Walter Helms serves as Chief Technology Officer at Matrix Systems. He is responsible for all software development, including migration to new platforms, and for supervising all ongoing technical customer support. Request more info on Matrix at www.securityinfowatch.com/10214324.
Intelligent single-door controllers have recently increased their presence in the market, as more users opt to connect these networked-enabled, power-over-Ethernet (PoE) devices directly to a network. The approach provides simplicity and adds value but, like any technology, there are some limitations to consider when managing an enterprise access control program.
Intelligent door controllers manage the basic functions of opening and closing a door locally, and are connected to the IT backbone, where multi-door functionality is managed. Should the network become unavailable for any reason, these door controllers automatically switch from network mode to standalone mode.
But the systems that use these devices depend on connectivity to the host application to control higher-level access control functions, such as the creation of passback or arm/disarm zones, mantrap configurations, producing occupancy counts and global input/outputs (I/O). All these are critical access control functions, especially in the increasingly complex world of enterprise security.
It is a fact of life that networks do in fact go down. That leads to the question of, what happens to these functions if a network connection is interrupted? The short answer is: They are lost. But leveraging proven technologies to augment IP devices can bridge the gap between functionality and security.
At the Mercy of the Network
Security practitioners prefer that their systems do not rely solely on the corporate network. That’s why intelligent controllers provide functionality to ensure continued basic operation at the door level in the event of a network outage. As mentioned above, the door controller switches to standalone mode and continues to operate the single door during a network outage. Is it too much to also expect continued operation of higher-level access control functions in the event of a network outage? Must users “settle” for partial functionality when the network goes down?
Security end-users may feel reassured to know that a network failure does not cause a catastrophic failure of their access control system as IP readers revert to standalone operation. But they may be disappointed to learn that the network failure will limit their system operation and undermine the enhanced functionality they invested in when they bought the system.
Concerns about what happens to an IP-based access control system when the network goes down include:
- What is the system’s operational capability during a network failure?
- What functions are lost when the network goes down and what functions are preserved?
- What is the system’s off-line behavior and what is the potential impact of that behavior on enterprise security?
- How fault tolerant/redundant are the IP links associated with a security device?
- What mechanisms exist to ensure continued, uninterrupted connection with the network?
- How critical are the functions of operational security that are lost when the door controller is offline?
- What impact might limited functionality have on the overall security stature of the enterprise?
- What additional activities and costs might be involved to create strategies to offset the limited access control functionality during a network outage?
These are valid concerns that go to the heart of what an end-user expects from an access control system. They want it to operate dependably, and especially so in a crisis situation. A variety of situations could cause the network to go down, from a natural emergency to a targeted attack. When considering risk management scenarios, security leaders should be able to depend on the full functionality of an access control system throughout a crisis. Their company’s well being may depend on it.
A Tried-and-True Alternative
End-users might understandably seek an alternative to a system that does not work to its full potential during a crisis. This situation can be remedied in how the access control system is configured, and the solution to the problem suggests that there is, in fact, still a place for hardwired door controllers in the world of IP access control. A solution is the use of a traditional IP-connected multi-door central panel with wired door controllers.
If potential network downtime and the resulting degraded operation of a security system is a concern, users should consider the merits of hardwiring clusters of their door controllers and intrusion alarm points back to a common IP. An area controller provides added intelligence to allow an access control system to continue performing multi-device security functions even during network outages. Intelligent area controllers are then connected via IP to the network.
The use of hardwired subcomponent architecture can offset the limitations of using IP door controllers connected directly to the network. Specifically, in the case of a network outage or loss of network connectivity, the hardwired configuration preserves comprehensive access control functionality. Even with the network down, an area controller can maintain functional features including arm/disarm zones, mantrap configurations and global input/outputs (I/O).
Clearly, such a configuration provides a meaningful advantage, but what about cost? At first glance, adding a level of hardwired subcomponents to an IP system would appear to make the system more expensive and complex; however, there are factors that offset the added cost.
For example, a configuration that clusters groups of door controllers hardwired to an intelligent area controller decreases the number of required PoE switches at the network. If IP door controllers are used, each homerun Cat-5 cable running from each door controller requires its own network PoE switch to provide connectivity and power. The additional PoE switches represent extra costs.
In contrast, hardwiring several door controllers to an area controller means only one PoE switch port is required to connect that area controller to the network. End users may find that, once they run the numbers, the cost for multi-drop wiring and the addition of area controllers compares reasonably to the cost of Cat-5 homeruns and the added PoE switch ports required for each individual IP/PoE door controller.
Choosing the Best Solution
All networks are not created equally, so concerns about network dependability may vary from one installation to another. Clearly, dependable network operation is important to an enterprise for many reasons above and beyond operation of the access control system. Technologies to boost an end user’s confidence in the network include fault-tolerant and redundant servers, used with uninterruptible power supplies (UPS) and emergency generators as basic defenses against the unexpected. In some situations, the use of IP/PoE door controllers in a pure IP security solution fits a wide range of needs.
However, hardwired edge devices and intelligent area controllers still have a place in the industry, providing a robust and cost-effective alternative that preserves high-level access control functionality, even in the event of a network outage. The tried-and-true approach of hardwiring door controllers to an area controller can provide end users with peace of mind regardless of what happens to the network.
The right configuration for any access control or security system is determined by the needs and the operating environment of the application. Security practitioners in critical enterprise environments need to know their systems are operating dependably and at full capabilities at all times. Higher-level access control functionality depends on multiple door controllers being connected — whether by hardwiring or by networking. If network connectivity is a concern, especially if complete access control functionality is critical to an application, a hardwired alternative is available. It’s a time-proven solution that still has a place, even in the IP networked world.
Walter Helms serves as Chief Technology Officer at Matrix Systems. He is responsible for all software development, including migration to new platforms, and for supervising all ongoing technical customer support.Request more info on Matrix at www.securityinfowatch.com/10214324.