Sun Microsystems integrates access control worldwide

Oct 1, 2000 12:00 PM, ACCESS CONTROL & SECURITY SYSTEMS INTEGRATION STAFF

Use of a universal system simplifies coordination of security needs, while saving installation and administration costs.

Sun Microsystems, a world leader in networked workstations and Internet technology, and the designer of the Java programming language, is growing worldwide at an astonishing rate. So, too, is Sun's physical size. With building, equipment and technology assets expanding into the billions of dollars, the implementation of an access control and integrated security management solution became a high priority in order to keep pace.

"I knew that integrating an access control and alarm monitoring system throughout the entire Sun organization was not going to be an easy task," explains Mike Milligan, manager of the Security Technology Group at Sun Microsystems. "The fact that we needed coordinated access throughout Sun's worldwide base only increased the challenge."

Milligan and his team established an approach based on his experience at Sun's campuses located in Mountain View, Milpitas, Menlo Park, Newark and Santa Clara, Calif. These offices - comprising a total of four million square feet - presented a challenge for any system. In total, more than 1,300 card readers are connected directly to a head-end computer; even more readers are connected through dial-up phone lines. Fourteen thousand alarm points were monitored - many linked through the access control system and American Dynamics switchers to some 500 cameras. The system, manufactured by InfoGraphic Systems, Garden Grove, Calif., had already been adapted by InfoGraphics to accommodate several requirements specific to Sun's network requirements, and had also been modified to use card readers and field devices from another access control system installed much earlier.

In order to keep Sun's security needs in step with its worldwide growth, Milligan chose InfoGraphics' Multiple Server Technology to allow the system to communicate over Sun's wide area network "SWAN," with a large number of independently operated systems in Sun offices around the world. All of these systems needed to be able to share selected database information and provide alarm routing between systems, while allowing alarms to be monitored, systems to be controlled, and administrative access allowed to any system from workstations located anywhere in the world.

Performance challenges The access control system had to offer a hot redundant, head-end server configuration, which provided automatic switchover of field devices and workstations in the event of a computer failure. The system also needed the capability to handle more than 40 communication ports at each central server, without causing the administrative terminals to slow down.

Additionally, because of the very high volume of cardholder additions, modifications and deletions, plus the immediate need to grant access to new employees and contractors, the system could not rely on simple distributed processing alone for handling access transactions. Sun had to have a system whereby the head-end could instantly handle transactions in the event any new data had not yet been downloaded to the field panels. In effect, only a "combination" architecture which featured both distributed computing - to avoid a central point of failure - and centralized computing - so that the head-end could allow "instant access" in the event the field panels hadn't received the latest data entry - could guarantee Sun Microsystems a foolproof security system.

The system also had to communicate with and support approximately 100 field panels from a previous supplier. These panels were limited in the number of access levels available, and their current capacity was insufficient to handle the increasing demands of the system administration.

Finding the right solution Sun's security management chose a company early on that could meet its requirements - the toughest of which was the need for instant access through the central database. Working with Integrated Security Control Systems, Inc. (ISCS), one of Northern California's largest integrated systems suppliers, Sun opted for InfoGraphic Systems' electronic access control solution.

This system endows field panels with the capacity to store database information for up to 128,000 cardholders. It can handle up to 16 card-readers per panel, monitor up to 175 four-state supervised alarm points and control up to 156 relay outputs.

"We were able to find everything we needed to implement our sophisticated security system with one vendor," explained Milligan. "Not only did we receive scaleable software that could be customized to meet our rapidly expanding security needs, but all of the necessary hardware came from a single manufacturer."

Installation Since breaches in round-the-clock security needs were out of the question at Sun, ISCS staff started off by installing dual-redundant head-end servers at Sun's Palo Alto location. Two Adpro industrial PCs with uninterruptable power supplies, hot-swappable RAID configuration hard drives, and JAZ drives for backup and archiving, rounded out the measures taken to ensure non-stop operation. An InfoGraphic Dual System controller supervises the two Adpro computers. It also monitors the performance of both computers and initiates a switchover to the healthy secondary system in the event that an error is detected in the primary computer. Each of the systems was provided with 60 communication ports, with expansion capability of up to 127 ports each. The field and network communications were switchable between the two computers using a T-Bar switcher.

Installation included 12 workstations communicating over Sun's own Ethernet LAN, and each workstation came equipped with the necessary printers.

The final installation hurdle involved configuring approximately 100 "legacy" panels to meet the minimum number of access groups. Despite having no access to the source code for the firmware in these panels made by a previous vendor, engineers at InfoGraphics devised a method of associating the access groups to the communications ports. In this manner, they were able to double the number of access groups available through these "foreign" panels and managed to save Sun the expense of replacing them.

Smart cards One unique modification of Sun's new security system involves the use of smart cards. Until this year, Sun had used a magnetic stripe card for employee identification. Starting in January 2001, the company will use a smart card for a wide range of administration and cash-less vending functions.

In response, InfoGraphics designed a Mifare contactless, smart-card reader to replace the existing magnetic-stripe readers. The new cards are programmed with a 3-DES encryption algorithm to ensure that they are the most secure credential available.

In order to make the changeover as simple as possible, InfoGraphics' RMSC-1 smart card reader has been designed to be compatible with the same connector and mounting hardware for all the existing magnetic stripe readers currently installed at Sun. The process of changing to the smart card reader simply involves the removal of the existing reader from its back-plate, unplugging the RJ45 connector in the magnetic stripe reader and inserting the plug into the new smart card reader. The smart card reader is then screwed back onto the existing back plate after setting a DIP switch in the interface.

The changeover is further simplified by issuing the Mifare contactless smart card with a magnetic stripe. Thus when the card is issued to the user, it can be used in either existing magnetic-stripe card readers or the new Mifare readers.

"This changeover is proving to be absolutely painless," says Milligan. "The employees are readily embracing the new cards."

Going global Sun is now well into the process of implementing the InfoGraphics' security management system on a worldwide basis. Working with other distributors in various overseas territories, Sun has now installed a large number of servers in many parts of the world.

In addition to the directly connected field panels and other field devices, each server supports card readers and alarm monitoring devices in a large number of remote Sun offices using dial-up modems, although more recently the ACU2 field panels are being directly connected to Sun's wide area network.

The servers at Sun's offices in Palo Alto, Denver and Massachusetts control all locations in the United States, Canada and Mexico.

Internationally, several servers have been installed in Central and South America. Linking these servers directly to Sun's wide area network has overcome reliability difficulties occasionally encountered with some of the South American telephone systems. The Linlithgow server in Scotland currently covers all of the United Kingdom and part of continental Europe. A second server will be installed in a facility under construction just outside London. Once completed, this new location will take over support for Sun offices in the south of England. A server recently installed in Munich controls all of the offices in Germany as well as the Nordic countries. Sun's operations in the Far East are handled by servers in Singapore and Hong Kong. And Australia is served from a location near Sydney.

In total, more than 200 Sun locations are currently controlled by the InfoGraphics security system. When worldwide installation is complete, the multiple server system will support more than 40 workstations, more than 5,000 card readers and more than 60,000 alarm points.

"This system now allows the worldwide security team at Sun to access any location from any workstation, run reports, monitor alarms, make database changes and broadcast selected cardholder data to any system when required," added Milligan.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue