printer friendly version

IP is for access control

Access control is one of those areas that companies never want to replace, after all, it’s simply about allowing someone into your premises or a restricted location, or not allowing them in. Today, however, using your access information can form the basis for time and attendance, workforce management, shift and project planning, and can be integrated directly into payroll. And there’s still more that can be done and accomplished under the banner of ‘business intelligence’ with your access control data.

Hi-Tech Security Solutions asked a few local access control players about the growth of IP-based access control, and what benefits it provides to users that would be harder to get using traditional methods. On the other hand, is IP access just another buzzword created to create demand and generate sales?

To get answers to our questions, we approached:

• Johan van Heerde, GM at Skycom,

• Jonathan Summers, MD of Controlsoft, and

• Walter Rautenbach, MD of neaMetrics, local Suprema distributor.

Hi-Tech Security Solutions: What are the benefits of IP access control over traditional systems? How does a company benefit using IP ‘to the door’?

van Heerde: TCP/IP is the most widely used protocol in all industries requiring a communication protocol today and organisations are much more likely to have a LAN / WAN infrastructure within their facilities than a RS-485 infrastructure. Moreover, all data ends in TCP/IP, in order to get your data to a central point, somewhere along the line it will have to be converted to IP.

TCP/IP gives you the geographical advantage of being able to manage your access to an area in Brazil from a server sitting in South Africa, and it eliminates many interface converters i.e. RS-485 to RS-232 to data.

Summers: IP ‘to the door’ provides significant cost savings on cable installation. Most buildings nowadays are flood wired with IP points so this makes adding a door more cost effective. Controlsoft now also provide a POE+ version of the iNet ACU that provides the equivalent of 1.5 Amps with an integrated 30-minute battery backup, so there is no requirement to pay an electrician to fit a power socket to the door.

Rautenbach: IP access control is much easier to implement than traditional systems. Reasons for this include the fact that IP topology is far more widely used than for just access control and traditional access control protocols were mainly proprietary, requiring a fresh new learning curve when wanting to change. Now implementations of IP access systems can be managed by your network technician and administrator, resources that in general need knowledge to operate and configure software.

This resulted in much easier ‘do-it-yourself’ implementations where corporations prefer to be in control of their network and security. Not much else is needed than the knowledge of how to configure an IP address, laying network cables, managing software and perhaps drilling a hole? So moving the ‘security manager’ function to IT makes sense, with IT departments claiming more responsibility and control, removing the reliance on external contractors that, in the end can cause serious security risks in itself. Moving to IP at the door just made sense.

Of course, these benefits are more easily said than done, especially by ambitious IT departments and personnel. It was soon realised that it was not only the game changer we expected, but more. Now with our access control devices on ‘the net’, with great benefits of easy access and management, we have also changed the game. We should take a step back and consider the hacker temptation, malware working itself into the firmware of devices that control our movements and our assets, and conveniently making a network point available outside our office doors.

This step back means relooking the value of encryption to the door, OSDP and certification and authentication of device firmware. This is not unique to access control, but common to the whole IoT [Internet of Things], which access control now, arguably, forms a part of.

Hi-Tech Security Solutions: Access control systems were traditionally proprietary technologies that limited users to a single brand. Does IP change that or are systems still configured to support kit from a single company?

van Heerde: Today, if your system is not hardware agnostic, you are on the wrong path. Integration and open platforms are the way to go and this is evident if you look at the amount of SDKs and APIs available on the market.

Your system simply cannot, not have an SDK or API in order for other systems to give and take functionality and data to and from your system. You cannot specialise in all areas and locking your system down limits your system’s usability in the long run.

Summers: Typically, the network door controller and associated software are still proprietary to the access control manufacturer, but with Wiegand and OSDP (RS-485) interfaces available on the controller, the user has a very wide, open choice of readers and credentials to choose from. In a typical lifespan of 15 years for a network door controller, we expect an end user to change / update the readers and credentials at least once.

Rautenbach: Not really. With traditional access control, the serial based protocols were definitely more proprietary and different between vendors, with greater security through obscurity. On the bright side, on the IP backbone, resources with the skills to manage the network can easily get involved in managing access, and moving from system A to B is not that difficult.

That does, however, not mean that you can just take an IP device from manufacturer A and plug it into the software system of manufacturer B, like you could do with ONVIF compliant cameras on video platforms. Don’t get me wrong, ONVIF Profile C is indeed there to offer this to access control, but I am not aware of too many access terminal providers that have considered this and, in general, it currently only brings video to mind.

Hi-Tech Security Solutions: Does IP make integration into management platforms simpler?

van Heerde: IP-based access control does not make integration simpler per se, as it’s just another protocol for hardware communication, but your central point of data entry is completely TCP/IP reliant and this is where the magic takes place.

With a strong and solid central data centre with controlled access via an API, for instance, you can mine and generate any data in any format you choose. The dependency would thus mostly be as to what format the data currently exists in, and if it is accessible from third parties.

Most of the new systems have SDKs or APIs which can facilitate the integration. There are many BI systems out there that can provide a platform for your management tools and they are more powerful than ever before.

Summers: In theory it should, but in practice, due to the fast pace of change, particularly in the CCTV marketplace with constant evolutions of manufacturer’s products, you inevitably require either add-ons or plug-ins for each brand. It also leaves the end user less dependent on a single supplier.

Rautenbach: Yes it does. It is much easier for access control software providers to integrate IP hardware from multiple vendors, with noticeable increase in demand and growth when it comes to security management systems (SMS) that offer end users the benefits of integrating different types of security, (i.e. personal access, visitors, video, devices, vehicle, fences) as well as removing the risk of being locked down to one hardware vendor by offering compatibility with various hardware manufactures. It is always a good indicator to look for manufacturers whose hardware not only runs on their own software, but is also integrated into several access and security management systems.

Each vendor still has their own SDKs, therefore integrating a new hardware vendor into your SMS normally requires a new plug-in, be it for access control, intrusion or alarms. This, of course, is referring to software integration and not the traditional hardware integration. There are open protocols such as the Security Industry Association’s Open Supervised Device Protocol (OSDP) allowing for a standardised device protocol for hardware to talk to each other. At this point, the focus of OSDP is on traditional serial communication, although the new version 2.1 has a single mention of “This protocol is extensible to allow transport over other media, such as TCP/IP”. This is a development in OSDP that we are keeping a keen eye out for, or perhaps ONVIF Profile C will find traction.

Hi-Tech Security Solutions: What particular access solutions do you provide based on an IP infrastructure?

van Heerde: XTime is a specialised workforce management suite comprised of modular hardware and software components. It is specially designed around the multitude of business demands and aspects pertaining to the management of your workforce, health and safety, cost, security and access control. XTime is the chosen operation critical system within many countries within a wide variety of sectors including mining, oil and gas, industrial and manufacturing operations.

The suite contains an extensive set of standard functionality and payroll exports, and our locally based team can facilitate and implement any additional custom requirements that the customer might require. The strength of our product lies within the versatility and flexibility of the suite to conform to your unique business model.

XTime is geared for seamless integration and we specialise in aligning business process requirements with the XTime Suite through synthesis on a database, third party validation facilitation (controller or server-based) and hardware level which includes facial recognition, breathalyser testing, key management cabinets and building management.

The XTime Suite ensures a safe, cost effective and efficient work environment for all, with inputs and outputs to various ERP, HR and payroll systems. Some of our most popular IP based hardware offerings include:

• EABR biometric reader / controller.

• Safran facial recognition reader.

• Impro EC3 controller.

• Impro IP-based door controllers.

It is important to note that all controllers on XTime run firmware specifically developed for the system. XTime offers:

• Workforce management

• Access control.

• Health & safety management.

• Fatigue management.

• Canteen management.

• Equipment & asset management.

• Integrated biometric identification solutions (fingerprint & facial recognition).

• Central system command centre.

• System health dashboard.

• Weigh bridge automation.

• Seamless payroll integration.

Summers: Our Identity Access solution is built on an IP infrastructure that provides installers and end users more choice than ever before to connect IP devices directly to the network backbone. The IP devices that can sit directly on our IP backbone include our Network Door Controller (iNet) and Morpho fingerprint readers.

Rautenbach: Suprema’s full range of access and time devices have been IP based for the past 16 years, while continuing to support traditional Wiegand interfaces and now OSDP. Our latest BioStar 2 cloud and web enabled platform takes IP device connectivity to the next level, allowing for easy and effective multi-site implementations that securely manage identities for access and time over IP and allowing access management through its mobile enabled platforms from anywhere in the world, or to where the Internet stretches.

As a leader in IP based biometric and RFID access terminals, Suprema realised not only the benefits that IP brings but also the vulnerabilities that it can introduce. Suprema is actively involved in the security community, implementing communication and data encryption standards, and device firmware signing, as well as other open standard communities where it actively contributes to the development of these standards to ensure uncompromised access and identities.

For more information contact:

Suprema, +27 (0)11 784 3952, enquiry@suprema.co.za, www.suprema.co.za

Controlsoft South Africa, +27 (0)11 792 2778, africasales@controlsoft.com

Skycom, +27 (0)10 001 4672, johan.vanheerde@skycom.co.za, www.skycom.co.za

Share this article:

Further reading: