Axis Communications A1001 Network Door Controller: Redefining Access Control
Axis Communications has applied the technology that revolutionized the surveillance industry for access control and introduced the first IP network door controller. In the process, they seem to have stripped access control down to its foundation and kept all the things we love about it, discarded the things we hate, and added features that we didn’t even know we wanted. The result is a fairly plain white housing that hides a package that can do things that will turn the industry on its head and make competitors scramble to catch up.
On the hardware side, there’s not much to the Axis Communications A1001 Network Door Controller, but it’s not what it has that sets it apart—it’s what it doesn’t have. Let’s do an Access Control 101 primer, to provide some context. In a traditional system, you will have a computer running the control software. The computer is connected to a control panel, wires run from the control panel to the doors (or sub-panels if there are a lot of doors), which would then be wired to keypads, card readers, or other control points. From these control points, door lock relays and other peripherals would be wired to release their doors. All of this software and hardware between the computer and the keypad will all be made by the manufacturer and will ONLY work with that particular manufacturer’s other hardware and software. The control panel will come pre-wired for a set number of doors, usually in 8-door blocks, much like traditional surveillance DVRs. If you had 10 doors, you’d have to buy a 16-door system and not use six, or purchase an 8-door panel and be forced to decide which doors wouldn’t be allowed on the system. What this translates to is that the customer is locked into a single manufacturer for the life of the system. If that manufacturer didn’t offer a piece of hardware that you really wanted, you were just out of luck. When the installation happened, you’d be running individual lengths of wire from the control panel to every door, adding cost in material and labor. All the peripherals such as keypads, locks, and relays would need their own power supplies and battery backups if you wanted the system to be secure in the event of a power outage.
That was then. Now there’s the A1001. To start with, the A1001 isn’t hard-wired to a computer. It’s installed at the door, and is Plenum-rated so it’s safe to go above a drop ceiling and out of sight. It’s wired to a Power-over-Ethernet (PoE) switch with a single Cat5 Ethernet cable, and from the switch to a router. This means that instead of multiple lengths of wire, the installer just has to run a single cable, saving time and money. The power from the switch, in turn, powers all the peripherals, further eliminating additional power supplies and cutting costs even more. It supports Uninterrupted Power Supplies (UPS), so a single battery backup positioned at the PoE switch ensures that in the event of a blackout, the access control system will continue to function.
"...it’s not what it has that sets it apart—it’s what it doesn’t have."
Additionally, the entire software suite is an open, non-proprietary platform. This encourages use by other manufactures and designers to use the platform to expand on its capabilities. Axis also went to the ONVIF council and added IP access control to their sphere of influence. Now the entire ONVIF community will have access to the platform to use and develop add-ons, interfaces, and hardware that will all work together. This removes the proprietary monopoly on access control and opens the playing field up for true innovation and advances.
So far, we’ve seen how the decentralized controller will save money in installation costs and can be used with the best hardware for your needs instead of only whatever is offered by a single company. But there’s more to it. A single A1001 can control two doors. This allows you to maximize your door coverage without sacrificing anything, or spending too much on panels that are too large for your needs. Not only will it unlock two doors independently of each other, it can have separate door readers or other control points for each door. This creates completely separate access control for the two doors. And since the software is carried in the unit itself and is easily networked with multiple units, each A1001 becomes a backup for the others.
In a conventional system, if the computer running the access control software or the control panel experiences an issue, the entire system goes down, and none of the doors will work. The A1001’s decentralized structure makes this issue largely a thing of the past. Since the software lives on the door controller itself, if there’s a network failure, it will continue running normally, because all the user information settings are stored locally. And if a single unit goes down, the rest of doors are still secure. Not having a network connection will simply make it impossible for system administrators to access the unit. While this may be an inconvenience, at least the doors are working normally, and not just letting anyone in and out.
Setup and Wiring
Right off the bat, accessing the control software is all new. Instead of having a software suite loaded onto a computer, you simply access the unit via the Internet using any browser, such as Internet Explorer, Chrome, Safari, or Firefox. Traditional access systems were all Windows-based, so this feature frees Mac users from having to purchase a separate computer running an odd OS. Configuring the hardware to work with the software is quick and can be pre-configured before installation, reducing the amount of time installers spend on site.
A hardware-configuration wizard walks you through the initial set-up process. Choose the properties that apply to the door hardware you’re using and the wizard will configure the system. With the system configured for the type of access you want and the devices you’re using, the system will generate a detailed wiring diagram for the installer, based on the information entered. This further reduces installation time and inconvenience to personnel who would need to navigate around ladders and laptops. With the wiring guide printed, the installer can be confident that what he is doing will make the system work without time consuming troubleshooting after wiring is complete.
With the locks and readers wired and the system running, you’re ready to see what the A1001 can do. Let’s start with the locks. Wire a door contact to the door to monitor the status of the door—open or closed. With that monitoring, you can customize the way the lock reacts to the Open command from the reader. You can choose to have the door lock immediately after it opens. This means that as soon as the door closes, it’s locked. Or you can set a period of time for the lock to remain open after granting access. The door will remain unlocked until it has been opened and will lock when it closes, regardless of whether the access time has expired or not. If the door remains unopened, it locks when the set access time has been reached. Each of these options has its uses, depending on the situation.
To accompany these lock features are alarms:
- Open too long time (OTLT): The number of seconds the door is allowed to stay open. If the door is still open when the OTLT has been reached, an alarm is triggered. The exact nature of the alarm options will be discussed below.
- Pre-alarm time: A pre-alarm is a warning signal that is triggered before the OTLT has been reached. It alerts whoever is monitoring the system and, depending on how the alarm has been set up, it can also warn the person entering the door that the door needs to be closed or the real OTLT alarm will sound.
- Pre-lock signal time: A warning signal is triggered before the door locks. It tells the person monitoring the system, and/or the person entering the door that the door will lock soon. Set the number of seconds before the door locks the system to activate the pre-lock warning signal.
- Door-forced-open alarm: An alarm is tripped when the door contact detects that the door has been opened, without the system granting access. Again, the nature of this alarm will be dealt with below.
Let’s say you’ve been granted access, you’re in the room, and the door is closed and locked. What happens when you want to leave? You have options here as well. You can wire REX (Request to Exit) devices like PIR motion detectors, buttons, or push bars. You can also wire another reader for higher security. Yet another option is to program “Require Manual Unlock.” This will have the door remain locked until the user manually unlocks and opens the door. A “door-forced-open alarm” will not be triggered as long as the user opens the door within the allotted access time.
At any point during the installation process, or later on for maintenance purposes, you can run a diagnostic report on the door and verify its current state (open or closed, locked or unlocked), manually trigger to open or close the lock, and obtain reports on the reader and REX usage.
The unit comes preloaded with commonly used schedules, such as weekday and weekend. You can also define your own schedule to tailor it to your specific needs. Depending on how secure you need your door, you have the choice of granting access from a single point, such as a card reader, or multiple ID types, such as a badge and PIN. For example, during normal hours an employee may only be required to swipe a card for access, but after hours they would need to swipe the card and enter a PIN. Access can also be completely denied at certain times when complete security is a priority. Schedules can be set up to be a single occurrence or repeating. A single occurrence might be for painters to have access afterhours for a single night. Repeating can be used as frequently as every day for the normal work hours, all the way to yearly for special holiday hours. If those painters need a week to finish the job, you can easily set start and end dates for their permissions.
Permissions are granted at a group level, and can be as broad as universal 24/7/365 access, or severely limited, such as for cleaning crews or interns who might require a very narrow window of access. Setting up groups and permissions is easy to do with a drag-and-drop interface for people, doors, permissions, and all other aspects of the process.
Of course, there are some situations where you may want a door locked only during certain times. A separate unlock schedule can keep the door unlocked during business hours, and automatically lock it at the end of the day. This eliminates the situation in which an office manager has driven all the way home, only to realize a door wasn’t locked, and is compelled to drive all the way back to lock it—or even worse, to make the trip back only to find out that it was already locked.
This brings us to the truly special part of the A1001. Since it’s a browser-based system, you can access it from any computer with an Internet connection. That office manager who couldn’t remember if the door had been locked? Now he or she can log into the A1001 from their home computer and immediately see the status of the door. Have someone who is coming in early to get a head start on a project but you still have to get the kids on the school bus? Log in and manually open the door for them. The connectivity works both ways. You can program notification emails to be sent automatically when a wide variety of logs, events, or alarms occur. This gives you real-time information when you’re away and lets you react quickly.
Logs, Alarms, Events, and Actions
Whenever a control point is used, like a card reader or REX device, it gets logged. This log is viewable by the administrator to keep track of what’s happening and when. Logged events can also be used to trigger an alarm. When an alarm occurs, it is entered into the alarm log. You can filter the events and alarms to search for specific things, such as times or employees. You can also tailor the log to your needs. If you don’t need a log for a door, disable the log for that point. Only interested in who goes in, but not when a REX is used to leave? Disable the REX log. Same goes for the alarm log. The selectable choices let you have as much logged information as you need or want.
"Events don’t have to be alarms, just things that happen."
Events don’t have to be alarms, just things that happen. Among events that you can program include settings being changed, control points removed (such as a reader being removed from the system), door configuration changed, or a door being added or removed from the system. These events can be set to simply be logged, or an action rule can be set up to notify the administrator.
Alarms can be set to trip when the door is operating in a way it’s not supposed to. An alarm can be triggered when the door is forced open, or when the system indicates the door is locked but the contact shows it open. These can indicate unauthorized activity and might require immediate action. Additional events and alarms can be caused when the control unit is opened or removed from the wall or the network connection is lost.
Actions are the system’s responses to events and alarms. There are several Output ports on the controller for wiring external devices to the system. These can be sirens, lights, or other types of relays to perform functions such as opening or closing a gate. The Output can also be wired to an alarm panel to integrate into a burglar system and provide central-station monitoring and law enforcement involvement when something occurs with the access control system.
An example of a program for an action rule would look something like this: The access schedule has locked the door for the night, and will not allow anyone access. The door contact detects that the door has been forced open. A signal is sent to one of the output ports to turn on the hallway lights, while another signal trips the alarm panel, which then sounds a siren and notifies the central station of an intruder. As this is happening, a notification email is automatically sent to an administrator, including the owner and managers.
Just as IP cameras changed the landscape of surveillance, the A1001 IP Door Controller is poised to change the access-control industry. The open non-proprietary platform and ONVIF support makes integration and use of the best hardware for the customer easy. Its single-cable installation reduces time and material costs during installation, and the ability to pre-configure the system reduces the amount of time the installer has to be on site. Decentralized architecture allows a single unit to stand alone for small applications, and be easily expanded and networked with other units to create an access-control system that is as big as you need it to be. Simple drag-and-drop programming makes it easy to set up, adjust, and change to adapt it to your changing needs. External appliances wired to the input and output ports lets you integrate the access control into a larger burglar system, and add layers to the operability and monitoring of the doors. And finally, the ability to access the system from any computer with an Internet connection saves time and money by having instant access to the status of the doors, locks, and the system with the ability to grant access without having to be physically on site.
The Future (in my opinion)
I believe we can expect IP cameras and NVRs to be seamlessly integrated a network access control system. I can easily imagine a point where instead of entering a PIN as a second form of ID for access, simply looking at a nearby HD IP camera will trigger a facial-recognition program on the NVR, which will verify identity. Or when an alarm is triggered, a PTZ camera will swing into action and automatically switch recording modes to 1080p as lights are turned on in the hallway for maximum-resolution color image capture. As ONVIF expands its sphere of influence, I’m sure we will also see integration with fire and burglar systems to create a multifaceted system that uses multiple technologies to provide level of security and peace of mind that couldn’t have been imagined a decade ago.
|Input/Output Connections||2 x Card reader data terminal block:
RS485 full duplex
RS485 half duplex
2 x Card reader I/O terminal block:
2 x four configurable I/O
Digital input: 0 to 40 VDC maximum
Digital output: 0 to 40 VDC maximum
Open drain: 100 mA maximum
1 x Auxiliary terminal block:
3.3 VDC output, 100 mA maximum
2 x configurable I/O
Digital input: 0 to 40 VDC maximum
Digital output: 0 to 40 VDC maximum
Open drain: 100 mA maximum
2 x Door connector terminal block:
For door monitors and Request to Exit (REX)
Digital input: 0 to 40 VDC maximum
|Network Connection||1 x RJ45 10/100 Ethernet port|
|Network Protocols||IPv4, HTTP, HTTPS, SSL/TLS, QoS layer 3 DiffServ, FTP, SMTP, Bonjour, UPnP, SNMPv1/v2c/v3 (MIB-II), DNS, DynDNS, NTP, RTSP, RTP, TCP, UDP, IGMP, RTCP, ICMP, DHCP, ARP, SOCKS|
|Security Protocol||Password protection, IP address filtering, HTTPS encryption, IEEE 802.1X network access control, Digest authentication, User access log|
|Power Input||Power-over-Ethernet IEEE 802.3af/802.3at Type 1 Class 3
10 - 30 VDC, 26 W maximum
|Power Output||Power-out and relay: 1 x 12 VDC, 500 mA maximum; 1 x solid-state relay 30 VDC, 700 mA maximum
Power-out lock: 2 x 12 VDC, 500 mA maximum
|Approvals||EN 55022 Class B, EN 50130-4, EN 61000-3-2, EN 61000-3-3, EN 55024, EN 61000-6-1, EN 61000-6-2, FCC Part 15 Subpart B Class B, ICES-003 Class B, C-tick AS/NZS CISPR22 Class B, VCCI Class B, IEC/EN/UL 60950-1, UL 294, UL 2043, EN 50581|
|Environmental||Operating temperature: 0 to 50°C (32 to 122°F)
Humidity: 20 to 85% non-condensing)
|Dimensions||7.1 x 7.1 x 1.8" (18.0 x 18.0 x 4.5 cm)|
|Weight||17.6 oz (500 g)|