nettech rich ames :training. ip network alarm door lock reader portal 6 5 4 3 2 1 elevator lighting...
TRANSCRIPT
NetTech
Rich Ames :Training
IP Network
Alarm
Door LockReader
Portal
6
5
4
3
2
1
ElevatorLighting
NetBox
Security Monitor
Remote Support
Security Administrator
IP Camera Video Recorder
Analog Camera
Alarm Panel
NetBox Node
Temp Probe
IP Camera (PTZ)
Photo ID Camera Photo ID Badge
Printing
S2 System Architecture
Door Lock
Portal
Reader
Internet
Temp Probe
Door Lock
Portal
NetDoor Node
IP Network
Reader
GateReader
Portal
Network Controller, Node & Expansion Blades
NetDoor Node, with Access Blade
IP N
etwork
Controller192.168.0.250
Node192.168.0.245
Node192.168.0.220
192.168.0.237
NetDoor Node
192.168.1.201
NetDoor Node
Internet
S2 System
S2 Hardware Standard (Solid State) LimitationsS2 Net Box Nodes per
System 24
Card Readers per System 140 Tested/Certified
Access Cards per System 60,000
Card Formats 32
Simultaneous Users 10
Alarm Input Points 500
Output Dry Contacts 500
Temperature Probe Inputs 500
Online event history log 50,000 records
Time specifications 100
Threat Levels 8
Holidays 30
Cards per person 100
S2 Hardware Enterprise (Hard Disk) LimitationsS2 Net Box Nodes per
System 256
Card Readers per System 3500
Access Cards per System 150,000
Card Formats 32
Simultaneous Users 25
Alarm Input Points 7168 *
Output Dry Contacts 7168 *
Temperature Probe Inputs 7168 *
Online event history log 50,000 records
Time specifications 100
Threat Levels 8
Holidays 30
Cards per person 100
Enterprise System
Enterprise Controller
S2 Combo Board
Controller LEDNC to NNNC to NN SpeedNN CountN ComConnectionActivity
Node LEDActionCo-ProcessorNN ComPowerNN to NC SpeedNN to NC Activity
Initmode
• Starting point with new NetBox Controller
• Set IP Address (Controller starts on “0” subnet)
• Set Time (Controller)• Email Settings• Initmode (turn off?)
Localization
• Date Formats– 05/31/2004– 31/05/2004– 2004/05/31
• Languages– English - Spanish– Thai - Italian – French - Japanese – Portuguese - Chinese
Network Port Usage
Securing NetBox Data:
S2 NetBoxNetwork Node
S2 NetBoxNetwork
Controller
Browser
Other Systems(NBAPI)
Encryption
Authentication/Tamper Detection
SSLUser Authentication
Roles-based UI Authorization
Authentication/Tamper Detection
SSL
Assumption: Interactions between the various networked components in any Network are not inherently secure.
For the S2 System,
each of these pathways is secured.
Secure by Design
• Minimal security vulnerabilities:– The NetBox is a “locked down” networked information appliance.
• S2 controls the software/firmware that is on it.
– The NetBox has a single purpose.• It is not a general purpose computer.
• Minimal chance for virus attacks
• Network Security– User Login, User Roles, Session Token– SSL– Encryption– Authentication & Tamper Detection
Access Blade & NetDoor Blade
REX (Input)
Buzzer (Alarm > Output)
DSM (Input)
Door Lock (Alarm > Output)
Card Reader (Reader/Keypad)
3-pin outputs2-pin inputs
Position 1 2 3 4 1 2 3 4
#1
#2
7-pin readerconnectors
Access Blade
Reader 1
Reader 2
1234
1234
Temp Input
OutputsInputs
Net Door
Access Control Blade
• Two card reader connectors– Readers using standard Wiegand output
up to 128 bits are supported.– 500 feet (152 meters)
• Four Supervised Inputs– Door contacts and REX devices.– Standard two wire inputs (supervised or
unsupervised).– 2000 feet (610 meters)
• Four Relay Outputs– Strike output, door opener, buzzer.– Standard 3 pin normally open or normally
closed.– 2000 feet (610 meters)
• NOTE: Inputs and Outputs not used for door hardware can be used for other functions.
3-pin outputs2-pin inputs
Position 1 2 3 4 1 2 3 4
#1
#2
7-pin readerconnectors
2 Wiegand Readers
4 Inputs 4 Outputs
Alarm Inputs
• 8 Standard two wire inputs.
• A variety of supervised and unsupervised inputs can be configured: PIR, Exit Request, Alarm button. Door Status Monitor
• Input blade barcode numerals begin with “01.”
2-pin inputs
Position 1 2 3 4 5 6 7 8
Input State Resistance Values Normal 1k Ohms Alarm 0.5k Ohms or 2k Ohms Short 0 Ohms Open No Current
Temperature Inputs
• 8 Standard two wire inputs.
• S2 temperature probe. Max distance 500 ft. (1000 ft with Category 5 wire)
• Operating Range: -55º C to 100º C (-67° F to 212° F)
• Temperature blade barcode numerals begin with “08.”
• NOTE: For distances up to 500 feet (152.4 meters) use Category 3 cable. For distances over 500 feet up to 1000 feet (304.8 meters) use Category 5 cable.
2-pin inputs
Position 1 2 3 4 5 6 7 8
Output Blade 3-pin outputs
Position 1 2 3 4 5 6 7 8
Output devices: Strikes,Mag locks, sounders, etc.
• Eight 3-pin output relays– Standard normally open or
normally closed Form C Relays– Suitable for controlling many
strikes, but a step up relay should be used for magnetic locks.
– Max ratings: 30 Volts DC or AC, 2.5 Amps inductive or 5.0 Amps non-inductive
– Requires appropriate suppression: MOVs or diodes
Expansion Slots
Slots 0 1 2 3 4 5 6 7
Slot 0 is for the Controller/Node
0
Slot/Connector Positions
The Portal
• Access or Egress Point– Door
– Gate
– Turnstile
• Associate Inputs and Outputs– Readers, Keypads– Locks– Rex, DSM
REX (Input)
Buzzer (Alarm > Output)
DSM (Input)
Door Lock (Alarm > Output)
Card Reader (Reader/Keypad)
3-pin outputs2-pin inputs
Position 1 2 3 4 1 2 3 4
#1
#2
7-pin readerconnectors
Access Blade & Portal
Access BladePortal
10 Steps to Gain Simple Access
1. Wire and connect a Reader and Door Lock.
2. Define a Reader
3. Define an Output (Lock)
4. Define a Portal with Reader and Lock
Basic Access Requirements
Lock
Portal
Reader
10 Steps to Gain Simple Access
1. Wire and connect a Reader and Door Lock.
2. Define a Reader
3. Define an Output (Lock)
4. Define a Portal with Reader and Lock
5. Define a Card Format
Decoding Credentials
• Test and Compare to determine format• Decode content
Basic Access Requirements
Lock
Portal
Reader
10 Steps to Gain Simple Access
1. Wire and connect a Reader and Door Lock.
2. Define a Reader
3. Define an Output (Lock)
4. Define a Portal with Reader and Lock
5. Define a Card Format
6. Define an Access Level for Readers/Groups
Basic Access Requirements
Lock
Portal
Access Level
Reader(s)
Time Spec
Reader
10 Steps to Gain Simple Access
1. Wire and connect a Reader and Door Lock.
2. Define a Reader
3. Define an Output (Lock)
4. Define a Portal with Reader and Lock
5. Define a Card Format
6. Define an Access Level for Readers/Groups
7. Add a Person
8. Assign a Card
9. Assign an Access Level
Basic Access Requirements
Lock
Portal
Person (Card Holder) Record
Access Level
Reader(s)
Time Spec
Reader
10 Steps to Gain Simple Access
1. Wire and connect a Reader and Door Lock.
2. Define a Reader
3. Define an Output (Lock)
4. Define a Portal with Reader and Lock
5. Define a Card Format
6. Define an Access Level for Readers/Groups
7. Add a Person
8. Assign a Card
9. Assign an Access Level
10. Present the card to the reader to unlock the Door
Basic Access Requirements
Lock
Portal
Person (Card Holder) Record
Access Level
Reader(s)
Time Spec
Reader
NetBoxNavigation
Card or Keypad vs Card + PIN• Card or Keypad entry:
– Reader defined • Reader only
– Keypad Format• Credential format
– Portal • Reader Only
• Card + PIN– Reader defined
• Reader or Reader + Keypad
– Keypad Format• For Keypad
– Portal• Reader• Keypad
Personal Information
• Optional Tabs– Contact– Other Contact– User Defined– Vehicles (Parking)
• User Defined Tab– 20 fields available– User Defined Labels for Tab and Fields.– Show? Y/N– Use fields for sorting and filtering reports
Photo ID
• License required (Badge)– Supports Canon PowerShot digital cameras A70, A75, A80, A85,
A95, A510, A520, A620, A640, G3, G5, G6, G7, G9, Pro 1, S3 IS, S5 IS, S70, S80 and SX100 IS
Support Information
Your Company Contact Information • On “Dealer Info” Page • On “About” page
Support Information
Your Company Contact Information • On Dealer Page • On “About” page
Inputs
• Two Pin Relays– Used to monitor status or receive
input
• Supervision Types– Dual Resistor NO or NC
• Four States: Normal, Alarm, Short, Open
– Parallel Resistor NO or NC• Three States: Normal, Alarm,
Open/Short– Series Resistor NO or NC
• Three States: Normal, Alarm, Open/Short
– Unsupervised NO or NC• Two States: Normal, Alarm
3-pin outputs2-pin inputs
Position 1 2 3 4 1 2 3 4
#1
#2
7-pin readerconnectors
2-pin inputs
Position 1 2 3 4 5 6 7 8
Dual Resistors
Input State Resistance Values Normal 1k Ohms Alarm 0.5k Ohms or 2k Ohms Short 0 Ohms Open No Current
Normally Closed Parallel Resistor
Input State Resistance Values Normal 0 Ohms Alarm 1k Ohms Open No Current
Normally Closed Series Resistor
Input State Resistance Values Normal 1k Ohms Alarm No Current Short 0 Ohms
Normally Closed Unsupervised
Input State Resistance Values Normal 0 Ohms Alarm No Current
Normally Open Parallel Resistor
Input State Resistance Values Normal 1k Ohms Alarm 0 Ohms Open No Current
Normally Open Series Resistor
Input State Resistance Values Normal No Current Alarm 1 Ohms Short 0 Ohms
Normally Open Unsupervised
Input State Resistance Values Normal No Current Alarm 0 Ohms
Output Relay Connectors
Normally EnergizedNormally Not Energized
Local to Node Events
• Output activated by Portal Status• Timed or for Length of Status.
The Portal
• Access or Egress Point– Door
– Gate
– Turnstile
• Associate Inputs and Outputs– Readers, Keypads– Locks– Rex, DSM
• Events– Local to Node
• Outputs– System Wide
• Event Actions and Alarms
Momentary and Scheduled Actions
• Access Portals for impromptu unlock/lock– Momentary – quick unlock and relock
• Scheduled Portal Unlock– Used to temporarily unlock for one-time activity– Start time and date or Now– End time and date or after X period of time– Comment is a good idea – it documents unlock reason
Time Specs & Holidays
• Holidays: normal function does not apply unless specified as part of the controlling Time Spec.
– Define Beginning Date/Time and Ending Date/Time– 3 Holiday Groups: Must be in at least one group.
• Holidays are not part of Access Level unless specified in the Time Spec.
Time Specs & Holidays• Time Spec is a period of time definition
– 2 standard time specs (Cannot be changed)• Always• Never
– Specify Start and End Times– Days of the week and Holidays that apply
Time Specs: Where are they used?
• Access Level: Time Spec
• Floor Groups: Free Access Time Spec
• Portal Groups: Unlock Time Spec
• Alarm Panel: Auto Arm Time Spec
• Input Groups: Auto Arm Time Spec
• Output Groups: Auto Activate Time Spec
• Events – Enabled Time Spec
• Portals: – Keypad Time Spec,– Exit Reader Time Spec– Exit Keypad Time Spec
First in Unlock, (Monitored Unlock)
• Works with Portal Group Unlock Time Spec• Set up in System Rules
– Requires a special Access Level (You should limit who can do this)
– Set Unlock access level (required to activate unlock time spec)– Set Re-Lock access level (automatic relock at end of time spec)– Set reset time: resets to locked starting position.
• Portal Group must have– Unlock Time Spec and First In Unlock Rule
• Unlocks Door(s) with badge read during unlock time spec• Relock at end of unlock time spec or with Relock Access
Level badge read.
Threat Levels
• Pre-defined to match US Homeland Security Definition and color coding.
– You can add your own (snow day)– You can upload your own Threat
Icon• Use to mass change Access ability
- Quick Lock down - • Must Assign Threat Level Groups to all
Access Levels
• Activated by Event or Manually by pre-authorized person.
• Must reset after Threat Level has changed
– Manually (may require password)– Input Event with change Threat
Level action• Make sure someone has access
during Lock Down.
Passback and Tailgate Violations
• Definitions: – Passback is when a card is “passed back” to another person so
both can gain access on same card.– To Tailgate is to gain access without a valid card read and without
forced entry.
• Time may be used to determine passback violation.• Regions are used to determine either violation
– At least two regions required for passback violation.– At least three regions required for Tailgate violation.
Region 1
Uncontrolled
Uncontrolled
Reader A: In UncontrolledReader B: In Uncontrolled
Portal: Main EntranceReader 1. Reader A
Access to Region 1
Region 1Passback? - Time onlyTailgate? - No
Regions
Region 1
Uncontrolled
Uncontrolled
Reader A: In UncontrolledReader B: In UncontrolledReader C: In Region 1Reader D: In Region 1
Portal: Main EntranceReader 1. Reader A
Access to Region 1Reader 2. Reader C
Access to Uncontrolled
Region 1Passback? - Time or RegionTailgate? - No
Regions
Passback and Tailgate Violations
• Definitions: – Passback is when a card is “passed back” to another person so both
can gain access on same card.– To Tailgate is to gain access without a valid card read and without
forced entry.
• Time may be used to determine passback violation• Regions are used to determine either violation
– At least two regions required for passback violation.– At least three regions required for Tailgate violation.
• Actions to be taken (defined in Region definition)– Soft - Log entry but allow access– Hard - Log entry and deny access– Ignore – allow access.
Regions
Region 1
Region 3
Uncontrolled
Uncontrolled
Region 2
Reader D: In Region 3Reader E: In Region 2
Portal: Lab Back DoorReader 1. Reader E
Access to Region 3Reader 2. Reader D
Access to Region 2
Region 3Passback? - Time or RegionTailgating? - Region
Regions
Region 1
Region 3
Uncontrolled
Uncontrolled
Region 2
Reader B: In Region 1Reader C: In Region 3
Portal: Lab Front DoorReader 1. _________________
Access to ________Reader 2. _________________
Access to ________
Technical and Installation Information* For a password (must register on website):
– www.s2sys.com
– Support Phone: (508) 663-2505
S2 Support Central - Downloads
Miscellaneous Information
• Photo ID URL – Storage location for Person Pictures– Default on Controller /upload/pics– Off-board location NAS
• Photo ID Layout – default layout for badges• Enrollment Reader – for assigning access cards to People• Default Card Format – Can change when issuing cards• Hide Unpermitted Access Levels – Only allows certain User Roles to see
Access Levels• PIN entry timeout – System wide time allowed for PIN entry after card read.• ODBC Report user password – password protection for ODBC connection
direct to Network Controller for user defined reports.• Log Archive Interval – Time interval between automatic archive creation of
Activity Log.• Temperature Scale – For Temperature input unit of measure.• Unacknowledged Alarm Audio – Wave file to play once per minute during
unacknowledged alarm (System Wide Action)
Configure Remote Nodes
• Portable Node Configuration Utility
• Finds Nodes on network• Displays Node Address,
Netmask and Gateway• Assign Network Controller
Backups(Backup is only needed when you haven’t)(Murphy’s IT corollary)
• Automatic Backup daily.– System holds up to 6 weeks– Sunday is a full backup … all
others are differential backups.– Seventh week starts overwrite
of oldest backup.• Backup writes to CFC• Optional to NAS and FTP site.
– Must set up NAS or FTP address and password.
– Will not overwrite old backups.• Use “get” to off-load backup to
laptop or off-site.• Save, Shutdown or Reboot
save to ROM is automatic (v3.0 or higher).
Backups to NAS or FTP sites
• FTP Backup (File Transfer Protocol) web site.
• Network Storage (NAS=network attached storage).
System Upgrade
• Email Upgrade File (need i-button number, - serial number -)• Backup System• Upload patch file• Apply Upgrade• Backup System
Node Upgrade Activity Log
Node Disconnect for Upgrade
Node is back on-line
IP Camera Configuration
• The Install Guide has a list of IP cameras that we have tried but any IP Camera should work. System ships with a growing set of camera types.
• Camera Types are user configurable – see manufacturer’s documentation for pan, tilt, and zoom (PTZ) URLs etc.
IP Camera Configuration
• Camera Definition– IP Address of Camera (No http://)– IP Address of Control (No http://)– Port– If PTZ
• User Name• Password
IP Camera and NetBox Interface
S2Browser UI
VideoPTZ S
etup IP Address
Events• Something that requires action
– Door Forced– Door Held– Input in abnormal state– Designated Alarm Input– Motion Detected– Invalid Entry Attempt
• Acknowledgment may be required
– Send an SMS (text) message– Arm Alarm Panel– Disarm Alarm Panel– Move a Camera to a Preset (IP
cameras must be set up before you can use them in an Event)
– Save the event to an Activity Log– Record Video– Set a Threat Level
• Actions triggered by Event– Lock a Portal *– Unlock a Portal *– Momentarily unlock a Portal– Activate a Relay *– Deactivate a Relay *– Arm Input or Input Group– Pulse Output or Output Group– Send an Email
Events
Putting Events to Work
• Portal Status: System Wide Actions– React to Door State – React to Card Read
• Input Action: Off-normal event– Input activates Action(s)
Putting Events to Work
• Access Level Actions taken on entry– With Valid Entry
• Alarm Panel Actions based on Panel or Zone – Arm Failure– Activity in Armed Area
Putting Events to Work
• Temperature Events: Temp too High or too Low or Not Reading
• Node Status: Node Tamper, Timeout or Disconnect Alarm
Putting Events to Work
• Video Action: Record Video or Notify of Failed Camera– Normal activates when Camera returns to normal– Motion activates Recording– Fail activates when camera fails or stops communicating
Conceptually, the DVR and NVR are treated the same
DVR or NVR
S2Browser UI
Video
Setup
Floorplans
• Used to Monitor Activity or Status of– Portals – temporarily unlock– Cameras – thumbnail– Temperature – Graph of last hour, day, week.
• Link Detailed Floor Plans to General Floor Plans• Setup Sequence
– Upload jpg files– Define Floorplan– Place Resources
• Set Place• Resource type• Resource select• Save Floorplan
The Five Steps to DVR/NVR Setup
1: Complete the set up of the DVR/NVR.
2: Point the S2 NetBox to the DVR/NVR.
3: Verify live video from the NetBox interface.
4: Set up Video Motion Detection from DVR/NVR.
5: Set up Video Recording Actions from the NetBox.
1: Complete the set up of the NVR.
NVR Windows UI
Video Server S2 Milestone Generic Event BuilderS2 Milestone Service
1: Complete the set up of the NVR.
• Install the software:– NVR Systems software components.
– S2 OVIDServiceHandles communications between NVR and the S2 Netbox.Service should start itself.Service creates its own Event Log.Make sure you set “Overwrite events as needed”Service should add itself to the Windows Firewall (requires
Windows XP SP2).
– S2 Generic Event Builder (Included with OVID Service)Creates correct Start, Stop and PTZ events for each camera.
To open the Windows Firewall applet select Settings : Control Panel : Windows Firewall
1: Complete the set up of the DVR.
DVR B
rowse
r UI
1: Complete the set up of the DVR.
• Make sure you set up the cameras first, and verify that you can see live video through the DS2 interface.
• Be aware of browser capabilities.– DM is promoting use of Java over ActiveX.– JRE 1.4.2 or 5.0 required.– We are integrating their Java applet into our S2 NetBox
interface.
2: Point the S2 NetBox to the Milestone Server
Setup
MilestoneVideo Server
S2 Browser UI
2: Point the S2 NetBox to the DM DVR.
Setup
S2 Browser UI
DVR or NVR
Video
3: Verify live video from the NetBox interface.
S2 Browser UI
DVR or NVR
S2Browser UI
Video
4: Set up Video Motion Detection from NVR/DVR
VMD Events
Setup
VM
D
DVR or NVR
Video
5: Set up Video Recording Actions from NetBox
Events, VI, Triggers
Recording Events
VMD Events
Alarm Panels
• Identify 2 Inputs for “zone” and “armed” status from panel• One Output to allow arming or disarming from NetBox• Auto Arming
– Output to sound warning device.• Warning duration
– Auto Arming Time Spec (armed period).• When the panel should be armed.
– Auto Arm Inactivity Time• Length of time for panel to show all zones as inactive.
– Arm Panel request timeout – time to wait for armed status input.• 5 seconds longer than panel’s grace period.
– Disarm reader group – card read for disarm access level to disarm panel.– Disable reader group – disabled (deny access) readers when panel is
armed.• Events
– Specify Event to occur when there is failure to arm.– Event to occur when activity detected during armed period.
Elevator Control
Floors are mapped to button outputs
6
5
4
3
2
1
Elevator 1
Output 1
Output 2
Read
er 1
6
5
4
3
2
1
Elevator 2
Output 3
Output 4
Read
er 2Floor 6
Floor 5
Elevator Access Levels
654321
OK?
YES
Floor Groups and Free Access Time Spec
6
5
4
3
2
1
Elevator 1
Output 1
Output 2
Read
er E1
6
5
4
3
2
1
Elevator 2
Output 3
Output 4
Read
er E2
RestrictedAccess
FreeAccess
Other uses of Elevator Controls
Front Entrance
Floor 6 Thermostat
Floor 5 Thermostat
Personal Information
• Access Control– Badge– Access Level– PIN
• Photo ID• User Defined (optional)
– User Labels and fields– Display all or some
• Contact (optional)• Other Contact (optional)• Vehicle (optional)• Login
– User Roles– Widget Desktop Layouts
• Recent Activity
User Roles• Predefined Categories
– Partition Monitor – Monitor menu only– Partition Administrator – Monitor plus Administration menus– Partition (System) Setup – Setup plus Monitor and Administration menus
• Custom User Roles– Threat Level Group – Affects user system access – Monitor limitations
• Camera groups: view, go to presets, PTZ• Portal Groups: view, momentary unlock. extended unlock extended lock• Elevator Groups: view• Event Groups: view, acknowledge, clear actions• Floorplan Groups: view• Report Groups: run, edit• Layout Groups: run• Reader Groups: view photo IDs• Access Levels: assign
User Roles
– Administrator: Person Record limitations• View, Assign, Add, Edit, Delete, Lookup
– Add Administration Privileges– Add Setup Privileges
History Reports
• History Reports– Access History - General Event History– Portal Access Count by User - Custom Reports
Custom Report
System Reset and Evaluation
• Reset to Factory Defaults– Do Not Remove Power until after License Page– Use for configuring before going to the site.– Be sure to wait for single beep.
• Leave S2 NetBox Powered up and Plugged in• Tear out Evaluation page
– Fill in– Leave with instructor
Thank you for your attention!
Thanks for takingS2 NetTech Training