Manufacturers adding 'open' products

Mar 1, 1999 12:00 PM, TINA D'AVERSA-WILLIAMS

What is the true definition of open architecture? And what does it mean for the security industry? We asked several company officials at the forefront of the slow march toward open systems.The influence of information technology (IT) departments on security systems purchasing decisions is increasing, according to Rudy Prokupets, research and development executive vice president and chief technology officer, Lenel Systems International Inc., Fairport, N.Y. "Unfortunately, many vendors claim to have open systems without clearly understanding what the phrase means from an IT point of view," he says.

What does 'open' mean?"The term 'open system' implies that every major component of the system, every communication protocol and every interface is designed according to industry standards that allow integration with other systems and components," says Prokupets.With regard to security management systems, open systems should satisfy the following minimum requirements, according to Prokupets:- The application software (front end) must be hardware-independent, meaning it can interface with multiple intelligent systems controllers (ISCs) from different vendors within the same system.- The application software must be database-independent, meaning it can interface with multiple relational database management systems from major vendors, including Microsoft, Oracle, Sybase, IBM and Informix.- The application software must be network-independent, meaning it can interface with all major network protocols including TCP/IP, IPX and NetBios.

- The application software must be peripheral-device-independent, meaning it can interface with digital/video cameras, badge printers and scanners from different vendors.In addition, says Prokupets, the most advanced open systems should provide the following capabilities:- universal I/O - the ability to interface with any external systems or devices (fire systems, burglar alarm systems, CCTV switches, personal alarm systems) through a common bi-directional protocol.- universal data import/export - the ability to move any data including multimedia (pictures, signature, fingerprints, voice, video) from/to an external file or database system with custom business rules applied to the data moved between systems without need for custom programming.- open interface protocol - the availability of a standard protocol to interface to ISCs. This is the most controversial requirement. Most of the protocol information is regarded by vendors as proprietary and not published. On the other hand, if installed field hardware is becoming obsolete, an end-user should be able to replace the front-end without incurring the major expense of replacing the complete system.

More thoughts on open architecture Automated Management Technologies (AMT), Minneapolis, offers OpenFoundation software to security hardware manufacturers and to qualifying system integrators who assemble custom systems from components. In either case, the OpenFoundation product is used as framework to develop software for off-the-shelf hardware components. The framework, based on Microsoft's COM, DCOM, ActiveX and OLE technologies, has unlimited extensibility. There are thousands of compatible components available. "The product provides transaction logging, alarm notification and alarm/non-alarm status tracking, event-response management and user access control," says AMT president Gary Larson. "It is capable of being customized to any automation-compatible object, and it can control access or log events from any object. It imposes no architectural limitations because new objects can appear at any time, bringing their own properties, methods and events. This program hosts Microsoft's Visual Basic for Applications (VBA), which is the scripting and forms-creation language built into Microsoft Office products and other systems. It provides customizable data-entry forms that can contain multi-media, pictures, maps, sound files, data-entry controls and other off-the-shelf ActiveX controls."AMT also developed Brix, an end-user-ready software system available to companies that wish to be dealers of the products. We have become our own OpenFoundation customer, and built a system ready for use in the real world. It is OpenFoundation with the data entry and alarm notification screens already defined and ready to use. It retains the flexibility of OpenFoundation but requires no integrator setup, working just as any other turnkey, off-the-shelf system."Both systems are field-hardware independent and use a plug-in 'driver' scheme to support particular hardware platforms. We currently have drivers for Mercury Security hardware (which is being used by several other systems as well) and are in discussion with other hardware manufacturers about drivers for their hardware. We are also adding drivers for CCTV and will be integrating with badging systems and a time and attendance system in the near future."

Upgrading in stagesWith experience in the integration of fire detection, intrusion protection, lighting and electrical, HVAC and other building services, Siemens Building Technologies - Landis Division offers open systems engineering for building management. Existing systems can be enhanced with components from other system generations or upgraded in stages. With the company's Landis and Staefa system family, all systems can be adjusted to individual needs - from the smallest building management system to integrated solutions satisfying building safety requirements."An open system is one that can communicate with all relevant systems in a building," says Bill Gorski, Siemens director, business development - security. "That requires integrating a multitude of protocols to communicate with systems ranging from particle counters to boilers and chillers to security and fire systems to information management systems."We perform three different forms of integration: The most basic form is contractual, involving single-source responsibility for all building systems (HVAC controls, lighting, security, fire, laboratory systems, etc.). The facility manager relies on a single vendor to manage installation and maintenance of all equipment within a building, including security."The second form, informational integration, provides a common connection among multiple systems at a single point, generally an operator workstation or series of workstations. With information integration, communications among systems is generally one-way. Systems send information to a building automation system or directly to other equipment for monitoring, reporting or alarming. Systems can respond to the input in a limited way. In some instances, informational integration may be limited to simply 'windowing' various applications on a single personal computer. "The third form, technical integration, combines multiple building subsystems (HVAC, fire, security, lighting) into what appears to building operators to be a common system. The customer gets a single view of the facility, and a common way to control it, thus resulting in reduced operator training and consolidation of operating data and diagnostic reports into one database."Open architecture technologies enable integration across systems, but are not required and not sufficient for a complete solution. In fact, using only open or standard protocol could limit a system's ability to integrate with many systems and technologies on the market."

Strategic partneringHirsch Electronics has a strategic partnership with Orion Automation. By teaming up with Orion, Hirsch benefits from Orion's level of standardization - Orion software is used with the Hirsch system. "Strategic partnering will allow more openness and better solutions for end-users," says Rob Zivney, Hirsch vice president of marketing.Hirsch places source code in escrow for clients without giving up the firmware security at the controller level. "Hirsch places a high value on integration around the database and the software level," Zivney says. "Every Hirsch system is customized for specific end-user requirements."Hirsch does not believe completely open systems or an industry standard are necessary to provide the best system solution for the customer. The end-user's driving force is a continuing need for cost-effective, centralized operations using network-level integration."Hirsch Electronics manufactures high-security access control and security management systems. In addition to conventional card access, the firm supplies keypad-based systems, including the ScramblePad reader. Security Applications Inc. (SAI), which offers open architecture applications on UNIX and Windows NT platforms, positions itself as an ally to security hardware manufacturers. "SAI's mission is to integrate hardware from multiple manufacturers," says SAI president David Swartz.

Taking a pre-fab approachThe OEM hardware of Mercury Security Corp., Signal Hill, Calif., has been successful at penetrating the security industry. Many companies are private-labeling Mercury's hardware. "There are manufacturers that develop products intended to be used as components of access control systems offered by other companies," says Frank Gastoni, Mercury Security president. "These components include a set of functions that system developers can incorporate into their systems. It is analogous to a utility truck manufacturer purchasing an engine from a vendor as opposed to building an engine from nuts and bolts. The availability of the usable component saves development time."Vendors of the 'prefab' components may work with several system developers. A system installed by one system vendor may be replaced by another, while keeping the common prefab components supported by both. This approaches the 'open system' model."

Combining openness with securityOpen architecture systems are an interesting story in the security industry. Proper security requires protected data. Security directors prefer isolated systems under their strict control, but economics do not always make this practical. Information systems managers, who are beginning to play a larger role in the decision-making process for selecting enterprise-wide security systems, want systems that can operate with other applications on common WAN/LAN architectures. They look for systems built on standard platforms such as Windows NT. They expect standard protocols such as TCP/IP for networking and control hardware that uses TCP/IP and SNMP. They prefer systems with open databases such as IBM DB2 or SQL servers.For their part, security directors want to be able to share data with human resources, badging, debit and time-and-attendance systems. They look for graphical front ends that can integrate access, security, CCTV and fire systems. The challenge is to use industry-standard protocols, open databases, and globally accepted platforms such as NT without neglecting security concerns.

Gastoni agrees: "Certainly, access to information about specific operating characteristics of a system makes it more vulnerable. Proper design can reduce the exposure."Security has been used as an excuse for proprietary hardware, operating systems and communication protocols for years, contends Greg Danahy, Orion Automation president. "This 'security' is non-existent," he says. "Any manufacturer that relies on the proprietary nature of its architecture, operating system and hardware for security is deceiving itself and its customers. We have been saying for years that most access control systems are fairly secure from outside the building, but are not even a challenge to a hacker inside the building. In our testing, we have 'broken' the security of several access control systems."Open systems can be secure if they implement encryption and authentication. By using public key encryption and authentication, it is possible to make open systems more secure than those that rely on proprietary architectures. The industry must go in this direction since such an attack is becoming more likely all the time. We have implemented many of these security features into our product."If anything is given up with open technologies, it is security, says Zivney. Hirsch's approach is a gateway Xbox using high-security encryption. Hirsch uses a documented protocol, ongoing support program for cooperation. "We don't just let anyone have access," says Zivney.

Coming in April: Industry Outlook explores the feasibility of industry-wide standards for open architecture.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue