Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Factors to Consider When Choosing the Right Equipment for the Access Control System

Factors to Consider When Choosing the Right Equipment for the Access Control System

Blog Article Published: 03/10/2023

Written by Alex Vakulov

When building an access control system, the determining parameters are speed, reliability, and ease of use.

Modern access control system architecture

In modern access control systems, communication between controllers, user workstations, and the system server is often carried out via the Ethernet network. The Ethernet interface ensures high system operation reliability through standard IT solutions and the operation of all devices in a single address space using a single protocol. Ethernet also makes it possible to use Power over Ethernet technology, a convenient way of powering network devices, significantly simplifying the installation of access control equipment.

All controllers and PCs of the system work in a single information environment with a single database installed on the system server. A permanent connection between the controllers and the database is not required in this case. All the necessary access rights are transferred to the non-volatile memory of the controllers. Registered events are also stored there. You can set the operation algorithm, which allows the system to work offline for a long time without connecting to the server.

For example, Global anti-pass is supported through routing tables that are passed to all controllers in the system. Such settings allow you to build complex access control solutions taking into account zoning. In the event of a power outage, the routing table remains in the controller's memory without server support, and the entire system remains fully functional. When the connection with the system server is restored, the events are transferred to the database and can be backed up to the cloud.

The amount of memory is an important characteristic when ensuring the autonomous operation of the controller. For example, some modern controllers can store 50,000 users and 150,000 events in their memory.

To expand the system, it is not necessary to replace existing devices. You can just add new equipment to the Ethernet network. The high data transfer rate and parallel operation of all controllers make it possible to build security systems with no limit on the number of controllers, including those located in different buildings, districts of the city, and in different cities. The ability to simultaneously process many events ensures the correct operation of the system at the moments of concurrent operation of several devices.

The ability to connect second-level controllers to the main controller simplifies system expansion, which is especially important for large enterprises. The RS-485 communication interface can be used with the controllers of the second level, which allows you to significantly optimize the costs of expanding the system.

When choosing controllers for your access control system, an important parameter is the number of managed devices. Universal controllers, depending on the settings, can control turnstiles, barriers, locks, etc. Second-level controllers allow using just one network controller and manage access through a turnstile to the premises and to ten inner rooms using a lock or connect two turnstiles and eight door locks. So, second-level controllers help significantly reduce the cost of ACS implementation.

When choosing controllers, you should pay attention to the presence of multiple inputs/outputs for connecting additional equipment: video cameras, sensors, alarm devices, etc. The Fire Alarm input allows you to connect fire alarm devices and configure turnstile unlocking when a signal is received from fire alarm devices. When connecting a camera to the controller output, you can set the algorithm in which the camera starts recording when it receives a signal about an alarm event. Flood sensors can be connected to the controller input: when a particular water level is reached, upon a signal from the sensors, the turnstiles are unlocked for evacuation. Additional inputs and outputs also allow you to connect external verification devices, such as pyrometers, breathalyzers, and scales.

Controller as server

One of the main drivers of the access control market is the spread of web technologies. New advantages include the ability to work remotely using mobile devices while maintaining centralized administration.

New generation controllers make it possible to embed software and use the controller as a server. This architecture simplifies the implementation of the system and reduces its cost. Again, controllers are connected to the network via the Ethernet interface. The development of Internet technologies and channel bandwidth suggests that web technologies will soon replace the traditional approach to developing not only ACS software but also any system in general.

As more powerful controllers appear, all the ACS software features can be implemented inside them without installing a system server on a computer.

The web interface of controllers

The web interface allows you to connect to the controllers directly from a computer using secure communication channels like VPN. The web interface of new generation controllers allows you to assign access rights to employees and visitors, add identifiers to the system, create built-in reactions in the controller, diagnose the controller, and update the firmware. To implement these tasks, the installation of additional software is not required. A small enterprise can build a mini-ACS without using software, which minimizes the cost of implementing the system.

Integration options

Obtaining a controller SDK allows integration with various systems, for example, pay access systems or ERP systems. The open protocol of the controller allows organizing access control in fitness centers, museums, theaters, amusement parks, parking lots, and many other objects on its basis.

Choice of identification methods

When choosing equipment for an access control system, it is necessary to determine which identification methods will be used: HID or MIFARE access cards, mobile devices, access by barcode, fingerprints, face recognition, etc. Technical characteristics of controllers and readers should allow the chosen identification method to be implemented.

Wiegand, RS-485, and USB interfaces are often used to connect the controller and readers. Wiegand is used in ACS for reading magnetic cards and RFID identifiers. Its advantages include simplicity, prevalence, range of up to 150 meters, and compatibility with equipment produced by different manufacturers. The disadvantages include vulnerability to hacking due to the lack of two-way authentication and data encryption and lack of control over the integrity of data transmitted between the controller and the reader device.

A USB interface is used to connect fingerprint or barcode scanners to the controller, as well as to connect control readers designed to enter identifiers into the system.

Multi-format readers can be selected if you want to use multiple identification methods simultaneously, such as copy-protected MIFARE cards and mobile devices. When choosing a reader, it is important to pay attention to characteristics such as operating temperature range (when used outdoors), IP rating, and vandal resistance.

A controller with a built-in access card reader, support for mobile identification, and a fingerprint scanner can be a very convenient solution. Such solutions allow a gradual transition from traditional to more secure identification methods. It is worth paying attention to the way the controller is installed. Ethernet controllers are simple to connect to the network, which greatly simplifies installation.


When building an access control system, it is important to consider factors such as speed, reliability, and ease of use. Modern access control systems often use Ethernet networks for communication between controllers, user workstations, and the system server, which ensures high system operation reliability and simplifies the installation of equipment. The system can operate offline for a long time without connecting to the server, and all necessary access rights are transferred to the non-volatile memory of the controllers. The system can be expanded by adding new equipment to the Ethernet network, and the ability to connect second-level controllers to the main controller simplifies system expansion and reduces costs. When choosing controllers, it is important to pay attention to the number of managed devices and the presence of multiple inputs and outputs for connecting additional equipment.

About the Author

Alex Vakulov is a cybersecurity researcher with over 20 years of experience in virus analysis. Alex has strong malware removal skills. He is writing for numerous security-related publications sharing his security experience.

Share this content on your favorite social network today!