May 2005

Security Systems Data Can Enable Building Automation
Hirsch Electronics
(Click Message to Learn More)

Access Control - The Missing Link?

Each building system brings its own history and lessons on the path to creating a more intelligent building. Access control has a unique perspective that can only help HVAC and the other systems as integration continues.

  Access Control - The Missing Link?
Rob Zivney, Hirsch Electronics

Corporate Enterprises Are Forever Changed With Real-Time Building Information
Ken Sinclair,
Integrated Information Technology is the New IT
Jack Mc Gowan, Energy Control Inc.
Web Services For Building Controls At A Crossroads
Toby Considine, oBIX Chairman

Content provided for May issue

Unabridged version of article

In 1996, when I left the HVAC industry and joined an access control company as VP Marketing I needed to develop winning strategies for product development.  It seemed obvious to embrace popular HVAC Building Automation System terms such as “enterprise class,”  “network architectures,” and BACnet as some of the strategies for success.  Though my company, Hirsch Electronics, did set out in those directions, successfully, I see that we have taken a different path than the HVAC industry.  Indeed, I believe the access control industry is much further along today in offering systems that are “IT Centric.”

"The Automator"
New Products
Past Issues


My first observation is that “enterprise class” in the HVAC context really isn’t.  My impression of how the HVAC industry uses the term is that it means high tech and the ability to do really large systems.  However, such systems are typically geographically constrained.  They rarely get larger than a campus (office, hospital, university, etc.) or a municipality.  Perhaps it is due to the sphere of influence of the responsible facility manager or director of operations.  Or, perhaps it is due to the ability to implement energy management strategies to achieve savings within the business unit that funded the project.

Historically, access control companies faced different drivers.  We found executives who carried a wallet full of cards as they went from facility to facility around the country.  The managers of each facility selected the access control system for their facility.  There was no way to accommodate visiting employees except by issuing a local card.  In most cases the systems and their databases, while fine for a single site, did not have the capacity to support all the employees in the enterprise.  What was required was a “one card” solution.  One card had to work at every facility in the national or multi-national enterprise, and the solution would have immediate visibility at the executive level as wallets shrunk.  So, one aspect of a real enterprise class system is that the system must extend to every facility in the enterprise.

The “one card” solution faced a critical challenge.  How do we wire all the doors in all the facilities together?  Proprietary wiring schemes were effective on a single site.  The access control manufacturers often argued that they could not share their cable paths with other systems because the resulting system would be less secure or less reliable.  But that is where another aspect of enterprise class came in – the business proposition.  Whether the enterprise was a school district, a municipality, or a national retail chain, intranets were going in and they were funded by the IT department (sometimes with year 2000 upgrade mandates).  The access control manufacturer that embraced the IT infrastructure survived and thrived.  Issues of security and reliability never really materialized.  With the new challenges of hackers, viruses, and similar threats, the IT department had acquired C-level (CEO, CFO, etc.) visibility for corporate security.  And, as more and more of the business fabric ran on the corporate network, where downtime meant a significant and highly visible impact on the bottom line, reliability was not an option.

Today, we see the HVAC companies using new technologies including TCP/IP.  But the implementations have often been on a dedicated pipe on a single campus.  The unfortunate aspect of this implementation is that the HVAC companies have not learned how to communicate with the IT department.  Yes, that is a double entendre.  It is not just the challenge of a technical deployment of real time control systems on a corporate network – a network seen as the historical domain of the finance department.  Rather, it is more about being sensitive to the cultural, political, and business issues of the IT team.  The IT department is regularly a member of the decision making team for a new BAS system, and may even contribute a significant portion of the funding.  Within the access control industry, we find that the IT department is not only an important part of the team, but increasingly has the ultimate responsibility and decision making authority for security.

Our “network architectures” for access control are optimized differently than for HVAC.  We are much more database oriented, and that too has provided a better synergy with the IT department.  We have controllers with databases for “who goes where when.”  These controller databases are downloaded from a server and operate locally even if the server half way around the world is down or otherwise unavailable.  However, we have a separate database in the server that contains lots of text (names, departments, vehicles, phone numbers, etc.), images (photos, signatures, and logos), biometric templates, and video (time stamped digital video recorder clips).  Sure we download some sophisticated application logic (control sequences) into our controllers for local control and we absolutely need operators to respond to alarms and manually unlock doors in real time.  But most of what we do is about “data” - very secure data.

Another reason that access control systems are enterprise class is that we must interface with other departments outside of facilities.  Very often we are asked to import data associated with a new class of students from Administration or Housing, or new employees from Human Resources.  Or, we need to capture the data from a competitor’s system when the customer is doing an upgrade.  These situations involve importing data.  It can be a one time batch process, a daily import or even real time, as for visitor management.  We export data, too.  It might be for the facilities department that chooses to use the access control system that counts people entering or leaving a building (or area) as a lower cost alternative to indoor air quality sensors.  Or, perhaps we manage the parking for employees and visitors and send the results to finance as a revenue generating activity.  New paradigms of management occur when data for employee and visitor access activity is analyzed by time of day.  In our new mobile society, we might find that our facility resources aren’t really being used by all the employees 8 to 5, and some operations are more visitor centric.  Perhaps we can redeploy resources.  When data spans departments we just see things differently.

So how do we share data?  The IT department struggles with silos of information and how to bring them together to reduce cost or discover ways to increase revenue.  Does BACnet provide the solution?  What about SIA (Security Industry Association) or oBIX (Open Building Information Exchange)?  They all are moving in the right direction.  BACnet is certainly optimized around HVAC and does an excellent job of real time control with a system comprised of several manufacturers’ products.  They have added Fire alarm to their scope and are now actively developing constructs for access control and closed-circuit television (CCTV).  SIA is cooperating with BACnet but taking an interesting, modern approach.  They are now developing their standards in UML (Uniform Modeling Language) which is protocol agnostic.  Tools are available to convert UML data models to other languages such as XML which is ideal for sharing data.  oBIX, which is an entity of OASIS (Organization for the Advancement of Structured Information Standards), has developed standards directly around XML for interoperability between building systems and business systems.  In time, as we realize that we need to be more data centric, as we become more IT centric, I expect all the standards bodies to draw closer together especially around XML - the lingua franca of data exchange.

But, in this day of privacy concerns how do we secure the data.  Once again, the access control industry has developed a bit more competency in this area.  Two key areas are authentication and encryption.  In the HVAC world, as with many other applications, it is not unusual to perform authentication within the application.  However, with an access control system on the corporate network, we often have to authenticate to a separate domain server operated by the IT department.  Our applications have been written to accommodate Microsoft’s Active Directory for authenticating any security operator logging on to his workstation.  Special provisions are also made for separating out our SQL Server database when the IT department provides database management for the enterprise.

Perhaps a final and most interesting aspect of exchanging data revolves around encryption.  Whereas industry standards and other open architecture initiatives focus on protocols that readily allow substitution, this is not desirable for security systems.  In fact, there are a number of new standards such a AES (Advanced Encryption Standard) promoted by the US Government, which attempt to make it more difficult to compromise communications. 

An enterprise class system today is one that is focused on meeting the business needs of the enterprise.  The manufacturers need to be aware that new system architectures will be required to meet those needs competitively.  Standards, whether for building control, exchanging data, or securing data at least bring various departments to the conference table.  However, an HVAC controls company that wants to build competency in working with the IT department and sharing their infrastructure, might want to study the access control industry.  And, an IT department that wants to effectively and efficiently assimilate HVAC control systems onto their utility might examine how access control systems have been implemented.

As for the access control industry, we are always facing convergence.  Now, the IT guys and the Facility guys want to use one card to both get in the front door and get on the computer.   

About the Author

Rob Zivney, Vice President, Marketing, Hirsch ElectronicsRob Zivney, Vice President, Marketing, Hirsch Electronics

Mr. Zivney directs Hirsch Electronics’ marketing group with responsibility for strategic planning, alliances, marketing communications, pricing, the Learning Center, and vertical market programs including Hirsch’s flagship Government Programs Group. His career in the security and building controls industries spans 30 years, and his expertise covers access control and intelligent building systems including the integration of environmental, lighting, fire and security systems. Prior to joining Hirsch, Mr. Zivney held positions with CSI Control Systems International, MCC Powers (now Siemens), and Honeywell.

Mr. Zivney is an active member of the oBIX Data Model and Marketing task groups and the SIA Systems Integration Interest Group. A sought-after industry speaker, his opinions and market outlook are often quoted in the industry trade. He holds a Bachelor of Science degree in Electrical Engineering from the University of Texas at Austin.


[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]


Want Ads

Our Sponsors