• Edge devices contain the lock relay which is easily accessed to compromise security. Some Edge devices are an integrated reader/controller product. These are, as a rule, not potted weatherproof devices and are not recommended by their manufacturer for exterior use. They are also not recommended for use in high security locations.  Instead, most brands offer the same controller module as a separate device that can be located above a ceiling or in a junction box with complete security.  The cost is a few dollars higher than the integrated unit but meets both security and reader flexibility needs.

Also, if the door is equipped with a position switch, simply unlocking the door by jumping the relay on an integrated unit will not shunt the door-forced-open alarm generated by the controller.  As soon as the door opens, the alarm response will occur.  All of this requires a reasonable degree of knowledge not likely to be present in the average vagrant or petty thief trying to access a building.

• IP devices are dependent on the network.  Not for access decisions or local exception annunciation.  The whole point of an edge device is to NOT be dependent on anything but power.  All events are processed and annunciated locally and the event history is stored in a buffer.  The network is needed only to download database changes and upload event logs.

• PoE has inherent limitations. Yes it does, as does every other type of power supply.  It is incumbent upon the designer to work within the present power constraints.  If a lock is required that draws more power than the PoE controller can provide, a local power supply will be used and the relay switched from PoE power to dry contact configuration.  This is no different than any other access application.  IT professionals recommend uninterruptible power supplies (UPS) for routers and switches as a matter of course.  This is no more of an "unforeseen expense" than a UPS source for a traditional controller unless the designer is very inexperienced.

• Edge architecture is exposed to possible hacking.  Yes it is, but is a hacker more likely to want to unlock a door or monkey with an access database, or search for marketable personal identity information?  Furthermore, a hacker would need to know that an access system rode on the network and be able to corrupt both the host database and individual edge devices before causing any disruption.  This is not low hanging fruit in the hacker world unless the target is something like the Canadian federal government.

• A system comprised of multi-reader TCP/IP panels is a better option. Perhaps, perhaps not. The scale of the project, the security level required and the available budget will dictate what design architecture is most logical.  Any panel, single or multi reader, riding on a network is equally vulnerable to outside forces and the real-world threat is negligible.  It is far more likely that employee carelessness or internal collusion will allow an unwelcome guest into a secure facility. At the extreme (nuclear plant or military installation) end of the access control spectrum, edge devices and use of corporate networks have no place at all. At the local university, hospital or manufacturing facility, they may present the ideal solution.

One factor not mentioned as a liability of single reader edge devices is the lack of anti-passback capability.  This is why most makers of edge products have a family of controllers supporting up to 64 readers on a single controller.  (Nobody in their right mind would EVER put 64 readers on one controller!)  Edge devices are wonderful for small systems or multiple, remote access control points. They are the ultimate in granularity.  Combining single reader panels with their more capacious relatives can optimize flexibility and regional independence.  The experienced system designer will take best advantage of all of these tools and select a host system commensurate to the task.

Bill Richardson
Technical Training Manager
HID Global