Sunday, March 26, 2017
PoE Access Control Systems
Is PoE technology a viable solution for your access control system?
Power Over Ethernet is being widely advertised as a panacea for access control system users. Certainly we have all looked forward to the day when a single network drop at the door will satisfy all of the system wiring requirements between the controller and the doors. One simple cable that will replace the multitude of cables currently needed for reader communications, request to exit, door position, and lock power.
As is commonly the case, along with technology that is new to our industry comes advertising claims and counter claims by various vendors each vying for a prominent spot at the top of the tech-tree. This paper will address this emerging technology, the standards that guide it's implementation, and the claims that warrant further scrutiny. Its focus is to help you sort out what is viable in real world applications and what is advertising hype.
The Objectives of PoE
The primary objective of any PoE system is to reduce costs. The technology was designed as a solution for the implementation of various network appliances in applications where it would be too expensive or inconvenient to provide a separate power supply and wiring. It is commonly used to power wireless network access points, remote network switches, and IP telephones. Stringing wire throughout a building for a proprietary access control network has long been a cost prohibitive proposition and often the most expensive part of the total system. Certainly if any system commonly found in today's modern building needs an alternative to hardwired devices, it is the access control system.
Cost of wire
Although not as costly as the labor needed to install it, the various combinations of wire needed for a full fledged access control system can represent a significant cost. For today's typical system you will need a 6 conductor, 22 AWG, stranded, shielded for the reader; a 4 conductor, 18 AWG, stranded for lock power; a 2 conductor, 22 AWG, stranded for door position; and a 4 conductor, 22 AWG, stranded for request to exit. The outer limit for this wiring architecture is usually 500 feet and is often pushed to that limit. The advent of modern customized bundled cables allows the required combination of conductors to be incorporated into a single cable which makes installation much easier but can still represent a significant cost. By injecting power onto the readily available, commonly installed CAT 5 or CAT 6 cable, PoE promises to bring down the cost of installation.
Cost of labor
If you have ever been on the pay check writing, or even cost estimating, end of a security system installation contractor you clearly understand that labor will represent the bulk of the costs associated with providing today's systems. The installation of wire is responsible for the lion's share of those labor costs. A "rule of thumb" that has long been used in the industry is the 60/40 rule. This rule states that roughly 60% of your costs will be in labor and the remaining 40% will be in equipment costs. To the extent that this rule is true, innovative alternatives such as PoE can dramatically reduce the overall cost to the end user for these security related systems.
PoE System Components
Along with the CAT 5 (or better) cable infrastructure, a basic PoE system will consist of powered devices (PD) and power sourcing equipment (PSE).
Powered Devices: An example of a PD is PCSC's Fault Tolerant (FT) access control system door interface module (DIM). The DIM is installed away from the Master Controller (MC) and near the associated door. Through the DIM, power is distributed to the reader, door locking mechanism, and request to exit device (REX). The door status switch and and REX status are also monitored by the DIM.
Power Sourcing Equipment:
This switch was designed to meet the below detailed IEEE P802.3at specification and specifically for networks consisting of IP video cameras and other security related devices.
PoE - IEEE P802.3af - 2003f: Since 2003 the applicable IEEE standard for PoE has been P802.3af. This standard calls for a maximum allowable 12.95 watts of power per port and allows the use of CAT 3 cable. As PoE has become more popular, more and more devices have been designed for its use. The power limitation of this standard has stifled the device manufacturers ability to meet the demands of the marketplace.
PoE Plus - IEEE P802.3at
The new PoE Plus (or Hi PoE) standard is nearing completion and is expected to be ratified soon. Switch manufacturers are already producing switches that conform to this standard, at least to the extent that they can anticipate the final standard's requirements.
It is important to note that PoE Plus requires the use of Cat 5 (or better) cable. The eight wires of CAT 5 cable verses the four wires of CAT 3 allows more power to be transmitted.
Draft 3.0 of the new AT standard, dated March 2008, states that the maximum current will be nearly twice the current allowed under the AF standard.
One objective of the IEEE P802.3at Task Force was to ensure that PoE Plus will operate in modes compatible with existing requirements of IEEE P802.3af. This is good news for forward thinking companies that have already made a significant investment in PDs designed to the older standard. Another objective of the Task Force requires PoE Plus PDs, which require a PoE Plus PSE to provide an active indication of that requirement when connected. This will alleviate the inevitable problems caused by connecting PDs designed to the new AT standard to PSEs that comply only with the older AF standard. Conversely, PoE Plus PDs that operate within the more limited power range of P802.3af will work properly with 802.3af PSEs.
Power requirements for PDs vary according to the device type, manufacturer, load, cable length, and other factors. Our example PD, PCSC's FT system DIM, requires 200mA at 12vdc or 2.4W. A typical door locking mechanism may require 500mA at 12vdc or 6W. A REX sensor may require another watt. A card reader may require 3W. Even without allowing for environmental factors and cable length, a fully loaded access control system can easily start to approach the upper limit of the older AF standard.
Powered Device (PD) at the door / Required Power
Door Interface Module (DIM) / 2.4W
Reader / 3W
Lock / 6W
Request to Exit (REX) device / 1W
Total / 12.4W
One of the biggest advantages offered by the PoE infrastructure is the inherent ability to facilitate system wide power back-up. If your system is PoE based, then backing up power for the entire system is simplified. Employing an emergency generator or a network UPS will ensure that the access control system continues to be fully functional during a power outage. Legacy systems typically employ battery back-up techniques that fail to provide sufficient power for critical components such as door locks or request to exit devices.
Security for the Security System
When considering PSEs for PoE based security systems look for features that will provide protection for the system that protects your facility. Temperature will greatly affect the performance of your PoE system. AFI's C10e switch, for example, provides local and remote environmental sensing and alarm generation. If a fan fails and your PoE switch is overheating, you want to know about it immediately. A good PoE command center will also have the ability to constantly poll activity on the power output ports to establish trends and anticipate problems.
Caveat Emptor: An important concept to recognize when considering the deployment of a PoE network is that of power sharing. This concept has largely been ignored by PoE marketeers. Simply stated, power sharing is when the total power available from a PSE is shared across all of its ports. So if the PSE delivers 12.95W of power and 9 or 10 watts are required on each port, your PSE will only power one port. The slight of hand that the industry marketing fails to acknowledge is that yes, while you can power your access control system with an older IEEE P802.3af PSE with 12.95W of available power, they don't tell you that you'll need a switch for every access control door in the system. Not every pre-IEEE P802.3at switch employs the power sharing principle, but it is something that any potential PoE system user needs to be wary of.
Today's Switches: Newer systems, such as our example of American Fibertek's Commander C10e switch do not utilize this methodology. Each port can be configured by the operator to deliver a specific class of power. This ensures that your purchase of an 8 port switch will enable you to power the PDs required at eight different doors if needed.
PoE is quickly becoming a viable alternative for access control system designs. Network switch manufacturers, like American Fibertek, are producing power sourcing equipment (PSEs) designed specifically for our industry and at least one access control manufacturer (PCSC) offers PoE capable powered devices (PDs) for their new Fault Tolerant (FT) access control system.
Well designed PoE based access control systems will:
1.) Utilize PSEs that avoid power sharing across the various PoE ports of the device.
2.) Comply with the new IEEE P802.3at standard including CAT 5 or better cable and Hi PoE power availability.
3.) Incorporate a cascading technique that employs smaller switches in a distributed architecture.
4.) Consist of PDs that have been designed and tested to meet the PoE Plus standard.
5.) Incorporate power back-up systems that keep the access control functioning during a power failure.
6.) Have built-in protection features that help your security system stay secure.
The long awaited panacea for access control systems may very well be a reality given the new, soon to be ratified, IEEE P802.3at Power Over Ethernet specification. Be careful when looking through the marketing hype to identify those access control system and PoE device manufacturers that understand and conform to the developing industry standards.
Friday, March 17, 2017
Dual Network Interface DVR and NVR Benefits
NVRs / DVRs that have dual NICs. If you don’t understand “dual NIC”, what I mean is that it has 2nos Ethernet ports (LAN Port). Customers are wondering what is the need for two NIC cards in the back of the unit. To answer the question, “What is the reasoning behind the two Ethernet ports (NIC) on my NVR?” there are three advantages to having these dual NICs. Based on the network you have, or want to have, you may not be interested in any of these advantages. Let me be clear when I say just because your NVR has them you do not need to occupy both NICs. However, if you are going to use only one Ethernet cable make sure it is plugged into port# 1. That being said, the general advantages for Dual NICs are Multi-Address, Fault Tolerance, and Load Balance. If you do not know what these mean don’t feel bad, you will have a better understanding once you finish this article.
First of all, allow me to explain what Multi-Address means/does. Multi-Address is a tool to have two different IP schemes connected to your NVR, obviously your main network will be for the NVR and will plug into port# 1, then the reasoning for port #2 will be for a switch, whether it be PoE or not so your cameras and NVR will not be on the same network. The advantage to this is the NVR will be on your everyday network, and the cameras will be on a separate network. So if you have a 32 channel system and don’t want 32 IP cameras bogging down your main network you can have them separate from the NVR on the main network but still be able to add them with no problems.
First of all, look at the bottom picture, this just shows you that the NIC on the left is port #2, and the NIC on the right is port#1. So in my demo, the white cable will be my main network going to the NVR, and the yellow cable will be my secondary network that plugs into the POE switch for my cameras. The other two pictures are showing you the configurations you will need to make in the network tab. The top picture being the main network in “Ethernet1” configured as “Multi-address”, with a gateway of 192.168.1.1 and an IP of 192.168.1.108. The middle picture is showing you the secondary network for the cameras in “Ethernet2” configured as “Multiaddress”, with a gateway of 192.168.2.1 and an IP of 192.168.2.106. It is crucial that the two networks be configured with different gateways and IP’s, otherwise you will cause a conflict and this will not work.
Another thing you will need to know is when you go into “Remote Device” and try to add the cameras while they are on the secondary network, keep in mind the “IP Search” WILL NOT find them. You will need to do a “Manual Add” and when you do so the gateway will be 192.168.2.1 and the IP address will be 192.168.2.? whatever you configure. As long as you follow those simple steps you will be good to go.
Now, the second advantage to the dual NICs is something called Fault Tolerance. In simple terms, you can have your NVR wired to two different switches on your network. The benefit to this is if one switch goes down, the NVR will swap over to your secondary switch, letting your NVR remain operational. So say you have switch “A” wired to the first Ethernet port of the NVR and switch “B” wired to the second Ethernet port. Switch “A” is going to be your primary switch, where your NVR will pull its connection from all the time. Switch “B” is going to be your secondary port, where your NVR will pull its connection from if switch “A” was to go out. The way you configure this is extremely easy. In the network tab you will need to change the “Network Mode” to Fault Tolerance. Once you do so you will see that “Default Card” changes to “Primary Port” and that is where you will configure switch “A” to be your primary switch and switch “B” to be the secondary switch. After you make those few simple changes you are all set. If for some reason switch “A” goes down, switch “B” will kick in automatically, allowing your system to remain operational. The picture below shows the jump from switch “A” to switch “B” happening, how quick it works, and you do not have to do anything. Look at where the ping is going steady, then I disconnect the power from switch “A”, you see it timed out once, and immediately switch “B” kicked in and the ping remained steady. This just goes to show you how quick the NVR does this by itself, no command necessary from you.
The third advantage to having dual NICs is a little something called Load Balance. This means exactly what it sounds like, it is balancing the load on your network. This configuration will require a piece of equipment that we do not offer, something called a managed switch. The managed switch manages the load on your network and keeps the balance nice and steady. So, if your network is being bogged down, the manage switch will take things from your main network and switch it to the secondary network, so your connection never loses its strength. Now, the configuration starts the same way above. Change “network Mode” to Load Balance and set port#1 to be main and port#2 will be secondary. Also, say you do not want to buy a managed switch and so you think load balance is useless to you. You are wrong, there is a way you can still use the configuration. Each NIC is 1Gig of throughput data, if you set network mode to Load Balance that combines the NIC’s and now you have 2 Gigs of throughput data. There are a few things that make that worth your while. You can increase the resolution of your IP cameras and you can increase the bandwidth of the cameras. I’m sure there are quite a few more, but I will keep it as simple as possible. Those are all the things that are beneficial to you with the NVR’s with dual NIC’s. Hope this was helpful.
Sunday, March 5, 2017
Access Control in Education Sector
Controlling access to school campuses and buildings is an important issue for school administrators. They need to maintain a user-friendly, welcoming school climate while ensuring that the facility is safe and secure, both when school is in session and when the buildings are unoccupied.
What is access control?
Access control provides the ability to control, monitor and restrict the movement of people, assets or vehicles, in, out and round a building or site.
Access control is essential for all businesses to protect people and assets and has the added benefit of being expanded from controlling, for example, a single entrance door, to a large integrated security network. There are also huge potentials in terms of integrating HR and other systems, such as Time and Attendance, Visitor Management, ANPR, Fire, Intruder and CCTV, which can cut costs and streamline administration costs.
What risks does the average ofﬁce face and how can these be countered by access control?
Electronic access control systems are increasingly being used to enhance safety and security in educational establishments.
The average educational establishment has a transient population with many high value goods such as computers and IT equipment, not to mention the personal possessions of staff and students, which are extremely attractive for thieves.
Access control systems are all designed to allow access only to people with the necessary authority to ensure that goods and people are protected.
Educational establishments have a duty of care to provide a safe environment for pupils and staff and the application of access control can therefore help manage known or anticipated threats.
Generally systems comprise three component parts:
1. The physical barrier – to physically restrict access to a building or location via such methods as:
• Doors: secured by either a electromagnetic or strike Lock or can be revolving or sliding.
• Turnstiles and speedgates: designed to limit access to one person for one card presented.
2. The identification device – There are a number of different technologies used to identify users of an access control system, such as:
• A proximity card and reader using RFID – cards can either work at a short read range or a long read range.
• A smart card and reader.
• A swipe card and reader.
• PIN pads.
• Biometric (fingerprint, iris scanning).
3. The door controller and software – The door controller and software are at the heart of the system and are used to decide who can gain access through which access point at what time of the day. These can vary dependent on the size of the system and how many readers or sites you are trying to control from one point.
Some of the options include:
• A standalone door controller linked to a single door with no software.
• A number of door controllers all linked together to a single PC to control one site.
• A number of sites all interlinked together over a wide network area.
What added beneﬁts can access control systems bring to educational establishments?
Protection during school hours is paramount, and the following added benefits come from access control:
In an environment where visitors can blend in with the staff and pupils, the use of PC and computer networks should be considered. These systems can print photographic ID and allow access to be restricted to certain areas within the office. Moving to a software solution for visitor management is an easy and inexpensive solution and can provide a number of added benefits.
The system was designed to ensure the smooth operation of a 100,000 square metre complex, spread over five buildings with both students, staff and visitors accessing the different facilities sometimes at high volumes. A Smart Card system was developed which provides not only access to designated areas, but also allows all sites to be linked via a modem, allowing administration from a central point.
Automatic Number Plate Recognition
For college and university sites where students may be driving in and parking onsite, Automatic Number Plate Recognition may be a viable option. To monitor the entrance of vehicles on site, CCTV-style cameras and computer software can be used to identify number plates of vehicles. Some systems can also store photographs of the driver and vehicle for subsequent analysis. This sophisticated software allows critical information to be passed to the police to assist in the pursuit, identification and capture of offenders.
What key considerations should be taken into account when considering access control?
The outcome of the risk assessment for your office will determine the level of security you require and in turn influence your choice of access control system to be used. BSIA access control members and professional security consultancies can assist with this.
BSIA members go through rigorous checks before they are admitted into membership, meaning you are selecting quality companies to achieve peace of mind. Below are just some of the reasons why you could benefit from using the services of a BSIA member:
· Independently inspected to the quality standard ISO 9001 with a UKAS accredited inspectorate.
· Compliant with relevant British and European Standards and codes of practice.
· Financially sound.
· Staff vetting conducted (where appropriate).
· Technically proficient.
· Committed to quality training and development.
· Up-to-date with the latest developments in British and European policy and legislation.
Is there any legislation I should be aware of?
The Disability Discrimination Act was amended in 2005 and has significant impact not only in terms of the design of new systems, but also means that many systems may need to be upgraded to ensure compliance. This is of particular importance also for educational establishments as employees, pupils and visitors will all need to have adequate and user-friendly access to the building.
The BSIA has created a guide to help design access control systems following the introduction of the revisions which can be downloaded from www.bsia.co.uk/publications
Other legislation to be considered in relation to educational establishments is:
National minimum care standards
Health and Safety at Work Act
Occupiers Liability Act
Management of Health and Safety at Work Regulations