Physical Access Control in a Box

| 0 Comments | 0 TrackBacks

Page:   1   2   3   4  Next  »

Appliance-Based PACS Challenge Server-Based Market

The word "appliance" conjures up images of sturdy tools and machines, workhorses of kitchen and garage, invested in once, then operating for years with little maintenance and not much thought.

That's an analogy vendors of physical access control (PAC) appliances find quite applicable to their products. "Our nickname for the product was 'toaster,' said John Szczygiel, executive vice president, Brivo Systems, which formally introduced its OnSite Aparato PAC appliance in June.

PAC appliances are much more sophisticated than toasters, evident in the PAC appliance offerings from Brivo, PlaSec Inc., and S2 Security Corp. Each appliance is a powerful computer in its own right, with all the features expected of a traditional, server-based PACS and then some. Yet the form does matter, because it delivers the functionality with easier implementation and lower maintenance costs than server-based systems, but doesn't require end-users to be IT whizzes or to learn new interfaces, say integrators familiar with PAC appliances. Further, these companies have built their appliances on open standards, making integration and data sharing with other systems much easier.

"This is the way security technology is going," said Tony Belotto, division manager, Hypower Security Services Inc., Ft. Lauderdale, Florida, an S2 Security Corp. authorized dealer.

Others are more cautious. "This is relatively new stuff, so it does remain to be seen how effective and successful it will be in the marketplace," said Joe Costa, CEO, Delex Fairfax Integrated Security Systems, in Vienna, Va., who has evaluated the PlaSec offerings.

PAC in the Box

Defined simply, PAC appliances are physical access control systems housed in a slim box that contains all the computing power and functions needed to run the system. The concept is popular in the IT world, where a variety of IT security functions now come in appliances, including log management, firewalls, intrusion prevention, and more.

The Brivo, PlaSec and S2 Security products are all built on the open-source Linux platform and support eXtensible Markup Language (XML). Like other IT appliances, they literally plug into the enterprise network. Security professionals then use web browsers to assign cardholders credentials and access rights. To the end user, there's no sign they are accessing a black box instead of server software.
 
Like any PACS, the appliances still require card readers and door panels. But now, the readers and panels plug into Category 5 or Category 6 Ethernet cable drops, so the appliance addresses them over the network. "That should be a lot less expensive than running twisted pair out of the electrical closet," said Costa.

Because the appliances are network-based, integrators said it's easy for their data to be backed up on various network storage appliances, or in the cloud, whichever fits the enterprise's storage policy. If an appliance was somehow destroyed, a new one could take its place, an integrator would load the saved data on it, and the system would be restored--in minutes, said vendors and integrators.

Page:   1   2   3   4  Next  »

Appliance-Based PACS Challenge Server-Based Market

The word "appliance" conjures up images of sturdy tools and machines, workhorses of kitchen and garage, invested in once, then operating for years with little maintenance and not much thought.

That's an analogy vendors of physical access control (PAC) appliances find quite applicable to their products. "Our nickname for the product was 'toaster,' said John Szczygiel, executive vice president, Brivo Systems, which formally introduced its OnSite Aparato PAC appliance in June.

PAC appliances are much more sophisticated than toasters, evident in the PAC appliance offerings from Brivo, PlaSec Inc., and S2 Security Corp. Each appliance is a powerful computer in its own right, with all the features expected of a traditional, server-based PACS and then some. Yet the form does matter, because it delivers the functionality with easier implementation and lower maintenance costs than server-based systems, but doesn't require end-users to be IT whizzes or to learn new interfaces, say integrators familiar with PAC appliances. Further, these companies have built their appliances on open standards, making integration and data sharing with other systems much easier.

"This is the way security technology is going," said Tony Belotto, division manager, Hypower Security Services Inc., Ft. Lauderdale, Florida, an S2 Security Corp. authorized dealer.

Others are more cautious. "This is relatively new stuff, so it does remain to be seen how effective and successful it will be in the marketplace," said Joe Costa, CEO, Delex Fairfax Integrated Security Systems, in Vienna, Va., who has evaluated the PlaSec offerings.

PAC in the Box

Defined simply, PAC appliances are physical access control systems housed in a slim box that contains all the computing power and functions needed to run the system. The concept is popular in the IT world, where a variety of IT security functions now come in appliances, including log management, firewalls, intrusion prevention, and more.

The Brivo, PlaSec and S2 Security products are all built on the open-source Linux platform and support eXtensible Markup Language (XML). Like other IT appliances, they literally plug into the enterprise network. Security professionals then use web browsers to assign cardholders credentials and access rights. To the end user, there's no sign they are accessing a black box instead of server software.
 
Like any PACS, the appliances still require card readers and door panels. But now, the readers and panels plug into Category 5 or Category 6 Ethernet cable drops, so the appliance addresses them over the network. "That should be a lot less expensive than running twisted pair out of the electrical closet," said Costa.

Because the appliances are network-based, integrators said it's easy for their data to be backed up on various network storage appliances, or in the cloud, whichever fits the enterprise's storage policy. If an appliance was somehow destroyed, a new one could take its place, an integrator would load the saved data on it, and the system would be restored--in minutes, said vendors and integrators.

<!--nextpage-->

Servers Out, Boxes In, Savings Up

The operational simplicity that comes with the appliance form factor directly leads to savings that integrators said are the clearest benefit of a PAC appliance.

"One of the biggest advantages with S2 is that there's no software to load anywhere," said Belotto.Thumbnail image for S2boxes.jpg He noted that with server-based PACS, with which he has more than a decade of experience, integrators must install not only servers, but also software on those and other client-owned computers. In turn, that requires purchasing appropriate operating system and database licenses, as well as ensuring the server-based PACS software works with upgrades and patches to the network operating system, etc.  "There's none of that with the appliance," he said. "It all goes away."

The PlaSec and Brivo appliances also don't require any software installation. "The IT guys are going to love it--it will go right into their server racks," said Costa. "For the security organization, the cost of ownership is less, and reliability is greater. There could be a lot of advantages."

"It's a standalone unit that comes ready to load," said Joe Atencio, project manager forbrivoApfix.jpg Key-Rite Security, a Brivo Systems dealer based in Denver, Colo. Atencio has overseen four implementations of Brivo's OnSite Aparato. "It's built on a robust platform, its life expectancy is long, you avoid the downfall of the old school--all the patches and updates. It really is simple."

<!--nextpage-->

Comparison Shopping

While PAC appliances generally all offer ease of use and robust physical access control, each vendor offers unique features and promotes certain functions.

Brivo Systems emphasizes the security and compliance features of its OnSite Aparato.  Each Aparato box has its own unique ISO 11889-compliant Trusted Platform Module (TPM) chip, explained Szczygiel. Those chips are virtually tamper-proof, according to the Trusted Computing Group.

Simplified, what a TPM chip does is correlate and confirm the integrity of a device's hardware and soft/firmware or whether something has changed.  "It secures the hardware and software together, so it makes it less likely that anyone could attack the software, put in a Trojan or virus," said Szczygiel. "You would know immediately if something like that had been attempted on the system."

Additional points of differentiation between Aparato and competing PAC appliances he noted include the box's FIPS 140-2 validated encryption of communication between panels and Aparato and authentication with panels using X.509 certificates. Further, the box's database as well as back-ups are encrypted with the U.S. federal government's Advanced Encryption Standard (AES) 256.

Brivo expects the TPM, FIPS 140-2 and AES compliance to make the box attractive to government agencies requiring FIPS 201 and FIPS 140-2 compliant solutions.

Embracing IT

PlaSec Inc., the youngest competitor in the group, albeit with a management team steeped in traditional PACS experience, positions itself as offering a "physi-logical" plasecapp.jpgaccess control system. It also embraces its potential as a key component of a converged enterprise security solution, with data from PlaSec appliances feeding into important IT security tools such as security information and event management platforms and vice versa.

To those ends, PlaSec's "Classic" and "Enterprise" access appliances are not only Linux-based, but are built on the Open Lightweight Directory Access Protocol (LDAP). The key benefit deriving from being LDAP-based is that personnel data from typical enterprise HR tools like Active Directory and identity management systems can be replicated directly into a PlaSec appliance.

Further, once a PlaSec appliance is set-up with data from a local directory, that data can be replicated to any other PlaSec appliances attached to the enterprise network, regardless of location.
PlaSecgraphiccap.jpg While noting security administrators will still have such tasks as adding physical access privileges, Costa, the consultant, calls the LDAP-to-LDAP connection and replication capabilities "a huge advantage."

"There are time savings, better security, things are going to be synchronized automatically," he said, noting he's observed many server-based systems in which cardholder data is outdated or PACS are not integrated with HR systems, so terminated personnel aren't taken out of the PACS promptly. "Having this fully integrated would certainly eliminate a lot of those issues," Costa said.

Further, he noted the PlaSec appliance is backwards-compatible with equipment most of his clients have installed, such as card readers from HID and Mercury. "They're looking to upgrade and wouldn't have to rip and replace," he said.

<!--nextpage-->

At S2 Security, CEO John L. Moss emphasizes the solid-state no-moving-parts construction of the company's appliances for medium-sized installations. He also points to the integration of the various S2 PAC appliances with other security and building systems, such as both digital and analog video, temperature sensors, multiple card readers and card formats. All the data, regardless of the originating system, is displayed via one web browser-based interface to users. The fully browser-based nature of the appliance is key, said integrator Belotto.

"On a typical PACS, I need to load software onto a client's computer [to manage the PACS]," he said. That means the PACS is accessible only from that particular PC or laptop. "With S2, you don't have that issue," he said. "Basically, it's a download via web browser. I don't have to upgrade client machines or software."

Belotto also said the browser-enabled appliances give end users flexibility. Within the limits of their enterprise access policies, they can access the S2 system on a browser on their PC at home, a laptop or a smart phone.

Another benefit Belotto cited was how easy it was for his installers to learn and be certified on the S2 appliances as compared to training and certification on server-based systems. "Within the first half hour of training, we were entering cards. Certification took two days," he said, noting that training takes up to five days on some server-based systems. "My installers love it."
  
Appliance or Platform?

We noted several large vendors of server-based PACS touting their platforms' potential "command and control" capabilities at ISC West this year, a trend also sweeping video management systems. Integrators we talked to for this story expressed some doubt as to how far traditional access control vendors will get with that strategy, especially given the advent of PSIM systems expressly designed to collect and correlate data from a vast array of business, IT and security systems.

That said, the PAC appliances offer a rich array of connection and thus convergence possibilities, made easier by their Linux-based construction and adherence to XML and other computing standards.

Just as with its hosted services, Brivo's Aparato can be integrated with traditional security tools like video surveillance as well as such applications as health club and property management systems and timekeeping and HR systems. The integration with those systems enables enterprises to accomplish such goals as controlling physical access privileges based on a customer's account status.

PlaSec emphasizes its support for the Common Event Format used by ArcSight, whose Enterprise Security Manager is a leading IT SIEM tool that correlates data and assesses threats from potentially dozens of enterprise and IT systems. At ASIS and ISC West, the company demonstrated how the ArcSight tool can monitor and log event and alarm data directly from the PlaSec boxes and potentially correlate it with events and alarms occurring with IT systems.

S2 access appliances, meanwhile, integrate with video cameras and surveillance systems, and temperature monitors; the company's most recent integration is with Exacq Technologies' video management system.

Integration in the future may also occur from PAC appliances to the cloud. Some integrators expect that PAC appliances will be a key component in helping physical security organizations get more comfortable with server-less systems, leading eventually to more physical security services and data being based in and shared among trusted clouds.

"Servers are going away," said Belotto, who noted the trend is also under way in video, as analytics, recording and even storage push to the network edge. "If you think about cloud computing, this is what it's about: nothing will be on servers."

# # # 
.

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/229

Leave a comment