Over the years, I worked on different access control systems and I have come across different designs of a lockdown button system. What our company has done in the past was to use a button that talks to the access control system (through a dry contact) and have the system shut down all doors when the button is pressed. This is essentially the same as locking down a building from the software interface, but physically. While most of our customers' networks are relatively stable, I find this to be a risky design. In the event of a network loss, the building will unable to be locked down because the access control panel will be unable to communicate with the server/controller/master. I find this to be especially true for an end user that has satellite locations.
The alternative to this is to use a relay that is connected to the lockdown buton so that when it is pressed, connections between power, output on the access control panel, and the locks are killed instantly. The disadvantage of this is that the system is rendered useless when the button is pressed because nothing that is done at the software level can change the door status.
Have you guys come across situations like this? If yes, how do you design your system and why? Is this something that is inherent across different IP-based access control systems or is there a system that can handle this shortcoming?