Down the Access Control Panel & Reader Rabbit Hole
Examining new access control panel technologies and looking at the pros and cons of open and closed architecture.
The humble access control panel, diligently humming along in an IDF closet, or tucked above a ceiling tile in a forgotten place, quickly and silently making access decisions, working in concert with its card reading brethren. These are two pieces of an access control system that are easily forgotten … until there is a problem. Pieces that can make or break a system, and often don’t get the thought they deserve in the design process.
There are two major camps on access control panels and open and closed architecture.
Open architecture panels, like those offered by Mercury Security, Axis and others, help software manufacturers speed development by taking away the burden of hardware design. There are benefits for the end users of these systems as well, allowing for migrations between software vendors, for example, during a merger or acquisition, or move from a mid to enterprise-size system.
However, having an open architecture isn’t all sunshine and puppies — it can leave the integrators and end users in a difficult position when there is a bug or cyber vulnerability.
The software manufacturer takes on responsibility for both hardware and software support as the reseller, but there are cases where an underlying function in the hardware is broken or insecure, which then requires the hardware manufacturer to resolve.
This back and forth can take time for all parties to identify the issue, fix and validate operation, all the while we are left to reassure the customer that a fix is coming, we just don’t know when!
Closed architecture panels are those that the software and hardware come from the same manufacturer, such as Software House, Openpath, AMAG and others. This helps the integrator and the end user as there is a single point of contact for support, or as we lovingly refer to it in the industry as “one throat to choke.”
A closed architecture allows the manufacturer to keep close control on feature and bug fixes, as well as provide expedited testing for new releases or vulnerability patches. Just as open architecture has some drawbacks, so does closed source, mainly being locked into a single vendor for software and hardware. A platform change would require swapping out all components of a system, including all control panels, which can get very expensive, very quickly.
Just as we have open and closed architecture in the access control panels, we have it with card readers and card technology. There are many different technologies available, and all have their fit in the marketplace. Any integrator who has had to put a reader on a turnstile in a large multitenant building knows the challenges that come from finding that golden reader for three different technologies and five-bit formats.
Understanding the difference between all the flavors of 13.56MHz credentials can be daunting for even the savviest integrators but is another factor that needs to be discussed with the end user to define needs for a credential to set the stage for a reader.
Knowing that there are security and ease of use benefits from using a closed card technology, like iClass SE or SEOS, which make reader selection and installation easier on both the end user and the install crew, may outweigh the desire for manufacturer diversity.
Open standard cards do come with some additional complexity for both the end user and the integrator, as those encryption keys must be managed on readers and credentials, but it allows for flexibility in card and reader sourcing.
The last piece in the reader and panel selection is communications between the two. This needs to be OSDP, full stop. An integrator can put together a super secure installation, and then wire the readers with Wiegand and toss it all out the window. Wiegand sniffing and playback has become so commonplace that there are commercial products that are marketed to penetration testers and YouTube videos showing their use. Do a quick Google search for ESPKey and you can see for yourself why we need to get off Wiegand.
The access control marketplace is constantly evolving, with new players entering, and the titans introducing new panels and features. As everything is moving toward IP for communications, it will be interesting as we start watching the shift to centralize the device control, with VM’s or docker apps taking the place of intelligent controllers.
New technology features like OSDP transparent mode can help with securing the overall installation by moving the card decryption and identification process from the reader to the panel. Bluetooth credentials are becoming more and more commonplace, but are still limited to closed architecture. An open architecture mobile credential could really shake things up.
Open or closed architecture? Red pill or blue? A case can be made for each side, and they are both strong. Market diversity is going to keep this fight alive forever, and it gives us, the integrators, options to help solve the needs of our end users. Become the trusted partner and explain both sides to them as design considerations are being discussed.
Jim Cooper is Vice President of Technology for Integrated Security & Communications.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!