Best Practices_v2 1

Version 2.1

Innovative Solutions

Best Practices

Security Center

Access Control

genetec.com | Security Center | Best Practices 2

Table of Contents

HID units 3

Recommendations 3

Unit firmware compatibility 3

General versus dedicated inputs 4

VertX Hardware specifications 4

Cable Specifications 4

Mounting Instructions 5

Wiring Instructions 5

RS-485 Connections 5

About access control software and hardware 6

About offline, mixed, and online modes of operation 6

Card and PIN 8

Door with reader configuration 8

Door with two door sensors 8

HID VertX antipassback 8

Elevator Control 9

Offline IO Linking (VertX only) 9

Server configuration 10

Synchronization (Offline Data Synchronization) 10

Known issues 10

Software 10

HID unit known issues 11


HID units

Recommendations

The v1000 physical rs-485 port 1 and 2 reside on logical bus 1 (p3), while port 3 and 4 reside on rs-485

logical bus 2 (p4).

The termination jumper should be in the "out" position for all v100 series panels except for the last v100

series panel on the rs-485 run. The last v100 series panel must have the termination jumper in the "in"

position.

The dial on the interface indicates the address of the VertX unit. . Do not duplicate addresses on the same

bus.

Although up to (any combination of) 32 interfaces is theoretically supported, for best performance it is

recommended to limit the number of interfaces to 20 distributed evenly on the two logical buses (eg. 10 units

per logical bus)

It is recommended to set a Static IP address to the network controller. The discovery process is different for

units that have a DHCP-assigned IP address. Discovery for DCHP address through multiple VLAN is not

supported. If the host is in a different VLAN than the controller, the unit cannot be set in DCHP.

It is recommended to isolate the controller on the network from broadcast traffic or unhandled multicast

The maximum number of character for the unit name should be 15 with avoiding spaces and special

characters.

Set a Here I Am Interval in the VertX controller to 90 sec

A VertX V300 dedicated to elevator control should only be used for elevator control and should not be used

to trigger non-elevator related outputs

The Doors sensor is by default set to NC not supervised, all other input points are defaulted for NO switches

and are unsupervised (no EOL resistors). Any input can be configured as NO or NC, as well as unsupervised

or supervised. They can be configured for supervisory resistors of 1K – 6K Ohm. The setup of supervised

inputs should be done during configuration of the VertX devices via the host. The default supervised input

configuration is done using two EOL 2k resistors.

By default the door will relock on door open, for double door it is recommended to set a minimum action time

on the relay to maintain it active during the whole grant access time

Unit firmware compatibility

Security Center is compatible with the unit firmware versions 2.2.7.18 and 2.2.7.39. The more recent firmware versions 2.2.7.49

and 2.2.7.70 (release expected August 17, 2011) are not compatible with Security Center. With 2.2.7.49, an HID patch needs to

be applied (2.2.7.49.1). Please refer to the release notes for the latest hardware compatibility list.

HID units should have the following Program and EEPROM firmware:

V100, V2000 (has a V100 interface board built-in), EdgePlus/EdgeReader : 113/110

V200 : 106/100

V300 : 107/104


General versus dedicated inputs

When a unit is used to control a door, some inputs must be used only for their intended purpose (dedicated

inputs). For example, if a door has a REX sensor or a door sensor, the unit’s inputs intended for these

sensors must be used.

Unit Input When used as Required configuration

HID units (V100, V2000, and

Edge devices)

REX A REX input signal When any unit REX input is used for

a REX, you must also set:

Automatically grant request to exit in

the Door, Properties tab which

generates Request to exit events when

the input is triggered. Events are

logged, and can be used for event-to-

actions.

The input configuration in the Door,

Unit tab to program the unit to react

to a REX input by releasing the lock.

Another purpose (a

general purpose input)

Deselect Automatically grant

request to exit in the Door,

Properties tab.

Configure the input for a zone,

interlock, etc.

HID units (V100, V2000, and

Edge devices)

Door Monitor A door position sensor

input (door open or door

closed)

Set this in the input configuration in

the Door, Unit tab.

NOTE

This input cannot be used as a general

purpose

VertX Hardware specifications

Power Supply : 12-16VDC . It is recommended to use a supervised linear power supply with battery backup,

input surge protection, and AC Fail and battery low contact outputs.

Maximum Current at 12VDC per unit 1 Amp

For Edge product, power can be supplied using Power over Ethernet technology available with PoE (802.3af)

enabled network devices. The PoE source should be of class 3 to provide sufficient power.

Average operating current at 12VDC

o V1000 -210mA

o V2000 - 625mA (with two R40 iCLASS Readers)

o V100 - 450mA (with two R40 iCLASS Readers)

o V200 - 60mA

o V300 - 75mA

Unpowered, relay contracts are rated for 2A@30VDC

E400 is capable of supplying a total of 700 mA to field devices.

ER40 is capable of supplying a total of 600mA to field devices

Operating temperature range : 32°-122°F (0°-50°C)

Humidity 5% to 95% non-condensing

The E400 and ER40 are for intended for use in indoor environments

Cable Specifications

Cable Type : RS-485

Length : 4000 feet (1220 m) to host

Specification : Using Belden 3105A, 22AWG twisted pair, shielded 100 cable, or equivalent.


Cable Type : Wiegand

Length : 500 feet (150 m) to reader

Specification : ALPHA 1299C, 22AWG, 9-conductor, stranded, overall shield. Fewer conductors needed if all

control lines are not used.

Cable Type : Ethernet

Length : 328 feet (100 m)

Specification : Cat5, Cat5E, and Cat6

Relays are dry contact rated for 2Amps @ 30VDC.

Mounting Instructions

The controllers and interface panels should always be mounted in a secure area.

Mount using the four mounting screws (provided) or other appropriate fasteners. Place the fasteners in the

corner holes of the base.

The VertX devices can be stacked with or without the cover. Do not remove the plastic base. Make sure you

position the VertX devices in such a way as to provide room for wiring, air-flow and cable runs.

Wiring Instructions

CAUTION: VertX controllers and panels are sensitive to Electrostatic Discharges (ESD). Observe

precautions while handling the circuit board assembly by using proper grounding straps and handling

precautions at all times.

Power and Alarm input connections (All VertX units): Connect power by providing 12VDC to the P7

connector. +12VDC goes to Pin 1 and ground to Pin 2.. Connect the Bat Fail and AC Fail inputs to battery

low/failure and AC failure contacts provided on the power supply. Connect the Tamper input to a tamper

switch on the enclosure.

Note: Connect the data return line to the same ground as the reader power if the reader is not powered by

the VertX units 12VDC.

The VertX controller should have a separate power supply than the maglock and other devices such as the

PIR

The relay output should be protected with a diode or suppressor circuit. On a edge powered on Ethernet a

non-protected relay could cause the unit to restart, on a VertX v100 or V300 on the long term the relay could

stop responding.

If in-rush current with maglock exceed the specification, a snubber circuit on the relay output should be

added (see HID technote)

Configure the tamper input to its proper state (NO/NC) even if it going to be disabled

For setup with REX mechanism built-in the door handle, it is recommend to increase the debounce time for

the door sensor to avoid false door forced open events

RS-485 Connections

The V1000 has two - RS-485 connectors and uses the 10-pin connector on P3 and P4. Each RS-485 bus

can support a maximum of 16 V100-Series panels using one or two ports.

Having two ports on each bus provides the option of splitting each RS-485 bus into two physical connections,

allowing a total of four physical connections for the two busses.

RS-485 busses must be connected in a daisy chain topology and not a star topology.

The V1000 termination jumper should be in the Out position if there are no panels attached to the port. If

there are downstream panels attached then the termination jumper should be in the In position.

CAUTION: The V1000 RS-485 Ports 1 & 2 (P1) are a common bus and therefore cannot have panels with

duplicate Interface Addresses assigned. The same is true of the V1000 RS-485, Ports 3 & 4 (P4). For

example, two panels, both with Interface Address 0 (factory default), cannot be connected to Ports 1 and/or 2

(P1).


It is recommended to wire the RS-485 to the position of the P9 terminal block of the V100-Series panel. This

is especially important when the RS-485 communication is in a “daisy chain” configuration. If the RS-485 is

wired Inand Out , and power is lost, or the P9 terminal block is unplugged on a V100-Series panel, RS-485

communications will be lost to downstream V100-Series panels.

About access control software and hardware

Certain access control features may not be available depending on a unit’s mode of operation, the type of unit, the features

enabled on the unit, and the keypad reader options selected.

About offline, mixed, and online modes of operation

Mixed mode : The unit makes access control decisions locally based on information downloaded from Security

Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-

time

Offline : Communication with Security Center/Synergis has been lost. The unit makes access control decisions

locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access

granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis

when the network connection is re-established


Feature HID offline mode

Card and PIN1 Varies according to a reader’s hardware options.

Card or PIN1 SupportedError! Bookmark not defined.

Elevator control2 Supported

Elevator floor tracking Not supported3

People counting for an area2 Not supported

Antipassback 4: Varies according to antipassback settings enabled with the ConfigTool.

Hard antipassback

(violation event generated and access is denied) Supported

Timed antipassback Not supported

Soft antipassback

(violation event generated and access is granted) Not supported

Interlock5 Supported

Lockdown and Interlock Override Supported

Readerless door6

(use an IO module for a REX, door state, and

door lock only)

Supported7

Extended Grant Times Supported

IO linking (Zone)

Action: Silence buzzer or Sound buzzer

(event- to-action)8 Supported

Event-to-action with Trigger output action Not supported

1 To ensure mixed mode and offline mode operation, the wiring for a door should be made to one unit (or HID VertX V100 interface module).

2 All units used for this feature must be assigned to the same AccessManager.

3 Event reporting is unavailable. Events are not regenerated when the unit returns to mixed mode or online mode.

4 Not supported with an area set to interlock.

5 If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, Synergis

may generate an ACCESS GRANTED event for the second door even though the second door does not unlock.

6 A readerless door does not generate a DOOR FORCED OPEN event. A readerless door does not support the buzzer feature.

7 There are no door activity reports while the unit is in this mode.

8 Not available with a readerless door.


Card and PIN

Card and PIN operation depends on the type of unit and the keypad reader installed. For both HID iCLASS and Prox readers, the

“Keypad configuration setting option” is selected at the time of purchase. Supported options include the following:

• Option 00: “Keypad configuration setting option” of 00 = Buffer one key, no parity, 4-bit message.

• Option 14: “Keypad configuration setting option” of 14 = Buffer one to five keys (Standard 26-bit output). This reader option

is also known as “Galaxy Mode”.

Unit type HID keypad

reader option

Mixed mode Offline mode Observation

HID:

V1000 with V100

V2000

EdgePlus E400

“Keypad

configuration

setting option” of

14

Card or PIN. Card or PIN. The keypad readers can be used to

enroll PINs.

“Keypad

configuration

setting option” of

00

. Card or PIN.

Card and PIN on schedule. When

off- schedule, operation reverts to

card only

An unknown PIN will not generate

the Access denied: Unknown

credential event in Security

Center.

The reader cannot be used to enroll PINs for credential creation

PINs cannot have more than 5 digits when used with a VertX controller.

One limitation with Card and PIN (VertX) is that when the Card and PIN mode is on schedule, the reader reverts to card OR pin

out of schedule. This may be a security limitation as cardholders can use their PIN only to enter a door out of schedule as

opposed to using their card. Recommendation is that card and PIN mode be set on a 24/7 schedule (always).

When Card and PIN is enabled, card only or PIN only operations are not supported.

Door with reader configuration

A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for example door contact, REX) and

outputs (for example door lock) associated to that same device. Inputs and outputs must not be distributed across several devices.

Door with two door sensors

It is not recommended to configure a door with two door sensors (or door contacts) without physically wiring the sensors

together. Simply stated, two sensors wired together would be seen as a single sensor. In the Security Center, only a single door

sensor should be configured per door.

HID VertX antipassback

The antipassback feature works best once the access control system has been configured and the system is operational and relatively static. It is recommended to enable antipassback once the following entities have been properly configured and are not expected to change on a daily basis:

Unit time zones

Doors and associated readers

Areas (groups of doors)

Elevators and associated floors (including unlocking schedules)

Cardholder groups

Schedules (including card and PIN schedules)

Access rules


The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):

You must use either the V1000 or V2000 for antipassback.

o V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.

o V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit

readers. Limitation in the number of doors is based on the number of V100 modules installed.

Antipassback is not recommended with the Edge product line for the following reasons:

o Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both

entry and exit readers.

o Peer-to-peer communication between Edge devices is not supported by Security Center.

• An area with antipassback must be configured for readers wired to, and doors managed by, the same unit

(V1000 or V2000) because

o Antipassback functions are handled by the unit (V1000 or V2000).

o The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices.

Interlock and Antipassback are mutually exclusive. Both cannot be enabled at the same time in a given area.

Elevator Control

Since the Edge devices have 2 outputs, you can use a dedicated Edge device to control access to a

maximum of 2 floors

The Edge devices can support floor tracking for up to 2 floors

Since the V2000 has 4 outputs, you can use a dedicated V2000 to control access to a maximum of 4 floors

For control of more than 4 floors, you need to go to a V1000

A V1000 only supports a single elevator cab and requires a dedicated V100, one or more dedicated V200s

and V300s.

V2000 can support floor tracking for up to 4 floors

A V2000 used for elevator control becomes dedicated to elevator control. Unused inputs and outputs cannot

be used anywhere else in Synergis, zone monitoring or IO linking

Offline IO Linking (VertX only)

Offline IO linking is only possible with Zone entities.

When using IO linking with the VertX in offline mode, timing may be inaccurate unless the output behavior

(pulse pattern) is properly configured.

It is strongly recommended that there should be at least 5 seconds between two state changes, e.g. states

changes from 0 to 1, wait minimum 5 seconds, state changes from 1 to 0.


Server configuration

56000 inputs/outputs per AccessManager

Refer to the table below for numbers of chardolders supported by network controller and numbers of readers

per AccessManager

Unit # of readers per

AccessManager

Max. Cardholders

Base memory

Max. Cardholders

Memory add-on

Offline Event

Storage

EdgeReader 210 22,000 N/A 5,000

EdgePlus 210 22,000 N/A 5,000

VertX V2000 425 22,000 125,000 5,000

VertX V1000/V100 425 22,000 125,000 5,000

Synchronization (Offline Data Synchronization)

Max. 150 seconds to compute programming data for VertX (64 readers and 10,000 cardholders)

Fewer cardholders and/or readers reduce the computation time.

Less than 10 seconds to download data to a VertX (V1000, V2000, EdgeReader)

Can load between 25 and 50 VertX units (V1000, V2000, EdgeReader) in parallel

During the initial setup of a site or during an add-on, it is recommended to segment the access rule so that

existing doors don’t get affected by synchronization. Adding a single cardholder does not requiere a unit

synchronization, however change to a schedule would result in some task restart in the network controller

which might affect temporarly the other doors on the same controller.

Known issues

Please refer to the release notes for the latest list of known issues.

Software

An excessive number (in the thousands) of active alarms may considerably slow down the Security Desk

running the Alarm monitoring task

When installing a system with multiple Integration Services (IS), only the first IS is started after the installation

completes. Workaround: The remaining IS must be started from Microsoft Management Console – Services

Reports in the Security Desk are limited to 2000 results for events and 65536 results for configuration


HID unit known issues

Unit discovery does not show the new name you give to a unit (in the unit Identities tab) until the unit is

rebooted or its power is cycled.

An HID VertX unit sometimes may not report an access decision during unit synchronization.

When a Door unlock schedule override is removed, there can be a delay of 40 seconds before the door’s unit

is fully re-programmed.

Setting a value for the REX unlock time in the Configuration GUI does not affect the actual time a REX

unlocks a door. The actual unlock time is the Grant Access Time value or the Minimum Time value (for an

output relay), whichever value is greater.

V200/V300: Periodic output behavior does not always toggle properly. Recommendation: Set output

transitions for a minimum duration of 5 seconds or more.

Elevator/IO - Unused outputs are all activated when an access rule is applied to an elevator.

Elevator control – Configuring an exception to unlock schedule (controlled access) on a floor without a

corresponding unlock schedule (free access) may cause the VertX controller to temporarily stop sending

events to the Access Manager

AC fail inputs If the VertX V1000 AC Fail input is used to monitor AC, then the AC Fail inputs on all interface

modules (V100, V200, V300) controlled by the V1000 can only be used for monitoring AC. Similarly, if the

V1000 AC Fail is used as a general purpose input, the AC Fail interface modules can also only be used for

general purpose inputs.

Battery fail inputs If the VertX V1000 Battery Fail input is used to monitor battery failure, then the Battery Fail

inputs on all interface modules (V100, V200, V300) controlled by the V1000 can only be used for monitoring

battery failure. Similarly, if the V1000 Battery Fail is used as a general purpose input, the Battery Fail

interface modules can also only be used for general purpose inputs.

VertX V1000 inputs and outputs cannot be used for the following purposes:

o A door REX, door sensor, door lock

o Elevator control or floor tracking

o Interlock, including the override or lockdown functions

o Readerless door

o IO linking (Zone)

o Door buzzer

The HID Edge device (EdgeReader or EdgePlus) can only be used to control a single door. You cannot use

two HID Edge devices to configure a door with two readers. The supported configuration for an Edge device

is a card-in /REX-out door

The timer for Door Held can be set to a maximum of 27 minutes

The clock on the controller could drift; a patch was issued by HID for firmware version 2.2.7.39. Firmware

version 2.2.7.49.1 has the fix embedded.

Documents

Best Practices_v2 1