Hi. I'm an end user who is trying to install a 7-8 door access control system in a facility that houses sensitive information. No existing systems in place. There could also be a need down the line for 2 doors at a second facility (connected by VPN). My background is Engineering and IT just to give you an idea of my mindset. I started by calling in a large vendor for help and a quote. At the same time I started to do some research. And while I feel I'm pretty quick on the uptake I'm still learning.
The initial system proposed was Kantech. ioProx, KT controllers, and hosted Entrapass. Quickly I discovered this was a 125kHz solution using the Kantech's XSF protocol. Research pointed out that 125kHz proximity isn't the "latest stuff" around and many have been cracked. I eventually found myself at the proxmark community reading how they've appeared to have cracked XSF back in 2014 (or earlier).
This lead me to investigate reader/card tech and that I should be looking at 13.56MHz tech. Specifically iClass SE readers (with SIO Seos cards) or MIFARE DESFire EV1/2. I communicated that to the vendor and now the system includes iClass SE readers, KT controllers, and hosted Entrapass.
I had more questions. Specifically around Wiegand vulnerabilities. The iClass SE readers support OSDP. I'm not sure but I don't believe the Kantech controllers support OSDP, meaning it would probably be installed via Wiegand. That seems unattractive to me considering the security implications of Wiegand and the cost of the controllers. I've not gotten a definitive answer but I suspect I'm right. Meaning if I want OSDP I'm looking for a different controller now as well.
The Entrapass Web software, from what limited info I've watched and demoed, does seem nice. However it looks like the only way to use it is with Kantech equipment. So once I swap the controllers that has to be changed as well. Effectively changing the entire system that was proposed.
I feel like perhaps the problem is that I'm working with a vendor that wants to sell Kantech and/or might not be as aware of the current landscape. Kantech from what I can tell is basically proprietary. I've expressed my desire for open platforms. Perhaps the vendor just doesn't have solutions to meet those needs. But I'm really not sure how to find a company that does. I need a vendor to install and support this and a burglar system. I need to nail down something quickly and since I don't have a lot of experience in this area I don't really know who to reach out to in the area.
This is my list of wants that I've compiled after a week or 2 of research. Probably more but these seem to be the difficult ones;
1) Card/Reader Security (HID Seos or DESFire EV1/2)
2) Reader/Controller Security (OSDP or whatever)
3) Alarm integration (putting in burglar alarm as well)
4) Good video integration options (not doing video right now)
5) Open platform, don't like vendor lock
6) Mobile credentials (user can unlock with iOS and Android phones)
7) Active Directory integration would be big plus (user/group sync)
8) Multi-site support
9) SaaS (hosted) is also nice although not AS critical
This is what I've come up with;
Readers: HID iClass SE
Cards: HID Seos
Controller: Mercury, HID Edge/VertX, Axis A1001 (THIS article was very helpful)
Software: ??? (Genetec, Brivo...)
From what I've gathered Mercury controllers are very popular. OEM panels for various systems and work with a bunch of software. I'm not really sure what software makes the most sense though. If I'm reading correctly it sounds like Brivo has opened up to non-proprietary panels like Mercury. And that they support Active Directory integration. Genetec sounds like it works with all the open controllers, which is cool, and is releasing a hosted solution.
Am I being an annoying customer by picking apart the solution proposed by the vendor?
Does it sound like I'm on the right track for getting a solution that conforms to current industry standard?
Lets say I want a solution with Mercury and Genetec (or Axis and Genetec), how to you go about it? Do I look for Genetec "installers" or "Axis" installers? This seems more difficult compared to calling in a vendor that proposes a "proprietary package".
Sorry for the long winded post and thank you for any help you can impart.