nettech rich ames :training. ip network alarm door lock reader portal 6 5 4 3 2 1 elevator lighting...

NetTech

Rich Ames :Training

IP Network

Alarm

Door LockReader

Portal

6

5

4

3

2

1

ElevatorLighting

NetBox

Security Monitor

Remote Support

Security Administrator

IP Camera Video Recorder

Analog Camera

Alarm Panel

NetBox Node

Temp Probe

IP Camera (PTZ)

Photo ID Camera Photo ID Badge

Printing

S2 System Architecture

Door Lock

Portal

Reader

Internet

Temp Probe

Door Lock

Portal

NetDoor Node

IP Network

Reader

GateReader

Portal

Network Controller, Node & Expansion Blades

NetDoor Node, with Access Blade

IP N

etwork

Controller192.168.0.250

Node192.168.0.245

Node192.168.0.220

192.168.0.237

NetDoor Node

192.168.1.201

NetDoor Node

Internet

S2 System

S2 Hardware Standard (Solid State) LimitationsS2 Net Box Nodes per

System 24

Card Readers per System 140 Tested/Certified

Access Cards per System 60,000

Card Formats 32

Simultaneous Users 10

Alarm Input Points 500

Output Dry Contacts 500

Temperature Probe Inputs 500

Online event history log 50,000 records

Time specifications 100

Threat Levels 8

Holidays 30

Cards per person 100

S2 Hardware Enterprise (Hard Disk) LimitationsS2 Net Box Nodes per

System 256

Card Readers per System 3500

Access Cards per System 150,000

Card Formats 32

Simultaneous Users 25

Alarm Input Points 7168 *

Output Dry Contacts 7168 *

Temperature Probe Inputs 7168 *

Online event history log 50,000 records

Time specifications 100

Threat Levels 8

Holidays 30

Cards per person 100

Enterprise System

Enterprise Controller

S2 Combo Board

Controller LEDNC to NNNC to NN SpeedNN CountN ComConnectionActivity

Node LEDActionCo-ProcessorNN ComPowerNN to NC SpeedNN to NC Activity

Initmode

• Starting point with new NetBox Controller

• Set IP Address (Controller starts on “0” subnet)

• Set Time (Controller)• Email Settings• Initmode (turn off?)

Localization

• Date Formats– 05/31/2004– 31/05/2004– 2004/05/31

• Languages– English - Spanish– Thai - Italian – French - Japanese – Portuguese - Chinese

Network Port Usage

Securing NetBox Data:

S2 NetBoxNetwork Node

S2 NetBoxNetwork

Controller

Browser

Other Systems(NBAPI)

Encryption

Authentication/Tamper Detection

SSLUser Authentication

Roles-based UI Authorization

Authentication/Tamper Detection

SSL

Assumption: Interactions between the various networked components in any Network are not inherently secure.

For the S2 System,

each of these pathways is secured.

Secure by Design

• Minimal security vulnerabilities:– The NetBox is a “locked down” networked information appliance.

• S2 controls the software/firmware that is on it.

– The NetBox has a single purpose.• It is not a general purpose computer.

• Minimal chance for virus attacks

• Network Security– User Login, User Roles, Session Token– SSL– Encryption– Authentication & Tamper Detection

Access Blade & NetDoor Blade

REX (Input)

Buzzer (Alarm > Output)

DSM (Input)

Door Lock (Alarm > Output)

Card Reader (Reader/Keypad)

3-pin outputs2-pin inputs

Position 1 2 3 4 1 2 3 4

#1

#2

7-pin readerconnectors

Access Blade

Reader 1

Reader 2

1234

1234

Temp Input

OutputsInputs

Net Door

Access Control Blade

• Two card reader connectors– Readers using standard Wiegand output

up to 128 bits are supported.– 500 feet (152 meters)

• Four Supervised Inputs– Door contacts and REX devices.– Standard two wire inputs (supervised or

unsupervised).– 2000 feet (610 meters)

• Four Relay Outputs– Strike output, door opener, buzzer.– Standard 3 pin normally open or normally

closed.– 2000 feet (610 meters)

• NOTE: Inputs and Outputs not used for door hardware can be used for other functions.

3-pin outputs2-pin inputs

Position 1 2 3 4 1 2 3 4

#1

#2

7-pin readerconnectors

2 Wiegand Readers

4 Inputs 4 Outputs

Alarm Inputs

• 8 Standard two wire inputs.

• A variety of supervised and unsupervised inputs can be configured: PIR, Exit Request, Alarm button. Door Status Monitor

• Input blade barcode numerals begin with “01.”

2-pin inputs

Position 1 2 3 4 5 6 7 8

Input State Resistance Values Normal 1k Ohms Alarm 0.5k Ohms or 2k Ohms Short 0 Ohms Open No Current

Temperature Inputs

• 8 Standard two wire inputs.

• S2 temperature probe. Max distance 500 ft. (1000 ft with Category 5 wire)

• Operating Range: -55º C to 100º C (-67° F to 212° F)

• Temperature blade barcode numerals begin with “08.”

• NOTE: For distances up to 500 feet (152.4 meters) use Category 3 cable. For distances over 500 feet up to 1000 feet (304.8 meters) use Category 5 cable.

2-pin inputs

Position 1 2 3 4 5 6 7 8

Output Blade 3-pin outputs

Position 1 2 3 4 5 6 7 8

Output devices: Strikes,Mag locks, sounders, etc.

• Eight 3-pin output relays– Standard normally open or

normally closed Form C Relays– Suitable for controlling many

strikes, but a step up relay should be used for magnetic locks.

– Max ratings: 30 Volts DC or AC, 2.5 Amps inductive or 5.0 Amps non-inductive

– Requires appropriate suppression: MOVs or diodes

Expansion Slots

Slots 0 1 2 3 4 5 6 7

Slot 0 is for the Controller/Node

0

Slot/Connector Positions

The Portal

• Access or Egress Point– Door

– Gate

– Turnstile

• Associate Inputs and Outputs– Readers, Keypads– Locks– Rex, DSM

REX (Input)

Buzzer (Alarm > Output)

DSM (Input)

Door Lock (Alarm > Output)

Card Reader (Reader/Keypad)

3-pin outputs2-pin inputs

Position 1 2 3 4 1 2 3 4

#1

#2

7-pin readerconnectors

Access Blade & Portal

Access BladePortal

10 Steps to Gain Simple Access

1. Wire and connect a Reader and Door Lock.

2. Define a Reader

3. Define an Output (Lock)

4. Define a Portal with Reader and Lock

Basic Access Requirements

Lock

Portal

Reader

10 Steps to Gain Simple Access

1. Wire and connect a Reader and Door Lock.

2. Define a Reader

3. Define an Output (Lock)

4. Define a Portal with Reader and Lock

5. Define a Card Format

Decoding Credentials

• Test and Compare to determine format• Decode content

Basic Access Requirements

Lock

Portal

Reader

10 Steps to Gain Simple Access

1. Wire and connect a Reader and Door Lock.

2. Define a Reader

3. Define an Output (Lock)

4. Define a Portal with Reader and Lock

5. Define a Card Format

6. Define an Access Level for Readers/Groups

Basic Access Requirements

Lock

Portal

Access Level

Reader(s)

Time Spec

Reader

10 Steps to Gain Simple Access

1. Wire and connect a Reader and Door Lock.

2. Define a Reader

3. Define an Output (Lock)

4. Define a Portal with Reader and Lock

5. Define a Card Format

6. Define an Access Level for Readers/Groups

7. Add a Person

8. Assign a Card

9. Assign an Access Level

Basic Access Requirements

Lock

Portal

Person (Card Holder) Record

Access Level

Reader(s)

Time Spec

Reader

10 Steps to Gain Simple Access

1. Wire and connect a Reader and Door Lock.

2. Define a Reader

3. Define an Output (Lock)

4. Define a Portal with Reader and Lock

5. Define a Card Format

6. Define an Access Level for Readers/Groups

7. Add a Person

8. Assign a Card

9. Assign an Access Level

10. Present the card to the reader to unlock the Door

Basic Access Requirements

Lock

Portal

Person (Card Holder) Record

Access Level

Reader(s)

Time Spec

Reader

NetBoxNavigation

Card or Keypad vs Card + PIN• Card or Keypad entry:

– Reader defined • Reader only

– Keypad Format• Credential format

– Portal • Reader Only

• Card + PIN– Reader defined

• Reader or Reader + Keypad

– Keypad Format• For Keypad

– Portal• Reader• Keypad

Personal Information

• Optional Tabs– Contact– Other Contact– User Defined– Vehicles (Parking)

• User Defined Tab– 20 fields available– User Defined Labels for Tab and Fields.– Show? Y/N– Use fields for sorting and filtering reports

Photo ID

• License required (Badge)– Supports Canon PowerShot digital cameras A70, A75, A80, A85,

A95, A510, A520, A620, A640, G3, G5, G6, G7, G9, Pro 1, S3 IS, S5 IS, S70, S80 and SX100 IS

Support Information

Your Company Contact Information • On “Dealer Info” Page • On “About” page

Support Information

Your Company Contact Information • On Dealer Page • On “About” page

Inputs

• Two Pin Relays– Used to monitor status or receive

input

• Supervision Types– Dual Resistor NO or NC

• Four States: Normal, Alarm, Short, Open

– Parallel Resistor NO or NC• Three States: Normal, Alarm,

Open/Short– Series Resistor NO or NC

• Three States: Normal, Alarm, Open/Short

– Unsupervised NO or NC• Two States: Normal, Alarm

3-pin outputs2-pin inputs

Position 1 2 3 4 1 2 3 4

#1

#2

7-pin readerconnectors

2-pin inputs

Position 1 2 3 4 5 6 7 8

Dual Resistors

Input State Resistance Values Normal 1k Ohms Alarm 0.5k Ohms or 2k Ohms Short 0 Ohms Open No Current

Normally Closed Parallel Resistor

Input State Resistance Values Normal 0 Ohms Alarm 1k Ohms Open No Current

Normally Closed Series Resistor

Input State Resistance Values Normal 1k Ohms Alarm No Current Short 0 Ohms

Normally Closed Unsupervised

Input State Resistance Values Normal 0 Ohms Alarm No Current

Normally Open Parallel Resistor

Input State Resistance Values Normal 1k Ohms Alarm 0 Ohms Open No Current

Normally Open Series Resistor

Input State Resistance Values Normal No Current Alarm 1 Ohms Short 0 Ohms

Normally Open Unsupervised

Input State Resistance Values Normal No Current Alarm 0 Ohms

Output Relay Connectors

Normally EnergizedNormally Not Energized

Local to Node Events

• Output activated by Portal Status• Timed or for Length of Status.

The Portal

• Access or Egress Point– Door

– Gate

– Turnstile

• Associate Inputs and Outputs– Readers, Keypads– Locks– Rex, DSM

• Events– Local to Node

• Outputs– System Wide

• Event Actions and Alarms

Momentary and Scheduled Actions

• Access Portals for impromptu unlock/lock– Momentary – quick unlock and relock

• Scheduled Portal Unlock– Used to temporarily unlock for one-time activity– Start time and date or Now– End time and date or after X period of time– Comment is a good idea – it documents unlock reason

Time Specs & Holidays

• Holidays: normal function does not apply unless specified as part of the controlling Time Spec.

– Define Beginning Date/Time and Ending Date/Time– 3 Holiday Groups: Must be in at least one group.

• Holidays are not part of Access Level unless specified in the Time Spec.

Time Specs & Holidays• Time Spec is a period of time definition

– 2 standard time specs (Cannot be changed)• Always• Never

– Specify Start and End Times– Days of the week and Holidays that apply

Time Specs: Where are they used?

• Access Level: Time Spec

• Floor Groups: Free Access Time Spec

• Portal Groups: Unlock Time Spec

• Alarm Panel: Auto Arm Time Spec

• Input Groups: Auto Arm Time Spec

• Output Groups: Auto Activate Time Spec

• Events – Enabled Time Spec

• Portals: – Keypad Time Spec,– Exit Reader Time Spec– Exit Keypad Time Spec

First in Unlock, (Monitored Unlock)

• Works with Portal Group Unlock Time Spec• Set up in System Rules

– Requires a special Access Level (You should limit who can do this)

– Set Unlock access level (required to activate unlock time spec)– Set Re-Lock access level (automatic relock at end of time spec)– Set reset time: resets to locked starting position.

• Portal Group must have– Unlock Time Spec and First In Unlock Rule

• Unlocks Door(s) with badge read during unlock time spec• Relock at end of unlock time spec or with Relock Access

Level badge read.

Threat Levels

• Pre-defined to match US Homeland Security Definition and color coding.

– You can add your own (snow day)– You can upload your own Threat

Icon• Use to mass change Access ability

- Quick Lock down - • Must Assign Threat Level Groups to all

Access Levels

• Activated by Event or Manually by pre-authorized person.

• Must reset after Threat Level has changed

– Manually (may require password)– Input Event with change Threat

Level action• Make sure someone has access

during Lock Down.

Passback and Tailgate Violations

• Definitions: – Passback is when a card is “passed back” to another person so

both can gain access on same card.– To Tailgate is to gain access without a valid card read and without

forced entry.

• Time may be used to determine passback violation.• Regions are used to determine either violation

– At least two regions required for passback violation.– At least three regions required for Tailgate violation.

Region 1

Uncontrolled

Uncontrolled

Reader A: In UncontrolledReader B: In Uncontrolled

Portal: Main EntranceReader 1. Reader A

Access to Region 1

Region 1Passback? - Time onlyTailgate? - No

Regions

Region 1

Uncontrolled

Uncontrolled

Reader A: In UncontrolledReader B: In UncontrolledReader C: In Region 1Reader D: In Region 1

Portal: Main EntranceReader 1. Reader A

Access to Region 1Reader 2. Reader C

Access to Uncontrolled

Region 1Passback? - Time or RegionTailgate? - No

Regions

Passback and Tailgate Violations

• Definitions: – Passback is when a card is “passed back” to another person so both

can gain access on same card.– To Tailgate is to gain access without a valid card read and without

forced entry.

• Time may be used to determine passback violation• Regions are used to determine either violation

– At least two regions required for passback violation.– At least three regions required for Tailgate violation.

• Actions to be taken (defined in Region definition)– Soft - Log entry but allow access– Hard - Log entry and deny access– Ignore – allow access.

Regions

Region 1

Region 3

Uncontrolled

Uncontrolled

Region 2

Reader D: In Region 3Reader E: In Region 2

Portal: Lab Back DoorReader 1. Reader E

Access to Region 3Reader 2. Reader D

Access to Region 2

Region 3Passback? - Time or RegionTailgating? - Region

Regions

Region 1

Region 3

Uncontrolled

Uncontrolled

Region 2

Reader B: In Region 1Reader C: In Region 3

Portal: Lab Front DoorReader 1. _________________

Access to ________Reader 2. _________________

Access to ________

Technical and Installation Information* For a password (must register on website):

– www.s2sys.com

– Support Phone: (508) 663-2505

S2 Support Central - Downloads

Miscellaneous Information

• Photo ID URL – Storage location for Person Pictures– Default on Controller /upload/pics– Off-board location NAS

• Photo ID Layout – default layout for badges• Enrollment Reader – for assigning access cards to People• Default Card Format – Can change when issuing cards• Hide Unpermitted Access Levels – Only allows certain User Roles to see

Access Levels• PIN entry timeout – System wide time allowed for PIN entry after card read.• ODBC Report user password – password protection for ODBC connection

direct to Network Controller for user defined reports.• Log Archive Interval – Time interval between automatic archive creation of

Activity Log.• Temperature Scale – For Temperature input unit of measure.• Unacknowledged Alarm Audio – Wave file to play once per minute during

unacknowledged alarm (System Wide Action)

Configure Remote Nodes

• Portable Node Configuration Utility

• Finds Nodes on network• Displays Node Address,

Netmask and Gateway• Assign Network Controller

Backups(Backup is only needed when you haven’t)(Murphy’s IT corollary)

• Automatic Backup daily.– System holds up to 6 weeks– Sunday is a full backup … all

others are differential backups.– Seventh week starts overwrite

of oldest backup.• Backup writes to CFC• Optional to NAS and FTP site.

– Must set up NAS or FTP address and password.

– Will not overwrite old backups.• Use “get” to off-load backup to

laptop or off-site.• Save, Shutdown or Reboot

save to ROM is automatic (v3.0 or higher).

Backups to NAS or FTP sites

• FTP Backup (File Transfer Protocol) web site.

• Network Storage (NAS=network attached storage).

System Upgrade

• Email Upgrade File (need i-button number, - serial number -)• Backup System• Upload patch file• Apply Upgrade• Backup System

Node Upgrade Activity Log

Node Disconnect for Upgrade

Node is back on-line

IP Camera Configuration

• The Install Guide has a list of IP cameras that we have tried but any IP Camera should work. System ships with a growing set of camera types.

• Camera Types are user configurable – see manufacturer’s documentation for pan, tilt, and zoom (PTZ) URLs etc.

IP Camera Configuration

• Camera Definition– IP Address of Camera (No http://)– IP Address of Control (No http://)– Port– If PTZ

• User Name• Password

IP Camera and NetBox Interface

S2Browser UI

VideoPTZ S

etup IP Address

Events• Something that requires action

– Door Forced– Door Held– Input in abnormal state– Designated Alarm Input– Motion Detected– Invalid Entry Attempt

• Acknowledgment may be required

– Send an SMS (text) message– Arm Alarm Panel– Disarm Alarm Panel– Move a Camera to a Preset (IP

cameras must be set up before you can use them in an Event)

– Save the event to an Activity Log– Record Video– Set a Threat Level

• Actions triggered by Event– Lock a Portal *– Unlock a Portal *– Momentarily unlock a Portal– Activate a Relay *– Deactivate a Relay *– Arm Input or Input Group– Pulse Output or Output Group– Send an Email

Events

Putting Events to Work

• Portal Status: System Wide Actions– React to Door State – React to Card Read

• Input Action: Off-normal event– Input activates Action(s)

Putting Events to Work

• Access Level Actions taken on entry– With Valid Entry

• Alarm Panel Actions based on Panel or Zone – Arm Failure– Activity in Armed Area

Putting Events to Work

• Temperature Events: Temp too High or too Low or Not Reading

• Node Status: Node Tamper, Timeout or Disconnect Alarm

Putting Events to Work

• Video Action: Record Video or Notify of Failed Camera– Normal activates when Camera returns to normal– Motion activates Recording– Fail activates when camera fails or stops communicating

Conceptually, the DVR and NVR are treated the same

DVR or NVR

S2Browser UI

Video

Setup

Floorplans

• Used to Monitor Activity or Status of– Portals – temporarily unlock– Cameras – thumbnail– Temperature – Graph of last hour, day, week.

• Link Detailed Floor Plans to General Floor Plans• Setup Sequence

– Upload jpg files– Define Floorplan– Place Resources

• Set Place• Resource type• Resource select• Save Floorplan

The Five Steps to DVR/NVR Setup

1: Complete the set up of the DVR/NVR.

2: Point the S2 NetBox to the DVR/NVR.

3: Verify live video from the NetBox interface.

4: Set up Video Motion Detection from DVR/NVR.

5: Set up Video Recording Actions from the NetBox.

1: Complete the set up of the NVR.

NVR Windows UI

Video Server S2 Milestone Generic Event BuilderS2 Milestone Service

1: Complete the set up of the NVR.

• Install the software:– NVR Systems software components.

– S2 OVIDServiceHandles communications between NVR and the S2 Netbox.Service should start itself.Service creates its own Event Log.Make sure you set “Overwrite events as needed”Service should add itself to the Windows Firewall (requires

Windows XP SP2).

– S2 Generic Event Builder (Included with OVID Service)Creates correct Start, Stop and PTZ events for each camera.

To open the Windows Firewall applet select Settings : Control Panel : Windows Firewall

1: Complete the set up of the DVR.

DVR B

rowse

r UI

1: Complete the set up of the DVR.

• Make sure you set up the cameras first, and verify that you can see live video through the DS2 interface.

• Be aware of browser capabilities.– DM is promoting use of Java over ActiveX.– JRE 1.4.2 or 5.0 required.– We are integrating their Java applet into our S2 NetBox

interface.

2: Point the S2 NetBox to the Milestone Server

Setup

MilestoneVideo Server

S2 Browser UI

2: Point the S2 NetBox to the DM DVR.

Setup

S2 Browser UI

DVR or NVR

Video

3: Verify live video from the NetBox interface.

S2 Browser UI

DVR or NVR

S2Browser UI

Video

4: Set up Video Motion Detection from NVR/DVR

VMD Events

Setup

VM

D

DVR or NVR

Video

5: Set up Video Recording Actions from NetBox

Events, VI, Triggers

Recording Events

VMD Events

Alarm Panels

• Identify 2 Inputs for “zone” and “armed” status from panel• One Output to allow arming or disarming from NetBox• Auto Arming

– Output to sound warning device.• Warning duration

– Auto Arming Time Spec (armed period).• When the panel should be armed.

– Auto Arm Inactivity Time• Length of time for panel to show all zones as inactive.

– Arm Panel request timeout – time to wait for armed status input.• 5 seconds longer than panel’s grace period.

– Disarm reader group – card read for disarm access level to disarm panel.– Disable reader group – disabled (deny access) readers when panel is

armed.• Events

– Specify Event to occur when there is failure to arm.– Event to occur when activity detected during armed period.

Elevator Control

Floors are mapped to button outputs

6

5

4

3

2

1

Elevator 1

Output 1

Output 2

Read

er 1

6

5

4

3

2

1

Elevator 2

Output 3

Output 4

Read

er 2Floor 6

Floor 5

Elevator Access Levels

654321

OK?

YES

Floor Groups and Free Access Time Spec

6

5

4

3

2

1

Elevator 1

Output 1

Output 2

Read

er E1

6

5

4

3

2

1

Elevator 2

Output 3

Output 4

Read

er E2

RestrictedAccess

FreeAccess

Other uses of Elevator Controls

Front Entrance

Floor 6 Thermostat

Floor 5 Thermostat

Personal Information

• Access Control– Badge– Access Level– PIN

• Photo ID• User Defined (optional)

– User Labels and fields– Display all or some

• Contact (optional)• Other Contact (optional)• Vehicle (optional)• Login

– User Roles– Widget Desktop Layouts

• Recent Activity

User Roles• Predefined Categories

– Partition Monitor – Monitor menu only– Partition Administrator – Monitor plus Administration menus– Partition (System) Setup – Setup plus Monitor and Administration menus

• Custom User Roles– Threat Level Group – Affects user system access – Monitor limitations

• Camera groups: view, go to presets, PTZ• Portal Groups: view, momentary unlock. extended unlock extended lock• Elevator Groups: view• Event Groups: view, acknowledge, clear actions• Floorplan Groups: view• Report Groups: run, edit• Layout Groups: run• Reader Groups: view photo IDs• Access Levels: assign

User Roles

– Administrator: Person Record limitations• View, Assign, Add, Edit, Delete, Lookup

– Add Administration Privileges– Add Setup Privileges

History Reports

• History Reports– Access History - General Event History– Portal Access Count by User - Custom Reports

Custom Report

System Reset and Evaluation

• Reset to Factory Defaults– Do Not Remove Power until after License Page– Use for configuring before going to the site.– Be sure to wait for single beep.

• Leave S2 NetBox Powered up and Plugged in• Tear out Evaluation page

– Fill in– Leave with instructor

Thank you for your attention!

Thanks for takingS2 NetTech Training