What is the difference between LenelS2 OnGuard and NetBox?

Both are LenelS2 access control platforms that run on Mercury controllers, and we install both. OnGuard is the enterprise-class system built for very large, multi-site deployments with hundreds of thousands of cardholders, deep HR and ERP integration, and hierarchical management across divisions. NetBox is fully browser-based and managed from any web device, which suits mid-size and growing deployments that want enterprise capability without standing up the full OnGuard server stack. In the design phase we map your site count, cardholder count, and integration needs to the platform that fits, rather than defaulting to the heavier one.

Why does Mercury hardware matter if the software is LenelS2?

Mercury makes the intelligent controllers, the LP series panels and MR door modules that physically make the access decision at each door. They're open-architecture, which means the same panels run under OnGuard, NetBox, Genetec, and Software House. That open hardware is the portability hedge in an enterprise system. If your organization ever changes management software, the Mercury panels and most of the OSDP cabling carry forward instead of becoming a full rip-and-replace. We install Mercury under whichever platform the design calls for.

How much does an enterprise LenelS2 install cost?

Enterprise access control is priced by door count, building count, reader type, and how much cable already exists, so there's no single list price. Structurally it's per-door hardware (Mercury panel share, reader, lock or strike, request-to-exit), cabling and labor per opening, the OnGuard or NetBox software and licensing, and year-one integration work. Most $100K+ projects are large door counts across multiple buildings where cabling to door positions without existing drops is the biggest single source of variance. We itemize every line in the consultation so the cabling cost is never hidden inside the door price.

Can LenelS2 integrate with our HR system and existing video?

Yes, and this is usually the reason organizations choose it. OnGuard carries a large certified-interface library and an open API for bi-directional HR and ERP integration, so a new hire provisions to the right doors automatically and a termination revokes access in seconds. It also integrates with elevator control, building management, and intrusion. NetBox ties tightly into LenelS2 video, and OnGuard integrates with major video platforms including Milestone. We wire the identity and video integration during the integration phase and verify provisioning and de-provisioning before handoff.

Should this be on-premise or cloud?

Both are real options, and the right answer depends on your IT model and compliance posture. OnGuard on-premise keeps all security data inside your network, which suits CMMC, HIPAA, and data-sovereignty requirements and constrained-bandwidth sites. OnGuard Cloud delivers the same platform as a single-tenant service on AWS, which retires the server room without changing the platform or the field hardware. We model both against your requirements in the consultation rather than assuming one.

What if LenelS2 isn't the right fit for us?

We'll tell you. Tec-Tel installs the full range of access control, from enterprise LenelS2 and Mercury down to cloud-native platforms like Brivo, Avigilon Alta, Kisi, and Genetec Synergis. For a single small office with a few doors and a lean IT team, a cloud platform installs faster and carries less overhead, and we'll recommend it over the enterprise stack when that's the honest fit. The free consultation walks through your sites, door count, IT model, and integration needs and lands on the platform that fits.

LenelS2 / Mercury Access Control Installation

What LenelS2 and Mercury actually deliver

LenelS2 is an enterprise access control brand under Honeywell, with two platforms we install: OnGuard and NetBox. OnGuard is the enterprise-class system. It unifies access control, alarm and event monitoring, and video into one view, manages hundreds of thousands of cardholders across many sites, and supports hierarchical management so divisions or regions keep their own policies while corporate security gets consolidated reporting. NetBox is the fully browser-based platform, managed from any web device, that scales from a single building up to thousands of doors with system partitioning for field offices and tenants.

Underneath both sits Mercury hardware. Mercury makes the intelligent controllers that physically make the access decision at each door: the LP series panels, which run on embedded Linux with onboard encryption and current cybersecurity standards, and the MR series door-interface modules that handle point control, monitoring, and individual door oversight. What matters for a long-lived enterprise system is that Mercury is open-architecture. The same panels run under OnGuard, NetBox, Genetec, and Software House. The field hardware isn't married to one software vendor.

Deployment is flexible. OnGuard runs on-premise so the organization keeps full control of its data, with redundant architecture and failover for high availability. OnGuard Cloud delivers the same platform as a single-tenant service on AWS for teams that want to retire the server room. The integration surface is wide: a large certified-interface library and an open API into HR and ERP systems, elevator control, building management, intrusion, and video.

Who it fits, and who it doesn't

We install the full range of access control, from this enterprise stack down to cloud-native platforms. LenelS2 and Mercury are the right call on a specific kind of deployment and overkill on others. Here's the honest read.

Where LenelS2 and Mercury are the right call:

Large multi-site enterprises: OnGuard manages hundreds of thousands of cardholders across many sites from one console. Hierarchical management lets divisions or regions keep their own policies while corporate security gets consolidated reporting. This is the deployment shape it was built for.
Open controller hardware: Mercury is open-architecture. The same LP and MR panels run under OnGuard, NetBox, Genetec, and Software House, so the field hardware isn't locked to one software vendor. If you ever change management platforms, the panels and most of the cabling carry forward.
On-prem control with a cloud option: OnGuard runs on-premise so the organization keeps full control of its security data, which suits CMMC, HIPAA, and data-sovereignty requirements. OnGuard Cloud delivers the same platform as a single-tenant service on AWS for teams that want to retire the server room without switching platforms.
Deep integration surface: OnGuard carries a large certified-interface library and an open API into HR and ERP systems, elevator control, building management, intrusion, and video. NetBox ties tightly into LenelS2 video for unified review. For an organization stitching access into a wider security and IT stack, the integration depth is the reason to be here.

Where a lighter platform is the better pick:

Single small offices: For one location with a handful of doors and a lean IT team, OnGuard and NetBox are more platform than the job needs. A cloud-native system like Brivo, Avigilon Alta, or Kisi installs faster and carries lower overhead. We'll say so rather than oversell the enterprise stack.
Teams that want zero on-prem footprint and lowest cost: If the goal is no server, no maintenance contract, and the lowest possible spend, a pure cloud platform is the cleaner fit. OnGuard Cloud removes the server, but the platform still carries enterprise-grade licensing and administration weight a small team may not need.
No in-house or partnered administration: Enterprise access control rewards an organization with someone who owns badge administration and policy. If nobody will own day-two operations, a simpler platform with a thinner admin surface usually serves better. We flag this in the design phase.

How Tec-Tel installs it

An enterprise access control project is a hardware and cabling job first and a software job second. A multi-building deployment lands inside roughly 8 to 10 weeks once the door schedule and cabling are confirmed, and multi-site rollouts run as parallel waves so the calendar doesn't compound. The work breaks down like this.

Week 1 to 2: site walk and design: Door schedule by building, reader type per opening, panel locations, existing cabling reads, network capacity, and the access policies the organization enforces. Output is a written design with a Mercury panel layout, an OSDP wiring plan, and a cardholder data model that maps to how your divisions and regions are structured.
Week 2 to 5: panel staging and cabling: Mercury LP intelligent controllers and MR door modules are staged, addressed, and bench-tested before they reach the wall. Cable is pulled to every door: reader runs, lock power, request-to-exit, and door-position contacts. Existing runs are tested and reused where they carry OSDP cleanly. Cabling and door hardware are where most of the schedule risk lives, not the software.
Week 4 to 7: install and commissioning: Panels mounted and powered, readers installed, locks and strikes wired, and every opening commissioned door by door. The OnGuard or NetBox server (or your single-tenant cloud instance) is stood up, panels brought online, and each door verified for grant, deny, held-open, and forced-open behavior.
Week 6 to 8: integration and policy: Cardholder import, access levels, time schedules, threat-level escalation, and partitioning so each division keeps its own policy under one console. HR and identity integration is wired here, so a new hire gets the right doors automatically and a termination revokes access in seconds. Video and intrusion tie in where they share the deployment.
Week 8 to 10: training and handoff: Security operations, facilities, and badge administrators trained on the console. A documented runbook is delivered: panel map, door schedule, escalation paths, and day-two procedures for adding a badge or a door. A written service-level agreement and a single-pane review with stakeholders before sign-off.

The single biggest delay risk is cabling to door positions that don't already have a drop. Reader runs, lock power, request-to-exit, and door-position contacts all have to land at each opening, and OSDP wiring has to be clean end to end. We test what's already in the wall before the proposal, so the cabling reality is priced up front rather than discovered mid-project. See structured cabling for how the door wiring is handled.

Integrating it with what you already run

The reason most organizations land on LenelS2 is integration. We wire the open API into your HR and ERP systems so identity flows both ways: a new hire is provisioned to the right doors automatically, a role change updates access, and a termination revokes it in seconds. That removes badge administration as a standing manual task and closes the offboarding gap an unintegrated system leaves open.

On the video side, NetBox ties tightly into LenelS2 video for unified access and footage review, and OnGuard integrates with major video platforms including Milestone, so an access event can pull the corresponding footage. Elevator control, building management, and intrusion tie in through the certified-interface library. If access is one part of a wider security and IT stack you want stitched together, this is where the platform earns its place. For a unified access-plus-video deployment on regulated sites, the Genetec for healthcare guide covers the alternative we also install.

Because Mercury hardware is open, the integration work and the field panels aren't a one-way door. If the management platform changes later, the Mercury LP and MR panels and most of the OSDP cabling carry forward under the new software. We design for that portability when it's a stated priority. The full lineup of platforms we install is on the access control page.

What Tec-Tel adds vs going direct

Platform-direct support is solid at the software layer: licensing, updates, and escalations. Tec-Tel adds the install-side accountability the software vendor doesn't cover: the door schedule, the Mercury panel layout, OSDP cabling, lock and strike wiring, door-by-door commissioning, HR-system integration, policy and partitioning setup, operator training, and a written runbook. One accountable project manager runs the deployment from the first call through every site, with Tec-Tel-managed field crews held to one spec. One company, one standard, one team accountable end to end.

We also bring multi-vendor honesty. Tec-Tel installs LenelS2 and Mercury, Genetec Synergis, Brivo, Avigilon Alta, Kisi, and more. If your deployment is a large multi-site enterprise with deep integration needs, this stack fits and we'll install it. If it's a single small office, we'll point you at a cloud platform that installs faster and costs less, even though it's the smaller project. The free consultation lands on the platform that fits your sites, door count, and IT model.

A note on partner-status language. Tec-Tel installs, configures, and integrates LenelS2 and Mercury. We don't claim a specific manufacturer partner certification on this page. If you need a vendor-certified install for a contractual reason, ask in the consultation and we'll confirm what credentials we hold or pair the install with a certified resource where required.

LenelS2 and Mercury access control, built for scale.

What LenelS2 and Mercury actually deliver

Who it fits, and who it doesn't

How Tec-Tel installs it

Integrating it with what you already run

What Tec-Tel adds vs going direct

Frequent buyer questions

Access control

Genetec for healthcare

Visitor and contractor management

Structured cabling

Vendor guides

Book a free consultation.

How can we help?