18. Access Control System Servers and Workstations
Chapter objectives
1. Get to Know the Basics in the Chapter Overview
2. Discover Server/Workstation Functions
3. Learn All about Panel and Global Decision Processes
4. Learn the Elements of Access Control System Scale
5. Understand Access Control System Networking
6. Learn about Legacy Access Control Systems
7. Answer Questions about Access Control System Servers and Workstations
CHAPTER OVERVIEW
In this chapter we will discuss Servers and Workstations — the heart of the Access Control System. While Access Control Panels are the workhorses of the system, Servers and Workstations are the beating heart of the system.
Servers store all of the system configurations and historical data, manage communications throughout the system, and serve the Workstations with real-time data and reports. Servers also control so-called “Global” system decisions or functions that span across multiple Access Control Panels. We will also discuss the elements of system scale, such as how to scale a small system into a large one. Using these methods, a system can grow from a single Access Control Panel into an international system with thousands of Credential Readers (just the thing for a budding dot.comcompany).
Network Design is perhaps the most misunderstood aspect of Alarm/Access Control System design. In this chapter, we will fully explore security system network design. Finally, it is important to note that security system designers, installers, and maintenance technicians will face many existing installations using older “Legacy” systems. We will explore how those systems differ from current offerings and how to interface newer systems with their older cousins.
In this chapter Servers and Workstations, the heart of the Access Control System, are discussed. While Access Control Panels are the workhorses of the system, Servers and Workstations are its beating heart.
Servers store all of the system configurations and historical data, manage communications throughout the system, and serve the Workstations with real-time data and reports. Servers also control so-called “Global” system decisions and functions that span across multiple Access Control Panels. The elements of system scale and how to scale a small system into a large one are also discussed.
Network Design is perhaps the most misunderstood aspect of Alarm/Access Control System design. In this chapter, security system network design is fully explored. Finally, it is important to note that security system designers, installers, and maintenance technicians will face many existing installations using older “Legacy” systems.
Keywords: Communications, Configuration, Data, Global, Legacy, Network, Server, Workstation
Author Information:
Thomas L. Norman, CPP, PSP, CSC, Executive Vice President, Protection Partners International

Server/Workstation Functions

Servers perform the following functions:
• Store all of the system configurations
• Store all of the system's historical event data
• Manage communications throughout the entire system
• Serve Workstations with Real-Time Data and Reports
The Alarm/Access Control System Server is the all-seeing, all-knowing entity that completely commands all other activities within the system. Absolutely nothing happens in an Alarm/Access Control System that the Server does not know about and keep notes on.

Store System Configurations

When you first unpack, install, and hook up an Alarm/Access Control System it is as dumb as a rock. Ok, it is a rock with electricity going through it, but it is still dumber than every politician in the world. Yes, it is really that dumb. But just like Albert Einstein as a baby, it is going to get a whole lot smarter.
After loading the operating system and Alarm/Access Control System program, and any other necessary software, you will hook up the server to the network and begin programming device hardware configurations for the entire Alarm/Access Control System.
Every device has a number of configurations that are required for the system to work properly. The server manages all of these and distributes the configurations out to field devices such as Access Control Panels.
Common configurations typically include (these may vary by system brand):
• Access Control Panel Configurations:
• Network, Dial-up, and Serial Communications
• Cluster Configurations
• Distributed Management Configurations
• Firmware Upgrades to all Access Control Panels
• Seamless Integration with the Host Server
• Access Control Module Configurations (may be either part of the Access Control Panel or may be a separate board):
• Door Alarm Input Configurations
• Door Lock Output Configurations
• Card Reader Configurations
• Optional boards (if applicable)
• Cluster Configurations:
• Often Access Control Panels are configured for network communications into user defined groups (logical clusters).
• Cluster Master Configuration (configure one Access Control Panel in the logical group as the master).
• Cluster Member Configuration (configure all other members of a cluster under their master).
• The Primary Communications Path must be configured (Master Access Control Panel to Host Server).
• The Connection Type for Master to Host communications (TCP/IP over Ethernet, serial connection such as RS-232 or dial-up modem). Cluster members will connect to their master using TCP/IP over Ethernet only.
• The Secondary Communications Path — Masters are often programmed with a redundant path in case the first path fails.
• Distributed Cluster Management:
• This function allows the Cluster Master and Members to share communications and commands between them even when the connection to the Host Server is lost, thus allowing continued uninterrupted operation even when the Host connection is temporarily lost.
• In this case, the Master (and sometimes the Members) will maintain their own event history until connection between the Master and Host Server is re-established, at which time all event data will be uploaded to the Host Server through the Master.
• Types of Distributed Cluster Management:
- Event Control
- System Activity such as Cluster output control at one Member from an event in a Member Controller
- Global Anti-passback by Cluster

Store the System's Historical Event Data

Servers store all system historical event data. Everything that happens out in the field or at a Console Workstation is recorded into a Historical Log file (or files).
Typical Historical Data stored will include a record where the first field is the year/month/day and that will be followed by the type of historical event, followed by the specific change of state or command. Historical Data may include:
• Access Control Events
• Access Granted
• Access Denied
• Card/Credential not recognized
• Alarm Events
• Secure
• Alarm
• Bypass
• Trouble
• Output Control Events
• Open/Closed/Momentary Change of State
• What commanded the change of state (Door Lock release from Authorized Card or Request-to-Exit Sensor)
• Anti-passback Events
• Initiate Anti-passback event when a card enters an Anti-passback Zone
• Close out Anti-passback event when the card exits the Anti-passback Zone
• Invalid use of card at entry reader to Anti-passback Zone by a card that is already within the zone (Access Denied).
• Scheduled Events
• Unlock door for daytime entry
• Lock door for nighttime entry
• Turn off Vending Machines after hours
• Turn on Vending Machines at opening or when the department is occupied after hours
• Etc.
• Operator Logs
• Operator logs onto or off of an Alarm/Access Control System Workstation
• Operator log may include:
- Year/Month/Day
- Operator Authorization Level (Administrator, Supervisor, Operator, etc.)
- Operator Name
- Operator Event
• Operator events
- Logon/Logoff
- Area of Program Accessed/Viewed
- Program Element Commanded (Report, Unlock a Door or Gate, etc.)
- System Configuration Change (Add/Modify/Delete Record or Hardware Attribute)

Manage Communications throughout the Entire System

Servers also manage all digital communications throughout the entire Alarm/Access Control System. The Server:
• Sends instructions to the Access Control Panels
• Sends instructions to Output Relay Panels
• Receives event data from Access Control Panels
• Receives event data from Alarm Input Panels
• Sends and Receives communications to/from other related systems
• Digital Video System
• Digital Intercom System
• Building Automation System
• Elevator Controllers
• Lighting Controllers
• Etc.
It is common to see both a Primary Host Server and a Back-up Host Server installed on a system to minimize the possibility of a server failure. By the way, I strongly recommend this unless the client does not need the Access Control System to function. I am not being flippant. A redundant server is always recommended.
There are two operating modes for Back-up Servers:
• Fail-Over Host Server
• Redundant Host Server
A Fail-Over Server is a server programmed exactly like the Primary Host Server, but is “standing by,” constantly waiting in the wings for the Primary Host Server to somehow fail. Failure can happen when the Primary Host Server is taken down for maintenance or due to a malfunction. The Fail-Over Server receives programming and configuration updates constantly from the Primary Host Server so it is always prepared for the emergency. When the emergency passes and the Primary Host Server comes back online, the Fail-Over Server relinquishes its role back to the Primary Server. The Fail-Over Server may not maintain current historical archives.
A Redundant Host Server is a server that performs all of the functions of the Fail-Over Server, but is also updated constantly and online just like the Primary Host Server. The only difference between the two in normal times is that all commands are being distributed to the system through the Primary Host Server. That role changes should the Primary Host Server go down for any reason.

Serve Workstations with Real-Time Data and Reports

The Primary Access Control Host Server also serves the System Workstations with all of the data they request. Workstations interact continuously with their server, constantly receiving data from and sending data to the server.
Data Received by Workstations may include:
• Access Control Events Information Screens
• Year/Month/Day/Time — Building/Door Authorized Entry/Denied Access
• Scrolling Chronological Events
• Specific Event information
• Alarm Event Information Screens
• Year/Month/Day/Time — Location of Alarm, Secure/Alarm/Bypass/Trouble
• Scrolling Chronological Events
• Specific Event information
• Map Displays
• Guard Tour Information
• Hardware Status
• Non-Hardware Status
• Reports
• List of Connected Servers
• Workstation Views Content (choice of many screens to view)
• Help Screens
• User Images related to access events
• Camera Snapshot Images related to security events
• Live Video Window (some systems interface with a digital video system to display video related to an event)
• Message Dialog Boxes (error messages)
• Third-Party Applications
Data Sent to Server by Workstations may include:
• Login/Logout
• Access Control Commands (Manual Actions such as Unlock a Door)
• System-Wide Threat Level
• Options Selections
• Third-Party Applications
Servers also serve reports to workstations and printers. Typical reports may include:
• Roll-call Reports (all personnel in the system)
• Connected Devices
• Connected Servers
• Connected Device Status
• Journal Reports
• Access Control Activity Report
• Alarm Activity Report
• Manual Event Activity Report
• Automated Event Activity Report
• Anti-passback Report
• Etc.

Decision Processes

Although basic system decisions (grant/deny access) are made by the Access Control Panels, it is the Primary Host Server that programs these and distributes the programming appropriately to all the Access Control Panels.
One panel may serve 10 doors within a department. It may have 10 readers connected to it and a total of 400 authorized users for those readers. Another panel may serve 8 turnstiles from the employee lot of a large factory. This panel may have 16 readers connected to it (one in/one out for each turnstile) and have a daily throughput of 12,000 authorized users.
It is the Primary Host Server that decides what access programming to send to each panel and which authorized users to place in the panel's authorized user database. Not all panels receive the entire user database. Typically, they only receive those that their readers are authorized to process.
Additionally, decisions based on schedules (Day of Week, Time of Day, etc.) are also downloaded on an “as needed” basis to each Access Control Panel.
But what happens if a card is presented to a card reader that has not been programmed into the system? The Access Control Panel may be programmed to reject the card if the card does not include the facility code of the facility in question.
But sometimes large corporations use a common facility code across several facilities, so the card may be valid for the facility, but not programmed into the Access Control Panel. When this occurs, the Access Control Panel recognizes the card as being from a valid facility, but does not know what to do with the card. It is not void, and it is not accepted. Here is what happens. The Access Control Panel simply queries the Primary Host Server and asks it what to do with the card. The Primary Host Server looks at the total database (all related sites) and recognizes this card as valid across three of the eight facilities. It sends a “grant access” command to the Access Control Panel and the door unlocks.
Most decisions are made inside the Access Control Panel, but some decisions are reserved for the Primary Host Server.

System Scalability

Scalability is the ability of a system to grow gradually in size and capabilities, without giant price cliffs to climb along the way.
Every large system began as a small one sometime in the past. They do not start large, they grow larger … and larger. Accordingly, it is important to design and install every Access Control System as though it will become a large system someday, even if it is small today.

Unscalable Systems

Most Access Control System manufacturers have woken up to this fact and are now making scalable systems. A scalable system is one that does not require the abandonment of any equipment in order to grow in scale. The organization may have to purchase a larger license, but they do not have to throw capital investment away to expand their system from 64 to 65 card readers or from 128 to 129 card readers as was often the case in the past. Quite literally, a number of manufacturers required that when a client needed to grow their systems from 128 to 129 card readers, they had to replace all of the Access Control System panels and software with another, larger version, all for a modest cost of about $50,000. Yikes!!!
Wait! It was worse than you think. When Alarm/Access Control System manufacturers finally began listening to their customers who were screaming for scalable systems, their solution was to create scalable hardware coupled up with non-scalable software. How did they do that? By selling software that was limited to 64, 128, 256, 512, or 1,028 card readers. After selling the client on a “scalable” system, when the client needed to grow from 128 to 129 card readers, he discovered that he had to buy the next higher capacity of software, at a modest cost of about $50,000! Yikes again! That is $50,000 for almost the exact same software with a key enabled to grow to 256 readers instead of 128. This was common in the industry, and it was especially true of larger, more capable systems.

Basic Scalability

Finally, along came a company who understood how outraged clients were and they offered the first truly scalable system. The cost of the software was mostly built into the hardware cost so that one basically never needed to upgrade the software, only add hardware to it to grow its scale.
That was real competition for the other major Access Control System manufacturers and little by little true scalability grew across the entire marketplace. Today it is difficult to find a non-scalable system. This approach also saw the introduction of the first multi-site systems.

Multi-Site Systems

Up until this time, most Access Control Systems were designed to serve only one facility. The system may have been installed at multiple buildings on a campus, but all were managed from a single Primary Host Computer (at this time, redundant servers were a rarity). This required that all new employees, in order to receive an access card, had to go to a single Security Badging Center to have their Photo ID made and to have their data entered into the facility's Access Control System. This limitation made operation across multiple sites virtually impossible. Accordingly, it was common to see large corporations with many different brands and models of Alarm/Access Control Systems serving their entire Enterprise. This created incompatible cards, so management and other employees who worked at multiple sites had to carry multiple access cards, one for each site they visited.

System-Wide Card Compatibility

The first step toward Enterprise-scalable systems was system-wide card compatibility; that is, the ability to utilize a single access card across the entire Enterprise. Due to client demand, Access Control System manufacturers began using the Wiegand interface as a standard, allowing for different facility codes for each facility on a common card format. Thus, management could hold only one card that was good across the entire Enterprise.

Enterprise-Wide System

The next step along the way to true Enterprise scalability was the implementation of a single, common brand/model of Alarm/Access Control System across the entire Enterprise. This allowed large corporations to take advantage of buying power and provided for uniform training and maintenance. This phase was pushed along by the consolidation of many small independent integrators into large national integrators, who gave large corporations and government entities buying leverage to get all their facilities “under the tent.”
Until to this time, each facility had its own Primary Host Server.

Master Host

As Enterprise-class organizations began to pay attention to improving cost control on their security units (due to bean counters) and to improve uniformity of corporate security policies across the Enterprise (mostly due to litigation), a demand developed for the ability to establish common security and access control policies across the Enterprise. This illuminated the need to develop a means to control the application of those policies.
One of the best ways to do that was to put access control policies under the control of a single Master Host Server. In the earliest implementation of this, the application was developed for a single Master Host Server, “talking” to Administrative Workstations outfitted at each remote site. These all communicated across telephone modems, constantly passing data up and down the line. This did not work well because of the amount of data being communicated often exceeded the capabilities of the telephone line and the inherent unreliability of modem speeds during weather events.
Until this time, all inter-site communication was over modems.

Super-Host/Sub-Host

Finally, the system architecture evolved into what we now call a “Super-host/Sub-host” configuration in which each individual facility is equipped with its own Primary Host Server and these all connect to a “Super-host” at the Corporate Headquarters facility.
This called for the development of TCP/IP Ethernet communications between Super-and Sub-hosts to facilitate the larger amount of data communicated and to take advantage of the corporate Wide Area Network (WAN) that already connected their Information Technology (IT) systems.
It was not long after that TCP/IP connectivity was extended to include communications to Access Control Panels to allow connection of small unstaffed remote sites. Soon after that, TCP/IP Ethernet was used to connect the Cluster Master Access Control Panel for each individual building on the campus. This was ultimately followed by using TCP/IP Ethernet to connect most if not all Access Control Panels throughout the system, taking advantage of existing Ethernet systems and more uniform connectivity.

Access Control System Networking

Access Control Systems on TCP/IP Ethernet networks on a single system at a single site may involve four main logical elements:
• The Core Network
• The Server Network
• The Workstation Network
• The Access Control Panel Network
Additionally, more complex system integrations may involve:
• Integrated Security System Interfaces
• Multi-site Network Interfaces
• Integration to the Business IT Network
• VLANs

The Core Network

The Core Network typically comprises between one to any number of Digital Ethernet Switches for an Alarm/Access Control System. Typically, the network may include:
• A single Digital Ethernet Switch to connect the Primary and Back-up Host Servers and any Workstations if there are no other TCP/IP devices such as Access Control Panels
• Multiple Digital Ethernet Switches as follows:
• Core Switch for the Servers and Workstations
• Edge Switches for the Access Control Panels
The Core Network should include one or more good quality digital switches such as Cisco, HP, 3Com, and so forth (avoid the cheap computer store brands). The switch should be capable of supporting VLANs, VPNs, and both Unicast and Multicast protocols to the individual port. Redundant power supplies on the switch are a plus. Better switches are more reliable, less prone to the aging effects of the environment (temperature and humidity effects), and are more likely to work well when the Access Control System becomes part of a larger Integrated Security System including Digital Video Cameras and Digital Intercoms.
I recommend that all Digital Switches in the same network are of the same brand (all Cisco, all 3Com, etc.). This facilitates better management of the switches and greater reliability of the network in real-world operations.

The Server Network

The Servers are the core of the network. When you have a Primary and Back-up Server, they should be connected together over an Ethernet network. These will network together through a “Core Switch.”

The Workstation Network

Although Workstations can sometimes be connected to servers using serial communications (RS-232 or Universal Serial Bus, USB), TCP/IP Ethernet connections are recommended. These will connect to the Servers through the Core Switch.

The Access Control Panel Network

Assuming that the system comprises only a single building, the Access Control Panels can connect to the network through an Edge Switch located near the Cluster Master Access Control Panel. Other panels can connect to the Cluster Master through TCP/IP Ethernet or RS-485 for most brands.
Ethernet has speed and connection distance limitations. Common Ethernet speeds include:
• 10Base-T — 10 Mb/second (Mbps)
• 100Base-T — 100 Mbps
• 1,000Base-T — 1Gb/second (Gbps)
• 10,000Base-T — 10 Gbps
• And higher
TCP/IP can connect via Copper or Fiber. Copper connections have a nominal distance limitation of 270 feet (100 m) for 10Base-T and 100Base-T systems. Copper connections include Category 5, (CAT-5), CAT-5E, and CAT-6 types. For 10Base-T and 100Base-T connections, CAT-5 and 5E connections are acceptable up to 100 m. CAT-6 connections serve 1 Gbps connections up to 100 m. CAT-6 cabling can also provide up to 1,500 feet for 100Base-T connections.
Fiber connections include Multi- and Single-mode types. Multi-mode fiber is intended for relatively short runs or runs having lower speeds (1 Gbps or less). This is common for any runs over 100 m, such as between buildings. For 10 Gbps connections, always use Single-mode fiber between buildings.
Alarm/Access Control Systems typically push relatively few data as compared to Digital Video Systems (the exception is that those systems also send video with alarm information).
Access Control Networks for Access Control Panels can typically be 100Base-T networks. Connections between Edge Switches (at the Access Control Panels) and the Core Switch (at the Servers) can be over 100Base-T copper Ethernet up to 100 m. Distances over that should connect through Multi-mode Fiber using SFP connectors on the Digital Switch.

Integrated Security System Interfaces

When you connect an Alarm/Access Control System to other security and building systems, it is often best to do so by Ethernet connections. The exception is for connections between systems using dry contact interfaces, such as alarm or door control interfaces between systems.
Whenever connecting multiple systems on the same network, it is best to do so by placing each system on its own VLAN.

VLANs

VLANs allow you to isolate communications between systems, buildings, and sites to better manage the quality of communications when multiple systems share the same physical network. VLANs are accommodated with programming on the Digital Switches and with a VLAN addressing scheme so that you can easily see which VLAN each system and device are located within.
A typical VLAN addressing scheme might be
10.100.1.XX — Digital Switch Administrative VLAN
10.100.2.XX — Digital Video System VLAN
10.100.3.XX — Alarm/Access Control System VLAN
10.100.4.XX — Security Intercom VLAN
VLANs require the Core Switch to be a Routing Switch capable of Level 3 commands. Distribution and Edge Switches must be capable of accepting VLAN programming. Additionally, VLANs can be programmed for each system for each building.

Multi-Site Network Interfaces

When the Alarm/Access Control System expands across multiple sites it will be necessary to configure VLANs for each system for each site, and the VLANs may need to be Routed through an existing Business IT Network to avoid the usually unbearable cost of a dedicated Wide-Area Security System Network.

Integration to the Business Information Technology Network

In such cases, the Security System may need to comply with Network and Routing protocols and addressing schemes of the IT Department. For this reason, it is advisable to coordinate beforehand with the IT Department Director to obtain VLAN protocols and an addressing scheme for the Alarm/Access Control System network that will comply in the future with protocols and addressing schemes already in use by the IT Department.
Although the Security System may be on its own network now, as it grows to span multiple sites, it will often need to be routed through the IT Network. Making sure that you have VLAN protocols and addressing schemes that already comply with the IT Department's standards will ensure the least possible disruption if the two are merged together in the future and no harm is done if they are not merged.
Additionally, it is recommended to place the Security System behind a hardware Firewall to protect both the Alarm/Access Control System and the Business IT System from each other to ensure sustainability and reliability for both systems.
For the ultimate in protection, I recommend that the Security System be routed through a VPN, which both completely isolates and encrypts the security system data from the Business IT Network. VPNs are also a good solution for merging systems if the VLANs are not protocol/network address compatible.

Legacy Access Control Systems

From time to time you will come across older Access Control Systems also known as “Legacy” systems. For the purposes of this discussion, we will consider any system that connects to its Primary Host Server through any means other than TCP/IP Ethernet to be a Legacy System. Many of today's top systems that connect via Ethernet have older installations that do not. At some point these will need to be updated.
After reading the previous section System Scalability, you will recognize where each system you encounter is along the development evolution.
Legacy systems can be brought up to date by
• Replacing their software with the current version
• Creating a Cluster Master Access Control Panel with TCP/IP Ethernet Connectivity
• Creating a Cluster Master for each site and building
• Ensuring that all existing Access Control Panels are compatible with the new software version
• Reviewing the entire system (all sites/buildings) for adaptation to TCP/IP Ethernet
• Having no need to upgrade Legacy Access Control Panels if they are still compatible with the new software version
• Reviewing organization monitoring and management policies to see if a Super-host/Sub-host configuration will help manage the Security Units better; if so, implement these
• Reviewing related security systems for interoperability to create an Integrated Security System for each site

Chapter Summary

1. Servers perform the following functions:
• Store all of the system configurations
• Store all of the system's historical event data
• Manage communications throughout the entire system
• Serve Workstations with Real-Time Data and Reports
2. Every device has a number of configurations that are required for the system to work properly. The server manages all of these and distributes the configurations out to field devices such as Access Control Panels.
3. Common configurations typically include (these may vary by system brand):
• Access Control Panel Configurations
• Access Control Module Configurations (may be either part of the Access Control Panel or may be a separate board)
• Cluster Configurations
• Distributed Cluster Management
4. Servers store all system Historical Event Data.
5. Historical Data may include:
• Access Control Events
• Alarm Events
• Output Control Events
• Anti-passback Events
• Scheduled Events
• Operator Logs
6. Servers also manage all digital communications throughout the entire Alarm/Access Control System.
7. The Server:
• Sends instructions to the Access Control Panels
• Sends instructions to Output Relay Panels
• Receives event data from Access Control Panels
• Receives event data from Alarm Input Panels
• Sends and Receives communications to/from other related systems
- Digital Video System
- Digital Intercom System
- Building Automation System
- Elevator Controllers
- Lighting Controllers
- Etc.
8. It is common to see both a Primary Host Server and a Back-up Host Server installed on a system to minimize the possibility of a server failure.
9. There are two operating modes for back-up Servers:
• Fail-Over Host Server
• Redundant Host Server
10. A Fail-Over Server is a server that is programmed exactly like the Primary Host Server, but is “standing by,” constantly waiting in the wings for the Primary Host Server to somehow fail.
11. A Redundant Host Server is a server that performs all of the functions of the Fail-Over Server, but is also updated constantly and online just like the Primary Host Server.
12. The Primary Access Control Host Server also serves the System Workstations with all of the data they request.
13. Servers also serve reports to workstations and printers.
14. Although basic system decisions (grant/deny access) are made by the Access Control Panels, it is the Primary Host Server that programs these and distributes the programs appropriately to all the Access Control Panels.
15. Scalability is the ability of a system to grow gradually in size and capabilities, without giant price cliffs to climb along the way.
16. Attributes of Scalability may include:
• Multi-site Systems
• System-wide Card Compatibility
• Enterprise-wide System
• Master Host
• Super-host/Sub-host Operation
17. Access Control Systems on TCP/IP Ethernet networks at a single system at a single site may involve three main logical elements:
• The Core Network
• The Server Network
• The Workstation Network
• The Access Control Panel Network
18. Additionally, more complex system integrations may involve:
• Integrated Security System Interfaces
• Multi-site Network Interfaces
• Integration to the Business Information Technology Network
• VLANs
19. The Core Network typically comprises between one to any number of Digital Ethernet Switches for an Alarm/Access Control System.
20. Digital switches should be capable of supporting VLANs, VPNs, and both Unicast and Multicast protocols to the individual port.
21. Digital Switches in the same network should all be of the same brand.
22. The Servers are the core of the network. When you have a Primary and Back-up Server, they should be connected together over an Ethernet network. These will network together through a “Core Switch.”
23. Although Workstations can sometimes be connected to servers using serial communications (RS-232 or USB), TCP/IP Ethernet connections are recommended. These will connect to the Servers through the Core Switch.
24. Assuming that the system comprises only a single building, the Access Control Panels can connect to the network through an Edge Switch located near the Cluster Master Access Control Panel. Other panels can connect to the Cluster Master through TCP/IP Ethernet or RS-485 for most brands.
25. TCP/IP can connect via Copper or Fiber.
26. Fiber connections include Multi- and Single-mode types.
27. Access Control Networks for Access Control Panels can typically be 100Base-T networks.
28. Whenever connecting multiple systems on the same network, it is best to do so by placing each system on its own VLAN.
29. When the Alarm/Access Control System expands across multiple sites it will not only be necessary to configure VLANs for each system for each site, but the VLANs may need to be Routed through an existing Business IT Network to avoid the usually unbearable cost of a dedicated Wide-area Security System Network.
30. Although the Security System may be on its own network now, as it grows to span multiple sites, it will often need to be routed through the IT Network. Making sure that you have VLAN protocols and addressing schemes that already comply with the IT Department's standards will ensure the least possible disruption if the two are merged together in the future and does no harm today if they are not merged.
31. Legacy Access Control Systems can be brought up to date by:
• Replacing their software with the current version
• Creating a Cluster Master Access Control Panel with TCP/IP Ethernet Connectivity
• Creating a Cluster Master for each site and building
• Ensuring that all existing Access Control Panels are compatible with the new software version
• Reviewing the entire system (all sites/buildings) for adaptation to TCP/IP Ethernet
• Having no need to upgrade Legacy Access Control Panels if they are still compatible with the new software version
• Reviewing organization monitoring and management policies to see if a Super-host/Sub-host configuration will help manage the Security Units better; if so, implement these
• Reviewing related security systems for interoperability to create an Integrated Security System for each site.
Q&A
1) Servers perform the following functions
a. Store all system configurations
b. Store all of the system's historical event data
c. Manage communications throughout the entire system
d. All of the above
2) Servers perform the following functions
a. Manage the processing of video-to-video monitors
b. Serve Workstations with Real-Time Data and Reports
c. Both a and b
d. Neither a nor b
3) After loading the operating system and Alarm/Access Control System program and any other necessary software, you will hook up the server to the network and begin
a. Programming system maps
b. Programming schedules
c. Programming device hardware configurations for the entire Alarm/Access Control System
d. None of the above
4) The server manages all of the configurations required for the system to work properly and
a. Distributes the configurations out to field devices such as Access Control Panels
b. Distributes instructions to video cameras about where to point and focus
c. Distributes peanuts and colas along the main center aisle
d. None of the above
5) Common configurations made by Access Control Servers typically include:
a. Access Control Panel Configurations
b. Access Control Module Configurations
c. Cluster Configurations
d. All of the above
6) Common configurations made by Access Control Servers typically include:
a. Distributed Cluster Management
b. Network Fiber connections
c. Router and Firewall power conditions
d. All of the above
7) Access Control Servers
a. Delete data daily
b. Acknowledge quality programming by dialog boxes
c. Manage communications throughout the entire Access Control System
d. None of the above
8) Operating modes for back-up servers include:
a. Fail-Over Host Server
b. Redundant Host Server
c. Both a and b
d. Neither a nor b
9) Although basic system decisions (grant/deny access) are made by the Access Control Panels, it is the Primary Host Server that programs these and
a. Distributes the programming appropriately to all the Access Control Panels
b. Distributes minute-by-minute changes to those instructions
c. Distributes live video to the operator
d. None of the above
10) Scalability is the ability of a system to grow gradually in size and capabilities
a. Without regard to the type of organization
b. Without giant price cliffs to climb along the way
c. Without any decisions being made by management
d. Without any regard to cost
11) Examples of Scalable Systems approaches include:
a. Multi-site Systems
b. System-wide Card Compatibility
c. Enterprise-wide System
d. All of the above
12) Large systems may put access control policies under the control of a single
a. Master Host
b. Document
c. Monthly Newsletter
d. Workstation
13) In Super-host/Sub-host systems
a. Each individual facility is equipped with its own Primary Host Server and these all connect to a “Super-host” at the Corporate Headquarters facility
b. Each individual facility is served by Access Control Panels and these are all controlled directly by a “Super-host” at the Corporate Headquarters facility
c. Each facility has its own security director who decides daily which facility will serve as the “Super-host”
d. None of the above
14) Access Control Systems on TCP/IP Ethernet networks at a single system at a single site may involve
a. The Core Network and the Server Network
b. The Workstation Network and The Access Control Panel Network
c. Both a and b
d. Neither a nor b
15) VLANs allow you to
a. Isolate communications between systems
b. Isolate communications between buildings and sites
c. Better manage the quality of communications when multiple systems share the same physical network
d. All of the above
Answers: 1) d, 2) b, 3) c, 4) a, 5) d, 6) a, 7) c, 8) c, 9) a, 10) b, 11) d, 12) a, 13) a, 14) c, 15) d
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.187.101