Many facility security end-users desire the promised productivity and savings achieved with the transition to a cloud computing environment. End-users benefit from advantages - particularly with client/server architectures, including: Web-based software; a higher Return on Investment; increased productivity; ease of scalability; resiliency; and a focus on security operations, not the security system itself.
End-users who want to exploit the benefits of the cloud would be wise to evaluate an emerging, yet proven, architecture that offers an effective alternative for cloud based Physical Access Control Systems: Network Appliance Solutions.
Network Appliance Architecture
The Network Appliance architecture momentum has largely been driven by the Internet, the frustration with managing Windows-based servers, and the rising adoption of Open Source technology.
It is an architecture that delivers all of the important cloud value propositions - in some cases with superior design leading to lower overall costs - both on site and in private, while avoiding cloud characteristics that could have undesirable effects.
Cloud computing is associated with a wide range of values, definitions and benefits. For our discussion purposes, the Cloud promise is defined as "a deployment that better allows end-users to focus on their business, while enjoying reduced costs, increased productivity, simplified scalability and increased system resiliency." A major portion of access control systems are sold to small-to-medium businesses, so let's examine how a Network Appliance Solution can achieve the same promise for end-users in the SMB segment.
Low Cost, Increased Productivity
A network appliance consists of a bundled/preconfigured "server" that provides out-of-the-box program readiness in minutes, much like a Linksys router. An appropriately designed appliance eliminates the requirement for end-users to install and maintain the operating system and database.
Network appliances using Open Source technology also eliminate up-front and ongoing operating system and database license fees. Network appliances based on pure Web-based architecture provide added savings by eliminating client license fees for the application software. Simply put, an end-user merely needs a computer, Web browser of choice and secure login ID to use the software.
The appliance includes an operating system, database and Web server. While component choices are available for each, care must be taken when evaluating products. For example, some manufacturers bundle their appliance with a Windows operating system. This environment introduces many nuisances, including increased startup and upgrade cost, ongoing system management and security/virus patches to apply.
Appliance solutions using relational database management systems many times inflict these same problems. Open source technology (Linux, Open LDAP) addresses these potential pain points and are found on certain network appliances. Adoption of Open Source technology is a widely accepted practice for leading enterprise IT development, delivering high quality products, rich feature sets, flexibility, control and no vendor lock-in.
What about mission critical apps? More than 90 percent of world's top 500 supercomputers run Linux. Plus, Linux enjoys a majority and increasing market share in the web server market.
System Scalability & Resiliency
As end-users grow their business, Network Appliances are easily upgraded to handle system expansion, typically by simply installing a new license file. Systems may start large or small and can seamlessly expand, keeping existing appliance and field hardware infrastructure in place.
Resiliency is a crucial component for many end-users. The most common service interruption is a network fault (planned or unplanned). Without network availability, the head-end alarm monitoring function is disabled. In a typical PACS system, the database of identities, schedules and door configurations reside in the door controllers (central location or IP-based individual door controllers) and decisions are made at the "panel" level. Given the devices' high reliability, a built-in - and in most cases appropriate - level of resiliency is inherent. In addition, network appliances are highly available, embedded computers, designed for years of continuous service.
For users requiring greater resiliency, such as those deploying a Security/Network Operating Center to continuously monitor system activity, Network Appliance Solutions deliver a cost model that is in the end-user's control, as opposed to cloud vendors where a unilateral choice is typically made for them.
Funding a back-end redundant infrastructure may not be needed or cost-effective; thus, some Network Appliance Solutions can be automated for peer-to-peer replication and auto fail-over with existing appliances - enabling a resiliency grade similar to a five-nines approach, while doing so at a much lower price point.
Many IT professionals believe the ultimate goal in cloud computing is the ability to shift all capital expenditures to operational expenditures. Today, this is certainly achievable for the software delivery component. Yet, in reality, this is a small portion of the whole system deployment costs.
On-site total hardware costs for a typical PACS system make up the major portion of the funding outlay (30-70 percent). This high percentage of cost is difficult to justify as an operating expense. It has been a challenge - and many times a barrier - to end-users who want to shift to a cloud-based system without a capital expenditures budget to fund the initial deployment.
Even with a secured data infrastructure, some end-users still conclude that cloud computing is worrisome. Typical apprehension revolves around thoughts such as "Do I really want my mission critical employee and security data off-site?" or "Do I want my security information stored in an offsite server?"
Network Appliance Solutions address these arguably unfounded concerns. In the appliance model, all data remains on site, inside the protected premises.
Open Hardware Platform
End-users deploying facility PACS systems have two choices - either select proprietary hardware that only works with that vendor's software; or select de-facto industry-standard open hardware that is reusable if a end-user becomes disenchanted with their software provider.
Regardless of the chosen architecture (cloud or appliance), end-users should demand their large investment in access control field hardware be open to function with multiple software vendor's applications.
In the event the application does not deliver as promised, end-users can migrate to another solution while preserving their hardware investment.
Some Cloud Benefits Aren't as Valuable as Others
The notion of a service handling unpredictable changes in system loads - users, transactions and storage - may not apply for many SMB end-users. While some end-users experience hyper-growth, many grow steadily over time, thus not in need of managing spikes in system loads. For hyper-growth end-users where factors may preclude a cloud deployment, Network Appliance Solutions are designed to handle volatility by using multiple appliances in a replicated, grid-like architecture.
Another often oversold cloud value is the abatement of IT fees for end-users whose departments are charged inter-company service fees for their IT requirements, including disk space, storage and bandwidth. Typical SMBs consume IT costs in their G&A budgets; thus, IT fee abatement does not bring added value.
In either cost model, Network Appliances and their related system software are easily administered by the security professionals without a burden on IT.
There is bona fide value in deploying PACS systems in cloud based environments for end-users who understand the environment pros and potential cons, and meet the conditions in which the cloud is designed to best perform.
It is however, important to not get "lost in the hype" as this model does have its potential shortcomings. Other solutions are available. End-users will find Network Appliance Solutions to be a sound approach to attain valued cloud computing attributes on site, and in private; while minimizing the potential problems introduced in a cloud based environment.
Jeff Ross is Director of Product Management at PlaSec (www.PlaSecinc.com). He has more than 15 years experience in product management and marketing of integrated access control systems. He previously led various marketing, product and service operation teams at Lenel Systems Intl., now a UTCFS company.