Avigilon Access Control Tested

By Brian Rhodes, Published Jun 22, 2015, 12:00am EDT (Research)

Avigilon aims to deliver an end-to-end solution of video surveillance and access control.

But how good is their access control? In 2013, Avigilon bought RedCloud for $17 million. However, RedCloud was a very small company that few had ever used. Plus, Avigilon had to integrate access control into their existing platform.

IPVM already has major access control reports on Lenel OnGuard Tested as well as Genetec and Milestone Access Tested.

Now, IPVM bought Avigilon's Access Control Manager (ACM) [link no longer available] Professional to find out how good or bad Avigilon is.

This quick video overviews what we cover in-depth inside:

Inside we cover these core functional areas:

Live Event Status
Mapping
Live Access Controls
Cardholder Verification
Manual Door Controls
Cardholder Management
System and Hardware Administration
Appliance and Firmware Updates
Reporting
Video Integration with ACC

The most notable strengths we found from testing were:

Easy Installing: Especially for inexperienced access installers, getting ACM up and running is simple. Unlike other systems that require building panels, hard wiring enclosures, and installing multiple pieces of software, configuration of ACM requires plugging in a few cables and setting an IP address in the software. From there, adding panels and performing configuration can be done with no previous access experience and is laid out in a logical progression of software tabs.
Strong Tech Support: There is a vital need for competent and quick support when a system potentially can endanger lives or unlock secure doors. Even compared to mature access companies, Avigilon staffs ACM with competent and knowledgeable tech support. Moreover, support is offered openly without special contracts or queuing lines to anyone who calls, unlike incumbent rivals that are very restrictive in who they will help.
Simple Cost Structure: Unlike incumbent access providers that propose elaborate software maintenance agreements or perpetual licensing, buying ACM is a one-time cost with no additional expenses beyond initial purchase.

Weaknesses

However, Avigilon lacked a number of fundamental and critical functions that are commonplace in mature systems:

Incomplete Video Integration: The biggest theoretical reason to buy ACM is tight integration with Avigilon's strong and widely used video surveillance offering. Unfortunately for ACM, the video integration is so basic end users should expect to learn and manage seperate platforms for video and access. Even beyond getting the full features of either system, searching for access events in video is a cumbersome and approximate process.
No ACC integrated access controls: Moreover, while ACM integration with ACC is weak, ACC (the video client / software) integration with ACM is non-existent unless manually configured and painfully basic even then. Information is essentially limited to alarm messages, and no door controls or ACM logs are available within ACC.
No Central Screen: Another major drawback is the disjointed nature of ACM's browser interface. Despite offering deep controls, having even the basic critical ones (like cardholder verification, live events, and door controls) available on the same display requires kludgy workarounds using multiple tabs. Mature access platforms have offered single screen management of these basic features for many years.
Popups Common: In several cases, such as the mapping window or events screen, important information from the system (ie: video and event status) is displayed in a browser popup window, which makes navigation back and forth more difficult.
No Video Overlays: While live video feeds are available, that is all they are - raw video. There is no overlay of access control information like cardholder verification or access grant status matched with video. Again, this feature has been a mainstay of other access offerings for years.
Specific Feature Licensing: Advanced features like external database integration, appliance failover, badge creation/printing and VMS integration require 'add-on' software licenses. However, the features that require additional licenses are not clearly stated. Users may find a feature they expected as part of the base appliance version to actually cost extra.

Competitive Positioning

These fundamental weaknesses block Avigilon from being competitive with mature, incumbent access control systems. On the positive side, these are things that Avigilon can and should fix / improve.

Since Avigilon is strong in video and has a deeply loyal channel, we would anticipate many would simply try to sell around this in the meantime, however, these are clearly major limitations and detractions uncommon with their professional competitors.

Version Differences

ACM is available in three Linux-based versions differentiated by install server type and total number of readers supported:

Professional [link no longer available]: This appliance supports up to 32 readers in a non-rackmountable, dual-core minitower form factor. Two versions are available, a 16 reader licensed base or a 32 reader appliance.
Enterprise: This version supports up to 2048 readers in a rack mounted quad-core server.
Virtual Machine: A 'software-only' virtualized version of Enterprise is also available, with a minimum requirement of 4 cores and 500 GBs of storage per instance.

For Enterprise and VM versions, seperate part numbers bundling reader licenses from 16 doubled until the full 2048 are available. For example, if 35 reader licenses are needed, the 64 reader version must be purchased. There is no provision to add single readers or odd numbers of licenses.

All versions support up to 50 concurrent operators, many millions of event logs, and 500,000 unique cardholders. The capacity claims are large enough to support the majority of systems, but large multi-site enterprise access projects may require more.

Supported Controllers

ACM works only with select third-party door controllers [link no longer available] from:

Mercury Security: Hardware devices running standard Mercury firmware work with ACM, including the full portfolio [link no longer available] of Interfaces, I/O Modules and IP Controllers.
HID VertX EVO: While ACM does not support the more popular single door Edge EVO Controller line, it does support the (up to 64 readers per controller) multi door VertX series [link no longer available].

For our test, we used a Mercury EP-1501 [link no longer available] that was purchased as a LNL-2210 that we initially used for our Lenel OnGuard test. Bringing the controller into ACM was not an issue, and the system worked with the controller as-is before we pushed the latest Avigilon firmware update to the device.

Browser Based

A key differentiator for ACM is that it is browser based. Unlike many access platforms that require an installed client (often charging for each client), Avigilon's platform is accessed by web browser with no additional software.

The appliance's installed software is only accesible from an IP address. Plugging a monitor and keyboard directly into the box is met with a 'lockout' screen.

Physical Overview

We take a look at the appliance itself in the short video below:

The appliance is not connected to typical peripherals like a monitor, keyboard or mouse. Instead local access to the device is locked out and all access is routed through the appliance's IP connection to the LAN. Users log in the system through the ACM webportal.

System Overview

In the sections that follow, we address the following major system functionalities with a video or detailed color commentary:

Live Event Status
Mapping
Live Access Controls
Cardholder Verification
Manual Door Controls
Cardholder Management
System and Hardware Administration
Appliance and Firmware Updates
Reporting
Video Integration with ACC
Other Integrations

Live Event Status

In the video below, we demo the primary monitoring window operators use to see real-time activity occuring in the system:

Notably, Manual Door Controls used for granting access or locking down doors is not available from this view. Only if users navigate to, or open concurrent 'Door' tabs are these controls available.

Mapping

The best general system inteface is through a user created map. In our example below, we showed how a sample floorplan can have objects like doors and cameras added for easy access:

While having a single interface displaying live activity, manual controls, and real time video is still difficult to pull off in ACM due to the multiple tabs needed, the map view offers the most features in one screen.

Broken Links: While maps offer the widest general range of features, they do not always work from the tab due to broken or dead links. An example of this is the 'Identity' feature, when clicked from the status box nested in 'Maps' is broken, but when clicking directly from the 'Events' screen the feature references a different, valid URL.

Live Access Controls

In the example below, we show how Maps can be used to coordinate access management at the door using live status and video updates:

Cardholder Verification

Clicking the 'indentity' feature does not function properly in all views. For example, the feature works as expected in the Event tab, but does not work in the Map tab.

However, when available, the popup displays identity information associated with a specific token/credential including contact info and thumbnail 'badge' ID pictures:

Even when the information available, navigiating rapidly through the popup windows will be difficult for a system with a high volume of reads.

Manual Door Controls

The biggest drawback to ACM's manual door controls is the fact they are hidden behind a tab seperated from live status 'event' monitoring. Unless multiple tabs are open and properly situated by the operator, navigiation to these controls takes several mouse clicks and seconds even with optimal latency.

Most users will find that managing more than a few doors without using maps to be cumbersome and awkward.

Cardholder Management

Creating or updating existing users is similar to using an internet search engine, and all relevant records are accessible in two mouse clicks or less. The video below details this tab:

Cardholder databases can be imported from external databases like LDAP or Active Directory, and multiple credentials (called tokens) can be associated with one user.

Users are associated with logical 'groups' that define access levels and schedules, and identity templates can be created that rough in general facility information for rapid enrollment and creation of specific cardholders.

Appliance and Firmware Updates

One of the strongest admin features (albiet seldom needed beyond initial configuration) is the ability to upgrade panel firmware on the fly ands from within the ACM interface. Insteam of taking each controller offline manually, users can trigger the process by clicking a single 'checkmark' button:

Updating appliance firmware follows the same general procedure, however the autoupdater failed on two seperate occasions for us, prompting calls to Avigilon Tech Support for fixes. In both cases, the update process hung up, and Tech Support manually rebooted the appliance remotely.

Reporting

Two seperate features are available in 'Reports'. A selection of pre-configured reports are useful for basic tasks, but 'custom reporting' allows users to edit stock forms with specific filters. The video below takes a deeper look:

For customized reports, documentation defining the available fields and how to use them is sparse. In general if general system log auditing is the goal, the pre-configured reports would suffice.

However, if customized reports are needed, especially forms manually imported into outside systems, a service call to Avigilon tech support is going to be needed. The ability to build custom reports from the ground up - not tweak existing formats - is a core feature of incumbent platforms not offered by ACM.

Video Integration with ACM

The most compelling prospect of Avigilon Access is tight integration with Avigilon's VMS. However, the linkage proved weak when configured, only displaying when manually triggered and providing rudimentary search of recorded video. Features like cardholder overlay information or live door controls are not supported:

Quering specific access events proved difficult, as no 'bookmarks' or alarm events are flagged. Instead, video is indexed by general timestamp information, so keeping clocks synced between the ACM appliance and video servers are critical.

ACM Integration to ACC

By default, ACM does not communicate with Avigilon's ACC VMS. Integrating access data into ACC is an entirely manual effort using the Alarm Gateway utility. Alarms must first be defined in ACM and then tied into ACC for access notifications and alerts. Given that none of this configuration exists and must manually be configured, actual user experience and usefulness will depend on the amount of effort in building it out.

Other Integrations

Despite the relative weakness of the video integration, ACM supports deep and nested integrations with other systems with two features not common to basic access platforms:

Collaborations: These are data integrations between ACM and external software sources include XML, SQL, Oracle, and LDAP.
Linkages: These are 'nested logic' rules that facilitate advanced features like mustering or two-man access rule (where two cards must be scanned before granting access) or even sally-ports (where two cards must be scanned at seperate readers before a sequence of doors are unlocked).

In every case, the Collaboration or Linkage is limited by the integrated system or hardware. For example, some of the advanced 'two man rule' features are only possible when using Mercury Hardware controllers and not the HID VertX panels.

System Costs

Avigilon sells ACM tied to pre-installed appliances or servers that are pre-licensed to work with a certain number of readers. Base ACM costs vary between versions, with different numbers of door licensed according to version.

We tested the 'Professional Version, 16 Reader License' which will have a street price of ~$1,700 per server.

Hardware Controllers

Per door controller cost is between $200 - $600 depending on the number of control points and model of hardware chosen, but 'per door' pricing drops with bigger volumes.

Integration Costs

The cost of integrating an ACM appliance to an ACC video server is $0, but requires an additional license not shipped by default with the box and must be manually submitted by Avigilon on request.

If ACM is to be installed with an ACC integration, the base version must be greater than 'Core', with 'Standard' or above supporting video tie-ins. If an upgrade is reqired, users should expect to pay between $65 - $75 per camera for the upgrade.

Dealer Restricted

ACM is only available from Avigilon dealers. Support and service then is limited to specific resellers.

Avigilon Tech Support

Of note, Avigilon's reputation for effective technical support holds up for it's access control offerings too. In more than four cases, our calls to tech support for reasons ranging from failed software updates to video integration problems were answered efficiently. The operators we reached by phone typically opened remote support sessions and resolved our various issues in one call.

Competitive Position

While Avigilon positions ACM as a fully integrated companion to its video management and video analytics offerings, in reality significant gaps exist. Basic live door controls and overlaid cardholder information is not supported, despite being a base feature for both Genetec and Milestone access control integrations.