I'm looking for some seasoned response to this question:

what has been the customer response, and dealer involvement on the service side, to hvac controls and door access controls on the same head end?

and for those who have done this, what protocol was used for the door access controller network?

Thanks for the feedback.

I had a customer ask me to incorporate door access into Niagara last week. I am interesed in responses also.

I'm looking for some seasoned response to this question:

what has been the customer response, and dealer involvement on the service side, to hvac controls and door access controls on the same head end?

and for those who have done this, what protocol was used for the door access controller network?

Thanks for the feedback.

I can only speak from my own limited experience.

The company for whom I work does both HVAC BAS systems and door access (and security, CCTV, fire, etc).

We have put both HVAC controls and door access on the same front end, for smaller customers.

However, the majority of our larger and more tech and security savvy customers neither wish nor will allow this.

They've expressed various concerns.

One is the old time warning about one not "Putting all your eggs in one basket." Which has some validity. One really does not want to have the failure of one control system to cause the failure of multiple facility systems all at the same time. And one is always leary about depending upon one vendor/programmer/etc for EVERYTHING.

An even stronger feeling held by many of our large customers has to do with the separation of the HVAC control and security functions. In general, for our larger customers, the in-house folks they have who will be accessing either the security functions or the HVAC control functions are two distinct and different groups. With different abilities, different concerns, and different training. They do not want the security guy to have any possible access to HVAC control, nor do they want the in-house HVAC guy to have any access to the security systems. Customer (upper management level) doesn't even want either side of the house to be able to see what the other side can see. Nor do they wish that a mistake made by one side in data entry, changing a parameter, or whatever can have any possible effect upon something else (as much as is practical and possible).

As concerns what protocol we use for door access ... it varies. We deal with a couple proprietary systems and with a LON system.

This is not to say that we don't set things up so as to allow two or more separate systems to share certain pieces of information.

I think in the US typically the systems are separated. More so because many systems combine with Fire.

In other countries where costs are at a premium people hire professionals and treat HVAC at a more proper level so they see the benefits of installation, flexibility and maintenance from combined systems.

Nowadays you can get multiple redundancy on your systems and monitor them completely.

At the front end you can make your separations to satisfy typical US concerns.

Personally, I think more people primarily in HVAC automation should push into Access, CCTV and Fire systems. It would be a new profit center, especially integrated.

About 3 years ago I purchased a E-structures Lon Door controller through Engeniuity for experimentation. It worked but to get everything to share the right information was a lot of trial and error. Since the door controllers were trying to send alot of information through the LON network and LON does not allow for alot of customization of the way information is transmitted It was alot of custom programming. I did this integration with a TAC system.

I dont even think that the E-structures product is out there anymore. I still do have the controller and the card readers as we removed it after 2 years installed a JCI CardKey.

>In general, for our larger customers, the in-house folks they have who will be accessing either the security functions or the HVAC control functions are two distinct and different groups. With different abilities, different concerns, and different training.

two distinct and different groups

Same thing we have seen. Two groups that don't want anything to do with each other. There is little benefit to having them integrated with this mindset.

Same thing we have seen. Two groups that don't want anything to do with each other. There is little benefit to having them integrated with this mindset.

I'm not sure that I'd say it that way.

Integrating the two systems; allowing them to share certain, selected information, can be beneficial.

But one must also consider other factors.

The original question was about putting both systems on the same front-end.

One does not have to put both systems on the same front-end; a desktop PC, for instance, in order for the two systems to share bits and pieces of the same info or to have them inter-operate.

For most of our customers and their facilities, and we do have some sizable customers, they would question WHY the building engineer would need to know precisely who is gaining access to the building, what their movements are, what access clearance they have, and so forth. They'd also ask the question as to why he's spending time monitoring such things in the first place.

Likewise, same large customers would wonder why the security guy needs access to current operating parameters and status of the HVAC system. What the heck would he do with the info? Why is he even looking at it instead of monitoring security related stuff?

In the case of most of our large customers, security will see any alarm condition, including HVAC alarms. And they consider that adequate. All the security guys then do is go check to make sure there is not any fire, flooding, etc ... immediate danger to the facility. Then the wait a certain amount of time to see if someone from maintenance responds. If someone does not, they have a list of persons they'll try to contact ... by means separate from the system's automatic notification system.

In the case of some of our more security conscious customers, they definitely do not want in-house maintenance personnel to know any more than is absolutely necessary about what precise security arrangements and systems are in place, their capabilities, or their control parameters.

Among other reasons ... security also monitors the maintenance personnel.

In some cases, our more security conscious customers quite deliberately use separate contractors for security as versus HVAC controls. For obvious reasons. They desire security specialists with a more in depth knowledge of equipment, and also the philosophies and principles of security design. Which is a complete subject suitable for a career field all on it's own. Also they don't want the HVAC contractor and his workers to know a durned thing more than necessary about what security systems are installed in the facility. The basic philosophy is that the fewer who know EVERYTHING that is in place, the better.

Some will go so far as to not complete security equipment installation and programming until after all other contractors not involved in security have left.

A fair number of our customers insist that the security systems; door access, CCTV, etc; be separate hardware, with it's own backup power supplies, dedicated network, and so forth. Which is not to say that we, the HVAC controls contractor will not pick up some points within the separate security system and utilize the info from those points as part of the HVAC control system. We're just not allowed to see the whole system (points database), or make copies of it, etc. Usually we're just provided a selected list of points that we can import and utilize.

Usually depends on how big the customer is, whether or not they have a trained and competent security department who really knows their business, value of the facility or it's contents, etc.

Sure, if it's a fairly modest facility, and the security is nominal, they might have everything in one package.

Larger facilities, or facilities with a perceived need for higher security levels, tend to be more picky and explicit in their requirements and expectations. More than a few follow FEMA and DHS suggestions about separation and redundancy. Both of whom GENERALLY suggest that critical systems be standalone (at least within areas) and capable of operating equipment within those separate areas as necessary despite failures elsewhere. Regardless of whether cause of failure is a failure of a IT network, fire, explosion, storm, earthquake, etc.

Chuckle, we even have customers who specify that systems be kept separate from a general IT network (again not to say that information can not be passed over the IT network ... just that the IT network can not be NECESSARY for the operation of the systems) because they don't trust their IT network's reliability.

Personally, I think more people primarily in HVAC automation should push into Access, CCTV and Fire systems. It would be a new profit center, especially integrated.


Exactly what I am looking into. I've got some dealer agreements that prevent me from pushing other HVAC product lines, but shouldn't prevent me from doing, say, Andover door access controls.

My company does HVAC controls, Site Monitoring, Door Access, CCTV, Fire Suppression/Detection, HVAC Install/Service, Raised Flooring, Design/Build. We have done total integrations, (HVAC Control, Fire System, lighting, shade control, door access, CCTV). We are a Staefa Dealer, so a Tridium head end. The CCTV and Access Control are Novus. They have the Tridium head end as well, so it seamlessly integrates, video and all. We can do things down to when a door is forced we can tell a PTZ camera to turn and zoom to that door. As for the "all the eggs in one basket," the Novus door controllers run normally even when they can't communicate with their server. I know I sound like a Novus sales rep, I just have worked with them going on 2+ years now and have had no problems.

As for the "all the eggs in one basket," the Novus door controllers run normally even when they can't communicate with their server.

Where I work we also do HVAC controls, door access, CCTV, fire systems, audio, voice and data networks, etc.

And when the customer both allows it and desires it, we put in multiple systems on the same site and do integration to the extent desired.

When I mentioned the cautions about "all the eggs in one basket" I was referring to a couple of things.

When I speak to them, some customers cite that they do not wish the "one vendor does all" solution. Each often gives more than one reason. Such as, some think that they'll get better bids and deals by having more vendors bid for each piece of the work.

Some say that they don't think using one vendor for everything is a good deal because a single vendor is not likely as technically competent in all the various areas of work as might be desired. There is some validity to this thought. In the case of the company for whom I work, we can counter argue that we have fully licensed, certified and EXPERIENCED engineers and technicians in each of the fields for which we offer services.

Some customers also state that they want multiple vendors because then if they're displeased with the services of any one of them and dismiss them, then only one of the several different systems they have is affected and at risk until they find a suitable replacement vendor.

Still some other customers cite the issue of security. In this case, it's usually a larger customer with higher security requirements than the norm. And in such cases said type customers simply do not want any single vendor to know about or to have access to all of their installation or it's installed equipment.

The other thing I meant about "all of the eggs in one basket" did refer to having some system redundancy and separation. Such as your example where you mentioned that the door access controllers did not NEED their server in order to function.

I have read about installations where to maximize so-called integration and cost savings redundancy and separation was sacrificed. For instance, everything ... HVAC control, security systems, fire and safety systems, etc ... was installed so that all shared the very same LAN wiring, routers, etc with the customer's routine office data network (and in some cases, shared the same controller which was performing multiple system functions). And critical functions and data relied upon that one network being operational and properly functioning.

There are some issues with this idea if carried too far. Not the least of which could be that a single failure point might render EVERYTHING inoperable throughout a building or throughout a single section of the building. Not good, especially during emergency situations.

One of the reasons that FEMA and DHS (Dept of Homeland Security) caution that critical systems should maintain some redundancy and separation. For instance; fire panels should be installed in such a way as to have "distributed intelligence", adequate emergency power sources, and be capable of operating in standalone mode. Performing all the functions expected within their respective zones despite being disconnected from the rest of the network. They also suggest that this be done with other systems, such as door access (and CCTV in cases where a higher level of security is a concern), critical HVAC functions, etc. In short, no single cut network line, failure of a single router or single front-end, flub-up of an IT department, etc should affect more than a limited portion of the overall building operation as far as critical equipment is concerned. However one might wish to define the term "critical equipment". Which varies according to the actual site and customer needs/expectations (and according to local regulations).

FWIW, FEMA and DHS suggestions are only that, suggestions. Although many federal installations are now dictating that such suggestions be followed for Federally owned buildings.

Integration can be a good thing. Being absolutely RELIANT upon integration in order for things to do their job ... isn't.

Integrated systems do not have to mean a single vendor.
Integrated systems do not have to sacrifice redundancy in communication.


"For instance; fire panels should be installed in such a way as to have "distributed intelligence", adequate emergency power sources, and be capable of operating in standalone mode." --- Interesting comment. Who's systems are distributed?

Well drafty, I bet you didn't think you'd get responses like these. Anyway, I see what osiyo is saying. It all really just depends on the customer. I have done sites where they didn't want everything all to one server, but I also have some who did. Sysint said it right also when he stated "Integrated systems do not have to mean a single vendor. It's all very reliant on each job/customer.

As for "was installed so that all shared the very same LAN wiring, routers, etc with the customer's routine office data network," if the customer doesn't want to spend the money for a separate physical LAN, (which most don't), then when the system is down they have no one to blame but themselves. Yes, they'll try to blame you, but all you have to say is it's their equipment that failed and they chose to run it on there. Most of the time our systems will run on their physical LAN, but have it's own VLAN keeping it logically separated from the rest of their network. As for our company have knowledge of the whole system if we do total integration, if the customer is that concerned their employees should be trained in the system to keep people out. It doesn't matter if we install and program the system, if they do their job right we couldn't get back in later unless we were sitting physically at the system.

Bottom line, propose the integration. If the customer doesn't want it they'll tell you. If they do want they'll tell you.