The Myth of Open Architecture – Part 2

By Travis Willis, CEO

01/21/2021

Integration

Connecting anything to an on-premise server based access control system is actually a very difficult task. It is the whole reason we have system integrators, whose specialized skills and knowledge allow them to work on these complex systems and make them run. Access control systems were designed to be closed and their software was coded accordingly. They use code base that is for the most part out of date by today’s standards and maybe even in an obscure language. The software lives on a local server in a building and was configured by an integrator to whatever his or her heart desired at the time. You have multiple database structures to deal with to even access any data in the system. Sure, there are some basic commonalities but that is it. Connecting server-based systems to cloud based systems is exceedingly difficult because of these factors.  Video is the most common integration to access control. If you look closely though at video integrations, you will find that they too are all server-based integrations. This system architecture commonality is what enables this. These integrations are awfully expensive and in reality, of limited value except to the largest institutions. Those environments which employ full time surveillance personnel who watch the activities in real time find this integration beneficial. Until systems move away from server-based architecture, they cannot realize their full potential to end users. Server based systems preclude the use of mobile phones and tablets which are todays modern tools for managing people and facilities.

Integrating items like wireless locks with Mercury or proprietary boards requires specialized hardware and software. Each lock integration is a custom version to each of the access control software platforms. In the case of Mercury Security controller boards Allegion uses PIM’s and in ASSA Abloy’s case it is a separate server called a Door Service Router (DSR). Each of those then has its own version per brand of access control software. The complexity only goes up, not down. The release of Mercury Red boards which use the Linux OS creates some new possibilities for connecting things like locks, but we have yet to see solutions enter the market. The majority of Mercury boards in service today are older versions that do not support the Linux OS. This means retrofits still face significant hurdles in modernization. Linux is the preferred OS for IoT and connectivity-oriented products today with many devices running it as their primary operating system. The stage is really being set for a complete industry transformation to cloud based systems so that the end users can finally gain the tools and services that will help them run their operations securely and more efficiently.

Web Browser Enabled vs Cloud Access Control

As the utilization of the “cloud” increased over the last few years access control platforms realized they were falling behind when it comes to connectivity and integrations. Brivo, has been the most successful of the early Cloud based access control platforms and has seen significant growth compared to the traditional server-based platforms. The quickest way for the server-based access control platforms to “catch up” was to offer web browser enabled access to their systems. What this does is just create a secure VPN to an on-premise server. That connection allows remote access to the server, software and database of the access control system. This is not cloud based access control. All this does is allow you to avoid driving to the building to see and deal with the access control system. It allows remote access to the server which while an improvement isn’t really that helpful in the grand scheme of things. The vast majority of access control whether it is Mercury or non-Mercury was designed around Windows server architecture and coded accordingly. It cannot just be moved to the cloud environment. The access control industry as a whole has resisted moving to the cloud for a variety of reasons. These include having no idea where to start or how to do and it. The fact that none of their current software engineers and coders know the right languages and structures is also a major obstacle. To make the move to the cloud will cost a lot of money because they are effectively starting at zero and building a new platform. These factors have kept the incumbents from making the move. There are a few outlier and hybrid models in the market, but they are not dominate in any way at this time. The risk to the legacy companies is that all the new market entrants are cloud based and well-funded. They are capable of providing the features and capabilities desired by todays end users without headache and hassle. Cloud based systems allow for the complexity at the end user level to be greatly reduced, something all end users desire.

All traditional access control systems are limited by the size of their databases and memory. Cloud based access control is where everything was designed for the cloud environment and architected accordingly, it is open source built. The first advantage the cloud offers is unlimited storage capacity. The second is unlimited number of sites under single accounts. Third is redundancy and back up. Fourth is everything can be kept current at all levels, all the time. With traditional access control you have no version control once it is installed it may never get updated or patched. In most cases a system bought 5 years ago is way out of date at multiple levels. Before you can even connect to it you need to bring it current, maybe the server is out of date as well. The complexity just goes up and up. With cloud-based solutions everyone, and every site on the planet is on the same version. Incremental changes and improvements are easier to deploy in cloud-based systems. If a significant client needs a new feature that new feature can be made available to all of the customers. Cloud based systems are designed to be connected to other things and includes API’s which are Application Programing Interfaces. The global cloud environment uses these clearly defined connectors to connect all manner of software together. API’s are the rules and processes cloud software use to communicate with other cloud software. This is all done at the software platform level rather than at the building level in traditional access control by the Integrator. This is where great efficiencies are achieved, rather than building one off sites you can now replicate the benefits over and over cost effectively and with a higher degree of control. Systems run smoother and are more powerful starting on day one.

Why are API’s so important?

Software technology and services are evolving very quickly, and the pandemic has accelerated this process. The benefit of API’s is that companies can now specialize in solving specific business or operational problems and then easily share and integrate their solution with other solutions or even other platforms. Access control used to be the dominant platform that everything else was connected to and integrated with in a building. That is now changing, and access control is becoming a feature of a larger ecosystem in buildings or of the business itself. The future is about Smart Buildings and other platforms besides access control are now vying to be the dominant player in buildings. This trend is going to continue and accelerate as end users realize the benefits that these Smarter Buildings can deliver. Other key platform challengers are those that companies use to run their business with. Streamlined workflows and simplified interfaces are the future of business. Connectivity is the critical thing for businesses moving forward. That connectivity leads to greater data sharing and data is what is sought by end users. So, coming full circle is “Open Architecture really open?” Based upon today’s business operations-oriented definition I would argue it is not because it is not open source.

Conclusion

Ultimately each end user needs to evaluate their business model and application for access control and decide which platform best suits their needs. Very large Enterprise level and Institutional level organizations may still find that Mercury Security “Open Architecture” based platforms are best, especially if they adopt newer credential solutions. But for many other end users the best path forward may be newer cloud-based solutions that offer numerous API integrations to other software platforms such as Property Management, Tenant Experience, Human Resources, Visitor Management, Video Surveillance or even Identity Management. End users need to know their options and be given choices. We as an industry need to provide this information in an open and transparent way and get away from simple marketing slogans and tag lines.