Monday, June 22, 2009

Physical Access Control - The new way!

Historically, physical access controls have never run over IP networks, but now with Cisco in the game, the convergence for a complete physical access control solution over IP networks is now a reality.

The Cisco Physical Access Control solution is made up of both hardware and software
components. The Cisco Access Gateway connects door hardware (traditional readers and locks,
as well as the new Hi-O® hardware from Assa Abloy) to an IP network. In wired deployments, the device is capable of being powered by Power over Ethernet (PoE). It is also possible to connect to the gateway over a Wi-Fi 802.11a/b/g wireless link.

The diagram below depicts a typical Cisco PAC archtiecture:

Since there is a gateway for each door, access control can be deployed incrementally, door by
door. There is no central panel; this simplifies system design, wiring, and planning, resulting in
significant cost savings over legacy architectures. Additional modules can be connected to the
gateway, allowing for extensibility. All communication from and to the gateways is encrypted.
The Cisco Physical Access Control solution offers the following modules (in addition to the Access

  • Reader module: This module can connect to a complete set of door hardware, allowing an
    additional door to be controlled by the same gateway.

  • Input module: Eight supervised inputs can be connected to this module and controlled
    through the gateway.

  • Output module: Eight outputs can be connected to this module and controlled through the

A picture of Cisco's Integrated Access Control Gateway is shown below for reference:

Cisco Physical Security Manager (CPSM) is the software application used to manage the Cisco Access Gateways on the network. The Web-based software provisions, monitors, and controls all the access control gateways on the network. Role-based access control policies are supported for CPSM. You can create access control policies for N-person, two-door, anti-passback, etc.

CPSM also integrates with MS Active Directory, LDAP, and some HR databases.

CPSM is integrated with the Cisco Video Surveillance family of products, enabling an organization to associate cameras with doors, and to view video associated with access control events and alarms.

In addition to basic access control features, Cisco plans to integrate physical access control with
network security to provide a comprehensive solution that spans both areas of security, allowing
enterprises to:

  • Create and enforce policies so that network and application access is granted based on the
    physical location of employees
  • Provide wireless access only if employees have badged into a physical location.
  • Terminate an employee’s active VPN connection when that employee badges into a
    physical location
  • Change an employee’s privileges on the network based on entering or exiting a secure

There is no question that Cisco is accelerating convergence in the physical security industry. The move to integrate physical access control and network security is something I've been preaching for a while now, it will be interesting to see how this evolves over time. I'll keep you posted...

Stay secure,

-boni bruno