We’ve also been researching various approaches and different issues encountered. Everyone’s situation is unique. Some internal musing (not asserting these are facts):
Basically, we have not found one lock vendor that does everything we want. Meaning more support/inventory costs (like more risk of door replacement). a) Vendor X’s WiFi lock will do 802.1x, but it will reduce the battery time from 12-14 month down to 6-9 month even at low polling (once-twice per day). We’d have to run a WPA2 SSID to get what we believe to be acceptable battery time, which we are loath to do in our overcrowded spectrum. Others mentioned polling— this low polling reduces ability to make changes for various reasons (ice day, safety emergency, schedule change), or other options while user wait by door. Vendor X also has a proprietary 900MHz lock system (needs another radio infrastructure) — more later. b) Vendor Y’s has a proprietary 900MHz system, so as to avoid WiFi spectrum, but requires you to run another radio infrastructure. They can poll on 30-60 second intervals with decent battery life, some security system vendors have tweaked this to 10 seconds, and offer an App for the customers smartphone to get in if they lock themselves out (more likely to have phone). However, for a particular prox brand, they only support a version of that brand which has published vulnerabilities. There are more secured versions of that brand, but Vendor Y stated they had no schedule/plans to support it. c) Vendor X has a POE lock, but vendor Y does not. POE requires that expensive cable run, door frame, special hinge, drilled door. On the plus side it runs without batteries, which great till the power goes out (there are options for batteries in addition). It doesn’t have wireless security issues/jamming concerns. d) Vendor Y has a model of autonomous use lock (no network connection/managed with smartphone/PDA) that aligns better with our end user's needs in some instances (cheaper). Vendor Y has some modularity in their models, whereby those locks can start with a push button/prox autonomous, and can have modules traded out to their proprietary 900MHz later (no door changes). Vendor X, not as good alignment/modularity (moving form their autonomous [users don’t like] to proprietary wireless means a new expensive lock). e) Vendors will sometimes have different door requirement. So moving between them could mean drilling holes, or may have architectural fit issues with the decor. Holes of different sizes in different places lead to plates and door replacements ($) — you can only drill it so many times. And that takes more labor. f) Our facilites personnel are particular about the sturdiness of lock hardware, the types of cylinders (keying plans), and inventory. I understand and support them on this. All these locks are very expensive. g) Building security runs a decade or more behind the rest of IT. -- William C. Green e-mail: gr...@austin.utexas.edu Director, Networking and Telecommunications phone: +1 512-475-9295 ITS (Information Technology Services) fax: +1 512-471-2449 University of Texas 1 University Station Stop C3800 Austin, TX 78712
