The pros and cons of networked security systems.

Oct 1, 1997 12:00 PM, BILL BLISS

As the communications industry explodes with new technologies that tie together security devices, buildings and computers, expanded options bring opportunities and challenges to security directors and system providers. On the Internet, you get instant multimedia information on virtually any subject. Downloaded information can be passed on to others with a few keystrokes on a laptop or desktop computer. Network security is a field unto itself, but there are problems besides data dabbling and corruption that need to be considered when using new communication technologies in conjunction with access control and alarm equipment.

To take full advantage of the new technologies, today's security director must understand networks. Working closely with the corporate information systems manager is one way to begin. Furthermore, there are many types of networks and new ones being developed every day. Today's security director must work with other departments to take full advantage of a corporate communication network. Using the network can provide significant cost savings when installing an electronic security monitoring system.

Networks have evolved beyond bundled wire. Now, many networks use fiber-optic cables, coaxial cables, microwave and satellites. Often, networks are a combination of all of the above. Let's consider the pros and cons of using a network to connect a security and access control system.

The pipeline of information

Think of a network as a big pipe that runs around your facility. The pipe can jump from one building to the next; it is, in effect, a data pipe. Data such as alarms and access control events can be put into and pulled out of the pipe at any point along its length. If your pipe is so designed, you can put in video and pull it out wherever you like. An advantage of using this type of data transmission is being able to connect all your facilities and centralize all your alarms by simply getting on the existing corporate pipe. Manpower can be used more efficiently; protection of facilities can be enhanced.

But there are several problems with the pipe (network). In order for it to work, computers must manage the data that is fed into it. Computers are like pumps on the pipe, telling the data where to go and the best way to get there. Like pumps, they sometimes need maintenance. When the pump stops, data stops flowing. If you have alarm and access control data in the pipe, and it does not get to the proper place at the proper time, it can be a big problem - particularly if a critical alarm is not acknowledged and responded to appropriately. Therefore, depending on your system requirements, there must be a backup or alternate path for critical alarms and data.

The next problem is that sensitive security data can get mixed up with other data on the pipe. It could be picked up by unauthorized people and used to defeat the security system. Network managers can devise ways to prevent this, and it is an important point to consider.

The network industry, just like the piping industry, has standards. Network standards describe how to package and send data. A common and familiar form of network - an ethernet - defines how and how much data must be formatted when you connect to the pipe. The pipe is only so big and it will only hold so much fluid, and the fluids should not be mixed up. Fortunately, standards are dictated in software and hardware packaging devices.

The interface is the rub

The security director's or system manufacturer's problems start when the network is interfaced or married to a security system transmission system. Traditionally, security system manufacturers have designed their equipment to work on their own wiring or network. In addition, well-designed access control and security systems have line supervision, which tells the central monitoring point that all the remote devices are up and operating; when they are not, a signal is sent to the central monitoring center. These supervisory signals occur in fractions of seconds. If the security system equipment is working over a corporate network that is also checking data, the two supervisory techniques must be integrated. System suppliers should work closely with the network people to accomplish this goal.

It is easy for most equipment manufacturers to do so when they are using multiple work stations. A work station consists of a computer, a monitor, a keyboard and perhaps a printer. Each work station is just another computer on the corporate network. The network gets a signal from the host security computer and sends a message to the appropriate security work station. However, alarm data from alarm input devices and access control equipment have dispersed intelligent controllers, devices that perform local transactions for the card access control events and sometimes control actions when there are alarms. Dispersed intelligent controllers can also send alarm and access control data back to the host computer over the network. The host monitors the alarm data from the dispersed intelligent controllers and determines what action needs to be taken. It then sends an action message to the work station monitor that is programmed to receive the action message. Monitoring personnel can then respond appropriately to the event.

Handling multiple sites

It all works well when the corporate network is working or the system is in one building. But what if there are multiple monitoring work stations in different buildings, cities, states or countries? The problem becomes more complex.

The architecture of most security systems of this type uses two interfaces to the corporate network or piping system: one transmits data from the dispersed controllers to the security host; and one transmits data between the monitoring work stations. The work stations work on a conventional computer network, i.e., they are computers talking to computers. In most manufacturers' systems, the data transmitted from the dispersed intelligent controllers or alarm inputs must go through the security host computer and across the network to get to the work stations where monitoring personnel are watching. Designers may have envisioned their system being used only in one building or in a simple complex of buildings, and, perhaps, they wanted the transmission of alarms and access control events to be electronically supervised. Keeping the cost of equipment low was also probably prime in their minds. The difficulty occurs when security directors want to use the corporate network to monitor the system in several different places and provide security and access control in multi-building complexes or large buildings with a high degree of reliability.

For example, suppose there is a corporate monitoring center where the security host computer is located. All alarms and access control events come back to the host location from all remote buildings. All card access control and alarm response data is entered at the host location and downloaded to the dispersed intelligent controllers over the network. Now you add a 24-hour guard post in a remote building to the system. You put a work station in the guard post to monitor all the alarms and access control events in the area for which the guard post is responsible. Most people would assume that since you have dispersed intelligent controllers in the area to take care of access control events and alarms, the local work station would display alarm responses even in the event of network or system failure. Surprisingly, this is not the case. Remember there are two separate network transmissions taking place, and since there has been a network failure, the alarm data cannot be sent to the security host by the dispersed intelligent controller on its own network and then back to the 24-hour work station over the computer work station network. No alarm will occur at the 24-hour guard post. If the monitoring personnel are not alert enough to see on their work station monitor a little window that reports that the network is down, they will not know if they are receiving alarms from the alarm devices in their area.

Most manufacturers take pride in the quality of their dispersed intelligent control units and how they can perform all local card access control system requirements in the event of network, host computer or wiring failures. Users should be aware of the limitation of how alarm signals are reported to the security host computer and then back to the monitoring work stations. There are system designs that can back up the alarm signals processed by dispersed intelligent controllers, but they add expense. Too often, security directors are not alerted to these integration pitfalls. It is important to work closely with IS and network staff to understand thoroughly the architecture of your security system and its limitations.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue