www.sptnews.ca

News
Letter to the Editor:

A recent Ask the Expert article entitled "Is it really an IP-at-the-door future?" painted an incomplete and inaccurate picture of Edge products and their applications.  Let me paraphrase some assertions followed by clarification.


July 29, 2008
By Jennifer Brown

• Edge devices contain the lock relay which is easily accessed to
compromise security. Some Edge devices are an integrated
reader/controller product. These are, as a rule, not potted
weatherproof devices and are not recommended by their manufacturer for
exterior use. They are also not recommended for use in high security
locations.  Instead, most brands offer the same controller module as a
separate device that can be located above a ceiling or in a junction
box with complete security.  The cost is a few dollars higher than the
integrated unit but meets both security and reader flexibility needs.

Also, if the door is equipped with a position switch, simply unlocking
the door by jumping the relay on an integrated unit will not shunt the
door-forced-open alarm generated by the controller.  As soon as the
door opens, the alarm response will occur.  All of this requires a
reasonable degree of knowledge not likely to be present in the average
vagrant or petty thief trying to access a building.

• IP devices are dependent on the network.  Not for access decisions or
local exception annunciation.  The whole point of an edge device is to
NOT be dependent on anything but power.  All events are processed and
annunciated locally and the event history is stored in a buffer.  The
network is needed only to download database changes and upload event
logs.

• PoE has inherent limitations. Yes it does, as does every other type of
power supply.  It is incumbent upon the designer to work within the
present power constraints.  If a lock is required that draws more power
than the PoE controller can provide, a local power supply will be used
and the relay switched from PoE power to dry contact configuration. 
This is no different than any other access application.  IT
professionals recommend uninterruptible power supplies (UPS) for
routers and switches as a matter of course.  This is no more of an
"unforeseen expense" than a UPS source for a traditional controller
unless the designer is very inexperienced.

• Edge architecture is exposed to possible hacking.  Yes it is, but is a
hacker more likely to want to unlock a door or monkey with an access
database, or search for marketable personal identity information? 
Furthermore, a hacker would need to know that an access system rode on
the network and be able to corrupt both the host database and
individual edge devices before causing any disruption.  This is not low
hanging fruit in the hacker world unless the target is something like
the Canadian federal government.

• A system comprised of multi-reader TCP/IP panels is a better option. Perhaps, perhaps not. The scale of the project, the security level
required and the available budget will dictate what design architecture
is most logical.  Any panel, single or multi reader, riding on a
network is equally vulnerable to outside forces and the real-world
threat is negligible.  It is far more likely that employee carelessness
or internal collusion will allow an unwelcome guest into a secure
facility. At the extreme (nuclear plant or military installation) end
of the access control spectrum, edge devices and use of corporate
networks have no place at all. At the local university, hospital or
manufacturing facility, they may present the ideal solution.

One factor not mentioned as a liability of single reader edge devices
is the lack of anti-passback capability.  This is why most makers of
edge products have a family of controllers supporting up to 64 readers
on a single controller.  (Nobody in their right mind would EVER put 64
readers on one controller!)  Edge devices are wonderful for small
systems or multiple, remote access control points. They are the
ultimate in granularity.  Combining single reader panels with their
more capacious relatives can optimize flexibility and regional
independence.  The experienced system designer will take best advantage
of all of these tools and select a host system commensurate to the task.

Bill Richardson
Technical Training Manager
HID Global