Buying Guide · Access Control

How to spec commercial access control hardware.

A field-oriented walkthrough for installers, integrators, and facility teams spec’ing access control for commercial deployments — from reader choice through power sizing.

View Access Control Catalog → Spec Review with Technical Sales

01 / Start With Deployment Scope

Door count, user count, environment.

Before picking SKUs, write down three numbers and one location category. Most spec errors trace back to one of these being wrong:

Door count — controllers are sized in 1, 2, 4, 8, 16, and 32-door multiples. Buying a 4-door for a 5-door site means a second controller (and another power budget).
User count — credential database limits vary by platform. 100 users and 100,000 users use different controllers.
Environment — interior offices, exterior gates, parking garages, food-processing, freezer rooms — each implies different IP ratings, temperature ratings, and corrosion resistance.
Existing head-end — if you’re tying into Kantech EntraPass, Lenel OnGuard, or another integrator platform, the panel choice is constrained.

02 / Reader Technology Choices

Wiegand, OSDP, or multi-tech.

Three decisions:

Communication: Wiegand vs OSDP

Wiegand is the legacy standard — works with virtually every controller but isn’t encrypted and runs short distances. OSDP (Open Supervised Device Protocol) is encrypted, bidirectional, and runs longer cable. For new commercial installs targeting any security spec, OSDP is the default choice. For retrofit on legacy Kantech panels, Wiegand may still be required.

Credential Tech: Prox, MIFARE, DESFire, Mobile

125 kHz prox is the cheapest, easiest to clone (security weakness). 13.56 MHz smart cards (MIFARE Classic, DESFire EV2/EV3) are stronger. Mobile credentials add convenience but require carrier-grade infrastructure. Most NDAA-aware specs prefer DESFire-class encryption.

Form Factor: Mullion, Wall, Keypad

Mullion readers mount on narrow door frames (the strip beside a glass door). Wall readers are wider, accept multi-tech and mobile, and look better in office lobbies. Keypad readers add a PIN factor for two-factor at higher-security doors.

03 / Controller Architecture

Standalone, networked, or hosted.

The controller is the brain. Three architectures, each with deployment trade-offs:

Standalone — controllers operate independently per door, no server required. Good for single-tenant small commercial. Limited reporting, no centralized credential management.
Networked — controllers report to an on-premise server (Kantech KT-1/KT-2/KT-300, Lenel LNL-X series, etc.). Centralized credential management, full audit trail, integration with video and intrusion.
Cloud-hosted — controllers report to a SaaS platform (ProDataKey, Brivo, Genea). Lower upfront cost, recurring subscription, ideal for multi-site SMB.

If you’re tying into an existing head-end, the controller choice is dictated by the platform. We stock controllers compatible with Kantech, Lenel/S2, HID, Mercury Security, and ProDataKey.

04 / Power Supply Sizing

Most undersizing happens here.

A 4-door system with maglocks pulls more current than installers expect. Quick sizing math:

Per-door load (typical):
  Reader (OSDP) ≈ 0.2A
  Maglock (600lb) ≈ 0.5A
  Electric strike ≈ 0.4A holding / 1.0A inrush
  REX motion + button ≈ 0.05A
  Controller overhead ≈ 0.3A per board

4-door site: ≈ 4 × (0.2 + 0.5 + 0.05) + 0.3 = ~3.3A continuous
→ Spec a 10A supply at 50% headroom for battery charging + spike margin.

Always include sealed-lead-acid backup sized for at least 4 hours fail-safe operation on a door with maglocks. Tornado/storm-prone regions: 8 hours minimum.

05 / Common Compatibility Traps

Mistakes we see most often.

Mixing Wiegand reader formats — H10301 26-bit vs Corporate 1000 vs custom site codes. Half the time we get a “the reader works but no users authenticate” call, it’s a format mismatch.
OSDP secure-channel without paired keys — installers often deploy OSDP readers but forget to bind keys to controllers. Reader works in install mode then dies after the next firmware push.
Fail-safe vs fail-secure on the wrong door — fail-safe (unlocks on power loss) is for egress safety; fail-secure (stays locked on power loss) is for valuables and exterior doors. Code requires fail-safe on emergency egress paths.
Maglock without REX — maglocks need a request-to-exit device (motion sensor + push button) wired to break the magnet on egress. Forgetting this fails code inspection.
Power supply too far from the door — voltage drop on long DC runs causes intermittent maglock release. Keep door power supplies within reasonable cable distance, or step up to higher gauge.

Spec Review

Sourcing access control for a project?

Send the door count, head-end platform, and any compatibility constraints — we come back with a spec-verified parts list, pricing, and lead time before you commit.

Request Spec Review → View Access Control Catalog

Equipment Referenced · Access Control

Hardware specified in this guide.

Kantech KT-2

2-door IP controller
PoE+ powered
EntraPass-native

View product

Kantech KT-400

4-door Ethernet controller
EntraPass-native
Mid-tier commercial

View product

HID iCLASS SE R10

Mullion-mount reader
iCLASS SE / Seos / DESFire
IP65 indoor/outdoor

View product

HID DESFire EV3 Cards

50-pack smart credentials
AES-128 mutual auth
Modern commercial default

View product

Securitron M62 Maglock

1200 lb holding force
12/24 VDC selectable
Single or pair

View product

Altronix AL400ULB

4A 12VDC access power
UL commercial-listed
Battery-backed

View product

Related Guides

Deployment Architectures

Related Categories

// Need pricing on this project? Talk to a real person at Secure Home Supplies.

Request Bulk Quote → Email Us