Access Control: Why PACS Are Moving to the Edge

It used to be that stringing miles of cable was the only way to install a Physical Access Control System (PACS). That industry paradigm is starting to shift. New technologies with IP access control are bringing intelligence to the doors and making environments smarter, safer and more secure places to work and live.

In his article, The Case for IP Access Control (SD&I, Feb. 2014:, Scott Dunn outlined a number of benefits to transitioning from analog to an IP-based PACS. Among the strategies he suggested for embracing a fully network-based system was to move control to the edge. But what does an “edge” strategy mean in a PACS environment? And what benefits does edge bring to the end-user?

In a PACS context, an edge solution means giving every door its own controller. Within each of these controllers — i.e. the edge devices — is the intelligence to analyze access parameters and grant entry. Like all schema employing network-attached devices, IP-based controllers are part of a fully scalable solution that provides the integrator and customer with a fixed price per door whether adding one or dozens of doors to the system.


A Closed World vs. Open IP-Based PACS

Pushing PACS control to the edge solves a lot of installation headaches and expense. In my years of selling traditional PACS for a security integrator, a major part of risk assessment and designing access control systems included demonstrating to security and facility managers how the new technology would enable them to manage their facilities efficiently. The real challenge came when I had to base the PACS solution on the availability of places to house the controllers. In a lot of cases, the electrical or communication closets available were a distance away from the access-controlled doors. This necessitated long cable runs from the doors to the closets; and some of the closets had limited space for housing more equipment. Even if there was room available, IT was sometimes reluctant to share it with security. If we couldn’t negotiate a compromise, security was forced to face additional costs for the project.

Finding space to house the controllers was only half the battle — next, we had to establish a communication path to the server/PC where the access management software was located. In a traditional PACS world, that could mean a long run of expensive Plenum-rated, shielded cabling to the controllers or, if available, an Ethernet connection. In other words, we could spend countless days and dollars pulling and bundling cable.

Nowadays, however, many facilities already have the network infrastructure in place to support IP-based PACS technology, including network drops adjacent to every entrance/exit to the building. This is where edge devices really pay off.

With a Power-over-Ethernet (PoE) edge controller, an integrator can install all the PACS components — reader, lock hardware, egress device(s) and door monitor switch — right at the door being secured. The controller itself then connects to the network via a PoE switch. The short cable that runs between the network and the controller serves double duty: it not only delivers power to all the door devices but also transmits an activity log to security. This leads to significant savings in the overall installation cost and time of the project.

In addition to reducing the amount of cabling needed for the project and the associated cost of labor to pull those cables, PoE also eliminates the necessity for electrical outlets to provide power to the controllers. This means you can also avoid the associated cost of hiring an electrician to install outlets.

For environments with network drops in close proximity to controllers, you can realize even greater project savings. In this instance you could eliminate the cost of a cable run to connect the controller to a PoE switch in the IT closet.


What about System Security?

Everyone agrees on the importance of system security for any access control system. And this is another area where edge-based controllers excel. In the event of network disruption, these controllers would be able to continue normal operation and buffer events. Once network connectivity is restored, they could transmit the buffered data to security. In locations where the networks are backed up by an Uninterruptible Power Supply (UPS), the PACS would continue to function normally.

Additionally, in a traditional system with multi-door controllers, a single point of failure could cause multiple doors to become inoperable, causing multiple security vulnerabilities. With an IP edge-based solution, each door operates independently of other doors in the system so a single point of failure will only impact the operability of one door rather than compromise the whole system. That’s the physical security side.

For the data security side, an IP edge-based PACS solution can be secured by encrypting the digital communication to prevent unauthorized access to the controller.


Cost Containment

In my past, I was often asked by customers, “Could you add just one more door to our facility?” The answer was never easy. If lucky, the new door would be close to an existing controller already installed and there would be additional room in that controller to connect another door and its associated devices. But in a lot of cases it would mean adding an additional controller to accommodate that single extra door. When I showed customers the estimated cost overrun for the additional hardware, cabling and labor, the shocked response was always the same: “That much just for one door?”

With edge controllers, it is a totally different story. It is much easier to budget for expansion because the pricing structure includes the controller for each door. There are no hidden variables to the formula — such as the number of available ports on the controller — to skew costs and lead to sticker shock.

This approach dovetails nicely with nearly every customer’s corporate mandate to keep a tight rein on technology costs without sacrificing security or day-to-day operational efficiency.


Leveraging Edge Device Intelligence

Unlike their common PACS predecessors, IP-based edge devices can handle a number of functions that previously ran on a client PC, such as credentialing access to the door, removing or adding credentials, changing door schedules and supporting two-way communication between security and someone wishing to gain entrance to the facility.

Because the technology is part of the network, authorized remote users can access these edge-based PACS solutions through a standard browser. From here they can login to the system from anywhere with an Internet connection, making it easier and more efficient for the customer to manage their facilities. This can be a cost and time-savings boon for integrators and service personnel because they too can remotely troubleshoot and perform maintenance such as software updates, and sometimes eliminate the problem over the network instead of making an onsite call.

As companies continue to develop more onboard applications for edge-based PACS devices, the return on investment will make this technology even more attractive to customers looking to improve physical security while simplifying management of their solutions.


The Natural Evolution

As we have seen with so many business technologies making the transition to the network — everything from mail to telephony to video surveillance — IP-based PACS will gain widespread adoption because it provides additional functionality, scalability and integration value to customers that their legacy systems could never deliver. It provides freedom.

The biggest differentiator is the customer is no longer locked into a proprietary system for its entire lifespan. Like the IP technologies that revolutionized the surveillance market, IP PACS demonstrates the value of open-standards to deliver greater flexibility and scalability. It is all about choice and ease of use: Integrators and their customers can select best-of-breed components and software to customize solutions that meet specific needs while avoiding “rip-and-replace” scenarios in the future.

Moving PACS to the edge puts the emphasis on enhancing security and operations instead of on cabling and its associated labor costs. Open IP-based PACS also has the potential to open doors to true systems integration and, in turn, additional revenue opportunities for integrators beyond access control.


Bruce Stewart is Business Development Manager for Access Control at Axis Communications. To request more info about Axis, please visit