printer friendly version

Perimeter security essentials

This series of articles was written to help residential trustees make informed decisions when selecting products and systems. So often is the case when a trustee is appointed to the security portfolio that may have some knowledge in IT or even in selling IP cameras, but do not understand the full scope of the job at hand.

It is for this reason that the longevity of the products and the installation should be scrutinised and specification considered. If there is an incident within a residential complex, house prices drop and it is branded 'dinner party unsafe'. Legislation also changes and this must also be taken into consideration.

Believe it or not, industrial networks for mining environments are very similar to the perimeter networks of a housing estate. The specification of the products being selected or recommended has become the difference between doing it again in one year or five years.

Reducing the cost of ownership is important, but insist on products with a five-year warranty. Do not be deceived by some products that offer a lifetime warranty – everything has a lifespan and when it’s over, it’s over. Look at the mean time between failures (MTBF). This will determine its expected lifetime. I have seen numerous large security firms supply cheap solutions just to secure the contract. The result is to the detriment of body corporates and ultimately residents.

Every detail of the security system must be specified ahead of the installation. Elements in the system that may seem trivial are not, i.e. using IP65 housings, the type of power cable that is used and how deep the power cables are trenched into the ground. All of these seemingly trivial specifications mark the difference between reasons and results.

The security network is made up of several elements, i.e. perimeter wall, IT network, electric fence, CCTV cameras, access and egress, and security guards. Maintaining accountability by keeping accurate electronic records of access, egress and authorised persons is imperative. It is very important to get every one of these elements correct. In most cases, it is the human element which is the weakest link.

The way to achieve an effective security solution is to have layers of security and not to rely on a single solution. Controlling access, egress and the monitoring of people and vehicles once inside the estate is crucial. Moreover, using equipment with an easy to access database and video footage will allow quick investigations.

In this article, I am going to start with one of the most important elements: the network. The reason for this is that the entire system uses it.

I have recently been involved with several systems. It would seem to me that the most cost-effective salesman will get the job even though his company may not do the entire network. For example, they may sell cameras and they may have a great product. The problem, however, is that a camera network needs to have an Ethernet backbone. The technical person will then sell a media converter or use unmanaged switches. It is common for cameras to multicast or broadcast through the network, unnecessarily using up valuable bandwidth.

The security backbone (IP network)

There is a big difference between an industrial application (IA) and a commercial application (IT). The type of protocols and IT language used are the same. This is where the similarities end and the problems start for most security applications. I am going to attempt to explain the difference between the two.

There are very astute, well-educated and experienced IT people in South Africa. These people have a good understanding of the networks used in commercial, clean, dry, managed and air conditioned environments, but very few understand industrial applications and the products designed for these applications.

The IA network must be installed and maintained by individuals that have a good technical background and are technically strong. The idea is they take ownership of the network and can be trained within four to five days on the installation and management of the network. Using managed layer 2 switches will keep the network as simple as possible. CLI and writing code will not work for this individual, but a simple to manage GUI with click and select menus will.

Network redundancy, network layout and bandwidth

IP infrastructure is best explained as a highway. Determining what type and the size of the highway is important in creating a reliable solution. It is important to plan your network correctly. There are 100 base, 1000 base and 10 000 base networks. These networks can be running on copper or single mode or multimode fibre. The single mode is used in applications that are greater than one kilometre between switches or nodes. If single modes SFPs are too close together, the one laser will burn the other one out. Multimode (LED) is a better solution for most security applications.

WiFi can also be used, however, but a physical connection will always be better and will always be the first choice. Fibre optic with numerous cores in a single cover is available. The cost between an 8 core and a 12 core fibre per metre is trivial, but more is better. Also, when specifying the connectors at the ends of the fibre, there are several types: the ST connector has a spring in it and will weaken and deteriorate over time. It would be recommended to use the SC connector for 100 base connections and the LC connector for the 1000 base SFP/gb connections. SC connect is inconvenient to work with on the initial installation, but it is worthwhile in the end.

Using unmanaged switches or media converters is not desirable. The unmanaged switch is an inexpensive option and has an application, but not an IP camera network. Using a managed switch has many advantages:

* Better usage from bandwidth.

* Better camera and network performance.

* Easy fault diagnoses.

* Network redundancy (20 millisecond recovery).

* Better network security.

* Long term saving.

With commercial networks, RSTP topography is very common and works well in that environment. It is, however, difficult to setup, determine faults and to upskill onsite staff. Using a ring or chain topography in conjunction with industrial managed switches will provide sub-second recovery times and avoid any single points of failure. Bandwidth can be controlled by using multiple rings and chains which will then return to a single core switch. The more data (or the bigger the highway) required will increase the cost of products. Some large security networks run on a 10 Gb backbone which is expensive. With the correct network design, this can be brought down to 1 Gb or even 100 base. One of the advantages of using the network redundancies is that if a failure is experienced, a technician will be contacted at a convenient time thereby reducing overtime or callout fees. Most importantly, the network will remain functional.

The infield or in-panel products should be DIN-rail mounted products and not modified 19-inch rack mounted products. This is due to heat distribution, power consumption and space inside the panel. Most industrial switches will have a wide DC operating voltage of 12, 24 or 48 V. It is important to specify a switch with dual power inputs, digital in, digital outs and relays outputs. These are used for alarming in the panel, anti-tamper power management or line failure.

Using a Web browser interface or graphical user interface (GUI) will allow a failure or anomaly on the network to be diagnosed at a glance. Most suppliers of industrial equipment have a GUI. Having a management tool using pictures of the equipment and showing which ports are connected together makes it easy to understand and repair a fault. It also provides the technician a visual or graphic overview of the overall network layout. The components to monitor are the power (POE), fibre condition, bandwidth and, most importantly, loss of communication between devices and to draw attention to it if it fails.

Temperature conditions

Most of the commercial products on the market have an operating temperature of -00°C to +400°C. Commercial products, more often than not, have a fan built into it. In some security applications, there are no trained personnel to service and clean the fan and no air conditioned rooms. The industrial (IA) product operates at -400°C to +750°C without a fan. Give this a moment of thought: if the ambient temperature is 300°C and the equipment is generating heat, what is the temperature inside an IP65 sealed box? It is the same as leaving a car in the sun and then turning the heater on. Commercial products will not function in this environment. It is said that should the air-cooling systems fail, the system will over heat and fail within an hour.

Surge protection

Power supply is not always reliable and installation is not always earthed. Industrial products normally have a far higher level of surge protection built into them. It is imperative to insist that all products are earthed correctly and that power supplies and the ports of the switches have surge protection. Every product will have a specification for surge protection and this is very important. The preferred specifications are EN 61000-4-2 (ESD) LEVEL 3 certified. The cheap industrial products will use phrases such as 'comply to' (self-certified), will make use of a partial specification (EN 61000) and not will not show '-4-2 level 3', which is the most important part.

One of the methods for reducing power surges is to eliminate as much wiring as possible and to replace it with fibre optics. In instances where cabling needs to be used, it must be armed and screened. The power supply on the switches should be redundant. This means that if mains power is off, continuous operation should be seamless.

Commercial UPSs are not designed to be installed in a kiosk in the field. The switch should be powered by DC (battery power) and not directly from mains power. A small solar panel can also be used in cases where power is unreliable. I would recommend a gel battery. A battery’s life is determined by the temperature it operates in. A gel filled battery has a better MTBF (mean time between failures) than acid filled batteries. It is these small elements that will determine your security level and cost of ownership.

Network selection summary

1. Decide what information is required on the network (highway). This may comprise VOIP (voice over IP) or intercom communications to the individual homes, cameras, video streaming, Internet and alarming.

2. Specify network management visualisation tool.

3. Use an IP calculator to calculate the size of your 'highway' bandwidth required. Each component in the network will require some bandwidth.

4. What topography or combination of different types of topographies will be used?

5. What type of fibre optic must be used?

6. How many nodes or devices will be on the network?

7. Select a single product supplier for your switches. This is done for several reasons:

- a. How many spares to carry

- b. Proprietary ring and chain topography.

- c. Up skilling of personnel on different brands.

- d. Availability.

- e. Warranty.

8. What are the environmental conditions, i.e. is it an acidic, salty or moist environment? This may require conformal coating to protect the PC boards.

9. High or low operating temperatures?

10. Are electrical storms common in the area and what is the reliability of the mains power supply?

11. When using WiFi, a site survey must be done.

Rule of thumb when designing and specifying network products and kiosks for perimeters

1. The recommended housing is IP65 or higher.

2. The dimensions of the housing must fit all of the components. Heat is also a factor when determining the size.

3. There must be dual power supplies – AC to DC.

4. Specify gel batteries and solar panels where needed.

5. Ensure surge protection on mains power and on switch ports.

6. Determine the type of fibre, i.e. long distance or short distance.

7. Select a switch with relays and digital inputs for kiosk security.

8. Select a managed switch with the amount of ports required.

9. Design a panel layout for the best thermal dissipation.

10. Select a SC or LC connector for longevity and reliability.

11. Determine the bandwidth requirements, i.e. 100/1000/10000 base.

12. Fit an earth spike to all kiosks.

13. Acquire an electrical compliance certificate.

14. Determine the height of and how the panel will be mounted.

15. Survey the environmental conditions.

16. Ensure that the specifications of selected products are scrutinised and comply.

Share this article:

Further reading: