Bowdoin College's fast-track, multi-technology security integration.

Apr 1, 1998 12:00 PM, Dr. Adam Thermos

The recent integration of security systems at Bowdoin College was a strange and wonderful fast-track project - so seamless that students were unaware they were using a new system for a full month before it was officially announced. This is the success story of a campus-wide, on-line, off-line proximity/PIN identification application.

The project vision

The student, staff and faculty population of Bowdoin College, a highly competitive liberal arts college in Brunswick, Maine, is less than 3,000. The school wanted a campus-wide access control and security system that would enhance services and meet the safety and security concerns of students, faculty and staff.

The project was envisioned to progress in phases. Phase one would establish the philosophy of the system, the hardware and software platforms, and the integration methodology in nine on-campus residential facilities.

The initial intent was to use many of the existing security platforms, hardware, wire runs, remote systems and other devices in a fully integrated system with a permanent policy and common architecture, which would allow the college to enter the next century with a plug-and-play modality.

The college already employed keypads and cipher lock devices in most of its facilities. There were 14 key systems with masters and sub-masters. The project would eventually break the college of its reliance on these mechanical key systems.

The target of phase one was on-campus housing, including the Old Bricks (the six brick dorms), Coles Tower and two new residence halls, Howard and Stowe.

Phase two of the systems integration, scheduled to begin in summer 1998, will target the school's in-town, low-rise apartments.

System design

Designing the system was not simple. It required an intense vertical integration of multiple technologies. In effect, the size of the school's population was inverse to the high-end technical requirements of the system.

In the end, Bowdoin College had a fully integrated, on-line, off-line system using a multi-technology card (magnetic stripe and proximity) with proximity and PIN readers operating in tandem with selectable PIN functionality at the perimeter doors, and swipe mag-stripe functionality in the interior, off-line doors.

A single database commanded the on-line system, the off-line system and the identification production engine, including mag-stripe encoding as well as proximity/PIN data, ISO data, library bar code data and off-line encoding data.

The new Bowdoin Card is a slim Motorola proximity card (the Isoprox card) with two high-coercivity mag stripes for the off-line interior door security locks and vending machines, a high-coercivity mag stripe for the off-line vending operations, proximity encoding for the on-line RF perimeter doors, as well as a bar code for the library and native campus sub-systems.

The desired elements of the system were:

* an on-line access control system to cover all main entrances of phase one buildings, as well as exterior doors of the Tower;

* an off-line, stand-alone system consisting of card access assemblies to cover 56 of the Tower suite doors in all 14 floors;

* a CCTV surveillance system to cover the hallway and tunnel entrance of the residential Tower;

* segregation of the residential Tower bathrooms per floor for security purposes and fire regulations compliance; and

* creation of a multi-service booth at the lobby of the Tower to increase security visibility, implement a sign-in process for visitors, and provide ID production, information, vending and e-mail services.

Exterior doors of the Old Bricks, Coles Tower and Howard and Stowe residence halls had been secured with keyless Simplex entry systems with master-key and building-master overrides. The interior doors had been secured with Simplex cipher locks with sub-master, building-master and master-key overrides.

The new design for this group of buildings included the installation of a top-of-the-line access control and security system on all perimeter doors, with proximity cards and PIN applications, while allowing the mechanical pin pads in the interior doors to co-exist. This configuration allowed for a double-PIN and single-card-based security envelope for each student. Special attention was given to ADA compliance with automatic door openers and portal accessibility.

Coles Tower was targeted for an immediate migration to an on-line perimeter access control system, and an all-floors, all-suite, off-line, electronic mag-stripe lock system. In addition, CCTV surveillance was introduced at the main entrance and in public spaces of the lower floors. The enhanced security configuration answered a need caused by heavy student traffic that resulted in a high concentration of incidents.

The college has an arrangement where dorm residents access Greek houses on- and off-campus. Again, electronic on-line/off-line systems were installed, in compliance with the on-campus housing standards.

The implementation

The design required placement of card reader packages at main entry points to buildings and designated high-security interior office doors.

Fire exits were equipped with door contacts, PIRs and micro-switches as request-to-exit devices and to allow detection of propped-open doors and forced entries. Security and facilities personnel retained master access privileges, with high-level clearance cards and key overrides.

The system head-end was housed in the central telecommunications room, and workstations were stationed in the housing office for ID production and system management and in the security office for monitoring and response. Student database information was eventually downloaded from the Bowdoin College database to the security computer. Existing keying policies were retained as emergency key-override policies only. Security and support personnel were issued keys for emergency system override.

The system provides clear definitions of the location, type and priority of all alarms. Security is responsible for monitoring alarm activity and responding appropriately.

The procurement strategy

Bids for the on-line system and electronics were reviewed with an eye toward minimizing vendor responsibility for final connects and system/database management.

The door hardware was pre-specified by facilities staff who negotiated directly with the hardware distributors, eliminating waiting periods and vendor surcharges.

The wiring inside the buildings was run by a local electrical contractor who worked under the direction of the vendor, which allowed maximum efficiency, since the local vendor knew the building construction and had established a rapport with facilities staff.

The between-buildings communications carrier was the college CIS/telecommunications department. The system uses existing LAN and network topology of the college network services. Issues associated with connectivity, traffic control, system capacities and other technical aspects were discussed and managed.

Visiak, a systems integrator in Westbury, N.Y., was able to provide all the recommended sub-components of the system:

* the Ilco Unican Millenium NT on-line card access system;

* the Millenium identification production system;

* a CCTV surveillance system;

* Motorola Indala Isoprox cards;

* Motorola Indala on-line proximity/PIN mid-range readers;

* Ramtech telephones with panic buttons and PBX capability; and

* the Coles Tower Ilco Unican off-line door readers.

Additionally, the telecommunications option of ethernet connectivity was accomplished via single input devices (Millennium ethernet interfaces) designed to provide direct communication between the head-end and site controllers using the TCP/IP protocol. In some buildings, black box and modem configurations were employed with the same results.

System funding

The system was seen as six independent budgetary components:

* the on-line card access system;

* the CCTV surveillance system;

* the cards themselves;

* the ID production system;

* the telephones; and

* the Coles Tower interior door readers.]

Components were funded from a variety of sources. For example, the ID production system and cards were partially funded by the ID office; the on-line and CCTV systems were funded as capital projects; the interior off-line system was funded by facilities as part of its hardware budget; and the telephones were funded partially as a capital project and partially as a telecommunications upgrade.

The sins of a fast-track system implementation

Too many cardinal sins were committed during the implementation of the project. The 70-day window was unforgiving. The selection of the off-line devices preceded the selection of the Millennium system, so the vendor came under severe pressure to upgrade from his traditional DOS platform to a Windows environment in the span of a few weeks. He did so to everybody's surprise and delight.

The full participation of the facilities management department in technology, training and purchasing of equipment made the system implementation possible, but the fast-tracking nature of the project placed a heavy burden on the working committee. Furthermore, the unpredictability of PC bios' performance in the NT environment, as well as the unpredictability of bar code fonts made the project rather interesting.

The off-line installation window was but one week long between the summer conferences and fall semester, and ID production had to be completed by mid-summer, prior to card distribution, for both the on-line and off-line systems. If it sounds like a typical academic project, it was, to the core. Probably the most important factor that kept the glue together was the cohesion of the working committee. The iron fist of facilities management chairing the project and the "we-who-must-be-obeyed" attitude of housing left little room for argument.

One of the most important requirements was that both the on-line and off-line systems could read the ISO encoding on track two and that the databases support it. The solution was to "freeze" the ISO number and add a revision code for expedient upgrade of access privileges in the off-line readers. Upon activation of the ISO number, after the vending operations kick in, the revision code will cease to exist. All individual off-line doors are upgraded with the help of a laptop.

In the on-line perimeter proximity/PIN readers and cards, the problem was the development of the database and the initial download time prior to student arrival. This did not go as planned. The system head-end and its new Windows-based system were not on campus in time for ID production, and further problems came up with the initial bar-code download, causing additional delays.

The saving grace was the PINS. In a truly remarkable fashion, and to the credit of facilities, housing and the vendor, the system was up and running - without a head-end. How? Simple. All buildings were brought on-line via their field controllers, by activating their PINS only. Since the students were used to PIN entries from the older systems, they had no trouble entering their buildings by punching the code on the new reader. In effect, Bowdoin had an access control system before the system was installed - a unique solution.

By the beginning of fall with the database in place, bar code problems under control and ID production in full swing, the students had in their hands their first true, multi-technology cards. They did not even have to take the cards out of their pockets, since upon approaching a reader, doors would open for them.

We took down the student PIN option and went with card access full speed. The PIN option can be re-activated if needed.

The off-line installation of about 56 readers and the required programming were completed within a week. In two days, all doors were also programmed and active. There were no electronic failures.

Probably the most remarkable feat was the development of the off-line system database from the on-line access control system. The Millennium system was generous enough to accommodate a system database for the off-line system using the look and feel and user-defined fields of the on-line system. No additional encoding was required, since all readers read track two, encoded during the card production process.

Bowdoin College now has a single, fully transparent, identical database for management and support of all three systems: ID production and the on-line and off-line systems.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue