|The principals of fault-tolerant access control are designed to limit the chances of system catastrophe by hardware failure|
Imagine a Security Director receives a call at home in the middle of the night. He’s awakened by a member of his security staff who frantically informs him the high-rise’s night shift employees cannot enter their offices when returning from break. The office door access readers are ignoring the employees’ access credentials when presented. The guard is further puzzled because his system appears to be offline for that segment, no reports are being generated and even his video monitoring has been interrupted. In a panic, the Security Director now makes numerous late night calls to the building’s Maintenance and IT Departments to assess the situation. Meanwhile, chaos builds at the scene, employees loiter the halls and lobby while the elevator reader’s floor control remains ineffective. The reader that controlled parking arms in the garage will not respond either. In this hypothetical situation, these results stemmed from a failed access controller component of the building’s security system.
Fault-tolerance is the property that enables a system to continue operating in the event of a failure of one or more of its components
Paraphrasing from Wikipedia, fault-tolerance is the property that enables a system to continue operating in the event of a failure of one or more of its components. Fault-tolerant computer systems have been around for many years- the concept is not new. For example, redundant network servers are common place in data centres. Often set up so that any single device or connection can fail, and without user intervention, a backup system or connection will step in without user intervention, and take over the job of the failed device or connection. The result: no data is lost, computers and networks continue to function while system users experience a brief hiccup lasting just seconds.
Normally, fault-tolerant systems can be characterised in terms of both planned service outages and unplanned service outages. These are usually measured at the application level and not just at a hardware level. The figure of merit is called availability and is expressed as a percentage. A “five nines” system would statistically provide 99.999% availability. A forward thinking security systems designer might pair today’s fault-tolerant servers with fault-tolerant access controllers to achieve this type of system.
Fault-tolerance has now been applied to the components of access control, namely the access control panel or controller. The principals of the fault-tolerant architecture are designed into the security hardware and software alleviating the chances of system catastrophe by hardware failure. The result: the system and its components remain “online”, and any malfunctioning hardware can be inspected at leisure (ideally this setup would have prevented the scenario described earlier).Distributed versus subservient access controller architecture
Often, two common hardware architectures are deployed in the access control industry. First, the “distributed” architecture; as its name suggests, the intelligence (database storage and decision making ability) of the system is distributed to an array of control panels on the system. Each card reader and its associated input and output points are connected directly to an intelligent controller.
The second architecture is the “master controller-to-door controller” style, also known as master/slave. With this configuration, the master controllers are the only intelligent component of the system and each door is connected to a lesser intelligent door interface module near the systems edge.
The advantage of the first type of system described here is that since the intelligence is distributed to each controller and the number of doors connected to each controller is limited (usually 12 to 16 doors), the risk of losing more than a few doors within the system due to any one hardware failure is low, however still a loss. In contrast, the master controller-to-door controller configuration could conceivably put up to 128 doors in a degraded state if one master controller fails. The advantage of the master controller-to-door controller schema is the low cost associated with having fewer intelligent controllers on the system.
Many service providers in the security industry have had to evaluate the pros and cons of these two types of architectures upon the application’s access control requirements. Both are valid architectures, and depending on how critical it is that the system stays up and operating or the size of the end-user’s budget, either architecture could be more appropriate. In large part, manufacturers of access control hardware default to either one or the other of these two architectural philosophies and will forcefully defend it.
|Fault-tolerant systems lend flexibility to the management of security systems and technologies|
Fault-tolerant access control
New fault tolerant systems offer the service provider and the end-user the best of both worlds. They use the more cost-effective master controller-to-door controller architecture, yet offer system survivability that surpasses even the most conservatively designed distributed intelligence systems. Having the ability to fall back to any other master controller on the system is advantageous in eliminating an “offline” scenario.
A truly fault tolerant system offers redundant master controllers, redundant host computers, redundant communication paths and backup power. With today’s fault-tolerant access control systems, you can choose from several different backup or secondary communications protocols. You could opt to use an LAN as your primary communication path and then have an additional LAN connection, wireless network or hardwired RS485 to serve as a secondary or tertiary communication mode.
These fault-tolerant systems offer advanced features, such as automatic data propagation. When a new fault-tolerant master controller is added to an existing fault-tolerant system, the necessary information the new controller needs to operate as an integral part of the system can automatically be transferred from either the host computer or from another master controller in the system. No physical user intervention is needed to give the new controller the data and system parameters it requires to become a part of the existing system environment. Inputs and outputs are now global in their reach. Any input on the system can trigger any output and this can be based on any event, anywhere on the system—none of this is dependent on the host computer or even any specific master controller.
This flexibility is an inherent consequence of the system’s fault-tolerant characteristics. According to the specifications of one manufacturer, these systems naturally incorporate 32 bit CPUs and can take advantage of today’s advanced Power over Ethernet (PoE) technologies as well as additional high security features, such as: Automatic Hot Cutover, Fail Safe Operations, Anti-Passback Control, 5 State Alarm Monitoring, “Threat Level” Card Authorization Logic, 2 Stage Alarm Control, Alarm Latching, Two Person Minimum Occupancy Rule, AC Power Failure Notification, DC Low Power Notification, Supervised Readers and Tamper Switches, Supervised REX and FIPS 201 and TWIC Compliant.
Cost of using fault-tolerant access control
Fault-tolerance is often sought-after by the requirements of today’s high security environments. This technology is ideal for the following markets: military, government, campuses, healthcare, utility and industrial facilities. Currently, PCSC, a Torrance, California based access control manufacturer holds patent rights on the Fault Tolerant Security Architecture, the technology that is found within their product line of fault-tolerant controllers.
It is difficult to place a price on security, and priceless when it comes to life safety. These access control systems are competitively priced to compete with systems using standard designs, making these high-availability systems an attractive option for both end-users and access control installers. The days of frantic calls to dispatchers in the middle of the night to fix an access control and security system that has dropped offline could be no more. There is peace of mind in knowing that even if the controller and primary communications fail and the host computer goes offline, a facilities’ access control can remain “online” without serious interruption.