Integrating access control with other IP-based technologies

A push to the edge has vastly increased end-users' technology options


The next development was to push out to the "edge." IP-addressable single door controllers (SDCs) are a natural extension of distributed processing. The small control panel accepts inputs from all of the door devices: credential reader, electrified lock, door position switch and request-to-exit device. Only a single CAT-5 or higher cable is required to connect the panel to a network switch in the nearest data closet (cable length is restricted to 300 feet.) With Power-over-Ethernet (PoE) incorporated into the switch, the panel and its connected devices get power on the same CAT cable.

There are a couple caveats to using PoE to power the electric lock. Power is limited - the latest standard provides for 25.5 watts at the powered device (42-57 VDC at 600 mA). Additionally, many local authorities having jurisdiction (AHJs) require a UL-approved lock power supply and/or a direct connection between an approved fire alarm system relay and the lock power for doors in the path of egress.

It can be argued that the IP-addressable single door controller is not an edge device - the door devices themselves are at the real "edge." Now credential readers (magnetic stripe, proximity, smart card and biometric) are available in IP-addressable form for direct connection to the corporate LAN via a network switch. IP-addressable locks - the integrated hotel-type units with wireless network transmission - are also already on the market. An IP-addressable PoE motion sensor may make sense (particularly if sensitivity adjustments can be made remotely), but an IP-addressable door position switch may be pushing it over the edge! People joke about an IP-addressable refrigerator in your home, but many components in your new car already connect on a data network.

With the ever-increasing power and miniaturization of electronic components, and the reduction in component costs, the IP-addressable single door controller can contain almost all of the functionality of panels that talk to multiple doors. Indeed, a group of SDCs can be addressed directly by an Internet browser for both configuration and access/alarm transaction annunciation. The middleman - the access control system host or server - is no longer needed in a small, simple access control system. Larger and more sophisticated systems still need a host or controller to provide global functions, such as anti-passback, and to interface with other security subsystems.

Video at the Edge

IP cameras are real edge devices and, despite their cost, their popularity has grown tremendously over the last few years. Cameras are a natural candidate for PoE since they consume very little power - even dynamic (PTZ) cameras units can be powered with PoE. However, environmental considerations - including the need for powered accessories (such as heaters, wipers and blowers) and the need to isolate the network from lightning - may restrict exterior applications.

A camera used to grab video data from its sensing element, convert it to the required format and transmit it to the Command Center for any additional analysis and processing. The IP camera now has huge processing power with the ability to perform behavioral video analysis to transmit only selected content, to transmit multiple data streams in different formats, and even to store video data for future processing. And all of this can be configured, adjusted, selected and viewed through the Internet browser on your PC - with suitable password protection, of course.

Another benefit to IP camera processing power is reduced bandwidth requirements. However, this reduction is leading to the use of higher-resolution images to improve the identification and recognition of aberrant behavior and its perpetrators. Digital video systems still require large measures of bandwidth, and, although many business and educational entities are implementing multi-gigabit networks, negotiation with the IT department and, possibly, the development of a dedicated video network may be needed.

DVRs were PC-like units with encoders (to convert analog video to digital), software (to control display, storage and playback) and a lot of disc space (for video archiving). Network Video Recorders (NVRs) and Video Management Systems (VMS) accept video data from IP cameras directly across the network and require no encoders (except for existing legacy analog cameras). The video storage hardware is now separated from the VMS and also sits on the network as Network Attached Storage (NAS) or Storage Area Network (SAN). It is shared by all the video channels/cameras (rather than, for example, "up to 16 channels" as with each DVR) which optimizes the use of storage space. In addition, corporate-wide, IT-controlled, data storage can be used instead of dedicating hardware to the VMS.

Voice over IP (VoIP)