Unlike traditional access control systems, Web-based ones do not require dedicated PCs or special access control software. They are simply linked to a Web server interface, allowing users to manage the entire system via a Web browser.
A market study by IMS Researcha unique survey of system installers and integratorsreveals how the security industry is affected by the convergence of IT and physical security. The report highlights security companies that fail to act will lose out.
Convergence is happening on many levels. Most visible, perhaps, is the increasing influence of IT technologies on physical security products, such as IP-based video surveillance and access control. In response to this trend, traditional installers and integrators are familiarizing themselves with a range of IT skills. The report found integrators and installers were most confident with network design, less so with other IT disciplines such as intelligent switch management and network security. IT integrators have taken advantage by getting involved with physical security projects.
Customer IT departments have been much more active in specifying IP-based physical security systems. According to market analyst Alastair Hayfield, "On projects requiring IP technology, installers and integrators are seeing the security manager and IT manager as equal stakeholders in the decision to choose IP-based security products. For the time being, security managers have the edge when the final decision is taken as to which products to purchase, but this could easily change as bandwidth shortages and network congestion increase."
The report also found that, in Europe, more than one-third of installers and integrators now source IP-based physical security products from IT distributors and 15 percent purchase from IT value-added resellers. Going forward, decreasing numbers of traditional security distributors are expected to source IP-based security products.
"Whatever your role is within the security industry," said Hayfield, "convergence should be a major priority. As IT and physical security merge, a wealth of opportunities is being created for anybody who can adapt and take advantage of them."
Convergence is also occurring in access control. Most systems used for security feature expensive zone controllers with proprietary interfaces that contain the memory, CPU and all the intelligence required for identification and entry into the building. Furthermore, connection of multiple doors to such controllers is complex, since proprietary cabling with 12 or more wires can be required from each door to the controller for purposes of ID reading, door monitoring and door release activation.
John Smith, Marketing Manager at Honeywell Access Systems, explained that a Web-based access control system consists of an integrated Web server that is built directly into the access control panel. "The internal control panel Web server provides all data content required for hosting a Web-based system," said Smith. "Using any standard Web browser from anywhere in the world, a user points to an IP address that is associated with the control panel Web server and is connected immediately to the control panel."
Bosch's Web-based access control systemAccess Easy Control System (AECS)provides fast, full control of access readers, doors, elevators, gates, sensors, alarms and other security devices. Identity card access control allows definition of when and where access is allowed or disallowed and for whom. The AECS has built-in time attendance tracking for added control of business resources that greatly reduces audit time and errors caused by manual data entry. Moreover, tracking employee work time adds to management efficiency.
Intrusion monitoring and alarms are now built-in. In the event of unauthorized intrusion, the monitoring center immediately issues an E-mail or SMS alert to allow quick responses to the security breach. Configuration is facilitated through advanced input and output programming for preset applications such as guard tour, feed through interlock, up-down counter and exit door. Remote networking, administration and maintenance are enabled through a modem connection.
According to Joffry Maltha, Product Manager at Nedap Security Management, Web-based access control systems must consist of the following elements:
- A central server on which relevant data is entered, stored in a database and made available to the system.
- Clients in the form of a Web browser such as Internet Explorer to enter data and control the system.
- Hardware modules or controllers that independently grant or refuse access on the basis of the data available on the module and are linked to input and output modules to accomplish this.
- Software components on controllers to achieve desired functionality.
- Reader and input and output (I/O) modules for reading and converting incoming signals of, say, aerials (card readers). These also convert and transmit signals to control, say, the opening of a door.
- Power supply modules.
- Aerials to read card data.
- Cards (badges) and/or other data carriers for identification purposes.
- Physical equipment for access control, such as push buttons, detectors, barriers, lock plates, turnstiles, revolving doors and door pumps.
- Software to interface with other systems. Maltha also stated that the following supplementary requirements apply with regard to the general structure of a Web-based access control system:
- Communication between server and controllers and between controllers individually must be possible over a native IP network.
- The system must have a modular structure that supports scalability in a flexible manner.
- It must be possible to enter data and control the system from clients within the network using any operating system and a common browser, such as a recent version of Internet Explorer or Firefox, without having to install additional software.
- Controllers must be able to function independently and communicate directly with other controllers over the IP network without having to communicate with the server. This is called peer-to-peer (P2P).
In order to make software upgrades to controllers from the server as easy as possible, only use of Flash memory must be allowed in the controllers. Building Web-based access control architecture is not as complicated as traditional architecture. At the device end, however, some requirements must still be taken into consideration. "In short, our organization has set the following requirements for the various components of the topology of the system for access control and security," said Maltha.
- Construction on the basis of open-source software.
- An open database such as Microsoft SQL Server or Oracle.
- Possibility for separate application and database servers.
- Web-based user interface.
- Management on the basis of roles to be freely defined.
- Native IP network over Cat-1 or 5-UTP cables for communication between server and controllers and between controllers individually.
- Bus or IP communication between other hardware modules.
- At least an XScale processor.
- Embedded Linux OS and Java VM.
- Functionality on the basis of software components.
- Stand-alone functionality, independent peer-to-peer communication with other controllers.
- Aerial separation from reader for safety reasons.
- Modular installation, hot-swappable.
- Installation on a DIN rail.
All possible forms of identification must be supported at the same time, including Mifare cards, hands-free cards, biometrics, registration numbers and MRZ (Machine Readable Zone) codes on identity cards.
Management software features include basic programming functions, including adding cards, removing cards, running reports and viewing events. These are core functions for an access control system- -they are what makes a Web-based system attractive to customers.
"A small subset of features," said Maltha, "is appealing to users in the entry-level market because it limits the amount of training and expertise required to operate a Web-based system." Almost everyone, he said, can navigate and browse the Internet; therefore, a Web-based access control system should be an extension of simple and easy-to-use Web navigation and management software. Users that require greater functionality should consider a PC-based access control system, hybrid or combination that offers local PC-based control with basic functionality using remote Web-based capabilities.
Maltha believes that the next advance in security management software will be decentralization of information. Security systems provide decision-makers with data that should enable them to better safeguard security. In fact, however, it provides an overkill of raw information. Enormous amounts of data lead to poor security policies. Lots of video is being recorded, but not properly analyzed due to lack of time; access authorizations are enrolled, but not properly updated; intrusion alarms go off, but are not followed up on because there too many false alarms. Thus, potentially useful data is gathered, but not yet efficiently and effectively put to use.
"Many of today's graphical security management interfaces are aimed at this central security officer," said Maltha. "We believe, however, that it is an illusion to think that security is a one-man show. The whole organization should be made part of the security policy. That is why we are working on decentralized graphical user interfaces, called 'AEOS faces.' The most basic are ones that allow people to check who enters the working area. Decentralized (intuitive task-based) information distribution throughout the organization reduces staff workload and supports quality decision-making in time-critical situations."
Another reason software matters in a Web-based access control system is that Web-based readers are still mainly single-reader solutions. "If more than one reader is required in a system," observed Quek Daniel, Product Manager at Bosch Security Systems, "you will need to get third-party software to administrate the database and manage the system. Whereas an IP-based controller like the AEC has a built-in Web server that allows you to manage, control and monitor up to 16 card readers without any additional software."
The main reason why IP solutions are gaining so much attention is thatin combination with power over Ethernet (PoE) technologythey enable a major cost reduction both in initial purchase and maintenance costs. Multiple IP-enabled security devices can run over a single Cat-5 or Cat-6 wire. "Cost reductions of up to 30 percent on installation and maintenance cost have been reported," said Maltha. "The cost difference between IP and old proprietary cabling infrastructures is especially interesting if investments in existing IP networks can be leveraged."
Furthermore, a Web-based access system eliminates costly file server and client costs. "The Web server can accommodate multiple connections at any given time and, therefore, eliminate the cost of installing remote client hardware and software that communicates back to the main file server," said Smith.
"Our Web-based access control products," said George Redpath, Director of Engineering at CEM, "are being marketed as low-cost solutions that reliably power a complete door set via one Cat-5 or Cat-6 cable. Despite being described as a 'complete IP solution,' the system is designed to be easily installed by IT network and security installers without need for an electrician."
Redpath believes that Web-based access control will improve door security by allowing the installer to locate lock controls on the secure side of a door with an intelligent reader on the unsecured side. In addition, Power-over-Ethernet capability should eliminate any requirements for main power at the door.
Managing the system is easy. Anyone who knows how to browse the Web already has the basic skills needed. "Sys t ems admini s t e r pe r sonne l information such as access levels, time zones and holiday privileges, as well as designing and printing ID badges via the Web browser," said Redpath. "The systems also permit view of alarm events as they happen in text or graphical format and even live footage via IP cameras."
A Web server eliminates need to install software onto a dedicated PC. Web capability allows access to the Internet from anywhere in the world as long as there is an Internet connection. "Not having to install software allows users to be worry-free of viruses, incompatibilities with operating systems, and issues pertaining to hardware and device compatibility, including training," said Smith.
Web-based Access Control Concerns
Many vendors are offering Web-based access control solutions. Customers with existing installations are demanding more than what their existing systems have, for example, remote management, Web browser interfaces and faster communications.
The full benefits of IP in terms of reliability, flexibility, scalability, ease of integration, cost, effectiveness and efficiency are much bigger. "If you want to reap these benefits," said Maltha, "you should look at the whole package, not just the communication between controllers, server and readers. That package also contains decentralized intelligence, full Web-based operation and support for local IP communication."
IP solutions, added Maltha, have to operate in a decentralized manner because running multiple IP devices over the same cable is more cost-efficient only if users can conserve on the amount of data that is sent over the network. Otherwise, bandwidth needed to guarantee a basic level of network availability (quality of service) outruns any cost-savings. Thus, real IP solutions have to process and analyze data locally and send to the server only data that is important.
Native IP Structure
As with most technologies, users have to look under the hood to see the real difference. "It is not much different when shopping for Web-based access control systems," said Maltha. "One should check whether the system is really native IP or just IP-enabled, it is fully Web-based or users still need to install client software, and whether the system supports local IP communication between controllers of different devices."
IP solutions have to be fully Web-based, not Web-enabled and IT-compliant because only then can customers use less expensive off-the-shelf equipment for backup systems, storage and clients. "IP solutions have to support local bidirectional communication through local IP level integration," said Maltha, "because only then will IP systems be easier to integrate." He contrasted this with traditional integration via the database, server or at contact level.
The whole system design must take into account future expansion regardless of whether for card standards or biometric templates. One of Redpath's customers required a cost-effective, future-proof, sophisticated card-based security solution. "We provided the ideal solution for the client who opted to install the low-cost webEntry II Pro access control system with biometric technology," said Redpath.
"The customer told me that we provided him with exactly what he needed: an innovative security solution. The client now has the future flexibility to centrally manage his 27 sites around the world," said Redpath. "The security staff can easily operate webEntry II Pro via its Web interface, enhancing staff and visitor security via the host center. The solution is ideal for medium-sized buildings as it allows staff to easily issue ID cards that restrict building access using biometric technology and CEM card readers."
The Next Trend
According to IMS Research, the move to Web-based access control systems, integration with other security systems, and convergence of physical and logical access control are all forecast to drive growth over the next five years.
As more IP concepts incorporate physical access control systems, IP innovations, such as audio applications, are being used on card readers. "This innovation will be coming to high-end card readers in the next couple of years," said Redpath. "Audio application card readers enable people in Singapore to call Shanghai from the door. It will revolutionize conventional readers. In approximately 18 months, audio application via readers will be ready for the market. IP devices will be much quicker and easier to use. You will not have to worry about power supply or cabling problems."