals, protect users and reduce the risk of theft, vandalism and other crime.
Brown chose the new solution because it is a feature-rich, server-based software application that communicates over IP. “The system stood out because it is a true IP-based system with a Web-based management interface and is built with the industry’s latest technologies in a compact, energy-efficient form factor.”
CCFL replaced its existing access control system, also installing 100 readers and administering 1,270 regular cardholders. Readers also were installed in each elevator to restrict floor entry according to access authorization. CCFL purchased a Freedom RAID server to run the software and create a redundant system for high-priority areas.
With a simplified architecture and Web-based user interface, Brown finds the new system very easy to use, offering the tools and flexibility needed to efficiently manage schedules, users and system updates. “The graphical user interface (GUI) and screens are well organized, logical and very easy to navigate, resulting in a minimal learning curve. With the GUI, you never have to click more than two or three times” to get to what’s needed, says Brown, who also likes the fact that any card reader can be turned into an IP device by connecting it to the bridge to grant or deny access from anywhere. Also, all switches and bridges are Power over Ethernet (PoE) CAT 6 wiring out to bridge and reader devices.
“Port-triggered actions enable us to make access changes to any door during special events if necessary.” With this feature, one card reader can lock, unlock or lockdown an entire building or floor in the event of an emergency. “With our old system, I would have to create a command file and reconfigure the system to accommodate any changes. Now, I can make these changes in less than five minutes,” Brown says.
Because the control software and databases are hosted on servers, Brown does not have to install control firmware and a database on each access control panel as before. “If we need to replace or add a bridge, I simply enter it into the software and hit ‘copy and paste,’ so there is practically no programming involved,” notes Brown.
Looking forward, near field communications (NFC) maybe in Brown’s future and he may change over to a virtual server with virtual secondary servers.
Consolidation of Access and Video
Established more than 100 years ago, Cornhusker Bank has six locations throughout Lincoln as well as a technology center and three part-time offices in local retirement residences.
At the top of VP of Security and Risk Management Royce Jeffries’ wish list was consolidation of video surveillance and access control under a single platform, as well as setting up a solution to centrally monitor all facilities. He also wanted to enact a plan that would allow the bank to gradually expand and improve its security year after year. Prime Communications, a certified security solutions provider, helped the bank move forward with Security Center (from Genetec), a unified security platform.
The video surveillance system manages more than 100 cameras across all sites while the access control system secures, manages and tracks access to the doors within the bank’s technology center, sensitive areas of the main branch and access to the data center.
Another notable advantage for Cornhusker Bank has been having all security information under one platform. According to Jeffries, “We can see everything from one platform, rather than logging on and off different systems to find the needed information; all the access control data is tied to video, and all our sites are easily accessible from one interface.”
The ease of scalability and flexibility of the unified platform allows Cornhusker Bank to grow its new system, one branch at a time. Over a number of months, expansion plans are expected to continue as the bank moves over to the new platform at all locations.
The bank is also hoping to unify its Digital Monitoring Products (DMP) intrusion detection system within Security Center if possible. As a trusted partner, Prime Communications will continue to assist Cornhusker Bank with its upgrade while handling day-to-day maintenance. Jeffries concludes: “Not only can we look at video, but we can also monitor who is coming and going. We have also been able to grow at our own pace, so standardizing on a unified security platform was the right long-term choice for our bank.”
The majority of cameras at Cornhusker Bank are fixed dome network cameras (Axis Communications), but some other older investments were preserved to minimize initial costs. On the doors, controllers and readers (from HID Global) were installed alongside electric strikes (from HES, an Assa Abloy Group company).
Unique Use of License Plate Recognition
In another example, Florida Hospital, Orlando, a member of the Adventist Health System, has 1,528 beds and treats more patients in a given year than any other hospital in the U.S.
The hospital’s security staff, although well trained and conscientious, could not be everywhere at once. This was especially true in cases where the local Sheriff’s Office had to be involved; for example, when a sick or injured person was hastily dropped off at the emergency room by a driver who then sped away before anyone could stop him or her. The incident had to be thoroughly documented and the driver identified, neither of which the hospital’s staff could do reliably. There was also a need for real-time analysis of traffic entering and leaving the hospital; this would show how much parking was used by staff and patients and at what times of the day. Finally, Florida Hospital needed a secure automatic access control system for its staff garage. Existing methods required too much human intervention and did not reliably prevent non-staff from parking in the garage.
Fender saw value in a video analytics solution (ARES from PlateSmart Technologies), not only to monitor and record traffic activity in parking areas and other exterior zones, but also to capture the license plate of each vehicle entering and leaving the property along with the location, date, time and a full-color image.
There are 30 fixed-location license plate recognition (LPR) cameras in the hospital’s parking garages and at key entrances and exits. Additionally, select security vehicles are outfitted with a mobile LPR unit which interfaces with the system. Uniquely and relative to card access control, 26 of the cameras also integrate with card access to perform automatic access control for the garages, allowing staff to enter and exit based on their databased license plates without having to use an ID badge, points out Fender.
O’Neill, the St. Eugene School building supervisor, also has a diverse set of assignments, helping to protect 200 students from preschool through eighth grade, instructors, administrators and workers. It shares building space with a Catholic parish and a funeral home. With multiple activities taking place each day, the school now relies on a Web-based access control system (Honeywell’s NetAXS-123) to provide comprehensive security, enabling personnel to maintain a macro view of building security or drill down to individual doors. And, with the addition of Ethernet virtual loop (EVL) technology to the system, the school access control also benefits.
No Need for Dedicated Wire Loop
EVL uses a single IP address to talk to multiple control panels. This installation process, which allows installers to use their customers’ existing local or wide area networks with PoE, eliminates the requirement to run a dedicated wire loop to each control panel providing added cost savings to the end user.
In operation, the system automatically issues updates to the entire network of protected doors, so when the school adds new cards; for example, the entire system automatically updates to accommodate this new information. While St. Eugene is currently using the technology to address the security needs of the school, it plans to take advantage of the system’s scalability and expandability in other facility areas.
On the IP intercom side, the London Underground recently embarked on a major security upgrade at its depots. The facilities include general maintenance, train cleaning and driver rest areas. Working alongside Honeywell Security, Castel of Great Notley, UK, supplied an IP intercom solution that will help control access at the sites.
Video entry stations with PoE now cover gates, vehicle barriers and turnstiles. All calls are networked back to a single central point locally, either a gatehouse or security control room. However, if a call goes unanswered, the next available operator at another depot will be able to receive and deal with it. Operators now have the ability for simultaneous video communication with other colleagues across all sites.
Increasingly, mobility and remote controls are increasingly wanted by security and easily delivered through IP solutions. A Web connection into an access control system can activate much appreciated mobility for such functions as cardholder management, report generation as well as system status and alarm review.
For example, the Ultimate Fighting Championship (UFC) with headquarters in Las Vegas uses K-WEB software module, which can perform system maintenance and tasks from any remote location using a Web-enabled PC or mobile device offering a true and secure mobile solution. It allows users such as UFC to manage core functionality of software (Keyscan System VII) from any Internet connection using an Internet browser.
Pick the Card and Reader
The largest installed base of cards is two-decades-old proximity. At one end there are smart cards; at the other end are magnetic stripe cards, often at colleges and universities where magstripe may be used for financial transactions. There are dual-technology readers, too. Emerging are access technologies such as near field communications, Bluetooth and Bluetooth Low Energy, numerous methods of biometrics and even wearables.
New on the biometrics side, HID Global has integrated the company’s Lumidigm fingerprint biometrics technology with its contactless smart card readers to simplify identity validation for citizen ID and many financial, healthcare and other commercial applications. Originally designed for a national citizen ID program, the solution is a tool for any identity verification application where individuals enroll their fingerprint information onto a contactless card. Validation is accomplished by matching the individual’s fingerprint with his or her biometric data that was written to the card during enrollment.
Ten IP Access Advantages
- Ease of installation for faster, less costly up-and-running.
- Ease of use for less need of operator training and more accurate operator action.
- Intuitive built–in software.
- Distributed system.
- Power over Ethernet support.
- Support for most reader types now or when changing out the platform.
- Scalable and future-proof.
- Configurable input/output ports and controllable high power outputs for connection of external equipment.
- Open API for solutions such as integration of video, intrusion detection and other systems.
- Then there is support for hosted access services (access control as a service) if desired. One example: Keep by Feenics provides users with a Web-enabled solution for the configuration, commanding and real-time monitoring of physical access control installations. There is no software to install making it accessible from anywhere. The user interface is a single page experience, even for features such as photo capture, cropping and ID badge printing. Such an approach does not require a dedicated, on-site server and is hardware agnostic.
The Ultimate IP? It’s the Thing
That is, the Internet of Things or IoT. Basically, the Internet of Things is the interconnection of uniquely identifiable embedded computing-like devices within the Internet infrastructure. It’s expected to offer advanced connectivity of objects, devices, systems and services covering a variety of protocols, domains and applications. In some ways, IoT is already here through IP addresses and IP-based communications in numerous security appliances.
But, similar to consumer advances influencing past security product developments – camcorder CCDs led to security video improvements, for instance, consumer-centric standards and protocols are impacting or will sooner or later influence professional security products and designs. But, at this time, there is no one direction.
Muddling the scene, some say, is the recent, sudden eruption of a packet-load of self-proclaimed framers of the IoT constitution, heavy-hitter groups driving particular tastes in architecture and, you can’t blame them, furthering their individual bottom line goals. Three examples:
- Thread– Recognizing what it says is the need for a new, better way to connect products in the home, seven companies joined forces to form the Thread Group and develop Thread, an IP-based wireless networking protocol aimed at product developers. Founding members – Yale Security, Silicon Labs, Samsung Electronics, Google’s Nest Labs, Freescale Semiconductor, Big Ass Fans and ARM – will create certification based on third-party testing to verify IoT product “quality, security and interoperability.” Certified products will bear the Thread logo.
- Open Interconnect Consortium– Technology firms Atmel Corporation, Broadcom Corporation, Dell, Intel Corporation, Samsung Electronics and Wind River formed this group to improve interoperability and define connectivity requirements for IoT devices across multiple vertical markets. Hinting at future certification plans, OIC focuses, it says, on defining a common communications framework based on industry standard technologies to wirelessly connect and intelligently manage the flow of information among personal computing and emerging IoT devices, regardless of form factor, operating system or service provider.
- AllSeen Alliance– This group plans to drive widespread adoption of products, systems and services that enable IoT, built upon an open, universal development framework. Premier members are Electrolux, Haier, LG, Microsoft, Panasonic, Qualcomm, Sharp, Silicon Image, Technicolor and TP-Link. So-called community members include Bosch, Cisco, Cloud of Things, HTC and iControl Networks.