The Open-Standards Solution
IP-centric security offers several options for system integration
- By John Honovich
- Dec 01, 2008
Perhaps the most exciting aspect of security’s convergence with information technology is the arrival of open standards. For far too long, security systems have been dominated by proprietary equipment. This constrained the scope of product choice and limited what users could achieve with their security systems.
Open standards aim to eliminate those constraints. By freeing users to choose what they want and how they want their systems to work together, standards not only lower costs but improve security operations.
Getting there will not be easy.Two major challenges exist: First, almost all large organizations have significant deployments of legacy systems that are generally quite proprietary. Designing them into an open standards-based system is difficult. Second, while some open standards can be used for security systems, large and important gaps exist that have an impact on system designs. While these gaps are slowly closing, they need to be factored in.
|
What IT Wants
The corporate IP network will serve as the common platform for sharing information among your security systems. Indeed, almost all organizations are already doing this with at least some of their systems. Access control panels are connected to back-end servers by IP. DVRs or IP cameras are connected to your monitoring centers the same way.
Still, once the task turns to networking, the IT department, by necessity, must be involved. Therefore, security officers must be prepared to ensure the following three primary elements:
• Information Security: IT will need to verify that the systems you plan to add meet information security standards (like antivirus support). Today’s security systems generally meet or exceed the standards set by IT. However, you should facilitate communication between your prospective vendors and your IT department prior to purchase to ensure compatibility.
• IP address assignment: Each security device that you want to communicate on the network will require an IP address. This generally is not a significant problem. Contrary to public perception, most corporations are not running out of IP addresses. Corporations almost always use private IP addresses that are practically unlimited. Nevertheless, IT will absolutely need to plan the allocation, so be up front about how many addresses you will need per location.
• Bandwidth: All security systems except for video require minimal bandwidth. IT will generally want to verify but this should be simple and straightforward. Even allocations of bandwidth for video are readily achievable if you are using a DVR.
Once IT approves your plan and allows your systems to be connected to an IP network, the mission is accomplished. You will be capable of communicating with all of your systems, and any one of your systems will be able to communicate with another. |
What's a Standard?
A standard is a way of doing things that all parties agree to follow. The width of highway lanes is an example. All municipalities use the same width. In the famous Seinfeld episode when Kramer decides to widen the lanes for “comfort cruising,” the result is not only comedy but obviously chaos for drivers. Unfortunately, today’s security systems can often resemble Kramer’s approach.
In IT, one of the most important standards is the Internet Protocol. IP ensures that any message sent from any computer can be received by another computer using IP. And since essentially every computer uses IP today, it ensures they can all communicate together. IP is the key element in allowing all security systems to use a single communication system.
IP makes sure the message is delivered but it does not guarantee that the message can be understood. It has often been compared to the postal system. If you follow the correct format for addressing and stamping a letter, your intended recipient will get it. However, if your letter is in a language that the recipient does not understand, you have a problem.
So while IP is great for moving information across networks, you still need a standard to ensure the information can be understood. This is true whether you are speaking to a friend or your access control system is sending requests to your video surveillance system.
Unfortunately, today no standard exists for one security system to speak to another. A movement is now under way to rectify this problem, but it will take at least a few years to deliver widely adoptable standards.
We definitely can benefit from IP as a fundamental standard, but we have to work around the lack of a standard for sharing information between our security systems.
Being Open
All is not lost, because even without an information- sharing standard, if manufacturers decide to open up, we can design and deliver open systems that significantly improve security operations.
Returning to the analogy of the letter written in another language, the sender can include a dictionary (like those pocket Spanish-to-English ones) to overcome the lack of a standard way to communicate. Then the recipient can translate and understand the letter. For software systems, including those tools is becoming common in security: such a dictionary is called a software development kit.
Even if a system does not adhere to a standard, an SDK can allow systems to be open to one another. If you can access the SDK of your video surveillance system, you may be able to get it to communicate with your intrusion detection system so they can work together, say, to display live video of a burglar who triggers a motion sensor.
In this fashion, any system can be “open.” It’s the manufacturer’s choice to develop and provide an SDK so its products can work with other products. Using IP as a standard and obtaining SDKs to open communication between security systems is one way to design open standards-based systems.
All Together Now
The ultimate goal of open standards-based designs is to make all systems work together to reduce costs and improve the effectiveness of security operations.
Three general approaches exist. In each approach, a different system acts as the hub to manage and coordinate all the other security systems. While they all take advantage of openness and use SDKs, they differ in how they communicate with other systems. They provide various levels of functionality and power at different costs and complexity.
|
What is an API?
Techies and manufacturers often like to talk about application programming interfaces. APIs simply are the computing mechanisms that allow one system to talk with another system.
A manufacturer needs to have a publicly available API to integrate systems. The good thing is that almost every manufacturer today has an API. APIs can vary in technical implementations, but most are close enough that any integration can be performed. Technical variances may cause integrations to take somewhat more time, but this is usually not a major issue.
APIs and SDKs are tightly related. SDKs are essentially the documents that explain how APIs work. Indeed, they are so tightly related that the terms are commonly used interchangeably. To perform an integration, you need both; they are almost always available as a package. |
PSIM as the hub (Figure 1). The most elegant yet costly approach is to deploy a physical security information management application to integrate and manage all existing security systems. The PSIM application is designed to work with dozens of different manufacturers’ video, access, fire and intrusion systems. Even more importantly, PSIM applications are generally developed by independent manufacturers who are not motivated to promote any vendors’ products (see sidebar, “How Open is Open?”). As such, PSIM vendors strive to support as many systems as possible, maximizing the probability that all of your legacy systems will work with your new systems.
PSIM is a growing segment with a number of early stage companies. Among the most well known are CNL, Proximex, Orsus and Vidsys. Because they are all young companies, you should carefully check references and conduct due diligence on the overall cost and complexity of implementing any of their products in your organization.
The PSIM application becomes the front end for your security operators. It gathers information from all of your security systems and displays them in a common operating picture.The PSIM also allows rules to be defined to help operators quickly and effectively respond to security incidents.
The PSIM application is deployed on a server in your network and communicates with your security systems. Using SDKs, the PSIM vendors write adapters to speak with your security systems. Often, they are already available. However, sometimes the PSIM vendor will have to build an adapter to support your specific type of system.
The chief downside is that it can potentially cost millions of dollars to build an effective PSIM-based solution.
Acess Control as the Hub (Figure 2). The most traditional way to integrate security systems is to use your existing access control system as the information hub. For years, access control systems have been providing support to communicate with fire, intrusion and video systems. Your access control system becomes the main user interface for your security operators.
Almost all access control vendors, including AMAG, General Electric, Honeywell, Software House and Lenel, provide integration to a variety of security subsystems. Your first step should be to talk with your existing access control vendor about what specific functionalities and thirdparty systems they support.
Using your access control system is less flexible but also is less expensive than a PSIM application. Access control systems tend to support a limited number of security systems. They also tend to favor systems that the access control system vendor manufactures. Either of these elements could block you from building an open solution that integrates all of your systems. However, on the positive side, using your access control system is generally fairly inexpensive and can be accomplished for $10,000 to less than $100,000.
Video Management as the Hub (Figure 3). An emerging approach is the use of your video management system as the information hub to connect all of your security systems. None of these offerings are very sophisticated, but if you only need very limited integration (say, only with your access control system), using the video management system as the hub could provide a very user-friendly and inexpensive means for integration.
|
How Open is Open?
Just because any manufacturer can be open does not mean that every manufacturer is open. On the contrary, most manufacturers still can be pretty controlling on opening up to other manufacturers’ systems.
Manufacturers are motivated to maximize their sales of security systems. Because many manufacturers offer intrusion, access control and video systems, they would certainly benefit if you simply purchased all your systems from them. Then, you would not need any third-party integration, and they could simply sell you the entire solution.
In the past, it was very common for manufacturers to tightly constrain access to their SDKs. This is definitely changing as manufacturers embrace a more IP-centric philosophy. Nonetheless, real limits remain, and they vary by manufacturer.
It is essential, therefore, to always inquire and understand how open your manufacturer is to third-party integrations. Check by asking for a list of thirdparty products that are currently supported and how open their process is for performing new integrations. |
The video management vendors most focused today on providing PSIM-type functionalities include OnSSI, Verint and VideoNext.
The Future
Today, designing open standards-based systems requires some compromises and costs to accommodate the limited openness of the security systems available.
The good news is that the pressure and the momentum for openness are accelerating. Expect actual standards for security applications to significantly simplify and reduce the costs of designing open standards- based systems in the next three to five years.
In the meantime, ensure your systems run on IP networks and strongly consider which of the three options presented provide the highest value for you.
This article originally appeared in the December 2008 issue of Network-Centric Security.