Upload
jama99
View
89
Download
3
Embed Size (px)
DESCRIPTION
genetec systwm v 2.1
Citation preview
Version 2.1
Innovative Solutions
Best Practices
Security Center
Access Control
genetec.com | Security Center | Best Practices 2
Table of Contents
HID units 3
Recommendations 3
Unit firmware compatibility 3
General versus dedicated inputs 4
VertX Hardware specifications 4
Cable Specifications 4
Mounting Instructions 5
Wiring Instructions 5
RS-485 Connections 5
About access control software and hardware 6
About offline, mixed, and online modes of operation 6
Card and PIN 8
Door with reader configuration 8
Door with two door sensors 8
HID VertX antipassback 8
Elevator Control 9
Offline IO Linking (VertX only) 9
Server configuration 10
Synchronization (Offline Data Synchronization) 10
Known issues 10
Software 10
HID unit known issues 11
genetec.com | Security Center | Best Practices 3
HID units
Recommendations
The v1000 physical rs-485 port 1 and 2 reside on logical bus 1 (p3), while port 3 and 4 reside on rs-485
logical bus 2 (p4).
The termination jumper should be in the "out" position for all v100 series panels except for the last v100
series panel on the rs-485 run. The last v100 series panel must have the termination jumper in the "in"
position.
The dial on the interface indicates the address of the VertX unit. . Do not duplicate addresses on the same
bus.
Although up to (any combination of) 32 interfaces is theoretically supported, for best performance it is
recommended to limit the number of interfaces to 20 distributed evenly on the two logical buses (eg. 10 units
per logical bus)
It is recommended to set a Static IP address to the network controller. The discovery process is different for
units that have a DHCP-assigned IP address. Discovery for DCHP address through multiple VLAN is not
supported. If the host is in a different VLAN than the controller, the unit cannot be set in DCHP.
It is recommended to isolate the controller on the network from broadcast traffic or unhandled multicast
The maximum number of character for the unit name should be 15 with avoiding spaces and special
characters.
Set a Here I Am Interval in the VertX controller to 90 sec
A VertX V300 dedicated to elevator control should only be used for elevator control and should not be used
to trigger non-elevator related outputs
The Doors sensor is by default set to NC not supervised, all other input points are defaulted for NO switches
and are unsupervised (no EOL resistors). Any input can be configured as NO or NC, as well as unsupervised
or supervised. They can be configured for supervisory resistors of 1K – 6K Ohm. The setup of supervised
inputs should be done during configuration of the VertX devices via the host. The default supervised input
configuration is done using two EOL 2k resistors.
By default the door will relock on door open, for double door it is recommended to set a minimum action time
on the relay to maintain it active during the whole grant access time
Unit firmware compatibility
Security Center is compatible with the unit firmware versions 2.2.7.18 and 2.2.7.39. The more recent firmware versions 2.2.7.49
and 2.2.7.70 (release expected August 17, 2011) are not compatible with Security Center. With 2.2.7.49, an HID patch needs to
be applied (2.2.7.49.1). Please refer to the release notes for the latest hardware compatibility list.
HID units should have the following Program and EEPROM firmware:
V100, V2000 (has a V100 interface board built-in), EdgePlus/EdgeReader : 113/110
V200 : 106/100
V300 : 107/104
genetec.com | Security Center | Best Practices 4
General versus dedicated inputs
When a unit is used to control a door, some inputs must be used only for their intended purpose (dedicated
inputs). For example, if a door has a REX sensor or a door sensor, the unit’s inputs intended for these
sensors must be used.
Unit Input When used as Required configuration
HID units (V100, V2000, and
Edge devices)
REX A REX input signal When any unit REX input is used for
a REX, you must also set:
Automatically grant request to exit in
the Door, Properties tab which
generates Request to exit events when
the input is triggered. Events are
logged, and can be used for event-to-
actions.
The input configuration in the Door,
Unit tab to program the unit to react
to a REX input by releasing the lock.
Another purpose (a
general purpose input)
Deselect Automatically grant
request to exit in the Door,
Properties tab.
Configure the input for a zone,
interlock, etc.
HID units (V100, V2000, and
Edge devices)
Door Monitor A door position sensor
input (door open or door
closed)
Set this in the input configuration in
the Door, Unit tab.
NOTE
This input cannot be used as a general
purpose
VertX Hardware specifications
Power Supply : 12-16VDC . It is recommended to use a supervised linear power supply with battery backup,
input surge protection, and AC Fail and battery low contact outputs.
Maximum Current at 12VDC per unit 1 Amp
For Edge product, power can be supplied using Power over Ethernet technology available with PoE (802.3af)
enabled network devices. The PoE source should be of class 3 to provide sufficient power.
Average operating current at 12VDC
o V1000 -210mA
o V2000 - 625mA (with two R40 iCLASS Readers)
o V100 - 450mA (with two R40 iCLASS Readers)
o V200 - 60mA
o V300 - 75mA
Unpowered, relay contracts are rated for 2A@30VDC
E400 is capable of supplying a total of 700 mA to field devices.
ER40 is capable of supplying a total of 600mA to field devices
Operating temperature range : 32°-122°F (0°-50°C)
Humidity 5% to 95% non-condensing
The E400 and ER40 are for intended for use in indoor environments
Cable Specifications
Cable Type : RS-485
Length : 4000 feet (1220 m) to host
Specification : Using Belden 3105A, 22AWG twisted pair, shielded 100 cable, or equivalent.
genetec.com | Security Center | Best Practices 5
Cable Type : Wiegand
Length : 500 feet (150 m) to reader
Specification : ALPHA 1299C, 22AWG, 9-conductor, stranded, overall shield. Fewer conductors needed if all
control lines are not used.
Cable Type : Ethernet
Length : 328 feet (100 m)
Specification : Cat5, Cat5E, and Cat6
Relays are dry contact rated for 2Amps @ 30VDC.
Mounting Instructions
The controllers and interface panels should always be mounted in a secure area.
Mount using the four mounting screws (provided) or other appropriate fasteners. Place the fasteners in the
corner holes of the base.
The VertX devices can be stacked with or without the cover. Do not remove the plastic base. Make sure you
position the VertX devices in such a way as to provide room for wiring, air-flow and cable runs.
Wiring Instructions
CAUTION: VertX controllers and panels are sensitive to Electrostatic Discharges (ESD). Observe
precautions while handling the circuit board assembly by using proper grounding straps and handling
precautions at all times.
Power and Alarm input connections (All VertX units): Connect power by providing 12VDC to the P7
connector. +12VDC goes to Pin 1 and ground to Pin 2.. Connect the Bat Fail and AC Fail inputs to battery
low/failure and AC failure contacts provided on the power supply. Connect the Tamper input to a tamper
switch on the enclosure.
Note: Connect the data return line to the same ground as the reader power if the reader is not powered by
the VertX units 12VDC.
The VertX controller should have a separate power supply than the maglock and other devices such as the
PIR
The relay output should be protected with a diode or suppressor circuit. On a edge powered on Ethernet a
non-protected relay could cause the unit to restart, on a VertX v100 or V300 on the long term the relay could
stop responding.
If in-rush current with maglock exceed the specification, a snubber circuit on the relay output should be
added (see HID technote)
Configure the tamper input to its proper state (NO/NC) even if it going to be disabled
For setup with REX mechanism built-in the door handle, it is recommend to increase the debounce time for
the door sensor to avoid false door forced open events
RS-485 Connections
The V1000 has two - RS-485 connectors and uses the 10-pin connector on P3 and P4. Each RS-485 bus
can support a maximum of 16 V100-Series panels using one or two ports.
Having two ports on each bus provides the option of splitting each RS-485 bus into two physical connections,
allowing a total of four physical connections for the two busses.
RS-485 busses must be connected in a daisy chain topology and not a star topology.
The V1000 termination jumper should be in the Out position if there are no panels attached to the port. If
there are downstream panels attached then the termination jumper should be in the In position.
CAUTION: The V1000 RS-485 Ports 1 & 2 (P1) are a common bus and therefore cannot have panels with
duplicate Interface Addresses assigned. The same is true of the V1000 RS-485, Ports 3 & 4 (P4). For
example, two panels, both with Interface Address 0 (factory default), cannot be connected to Ports 1 and/or 2
(P1).
genetec.com | Security Center | Best Practices 6
It is recommended to wire the RS-485 to the position of the P9 terminal block of the V100-Series panel. This
is especially important when the RS-485 communication is in a “daisy chain” configuration. If the RS-485 is
wired Inand Out , and power is lost, or the P9 terminal block is unplugged on a V100-Series panel, RS-485
communications will be lost to downstream V100-Series panels.
About access control software and hardware
Certain access control features may not be available depending on a unit’s mode of operation, the type of unit, the features
enabled on the unit, and the keypad reader options selected.
About offline, mixed, and online modes of operation
Mixed mode : The unit makes access control decisions locally based on information downloaded from Security
Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-
time
Offline : Communication with Security Center/Synergis has been lost. The unit makes access control decisions
locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access
granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis
when the network connection is re-established
genetec.com | Security Center | Best Practices 7
Feature HID offline mode
Card and PIN1 Varies according to a reader’s hardware options.
Card or PIN1 SupportedError! Bookmark not defined.
Elevator control2 Supported
Elevator floor tracking Not supported3
People counting for an area2 Not supported
Antipassback 4: Varies according to antipassback settings enabled with the ConfigTool.
Hard antipassback
(violation event generated and access is denied) Supported
Timed antipassback Not supported
Soft antipassback
(violation event generated and access is granted) Not supported
Interlock5 Supported
Lockdown and Interlock Override Supported
Readerless door6
(use an IO module for a REX, door state, and
door lock only)
Supported7
Extended Grant Times Supported
IO linking (Zone)
Action: Silence buzzer or Sound buzzer
(event- to-action)8 Supported
Event-to-action with Trigger output action Not supported
1 To ensure mixed mode and offline mode operation, the wiring for a door should be made to one unit (or HID VertX V100 interface module).
2 All units used for this feature must be assigned to the same AccessManager.
3 Event reporting is unavailable. Events are not regenerated when the unit returns to mixed mode or online mode.
4 Not supported with an area set to interlock.
5 If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, Synergis
may generate an ACCESS GRANTED event for the second door even though the second door does not unlock.
6 A readerless door does not generate a DOOR FORCED OPEN event. A readerless door does not support the buzzer feature.
7 There are no door activity reports while the unit is in this mode.
8 Not available with a readerless door.
genetec.com | Security Center | Best Practices 8
Card and PIN
Card and PIN operation depends on the type of unit and the keypad reader installed. For both HID iCLASS and Prox readers, the
“Keypad configuration setting option” is selected at the time of purchase. Supported options include the following:
• Option 00: “Keypad configuration setting option” of 00 = Buffer one key, no parity, 4-bit message.
• Option 14: “Keypad configuration setting option” of 14 = Buffer one to five keys (Standard 26-bit output). This reader option
is also known as “Galaxy Mode”.
Unit type HID keypad
reader option
Mixed mode Offline mode Observation
HID:
V1000 with V100
V2000
EdgePlus E400
“Keypad
configuration
setting option” of
14
Card or PIN. Card or PIN. The keypad readers can be used to
enroll PINs.
“Keypad
configuration
setting option” of
00
. Card or PIN.
Card and PIN on schedule. When
off- schedule, operation reverts to
card only
An unknown PIN will not generate
the Access denied: Unknown
credential event in Security
Center.
The reader cannot be used to enroll PINs for credential creation
PINs cannot have more than 5 digits when used with a VertX controller.
One limitation with Card and PIN (VertX) is that when the Card and PIN mode is on schedule, the reader reverts to card OR pin
out of schedule. This may be a security limitation as cardholders can use their PIN only to enter a door out of schedule as
opposed to using their card. Recommendation is that card and PIN mode be set on a 24/7 schedule (always).
When Card and PIN is enabled, card only or PIN only operations are not supported.
Door with reader configuration
A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for example door contact, REX) and
outputs (for example door lock) associated to that same device. Inputs and outputs must not be distributed across several devices.
Door with two door sensors
It is not recommended to configure a door with two door sensors (or door contacts) without physically wiring the sensors
together. Simply stated, two sensors wired together would be seen as a single sensor. In the Security Center, only a single door
sensor should be configured per door.
HID VertX antipassback
The antipassback feature works best once the access control system has been configured and the system is operational and relatively static. It is recommended to enable antipassback once the following entities have been properly configured and are not expected to change on a daily basis:
Unit time zones
Doors and associated readers
Areas (groups of doors)
Elevators and associated floors (including unlocking schedules)
Cardholder groups
Schedules (including card and PIN schedules)
Access rules
genetec.com | Security Center | Best Practices 9
The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):
You must use either the V1000 or V2000 for antipassback.
o V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.
o V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit
readers. Limitation in the number of doors is based on the number of V100 modules installed.
Antipassback is not recommended with the Edge product line for the following reasons:
o Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both
entry and exit readers.
o Peer-to-peer communication between Edge devices is not supported by Security Center.
• An area with antipassback must be configured for readers wired to, and doors managed by, the same unit
(V1000 or V2000) because
o Antipassback functions are handled by the unit (V1000 or V2000).
o The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices.
Interlock and Antipassback are mutually exclusive. Both cannot be enabled at the same time in a given area.
Elevator Control
Since the Edge devices have 2 outputs, you can use a dedicated Edge device to control access to a
maximum of 2 floors
The Edge devices can support floor tracking for up to 2 floors
Since the V2000 has 4 outputs, you can use a dedicated V2000 to control access to a maximum of 4 floors
For control of more than 4 floors, you need to go to a V1000
A V1000 only supports a single elevator cab and requires a dedicated V100, one or more dedicated V200s
and V300s.
V2000 can support floor tracking for up to 4 floors
A V2000 used for elevator control becomes dedicated to elevator control. Unused inputs and outputs cannot
be used anywhere else in Synergis, zone monitoring or IO linking
Offline IO Linking (VertX only)
Offline IO linking is only possible with Zone entities.
When using IO linking with the VertX in offline mode, timing may be inaccurate unless the output behavior
(pulse pattern) is properly configured.
It is strongly recommended that there should be at least 5 seconds between two state changes, e.g. states
changes from 0 to 1, wait minimum 5 seconds, state changes from 1 to 0.
genetec.com | Security Center | Best Practices 10
Server configuration
56000 inputs/outputs per AccessManager
Refer to the table below for numbers of chardolders supported by network controller and numbers of readers
per AccessManager
Unit # of readers per
AccessManager
Max. Cardholders
Base memory
Max. Cardholders
Memory add-on
Offline Event
Storage
EdgeReader 210 22,000 N/A 5,000
EdgePlus 210 22,000 N/A 5,000
VertX V2000 425 22,000 125,000 5,000
VertX V1000/V100 425 22,000 125,000 5,000
Synchronization (Offline Data Synchronization)
Max. 150 seconds to compute programming data for VertX (64 readers and 10,000 cardholders)
Fewer cardholders and/or readers reduce the computation time.
Less than 10 seconds to download data to a VertX (V1000, V2000, EdgeReader)
Can load between 25 and 50 VertX units (V1000, V2000, EdgeReader) in parallel
During the initial setup of a site or during an add-on, it is recommended to segment the access rule so that
existing doors don’t get affected by synchronization. Adding a single cardholder does not requiere a unit
synchronization, however change to a schedule would result in some task restart in the network controller
which might affect temporarly the other doors on the same controller.
Known issues
Please refer to the release notes for the latest list of known issues.
Software
An excessive number (in the thousands) of active alarms may considerably slow down the Security Desk
running the Alarm monitoring task
When installing a system with multiple Integration Services (IS), only the first IS is started after the installation
completes. Workaround: The remaining IS must be started from Microsoft Management Console – Services
Reports in the Security Desk are limited to 2000 results for events and 65536 results for configuration
genetec.com | Security Center | Best Practices 11
HID unit known issues
Unit discovery does not show the new name you give to a unit (in the unit Identities tab) until the unit is
rebooted or its power is cycled.
An HID VertX unit sometimes may not report an access decision during unit synchronization.
When a Door unlock schedule override is removed, there can be a delay of 40 seconds before the door’s unit
is fully re-programmed.
Setting a value for the REX unlock time in the Configuration GUI does not affect the actual time a REX
unlocks a door. The actual unlock time is the Grant Access Time value or the Minimum Time value (for an
output relay), whichever value is greater.
V200/V300: Periodic output behavior does not always toggle properly. Recommendation: Set output
transitions for a minimum duration of 5 seconds or more.
Elevator/IO - Unused outputs are all activated when an access rule is applied to an elevator.
Elevator control – Configuring an exception to unlock schedule (controlled access) on a floor without a
corresponding unlock schedule (free access) may cause the VertX controller to temporarily stop sending
events to the Access Manager
AC fail inputs If the VertX V1000 AC Fail input is used to monitor AC, then the AC Fail inputs on all interface
modules (V100, V200, V300) controlled by the V1000 can only be used for monitoring AC. Similarly, if the
V1000 AC Fail is used as a general purpose input, the AC Fail interface modules can also only be used for
general purpose inputs.
Battery fail inputs If the VertX V1000 Battery Fail input is used to monitor battery failure, then the Battery Fail
inputs on all interface modules (V100, V200, V300) controlled by the V1000 can only be used for monitoring
battery failure. Similarly, if the V1000 Battery Fail is used as a general purpose input, the Battery Fail
interface modules can also only be used for general purpose inputs.
VertX V1000 inputs and outputs cannot be used for the following purposes:
o A door REX, door sensor, door lock
o Elevator control or floor tracking
o Interlock, including the override or lockdown functions
o Readerless door
o IO linking (Zone)
o Door buzzer
The HID Edge device (EdgeReader or EdgePlus) can only be used to control a single door. You cannot use
two HID Edge devices to configure a door with two readers. The supported configuration for an Edge device
is a card-in /REX-out door
The timer for Door Held can be set to a maximum of 27 minutes
The clock on the controller could drift; a patch was issued by HID for firmware version 2.2.7.39. Firmware
version 2.2.7.49.1 has the fix embedded.