Access Control for. Part 3 of 4. Brought to You by. Presented by Video Security Consultants

Similar documents
Access CONTROL. MANAGEMENT Software

GMS GRAPHICAL MANAGEMENT SYSTEM

The system should also be capable of recording events automatically on any compatible DVR and should be able to retrieve recordings based on events.

Aviation Solutions. Why Tyco for airports? Our systems help protect over 110 airports. Secures over 80% of UK Airports and more than 60 US Airports

Access Professional Edition. The flexible access control system that grows with your business.

ARCHITECTURAL AND ENGINEERING SPECIFICATION

Pro-Watch Software Suite. Architect and Engineering Specifications. January 9, 2002 Revision 3.4

AIRPORTS. CARECALLER PowerfulSecuritySolutionsForSeriousSecurityNeeds

Avigilon Control Center System Integration Guide

Facility Commander Complete, Integrated Command and Control

Facility Commander Wnx

DVTEL DVR Interface. DigiOp DVR Interface

Millenium Electronic Access Control Systems Networked Real-Time Access Control

Monitoring Operator Guide. Access Control Manager Software Version

Net2. Total Access Control.

Gallagher System Integrations

CARD ACCESS CONTROL SYSTEM

Tech Data Sheet D01662GB0_Esgraf 4.1 and Configuration Server 30/2011 2/(5)

Avigilon Control Center System Integration Guide

Course Catalogue. An evolution of excellence. Welcome to the UTC Fire and Security EMEA Lenel OnGuard Training Catalogue for Value Added Resellers

Net2 Access Control. Paxton Access

Architect and Engineering Specification

Integrated security management platform for Windows. Seamless. Effective. Efficient.

CITY OF DENTON RFP FOR SECURITY CARD ACCESS CONTROL SYSTEM EXHIBIT 2 SCOPE OF WORK AND TECHNICAL SPECIFICATIONS

OpenDevice Events Guide

Made possible by an innovative licensing scheme, which allows individual hardware configuration, up to the maximum configuration:

Cardax System Comparison

GE Security. Wnx. Facility Commander. Integrated security management platform for Windows. Seamless. Effective. Efficient.

NextGen Home Security. Quick Reference Guide

HikCentral Web Client. User Manual

Total Unified Solution for Building Integration: Communications, Access Control, Video Surveillance and Fire

P2000 and Metasys System Integration

G SERIES: Security INTEGRATION as you want it. Greater expansion, communication, video integration, system resilience, and automation.

RFP Addendum 2 March 31, 2016

Building Integration System. Your platform for customized security and safety management.

Advisor Advanced Mobile Application User Manual

HikCentral Web Client. User Manual

Honeywell Total Connect Remote Services

Perimeter Product Overview. Effective protection for your business

Why Should You Invest In An Access Management System?

Integrated Security and Building Automation Technology Solutions and Services. SDI Security Center of Excellence Charleston, SC

Integrated Solutions. Integrated Solutions HONEYWELL SECURITY & COMMUNICATIONS. More and more, customer requirements cannot

Redefining Security for the Modern Facility

Ademco Vista Alarm Panel

Patriot Systems Limited

Vykon. Security. Integrated Access Control. Web enabled security management built on the Niagara Framework

USD 380 Centralia, Frankfort & Vermillion

System Galaxy Quick Guide

Automations and ACLinks. Technical Support Engineering Rosslare Security NA For more information please see

Complete solutions for commercial security. Verex delivers leading intrusion, access and video products to protect today s companies

ACCESS CONTROL SOLUTIONS ACTEC SERIES

INDUSTRIALMANDOWN & LONEWORKER

Complexity made simple

SIMPLIFIED HOME SECURITY AND CONTROL

Ion Gateway Cellular Gateway and Wireless Sensors

Session VI Smart safety systems

P2000 and Metasys System Integration

UltraSync Modular Hub

Avigilon Control Center 5 System Integration Guide

Paradox Integration Module Settings Guide

Common Questions & Answers

Integrated Security Solutions

The WAVE Plus Instant Notification System for Schools and Colleges

Synergis Master Controller 2.2 Integration Guide for Assa Abloy Aperio- Enabled Locks

Complete Security Solution

UD-VMS510i. Surveillance Management Center

Lighting Xpert Insight User Manual

Network Hardware and wiring (quiz)...

Web Services are based on Apache and Tomcat servers. The html/jsp (tags, beans) are fully customisable and extendable.

A Smart & Integrated Security solution

Lonix Access Control Operation & Maintenance Manual

Designing the Right Access Control System A Case Study. 12 th May 2010

Grandstream Networks, Inc. GDS3710 Input/output Connection Guide

OnGuard 7.1 Resolved Issues

Patriot Systems Limited

OnGuard 7.2 Resolved Issues

This technical update applies to Pro-Watch Software Release 3.5 and later.

CITY OF MT. PLEASANT MT. PLEASANT DEPARTMENT OF PUBLIC SAFETY 804 E. High St. Mt. Pleasant, MI 48858

ACTIVE INFRARED BARRIER

WEBs AX Security. Integrated Security With Simple, Web-Based Management

Architectural and Engineering Specification for a Security Management System. StarNet 2

EC-BOS-602/616 AX Security

Welcome to a world where technology flows through the heart of your business environment. Welcome to CDC

Dell and Lenel Grow Globally, Together

Boztek Solutions` PLAYSTATE

Intelligent Keys. A smart solution for recurring revenue

Using ANM Mobile CHAPTER

Facility Explorer Asset Protection by Yorkland Controls Ltd. Fr

Gallagher Perimeter Product Overview

Remarkable Entry Just Got Easier. VISCOUNT MESH. Making a

WIN-PAK SE with VISTA Integration INTEGRATED SECURITY, VIDEO AND ACCESS CONTROL SOLUTIONS. A Winning Combination

TX3 Series. TX3 Nano. Configuration Manual

Product Datasheet MM8000 MP3.15 Management Station

Datasheet Face Recognition [Genetec VMS]

Contents. 30 References

Flair 500 Series Annunciators

Am I safe working in this building?

BMS Specification. Lonix Ltd.

DeltaV Operate. Product Data Sheet DeltaV Operate December 2006 Page 1. Introduction. Benefits

RVRC Training Manual Fast Trace Installer Menu

Transcription:

2008 Video Security Consultants Brought to You by Presented by Part 3 of 4 A1

Part 3 of 4 Taking a Hard Look at Software The essential function of an electronic access control system (EACS) is to control access. But it is software that enables users to make the most of EACS hardware, including the ability to enhance alarm monitoring, control auxiliary devices and integrate badging solutions. By Steven O. Gibbs Welcome to the latest of SECURITY SALES & INTEGRATION s acclaimed D.U.M.I.E.S. series: Access Control for D.U.M.I.E.S. Brought to you by Pelco, this four-part series has been designed to educate readers about electronic access control system (EACS) design and implementation. D.U.M.I.E.S. stands for dealers, users, managers, installers, engineers and sales people. Although many of the functions and features of an EACS are inherent to the intelligent control panels (ICPs) described in Part 2 of this series, it is the EACS software that enables the user to exploit these features. Before we can discuss EACS software in more detail, we must first understand that the choice of platform (computer hardware and operating system) will have an impact on the ultimate functionality of the EACS software. Computer Platforms to Consider In years past, the most basic platform would be a dumb terminal connected to an ICP in order to utilize some basic programming functionality built into the ICP firmware. Some panels actually provided a basic menu structure back to the terminal display screen to assist with programming. A2

Today, some of latest EACS products are simply a revised version of this process. With much more programming power, the Web-enabled or edge system is basically an ICP with a Web host application onboard that allows any computer with an Internet browser application to access programming and transaction records over a TCP/IP network, across the room or across the world. Of course, the user can only configure one ICP (and maybe only one entry control point) at a time in this manner. Although this system could work with a limited number of ICPs or entry control points, it would soon become cumbersome to maintain as the system expands. A standalone PC running an EACS software application can communicate with many ICPs utilizing multiple communication protocols such as TCP/IP over Ethernet, RS485 over twisted pair, or RS232 over the public telephone switched network (PTSN). This configuration permits the system administrator to build a central database of panel configurations and maintain common information about credential holders, which the software application then seamlessly distributes to the appropriate ICP. Although a standalone PC running the appropriate operating system (OS) can handle the processing and programming needs of a very large system, EACS Client/Server Configuration A typical electronic access control system (EACS) client/server configuration include task specific workstations. A primary computer runs a database management system (DBMS) application and the core EACS software. Workstations, or clients, often include terminals for administrative tasks, alarm system events and badging. the need for system operation tasks to be divided among several operators usually results in the implementation of the client/server platform. The diagram EACS Client/Server Configuration (below) depicts a typical client/server system with task specific workstations. The primary computer or server will typically be implemented on a server-class PC with an advanced server-level OS and a database management system (DBMS) application. This machine will host the core EACS software application. The number and location of task-specific workstations, or clients, will depend on the complexity of the EACS. In almost any medium- to high-level system, the following workstations will be implemented: administration, alarm and badging (as depicted in the aforementioned diagram). The administration workstation will be used by the system administrator (user responsible for overall system configuration, programming and maintenance). This workstation will normally not be monitored at all times. The alarm workstation should be located in a central, 24/7 staffed area (usually a security control and dispatch center or SCC) and will handle system events that have been configured as alarms. Alarm monitoring features will be discussed in more detail shortly. In a large SCC, utilizing more than one operator, additional alarm workstations may be required. And in a very large EACS implementation spanning many facilities, alarm workstations may be located in more than one facility or building. The badging workstation will normally be the input point for credential holder information as will credential production and activation. Again, in a large EACS implementation, with multiple sites spread over a large area, it will be necessary to provide multiple badging workstations allowing for convenient enrollment points throughout the organization. Make Plans for System Expansion Before selecting any EACS software application, the systems integrator should consider system expansion. This topic, as it applies to EACS hardware, was discussed in Part 2 of this series and it is so important that its relationship to EACS software will be expanded upon here. It is not uncommon for an EACS to grow from a four- or 16-door system to a 50- or 100-door system within a very short timeframe. In fact, many systems continue to grow beyond the 500-reader mark. Expansion is normally a good thing for the systems integrator as the end user will be returning again and again asking for additions, usually in small increments, to the system. The problem occurs when the systems integrator implements an EACS software solution that has to be completely replaced in order to expand beyond a fixed number of entry control points or to expand from a standalone PC to a client/server configuration. This replacement is not only expensive in terms of new software cost, but may require many hours of support from the user s IT department and from the EACS software developer in order to transfer or enter existing EACS system data. It should be apparent that the systems integrator should select an EACS software solution that is modular in design allowing the selection of only those A3

components needed for the initial installation, while at the same time, providing upgrades by simply adding the additional modules or activating features installed but initially locked out. EACS Software Features, Functions Prior to the development of distributed processing systems (circa 1980), EACS software was the primary decision maker in host-based systems. A credential was presented to a device, (such as a card reader or keypad), the device relayed the credential data to the software which made the access decision, and a signal was sent back to the device to release the entry point. In today s distributed processing systems, ICPs maintain a file of accepted credentials and communicate with one or more readers, keypads or biometric devices. When a credential is presented, the local control panel makes the access decision and signals the release of the entry point. So, in the most basic EACS the software serves as a user interface to program the ICPs and as a repository of system data and events such as entry/exit transactions. The diagram Common EACS Applications (below) depicts the four basic functional areas of most any EACS Common EACS Applications software application. Although these functions are tightly integrated within the software package, we will study them individually. The basic function of any EACS is, of course, controlling access. This is accomplished by configuring access points controlled by locking hardware and credential readers, configuring rules for access (access levels and time codes), then applying those rules to credential holders. In Part 1 of this series, we discussed the four major access control goals: Limit Access, Increase Security, Provide Audit Trail, and Identify Personnel. In Part 2 of this series we, described physical methods to Limit Access created by hardware devices placed on entry control points. The access control functional area of EACS software provides the user with virtual methods to Limit Access. During initial implementation, the system administrator assigns logical addresses to physical devices, such as credential readers. Once this is accomplished, the readers are now selectable To view previous installments of this series, visit SSI s Web site (www.securitysales.com) and download them from the D.U.M.I.E.S. series section in the Special Reports link. Most any electronic access control system (EACS) software application includes four, tightly-integrated functions: assigning user access levels; alarm event monitoring; auxiliary device control; and ID badging task. by unique names and can be grouped together to create access levels. Access levels serve two major functions. First, in any system larger than a few entry control points and a dozen credential holders, it would be very time consuming to set up access privileges for each single credential holder by selecting the individual readers each person may access. Furthermore, when a new entry control point is added for each authorized credential holder, the system administrator would need to visit that person s record to add that entry control point. Using access levels, the new entry control point is simply added to the appropriate access level(s) and credential holders having those levels automatically receive access. The second function of access levels allows a system administrator to create access levels for each unique workgroup or job function within the organization, based on rules established as part of the overall security management plan. In a large system, credentials will normally be created and assigned by someone other than the system administrator. For instance, a badging station may be operated by a human resources assistant that has little understanding of the overall security plan. This operator simply assigns an access level to the credential holder based on the new employee s workgroup or job role. An access level is basically a list of credential readers. For each reader added to the list the system administrator assigns a time code. Time codes are simply definitions of when access will be allowed. For example, a time code called 24/7 or ALWAYS would be defined to be active at all times and days (including system-defined holidays). When associated with a reader in an access level, a credential holder would have access at that reader at all times. On the other hand, a time zone defined to be active from 7 a.m. until 5 p.m. on weekdays only and called DAYS would allow access at that reader only during those hours Monday through Friday. A4

Holidays are configured by the system administrator to represent days throughout the calendar year when access rules must be modified automatically by the system. When a time code is created the system administrator selects whether or not that time code will be active on days defined in the system as holidays. Referring back to the earlier example of the DAYS time code, if the holiday exception was applied to that time code then on Wednesday, July 4, the time code would remain inactive and deny access to a credential holder at any entry control point paired with that time code. Defining Access Levels The diagram Establishing Access Levels defines three access codes for the fictitious company American Products (described in Part 1 of this series). With access levels defined by department or job function it is very easy to assign access to new credential holders. And, should a new door be added to the production area of American Products, it will only be necessary to update the PRODUCTION access level rather than modifying each of the 50 production workers cardholder records. In many larger systems, it is not possible to define every credential holder s access with a single access level. This will be especially true in multifacility organizations that are spread across a geographical area. When this is the case, the EACS software should allow multiple access levels to be applied to a single credential holder. Access can then be built using a modular approach. Finally, no mater how much thought and effort the system administrator puts into the creation of access levels that can be easily assigned to credential holders, someone will need special access to one or more doors that others in that job function should not have. The precision access feature allows individual doors with an associated time code to be added to specific credential holders. The credential holder database within an EACS software application Establishing Access Levels EACS software should allow multiple access levels to be applied to a single credential holder. A precision access feature allows individual doors with an associated time code to be added to specific credential holders. Above is an example of access levels defined by department or job function. should accommodate all of the information gathered by the workstation operator as a credential is created. This will include name, department, job function and emergency contact information. Since the type, size, and quantity of this information will vary widely across different organizations, the systems integrator should choose a solution that allows many, user-definable fields with this database. In addition to text and numerical data stored in the credential holder s record, EACS software should be capable of maintaining the credential holder image, signature and biometric template (when biometric readers are utilized in the EACS). In Part 4 of this series, we will explore how a credential holder s demographic information should be prepopulated into the record by a tight interface with an external database such as one maintained by the human resources department. Alarm Monitoring Explored When considering the features within the second functional area alarm monitoring it s important to understand how the end user wishes to monitor and respond to alarms and events monitored by the system. Although it is obvious that in a single workstation system all alarms must be displayed there, when implementing a multiworkstation system some type of alarm routing is needed. It is very frustrating for the badging operator, and the people waiting in line, to be interrupted by a door forced open alarm every couple of minutes. There are two basic categories in this functional area: 1. Alarms and events related to the OS, access control software, and communication with field devices 2. Alarms and events associated with door contacts, motion sensors, and other detection devices connected to the EACS In the first category, conditions such as communication errors, workstation OS alerts, and file errors should be displayed on the administration workstation and reported to the system administrator as soon as possible. The second category includes all alarms that would be considered proprietary or intrusion in nature. In a large facility these alarms will normally be sent to an alarm workstation in an area staffed 24/7 by security personnel. In a multisite facility, alarms from smaller offsite facilities would also be monitored at this security control station. In multisite facilities with A5

larger off-site complexes, more than one alarm workstation may exist. In some cases, security may staff an information desk during normal business hours. Alarm routing is a feature of the access control software that allows the system administrator to configure one or more destinations for each alarm. It should also be possible to automatically reroute the alarm based on time of day/day of week. The system operator should not be able to clear or delete an alarm until the device has reset. Another important feature prevents motion detection devices from creating hundreds of individual alarms from movement within a protected area. Alarm mapping features allow the systems integrator to import building floor plans into the EACS software and then place icons representing EACS devices on those maps providing system operators with visual cues to device locations. When an event configured as an alarm occurs, the appropriate map should appear indicating the device in alarm. The operator should also be able to select that device for further processing (such as acknowledging) along with other adjacent devices. For instance, a video surveillance camera may be located near the alarm point and clicking on the camera icon would bring the camera up on a CCTV call-up monitor. When access control software contains an interface to digital paging services, alarms and events can also be routed through this interface to one or more pagers worn by security personnel, facility managers or the system administrator. Automating Auxiliary Functions While the alarm monitoring features of an EACS software application enable the ability to define and configure ICP input points, the third functional area of EACS software auxiliary controls allows the user to define and configure ICP relays provid- EACS Software Applications Defined What follows are descriptions of features common to electronic access control system (EACS) software applications. Database partitioning Used in larger systems that span multiple sites with autonomous control. While the system administrator may access and manipulate all the system data, a system user at one site can not access system data associated with another. Alarm routing Alarms can be routed across a multisite system to appropriate system operator consoles. Alarms can also be routed based on day/time criteria sending specific alarms to an information desk workstation only while it is staffed. Alarm video call-up The EACS directs the video surveillance system to display a camera associated with a specific alarm through an interface between the two systems. Credential-holder verification The EACS retrieves the stored credentialholder s image from the database for comparison to a live image from a camera associated with an entry/exit point. Transaction verification The access control system directs a DVR to retrieve a stored series of images associated with a specific record in the EACS transaction log file through an interface between the two systems. Alarm/Event paging The EACS sends a text message to a digital pager or wireless phone through a software driver designed to access digital paging and wireless phone networks. ing output signals to auxiliary access control and alarm components. The primary output control feature allows the systems integrator to define and configure the operation of control relays that operate devices such as locks on nonreader-controlled doors or gate operators at parking access areas. Relays can also be utilized to create simple interfaces with other security management and safety systems. Examples of this type of interface include activating a fire alarm system, triggering a digital dialer or calling up a specific surveillance camera. While all auxiliary output relays may be activated from a workstation by the system operator, it is more common to automate the operation of outputs in one of two ways. In the first method of automation, the system administrator associates a time code with a physical output device to create a timed command. For example, send a relay pulse to the alarm system at 7 a.m. each weekday to disarm the building s intrusion alarm. Or turn on a relay connected to a magnetic lock on the front lobby door at 5 p.m. to lock this entrance after normal business hours. The second method for automating auxiliary outputs involves associating an input point event with an output control relay device. For instance, when a panic switch is operated in the reception area, an output control relay signals a CCTV alarm switcher to call up the reception area camera. Or when an input is received from the fire alarm system, all lock control relays activate to unlock the building s exterior doors. This functionality becomes very useful for many building management functions normally considered outside the scope of a security management system. Since the communication network is in place and the EACS has ICPs and interface modules spread throughout the facility or across a large geographic area, it becomes very easy to configure a response at one location based on an event at another. A6

Even though this functionality allows the systems integrator to create an interface between various security management systems, a hard-wired interface of this type can quickly become cumbersome and difficult for the system administrator to manage. In Part 4 of this series we will investigate integration between security management systems using digital integration. Defining System User Privileges The ability to assign access levels or credential holder privileges is an important function of EACS software. The above Edit User window examples the variety of options available in allocating access privileges for individual cardholders. Integrated ID Badging As depicted in the Common EACS Applications diagram, the production of photo ID access credentials makes up the fourth (and sometimes optional) functional area of an EACS software application. Not that long ago, video badging systems and access control systems were two stand-alone systems. Systems integrators were required to interface these systems themselves. Today, every major access control software solution has an integrated badging function. As part of the review of the end user s needs, the systems integrator should determine how many new and replacement badges will be produced per month. In a large facility, a separate workstation will be required in a location convenient for employees, contractors and visitors to have their pictures taken. In a well integrated system, when a new employee arrives at the badging workstation, their demographic information (name, title, department) should already be in the EACS database through an interface with the human resources (HR) system (see Part 4 of this series). The badging operator simply captures a picture, assigns an access level and produces the badge. While reviewing the end user s needs, the systems integrator should also know how many different badge formats may be required. Badge formats should be easy to create either by the end user or as a value- or cost-added service from the systems integrator. A typical badging workstation consists of a computer workstation, video capture card, video camera, badge printer and (in the case of encodable cards) an encoder. In addition to the above hardware costs, an additional software license or package will usually have to be purchased for each workstation. In an organization with multiple sites it s usually impractical to implement a badging workstation at the smaller, off-site facilities. In this case, the main badging workstation (and software) should be capable of importing digital photos captured at the remote site (with an inexpensive digital camera) and sent to the badging workstation on media cards or by E-mail attachment. The badging operator produces the card and returns it to the originating facility. This simple feature eliminates the need for employees to travel between sites to obtain an ID badge, saving thousands of dollars in lost productivity. If the access control system will operate across several operational areas, the end user may not want a system operator at one facility to have access to credential holder records, access levels and time codes at another. Nor would they like an operator at one facility to unlock a door at another. If this is the case, the systems integrator will need to implement some form of database partitioning within the EACS database. This is normally a feature set of the EACS software application. In large systems the workload is normally spread out among several operators, each with a specific responsibility. In this situation, it is a good idea to implement workstations configured to perform only these specific jobs. For example, the security officer working the alarm workstation should not be able to change access levels or credential holder privileges and the badging station operator should not be able to change basic configurations or shunt alarms. This functionality is normally a software feature based on privileges assigned by the system administrator when the operator s login is created. If this is an important requirement to the end user, the systems integrator should ensure that the software provides a wide flexibility in assigning privileges. For an example of this, see the diagram above. Continue Bringing It Together As a practical exercise, review what has been discussed in Parts 1-3 of this series. Use the site survey and floor plan of American Products, Pomona Facility introduced in Part 1 of this series (download it on SSI s Web site) and begin to expand it by determining the type of operating platform you would select and listing those software features and functions that the system administrator at American Products might benefit from implementing. In Part 4 of this series we will investigate some advanced features of an EACS focusing on large DBMS issues, advanced security network communications and IT convergence, utilizing reports to better manage the system, and creating a tightly integrated security management system using digital and data interfaces. Steven Gibbs has more than 30 years experience in access control systems performing installation, system design, project management and training functions. He can be contacted at (248) 373-8469 or steve@ dvdrvtravel.com. A7

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback