Electronic Access Control Explained from A to Z
The term access control refers to the practice of restricting entrance to a property, building, or room to authorized persons. Building access control in its simplest form is a mechanical lock and key. Electronic access control, often referred to as an EAC, uses electric locks, a card reader and access control cards (or other types of readers and credentials) and provides a way to control access to which doors an employee, tenant or contractor can enter. An access point in electronic access control refers most commonly to controlled access at a door, gate, turnstile, or some other opening, all of which are sometimes referred to as “access portals”.
Offline and Online Access Control Options
There are offline and online access control readers. Offline access control readers and locks typically are individually programmed. Online systems use computers and a database with electric locks, door strikes and card readers to provide an electronic access control management system or part of a physical access control system (PACS).
The main difference between offline and online access control systems is the real-time logging of the use of access cards or credentials and the ability to remotely program multiple doors from a central location vs. the need to program every offline card reader at the access point.
Multi-site and Multiple Building EAC
Electronic access control systems can be for a single building or multiple buildings on a property. A multi-site EAC system provides access control for multiple properties that are geographically dispersed over different cities, time zones, and even countries. Examples include multiple manufacturing facilities that may have office facilities and/or a corporate headquarters, power plants and utility substations, communication central offices and remote distribution locations, multi-site retail stores, and banking branch locations and ATMs.
An online EAC system provides additional levels of access control management by utilizing defined time schedules and reader groups that put together (time and access point location) create access levels that can be assigned to multiple cardholders and cardholder groups.
With multiple buildings, whether on a single property or at multiple sites, the EAC system will typically have building or site controllers that operate as a networked system – with each access controller having its own distributed cardholder database, access levels and time zone schedules related to the card reader access points and access control cardholders for each building site.
These network access controllers work together with information from the system “head-end” and also report the local site controller’s access control transactions. These can include the date and time of each valid access granted, denied access to voided cards, cards not in the controller’s database, invalid access attempts at unauthorized doors or attempted access at a door outside of the authorized schedule or system time zone, among others.
Better EAC System Features and Benefits
The site controllers of a good EAC system, while “connected” to the head-end, operate independent of the main computer and central database – the decisions are made at the site controller and then transaction information is sent via a corporate communication network to the head-end database. EAC system controllers that make access decisions using “distributed intelligence” greatly enhance the speed at which access control decisions are made at individual doors.
With an EAC system controller that uses distributed intelligence to make local access decisions, should that controller’s communications become disconnected (offline) from the EAC system head-end, the access controller can still intelligently process cardholder requests at card readers and locally store or buffer the access control transactions until network communications to the system head-end come back online. When the network communication is restored, the card access control transactions that occurred while off-line are automatically uploaded to the main database.
Enterprise-level EAC systems that operate on networked computer servers can support multiple remote “system workstations” where the access control system’s operation is monitored in real-time and the cardholder database management and administration is performed. More robust enterprise access control systems have standard features that provide multiple communication paths and backup communications from site controller to the head-end communications server via a cellular communications network.
Such robust enterprise class access control system head-ends can have “always-on” remote backup servers that automatically provide continuity of system operation for the system should the primary server experience network communication disruption, server hardware failure or an event that requires disaster recovery operations. At the highest level of EAC system redundant operation, changes to the system, cardholder database, and system transaction logs are updating the “hot-standby” remote server in real-time so the transition to the backup recovery operation is seamless.
What Do the Best Systems Look Like?
Elite PACS software, in addition to electronic access control, can provide multi-site intruder alarm system management, multi-site alarm system monitoring, in-house alarm monitoring/dispatch automation, remote event notifications to smartphones by email or text messages, access control ID badge creating and printing, visitor management, DVR and NVR integration including real-time access control and alarm event video display, and more.
There are few PACS manufactures that offer hybrid site controllers that provide and support intruder alarm detection and access control – using a single control panel for both functions. Best-in-class PACS site controllers also include cross-functional alarm/access control integration logic for advanced functions to provide maximum security functionality, while also doing so at lower installation expense and lower total cost of system operation.
Best-in-class PACS manufacturers develop both their own EAC software and site controller hardware giving them full control without restriction by third-parties over system feature development and protecting your investment by maintaining reasonable backwards compatibility of site controller hardware to new software releases.
Best-in-class hybrid site security controllers have modular site controller expansion for alarm input circuits and controller relays and output. They also have alarm and access control device scalability and capacity expansion without having to change the site controller hardware, providing control over multiple alarm systems and access control areas.
These hybrid site controllers also support communication to the PACS/EAC head-end through multiple network communication routes and automatic roll-over to communicate to backup servers network addresses in the event of primary server communications or hardware failure.
Site controllers at this level include remote download for control device firmware and dual-flash ROM, so firmware updates can be made without interrupting controller operation or wiping out the controller’s cardholder database. Best-in-class hybrid site controllers also integrate with wireless intruder and other alarm sensors, support wireless access control card readers with integrated locksets, simultaneously support wired and wireless card readers, and directly monitor site DVR health.
A lot of information about access control systems has been covered in this blog entry. Subsequent entries will focus on specific access control point components and their various types and purposes, sequence of operation considerations for individual access point operation, access control system architecture design concepts, and getting the most security and continuity of operation from your access control system.
Written by: Glen De Young
Glen is the Senior National Account Manager for PACOM Systems in North America. Glen’s life-long career in the physical security systems marketplace spans over 40-years with various sales positions in both the security system integrator and products sectors. Glen is a subject matter expert on electronic access control systems and their functional integration with intrusion detection alarm and security video systems. Glen lives in the state of Michigan, USA.