When one interviewee jokingly said, ¨Our software can do everything but fetch the International Herald Tribune in the morning,〃 we decided to dig a little deeperby talking to a few system integrators and end users to determine whether everything is indeed fine and dandy after a management software platform is specified. When one interviewee jokingly said, ¨Our software can do everything but fetch the International Herald Tribune in the morning,〃 we decided to dig a little deeperby talking to a few system integrators and end usersto determine whether everything is indeed fine and dandy after a management software platform is specified.
Having read the wonderful and amazing things that can be accomplished by command and control (C&C) software, one must be thinking: "Let's be realistic — can this be true?" One way of ensuring that these claims are not simply marketing hype is to look at real-life cases.
Single-Vendor Turnkey Solutions
DVTel supplies its own branded hardware, enabling the company to offer a complete turnkey solution. An example of this comprehensive offering is deployed at the Bangkok Suvarnabhumi Airport. The installat ion has 16 different systems integrated into the iSOC and more than 2,000 DVTel network cameras. Having an integrated and scalable interface makes the DVTel solution flexible for a wide variety of user applications and needs.
The performance of the DVTel platform and its functions are limited only by the user's network and server capacity. "The beauty of this is the customer can control the destiny of their solution," said Kim Robbins, Director of Marketing Communications. "Unlike a DVR with its 16-channel limitationsuch that when you implement the 17th channel you have to buy another 16-channel DVRthis is truly an enterprise system with a global view, scalable in multiples of one to thousands."
TAC offers one of the most integrated security and building automation solutions on the market, said Anthony DeStefano, Director of Integrated Security Systems. "It's a total ly IP-based solut ion that suppor ts all (programming) languages, such as TCP/IP, BACnet and LON. It can handle anything in the security world, such as access control, intercom, surveillance and network video recording. It can also handle fire alarms, HVAC and building controls on one common system. Although we provide security, TAC is not just a security company."
Because it integrates with so many technologies, TAC's platform can be best described as a C&C system that seamlessly integrates with management subsys tems, such as those from Integral and DVTel, DeStefano said. The platform can also incorporate video analytics, which are mostly provided by Israeli companies, since they are designed on military-grade specifications and deployed in the commercial market.
"Part of what makes TAC unique as a total facility management solution provider," DeStefano said, "is that TAC doesn't just offer software; we provide hardware as well, thanks to being a subsidiary of Schneider Electric, whose mission is to be a global provider of anything in a building that is electrical." TAC is a manufacturer as well as a system integrator, with all the software and hardware for access control and digital recording — and since the acquisition of Pelco — a complete line of cameras.
Real Multi-Vendor Hardware Integration
"The main difference for IPSecurityCenter when considering small, medium or large projects," said Beverly Mann, VP of Marketing for CNL, "is the project management and coordination of professional ser vices deployment, both pre- and post-installation." In large projects, the number of different departments and stakeholders that solution providers have to liaise with increases significantly. "In order to manage this, we have built up a highly skilled project management team and support capability to coordinate and liaise with clients and their security infrastructure vendors." IPSecurityCenter is particularly geared towards multisite applications with a high degree of legacy and disparate systems. "The greater the number of locations, the higher the return on investment in cost saving, as multiple sites can then be managed from one single C&C center," Mann said.
"We identified 22 locations in the U.K. for the initial scope of the project. The first element of the project was to integrate more than 700 security devices, including CCTV cameras, switching matrices, DVRs, and several thousand access control doors, intruder detection sensors and alarm systems all from different manufacturers," said Thom Williamson, Manager of Security Operations for IBM U.K. "We reviewed the capability of a number of C&C systems; IPSecurityCenter was chosen because it was uniquely capable of providing complete control over all of our security assets, including legacy systems, and guaranteeing all responses to events and incidents are fully compliant with our security policies and standard operating procedures."
Before IPSecurityCenter, these procedures were locked down on paper; now, the system provides easy-to-follow, on-screen guidance for IBM's operators and automates a large amount of the response process. "It was important that all of the functions we required," Williamson said, "such as control of video walls, digital dashboards and reporting, were intrinsic to IPSecurityCenter and not add-ons from other software vendors." Automated reporting and communications meant more flexibility in the frequency and format of reports on incidents and trends, without increasing management or production overhead.
IBM U.K. needed software capable of integrating and automating its defined corporate security policies, initially across the U.K. and potentially for other geographic regions. "We needed a system to consolidate and analyze events and communicate actions to response teams, thereby providing the business with real-time situational awareness and response. We wanted onscreen operator guidance and workflows to reflect differing procedures, even on a site-by-site basis. The fact that these workflows were graphical rather than in computer script meant that our security managers and operators could understand the workflows and contribute to improving them," Williamson said.
CNL understood the need for scalability and consistency to support in-countr y, regional and global deployment, and worked with IBM to customize the solution to ensure IBM's current and future operational needs would be met . "Another important factor was speed of implementation. We did not want to be constrained by legacy equipment or future security requirements. IPSecurityCenter's design meant that we were able to rapidly integrate our legacy and disparate devices, while implementing our security policies and procedures within our project timeframe.〃
By combining process flows with automated communication, IBM U.K. is able to benefit from improved situational awareness and distribute incident intelligence to point of need. Integration of new and legacy systems preserves existing investment, deferring procurement and thus delivering rapid return on investment. ¨Overall, IPSecurity Center gives IBM enhanced security, greater control and operational efficiencies. The solution provides us with operational flexibility that I never imagined possible,〃 Williamson said.
Real Life Presents Real Challenges
Different requirements are the main challenge when it comes to C&C software. Basically every solution must be customized, so the platform used must be robust and scalable. "Not only must the system be built on an open architecture, but the system integrator must also keep an open mind," said Patrick Lim, Marketing Manager for Ademco (a Rentokil Initial company) , a prominent regional system integrator based in Singapore. "A competent system integrator should be able to think ahead and come up with '100 more scenarios' than the client requested so that when changes need to be made later on, there is always room in the system to accommodate them." Another challenge is budget: users often get "greedy and creative" and want everything integrated without realizing how much more software engineering has to be involved. "When server storage cost is added into the mix, the bill can become intimidating very quickly users have to decide what to include and what not to, both in terms of data and in terms of equipment."
"As with any other complex system used in the building services industrybe it lighting control, access control or fire alarmsit is crucial to ensure that the system design is adequate before embarking on the implementat ion phase," echoed Russell Stuart Chalon, Head of Pre-sales and Training, Certis CISCO Security Technology, another prominent system integrator based in Singapore. A future-proof system design should cater to any expansion requirements (normally specified as a percentage increase in capacity) and to the overall building design, so as to minimize installation of control and power cabling, control panels, power supplies, interface panels and so on.
"With our many years of experience in this field," Chalon said, "we observe that in the integration of different subsystems, such as access control, intrusion detection, surveillance and, say, a building management system, it's critical to select open database and open protocol-based systems that allow for free flow of information both being sent to and received by each subsystem's database." It is also critical to fully understand client requirements and appreciate that it can be a time-consuming process in coordinating with all the different system vendors. All parties need to work as a team to ensure the integration process runs on time and budget.
"The largest challenges we face center around working within multiple departments or disciplines inside our customer organizations," said Nick Samanich, Director of Commercial Strategic Produc t s Planning, ADT Security Services, Tyco International. "Many different company functions must be involved as part of the process to have a successful, seamless implementation of a centrally managed system." Those functions typically include information technology (possibly even multiple departments within IT ), information security, physical security, human resources, operations and so on. "Each group must provide support and feedback relative to their area of responsibility. However, coordinating meetings with the correct people to provide this information or feedback in a timely fashion can be challenging," Samanich said. "In many cases, we'll get permission to do discovery visits inside the facilities to obtain the necessary information ourselves."
Another thing to consider, Chalon said, is what happens when one of the integrated subsystems has a new software release (which happens frequently). "This is something that needs to be addressed in the maintenance contract after practical completion and handover to the client."
In most cases where there is integration among various subsystems, it is normal practice for each subsystem to have either a factory acceptance test or on-site acceptance test to ensure it is operating correctly as a stand-alone system. "In parallel to this," Chalon said, "it's quite common for the C&C software platform to also be tested off site to ensure that the integration operates to the specification, prior to the actual on-site acceptance test in which more functionality of the integration is normally carried out."
Typically, system-specific testing criteria are provided to the customer upfront to address how specific interfaces or unique features will be tested, Samanich said. "Normally, all testing around software stability and specific features is performed in advance of the project. We typically test communications, connectivity, feature/device/system functionality and software interfaces." Testing is usually done on a device-by-device basis to ensure that each works as planned and communicates with the central management platform. "The testing includes technicians stationed both at the C&C center and at the device, who are using the device for its intended purpose."
Unique features such as traps, analytics and detection-induced actions must be tested in a real world environment. "We simulate the actual intended usage of the system to ensure these features are functioning as promised," Samanich said. "Lastly, software interfaces are put through their cycles to ensure that al l data i s exchanged and handled in the appropriate fashion."
No matter how sophisticated software engineering has become, system integrators still see gaps in the real word. First — and the largest gap that exists — is the lack of interoperability standards. "It's difficult to integrate systems from different manufacturers because they usual ly communicate in a proprietary fashion," Samanich said. "Most C&C software packages only work with a limited set of manufacturers' equipment (and a limited product range with those vendors) and promise to be able to work with everyone's equipmentthat is not an easy task to accomplish."
Another major gap is a complete understanding of the computing power required and how that power needs to be deployed. "A centrally managed system typically spans buildings or facilities that are geographically disparate, and there is not always a clear picture of what communications means (and speeds) are available," Samanich said.
Security is a human business — a profession in which people matter the most. While hardware and software technology can be straightforward, human decisions and reactions are harder to predict.