Thursday, June 16, 2011

Wireless Access Control Components

I was responding to post on a professional networking site today and it got me thinking about how wireless access control door hardware is revolutionizing the access control industry. It’s an area of security that I doubt very many – unless you happen work for a manufacturer of these products – have given enough thought to. At first blush, wireless access control locking hardware is an obvious way of bringing down the “cost per opening” in an integrated system because; well… you don’t have to run wires to the door. Pretty simple concept, right?

Further consideration will reveal however that it goes much deeper. Wireless access control locking devices are just one part of a continuum of “at the door” security system components. This is important because the accepted cost per opening in the security industry for access control is from $3,000 to $5,000 per opening; once everything is said and done. These new wireless products – especially WiFi based products because they completely eliminate the need for additional hardware infrastructure – can cut that cost nearly in half. Certainly these new technologies are not appropriate for every opening, but if all the available technologies are deployed in the system design the security budget will purchase much more for the same price. So instead of putting access control on only the perimeter and/or high security or high use openings you can now, for the same price tag, deploy access control on many more openings. This revolutionizes how systems are to be designed.

System designers can no longer just say “this door will have access control and this one won’t” because the choices are now more complicated. The designer needs to look at each opening, consider the assets being protected, the threats and vulnerabilities associated with those assets and then apply the appropriate level of protection utilizing a whole host of available technologies and products. It only makes sense. We’ve been designing security programs and systems utilizing these criteria for years, but never applied them to access control because there were not very many options at the door.

The bottom line is that system design has become more complex but systems designed using the entire continuum of access control system components available today are much more affordable and more secure.

Wednesday, March 25, 2009

How is the recession affecting the security industry?

I used to be quite fond of saying that the security industry was relatively recession proof. My rationale was that when businesses have plenty of money they don’t mind spending it on security and when they don’t have plenty of money they must spend it on security just to keep what they have. I’m not sure I am going to say that any more.

Several electronic security equipment manufacturing firms that I am familiar with have had record low sales over the last quarter. Until about November of last year I hadn’t heard much in the way of negative news from these manufacturers, but then it seems that the bottom just dropped out. More correctly I think is that they never recovered from the usual holiday slow down that manufacturers often encounter.

I decided to run my own unscientific survey to see if I could identify any trends or patterns. First I contacted all the Southern California security systems service providers that I have close relationships with and asked them how their business was getting along in this economical climate. By far the majority responded in a positive manner and cited examples of how and why their business was not being hurt by the economical down turn. This encouraged me so I decided to expand my survey. I contacted all of the service providers I have relationships with in the Colorado market. Wouldn’t you guess, the response was almost exactly opposite. Each and every one told me tales of how their business had come to a standstill. They were just hoping against hope that things would turn around soon so they can hold on. Many had decided to skip this years ISC West Conference to save the expense of travel and the cost of being out of the office.

Admittedly, my survey was very anecdotal and subjective. There was a period of about one month between my Southern California survey and my Colorado survey. This may account for some of the difference in response. Also, one region may very well be suffering more than another.

I would be very interested to hear from you. What part of the security industry do you work in and where geographically are you located? How is, what is being called the biggest economical slow down since the great depression, affecting your business? Are you hopeful or just hunkered down for the long haul?

Let us know how you’re doing.

Steve Bowcut, CPP

Thursday, September 18, 2008

The Industry Paradigm Shift Continues

On May 19th of this year I wrote in this blog space about a paradigm shift that I have perceived in our industry. I commented on how it appears that many manufacturers of electronic security equipment are moving their focus more towards the end user than ever before. Lack of dealer loyalty, whatever the root cause, is the impetus for this shift.

This week I interviewed an insider at MDI Security Systems. This person explained to me about the new stance that MDI has adopted in which some, not all, of their projects will now be installed by their own employees. This “sell directly to the end user” model was brought about precisely by the factors that I mentioned in my May 19 post. MDI, if you’re not familiar with them, is an access control systems manufacturer out of San Antonio, Texas. MDI has been around for many years and has a very large install base of legacy systems. They have primarily, but certainly not exclusively, been successful in the Fed Gov/Military vertical market. This legacy install base acts as a catalyst that intensifies the dealer disloyalty phenomenon. High profile, especially government owned, legacy systems attract dealers looking to cash in on system adds and changes. Would be dealers come out of the woodwork with promises of new system sales, if only they can have the legacy adds and changes business too. All to often the new business sales never materialize as the dealer continues to sell his other primary equipment lines for new jobs but enjoys the lucrative legacy system adds and changes business that the manufacturer was going to get anyway, with or with out the new dealer. This very scenario has prompted MDI to decide that in certain circumstances they will sell direct to the end user and install the equipment themselves. This is certainly not the first time a mainstream manufacturer in our industry has adopted this business model, but it usually means disaster for the company. Unless you are one of the very large integrators like Honeywell, Johnson Controls, or Siemens it is nearly impossible to adopt this end user direct model. This is likely because the reaction from your remaining dealer base will be swift and decisive. Nothing will send your dealers packing to the competition like a confirmed rumor that you are now competing with them. As they jump ship you cannot replace the revenue with end user sales fast enough to keep up.

I’m not offering a position for or against this end user direct business model, but I do find it interesting that MDI has the courage to try it. It may be born of desperation, but it will be interesting to see if they are successful in this new, and possibly evermore popular, business model.

Wednesday, September 3, 2008

PoE and Access Control Systems

Is PoE technology a viable solution
for your access control system?

Power Over Ethernet is being widely advertised as a panacea for access control system users. Certainly we have all looked forward to the day when a single network drop at the door will satisfy all of the system wiring requirements between the controller and the doors. One simple cable that will replace the multitude of cables currently needed for reader communications, request to exit, door position, and lock power.

As is commonly the case, along with technology that is new to our industry comes advertising claims and counter claims by various vendors each vying for a prominent spot at the top of the tech-tree. This paper will address this emerging technology, the standards that guide it's implementation, and the claims that warrant further scrutiny. Its focus is to help you sort out what is viable in real world applications and what is advertising hype.

The Objectives of PoE

The primary objective of any PoE system is to reduce costs. The technology was designed as a solution for the implementation of various network appliances in applications where it would be too expensive or inconvenient to provide a separate power supply and wiring. It is commonly used to power wireless network access points, remote network switches, and IP telephones. Stringing wire throughout a building for a proprietary access control network has long been a cost prohibitive proposition and often the most expensive part of the total system. Certainly if any system commonly found in today's modern building needs an alternative to hardwired devices, it is the access control system.

Cost of wire: Although not as costly as the labor needed to install it, the various combinations of wire needed for a full fledged access control system can represent a significant cost. For today's typical system you will need a 6 conductor, 22 AWG, stranded, shielded for the reader; a 4 conductor, 18 AWG, stranded for lock power; a 2 conductor, 22 AWG, stranded for door position; and a 4 conductor, 22 AWG, stranded for request to exit. The outer limit for this wiring architecture is usually 500 feet and is often pushed to that limit. The advent of modern customized bundled cables allows the required combination of conductors to be incorporated into a single cable which makes installation much easier but can still represent a significant cost. By injecting power onto the readily available, commonly installed CAT 5 or CAT 6 cable, PoE promises to bring down the cost of installation.

Cost of labor: If you have ever been on the pay check writing, or even cost estimating, end of a security system installation contractor you clearly understand that labor will represent the bulk of the costs associated with providing today's systems. The installation of wire is responsible for the lion's share of those labor costs. A "rule of thumb" that has long been used in the industry is the 60/40 rule. This rule states that roughly 60% of your costs will be in labor and the remaining 40% will be in equipment costs. To the extent that this rule is true, innovative alternatives such as PoE can dramatically reduce the overall cost to the end user for these security related systems.

PoE System Components

Along with the aforementioned CAT 5 (or better) cable infrastructure, a basic PoE system will consist of powered devices (PD) and power sourcing equipment (PSE).

Powered Devices: An example of a PD is PCSC's Fault Tolerant (FT) access control system door interface module (DIM). The DIM is installed away from the Master Controller (MC) and near the associated door. Through the DIM, power is distributed to the reader, door locking mechanism, and request to exit device (REX). The door status switch and and REX status are also monitored by the DIM.

Power Sourcing Equipment: A good example of PSE is American Fibertek's (AFI) Commander C10e PoE switch. This switch was designed to meet the below detailed IEEE P802.3at specification and specifically for networks consisting of IP video cameras and other security related devices.

Given the cabling limitation of 328 feet it is obvious that a cascading technique using smaller switches (8 ports vs 24 ports) will more commonly be deployed.

Relevant Standards

PoE - IEEE P802.3af - 2003f: Since 2003 the applicable IEEE standard for PoE has been P802.3af. This standard calls for a maximum allowable 12.95 watts of power per port and allows the use of CAT 3 cable. As PoE has become more popular, more and more devices have been designed for its use. The power limitation of this standard has stifled the device manufacturers ability to meet the demands of the marketplace.

PoE Plus - IEEE P802.3at (coming soon)

The new PoE Plus (or Hi PoE) standard is nearing completion and is expected to be ratified soon. Switch manufacturers are already producing switches that conform to this standard, at least to the extent that they can anticipate the final standard's requirements.

It is important to note that PoE Plus requires the use of Cat 5 (or better) cable. The eight wires of CAT 5 cable verses the four wires of CAT 3 allows more power to be transmitted.

Draft 3.0 of the new AT standard, dated March 2008, states that the maximum current will be nearly twice the current allowed under the AF standard.

One objective of the IEEE P802.3at Task Force was to ensure that PoE Plus will operate in modes compatible with existing requirements of IEEE P802.3af. This is good news for forward thinking companies that have already made a significant investment in PDs designed to the older standard. Another objective of the Task Force requires PoE Plus PDs, which require a PoE Plus PSE to provide an active indication of that requirement when connected. This will alleviate the inevitable problems caused by connecting PDs designed to the new AT standard to PSEs that comply only with the older AF standard. Conversely, PoE Plus PDs that operate within the more limited power range of P802.3af will work properly with 802.3af PSEs.

Power Requirements

Power requirements for PDs vary according to the device type, manufacturer, load, cable length, and other factors. Our example PD, PCSC's FT system DIM, requires 200mA at 12vdc or 2.4W. A typical door locking mechanism may require 500mA at 12vdc or 6W. A REX sensor may require another watt. A card reader may require 3W. Even without allowing for environmental factors and cable length, a fully loaded access control system can easily start to approach the upper limit of the older AF standard.

Powered Device (PD) at the door / Required Power
Door Interface Module (DIM) / 2.4W
Reader / 3W
Lock / 6W
Request to Exit (REX) device / 1W
Total / 12.4W

Table 1 - Power required at the door

Table 2 shows the powered device classification defined in P802.3at. Minimum power available for PDs, factoring in cable length and environmental factors, is shown.

Powered Device
Classification Power / Available for the Powered Device

Default, Type 1 / 0.44W to 12.95W

Type 1 / 0.44W to 3.84W

Type 1 / 3.84W to 6.49W

Type 1 / 6.49W to 12.95W

Type 2 / 12.95W to 25.5W

Table 2 - Powered Device Classification

Type 1 PDs, or IEEE P802.3af devices, have a maximum wattage requirement of 12.95W. Type 2, or IEEE P802.3at devices have a maximum wattage requirement of up to 25.5W

Back-up Power

One of the biggest advantages offered by the PoE infrastructure is the inherent ability to facilitate system wide power back-up. If your system is PoE based, then backing up power for the entire system is simplified. Employing an emergency generator or a network UPS will ensure that the access control system continues to be fully functional during a power outage. Legacy systems typically employ battery back-up techniques that fail to provide sufficient power for critical components such as door locks or request to exit devices.

Security for the Security System

When considering PSEs for PoE based security systems look for features that will provide protection for the system that protects your facility. Temperature will greatly affect the performance of your PoE system. AFI's C10e switch, for example, provides local and remote environmental sensing and alarm generation. If a fan fails and your PoE switch is overheating, you want to know about it immediately. A good PoE command center will also have the ability to constantly poll activity on the power output ports to establish trends and anticipate problems.

Power Sharing

Caveat Emptor: An important concept to recognize when considering the deployment of a PoE network is that of power sharing. This concept has largely been ignored by PoE marketeers. Simply stated, power sharing is when the total power available from a PSE is shared across all of its ports. So if the PSE delivers 12.95W of power and 9 or 10 watts are required on each port, your PSE will only power one port. The slight of hand that the industry marketing fails to acknowledge is that yes, while you can power your access control system with an older IEEE P802.3af PSE with 12.95W of available power, they don't tell you that you'll need a switch for every access control door in the system. Not every pre-IEEE P802.3at switch employs the power sharing principle, but it is something that any potential PoE system user needs to be wary of.

Today's Switches: Newer systems, such as our example of American Fibertek's Commander C10e switch do not utilize this methodology. Each port can be configured by the operator to deliver a specific class of power, as indicated by signature classes 0 - 3 shown on Table 2 above. This ensures that your purchase of an 8 port switch will enable you to power the PDs required at eight different doors if needed.


PoE is quickly becoming a viable alternative for access control system designs. Network switch manufacturers, like American Fibertek, are producing power sourcing equipment (PSEs) designed specifically for our industry and at least one access control manufacturer (PCSC) offers PoE capable powered devices (PDs) for their new Fault Tolerant (FT) access control system.

Well designed PoE based access control systems will:

1.) Utilize PSEs that avoid power sharing across the various PoE ports of the device.
2.) Comply with the new IEEE P802.3at standard including CAT 5 or better cable and Hi PoE power availability.
3.) Incorporate a cascading technique that employs smaller switches in a distributed architecture.
4.) Consist of PDs that have been designed and tested to meet the PoE Plus standard.
5.) Incorporate power back-up systems that keep the access control functioning during a power failure.
6.) Have built-in protection features that help your security system stay secure.

The long awaited panacea for access control systems may very well be a reality given the new, soon to be ratified, IEEE P802.3at Power Over Ethernet specification. Be careful when looking through the marketing hype to identify those access control system and PoE device manufacturers that understand and conform to the developing industry standards.

Steve Bowcut

Monday, May 19, 2008

An Industry Paradigm Shift

For many months now I have been talking and writing about what I perceive to be a fundamental change happening in the security industry. This change may be more or less prominent in the various segments of our industry but it is certainly going to affect the industry as a whole. The shift is most evident when you remember back several years to when manufacturers could develop and then depend on a network of loyal dealers. Those of you that have been in our industry for more than just a few years will certainly remember when each integrator or service provided was identified by the products they offered. As a dealer you were known as “a Lenel house” or “an AMAG dealer” or some other way to identify the manufacturers with whom you had formed alliances. Gradually these alliances started to fade as service providers began to take on a second, then a third, and eventually many lines of equipment that compete with each other. There are many reasons that dealers have increased the number of lines they carry, and one could argue that the manufacturers brought this on themselves by trying to put too many dealers in a specific geographic location, but the fact remains that loyalty to any one manufacturer is mostly a thing of the past. Many dealers now extol the virtues of having access to as many lines of equipment as they can get, and still maintain well trained install and service departments.

The paradigm shift then takes place, from the manufacturer’s perspective, in how they get their products to the end user. More and more I am seeing manufacturers that feel it is necessary to reach around the service provider and market their products directly to the end user. They still need dealers and integrators to install and service their equipment, but they feel more comfortable pulling the business through to the dealer in a scenario that gives them much more control over what equipment is finally installed – theirs!

Service providers, on the other hand, find this new path to market to be troubling and yet an answer to their long ignored request. Dealers have, for as long as their have been dealers, asked and harangued manufactures to bring them leads. What they wanted was a qualified target for the manufacturer’s equipment, not necessarily an already “sold” end user client that has his mind made up and has a close relationship with the manufacturer. This close relationship makes the dealer nervous because it takes control of the sales process out of his hands. He feels relegated to the role of a hired installer as his position as “owner” of the long term relationship erodes.

It would be an interesting dialog to hear from both manufacturers and service providers on this subject. I’m sure the issues are much more complex than I have outlined here and the view from each side is certainly different from the other.

Let’s hear your point of view!

Saturday, April 19, 2008

CPP Exam

I did it!! For about two years now I’ve contemplated the idea of attaining my CPP designation. CPP (Certified Protection Professional), for those of you not familiar with the security industry, is offered by ASIS (American Society for Industrial Security) and is our industries most sought after professional designation. About two months ago I enrolled in a weekend preparation course offered by the GLAC (Greater Los Angeles Chapter) of ASIS. I finished the course a week ago today (April 12, 2008) and then sat for my exam yesterday (April 18, 2008).

I guess this post would have a whole different spin had I not passed the exam, but I did. CPP is attained by only the top 3% of security professionals and it is not at all uncommon for someone to fail the exam their first time out. I was more than a little nervous going into the exam. It’s the type of nervous that builds over time so that by the time I sat down at the computer terminal for the actual exam I was desperate to pass and get it over with. You are allowed 4 hours for the exam and I took every minute of it. By the time a clicked “finish” I had to close my eyes and yet try to see (like when you were a kid at the scary movies) my exam results. When the word “congratulations” appeared on the screen the relief I felt was enormous.

I’d like to offer up a special thanks to Rod Mulvay, my GLAC Review Course mentor and Hank Gatlin and Mark Creighton my group team mates. It’s truly a team effort to get through the course and a supportive team makes all the difference in the world. I look forward to serving as a mentor next year.

Monday, November 12, 2007

The next revolution in the security industry

It seems to me, and I’ll welcome all opposing or supporting observations, that the next revolution in the electronic security industry is forming on the horizon. I claim no special ability to foresee the future, as is evidenced by the fact that I still own TYCO stock that I purchased in the late 90s, but I’m certain that the next revolution in our industry will be in the prevalent use of SDKs and APIs for integration of disparate systems. Technological advances such as the .NET framework and Linux OS have opened the door for the integration of computer based systems in ways that we have just never seen before. If you’re an access control, CCTV, digital video, intercom, ID badging or other building systems manufacturer you are no longer operating in a closed environment and the proprietary systems of years gone past either have or will be replaced by systems that adhere to conventional standards and protocols. Even, and some would argue especially, if you are a security peripheral device manufacturer such as cards, readers, cameras, and sensors you will need to learn to live and prosper in an open protocol environment. This is good news for the manufacturer, the systems integrator or service provider, as well as the end user. This win-win-win scenario creates, in our industry, a momentum that simply can’t be denied.

Currently, in the traditional manufacturer-to-integrator-to-end user market channel, the two end players are providing the market pressure to comply to open standards and to provide a usable SDK for development with their products. The manufacturers are realizing the benefits of having multiple third-party subsystems seamlessly integrated with their core software and hardware offerings and the end users are realizing that if they choose the right integrator they can have a customized system that meets their exact needs. The more forward thinking integrators are now capitalizing on the end user’s new paradigm and they are hiring or training their staff to be able to provide customized software development using the SDKs and APIs available from the manufacturers.

If you’re a sophisticated security system end user you have probably already figured out that if you want a specific DVR or badging system, for example, to integrate with your access control system you need to choose an integrator with software development capabilities. If you do, you’re likely to get what you want. If you’re a system integrator you’ve probably run across opportunities to provide integrated systems that required high level software integration using a manufacturer’s SDK. And if you are a manufacturer you’re probably beginning to realize that in order to stay competitive and to provide all the features and flexibility that the end user wants, you will necessarily need to open up your system to third party developers. These forces in the market require that we all use open standards. I, for one, believe that it is coming and that it is a good thing for our industry.