Network Security Redefined:

IP-Enabled Access Control

IT Security Redefined
What does “network security” mean to you? Your first answer might
be about the prevention of unauthorized access to a computer
network, or the encryption of the traffic on the network. But think
deeper, and you’ll hit upon the evolving and broader definition of
the term - the use of existing network infrastructure to more cost-
effectively enable physical security of people, equipment, and data.
From One Giant Leap …
Recent developments in physical security systems have enabled us to
expand access control using the Ethernet infrastructure. It began with
IP-enabled cameras and evolved to edge panels operating on the LAN –
a trend that represented a major advance in technology and practice.
… to the Next Step
Now, the latest access control technology enables us to design all
the components of a lock – including card readers and sensors
– into a single integrated system accessible from your Ethernet
network. That means the elimination of additional wiring, greater
flexibility and scalability, all in a standards-based open architecture.
Why IP?
By eliminating the need for hard wiring to a central panel or controller,
IP-based systems enable installations that are non-proprietary, flexible
and scalable. This means not only a more versatile solution, but also a
more cost-efficient one. A network-based system can be enlarged by
one door, and one reader, at a time, unlike some traditional systems
where controllers or panels often support multiple openings even if
only one opening is required.
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
What’s Your Next Step?
This e-book was developed by ASSA ABLOY to take you from the
early development of this game-changing technology to today’s
latest offerings: fully integrated locksets that create a new standard
for performance, affordability and aesthetics. Looking for more
information? We want to help. Check the last page for the best
ways to contact us.
Let’s Define Our Terms:
IP-enabled
Any device designed to take advantage of existing network infrastructure
for advanced security and easier, more cost-effective installations.
Power over Ethernet
A technology that uses standard LAN infrastructure to deliver power
to network devices over the same cable used for network connection.
Wireless Access Control
Access control devices that connect wirelessly to access control software.
These devices may use proprietary or open wireless standards, and may
connect to an intermediary wireless gateway or hub.
WiFi Access Control Lockset
A lockset that connects directly to the IEEE 802.11 WiFi infrastructure of a
building. These devices do not require panels, hubs or gateways.
2
The Dawn of IT-Enabled
Network Security
Typically, legacy access control solutions are closed systems that
require hard-wiring several discrete components – card reader, lock,
door position switch, request to exit sensor, access control panel,
and power supply – with RS-485 cable into one central panel or
controller. These proprietary systems can limit the user’s choices to
a single provider of hardware and software. More challenging yet,
these solutions tend to be very complex and require expert
personnel to handle installation and configuration.
Conventional access control products and systems are normally
designed and optimized for large installations with many doors and
perhaps thousands of credentials (cardholders). The actual market
looks very different. According to Sales & Security Integrator gold report
(2013), the average installation consists of 10 doors and have about
128 credentials. Only about 20% of the installations have more than
10 doors. IP solutions are perfect for these applications due to their
lower initial hardware investment.

What’s more, expanding traditional systems is complicated – and

expensive. A typical central controller is built to accommodate
a specific number of doors – usually 4, 8, 16 or 32. That not only
makes the system inflexible but also makes it difficult for facilities
to match their requirements with available products – simply put,
if your access control project calls for 9 or 17 doors, you’re going to
pay for more capacity than you need.

This lack of flexibility translates into high initial costs, which can
reduce the total number of doors you’re able to secure during an
initial deployment. The ability to add more openings in the future
depends on proximity to the currently deployed hardware. An
opening on another floor, for example, may not be cost effective,
due to the point to point wiring requirements of these systems.

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 3
The Move to IP
We’ve seen how legacy access control systems can be expensive,
inflexible and labor-intensive. Now let’s look closer at some of the
benefits of an IP-enabled approach.
• I P lets you leverage existing infrastructure – Because it uses the
existing IEEE 802.3af or 802.11 infrastructure, IP eliminates the
need for additional power supplies or wiring.
• I P is easy to install – Because cabling is reduced to a minimum,
the entire installation process is streamlined and cost is reduced.
• IP is flexible – Open architecture ensures future flexibility to meet
changing needs.
• I P is scalable – From adding a single door in a small office to
integrating a large-scale facility, IP is an ideal fit for small and
large installations alike.
• IP is standards-based – IP solutions are based on international
industry standards. That means the ability to pick and choose
between components – reader, door controller and software –
that best satisfy your needs and preferences. This freedom of
choice makes the system future-proof and means you no longer
have to rely on a single brand or supplier.
• I P is secure – Data security is ensured through standard
encryption techniques (AES 128-bit encryption) and WiFi
solutions support current WiFi network security standards.
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
Leverage Your Existing Infrastructure
If you’re like most building owners, you’re constantly evaluating how to
get the most value out of your existing IT and security investments.
When should you consider leveraging your existing IT infrastructure?
This approach is ideal when:
• There is limited security infrastructure available
• There is good WiFi coverage available
• There is PoE-enabled network infrastructure available
• A site has network connectivity to other company locations
The Power of IP
• Uses existing IT infrastructure to simplify installation and expand
access control easily and affordably
• Reduces costs and installation time by integrating discrete
access control components into the lock or other device
• Integrates with industry leading access control partner software
• Operates regardless of network status
• M
 odular design enables simplified adoption of changing
network requirements
• U
 ser-friendly tool sets enable easy implementation of software
feature upgrades
4
Wired or Wireless? How to
Choose Your Best Solution
You have a choice of two approachesPower over
to take Ethernet System
advantage of your McKinney
EAC Server
existing network infrastructure for advanced security and easier, PoE-compatible
Ethernet Hinge

more cost-effective installations. Internal

Building
Network
Power over Network cable
Ethernet through raceway
switch
(120VAC)

Power over Ethernet System WiFi System

McKinney
EAC Server PoE-compatible EAC Server
Ethernet Hinge

Internal Internal
Building Building
Network Network
Power over Network cable WiFi Access
Ethernet through raceway Point
switch (IEEE 802.11b/g/n)
(120VAC)

Uses 86% less energy than a traditional Uses 99% less energy than a traditional
UTION
SOL
LE
AB
A S U STA I N

WiFi System
electromagnetic locking system electromagnetic locking system
INGS
S AV

®
GY

ER
EAC Server CE RTIFIE D EN

Internal
Building
Network
WiFi Access
Point
(IEEE 802.11b/g/n)

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 5
Wired or Wireless? How to
Choose Your Best Solution
Power over Ethernet (PoE)
Access Control Solutions:
One Network Cable Does It All
PoE Access Control Solutions use your LAN for both power
and data, eliminating the need for any additional power supply
or electrical wiring. Utilizing IEEE 802.3af (PoE) infrastructure
streamlines the installation process, reduces costs, and enables
real-time communication.
ASSA ABLOY Group companies offer multiple 802.3af (PoE)
compliant solutions designed to meet your needs — whether
you are securing a single building or an entire campus. Both
SARGENT and CORBIN RUSSWIN solutions are offered in exit
device, mortise and cylindrical lock configurations, and
provide online access control to ensure the safety of the
facility and its inhabitants.
True PoE vs. PoE-Compatible
The term “PoE” has become very familiar in the industry. However, it
is sometimes used by different people to mean different things. True
PoE devices, such as locks, connect directly and easily to a network via
a server. Some other devices that are called “PoE” can operate on a PoE
network but don’t offer the same level of cost savings and efficiency
as a fully integrated PoE solution – these devices should rightfully be
called “PoE-compatible.” With a PoE-compatible device, PoE network
connectivity goes only as far as the edge device and typically stops before
reaching the locking solution. A truly integrated PoE solution is comprised
of a single device and uses Ethernet cabling directly to the lock.
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
Intelligent WiFi
Access Control Solutions:
No Wires to Pull
ASSA ABLOY offers WiFi locks and exit devices that significantly
reduce installation time by leveraging an existing WiFi network,
even in locations where it would be difficult or cost-prohibitive to
install a wired lock. With no wires to run, installation is as simple as
installing the device on the door and configuring it to communicate
with the wireless network. ASSA ABLOY offers a range of IEEE
802.11b/g/n WiFi-enabled solutions designed to meet your needs –
whether you are securing a single building or an entire campus.
WiFi locks and exit devices provide complete access control in
locations where it would be difficult or cost-prohibitive to install
a wired lock. With no wires to run, installation time is significantly
reduced – simply install the device on the door and configure it to
communicate with the wireless network.
The most common wireless standard for wireless local area
networks (WLAN) is IEEE 802.11. While there are also other
standards as well as proprietary technologies, the benefit of the
802.11 wireless standards is that they all operate in a license-free
spectrum, which means there is no license fee associated with
setting up and operating the network. The most relevant
extensions of the standards are 802.11b, 802.11g and 802.11n.
6
Wired or Wireless? How to
Choose Your Best Solution
PoE Features WiFi Features
• The same real-time communication as traditional • Utilize 802.11b/g/n wireless communication
access control • Scheduled and user-initiated updates eliminate
• Real-time door status monitoring manual programming
• Configurable alarm notification • Real-time door status monitoring
• Local decision making • Real-time, configurable alarm notification
• Compatibility with a variety of openings • Local decision making
• Built on proven ANSI/BHMA Grade 1 lock platform • Advanced data security with standard encryption techniques
• Broad range of finishes and decorative levers - WEP
- WPA/WPA2
• 2,400/10,000* users supported; 10,000 event - 802.1x (e.g., EAP, PEAP, PAP)
transaction history
• Compatibility with a variety of openings
• HID® multiCLASS SE® technology provides heightened
security, supports multiple credential types, and enables • Built on ANSI/BHMA Grade 1 lock platform
HID Mobile Access® powered by Seos® • Broad range of finishes and decorative levers
• I ntegrates with a broad range of industry-leading access • 2,400/10,000* users supported; 10,000 event transaction history
control systems • HID® multiCLASS SE® technology provides heightened security,
supports multiple credential types, and enables HID Mobile
Access® powered by Seos®
• Integrates with a broad range of industry-leading access
control systems
* Contact your access control system manufacturer for more information.

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 7
Wired or Wireless? How to
Choose Your Best Solution
OFFICE / WAREHOUSE EXAMPLE Ideal applications
for PoE:
Exterior
Storage • Mission critical openings
Office Office

Conference / Training Room Finance Employee

• Secondary entrance doors
Records Will Call
Entrance
• Compliance and privacy in
record keeping areas
Server
Storage Room • High value asset areas
Exterior • Classrooms
Open Office
Reception / Waiting
Main

Entrance
Warehouse Ideal applications
Employee for WiFi:
Files

• Classrooms
Men Women
• Offices

Office Office Office

• Residence halls
• Controlled public spaces

PoE WiFi

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 8
Success Stories
IP technology is becoming well known in the access control industry
thanks to some recent success stories:
IP cameras:
First developed by Axis Communications, the global market leader
in network video, IP-enabled cameras replace analog CCTV cameras.
“As their name implies, CCTV images are only available to a closed
group in the security department,” explains Scott Dunn, Director
of Business Development for North America at Axis. “IP-based
intelligent cameras make the video available to everyone
throughout the enterprise for multiple uses.”
“With so many parts of the organization having a stake in security and
operational efficiency, it’s easy to understand the value of that,” Dunn
says. “IP-based intelligent cameras have become widely accepted in the
enterprise space.”
Among the benefits of IP cameras:
• Scalability – can add one camera at a time
• Future proofing – open architecture, best of breed solutions
• Cost-effectiveness – as technology develops, today’s cameras
stream at high definition using less bandwidth
• Image quality – resolution up to 4K
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
“With 4K cameras now on the consumer market and being released in
the professional security space at competitive prices, there’s no reason to
accept old analog technology for a critical surveillance application where
you’re protecting lives and property,” Dunn concludes.
Edge panels:
A common sight in today’s enterprise network, single-door access
control panels like the EDGE EVO® EH400-K and ESH400-K networked
controllers from HID Global, an ASSA ABLOY Group company, is a
PoE-enabled device allowing for power and connectivity through
one connection. These devices are enabled by a variety of software
solutions (EH400-K) from HID partners for multi-door systems, or in a
single-door environment (ESH400-K) utilize an embedded web-based
user interface, so no external software is required. Remotely managed
using a standard web browser, they provide the ability to power all
devices around the door, significantly reducing total door installation
costs by removing the need to install a separate power supply.
“Edge panels bring intelligence out to the door,” says Damon Dageenakis,
Product Marketing Manager for HID Global. “As the price of memory
drops and processors get faster and more affordable, it has become much
easier for manufacturers to put intelligence into their edge devices.”
These innovative solutions have unquestionably changed the rules
of access control by utilizing existing network technology. But
total access control systems have not been able to fully exploit the
advantages of IP – until now.
9
IP-Enabled Q&A
As with any new technology, IP-enabled access control raises a
number of questions in the user’s mind. Here are some of the
most common:
Q: I ’m comfortable with my legacy system, and I depend on it.
How do I know I can rely on PoE to power these critical security
systems?
A: As with all IT-based infrastructure, PoE is designed for maximum
uptime. PoE can be implemented with battery backup to ensure
the devices continue to function even in the event of a power
loss. PoE’s reliability is proving itself every day on other critical
security devices, such as IP cameras.
Q: U
 nder our existing system, my team is responsible for access
control, and that’s how I like it. If I make the move to an
IP-enabled system, will I have to share or cede responsibility to
the IT department?
IT groups have developed standards over time much like a
security group. While these standards may seem difficult
to achieve, they are in place for the same reasons as your
own security standards: ease of troubleshooting, maximum
performance, maximum reliability and minimum cost.
Q: This sounds good, but I’m not sure it’s right for every access
control application in my facility. What about security at the
perimeter of the building?
A: While PoE integrated devices are intended to help you
control more openings in your facility, they are not a
one-size-fits-all solution. PoE locksets work best on standard
interior access openings that require real-time reporting and
updating, and on infrequently used perimeter openings
(see “Facility Challenges” on page 11).

A: As the security industry changes, security departments will be

asked to work closely with IT. This collaboration will lead to lower
costs and higher functioning access control systems. Explains
HID Global’s Dageenakis, “Collaboration with the IT group only
enhances the capabilities of the security group. It may also allow
the security group more time to focus on its core mission.”

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 10
What’s the Impact on Your
Network? Facts for IT
“Security” Virtual Local Area Network (VLAN): A common practice Fallback Operation
(though not required) with IP-based security products is the In the event of a network outage, the locks will continue to operate
creation of a “security” VLAN, which in most cases only consists of using a locally-stored database from the last contact with the server.
the IP locks and their associated server. When creating the VLAN, a While the network is down, updates to the lock and transmission
unique SSID is created and tied to the “security” VLAN. This practice of event records or alarm notifications are not possible. Failure
allows for the VLAN to be administered separately, helping alleviate of communication will be reported to the access control system
issues related to changing wireless keys or encryption types. administrator based on conditions set in the access control system.
When communication is restored all logged events will be sent to
Operation the access control system.
PoE – During initial power up, ASSA ABLOY PoE locksets establish
a connection and begin communication with the server. The PoE
lockset transmits 5k - 10k of data spaced out over the course of a
24-hour period. It remains online at all times as a standard Ethernet
connected device. This data transmission also includes typical daily
management tasks.

WiFi – ASSA ABLOY WiFi locks are configurable to connect to the

facility’s wireless network as often as needed by the user. At each
connection, the radio is powered up, and the lockset associates with
the wireless network. During this time, the lock transmits/receives
5k - 10k of data to/from the server. During the periods of time it is
not communicating with the server, the wireless radio is powered
down, disconnecting it from the wireless network completely.

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 11
Facility Challenges
For all its advantages, IP-enabled access control might not be the
best solution for every application in your facility. Here are a few
alternatives to consider:
Application: ADA Openings with a Power Operator
Challenges: ADA openings with a power operator require many parts
to interact with one another and work in specific timing. They may
also require remotely mounted readers and the ability to activate or
deactivate push plates by time of day or access type.
ASSA ABLOY recommends: These openings are best served with a
traditional access control panel paired with HID SE based readers and
an electric latch retraction exit device like the SARGENT 56-
or a strike like the HES 9600.
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
Application: Front Entry Doors
Challenges: Front entries can be challenging for many reasons,
including volume of traffic, number of users, and the need to set the
opening into a push/pull style passage mode.
ASSA ABLOY recommends: Front entry doors can often be served
well with a traditional access control panel paired with device like
the Harmony 56- option. The traditional panel and standard Wiegand
output reader allow large user populations, while the 56- option
helps to support large traffic volumes and push/pull style passage
mode.
12
Product Focus
The next generation of WiFi Access Control Best of Breed: the IN120 WiFi Lock
Now, you can leverage your IT infrastructure to reduce the cost and Available from ASSA ABLOY
complexity of installing access control. Take it to the next level with Group brands CORBIN RUSSWIN
intelligent access control, innovative technology, and inspired design. and SARGENT, the IN120 WiFi
lock offers the ease and flexibility
ASSA ABLOY IP-enabled access control solutions take advantage of of WiFi in a new streamlined
a facility’s current or planned network infrastructure (whether it’s design, setting a new standard
wired or wireless) to provide advanced security and easier, more for aesthetics and performance.
cost-effective installations. The IN120 uses 802.11 WiFi
infrastructure and a flexible
feature set for easier, more cost-
• HID® multiCLASS SE® technology provides heightened security,
effective installations, allowing
supports multiple credential types, and enables HID Mobile Access® facilities to expand access
powered by Seos® control coverage to more doors.
• IP-enabled solutions use existing IT infrastructure to simplify
installation and expand access control easily and affordably
Featuring multiCLASS SE®
• Integrated locks reduce costs and installation time by integrating technology from HID Global®,
discreet access control components into a single unit it supports heightened identity
security and multiple credentials,
• Integration with industry leading access control partner software including mobile phones
provides flexibility supported by HID Mobile
Access®. Available in mortise
• Local decision making ensures operation regardless of network status
For the same sleek design with the lock, cylindrical lock, and exit
• Modular design enables simplified adoption of changing real-time communication and energy device configurations, the IN120
network requirements efficiency of PoE, check out the IN220 comes in your choice of black or
Power over Ethernet lock. white reader, and a broad range
• User-friendly tool sets enable easy implementation of software of finishes and levers.
feature upgrades

IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps 13
Next Steps
Ready to learn more? ASSA ABLOY Door Security Solutions sales
and specification consultants, integrated solutions specialists, and
electromechanical specialists are available nationwide to help
you. We will work with your team to understand your security
requirements, identify a comprehensive solution, and incorporate
the flexibility to accommodate emerging technologies and the
evolving needs of your organization. Find out how you can increase
your facility’s level of security while still staying within budget.
Sign up for a free consultation with one of our Integrated
Solutions Specialists today.
Request a free consultation
For additional information on choosing the right level of door
security for your facility, check out these resources:
www.intelligentopenings.com/SecurityContinuum
Access Control System Planning Guide
IT Security Redefined | The Dawn of IT | The Move to IP | Wired or Wireless? | Success Stories | IP-Enabled Q&A | Facts for IT | Facility Challenges | Product Focus | Next Steps
About ASSA ABLOY
ASSA ABLOY is the global leader in door opening solutions,
dedicated to satisfying end-user needs for security, safety and
convenience. ASSA ABLOY Door Security Solutions combines the
expertise of the industry’s most knowledgeable door opening
experts with the comprehensive product offering of leading door
and hardware brands to provide complete solutions to partners
and end-users in commercial, retail, multi-family, government
and institutional facilities. Coupling innovative technologies
with insight on specifications, design, support, training and
code compliance, ASSA ABLOY Door Security Solutions works
closely with the architectural, security, facilities and integrator
communities to address the many challenges they encounter
serving and securing their customers.
Contact us
ASSA ABLOY Door Security Solutions
110 Sargent Drive
New Haven, CT 06511
www.assaabloydss.com
Copyright © 2017 ASSA ABLOY Sales and Marketing Group Inc.; all rights reserved.
Reproduction in whole or in part without the express written permission of
ASSA ABLOY Sales and Marketing Group Inc. is prohibited.
Connect with ASSA ABLOY
14