The top priority of control professionals is making sure that automation networks are operating reliably and safely. Security in this context involves using Defense in Depth techniques to protect critical control assets and safety systems -- as well as the entire manufacturing, process control or transportation environment.

This broader view of security includes physical security and it is achieved by using a combination of physical barriers and technology systems. New physical security technologies are trending towards IP-based video surveillance and access control systems and can even include things such as biometrics and complex perimeter intrusion measures.

What types of Ethernet switches and which network architectures are best for physical security systems, particularly when operating outdoors? Understanding the options in this area will help you select or specify surveillance and access control networking equipment that works effectively and efficiently – thereby contributing to high reliability.



Physical-Security-Systems-are-Essential-for-Defense-in-DepthDefense in Depth for industrial facilities includes securing the outdoor physical environment.

Specifying Network Equipment for Outdoor Physical Security Systems



Physical security systems may include applications for video surveillance, perimeter monitoring, emergency response, intrusion detection, access control and asset management. They evaluate information received by cameras, sensors, RFIDs and other devices for threats or anomalies and generate alerts.

The hardware and software components are connected by a shared infrastructure that includes a distributed industrial Ethernet network. In a previous article we examined ways to segment such a network so that high bandwidth physical security data is separated from operations data, thereby protecting uptime.

Now let’s take a look at Ethernet switches and identify the requirements needed for high performance in outdoor or uncontrolled environments. Key considerations are:

  • Hardened enclosures to prevent incursion from water and dust as well as high humidity
  • Wide operational temperature ranges to keep systems running in weather extremes
  • Fan-less designs with convection cooling to reduce failure points and improve product lifetime
  • Long Mean Time Between Failures (MTBF) characteristics for high reliability and network uptime
  • Compact form factors to minimize real estate cost and be flexible to fit with any structure
  • Long Distance Fiber links back to a central office or control center
  • Power over Ethernet (PoE) ports to power IP-based cameras, reducing installation/maintenance cost and complexity
  • High redundancy and reliability via Spanning Tree Protocols, ring topology, redundant power source and other software enabled network capabilities
  • Flexible and expandable traits for future expansion needs



Physical-Security-Network-for-Medium-Sized-Surveillance-SystemShown above is the network architecture for common deploymentof a medium-sized outdoor surveillance system.

The managed Ethernet switches used in this case are the
GarrettCom Magnum 10KT
 and Magnum 6KQ/6KL.

Physical Security Application for National Sea Port 



The Port of Oakland is the fifth busiest container port in the United States and is an example of a transportation facility that absolutely requires a physical security system. Local surveillance cameras and access control systems are monitored by both a local security console and a Global Security Center.

The local network uses an industrial  Ethernet switch with configurable combinations of 10/100 copper ports and 100MB  fiber ports as well as optional Gb ports. Several of the ports offer PoE, which means that a single industrial Ethernet cable can be used to provide both power and Ethernet communications to devices.

PoE simplifies the installation and commissioning processes ty replacing multiple connectors with a single connection. This lowers costs as fewer components are needed and the replacement process is simplified.

The switch has a sealed metal case that serves as a heat sink enabling it to operate in the harshest environments and achieve EMI noise immunity. It also has an IP52 rating for dust and water resistance.

The Global Security Center uses a managed Ethernet switch with high, flexible fiber port count capabilities for both local connections and long distance traffic. Dual hot-swappable power supplies increase redundancy and reliability. National-Sea-Port-Physical-Security-NetworkThe physical surveillance systems of many ports in the U.S. are connected to global security and operation centers.  Click here to see the network architecture for a large physical security system like this one.

Selecting Industrial Ethernet Switches for Physical Security Systems



Here are the things to keep in mind when specifying or selecting industrial Ethernet switches for security and surveillance systems:

  1. Assess the environment the switches will operate in and select industrially hardened switches with the ratings and features to comfortably do the job.
  2. Select switches with the ports you need now and that will help you expand or adapt in the future.
  3. Especially for switches that connect to cameras, select switches with PoE ports to minimize costs as well as installation and maintenance efforts.
  4. Minimize the total cost of ownership and maximize availability by selecting equipment designed to have a long MTBF.
  5. Ensure reliability and safety by selecting equipment that delivers redundancy via software, standards and topology support.

The presentation available for download below discusses network design best practices for physical security applications and may be of interest to you.

Is your physical security system integrated into an industrial Ethernet network? Is it part of your Defense in Depth plan? I look forward to hearing from you.

This article was created with expertise from Maggie Wu, the director of product line management for GarrettCom and Tofino Security products.

Related Links

Physical Security Resources



Belden Physical Security Networking Solutions

 New call-to-action