Selling IP Access Control?

For video surveillance, the 'benefits of IP' have generally trickled down, even to an end-user level. When it comes to networked cameras, attributes like HD resolution, centralized storage, and common ethernet networks are all given as advantages (among others) for choosing IP.

However, for those selling physical access control, what justification do you give for recommending an IP based system over a 'traditional' hardwired or serial connected system? What attribute of IP Access systems carries the biggest weight with your customers?


The last major design I did was for an all IP access control system with "edge" controllers at the door. Two reasons: 1) this facility had a real shortage of space for mechanical and electrical equipment and there was literally no place to put centraliized controllers/power supplies; and 2) this facility will be owned and operated by multiple entities, each which may want their own separate access control systems in the future.

By using edge controllers, we can divvy up the doors between owners by IP addressing rather than through hardwiring or using some elaborate partitioning scheme. (or at least that's what I hope...:)

Thanks for the feedback, Michael!

Were all the 'edge controllers' in this system PoE powered?

Yes, controllers are POE. We are doing a dedicated security LAN for access, video, and intercom. Local power supplies at/near the doors for lock hardware, provided by hardware installer.

Not that I do a lot of work with access controls (little bit here and there), but all of what I've done to date has been with standard direct-connected setups.

To me, one of the major benefits of IP video is the flexibility it gives you in the infrastructure - no requirement to home-run every line, primarily. The ability to decentralize cabling and control. And in a pinch, the ability to simply plug into existing infrastructure, which while generally not desireable, highlights the core benefit: MORE OPTIONS in how to do things.

I see the same benefits to IP access controls :not needing to run EVERY. FREAKING. WIRE. all the way back to one central location, the ability to use existing networks (less of an issue as traffic will be negligible), and so forth. On other words, MORE OPTIONS.

Michael's example highlghts that as well - FAR greater control on a per-door/per-reader basis, and in fact, the ability to change that control on the fly, without the need for complex programming changes, or worse, physical wiring changes. Again, MORE OPTIONS.

As far as selling it to clients, I don't suppose any of this is a selling point in and of itself, other than in Michael's example. The added flexibility can potentially reduce initial installation costs, especially on larger or more spread-out sites. If they have an existing network the savings could be substantial.

I agree with reduced cabling costs and increased flexibility. Reduced costs: utilize the existing investment in ethernet. Where the client already has switches in the field you can run IP to them and rs485 to other components in that sector. Increased flexibility: with IP traffic you can use a hybrid network of ethernet cabling, point to point links and 3G modems to build your network.

The best advantage that we see for IP Access control is First - if the products can be powered over the ethernet as well. If the POE aspect of the lock controllers can also control the maglocks and door locks then this saves on electrical work required.

Second - if the access control is on the network and can integrate with other components of the building - such as lights and speakers then a policy can be created which means that sharing the network allows integration between these components. So for exmple a visitor arrives at the office. Lights are automatically turned on or increased in brightness and welcome announcement can be made through the speakers etc.

Third - With the IP Access control on the network - this can be integrated also with IP Surveillance and IP Telephony system (open and close doors from say a Cisco Phone menu after viewing mages from a camera and adding door open options in the phone's menu).

Fourth - When access control is on the IP network you can control entry to remote buildings from a central monitoring centre using video and door controls over the Broadband network with IP addressing.

It is all available right now - and with case studies at the netgenium.co.uk web site.

Most of this is installed usually by network and data installers as they understand structured cabling and POE infrastructures etc. They do not need qualified electricians for a deployment which means they can add other products into their typical bag of network and IP offerings.

The migration of PACS to IP strikes me as inevitable. Five years from now we’ll look back and chuckle at the old school serial protocols and home run configurations. When all the installers are kids who only know IP, and their buddies run IT, it may even be hard to find guys who know how to service the old 20th century PACS stuff. RS-232 and RS-485? Is there an app for that?

Can we back up and define what's meant by "IP access control" here? Are we talking "edge" controllers or are we simply talking about systems which connect to the server via Ethernet?

I'm curious who's still out there installing RS-485 based systems. The company I worked for pretty much stopped that in 2005-2006, latest. Were we really just that ahead of the curve?

Based on the pricing comparisons I've done in the past, edge systems with single door controllers are cheaper than centralized, at least if you look simply at the access hardware. HOWEVER, and that deserves all caps, because it's been an afterthought in a lot of edge systems I've seen, if you want battery backup, you're looking at either a large UPS or power supplies with batteries, adding cabling and/or hardware cost. Of course if you're using maglocks additional power supplies are often required (though I've run Securitron M62s off of HID Edges for years without issue).

All that being said, I still generally prefer the distributed system, powered over Ethernet. Installers just need to be aware of the drawbacks and potential security/life safety issues, which I don't think a lot of IT-centric integrators are.

You want IP because you don't ever want to here this:

"You want me to go into the CIO's office after I finish the VoIP phone audit and ask him for a million bucks for somebody to pull serial cables to run the door locks. I guarantee the CIO is going to ask why don't you ask the structured cabling vendor who just finished the phone install if they can handle it."

And I own 5 RS-485 USB converters all attached to Virtualbox Linux VM's and Raspberry PI's. Not an app, but quite sufficiently close to have street cred in the twitterverse.

You want the appriate infrastructure for the situation, and the default answer is IP, even when you have to explain you can only run RS-485 out to the front gate (unless they want to spend an extra $97k on that one door lock.) You have to be literate about that "default answer is IP" bit. I realize all you badass physical security people in this form know lots more than I about front gate door lock options.

Brian, (Disclosure: My Firm, The Centurion Group represents ISONAS)

IP based Access Control Systems such as ISONAS have multiple justifications for an end user to implement such as:

Reduced installation cost, no panels to cut in or extra wires.

More advanced technology, IP based readers are directly connected to the network and are able to "Call Home" from remote locations.

Strong VMS integration

Connect Directly to your existing network.

The biggest attribute customers like about IP based systems is there is no extra labor/product cost for composite wire, panels, powers supply's and transformers. I have found that most organizations IT departments typically prefer an IP based system because their buildings have an existing network infrastructure that an IP Based Access Control System will connect to with relative ease.

Hello Dan, I have a few followup questions/comments for you:

  • "Reduced installation cost, no panels to cut in or extra wires."

I still have to find a place to stick my controller and cable them together agreed?

  • "More advanced technology, IP based readers are directly connected to the network and are able to "Call Home" from remote locations."

"Advanced technology" sounds like blibbety blab sales speak. Even serial-based systems can be connected to the ethernet through inexpensive devices and are remotely accessible through standard VPN or remote access utilities. No magic 'IP-only' properties here.

  • "Strong VMS integration"

Again, this is not guaranteed by using IP based systems nor is exclusive to IP access.

  • "The biggest attribute customers like about IP based systems is there is no extra labor/product cost for composite wire, panels, powers supply's and transformers. "

I think what you mean is 'there is no separate network/cabling needed aside from an existing LAN with PoE', but calling it 'no extra cost' is not accurate since access control consumes infrastructure that would otherwise not be needed. Does that sound right?

Brian,

Every Access Control System requires the installer to "stick the reader and cable together," with ISONAS there is only (1) ethernet cable per reader meaning no extra wire runs back to a panel or power supply. No panels, modules at the door etc. are another key component to a Pure IP Based Access Control System, with ISONAS an installer can put in 7, 70 or 700 readers without cutting in any panels. When integrators install larger projects, the more panels, "inexpensive devices" and wire runs to power supply's start to add up to a typically higher installation cost.

The "magic" is in the reader, one of the main components of the ISONAS patent are the ability for each individual reader to work in local mode if the network goes down. Each reader also supply's 600Milliamps of power so that most electronic locks/strikes and some mag locks can be powered directly at the door.

Yes, there is no seperate network/cabling needed aside from an existing LAN with POE. This infrastructure cost is often very minimal due to so many end users having existing equipment/network connections available.

Seriously Dan?

Do you think these claims are exclusive to ISONAS or IP? Not hardly.

Whether you call them 'readers' or 'controllers' is semantics.

Your initial response has change from a handful of generic statements to now being an ISONAS pitch claiming that stand-alone redundancy and pass-thru power is exclusive and patented. This is not 1995, nor is this an uncommon feature.

Please do not comment further on this topic unless you bring examples supporting the advantages of IP based access, not a naively spun sales pitch of a random platform.

Brian,

These claims are not exclusive and the redundancy and pass through power are just components of their patent as mentioned before. Since you deemed my information was a "naively spun sales pitch" then please accept my apologies yet end users do care about what I listed above.

"Since you deemed my information was a "naively spun sales pitch" then please accept my apologies yet end users do care about what I listed above."

Spare us the passive aggressive response. The point is not whether 'end users' care but about whether it is distinct to your product.

Here's an example:

"Dan, why should I buy your bottled water?"

"Because AquaDan will save you from dying of dehydration."

That's a fundamental feature of water, not an individual brand of water.

John,

There are several distinct features of the product I spoke about above in respect to the question's asked. And no, other manufacturers do not have all of the same features. Your question is easy, here is the answer.

Please name one or a few IP Access Control manufacturer's that can do all of the below:

A. Handle 7, 70 or 700 readers without the use of a panel/multiple panels/module above the door and works both indoors and outdoors.

B. Do not charge for software or have license fees.

C. Supplies 600 Milliamps, .6 Amps of power at the reader.

D. Works completely POE, no need for an outside power supply.

E. Works in local mode if the network connection is lost

F. The Reader/Controller/Power is in (1) Device.

-Dan