Is there a cost effective way to deploy networked access control at multiple remote facilities using a traditional access control system? The simple answer is “No.”
Let’s look at a fairly typical scenario for a utility company. You have a large mobile workforce (linemen, technicians etc…) that need access to dozens or even hundreds of small remote facilities (equipment yard, substations etc…) and need to be kept secured. How do you do it?
You have some architecture choices with a traditional access control. You can either set up an access control system for each facility. That means a PC and some software. It also means you need someone to set the PC up, make sure it’s working and actually log into the PC to make any changes to access privileges. With one PC at every facility and the staff required to run around taking care of them and the software running on them the whole thing gets very expensive very quickly.
Not to mention, when a lineman gets hired or fired, someone will have to visit dozens of separate facilities to update that person’s access privileges. Miss one and you’ve got a big problem.
Well, how about a centralized system where the PCs are all networked. OK, but unless all of the remote facilities are on the same LAN, which is almost never the case, those PCs will have to be accessible via the Internet. That means giving the PC a fixed IP address, opening holes in your firewalls and re-configuring your router. That’s man weeks of a network Engineering time over 10s of separate facilities. Not only that, now you’ve got a web server on the corporate LAN. What does the IT department think of that and are they willing to do the care and feeding that’ll keep it up and going?
You could also set up a VPN for each facility so that there is secure access to each PC. However VPN configurations are complex to set up, require loads of support, and are expensive to maintain. A VPN might be slightly better way to go than the above solution but it will certainly cost a lot more.
So what’s the answer? How about an ACaaS (Access Control as a Service) ?
The key difference between a ACaaS and a traditional access control system is that a traditional access control panel is smart about card readers, door sensors, access permissions and stuff like that, but it’s really dumb when it comes to talking to the internet. ACaaS door controllers know all about how to manage readers, door sensors, locks and access rights AND they know how to talk over the cloud to centralized server. A server that can be logged into from anywhere to manage every aspect of the access control system.
So when it comes to deploying an access control system for that utility company just connect the ACaaS door controller to all of the door hardware just as you would a traditional panel BUT forget about PCs, forget about holes in firewalls, port configuration and VPNs. Just supply the ACaaS door controller with an Internet connection and you’re all set. Your networking problem disappears and the utility company has centralized remote access to all of its facilities. They fire a lineman, log into their administrative account in the cloud and revoke his permission. All of his access privileges to all facilities are disabled in seconds.
The energy, telecommunication, transportation, retail, education and other verticals are full of these low door count, geographically distributed facility opportunities and ACaaS is the only answer that makes sense for the future.