Service-oriented Architecture (SOA) Enables Cloud-based Computing in Security

- The existing standards: PSIA and ONVIF
- Web services are emerging as the most suitable technology to guarantee interoperability
- The cloud is clearly the emerging example of where openness can take the security industry. Existing Standards
There is a need for standards written to address interfaces beyond network video products. PSIA has done more work in this area than ONVIF, which originally more narrowly focused on its goal of providing a global open network interface standard for physical IP-based video equipment. Work is ongoing to expand the standard into the access control space. PSIA, alternatively, began with a broader agenda as witnessed by the creation of PSIA's Area Control Working Group in order to develop specifications for independently developed access control and intrusion systems, to interoperate with each other and other PSIA specification-compliant devices.

In late 2011, PSIA announced the release of its Area Control Version 1.0 specification to standardize the communication into access control and intrusion products. The Area Control specification, PSIA's fourth system-oriented specification, was achieved with broad industry collaboration from companies such as Lenel, Mercury and Honeywell, representing more than two-thirds of the access control and intrusion systems market.

Standards allow an industry to agree on the language definitions and grammar acting as a universal translator for everyone, so that vendors can innovate and provide higher functionality in their products. The classic example of a successful standard is networking protocol TCP/IP. Companies are not trying to make a special version of TCP/IP. Using the standard, they instead drive innovation in other areas.

However, standards only expose the basic interactions among systems, databases and devices. Vendors tend to keep their “secret sauce” outside of those standards-based ways of exchanging data. This can be a result of intentional omission to preserve product differentiation or the inherent lag in the standards body's ability to incorporate new technologies and approaches. Ultimately, standards serve as a starting point for integration, but never the end-all, be-all solution.

Opening in the Cloud
In many ways, Web services are emerging as the most suitable technology to guarantee interoperability, allowing for easy and fast integration, thanks to source code generation through the standardized Web Services Definition Language. In addition, several rich and well-tested frameworks already exist in Web services. In fact, ONVIF does not see any other technology on the market providing such broad device support capabilities as Web services. It is not surprising that simple object access protocol (SOAP), an XML-based messaging protocol that Web services utilize for communication, is a popular buzzword currently in the security industry.

ONVIF's Core Specification 1.0 defines a network video communication framework based on relevant IETF and Web services standards, including security and IP configuration requirements. Having this in place will make it easy for manufacturers to develop fully interoperable products. Web services are also very suitable for other applications/devices, including as access control, and can be accessed through an open type of interface and then connected to other applications.

Cloud-based computing, which delivers hosted services over the Internet, is increasingly being held up as a new model of efficiency by the IT industry, and the move to the cloud has its own valuable opportunities for the security industry. Video, in particular, is emerging as a technology area where the cloud holds great promise. As with any key technology advance, the solutions that intend to employ that technology must properly evolve their solutions to appropriately provide the benefits without introducing unnecessary complications.

There are three primary categories of cloud-based computing: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS). An important area of IaaS for the security industry is cloud-based storage.

Many large global organizations are forced to manage literally thousands of DVRs and NVRs. With cloud computing and server virtualization, that kind of video storage can be centralized and put into the cloud and managed as ubiquitous storage. Video storage can be centralized in the cloud, centrally managed and monitored. That is only doable when you have standards and open architectures. It could never occur in a proprietary environment.

Brave New World
The cloud is clearly the emerging example of where openness can take the security industry. With the cloud, openness is more achievable; or to put it another way: without openness, the cloud is unachievable. Service-oriented architecture (SOA) is a key enabler for cloud-based computing, maximizing IT efficiencies in terms of server management, infrastructure availability and maintenance costs.

What makes SOA attractive is that manufacturers and developers can now create various Web services that are totally uncoupled from the user interface and allow for access from a plethora of platforms. In addition, SOA provides a clear pathway to appliance, cloud, hosted/managed, mobile, PSIM and VMS solutions that the marketplace is demanding.

As the security industry continues to embrace open systems and standards, proponents of “openness” are finding that the integration of disparate systems and devices is a work in progress. Industry consensus is that an open architecture is one of the most important requirements in designing flexible, scalable and interoperable security systems.

A winning solution will be one that appropriately leverages each of these elements into a solution that allows administrators to efficiently configure devices, users and business rules that provide information to operators in intuitive and innovative ways, ensuring the protection of a facility's people, property and assets.