Security Journal 2012 - Nedap Security Management

Security Journal
Security
Journal
Powered by Nedap Security Management. Issue September 2012
Powered by Nedap Security Management
Issue September 2012
Ending
the security
management
drama.
Ending the security
management drama.
The world of security solutions has been undergoing major changes in recent years.
Suppliers tend to be regionally operating businesses that supply closed products and
systems. Or they are large global players, who have taken over smaller competitors
and their solutions. This has glutted the market with a wide variety of products and
solutions of varying quality. At the same time, globalization has caused the market to
call for integrated solutions. In other words, a major gap has grown between supply
and demand.
Editorial Team
Security Journal 2012
Nedap Security Management is able to bridge this gap. Nedap offers a single solution
that is the same the world over. At Nedap, we don’t buy security solutions, we make
them. Every day we work on solutions that are smarter, more flexible and future-proof.
We use an architecture that combines access control and video and intrusion detection
on a single security controller. This approach makes it possible to implement hundreds
of functionalities in one server environment. This is what we call Security Redefined.
This truly integrated solution is better scalable than any other system on the market
and enables our clients to effortlessly expand their security system to multiple
locations. One client doing just that is ING Bank, which is currently installing AEOS
access control in more than 800 local branch offices in Belgium, as well as in its
headquarters.
This issue of Security Journal also features an article on the use of AEOS to secure
the two Ukraine football stadiums that hosted the European Football Championships.
Nedap’s solutions not only contribute to a safe business environment, but also to
innovative ways of managing this environment. One example of this is the use of
Nedap equipment at Getronics, where Nedap Locker Management is used to support
agile working.
This issue will also show you that AEOS continues to evolve. We never feel like we’re
done, like AEOS has reached its fullest potential. There will always be new challenges
to resolve. For example, how can we reduce the complexity of a system while increasing
its capabilities? How can we support the trend towards globalization? How can we
ensure that the system remains user-friendly for the end user while accommodating
growing functionality?
If you want to know how Nedap is putting an end to complexity, read this issue of
Security Journal. Enjoy!
Contents
Trends
Think global, go hybrid. Usability: the new standard in security systems.
6
12
Case studies
AEOS secures nationwide fibre-optic network.
Top scorers score in Ukraine.
AEOS increases security at ING’s BE branch offices.
Locker Management supports Getronics’ New World of Work.
18
22
28
34
Solutions and products
Nedap Security Journal
AEOS Intrusion: world’s most effective intrusion solution
whether stand-alone or integrated.
Boost your security solution.
Imprint: Nedap Security Management/Marketing & Communication
Phone: +31 (0) 544 471 111 Email: info@nedap-securitymanagement.com
Connecting wireless locks to AEOS: the cost efficient solution.
Web: www.nedap-securitymanagement.com
Nedap opens the door to key management.
Reproduction is subject to permission from Nedap Security Management.
Nedap, AEOS, AEOS faces, etc. are registered trademarks of Nedap N.V.
Invexs 190: versatile, extreme-weather reader with keypad. Translation and editing by Word’s Worth Tekst en Vertaling, Zutphen.
Hardware built to last: three-year warranty.
38
42
44
48
50
54
7
Think global,
go hybrid.
The security industry is feeling the impact of two major trends: globalization and on­going
technological development. Multinational enterprise, convergence of IT and physical
security systems, compliance issues and legislation – all are influencing access control
systems. Nedap is responding to and incorporating these trends into its products. Time
for a look at today’s challenges and how AEOS is being adapted to them.
Much has been written in the past ten years about
convergence or unification: the merging of information
(IT) security and physical security systems. Just one of
the many benefits of convergence would be an improved
capacity for dealing with disparate compliance regulations and national and international legislation. Although
several big players have tried to develop all-encompassing
systems that integrate, or bridge the gap between, IT
security and physical access control systems (PACS), most
large corporations still deploy the two separately. This
is partly the legacy of the past. Physical security was
traditionally a local, site responsibility. This left today’s
large multinationals with a wide variety of PACS in different
countries. Decentralized decision-making on physical
security has in fact hampered attempts at unification.
By Albert Dercksen, Victor Ermolaev
Call for ready-made solutions.
Picture: at Nedap, the technology roadmap is aimed
at improving usability and scalability in combination
with policy-based security governance.
In today’s uncertain economy, most major enterprises
are cutting costs and reorganizing to boost operational
efficiency. Facility management divisions are being asked
to support processes such as asset management, IT
infra­structure and security. This shift is generating a
strong demand for unification and policy-based systems:
essential tools for gaining global control and servicing
primary business processes at a fair cost. There is a great
demand for Commercial Off-The-Shelf (COTS) products
which can encapsulate legacy systems. A degree of
customization is accepted, but developing new tailormade systems to support secondary business processes
is seen as a bad business decision.
Calls for unification and policy-based security governance
have grown steadily louder. These appeals are now being
heard from global business domains outside IT security and
physical access control. Stricter compliance regulations and
industry-specific laws in finance, healthcare, manufac­turing,
pharmaceuticals, travel, transport and energy have spread
the need for the integration of multiple systems.
Service Oriented Architecture.
In our industry, this shift is clearly observable in today’s
RFI/RFP documents, all of which call for integration of
security systems in a Service Oriented Architecture (SOA)
of some kind. Some global enterprises have already
introduced an Enterprise Service Bus (ESB), implemented
in combination with rule engines, business process
modelling engines (BPM), and extensive workflow modelling. More recently, work has been done on the use of
business operation platforms that incorporate a service
bus but also take things further, towards ideas like the
Internet of Things (IoT), the Semantic Web or Web 3.0. The
common denominators in these last three movements
are: enabling cross-domain service integration, improving
usability, delivering true online business operations and
decreasing human interventions by adding intelligence.
The information industry has been dealing with calls for
integration for much longer and has learned to use open
standards, to hide legacy systems behind service interfaces,
and to minimize service dependencies by using Loose
Coupling and the principle of Separation of Concerns. The
security industry could learn a great deal from this.
Impact on access control.
Now let us turn our attention to a core aspect of physical
security, Access Control, and analyze how these trends –
globalization, unification and the use of open standards –
impact the architecture of access control systems.
A common domain model in access control systems is
that of an abstract subject that wants to gain access to an
object. The subject first needs to authenticate itself
(based on what it has, what it knows or what it is), after
which the access control decision is evaluated based on
the identity of the subject and the active policy governing
access to the object. The policy typically includes business
(security) rules and date/time aspects, and often uses
some distinguishing characteristics of the subject, e.g.
employee vs. visitor.
Access control models.
The access control model identifies whether a subject
is authorized to access or perform a certain action on an
object. In physical access control, the object is usually
a physical space, e.g. a room, a parking lot or a locker.
(In the system architecture, these objects are referred
8
to as resources.) Here, authentication of the subject (e.g.
a person) is usually carried out using an electronic RFID
card. In high-security environments, this authentication
is supplemented by a PIN or biometric characteristic.
Mainstream PACS usually make use of an Access Control
List (ACL) model. This means the access control model
is based upon a simple list of authorized subjects for
different access points at specified dates/times. The ACL
model is well-suited to create fine-grained permission
structures, but the downside is its mushrooming complexity
as the number of subjects and objects grows.
Reducing complexity.
A slightly more sophisticated approach, aimed at reducing
complexity, is the Role Based Access Control (RBAC)
model. In this structure, the complexity of assigning
permissions to users is overcome by introducing a level
of indirection, i.e. a role, which clusters access rights to
certain objects. The subject’s role in the organization is
used to evaluate its access to an object. Although the
RBAC approach seems more usable, it is less suitable for
fine-grained permission modelling. In many organizations,
role engineering appears to be extremely difficult. Attempts
to circumvent the built-in coarseness of the permission
model tend to result in so-called role explosions. These
make the system virtually unusable. It is worth noting,
however, that ACL-based access control systems become
unwieldy much sooner than RBAC-based systems when
the organization grows or the number of factors affecting
access rules increases.
ABAC model.
In information security, the drawbacks of ACL and RBAC
have not gone unnoticed. This has led to the introduction
of an Attribute Based Access Control (ABAC) model. In this
model, a subject’s access rights depend on the attributes
describing this subject, e.g. age, possession of a valid
driver’s license, security clearance, etc. Such dependency
is expressed in rules, which may be combined into
policies, which, in turn, may be clustered in policy sets.
A simple example of a rule would be “to enter this
amusement park the subject has to be at least x cm. tall”.
To express such rules, an XML-based language was
developed. OASIS recently published the XACML 3.0
language standard, aimed at standardizing access control
models using ABAC. ABAC offers great flexibility and
fine-grainedness, but these benefits come at a price: in
9
ABAC it is easy to lose sight of the maximum permission
set for a given subject. That is, it is impossible to answer
a question like “Is subject A allowed to enter a chemical
lab?” until subject A actually tries to enter such an object.
Dilemma.
ABAC is well-suited for open systems, such as libraries,
car-rental offices, video stores and open Wi-Fi networks,
where neither the identity of a subject, nor the state of
an object or the environmental circumstances are known
beforehand. However, openness is not the norm in the
physical security industry. And yet some pioneers, like the
Open Group, have broken with tradition. By publishing its
Open Enterprise Service Architecture (O-ESA), the Open
Group is trying to encourage the use of industry best
practices in defining organizations’ global security models.
The physical security industry clearly faces a dilemma.
Should we follow in the footsteps of IT security, open
up the controllers, implement open standards like XACML
and become (web)service providers in the Identity
and Access Governance (IAG) domain? Or should we
stubbornly resist the unification of information security
and physical security?
Best of both worlds.
At Nedap, we have decided to do both, and more. AEOS’s
technology roadmap is aimed at improving usability and
scalability in combination with policy-based security
governance. The AEOS platform will be adapted to enable
cross-domain integration in global enterprise (SOA)
environments. At the same time, it will provide the best
policy-based access control models, a modern service
lifecycle model and state-of-the-art IPv6-based security
devices. The security architecture will be based on the latest
encryption technology using Secure Application Model
(SAM) devices and network-based key revocation methods.
The access control model proposed by Nedap is a hybrid
model combining the strengths of RBAC with the flexibility
of ABAC. One simple example can illustrate the power
of this approach compared to a purely ACL, RBAC or
ABAC-based model.
Consider a multisite company with employees who
regularly travel between company sites. Every site has
its own PACS, but both identity and access rights are
enforced automatically by global regulations. In an
ACL-based system, each individual object would have to
be assigned a list of authorized employees. Besides the
10
obvious fact that this approach will fail in any large-scale
company, there are other problems, such as a high risk of
malicious assignments, made possible by the Segregation
of Duties. For example, a dishonest security officer could
add himself to the list at any resource.
So it might seem better to use the RBAC model, based
on the employee’s work role in the organization. RBAC
addresses the Segregation of Duties problem by only
allowing assignation of either subjects to roles or permissions
to roles. However the risk of role explosion becomes
apparent as soon as highly fluid factors are included in
the role definitions. Using the ABAC model would prevent
role explosion, as ABAC makes it possible to combine
any number of fluid factors by introducing appropriate
policies at resources. However, the ABAC drawback
mentioned earlier still stands: the model effectively hides
a subject’s actual permissions.
Hybrid.
AEOS uses both RBAC and ABAC, benefiting from the
advantages of both models. RBAC provides the necessary
level of coherence and transparency for overall security
policies, while ABAC adds flexibility and minimizes the
risk of role explosion. In this hybrid model, an employee’s
role describes optional permissions necessary for them
to fulfil their duties, while rules and attributes identify
for each individual whether a permission becomes
unconditional or must be withdrawn. A simple example
would be the pair: Role-Manager and Attribute-Location.
The intelligence in this approach lies in the fact that the
location list can be used to evaluate the PACS to which
identity information needs to be distributed. This improves
performance and scalability. At the same time, knowledge
about the PACS configuration is hidden from the users,
so data entry interfaces can be based on business process
language (role, location). This improves usability. And finally,
these meta-access rights can be mapped automatically
to any PACS that has some form of import module. This
supports the encapsulation of legacy PACS into the policydriven security architecture.
In short, Nedap is ready to deal with the challenges
posed by globalization, unification and the trend
towards open systems. With our hybrid model and the
technological developments planned for AEOS, we can
ensure that we will continue to deliver a future-proof
product to our customers.
13
Usability: the
new standard in
security systems.
The revolution that took place several years ago on the consumer market is breaking into
the field of security management. Intuitive user interfaces with attractive apps and widgets
are the standard of the future, usability is the latest buzzword. Nedap has put these into
practice with its new AEOS 3.0 security management system.
By Mischa Hoyink
Picture: thanks to AEOS receptionists
can smile and mean it.
Receptionists who use smartphones in their spare time,
swiping from app to app on touchscreens with great
ease, can hardly be expected to use a 1990s-style
security management system at work. Their motivation
to learn how a system works and to use it consistently
depends on whether that system meets them halfway.
Put differently, a system that demands far too much
knowledge will not be accepted by the ‘smartphone
generation.’
Achieving usability is a challenge when dealing with a
system that integrates a vast number of functionalities
like AEOS does. Nedap had to work out how all those
functionalities could remain accessible for end users
while drastically simplifying the graphical user interface.
All the while, the architecture had to remain open,
scalable and robust. Not to mention future-proof. In
AEOS 3.0, all these characteristics were brought together
into one integrated system.
Radical simplification.
Defining personas.
“We visited places where receptionists worked and
counted how many screens they had to use in our old
AEOS system,” says Nedap sales director Arjan Bouter.
“We came to a staggering total of 248 screens. Who was
watching over them to make sure they were all being
used correctly?” Nedap’s solution in AEOS 3.0, Bouter
says, was to radically cut back the number of screens.
“We reduced those 248 to just 4!”
Nedap pulled it off by analyzing the different types of
employees who use AEOS and narrowing them down to
four extremely detailed user roles, or personas. These are:
the receptionist (the ‘heavy user’ in Nedap’s definition),
the security guard, the security manager and the system
administrator. In AEOS 3.0, each of these four personas
has role-specific widgets with which to manage their
daily tasks. Users see only those widgets that provide the
functionalities relevant to their role. The great thing about
widgets is that they can be used not only on a monitor,
but also on a tablet or smartphone. This means that a
security guard can take a tablet along while doing rounds,
to see what needs to be done at a particular door.
This simplification was a sharp turnabout from the trend
towards increasing complexity that had dominated secur­ity
management systems for a long time. Developers were
primarily focused on expanding their system’s performance.
The race was on to collect more and more data for security
purposes and for the management of processes. It was
very “impressive”, says Arjan Bouter, “but what was forgotten was the fact that people’s ability to absorb all that
information did not keep pace with the system’s capacity.
Because of non user-oriented interfaces, end users like
reception staff, guards and even managers ultimately
became overwhelmed. Some processes became so slow
and inefficient that users sometimes just skipped them,
which obviously compromises security.”
Interaction Design.
The key was to redesign AEOS in such a way that users
would feel no need to skip steps. So Nedap knew the
challenge it faced, and decided to tackle it from the
dis­cipline of Interaction Design. Arjan Bouter: “In creating
AEOS 3.0, we focussed entirely on the graphical user
interface, the crucial point where the user interacts with
the system.” Interaction designers are concerned with
the function, behaviour and final design of products
and systems. They cooperate closely with application
engineers to link what the user wants to the technical
capabilities of the system.
Receptionists
had to deal with
248 screens in their
daily work. We have
reduced this to 4.
14
Usability reviews.
Interaction designers make frequent use of test users to
steer their development. During the redesign of AEOS 3.0,
test users were asked to try the new interface while
their reactions to the system were monitored. Users
were filmed and asked to talk about what they were doing.
The designers monitored not only the number of mouse
clicks needed to perform a particular task, but also the
emotions the user experienced while interacting with the
application. This allowed them to analyze when users
made mistakes or got stuck. This feedback made it possible
to fine-tune the interface and to make small but important
changes to everything users see, hear and feel.
The tweaking process at the heart of Interaction Design
resulted in a system so intuitive and user-friendly that
users can start using AEOS 3.0 with hardly any instruction.
As users of previous versions of AEOS know, this is a vast
change from what it used to be. According to Bouter, turning
to Interaction Design was a good decision: “It was worth
it. Even though we are not the only ones in the industry
doing this, we are certainly a pioneer in the field. For the
time being, we are way ahead of the competition. It is going
to be a while before anyone is going to catch up to us.”
Usability = security.
The advantages of a usability-based system are obvious.
Bouter explains that a system that can be learned as
easily as AEOS 3.0 reduces the need for training, saving
an organi­zation time and implementation costs. Work
itself gets done more efficiently when employees are
using such an intuitive system, which in turn means the
organization can provide service with a higher degree
of professionalism.
Most importantly, “usability ultimately reduces mistakes
and increases security”, says Bouter. “If you like working
with a system, you won’t be tempted to skip procedures
that are too complicated or tasks that take too long. And
an interface that helps prevent human error contributes
to a higher degree of security in your organization.”
Picture: AEOS 3.0 has an attractive,
intuitively usable interface.
“Usability ultimately
reduces mistakes and
increases security.”
Take AEOS wherever you want.
AEOS gives you instant access to various functionality
through widgets. This makes it easier to start
using AEOS, and much easier to use AEOS on the go,
because the widgets also work on a tablet or
smartphone. So a security guard can take a tablet
along on his rounds to see which door he has to
open, or whether a visitor has arrived. Widgets can
be put on smartphones or other portable devices
without significant modifications. They’re ready for
use, wherever you go.
AEOS secures
nationwide
fibre-optic
network.
Back in 2005, private investment company Reggeborgh and KPN, the Netherlands’ largest
network provider, joined forces to start building a nationwide fibre-optic network.
Reggefiber, as the joint venture was called, built new headquarters in Rijssen, which
it chose to secure with Nedap AEOS. Since then, Reggefiber has built almost 1,000 Points
of Presence (POPs) throughout the Netherlands, a number set to grow to 4,000 over the
next decade. All these optical fibre hubs are equipped with AEOS controllers, readers and
the latest AEOS functionalities.
By Thijs Engelbertink
Picture: AEOS’s state-of-the-art security technology
is used to guard tomorrow’s communication network.
19
Another requirement was that all the information gathered
had to be readable and monitorable with the latest tech­
nologies. The special environmental conditions and the
enormous scale of the project made AEOS the perfect
technological match: state-of-the-art security technology
used to guard tomorrow’s communication network. Another
reason why AEOS was so well-suited to this project, is the
fact that the system provides for future developments in
terms of growth, capacity and as yet unforeseen demands.
AEOS’ scalability allows Reggefiber to increase its number
of POPs exponentially without having to worry about the
system’s stability.
Usability.
Receptionist’s desk inside Reggefiber’s headquarters in
Rijssen, the Netherlands.
Reggefiber had specific requirements for securing its
POPs. Therefore, Nedap and Niscayah, a Nedap business
partner, sat down with Reggefiber to work out a special
“POP Controller”, using standard AEOS elements. The
made-to-measure controller now provides all currently
needed functionality as well as expansion options for
functionalities possibly required in future.
POP Controller.
The “POP Controller” assembled for Reggefiber contains
standard AEOS hardware components and embedded
software to manage and monitor intrusion detection,
access control, additional sensors and CCTV cameras.
Using standard components to build a made-to-measure
system saves on development costs when compared to
a bespoke system. An added advantage is that Reggefiber
will not be dependent on custom-built software and
special interfaces if the company decides to expand or
change functionalities in the future. This reduces Total
Cost of Ownership.
Scalability.
The Reggefiber project was challenging because of the
large number of POP locations and authorizations at
contractor and subcontractor level. Every location had
to be equipped with a door reader, a door contact, an
intrusion sensor, a humidity sensor and a heat sensor.
20
At Reggefiber’s headquarters in Rijssen, a fully-equipped
control room (NOC) monitors the various POPs around
the clock. This is also where direct control is taken when
a system alert comes in. Such alerts are generated when
someone enters a POP without authorization, or when
someone tries to sabotage the security system, but
also when the indoor temperature fluctuates too much,
humidity exceeds set limits, or the AC malfunctions.
The control room in Rijssen is also where the doors in
the POPs are opened when someone identifies him or
her­self for maintenance or repair work. In addition,
contractors and subcontractors have been issued special
ID badges with specific, possibly temporary or limited,
access rights to the POPs. These badges and authorizations
are issued and managed from the central AEOS server in
Rijssen. Because AEOS is fully web-based, issuing badges
or chang­ing authorizations can be done from any workstation.
Flexible environment.
The AEOS hardware is physically installed in cooperation
with Niscayah. At the production site where the physical
POPs are manufactured, Niscayah installs the POP controllers. As soon as the POP is placed in a new fibre-optic
cable area, Niscayah connects the controllers by means of
UMTS. In this way the POP and the equipment can be
controlled, even when the network is not up yet. As soon
as the network is available without interruption, AEOS is
switched over to the new, continuous, connection.
Reggefiber’s headquarters was designed to resemble a cut-away view of a fibre optic cable.
Business continuity.
In order to guarantee Reggefiber’s business continuity,
it is essential to ensure optimal functioning of its core
business, i.e. the optical fibre network and related systems.
In practice this means that the power supply must be
continuous and controlled, the POPs must be cooled
continuously and humidity must be regulated.
Reggefiber has provided advanced systems to create
and maintain the perfect conditions. Any deviations or
disruptions are picked up immediately by sensors
connected to the AEOS components. At the NOC in Rijssen,
Reggefiber employees use the AEOS Graphical Alarm
Handler to monitor and deal with incoming alerts.
Nedap has provided an intelligent power supply unit with
UPS functionality, which provides direct power supply for
sensors and locks and emergency power supply. Central
monitoring of the power supply unit’s status allows staff
to respond proactively. This makes the process of business
continuity assurance more efficient and effective.
Fibre Optics.
In 2005, Reggeborgh and KPN joined forces to start building a nationwide fibre-optic network. Since then, KPN
has taken a majority share in Reggefiber as a service provider. Reggefiber is responsible for the roll-out of the
nationwide Dutch optic fibre infrastructure. Fibre-optic communications has great advantages over copper wire
in terms of speed and data size. Optical fibre has much lower interference because the cables are not affected
by external electromagnetic fields. So far, Reggefiber has installed optical fibre in 150 Dutch municipalities. This
means that one-tenth of the Dutch population can already use this new means of communication, and that
number keeps growing every day.
Reggefiber is building POP buildings in central locations in every region. These POPs contain cables, switches,
cooling systems and communication centres and function as the hub for a particular optical fibre area. This
makes them the most critical element in the network. Therefore, security and monitoring of POPs is crucial to
guarantee business continuity.
21
23
Top scorers
score in
Ukraine.
Almost 70,000 spectators watched Spain win the European Football Championship –
EURO 2012 – in Kiev’s Olympic Stadium. They enjoyed the match in a fun and safe setting
that Nedap Security Management had helped create. Both the brand new Arena in
Lviv and the renovated Kiev stadium had been equipped with Nedap’s AEOS security
management system for access control and intrusion.
In April 2007, UEFA’s Executive Committee chose the joint
Polish-Ukrainian bid to host the 2012 European Football
Championship finals. In anticipation of the event, two
of the four Ukrainian stadiums to host the matches were
equipped with AEOS security systems. The Olympic
Stadium in Kiev was built in 1923 and needed remodelling
to bring it up to UEFA’s ‘category four’ standards for
stadiums hosting football finals. Such stadiums usually
seat thousands of visitors and must meet strict criteria in
terms of public access and egress.
By Jos van Nederpelt
Picture: both stadiums use the
AEOS graphical alarm handler, which gives
a graphical representation of the stadium.
The Arena in Lviv is brand new and built to meet all of
UEFA’s latest technological and functional requirements.
With a capacity of 33,400 spectators, it is relatively small.
But its extensive grounds and state-of-the-art facilities
ensure players and spectators maximum comfort. All seats
are covered. Parking is located underneath the stadium.
The stadium’s facilities include VIP lounges (seating 450),
restaurants, a media centre, various training centres and
office space. Construction at the 9-hectare site started in
November 2008 and was completed by October 2011.
Security levels.
Nedap’s business partner ISK Transexpo installed the
necessary hardware and Nedap’s AEOS security management software at both venues. In Kiev’s Olympic Stadium,
the company installed Convexs M80FC readers at the
480 access points. The Lviv Arena was equipped with the
same readers at its 380 access points.
In total, 528 intrusion zones were defined. Nedap Convexs
Mifare readers are used at some 600 doors and entrances.
Both venues also deploy AEOS’s unique ‘security levels’
functionality, enabling security managers to respond swiftly
to any calamity that could have occurred at a major event
like EURO 2012.
In case of emergency, the system switches to a predefined
emergency scenario with alternative access authorizations.
This takes just seconds.
Key Figures Arena Lviv.
33,400 spectators, all covered
450 VIP seats
150+ alarm system loops
AEOS @ Arena Lviv
300+ Mifare Convexs readers
20+ electrical cylinders integrated
into AEOS for on-line and off-line operation
Rule Engine
Security Level Management
Graphical Alarm Handler
People heading into Kiev Olympic Stadium.
Security and intrusion.
Like all other modern stadiums, those in Kiev and Lviv are
equipped, inside and out, with a permanent closed-circuit
television system that can take still shots, and with colour
monitors in a control room. Security management at the
stadiums use the AEOS Graphical Alarm Handler to monitor
and handle alarms, and to provide the operators with clear
work instructions. The Graphical Alarm Handler shows a
graphical representation of buildings, the stadium layouts
and alarms as well as the status of the alarms and which
guard are handling them.
Another very helpful tool used in both stadiums is
the fully integrated “Guard Tour” that enables extensive
monitoring and audit trailing of security guards. The
Guard Tour allows security managers to define a sequence
of card readers or alarm inputs that have to be checked
within a pre-defined time span during routine tours.
With the AEOS Guard Tour option, guards can be sent
on their rounds of the premises while their progress is
monitored from the control room. In addition, the Lviv
Arena’s three-level parking garage underneath the
26
stadium was outfitted with long-range readers and
wireless sensors in order to manage and secure the flow
of vehicles around the stadium.
Topscorer Award.
AEOS is Nedap Security Management’s contribution to
the smooth and safe European Championship. For this,
Nedap has received the Task Force EURO 2012 Topscorer
Award. This prize was awarded by Task Force EURO 2012,
a EUNITE and FME-CWM initiative aimed at boosting the
export of Dutch expertise in infrastructure, construction
and other large-event-related fields to Poland and Ukraine.
Nedap has also won the bid for installing a new security
system at Poznan Airport.
The Polish city of Poznan also hosted EURO 2012
matches. The airport was expanded with a new terminal.
In cooperation with its Polish partner Atrem S.A., Nedap
provided access control and intrusion detection for all
terminals.
Key Figures Kiev Olympic Stadium.
70,050 spectators (68,055 for EURO 2012)
3,546 VIP seats
150 seats for disabled spectators
1,497 media seats
366 commentators’ booths
500+ alarm system loops
AEOS @ Kiev Olympic Stadium
400+ Mifare Convexs readers
Authorized access to the fireproof cabinets
50+ electrical cylinders integrated into AEOS
for online and off-line operation
Counting Manager
Rule Engine
Security Level Management
Graphical Alarm Handler
29
AEOS increases
security at
ING’s BE branch
offices.
Security management in banking is a discipline unlike any other. Rather than integrating
all security into one centralized system, some banks choose decentralized security for
their branch offices. AEOS, a leading platform in integrated security, turns out to be just
as effective when deployed decentrally.
”We were already using Nedap AEOS in our headquarters,
as well as various regional offices,” says Joris de Greve,
Security Manager at ING Belgium. ”Then, in 2011, the
security system used by our 800 branch offices in Belgium
needed to be extended with access control. Because
we were already aware of AEOS’s capabilities and very
satisfied with its performance, it was a logical step to ask
Nedap to solve our problem.”
Autonomous systems.
By Erica Meijer
ING’s 800 branch offices in Belgium were already
equipped with autonomous intrusion detection and
camera surveillance. All doors and their accessories,
such as locks, push buttons and door contacts, were
monitored and controll­ed by the intrusion detection
system. Doors were opened and closed using keys in
security cylinders. A central alarm management system
handled alarms coming in from local intrusion control
systems.
Key management had become a problem, according to
De Greve. ”It was virtually impossible to keep track of
the physical keys and who was authorized to use them.
We had no central database in which authorizations
could be assigned or retracted.” In addition, changing
locks, replacing keys and keeping key plans up to date
had become difficult. “It was time for an elec­tronic
access control system,” explains Peter Rommens, Country
Manager at Nedap Belgium. “Since all peripherals were
connected to the intrusion detection system, the scope
of the project was clearly defined. We were looking
purely at access control at one or more doors per office.”
Narrowing it down.
After considering a wide range of solutions, ING eventually
selected two for further evaluation. One was to add access
control to the existing intrusion detection systems. This
was technically the least complicated option, because the
basic infrastructure and necessary hardware were already
”We were already using Nedap AEOS
in our headquarters, as well as various
regional offices.”
Keeping an eye on things.
AEOS at proxy offices.
A consequence of decentralization is the need for reports.
“Central management wants to keep an eye on what
is happening at the various branch offices,” De Greve
says. ”Is security functioning properly? And are offices
com­plying with security policy?” He believes reports
“are also a valuable management tool.” For example: how
many people are at work at any given time, or whether
people only come in a few times a week. “This helps us
to make sound decisions concerning flexible office space,
for instance, and that’s an important way to reduce costs.”
“The bank preferred our proposed solution, with one
AP4803x per branch office, over a solution with one or
more AP6003 network controllers per office but only
one AEpu per ten offices,” Rommens says. “Although
having one AEpu per office is costlier, availability is more
sure with the AP4803x and it offers more long-term
advantages. It means each office is prepared for expansion
of its access control or the addition of other security
functionalities.”
Proxy offices roll-out.
Joris de Greve, Head of Security at ING Belgium.
in place. The other option was to expand the centralized
AEOS system that was already up at headquarters and
regional offices to include access control at the branch
offices. The latter offered the major advantage of being
able to connect all branch offices to one central database,
while retaining the ability to delegate responsibility
for authorizations to lower-level security management
layers. Other benefits of this option included its system
architecture, the proven stability of the system for large
numbers of offices and cardholders, the system’s scalability
and flexibility, the native IP controllers’ ability to communi­
cate peer-to-peer and bypass the server, and the system’s
redundant facilities and security (failsafe, switching
servers, etc.).
Flexible and extra secure.
The factor that clinched the deal was that AEOS allowed
for decentralized management of separate units and
the use of entrance filters. This meant local offices could
be authorized to manage their own security without
access to other offices’ data, Joris de Greve explains.
“The bank’s security structure is based on central access
to buildings and central facilitation of technical solutions,
but decentralized security and access responsibility
per zone. There­fore, the system must allow us to cluster
cardholders into groups with different authorizations.
AEOS supports this.”
30
“Another factor was ING’s requirement that authorizations
not be assigned to a badge, but to a cardholder,” adds
Rommens. ”This builds in extra security: cardholders who
lose or forget their badge are issued a replacement while
the original badge is invalidated. This guarantees there
are no unaccounted-for, authorized badges ‘floating
around’.”
Decentralized approach.
ING combines centralized and decentralized policies. Overall
security policy is set at top headquarters; security manage­
ment there decides who is authorized to manage accounts
and which authorizations may be assigned. This is part of
the bank’s security structure. We ask ING Belgium Security
Manager De Greve to illustrate.
“For example, the Milan office uses a server in Belgium
and the technical facilities provided by central security
management. However, the management in Milan are in
full control of who is allowed access to their building and
when,” he says.
User training is also decentralized. There are some
500 ad­ministrators, all of whom were trained internally
and decentrally. AEOS enables this flexibility. Because
AEOS is web-based, interventions are simply and swiftly
carried out.
ING BE has two different types of offices: Proxy offices
where all money is distributed by ATMs and Full Service
where staff behind counters provide service. In both
types of branches local staff is present and mobile
specialists are available to respond to specific needs or
questions customers may have. Nedap is currently
installing AEOS at the 800 Belgian branch offices at an
approximate rate of nine offices per week. Peter Rommens
explains how the roll-out is being organized logistically:
Security is based on central
access to buildings and central
facilitation of technical solutions,
however local offices can be
authorized to manage their
own security without access
to other offices’ data.
“In preparation for installation, ING centrally creates
the appropriate authorizations in AEOS. Then, Nedap’s
business partner defines the configuration and uploads
this to the controller. This means on-site installation
is quick; once the controller is connected and deployed,
the system is up and running.”
“AEOS enables flexibility.
Because AEOS is webbased, interventions
are simply and swiftly
carried out.”
Proxy offices are defined as individual access control
zones. Each office has its own profiles defining who
is allowed access and on what basis. Proxy offices are
secured with readers and a key replacement badge.
The alarm system runs separately from the access control
system. The badge only provides access, while arming
and disarming the alarm system requires identification. In
line with existing policy, if an unauthorized person finds
a badge and tries to use it when the office is empty, this
sets off an alarm. If a person tries to use a stray badge
when the office is manned, he or she is immediately
exposed by staff (social control).
“Badges are also blocked based on expiry date or end
of contract because in general the fewer badges in
circulation and the fewer people with access, the smaller
the security risk,” says De Greve.
31
Key figures.
L icense for 25,000 badges,
1,000+ access points
Oracle DB application server
Backup server
Test server
Linked with HR database (Peoplesoft)
for importing data
Use of rule engine to automatically
change authorizations
Hardware AP4803 + Convexs/Invexs readers
Locker Management
supports Getronics’
New World of Work.
In October 2010, Getronics BeLux relocated and introduced a radical improvement in
working conditions. From then on, employees could work whenever they wanted to, and
wherever was most convenient, as long as they delivered results. The new approach
clearly had consequences for security and access. When the clean desk policy went into
action and all drawer units were eliminated, employees needed a new place to store their
belongings. Enter Nedap Locker Management.
By Elles te Boome-Harbers
Picture: as clean desk policy is a part of the NWOW,
employees need a place to store their belongings.
35
Getronics pioneered flexible office space with the “New
World of Work” (NWOW). This meant desks were no longer
dedicated to a person, but to a task. The result was a strict
clean desk policy. To guarantee full flexibility, all drawer
units were banned.
However, everyone still needed a locker to store their
own office supplies and personal effects. Getronics felt
traditional lockers would be inflexible, and managing
physical keys difficult and time-consuming. Security
Manager Patrick De Waen sought a more sophisticated
and convenient solution. He remembered once using an
RFID wristband to open a swimming pool locker and
asked the architect designing the new Getronics building
to explore the feasibility of this solution. This is how
Getronics found Nedap Locker Management.
Intuitive locker management.
Getronics’ experience with the lockers has been entirely
positive. Employees find them easy and intuitive to
use, so acceptance is widespread. One of Nedap Locker
Management’s strengths is that it allows for dynamic
locker management. Getronics opted for this functionality
even though in practice employees use the lockers as
personal lockers (static).
Security concept.
NWOW is based on trust once people are in the building.
Security follows a three-tier concept. At level A (the macro
environment), people have free access to registration and
reception; at level B (meso environment), visitors are issued
clearly recognizable badges and may not move around
unaccompanied. Anyone without a badge or walking alone
with a visitor badge is approached by security. At level C
(micro level), security is aimed at controlling the use of
systems, such as printers and lockers. These three levels
are not integrated, but they do recognize the same badge.
Acceptance.
When Getronics became one of the first companies in
Belgium to implement NWOW, employees rapidly embraced
the system. Getronics invested heavily in change manage­
ment to make the transition smooth. People were properly
prepared and the implementation was well-planned.
Employees were moved to the new premises in groups
of 100. Implementation of NWOW is based on three
equally important pillars: facilities, IT and company culture.
36
Dedicated hosts gave groups of employees tours of the
new facilities. NWOW coaches introduced the chan­ges
in IT, demonstrating all the new technologies. Company
culture was a tougher nut to crack. It took management
time to accept the loss of visual control over people.
Middle management changed as people were judged on
results rather than hours put in. As a result, working from
home is now perfectly acceptable.
Net results.
NWOW is sustainable. Printing at the office is down
drastically because so many people work from home and
prefer to carry a USB stick rather than a stack of paper.
Getronics has been using 30% less paper since October
2010.
The new building is 25% smaller than the old building,
at 6,000 m². Getronics employs 300–350 people, but
currently has 240 desks. And yet, employees feel they
have more room. If all 350 employees were to show up
at once, desk space would be scarce, but since the move
occupancy has averaged 50–60%, leaving room to spare.
There are 300–350 lockers, so everyone can have a
personal storage space. Since October 2010, the lockers
have functioned without a hitch.
The building is open from 6 a.m. to 10 p.m. Access outside
these hours is possible in exceptional cases and with
special permission. Getronics has organized work space
into clusters. Although no one is obliged to sit with their
own division, many tend to do so, since it makes sharing
information easier. Employees in consulting and marketing
tend to mingle more and are least tied to a fixed place.
Future.
In the future, Getronics’ micro-level security regime could
be developed further by expanding locker management
to filing cabinets. Other possible changes include further
reduction of desk space and expansion of conference
rooms. This way the building becomes more like a meeting
venue than office space.
Picture: in case employees forget which locker they
used, they can track their locker at the terminal.
39
AEOS Intrusion:
world’s most
effective intrusion
solution whether
stand-alone or
integrated.
Whether used as a stand-alone application or integrated into an existing AEOS security
system, AEOS Intrusion has great benefits. This new functionality can run on the same
controller used for access control and video management, and boasts vast scalability of
zones, areas and users.
AEOS Intrusion is an functionality that can either be used
as a stand-alone application or integrated into existing
AEOS security systems. The stand-alone version is based
on the Intrusion Base Panel, which is configured by means
of the integrated web browser and/or by XML import. An
Invexs reader with keypad and LCD display (Intrusion LCD
keypad reader) is used to operate the system, i.e. arm and
disarm the panel, handle alarms, call up the log file, change
settings, etc.
Integrated.
As an AEOS-integrated option, the Intrusion functionality
can be run through the Intrusion Base Panel, but also
through other AEpus. AEOS Intrusion can run on the same
controller as AEOS access control and video management.
This means functionalities can be combined locally, which
reduces cost of ownership. User data and access rights are
centrally managed and distributed. This way the system is
always up to date, which significantly reduces risk. AEOS
By René Waenink
Picture: the Intrusion Base Panel
is EN50131-1, Grade 3 certified.
Intrusion is unparalleled in terms of scalability. It is easy
to add more buildings, locations and countries.
Alarms can be monitored and dealt with in the web-based
AEOS Graphical Alarm Handler. All events and users are
stored in the same database. This makes interpreting events
easier and faster and providing proof of infractions more
reliable. An added benefit of using the Graphical Alarm
Handler is that it provides a perfect overview of alarm
points, and allows users to operate the system on screen.
Technical information.
A new PCB was developed for the handling of detectors
and batteries. This AEpack-compatible AP3006 board
controls any connected detectors and outputs, monitors
the battery status, monitors and powers sensors and
communicates with the Intrusion LCD keypad reader. The
AP3006 is built into the Intrusion Base Panel, the Intrusion
Extension Panel and the Intrusion I/O unit. The AEOS
The stand-alone version is based on the Intrusion Base Panel.
Also the AEOS-integrated option can be run through this panel.
Intrusion Base Panel, the Intrusion Extension Panel, the
Intrusion I/O units and the Intrusion LCD keypad reader
all comply with the European EN50131-1 grade 3 standard,
as do all components used in these devices. The Base
Panel can be expanded by a maximum of 31 Extension
Panels and/or Intrusion I/O Units. All Panels include a
power supply and battery monitoring.
The AP3006 has 16 inputs, which can accommodate most
commonly-used sensors. Because the End of Line (EOL)
resistor value for each input is freely definable, it is possible
to distinguish on one input on the AP3006 between the
various between detector statuses, namely detector
present, detector not present (tampering), short circuit in
the detector connection, masking, and alarm event.
40
The AP3006 has four short-circuit and overloadprotected 12VDC outputs for powering the
sensors, and several freely definable outputs:
x relays with NO – COM – NC clean contacts, not
2
protected
8 x open collector outputs
a truly global solution that can be used across buildings,
countries and continents
Intrusion zones are directly connected to AEOS
EN 50131-1, Grade 3 certified
Unlimited scalability of zones, areas and users
Central management of users, PIN codes and biometric
identification
Alarms can be monitored and dealt
with in the web-based AEOS Graphical
Alarm Handler.
43
Boost your
security solution.
There’s a famous saying in English: “If it ain’t broken, don’t fix it”. So why would Nedap
replace the processor board in our AEOS Processor Units (AEpus)? The answer is simple:
to create an even more powerful product which can handle access control, intrusion
detection and video management simultaneously. The increase of memory and speed
are a real bonus.
The processor board is the heart of the AEOS Processor
Unit (AEpu). All intelligence, such as authorizations, business logics and time schedules, resides in the processor
board on this AEpu. That is why replacing a processor
board is not something Nedap takes lightly. Such a change
can have great impact on AEOS products. Besides, AEOS
software must be able to run on both old and new boards.
And at the same time the hardware must be capable of
handling the new processor board, for which it might
need an upgrade.
Big improvements.
Since Nedap first launched AEOS in 2000, several changes
in the processor board have been made. The main effect
of these changes, aside from increased memory and performance, was that the number of connectable AEpacks
was doubled, resulting in more functionality.
By René Waenink
Picture: the new processor board increases speed
and memory of the AEOS security solution.
The most recent upgrade, in March 2011, was to an
AX8008 processor board. The main benefits from this
upgrade are:
Faster start-up and improved performance, especially
on AEpus with large, complicated configurations and a
great amount of data. RAM increased from 64 MB to
256 MB, flash memory increased from 128/ 512 MB to
2 GB and performance speed from 266 MHz to 800 MHz.
More data storage capacity. Storage capacity is roughly
doubled, compared to the previous board.
Increased temporary storage capacity of events on the
AEpu. Default storage capacity is 10,000 events, but
can be increased to 1,000,000.
Tests have shown that the board can handle 100,000 cardholders using four entrances. Even 100,000 cardholders
using eight entrances works, depending on the type of
cardholders and number of events, for example. Tests with
250,000 carriers on one AEpu, using one entrance, showed
that it took the AEpu only 25 minutes to reload and
authorize all 250,000 cardholders.
45
Connecting
wireless locks to
AEOS: the cost
efficient solution.
Wireless locking solutions are a fast-growing market. They replace mechanical locks in
doors which are out of reach of wired access control systems. Both online and offline
wireless locks can now be integrated into AEOS. This provides maximum flexibility in
controlling doors at optimal investment.
Wireless battery-operated locks are very cost effective,
mainly because installation costs are low. When wireless
locks are connected to an online access control system,
more doors can be controlled and wireless locks can meet
higher security needs.
Offline data-on-card locks.
A wireless lock reads authorizations from a card and
unlocks when the stored data indicates that access is to
be granted at that specific door. These authorizations are
programmed in a method similar to that in online access
control. The locks can also write event data on the card.
This means the system can monitor events at doors
when the cards are read by an online card R/W unit. Data
communication with the locks using ‘network-on-card’
cards offers similar functionality to what is found in
online access control. However this information is not
real-time.
By Anton Kuip
Picture: electronic cylinders are a good solution when
ease of installation and low initial costs are important.
Online wireless locks.
Online wireless locks (OWL) have an RF communication
link to an RF communication device that in turn has a
wired serial or IP connection to the host system. To save
energy and increase battery life, RF communication is not
continuous, but triggered by certain events. This may limit
real-time communication and create small delays.
Escutcheon.
Almost all wireless lock manufacturers offer two models,
escutcheon and cylinder. The escutcheon model is the most
convenient model in use; users merely need to present
their card and access is granted. The door is opened by
pushing the handle downwards. Normally, only the door
latch is controlled, but the dead bolt can also be activated
to secure the door. For normal access control, where the
door needs to be locked permanently, an escutcheon is
the most appropriate solution. Extra features can be added,
such as scheduled unlock or a toggle function.
Cylinder.
Electronic cylinders are a good solution when ease of
installation and low initial costs are important. Most
mechanical cylinders can simply be replaced by electronic
versions. After presenting a card at the reader in the
cylinder, the knob can be turned and the deadbolt is
released. The door opens by pushing the handle downwards or turning the knob further, depending on the
mechanical lock used. Normally the door stays unlocked
until it is locked by means of the same procedure.
Cylinders are a good alternative to mechanical keys for
low traffic doors.
Offline lock system connected to AEOS.
Wireless lock systems can be connected to AEOS in various
ways, depending on the type of lock used. An offline
lock system (OLS) stays strictly separate from AEOS. The
only connection between the two systems is at database
level. Once both systems are installed and set up, offline
lock information (i.e. names and addresses of offline locks,
time zones, etc.) is sent from the offline lock system to
AEOS. Each lock receives setup information from the OLS
by means of a portable programming device or laptop;
the lock does not have a wired or wireless connection with
the system. The reader in the lock reads authorizations
from cards presented.
Online wireless lock system
connected to AEOS.
The wireless locks (cylinder, escutcheon) have a RF connection to AEOS making them an integral part of the system.
When a card is presented at the reader in the wireless
lock, the number is sent to the RF communication device
and forwarded over IP or a serial connection to the AEOS
door controller. If the cardholder is authorized to enter, an
unlock message is sent back via the communication device
to the wireless lock and the door is unlocked.
OWLS-AEOS configuration
OLS
encoder
OLS-AEOS configuration
Offline authorizations are programmed in the AEOS system
just like authorizations for online doors are programmed.
AEOS then forwards the authorization data to the OLS
database.
Initial authorizations are written on a card by the card
encoder unit connected to the offline system PC. To change
authorizations or extend the validity of a card, one or more
46
R/W units which are connected to the offline system,
can be installed in a central location or at the entrances.
These units update the cards automatically when
presented. Events generated by the OLS, e.g. battery
status, are visible in AEOS.
Setup software is available to program the initial technical
data in the wireless locks. The wireless communication
device must be in close proximity to the locks (max.
several meters). The exact distance depends on type of
product and brand, and may also vary in practice due to
radio interference and environmental conditions. One RF
communication device can control one or more locks and
is connected to AEOS via a serial or IP connection.
The RF communication is based on an IEEE 802.15.4
(2.4 GHz) radio standard and adapted to the low power
requirements of wireless locks. Encryption requirements
are fulfilled using an AEOS encryption standard.
Picture: for normal access control, where
the door needs to be locked permanently, an
escutcheon is the most appropriate solution.
49
Nedap opens
the door to key
management.
Electronic access control systems have revolutionized the way organizations control the
vital doors on their premises. Thanks to wireless electronic locks, they can also manage
most of the less critical doors on site at reasonable cost. But there will always be a need
for conventional locks and keys too, and managing these is just as important.
............
............
Organizations that use both electronic access control and
conventional keys can integrate the two by using Nedap’s
AEOS security management system. AEOS makes integration
simple. Each mechanical key is permanently attached to
an electronic key fob containing an RFID chip. The key and
attached key fob are stored in an electronically accessible
key cabinet. When a cardholder who is authorized to
handle a key presents a badge, the key cabinet door opens.
Each key fob is assigned a specific slot within the key
cabinet. The fob and its attached key stay locked in place
until released by an authorized user. Meanwhile, the other
key fobs in the cabinet remain locked in their own slots.
Key management in AEOS.
By Anton Kuip
All key cabinets are connected over an IP connection
to AEOS, via a server which controls the cabinets. The
key cabinet software is used for programming key names
and key groups which AEOS uses to assign authorizations
to AEOS cardholders. AEOS access control allows for the
creation of templates, similar to door access templates.
Picture: each key with its electronic fob remains
locked in place until released by an authorized user.
These are created before key authorizations are assigned
to a person. Keys can only be assigned for an unlimited
period. Day/time schedules do not apply.
Time limits.
When an organization needs to impose time limits to
the use of keys, an extra AEOS reader-controller can be
installed next to the cabinet. This makes it possible to
program day/time schedules for each user, so that users
can unlock the cabinet when they need to collect or
return keys. But of course, this means that outside of the
programmed day/time schedules, the keys cannot be
collected or returned. So, to ensure keys are returned on
time, an exit reader can be installed to prevent anyone
leaving the building without having brought back their
assigned key. All events generated by the key management
system – the collection and return of keys – are recorded
and stored in AEOS.
Invexs 190:
versatile, extremeweather reader
with keypad.
Some card readers are made to withstand extreme weather conditions, some have key
pads to enter PINs with, some can be mounted directly onto metal door frames without
losing detection distance. Very few combine these features. Nedap’s Invexs 190 is one of
the few.
By René Waenink
The Invexs 190 was specifically built for use in Scandinavia
and the Middle East. This means that the 190 can withstand both extremely low and extremely high temperatures.
It operates flawlessy at -20ºC as well as +55ºC. Like all
Nedap readers, this latest addition to the successful Invexs
series is stylish, smart and versatile. In typical Nedap
fashion, we have made sure the reader is ready for the
future. Its card technology is software upgradable, either
through AEOS, or, when not AEOS-connected, by means of
a configuration card.
The 190 can be configured to different protocols and reads
a variety of cards (Nedap, Mifare, Mifare Plus and DESFire EV1)
so clients can store credentials in a mixed pool, if desired.
The Invexs 190 is also ready to meet extremely strict
security standards, such as those maintained in government
institutions. For this purpose, it includes a SAM socket
into which a Secure Access Module (SAM) can be slotted
for key storage and execution of highly secure encryption
algorithms.
51
Technical specifications.
IP65 protection
Operating temperature -20º to 55ºC
Storage temperature -30º to 65ºC
Relative humidity 10–93%, non-condensing
Keypad (optional)
SAM socket
Tamper Switch
Inputs 4 x open collector, beeper and 3 LEDs
Communication:
RS485 (Encrypted AEOS or Plain Protocol, user-definable)
Wiegand Data 0 and Data 1 (depends on configuration)
RF Modulator (120 kHz for AX1014 or AB350)
55
Hardware built
to last: threeyear warranty.
Nedap Security Management increased its warranty on newly purchased hardware
products from one to three years. This gesture towards our customers is also a clear
statement to the security industry.
Nedap has been developing and manufacturing its own
range of hardware for as long as it has been developing
its security management platform. “We have always
believed we can only guarantee true innovation, quality
and full utilization of our software’s potential by building
hardware to our own high standards in quality, technology
and design. Only then can customers truly benefit from
our innovative approach. When we say we believe in
quality and performance, we mean business; to prove
it we raised our standard warranty on hardware* from
12 to 36 months” says Hans Schipper, managing director
of Nedap Security Management.
By Erica Meijer
“Our controllers, antennas and readers are high-quality
products, made in our own factory in the Netherlands.
This extended warranty, provided at no additional cost to
our customers, emphasizes the real value of our products,”
he continues. “It provides end users with trouble-free
ownership and better control of total costs.” Arjan Bouter,
sales director for Nedap Security Management, adds:
“The three-year warranty is not only a gesture towards
our customers, it is also a statement to the industry. Our
products are superior in quality, design and technology.”
The extended warranty on Nedap hardware
emphasizes the real value of these products.
* The new warranty applies to all Nedap hardware
(including readers, antennas, controllers and AEpacks)
with the exception of cards and key fobs.
Security Redefined