Partnering with Homebase to offer Multi-Family “Smart Home” Technology

By Neal Bellamy, IT Director at Kenton Brothers

Smart home technology has been around for a few years. It’s the ability to control lights, thermostats, locks and more in your home using an app or a remote control. It’s building automation for your home. If you own a condo or an apartment complex, how can you offer the smart home experience to your tenants? Can you use the same products as a single-family home or a commercial building?

Let me show you how partnering with the right people can make smart home tech another bonus for your complex.

First of all, the typical smart home and commercial products aren’t a great fit for multi-family buildings. Most of the building is made up of individual “homes” with each home needing to have their own control over locks, lights, etc. However, there are also common areas in a commercial building including a gym, pool or front entrance that every tenant will need access to.

Kenton Brothers: Homebase LogoYou may need an intercom system to call a tenant if they have a visitor. To accomplish the task, you need two experts. One in Smart Home and the other in commercial security systems. Partnering with Homebase, Kenton Brothers has helped several multi-family facilities offer smart home tech to their clientele.

Homebase offers a tenant all of the smart home features like automatic locks, lights and thermostats. However, they also solve the problems associated with an apartment or condo like move in/move out, demo unit access, dog walker or cleaning service access through the front and tenant doors. They also offer a maintenance ticketing system and shared space access for all tenants.

Kenton Brothers: Smart Home SolutionsKenton Brothers makes sure that the right locking hardware and other security systems are in place and integrated.

Not every “smart” lock is ready for this application. Different doors will have different needs for intercom, access control, and/or smart home. An electrified lock on the front door of the complex will be very different than the door to a unit, but both need to be compatible with the building automation, or smart home system. The intercom system needs to call tenants wherever they are because many people no longer have land lines.

For more information, click here to download our guide for “Top 11 Solutions for Multi-Family Properties”

If you want to offer smart home functionality for your tenants, give us a call. We’ll partner with you and Homebase to integrate the different systems and features to create the right environment for you and your tenants.

How does a security integrator design their own security systems? Part 3

By Neal Bellamy, IT Director at Kenton Brothers

In the last couple of months, we’ve been designing our intrusion system, network infrastructure, and video surveillance systems. Now it’s time to design the access control system.

Access Control

There can be lots of advantages to Access Control.

Because the doors are controlled electronically, we can:

  • Automate the open and close time of the business or areas
  • Stop handing out keys that might not be turned back in or lost
  • Track who goes where, etc.
  • Use access control doors for business reasons, not just for security.

Kenton Brothers: Access Control and LocksFirst, let’s talk about the components of access control. A couple of the components are obvious, but others are misunderstood. Today we’ll talk about card readers, locks, door position sensors, request to exits, and credentials. Exciting, right? Maybe not, but these are incredibly important details for a commercial security system.

Card Readers

Card readers are the most obvious component required in an access control system. The card reader is what reads your access control card and identifies you to the system. Your card is unique to you within your access control system. However, a card reader doesn’t have to be just a card reader.

There are lots of ways to identify yourself to the system. Fingerprint readers, vein readers, pin pads, iris scanners, and face scanners are all possible ways that you could be identified. Some of these are more secure than others. Pin numbers can be shared, so we highly suggest not using them, or make sure that whatever you have behind the door is not valuable.

Fingerprint readers are more hackable (YouTube Video about that here) than a vein, iris or face scanners. The highest level of security is two-factor authentication. You would use two of these kinds of credentials to enter the door at the cost of being less convenient.


Kenton Brothers: LocksLocks are the next most obvious component. You need to be able to lock and unlock the door electronically. Common electronic locks are Electrified Panic, Electrified Levers, Strikes and Mag (magnetic) locks.

All electronic locks can be broken into two categories, “Fail-Safe” or “Fail-Secure”.

Fail-Safe locks unlock when there is no power going to them. When the power “Fails” the lock is “Safe”. In this case, “Safe” means someone can get out. Unfortunately, that also means that the door is unlocked, so someone could come in if the power fails.

Fail-Secure is the opposite; when the power fails, the lock is secure or locked. There are times when codes require a Fail-Safe lock, like in a stairwell of a large high rise, however, at Kenton Brothers we prefer fail secure locks.

Electrified Panic, Electrified Levers, Strikes can all be Fail-Secure or Fail-Safe, but mag locks are always Fail-Safe. Mag locks usually require two forms of egress, meaning that there are two ways to leave the building through a mag lock. Mag locks generally are also required to be connected to the fire alarm. Although Mag locks themselves can be cheaper than other types of locks, by the time you connect the two forms of egress and the fire alarm, you could have installed a Fail-Secure lock.

Door Position Switches

Now you can authenticate at the door with a reader and unlock the door with an electrified lock. But how do you know if someone propped open the door, or forgot to shut it? That’s where the third component at the door comes in, the door position switch.

This switch is generally a magnetic switch mounted in or on the door that tells the system if the door is open or closed. You can use this information to drive alerts if a door is left open too long, which circumvents the security that you are trying to establish with access control.

Wouldn’t it be nice to know if someone opened the door that was unauthorized?  With the door position switch, we can tell the door opened without a card read, but it would also alert us when anyone leaves the building.

Request to Exit

We use a second type of switch to tell us when someone is leaving the building called a “Request to Exit”. This can be a motion detector that triggers when someone gets near it, or it can be built into a lever or exit bar. That way, if the doors opens, but the request to exit was not triggered and the reader was not used, we know someone came in from the outside and was not authorized. This is called a “Door Forced”. The door was forced open with key or crowbar.


The last component is a credential. We say credential, not card, because we can use a key fob, iris, face, fingerprint or other identifying feature to authenticate to the system. Most systems use a card or key fob, because of cost and ease of use. However, not all cards and key fobs are the same.

There are dozens of technologies that can be used to store and transmit the credential number to the system. Some are proprietary, some are open, some are not-encrypted and some are. Generally, we advise clients to use a “Smart Card” technology that is encrypted, but not proprietary. It provides the security of encryption while allowing the technology to be compatible with most access control systems. Some options even guarantee that your exact credential number will never be available to any other company in the world, while also being non-proprietary and encrypted.

So What Will Kenton Brothers Be Using?

Whew, that was a lot of info! Now let’s talk about the solution we’re going to use at Kenton Brothers.

Our exterior doors need to be secure, while some of our interior doors are really just for traffic control. We will control our space while also controlling the tenant space. There’s an overhead garage door leading from our space to a space shared with the tenants. We also have an overhead garage door for loading and unloading material that we don’t want to have to get out of the truck to open.

For the exterior doors, we’ll install an electrified exit bar with a built-in request to exit. The exit bars are heavy duty and allow a large number of people to get out of the building. The built-in request to exit also gives less false triggers than motion detectors, because instead of triggering when someone gets close, it only triggers when someone actively leaves the building by presses the bar down. These doors will also get a door position sensor.

The interior doors will be strikes or electrified levers. Although these locks are still rated as “Heavy Duty” they are a little less expensive and won’t see as much use.  We will still use request to exits in the electrified levers, for the same reason as the exit bars. We’ll still use a door position sensor to make sure the doors are closed.

The overhead doors will be controlled by door operators, kind of like your garage doors at home. We’ll tie those into the access control system.

For the readers, we’ll use HID iclass SE. These are non-proprietary, encrypted readers, which can also be used with Bluetooth credentials. Right now, they will connect with the Weigand protocol, an open standard communication between readers and access control systems. They can also use a newer, more secure OSDP protocol when the access control systems are ready.

For the long range reader at the exterior overhead door, we’ll use a Nedap reader that can read a special credential at distances up to 33 feet away. That way, the door can be opened without leaving the comfort of the truck.

Thanks for joining me on this physical security journey for our new building. We are really excited to create a showpiece of security layers and technologies.

Please stop by this summer to see everything we’re integrating to create a holistic security stance!

How does a security integrator design their own security systems? (Part Two)

By Neal Bellamy, IT Director at Kenton Brothers

In our last story, we designed an intrusion system for the new building. Now we need to design the other security systems including the network infrastructure security and capacity. Then we’ll look at different camera technologies and their uses.

You’re only as strong as your foundation:

All of our systems use the IT network as a foundation. It can often be overlooked and can easily be the weakness of any security system. We need to design a good, solid foundation so that the rest of the security systems can do their job.

VelociraptorThere’s been a lot of press lately about systems being hacked. Multiple companies and products are continually being tested (like an electric fence in the velociraptor cage). The easiest and most secure way of protecting the devices from testing is to separate them from the herd. By taking all the security devices and giving them their own network, and then channeling all network access through computers of your choosing, you seriously limit the devices that can be attacked. The IT Security industry called this idea the “Attack Surface”.

Limiting Access with Network Configuration

We’ll accomplish separating the network with VLANs, or Virtual LAN. A separate physical network is also acceptable. After we separate the networks, we will place rules into effect in our firewall between the networks to prevent anyone from the internet getting directly to the cameras or access control controllers. While we’re at it, we’ll prevent the computers inside Kenton Brothers from getting directly to those devices too. If you need to get to the cameras, you have to go through the Video server. As a result, the attack surface has been reduced to just the video and access servers. Of course, you still need to use best practices for security on individual devices. All of your camera passwords should be unique and strong, firmware should be updated, etc., but we’ve added another layer of defense.

Network Speed

Now that the network is secure we need to make sure it is fast enough. Most people take for granted that their network is fast enough. Most office activity is relatively slow and not much strain on the network. Every business is different, but our servers range from .2 Mbps to 3 Mbps of network utilization throughout the day.

A single 5MP camera, depending on the frame rate and compression, might run close to 7-12 Mbps and that traffic might be used all the time. It doesn’t take too many cameras to bottleneck a gigabit switch or a server with only one network connection. By the way, like the speedometer on your car, just because the top speed is 1 Gigabit, or 1,000 Mbps, doesn’t mean your switch will actually go that fast. Real world results will vary.

Testing your network and server is always advised. I estimate that our 27 cameras will consume about 150-200 Mbps of bandwidth and will need about 20TB of storage based on 40% motion. A couple of 24 port gigabit switches will work for us. I’ll still make sure the server has at least two network cards, one to receive the camera streams, and one to serve video to the clients. While our access controllers will also be on the network, bandwidth is hardly ever a concern for them. They can comfortably ride on the same network as the video.

The right tool for the job

Next, we need to start picking cameras. We always believe you should pick the best camera for the job. While that might mean all of your cameras come from the same manufacturer, it’s not always the case. There are a few challenges we need to overcome in the new building. One is Wide Dynamic Range.

Wide Dynamic Range Cameras

We’ve talked about WDR before, it’s the ability of the camera to see where there is both bright light and dark shadows in the same view. This impacts us the most when the camera is inside, but looking outside. Overhead doors, glass entrances, and parking garages all fit into this category. We need to make sure that the cameras that are looking outside have strong WDR. Most manufactures offer multiple tiers of WDR. Typically the better WDR cameras are on the higher end.

Thermal Cameras

We also have an area behind the building that is hidden from view. It’s pretty dark out there, so it might be a good application for some thermal imaging. Thermal cameras use temperature rather than light for the image. It is great at detecting things, but not so great for identification. In our case, we’ll use it to sound an alarm when there is activity after hours. Adding lighting is just as important as picking a good camera, so we will do that as well. The lights won’t hinder the detection of the thermal camera, and will give other cameras a better image, so it’s a win/win.

Analytic Cameras

In areas that no one should be in after hours, we’ll deploy some analytic cameras. There are various levels of analytics, some detect groups of pixels in an area or crossing a line, but Avigilon actually classifies the object into categories like Person, Vehicle and other. This makes it easier to reduce false alarms due to swaying trees or a random cat walking into our field of view.

We’ll deploy those cameras in the back of the building and high-value areas inside where we want to be notified of unusual activity.  Analytic cameras can also be connected to monitoring centers, who can receive notifications and respond to any events.  It’s worth noting here that analytics are awesome, but you have to have a good procedure to follow too. Having an area where no one should be is much easier to manage than “only if the guy looks suspicious”

This gives us a good start on our security infrastructure and video security. Next time, we’ll talk about access control and intercoms!

Do we eat our own cooking? How the experts approach physical security. (Part One)

By Neal Bellamy, IT Director at Kenton Brothers

How does a security integrator design their own security systems?

Kenton Brothers: Eating our own cookingMost people are familiar with the phrase, “Do you eat your own cooking?” This is a casual way to ask a company if they implement the same products and services they’re selling their customers in their own business.

I think that most companies do a far better job of providing their services to their customers better than they do for themselves for lots of reasons. But the most common reason is that they’re too busy doing a great job for their customers. They just don’t have time, because the customer comes first… right?

Over the next couple of months, we have the opportunity to do it differently. Since we are moving into a new office, we can design our systems from the ground up. It’s an opportunity to showcase what’s possible in a real world application. Today, we’re going to be looking at an intrusion system, also known as a burglar alarm.Kenton Brothers: New Building Sketch

Our new space is a much larger building. (Yay!) We will sublease space to at least one tenant, but maybe more. There are office, warehouse and common spaces with lots of windows and overhead doors.

The main challenges we need to address are:

  • How do we keep the tenant space operating like it has its own system and provide for future expansion
  • How do we protect the different areas of the building?
  • How do we do it as cost effectively as possible?

The first issue can be solved by many different alarm manufactures, most of the larger systems have a feature called areas, or partitions.

Areas allow a keypad and related sensors to act as a self contained alarm system. It’s also possible to have a “Common” area that disarms with the first related area and arms with the last related area. Honeywell provides a good explanation of a common area here (PDF). We will have multiple areas defined that can monitor our own space, the tenant space and any common space that’s shared. We just need to make sure that the panel we choose will have enough partitions for future expansion.

Next on the list to tackle is how to protect the different areas.

We will certainly need to place door contacts on all the doors into the various spaces, but the type of contact and how they’re wired is important as well. To maintain the aesthetics of the personnel doors, we’ll use recessed contacts that are only visible when a door is open. They also come in different colors to closely match the color of the door frame.

We can help protect damage of the overhead door contacts by providing rail mount door contacts, which keep the contact higher and out of the way. One example is an interlogix 2300 series. Motion detectors come in all shapes and sizes, but using a motion detector with multiple technologies keeps the false alarms at a minimum. Bosch, for instance, has a whole line of Tri-tech motion sensors. We’ll also use glass break detectors for the larger glass areas. Glass break detectors provide more reliability than motion detectors alone.

Just as important as the sensors that we use, is how they’re wired.

Most alarm panels supervise the detectors that are connected to it. This supervision circuit monitors the wire that is connected by adding a small resistor to the end of the wire. If the resistor can be measured, all is good, if the resistor is missing, or the wire is not connected at all, it will send an alarm. No method is foolproof, but it adds another layer of security to the alarm system and will alert us if a wire is damaged before we find out the hard way.

As with any system that we design and install, we want the best bang for our buck.

We want to maintain the sensor quality because it would be worthless to have multiple false alarms or to miss an important event. However, there are good ways to save money on an installation.

One way is to wire efficiently. Traditional or smaller alarm panels need to have a separate wire from the sensor to the alarm panel or input module. However, several systems allow loops of wire to be installed with many sensors on each loop. Since the new facility is much larger, having loops will save over 1,000 feet of wire and the labor to install it.

Older and smaller panels also used to require a POTS (Plain old telephone system) line to report to the monitoring stations. Not only is the reporting slower, but who has a telephone line anymore? We will use the IP network to communicate with a central station and pocket the $20 – $30 month that a phone line would have cost.

Last, while not a cost-saving measure, but something we will get for free by choosing the right system, is integration with access control. Since the Access control system and intrusion system are on the network, they can talk to each other. With integration, we can see the status of the areas through the access control system, we can turn off the alarm through the access control system when they enter the building, and we can prevent access control from unlocking side doors when the alarm is armed. All of the integration is designed to give more visibility into the system and to reduce false alarms in the intrusion system.

We’re all excited about the new building. Some are excited about more space, some are excited about fresh paint, but I’m excited to showcase our capabilities and to redesign the security systems from the ground up. Next month, we’ll talk about the network layout that all the systems use as a foundation and a the video system design.

Getting Back to School Safely

By Will Zurcher, Installation Manager at Kenton Brothers

ClassroomSecuring the front entrance of any facility can be challenging. Securing a school’s front entrance is possibly the most challenging project a company like ours can be asked to provide.

Schools present unique obstacles.

  • Parents don’t want to drop their children off in the morning to a building that resembles a prison. It makes sense to make sure people on the inside are safe from external threats. But we have to remember that a facility that is harder to get into is also harder to get out of.
  • In the design phase, we have to always keep in mind that the majority of the users are going to be children and visitors. And they aren’t necessarily familiar with the facility, so the systems put in place have to be easy for them to use.
  • There are situations when the systems we put in place will need to be bypassed to accommodate large groups of people to pass freely in and out of the building.

Realistically, with the budgets that schools are faced with, creating a 100% secure front entrance is often not possible.

When starting the design process, we must first work on funneling all of the traffic to the front entrance in order to control access to the building. This can be done with fencing to deter trespassing and limit access to secondary entrances. Cameras monitor perimeter entry points and notify staff of any unknown traffic around the facility. The cameras can double as monitoring tools for recesses and transition periods. Door “position” switches can also be installed to notify staff of any unlocked entry points.

With these options in place, any unauthorized people would need to proceed to the office in order to gain entry into the building.

Recently, front entrances have been designed or remodeled to have a double door style entrance which allows visitors free entrance into a secured vestibule area. This allows front office staff to clearly identify visitors.

In the vestibule area, there’s a second set of access controlled doors that lead into the school. There’s also a single access control door that leads into the office. These doors will be outfitted with locking mechanisms that are “fail secure”. This means that if the school loses power, the doors will remain locked.

Outside the office entry door there is an intercom system for the visitor to communicate with the office staff. If no threat is detected, the staff has a button to release the door lock, allowing the visitor entry into the office to sign in. This process allows the office staff to keep track of everyone in the building. It also allows the office staff to notify the authorities of any threats with a duress / panic button while securely delaying the threat long enough for the authorities to get there.

Kenton Brothers understands all of these situations. We help schools implement easy-to-use and reliable solutions while working with the staff to put procedures in place for emergency situations. Give us a call to learn more.