That networked solutions will play a significant role in future security and safety systems is not in doubt. One area where TCP/IP technology is already firmly entrenched is access control. Despite its suitability for such solutions, many feel that the technology only adds benefits for larger campus-style sites. However, the time is right for it to be employed in small- and medium-sized applications too.
[dropcap]T[/dropcap]here aren’t many elements of the security and safety industries that haven’t been impacted, in some way, by the advances of IP technology. IP-enabled systems offer extra flexibility, and that can allow greater efficiencies to be realised, both in terms of system performance and system design. Access control is one area that has embraced advances in IP technology for higher end systems, but is this approach missing out on benefits for those with medium-sized or smaller sites?
In terms of functionality and performance, IP-enabled access control offers marginal benefits over traditional bus-based systems. One of the major issues for the use of IP in security is limitations relating to bandwidth, as many in the video surveillance sector will be aware. Certainly when video and audio are being implemented, the management of bandwidth has been a challenge, and has raised objections to its use from many concerned that their network will fall over under the load.
Access control has the benefit of placing less strain on a network, as the data is alphanumeric. It is also worth remembering that access data will generally have two or three peak periods – the start of the working day, lunchtime, and the end of the working day. It can be argued that as staff will be entering or leaving the site during these periods, general business-related network traffic will be low.
Also, unless a site has a specific need for real-time information, data from the access transactions can be retained at the readers, and then sent to the control unit in batches, or at a time when the network has minimal use.
Many networked access control systems will utilise distributed intelligence, whereby the data relating to permissions, as well as activity logs, are stored both in the reader and in the central database. This ensures that if the network is off-line, the access control system can still operate as the reader has all the permissions for that specific portal pre-loaded. Once the network link is re-established, relevant activity information can be passed to the controller, with any changes in permissions being sent to the reader.
The benefits of distributed intelligence do not stop with handling network downtime. This functionality allows users to schedule data transfers between the control unit and the readers. If functions that demand real-time updates – such as tracking people and assets around a site, muster reporting, etc. – are not being used, the system could be scheduled to carry out data transfers when the site is closed. Such an approach might not be utilising the full range of benefits of the system, but it would ensure zero impact on the network during the working day.
The anatomy of networked access
Generally, IP-based access systems hardly differ from bus-based systems. Indeed, the main difference is replacing an RS485 network with a TCP/IP version! Networked access systems comprise of a central unit, usually a PC or master controller, which contains a database of staff with varying levels of access privilege, plus any other data required for services such as car parking, cashless vending, elevator control, etc.. This central unit is connected to a number of controllers linked to readers.
No matter what size of installation, the most obvious benefit of IP enabled access control is the ability to use existing infrastructure – and it’s something that access control manufacturers are very keen on promoting. You can scythe large chunks out of installation time (and costs) when compared to time spent cabling a traditional access project.
Using an existing network will offer substantial savings on installation time, but there are downsides to such an approach. Often in medium-sized and smaller applications, existing networks might not have been built with security-related operations in mind. Often, assessing the true capabilities of a network may be difficult.
Assuming a site has a dedicated IT department, they are traditionally very guarded about their networks. Some IT managers are not happy to offer up detailed information on the network, as it is the backbone of a company. However, where the end user understands the benefits on offer, and how additional efficiencies can be realised, the attitude of the IT manager changes. They will be less guarded, as making the system a reality is a task they have been charged with.
The situation regarding the use of existing infrastructure creates a number of other issues. The network you intend to use for critical security could be an unknown quantity. Reliability issues will be unknown, as will its general capacity. For many, the real question is a simple one: do you really want to implement an access control system – with the responsibilities for its performance around-the-clock – on an infrastructure that is controlled by another party?
With the rise in popularity of IP-based security systems, IT departments are getting more and more involved with security and with a shift in attitude, they are not always as guarded regarding network details.
Some security-based professionals are finding that IT departments are more involved with IP-enabled systems when they have a better of understanding of how they work, how they can be managed to deliver minimal impact on the network, and the types of data that are likely to be transmitted.
Whilst many feel that the implementation of IP-enabled access control might see a conflict with the IT department, the truth is that many of the problems can be eliminated by ensuring that all parties understand how the system will work, what benefits are on offer, and why it can exist on a network without causing issues.
Using an existing network gives a good opportunity to utilise one of the benefits of IP access control – namely a faster installation time. Using an existing IP network can still be problematic though. On the face of it, being able to leverage the power of existing corporate networks make a lot of sense. Most companies will have invested heavily in both capacity and security – which should put to bed any fears about bandwidth and security breaches though hacking.
Some manufacturers will have you believe that this is the end of the story – a case of simply installing the equipment, plugging into a network and after a database upload the job is completed. It can be that easy, but evidence from installers, integrators and end users suggests that it is rarely the case.
Often, the use of existing networks is something that manufacturers will promote, for obvious reasons. In many cases, the benefits that are realised include a reduction in the need for dedicated cabling, reduced installation time, and lower cost of ownership of the entire system. The installer or integrator benefits, because the laborious element of the job no longer needs to be carried out. The end user benefits through a faster installation, and reduced costs. Whilst these benefits are tangible, they are not guaranteed.
Benchmark is aware of a college project that was installed using an existing network. The installation went smoothly, and it seemed as if the expectations of all concerned had been met. However, once up and running, performance problems soon surfaced. The integrators were called back in to diagnose and correct issues believed to be caused by the access control system.
After days of fruitless trouble-shooting, a third-party expert was brought in to support the integrators. The college’s IT department insisted that the problem wasn’t of their creation, and had only occurred following the commissioning of the access control system.
After a few more days of trouble-shooting, the college’s IT department reluctantly allowed the expert to look at their system configurations, and the fault was found. It had nothing to do with the access control element.
This anecdotal evidence should not be seen as a criticism of the IT department. As far as they were concerned, the issues only appeared once the access system was up and running. Because of the nature of the fault, the integrators would never have found it, because they could not access certain configurations.
The reality is that problems were caused by the IT department and the integrator not fully working together. This incident raises a more pertinent concern. Differing networks often have a number of anomalies, and what works in one set of circumstances might not work in another. On another project, a reader was added to the network, but wasn’t responding. There was a delay of around 15 minutes before the new unit propagated itself on the network, but during that time, no diagnosis of what was happening could be established. It’s a concern for manufacturers too, as some believe that the lack of effective diagnostics in IP-enabled access devices can leave installers and integrators in the dark.
The truth is that the installation and commissioning of IP enabled equipment is never as straight forward as it seems, and many believe that there’s a lack of product information and training. It’s one thing to implement a proof-of-concept system on a clean and stable network that is fully controlled by the installer or integrator. It’s another thing entirely to do it on a live network with customised configurations. In theory, networks work well. The problem is that security solutions are installed in the real world, not some theory-based utopia!
If the idea of leveraging existing infrastructure leaves you with too many doubts, then IP access control still has another trick up its sleeve. The ability to run off its own dedicated network means you can benefit from simpler topology and avoid the IT department. The nature of IP access means that you can use a PC as a host, then create a basic network for controllers and devices.
The ability to link controllers and devices together more efficiently can still offer substantial savings on installation time. The simpler topology of IP-based systems means less time routing cabling on site and more flexibility in where the cabling is run.
Perhaps the biggest benefit of a network is that IP access control has a greater amount of scalability. If another door needs to be added to the system, the process can be simple – providing the controller has the capacity of course. There’s no downtime either.
IP has been embraced by the access control industry, primarily because it has brought practical advantages without sacrificing quality. Access manufacturers appear to have developed IP for the right reasons, and it can make the task of installing access control significantly easier. For that reason alone, it’s a hard thing to ignore.