Communicating security across network lines in
May 1, 2000 12:00 PM
ACCESS CONTROL & SECURITY SYSTEMS INTEGRATION STAFF
Several public companies in Medellin, Bogota and Cali combined in July of 1994 to form Emtelco, an electronic data transmission service company in Colombia. The goal of the consortium is to offer better telecommunications options.
In 1995, bids were taken and equipment was purchased for assembly of the first asynchronous transfer mode (ATM) public data network in Colombia. In October of 1997, the company announced its brand name, "Multi.net," dedicated to providing Internet services.
Two years after the company was founded, Emtelco began to think about implementing a comprehensive security system. The company's high investments in its telecommunications project necessitated stringent security measures. Emtelco sought a security network that would make use of the communication channels employed in the company's data transmission services.
Control Systems Communicaciones (CSC) won the bid to provide the security system. Emtelco chose Control Systems because its proposal satisfied the requirement to use the company's own communication channels, and the price of the system was reasonable.
The project consisted of establishing a control and supervision station to monitor the remote areas that host the main nodes of Emtelco's telecommunication operations. According to Carlos Eduardo Martinez, an engineer at CSC, the system uses conventional security equipment, controlled via Emtelco's communication channels.
System components Distances between each remote site vary between 12 to 62 miles, according to Martinez, who has more than 30 years experience in electronic engineering. Two remote sites are located in the mountainous areas around Bogota, ideal sites for establishing communication links to and from any part of the country.
In these remote sites, where Emtelco maintains crucial equipment, the company installed:
* access control
* intrusion detection
* closed circuit television (CCTV)
* networking equipment.
The initial security system specification required that both the remote and central sites should maintain communication of closed circuit television and other subsystems in digital channels of 256 Kbits per second, through a frame delay cloud which could be accessed through local networks, like Ethernet, and wide band with TCP/IP protocol.
The CCTV system in each remote site is comprised of several Gyyr cameras and FT2004T transmitters; LRS-2 communication servers, from Lantronics, and one remote Boundary Router, manufactured by 3-COM.
WSE DR4205 proximity readers and SE 422 door controllers are part of the access control system. Currently, approximately 200 employees use Quadra proximity key cards. A WSE CI-8 data multiplexer permits connection of several access controllers. There are up to 32 alarm points connected to an MI-RO input/output device, manufactured by WSE.
Far from fire and intruders The fire detection subsystem plays an important role, especially in the remote areas where there is no personnel to be notified in the event of fire. Even though all alarms are monitored from the control station, smoke or heat can be detected at each individual site by a system that integrates up to 32 smoke detectors and a EST-2 panel, manufactured by Edwards Systems Technology (EST).
To combat intrusion, Emtelco utilizes conventional volumetric detectors, which can detect the presence of intruders and notify shift operators.
All in one All elements interrelate effectively at the control station, located in a commercial area of the Colombian capital. The main server can detect when a door is opened, or a camera moves or there is movement outside.
The main site has the same security systems as the remote sites, but on a larger scale. It also has aWSE central security server. It uses the UNIX operating system which permits multitask and multi-user operation.
Communication was implemented between each of the remote sites and the main site via permanent virtual circuits within the frame relay cloud.
"A virtual circuit is established combining physical lines and the transient message storage, communicated from one extreme to the other within the memory of the communication equipment. The circuit is virtual and not totally physical," he says. The configuration of the system closely follows the standard network architecture model, comprised of layers that are capable of fully handling their work independent from all others.
"This is why there is a physical level, with different electronic components; at the connection level there is Emtelco's frame relay; and at the network level there is the Internet protocol (IP) implemented by the Routers, from 3-COM," says Martinez. At the transport level, there is the TCP protocol, implemented between the communications servers at the remote sites, and the central communication servers at the central site. These are LRS2 communications servers, from Lantronics.
Two other levels are added to these: a session level, with a Telnet type protocol between the CCTV transmitters and receivers, and an application level, where the program WSE NexSentry Command Center program is located, at the central site and communicating with all peripherals through the WAN network.
"The main advantage is the presence of a network with the capacity to send information other than conventional data, such as CCTV signals, with remarkably high transmission quality," he said.
A practical example To illustrate how the system works, Martinez gives an example of a proximity reader placed in a remote site to which the following IP address: ppp.sss.ttt.ccc has been assigned. The user presents a Quadra proximity card to a model DR4205 proximity reader. The main server has been programmed for central processing instead of distributed processing.
The remote access controller SE 422 to which the reader is connected sends the key code to the main server. At this point the following actions take place: The access controller then sends the key code to the communications server LRS 2 via the RS-232 port of the FT 2004T transmitter associated with it. The communications server sends the information from the reader into the LAN using TCP/IP protocol.
The router, with remote address ppp.sss.ttt.ccc, takes the packet containing the key code and selects the Frame Delay channel on its V.35 WAN interface. The packet containing the key code, plus the protocol overhead at the application level, travels through the WAN and reaches the central router, with IP address ppp.sss.ttt.ccc. The router delivers the package to the corresponding communications server, which receives the information from the remote site through the LAN Ethernet hub. The communications server delivers the key code plus the application overhead to its attached FT 2004R receiver. Through its port, the receiver delivers the key code to the CI-8 data multiplexer, which delivers the code and application overhead to the security server through a DIGIMUX interface.
The security server application checks its database to see what should be done with the information just received. Through a process similar to that described above, the server sends to the access controller the necessary instructions to grant or deny access to the Quadra key user.
GYYR transmitters and receivers, adds Martinez, receive all the information - access control, intrusion, energy management, fire detection and lighting control - in exactly the same manner, via their RS-232 ports. Video information is treated equally, but through BNC ports.
The company plans to upgrade the system by implementing a LINUX platform, possibly in one or two years, which will make the project even more effective.
"The future will be prosperous for this field, especially since we depend on electronic services more and more. The solution designed by CSC doesnot guarantee 100 percent security but, at least the risks have been reduced by approximately 80 percent," states Martinez.