Home Technology Access Test: Browser-based Access Control

Access Test: Browser-based Access Control

by Benchmark

The launch of HTML5 introduced a new freedom for manufacturers offering graphical user interfaces. It allowed additional functionality to be presented via standard web browsers, thus enabling the creation of interactive connectivity for systems without a need for dedicated localised software. The access control sector took advantage of this! For many end users, a browser-based approach delivers a number of benefits including the removal of a need for dedicated PCs to manage systems, reduced licensing and simpler upgrades. Benchmark looks at browser-based systems to see if they actually deliver added value.

Today’s working environments are increasingly fluid. On many sites, the role of interacting with a security system will not fall to one dedicated security operative. The days of the security manager are fading as an increasing number of organisations leverage the benefits of advanced connectivity to adopt flexible working practices.

Various members of staff may have responsibility for specific management roles within a business, and therefore might need to interact with a site’s access control system. After all, the access system not only controls who enters and exits a site, but also retains real-time reports of who is on site, their movements, time and attendance data, muster logs, etc..

Multiple departments may need to use data from the system for their own needs, above and beyond controlling access across the site. Those who require the data can include receptionists and concierge services, human resources teams, health and safety staff, etc..

With traditional access control systems, these departments have to pass requests for data or system access to the security team, who then interact with the solution via dedicated workstations hosting licensed software for the control and management of the system. It is these dedicated workstations and associated software which can create issues if end users require a more flexible approach.

Software licensing costs typically mean that a limited number of machines host the control and management software. This subsequently limits interaction with the system. If the authorised personnel are not on site, or cannot directly access the workstation, then the system is effectively isolated.

An increasing number of access controllers have integral web servers. These allow the configuration of system parameters, management and control of devices, and fluid connectivity via network-based infrastructure. Connectivity with such controllers can be realised from any network-connected device with a standard web browser.

Because the software resides on the access system’s integral web server, there is no need for a dedicated workstation. This eliminates the need for system-specific IT hardware and means that the installer or integrator does not need to install or manage any licensed software.

This approach has positive implications with regard to software updates and bug fixes. Often such upgrades are managed by the installer or integrator. With the integral web server hosting the software, updates can be applied automatically. One update covers all users, no matter where they are located.

The use of a browser-based system allows configurations, administration tasks and operational interaction such as creating reports, handling alarms and adding or deleting users to be carried out from any compatible device on the network. The operational framework will retain a high degree of familiarity, as it is all managed in the standard browser environment.

The scalability of browser-based systems also ensures that multiple sites can be unified, with control managed in different geographical locations based upon time zones, personnel allocations, available resources and incident-handling expertise.

A browser-based solution can deliver benefits with regard to user interaction, whilst also simplifying installation and reducing licensing costs. Upgrades will be simpler and faster, and remote connectivity will be enhanced. Browser-based solutions make very good sense in a large number of applications.

Inner Range: Inception

Inception from Inner Range is a browser-based access control system with integrated intruder alarm functionality. Software is hosted on the controller unit and can be accessed via a browser on a PC, smartphone or tablet. Designed with simplicity in mind, Inception can operate as a standalone system.

Inception supports up to 32 doors with readers for entry and exit. It can also monitor up to 512 detection points via its alarm monitoring functionality. The system includes universal inputs and outputs (the controller includes eight inputs and four outputs) which can be used for security monitoring as well as a host of additional tasks such as lighting control, HVAC management, lift control, etc..

As standard the system supports IP-based alarm communications; an optional alarm communicator can be added to allow dual-path signalling. Connectivity is via a standard RJ45 network cable, or an optional Wi-Fi adapter can be used. Internet-based connectivity is simplified using Inner Ranges’s SkyTunnel functionality.

The controller can support up to 8 SIFER readers via its integral bus: an expansion port allows the use of additional readers. If Wiegand readers are used, a standard LAN access module is required for each door.

SIFER readers are available in either MiFare DESFire EV1 or multi-format versions. Manufactured by Inner Range, the readers utilise 128 bit AES encryption. They are rated to IP67.

To simplify installation, Inception makes use of an interactive commissioning checklist. This takes the installer or integrator through each step of the set-up process, ensuring that all settings are correctly configured.

When it comes to packaging, Inner Range could teach some manufacturers a thing or two! The controller is supplied with a PSU, a printed installation manual, a printed quick start guide and a booklet entitled ‘a beginner’s guide to Inner Range systems’. This latter document won’t be of much use to installers and integrators, but does give the end-user an understanding of the depth of functionality on offer.

The controller package also includes a LAN cable, connector blocks, cable ties and EOL resistors. There is also a USB stick which includes a set-up utility and PDFs of the included documentation. The USB stick even comes in its own tin: it’s not greatly significant but is a nice touch.

The controller’s connections are clearly marked. These include a LAN port, USB, tamper connection, inputs, LAN expansion, power input, battery connections, power output, reader connections and outputs. The unit also includes 11 status LEDs: power, battery, system, SkyTunnel, Ethernet, alarms, Wi-Fi and outputs.

The installation process comprises five steps. The first is to power up the controller, and the second is to allow it to start up. When the unit is ready the system LED flashes. The third step is to make the connection with the controller. There are three options for this: Wi-Fi using the optional module, SkyTunnel or a wired Ethernet connection.

We suspect that most installers and integrators will use a wired Ethernet connection. With the controller connected to the LAN, the supplied utility can be used to find all controllers on the network. This was fast and accurate, and once the device has been identified you can log into it using a browser.

At first login you are presented with the system dashboard: the first option on this is the commissioning checklist. The checklist shows the various configurations that are required in a logical order. Each section includes an explanation of the various configurations, and the tasks that need to be completed.

As each section is completed, the details on the checklist turn green. The menu layout is clean and intuitive, making the process very straightforward.

There are 22 configuration stages in total. These are network configurations, date and time settings, system settings (this is split into five sub-menus: general, access configuration, duress user, battery test and email), site areas, hardware enrolment (this includes a hardware wizard and testing of the hardware components), intruder detection configuration, lift integration, time periods, scheduling, user controllable outputs, permission groups, card template creation, webpage profiles, alarm monitoring, user notifications, automation, disable service mode, system overview, backup database and commissioning complete.

When creating credential templates, it is possible to present a card or tag to the reader, and then the select the option to use a recent credential transaction to auto-fill the configuration. This ensures that there are no issues with the settings. The same approach can be used when assigning credentials to users. When the option is used to add a credential, you can present the card to a reader and then select the option for ‘add from recent card rates’. This eliminates the laborious process of typing in card numbers.

From a user’s perspective, the Inception dashboard gives easy access to typical tasks such as user management, schedules and time periods, and managing permissions. To aid in the process of adding users, there is a ‘guided tour’ function. This merely serves to highlight relevant parts of the screen, but does simplify the process for a user who is not familiar with the system.

Inception works well, offers a good level of performance, and given it simplicity is unlikely to confuse either engineers or end customers. It has more than enough flexibility for most access control needs, and the inclusion of alarm monitoring opens up its appeal in a wider range of applications.

We experienced no problems whatsoever with installation, configuration and use. If there is one slight downside, it would be that all the documentation is aimed towards installation, with the result that the user is pretty much left to fend for themselves. Therefore, the onus is on the installer or integrator to ensure their customer is aware of some of the intricacies of the system. An example of this is the way that the addition of credentials can be simplified.

Grosvenor Technology: Sateon Advance

Sateon Advance from Grosvenor Technology is a modular access control system designed to deliver simple scalability. The system can be accessed via a browser, but it does require the installation of dedicated software (this is compatible with Windows Server 2012 R2, Windows 8.1 or Windows 10 Professional or Enterprise). The manufacturer highlights the fact that the system is simple to configure, and claims that doors can be added to the system and configured within 90 seconds.

Each Sateon Advance controller can support two doors. The hardware model is based upon controllers and snap-in blades. The choice in terms of controllers is single blade or multi-blade. For the purposes of our test we used a single blade controller; the multi-blade controller can support up to 4 blades. There are two types of blades: a door blade to connect two doors, and an I/O blade which allows the addition of additional inputs and outputs.

Fitting a blade to a controller is a simple task. The unit has a modular connection and it simply slides into the controller and snaps into place. That’s all there is to it. The controller itself can support IP or RS-485 networks and can be powered by PoE, PoE+ or a traditional 12V DC PSU input.

Because of the modular nature of the product, it is supplied as a separate controller, blades, readers, PSU (if required; note that this does not include a plug) and a ‘getting started kit’. The latter consists of a USB stick and a printed guide. If you are considering Sateon Advance as a potential system for installation, it should be noted that the manufacturer has informed us that engineers working with the product will require training. Also the company will only provide the products to NSI or SSAIB approved companies. This is despite the fact that many professional and highly skilled installers and integrators who do not provide graded alarm systems have no reason to seek accreditation.

Connections to the two door blade are colour-coded to simplify the installation. Each blade includes two reader connections, two sets of door connections (allowing the installation of a sounder, request to exit button or door monitoring contact) and two lock outputs. There are also two I/O connections and a connection for external power.

The controller itself includes an RJ45 port, a terminal block for RS-485, two USB ports and power input. It has space for a backup battery if required.

Once the various connections are made, the next step is to install the software. Unlike many browser-based access control systems, Sateon Advance does require additional software. This does not support machines running Windows 7, despite this remaining one of the more commonly used operating systems. It is worth noting that research carried out in February 2017 identified Windows 7 as being the operating system used by over 48 per cent of on-line traffic. To put this into context, figures for Windows 8 and Windows 10 were 1.6 per cent and 25 per cent respectively.

The Sateon software is compatible with Windows 10, but ironically not with the system’s default browser which is Microsoft Edge. Instead, Internet Explorer must be used.

The installation processes and the fastest, and those who are irritated by seemingly frozen progress bars should take the opportunity to put the kettle on! Just as we were debating whether the installer had crashed, it woke itself up and completed.

With the software installed the next step is to run the Sateon Quick Start utility. On initial login you will be prompted to change the password. You will also be asked to select the default credential that will be used with the system. A word of warning: once selected this cannot be changed.

The Quick Start utility will find any controllers on the network. New controllers need to be configured. This is a straightforward process and once complete you are prompted to configure the doors and readers. Once these tasks are completed, you finally interface to the controller using a browser.

The browser interface is clean and intuitive, making user interaction straightforward. There are separate screens for personnel management, access control (including device management, actions and groups, and area control), control centre which includes logs, reports, and system configuration. The latter includes system users, printing and general administration.

Sateon Advance does offer a high level of flexibility with regard to system setup, and is clearly a scalable option with a high degree of functionality for a range of applications. Options include the creation of a watchlist for specific employees, the ability to check on the status of connected devices, an overview of any issues or abnormal conditions within the system, flexible and customisable reporting, occupancy management, etc..

All of the typical access control features, such as time zones, areas, permissions and scheduling are present and are easy to access via the browser interface.

Performance of the system is good, with consistent control over protected portals. During the test there was nothing that caused concern, and whilst the full set of documentation is provided in PDF format, the only time we looked at it was to see how comprehensive it was. There is little that will challenge any competent installer or integrator, and as such Sateon Advance is an attractive proposition.

Sateon Advance does include a mapping feature. This allows the creation of multiple-level maps, thus allowing operators to ‘drill down’ into sites to interact with protected doors. Maps can also be linked to simplify the process.

The maps can show real-time status of doors and allow user interactions if configured. The maps module does require an additional license to be operational and is therefore beyond the scope of this test.
Sateon Advance is a good system, make no bones about that! Is there a downside? There is, and it’s an odd one because our feeling is the manufacturer has excluded a fair number of potential customers.

An insistence that installers and integrators who can purchase Sateon Advance are either NSI or SSAIB accredited will rule out many companies who are predominantly active in the access control and video surveillance sectors.

Also, not supporting the Windows 7 operating system, which is still popular due to its stability, may negatively impact on sales in the shorter term as many business and organisations still use it.


Inner Range: Inception

Inception from Inner Range is a well-considered access control solution. Whilst it is a cost-effective system aimed at smaller applications, it boasts a high degree of flexibility and performance is at a level you might expect from a higher end system.

It is both installer- and user-friendly, and this clearly illustrates that the manufacturer has put thought into the product’s design. The configuration checklist does make certain that set-up is a painless task, and will be attractive to installers and integrators opting to install an Inner Range system for the first time.

The ability to include intruder detection, Wi-Fi connectivity, remote access (albeit via the company’s own servers) and control from any browser-capable device elevates Inception above its positioning as an entry-level product. As such, Inception is highly recommended.

Grosvenor Technology: Sateon Advance

Sateon Advance from Grosvenor Technology does differ from many browser-based access control systems, in that it requires dedicated software (which is somewhat slow to install). For some seeking the software-free benefits, that may be a problem. Also some of the restrictions mentioned in the test will thin out the potential customer base. This is a shame, because the product is easy to install, simple to use, flexible and scalable. It also works well.

In reality, it is hard to criticise Sateon Advance for these issues; it is, after all, what it is! We have no hesitation in recommending the product, with certain provisos: it must be understood it is not fully browser-based, certain installers and integrators will not be able to purchase it despite being more than competent to do so, and in the short term one of the most commonly used operating systems is not supported.

Related Articles