Daniel Haines Logo
Contact Me

Enterprise Access Control System

Locally secure, globally accessible

Door Control System

Client

Developed for a physical security company to enhance user experience.

Date

Completed in November 2024

My Role

Full-Stack Development

Project Overview

Cloud Integration for Physical Access Control Systems is a complex challenge that requires careful consideration of security, network architecture, and system reliability. This project demonstrates the successful implementation of a cloud-connected door access control system that enables secure remote management while maintaining high security standards.

The core innovation lies in the system’s ability to traverse NAT networks through a secure SSH tunnel, eliminating the need for traditional VPN infrastructure while providing enterprise-grade security. The solution consists of a Node.js/Express backend that manages door controllers and user authentication, paired with a Python-based tunneling system that ensures reliable remote connectivity.

This approach not only modernizes traditional door access control but also provides a blueprint for securely connecting other on-premises IoT systems to cloud services. The following sections detail the technical implementation, business impact, and key features of this enterprise security solution.

System Architecture

System Architecture

graph TB subgraph Client ["Client Layer"] UI["Web Interface"] end subgraph Cloud ["Cloud Server"] NGINX["Nginx Reverse Proxy"] SSH["SSH Server"] style SSH fill:#f9f,stroke:#333 end subgraph Local ["Local Environment"] subgraph Backend ["Backend Services"] Express["Node.js Express Server"] Logger["Winston Logger"] Sessions["Session Management"] end subgraph Tunnel ["SSH Tunnel Manager"] Python["Python Tunnel Client"] Health["Health Monitor"] Stats["Connection Statistics"] end subgraph Security ["Security Layer"] Auth["Authentication"] RateLimit["Rate Limiter"] Helmet["Security Headers"] end subgraph Controllers ["Door Controllers"] UHPPOTED["UHPPOTED Interface"] Door1["Door Controller 1"] Door2["Door Controller 2"] end end UI -->|HTTPS| NGINX NGINX -->|Forward| SSH SSH <-->|"Encrypted Tunnel"| Python Python --> Express Express --> Auth Express --> RateLimit Express --> Helmet Express --> Sessions Express --> Logger Express --> UHPPOTED UHPPOTED --> Door1 UHPPOTED --> Door2 Python --> Health Python --> Stats
Client Layer
  • Web-based user interface
  • HTTPS communication
  • Secure session management
Cloud Server
  • Nginx reverse proxy
  • SSH tunnel termination
  • Traffic forwarding
Backend Services
  • Express.js API server
  • Structured logging
  • Session handling
Security Layer
  • Authentication system
  • Rate limiting
  • Security headers
  • SSH tunneling

Area of Expertise

This project demonstrates expertise in enterprise security systems architecture, specifically in access control systems and secure network communications. It showcases advanced skills in system integration, secure API design, and creating resilient network solutions that overcome complex infrastructure challenges.

Project Objective

The primary goal was to develop a secure, enterprise-grade door access control system that could operate reliably across different network environments, including ones behind NAT (Network Address Translation). The project aimed to solve the challenge of securely managing physical access control systems while enabling remote accessibility without compromising security.

Technologies Used

  • Backend: Node.js/Express for the main access control API
  • Security: Helmet for security headers, Winston for structured logging
  • Authentication: Session-based authentication with secure cookie handling
  • Network: Custom Python-based SSH tunneling system using Paramiko
  • Infrastructure: Nginx for reverse proxy configuration
  • Protocols: UHPPOTED for door controller communication

Transformation Achieved

Before implementation, the door control system was isolated to the local network, requiring on-premise access for management and lacking robust security measures. The new system enables secure remote management while adding comprehensive security controls, audit logging, and reliable communication channels.

This transformed door access control from a local, manually managed system into a secure, remotely accessible service.

Key Features

  • Secure API endpoints for door control with rate limiting and authentication
  • Real-time door controller status monitoring and management
  • Comprehensive audit logging across operations, security, and errors
  • Resilient SSH tunneling with automatic reconnection and health monitoring
  • Multi-layer security with session management and secure communications

Business Impact

  • Enabled secure remote management of door systems, reducing on-site maintenance needs
  • Improved system reliability through comprehensive error handling and automatic recovery
  • Enhanced security through detailed audit logging and multi-layer access controls
  • Reduced operational costs by eliminating the need for VPN infrastructure
  • Improved scalability by supporting multiple controllers across different network environments

Skill Demonstration

  • Secure API design and implementation
  • Network protocol design and security architecture
  • High-availability system design
  • Error handling and system resilience
  • Integration of physical and digital security systems
  • Advanced logging and monitoring implementation

This project serves as a prime example of addressing complex enterprise security needs through a sophisticated combination of software architecture, network design, and security practices. It showcases the ability to create robust, production-ready systems that solve real-world challenges while maintaining high security standards.