Access Control Door Controllers GuideBy: Brian Rhodes, Published on Mar 19, 2013
Access Control systems may have hundreds of parts, but door controllers are in the center of them all. While these devices are often buried inside steel junction boxes or hidden inside drop ceilings, they are the central component that ties everything else together. In this note, we examine controllers, their main features, and look at were they schematically fit within most systems.
Which Controller Do I Pick?
Unlike mixing and matching controllers between manufacturers is not like selecting cameras and VMS software. Unlike video systems, access control systems require proprietary equipment at the door that functions with the head end panel or server. As a result, there is no selecting between different manufacturers for controllers, but a manufacturer may offer a range of of controller options depending on the number of doors it is designed to control.
The Key to the System
Door Controllers are common to most every access system, and primarily consolidate all other devices into one spot. Every reader, sensor, and lock must be tied into 'the system' and the controller is where that happens. Whether it is called a 'controller', 'door module', or 'access computer', the controller has one function: bridge the gap between software and hardware.
While the forms the controller takes vary based from system to system, they perform the same task and are generally installed close to the door being controlled. Depending on component design, the controller may be designed in one of the following ways:
- 'Can' Enclosure Type: The 'traditional' controller a printed circuit board housed in a small electrical enclosure or 'can'. The box is typically wall or ceiling mounted above a door, and all wiring passes through knock-outs in the can to terminal blocks on the board.
- Standalone Device: A newer controller form factor, the shape closely resembles an analog video encoder or small appliance, where the terminations of all connected components are made into a self-contained box. This form factor is common with single door controllers and managed access systems.
- Combo Reader/Controller: Sometimes the credential reader is integrated directly with the door controller in a variation of the 'standalone' type. However, while offering cost savings due to decreased installation labor, this type of architecture often is a security liability, with the vulnerable controller being mounted along with the reader on the 'unsecured' side of the door.
Regardless of form factor, the features of a controller are similar. In the image below, we have marked the common 'tie-in' points between other access control components and the door controller:
In the sections below, we group and describe the primary features and common integrations of a controller, including:
- Commmunication: How does the controller communicate with the 'master panel' or server at the head end?
- Inputs: Which types of devices feed information to the controller?
- Outputs: Which types of devices are controlled by the controller's logic and system commands?
- Power: How is power handled by the controller, and how are attached devices powered?
Like video surveillance, both analog and IP versions of controllers are available and used. However, unlike video, the migration to IP has been much slower due to limited enhancement to move IP. Regardless of how they communicate, door controllers typically offer the same basic function, and connectivity is a simple buying preference for the customer.
- Ethernet: Like IP video cameras, controllers can be built with RJ45 ports so they can be connected to LANs like any networked device. However, even if a controller is networked, it may not use TCP/IP addressing and may not be accessible through onboard web-server. In some cases, ethernet connectivity is simply to eliminate running a redundant network. Also, while becoming more common, not all access systems offer controllers with ethernet connectivity and the feature is subject to confirmation on cutsheets.
Increasingly, '3rd Party' controllers are becoming popular. The manufacturers of these particular ethernet controllers sell their devices for resell by access management software companies, or as single/small system standalone devices through standard distribution or even public internet distribution:
IPVM has covered several of these IP controllers in default standalone configurations, including:
- Serial: Using RS-232, RS-485, and Weigand has been the mainstay communication method of access controllers for decades. Often, communication with other devices is handled through directly connecting devices to the controller by way of a dedicated 'cabling harness' that is manually punched down or terminated directly to control boards. Unlike an ethernet connected device, troubleshooting serial connections involve more than 'ping' commands, and chasing down issues often takes place with a multimeter or continuity tester.
Even if an access system is installed as 'serial', it still can be configured to use LAN cabling with the addition of 'Device Servers' not unlike video baluns. While these small devices cost ~$100 per end, they can be used to bring serial-only controllers onto the LAN to communicate with 'master panels' located offsite.
Integration between the Access System and a VMS system typically takes place at the 'main controller' panel that is networked much like a DVR unit is integrated with a VMS. When an access system is ethernet networked, it often is to take advantage of existing LAN cabling, to use a cloud-based 'hosted' solution, or to eliminate running a proprietary serial-type network that cannot be maintained by in-house IT staff. We look deeper at the contrast between serial and ethernet access systems in our 'IP Readers vs. Control Panels' report.
The purpose of inputs are to 'feed' information into the access system. The number and types of inputs connected to the controller vary, but all controllers accept the basic types listed below:
- Readers: The most exposed, public facing access control component is the credential reader. Usually the reader is mounted on the 'unsecured' side of the opening, and potentially exposed to bad weather, vandalism, and is vulnerable to damage. Aside from keeping the controller secure, a detached reader is configurable according to the type of credentials being read, the mounting surface, and the read range, and in most cases the reader is a standalone device connected by a 6-conductor style cable. For more details, catch our 'Selecting Access Control Readers' guide.
- Contacts: Anything from simple contact door closures to PIR Motion Sensors are connected to controllers to feed 'system status' information to the controller. For example, a 'latch monitor switch' is connected to give the access system feedback on whether a door is locked or not, and door contacts are used to feedback whether a door leaf is in the closed or open position. The range and types of sensors connected to a controller may be determined by code, but functionally are limited only to opening or closing a circuit.
- Overrides: These type of controller connections include "RTE" or 'Request-To-Exit" devices, use to manually override locks in order to accommodate free egress.
- Other Systems/Devices: Any number of other devices, including video surveillance cameras, light switches, or perimeter intrusion beams can be connected to door controllers to provide input signals to access systems. The fire alarm system is typically wired into controllers so that a fire alarm condition will override the locks in an emergency.
The purpose of outputs are connecting devices controlled by the access system. These devices traditionally are include door locks, but there is a huge range of integrations possible. We go into detail below:
- Locks: The most common output example are locks like electric strikes, maglocks, and other types of electrified hardware. An output signal interrupts the 'locked' state of the hardware to an 'unlocked' state based on a successful credential read. The controller is the device that interprets a valid read and applies logic to unlock the door.
- Sirens/Lights: Controllers can also be wired to chime sirens or energize strobes based on inputs. Annunciator can be wired to sound when a door opens, or lights can be wired to energize as someone passes through an opening.
- Other Systems/Devices: Like input connections, output options are endless, and anything from gasoline pumps, high-voltage machinery, and VMS systems can be triggered and controlled by access control outputs. A common output integration is the triggering of a surveillance camera to record an opening every time a credential is read.
The final system wired into controllers is power, commonly by way of individual power supply, proprietary power distribution unit (PDU), or by PoE connection. The type of power used by controllers is limited to low-voltage AC or DC, and in some cases may be passed-through the controller to power output connected devices.
Passing-through power to devices is a matter of careful consideration. Not all devices are designed to be powered by the controller, and in cases like maglocks the output power may not be sufficient or reliable enough to provide power. The 'power budget' passed through by controllers is often less than 650 mA, and a single maglock or reader can consume the entire resource.
Host Bound vs. Independent
The access control system often must be a 'zero downtime' system and doors must always function. In many enterprise-level access systems, the controllers function independently of the main panel even when communication is lost. This advantage means that a system will operate without interruption according to current configuration regardless if the network is up or not. Most controllers are designed to hold a quantity of transaction data in memory often into the tens of thousands of records until connectivity with the main database is restored.
In contrast, 'host bound' access systems rely on constant communication with a main panel in order to operate. The 'door controller' in these systems is not a true controller at all, but rather an 'input/output' module to tie other devices into the system.
The sizing of controllers is typically determined by the number of doors they control. Common sizes are single, double, four, and eight door models. While models supporting a greater number of doors are available, they are not common due to the cost of cabling so many doors to a single device becomes costly.
The number of reader inputs a controller supports is not always equal to the number of doors it can control. Many designers can mistakenly assume 'one reader per opening', however high security applications often require two readers - a 'read in/ read out' application that still only supports a single opening schedule or range of access levels.
In general, access control systems are steeply proprietary. It is uncommon to reuse controllers from one system to another (with notable exceptions like Axis, Mercury, and HID). Furthermore, there is a risk that existing door controllers become obsolete during the course of system upgrades. Reusing controllers outside their current generation of access system is not an option. While other devices like locks, sensors, or even readers may be reused, the controller itself is often relegated to the trash heap.
While not strictly door controllers, standalone electronic access control locksets often feature the same integrations and control available to door controllers but tied into a package that includes the lock, network interface, power supply, and even door position switches.
Increasingly, 'wireless locks' are being promoted by access companies as the least expensive way of adding networked access control to doors difficult to reach with standard wired networks.
While the door controller component may be factory integrated into the lock, it essentially is still there performing the same functions (even equipped with the same firmware) as discrete door controller devices.
12 reports cite this report:
Most Recent Industry Reports
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.