A discussion of some of the differences between a cloud based and server based access control system. Listen to the podcast episode or read through the transcript below.
All right, welcome to Episode six of our podcast today, I want to talk to you real quick about system architecture in regards to access control. There’s really two types I want to discuss today. The first one is going to be a server based or a key system, and the second one is going to be a cloud access control system.
And so the difference between the two is, of course, a server based system has a server stored locally at your site, and that’s going to be typically a Windows machine, usually running either windows into your Windows Server and actually using a database that’s built into either a sequel or Microsoft Access. And then whatever assets control platform you have has a server program effectively that accesses those databases, and that’s how it controls your system. And so everything’s there on your local network.
All of your access control panels talk back to a server, your machine. They use your computer that you use, if you will, to make programing changes, talks to that server and it all runs over your network.
The other version, the other alternative there is that cloud based system, and so the cloud based system, you still have your local hardware, so your panels are still local on your site that control over your hardware. But instead of talking back to a server inside the building, they use a VPN connection and reach out to a cloud server. And systems typically use either Google cloud server or our system uses the Amazon Web services. And so, again, it’s an encrypted connection to effectively someone else’s computer.
But in this case, it’s Amazon and there are some advantages and disadvantages here. The problem with air, with the server based system, of course, is that any time you take a Windows update, whether it’s a server update or a client station update, they run the risk of the software not working anymore.
In fact, if you take a software update, you may run the risk of it not working anymore because the version of Windows and the version of the software don’t work together. And that actually happens kind of frequently. And it’s a difficult thing to deal with because if it’s a Windows update and then, of course, you have to get the manufacturer to redo their programing and make it work with that new update. And that’s not an easy process. If it’s a program update, at least you can typically roll it back to the previous version. But then whatever that update was, you, of course, don’t have. And so people end up doing to prevent an unplanned outage or an unplanned ability to access their system as they turn off updates. And the problem with that, of course, is that a lot of your updates are a security update. And so now your security system isn’t getting the security updates and your server and client station arguing security updates. And so whatever patch they put in there, whatever flaw they found, you don’t have covered with that cloud based system.
You know, the manufacturer is making that change before they are rolling that Windows update onto their server. And even though it’s stored on someone else’s machine and again on Amazon, they are working with windows with whoever the manufacturer and that computer company are working together so that when they update the server program, they also can update the access control program. And they’ll still work together because you use a Web browser or mobile app to access that system for your programing changes. Any Web browsers can work. So as long as you have a Web browser, whether it’s an explorer, Firefox, Chrome, Safari, whatever. As long as you have a relatively current version of it, you’re going to be able to get into your system and make those changes so it won’t matter if you took a Windows update on your local computer, because, again, as long as the Internet still works for it, you’re good to go. That’s probably from a user functionality. One of the biggest differences, the other one is security. Right?
So. You have to imagine that Amazon Web Services has teams of people dedicated to protecting those servers and they know how to defend them against hacking, but to detect and recover if they are hacked. Right. Typically, a commercial building doesn’t have the infrastructure in place that they would be able to detect or quickly repair if their system did get hacked. Additionally, because it is Amazon Web Services, if somehow a copy of your backup gets hacked or gets damaged or gets corrupted, that’s backed up other places as well as Amazon. And so you don’t have that data loss, whereas if you are running a server, unless you’re mirroring that server or you’re backing it up to another machine somewhere, if your local server, your building crashes, you’re just done, you’re going have to go back over the last time as you backed it up, which may have been on the initial install a couple of years prior. Right.
With Amazon, it’s beginning backed up constantly and with our particular access control system that we use, it actually backs up your personal information every night and so we can restore back to the previous day very, very quickly. And that’s very handy, not just in if for some how the system got damage there. Hacked. Right. But if your panel crashes, so it is an electronic component, things happen. So maybe you take a power surge, maybe, you know, who knows. Right. That control panel and your building goes down. We have a backup. And so what will happen and we’ve done this on a couple of occasions is I will on the way to site call the manufacturer and say, hey, here’s the new panel. No, we need to transfer all the data off of this old panel number onto this one. And we’ll have a prepped and ready to go in the second I get that new panel hooked up and connected to the Internet. It takes a download from that server and it becomes the new server. And because you already have that data backed up, it’s just that quick. You may lose a couple of changes that you made that day, but you have a very, very recent backup, which is typically not what we find with a server that’s based on site.
Also, it’s easier to recover if somebody accidentally does a programing change that is somehow messes up their system. Right. And I’ve had this happen. I had a guy who had about three thousand cardholders demands to delete, 10 percent of them didn’t know what, 10 percent. He just knew that he’d somehow deleted three hundred people. Well, that’s pretty tough to recover from if you don’t have that data somewhere because we back the panel up every night. I just said, hey, what’s what changes have you made today? And he says, we added eight people. And I say, great, we’re going to back your system up to yesterday to midnight last night effectively. And then we’re just going to add those eight people. And so we were able to recover all the people we lost. And again, we don’t ever, never really knew what three hundred people it was. We just knew that he had lost three hundred people were able to recover all those people that actually deleted as quickly add those eight people back they’d already had in place and has done and it was just as fast as we can download the data from the Internet, which, you know, it’s not a high bandwidth data. We’re good to go with that server. If there’s a local server, we have been stuck. Right.
We’d had to go back through because with your server, you typically are backing up the most current copy and it just keeps updating that file. And so if you screw up that file, you’ve backed up a corrupted file. Right? You don’t have a recent back up from the day before. You don’t have a racing backup from last week typically. Right.
There’s also the security aspect of it where because you’re using an encrypted connection over a VPN to get from your access control panel to the Amazon Web Services, the Google service or whatever it is, these are servers that are stored in SOC to compliant buildings. So they’re very secure.
The odds of your local system being hacked are pretty slim because there’s not a way to hack it. Right. Even if someone gets into your Internet or even someone has through your firewall, they can’t actually talk to that panel because that panel doesn’t take requests coming in. That panel only sends a request out and waits for a response. So you can’t just force your way into that access control panel.
Whereas with a server based system, if I can get on your network and I know a software using, especially if you have a integrator that doesn’t change passwords or, you know, they always use the same password, that’s pretty common. Once I get on your program, once you have a network, I can get into your program and I can do whatever I want. So it’s a nice, secure feature that way, too, that even if someone hacks your network, your local network, you or someone gets a computer on or gets whatever, they can’t get into your system. The only way to make changes to your system is through the Web browser. But that Web browser is using encryption to talk. It’s on a secure page and then you’re using credentials and they said we’re going to be email and password. But there’s also two factor authentication, right? So you have to have an authenticator giving you that code, whether it’s Google or whatever other authenticator you want to use to make those changes to your system.
So I personally feel like the cloud, even though it is counterintuitive, the cloud is actually more secure than that local system just because, again, most companies don’t have the infrastructure in place to have a security layer in the way that Amazon is going to have for theirs. So that’s just my thoughts on it.
I appreciate listen today, and I hope you enjoy the rest of your day.