BIS 2.2 - Access Engine Installation manual
en
Installation manual
BIS 2.2 - Access Engine
Table of Contents | en
3
Table of Contents 1
Introduction
8
2
Upgrade
10
2.1
Upgrade matrix
10
2.2
Upgrade from BIS 2.1 to BIS 2.2
10
2.3
Updating Controller (LAC) Software
15
3
Server installation
17
3.1
Standalone system
18
3.2
Distributed system
18
3.2.1
Login server
19
3.2.2
Remote server
20
3.2.3
Configuring a distributed system
21
3.3
Server workstation
22
4
System configuration
24
4.1
Starting the Configuration Browser
24
4.2
Setting up a configuration
25
4.2.1
Creating an initial configuration
25
4.2.2
Creating additional configurations
27
4.3
Loading a configuration
29
4.4
Copying configuration changes
30
4.5
Setting up BIS user
30
4.6
Further Settings
31
4.6.1
Definition of Custom fields
31
4.6.2
PIN Code Settings
31
4.6.3
Card encoding
31
4.6.4
Card readers at Access Engine workstations
32
5
Setting up additional workstations
33
5.1
General Settings
33
5.1.1
Installation at a workstation
33
5.1.2
Setting up the Configuration Browser
34
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
4
en | Table of Contents
BIS 2.2 - Access Engine
5.1.3
Configuring Internet Explorer
35
5.1.4
Connecting a dialog reader
38
5.2
Setting up Card Personalization
41
5.2.1
Software
41
5.2.2
Hardware
42
5.2.3
Creating Badge Layouts
42
5.2.4
Printing Badges
43
5.2.5
Creating card layouts
46
5.2.6
Creating cards
47
6
User administration
48
6.1
Standard users
49
6.2
User and workstation profiles
49
6.2.1
Setting up user profiles
49
6.2.2
Setting up workstation profiles
51
6.2.3
How profiles work
54
6.3
Creating new Access Engine users
58
6.4
Users of a server workstation
60
6.4.1
User with Administrator profile
60
6.4.2
User with new profile
61
6.5
Users of other workstations
62
6.5.1
Existing user on new workstation
62
6.5.2
New user on existing workstation
63
6.5.3
New user on new workstation
63
7
Connecting the controllers
65
7.1
General
65
7.1.1
Creating the controllers in the device editor
66
7.2
Ethernet
67
7.3
I/O - Extension boards
67
7.3.1
Hardware installation
67
7.3.2
Software configuration
67
8
Connecting readers and doors
69
8.1
Readers for AMC2
69
8.2
Interface allocations
70
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Table of Contents | en
5
8.2.1
Printout of the configuration data
70
8.2.2
Installation documentation
72
9
Setting System Parameters with SPEdit
73
9.1
Starting the SPEdit
73
9.2
Display the Last Access in the Status Bar
74
9.3
Listbox or Search Dialog for Companies
74
9.4
Making Company a required field
75
9.5
Toolbar of the Reports Preview
75
9.6
Valid-From Date for Authorizations
76
9.7
Valid-From Date for Lockouts
77
9.8
Visitor Profiles Only
77
10
DMS - Data Management System
78
10.1
System operation
78
10.1.1
Starting
78
10.1.2
Closing
81
10.1.3
The master console
81
10.1.4
Process control
86
10.2
Server Processes
90
10.2.1
Summary
90
10.2.2
Loggifier
92
10.2.3
ACSP - process for access control
93
10.2.4
Transactors
96
10.2.5
AEOPC
101
10.2.6
MDS (QueryServer)
101
10.2.7
Report Server (REPS)
102
10.2.8
State Information Process (SIPServer)
103
10.2.9
Time Attendant Account Exchange (TAccEXC)
104
10.3
Batch processes
104
10.3.1
Overview
104
10.3.2
Lock-Out Process (LOP)
105
10.3.3
Authorization Monitoring Process (AMP)
105
10.3.4
Cleanup Visitor Data (CLV)
105
10.3.5
Cleanup Utility (CLU)
106
10.3.6
Backup
107
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
6
en | Table of Contents
BIS 2.2 - Access Engine
11
MAC - Main Access Controller
108
11.1
Functions
108
11.1.1
Basic functions
108
11.1.2
Access Control functions
108
11.2
Data defintions
109
11.3
Operating the MAC
111
11.3.1
Startup
111
11.3.2
Shutdown
111
11.3.3
Warm start
112
11.3.4
Cold start
112
11.4
Process Control
113
11.5
The processes of the MAC
115
11.5.1
MAC-Process: Master
116
11.5.2
MAC-Process: Messenger
116
11.5.3
MAC-Process: System
117
11.5.4
MAC-Process: AC
117
11.5.5
MAC-Process: DMS
118
11.5.6
MAC-Process: LAC
119
11.5.7
MAC-Process: Info
120
12
Multi MAC Systems
121
12.1
Licence
121
12.2
Installation of an additional MAC
121
12.3
Parametrizing the additional MAC
121
12.4
Configuring additional MACs
121
13
Setting up Video Verification
123
14
Backup and Restore
135
14.1
Standalone-Server
135
14.1.1
Backup
135
14.1.2
Restore
136
14.2
Remote- and Login-Server
138
14.2.1
Backup
138
14.2.2
Restore
138
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Table of Contents | en
7
15
Troubleshooting
15.1
User administration
141
15.1.1
Dialog system of the Access Engine does not start
141
15.1.2
Login is denied
141
15.1.3
Empty Access Engine Internet Explorer
142
15.2
System settings
143
15.2.1
Change the timezone
143
15.2.2
Regional and Language Options
143
Index
146
Bosch Sicherheitssysteme GmbH
141
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
8
1
en | Introduction
BIS 2.2 - Access Engine
Introduction Starting with a rough overview of the system the following chapters will describe the installation of the access control system Access Engine, with its possible variations. This will enable the installer of the system to install and configure the system components according to his/her own needs and wishes.
Figure 1.1
Example configuration - initial setup
The following chapters will now take each of the above configuration elements in turn and explain their features, alternatives and options. F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Bosch Sicherheitssysteme GmbH
Introduction | en
Installation manual
9
F.01U.028.713 | V 2.2.0.1 | 2008.09
10
en | Upgrade
BIS 2.2 - Access Engine
2
Upgrade
2.1
Upgrade matrix BIS-Software without Access Engine: to from BIS 1.4.1 BIS 1.4.8 BIS 2.0 BIS 2.1
BIS 1.4.8
BIS 2.0
BIS 2.1
BIS 2.2
yes
yes yes
yes yes yes
no yes yes yes
Table 2.1 Upgrade matrix BIS without Access Engine
BIS-Software with Access Engine: to from BIS 1.4.1 (ACE >= 1.2.50) BIS 1.4.8 BIS 2.0 BIS 2.1
BIS 1.4.8
BIS 2.0
BIS 2.1
BIS 2.2
yes
no
no
no
yes
no yes
no no yes
Table 2.2 Upgrade matrix BIS with Access Engine
2.2
Upgrade from BIS 2.1 to BIS 2.2 You can upgrade your BIS system from version 2.1 to version 2.2 without deinstalling version 2.1.
!
CAUTION! Please exit the BIS system before begining the upgrade.
1.
Insert the BIS2.2 installation CD; the setup program starts automatically. You may also start the installation manually by invoking the application setup.exe on the CD.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
1.
Upgrade | en
11
Select the functions you wish to install as if you were installing from scratch. In this upgrade you may also add components which were not previously installed.
2.
The databases for the logs and access engine with their corresponding user data are located and displayed. Click Next if you do not wish to create any new databases.
CAUTION!
!
If you make changes to any of the entries on the following two dialogs then a new database will be installed. You previous data will be lost!
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
12
en | Upgrade
1.
BIS 2.2 - Access Engine
The chosen settings are summarized for confirmation.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Upgrade | en
13
Clicking Next will start the upgrade.
The Access Engine Database is also updated, as shown in the next screenshot
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
14
en | Upgrade
1.
BIS 2.2 - Access Engine
When you receive confirmation of a successful upgrade click Finish to end the process.
1.
A text file is shown detailing a number of mandatory post installation steps, including a reboot. Please print the file and carry out all steps as instructed.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Upgrade | en
15
All configuration and access control data are preserved. Upon starting the BIS Configuration browser and loading your configuration the access Engine database will have to be synchronized. Affirm the synchronization dialog in order to use your accustomed data and settings.
2.3
Updating Controller (LAC) Software The software upgrade to version 2.2 installs new programs which enable LACs to make use of new V2.2 functionality usable in access control. In order for the controllers to use the new software they may first need a firmware upgrade (Bootloader), therefore in order to prevent the controllers from automatically downloading the software from the MAC prematurely all configured LACs are set offline by the version2.2 upgrade process. Hence they initially have no connection with the MAC.
i
NOTICE! The controllers continue to work with the same settings, in order to ensure as smooth a transition as possible.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
16
en | Upgrade
BIS 2.2 - Access Engine
In the device editor on the first page/tab of the LACs you can view the de-/activation of the MAC-connection. The system manager can now decide whether, when and which LACs should be included in the new installation. To do this simply check the box Connection to MAC active on the first tab/page of each controller in the Device Editor, and then save the changes by clicking Apply. CAUTION! For each LAC activated a cold start needs to be performed, i.e. all data and programs are initially deleted and then restored and reloaded by the MAC.
!
The program is loaded very quickly but, in the case of high volumes and/or slow network connections, the loading of data can take up to 30 minutes. Until the LAC has received its local copy of the data, it needs to check all access requests with the MAC via the network. Hence delays need to be taken into account at the relevant entrances. Supplementary information regarding upgrades When the LAC-MAC connection is established the MAC first makes sure that the LAC’s bootloader is compatible with the new program. The bootloader changes much less often than the program, so this occurence is relatively rare. If not compatible the MAC first downloads a new bootloader to the LAC, then the updated program and finally the access data. After the MAC has downloaded the program the LAC is able to function by verifying data across the network with the MAC, with some cost to performance, until it has finished downloading its local copy of the data.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
3
Server installation | en
17
Server installation
Figure 3.1 System configuration - Management view
The Building Integration System (BIS) with its modules (Engines) is generally installed on one computer. When Access Engine is installed on the same computer as the BIS manager, this is termed a standalone system. It is also possible to install on multiple computers (i.e. a distributed system), where the BIS Manager runs on a so-called Login Server and the Access Engine on a separate computer with a network connection to the first. The second is termed a Remote Server.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
18
en | Server installation
3.1
BIS 2.2 - Access Engine
Standalone system The installation of a standalone system is described in the BIS2.1 installation guide. There you will find a detailed explanation of the setup of the computer and the inclusion/ exclusion of the components to be installed. The following components are functionally co-dependent and should selected from the feature selection dialog when installing BIS 2.2 with Access Engine: Under Login Server: Access EngineUnder Login Server: Door Controller. Under Connections: Card Personalization, an application found in the Tools menu, can be deactivated if the server is not to be used for the creation of access cards. It must however be installed on all workstations used for card creation.
3.2
Distributed system IIn order to install BIS with Access Engine on a distrubuted system it is necessary for all computers involved to be networked together. For instructions on setting up the network please conult the notes in the BIS 2.2 installation handbook.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Server installation | en
19
Figure 3.2 Servers in a distributed system
3.2.1
Login server
The Login Server is installed from the same CD as the standalone server. In the feature selection box however only the following features are selected.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
20
en | Server installation
Figure 3.3
BIS 2.2 - Access Engine
Selection of features for the Login Servers
If no other engines are to be installed besides the Access Engine then this is the only selected node under Login Server. NOTICE!
i
As long as no Connections for other engines are to be installed on the login server then the entire Connections node can be deactivated. On no account should Door Controller be one of the elements selected. The rest of the installation is identical to that of the Standalone Server.
3.2.2
Remote server
TThe installation of the Remote Server too is the same as that of other systems. The feature selection however is somewhat different.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Server installation | en
21
Figure 3.4 Feature selection for a Remote Server
Here it is essential that Door Controller be selected under the Connections node.
i 3.2.3
NOTICE! The entire Login Server node must be deselected.
Configuring a distributed system
In the Configuration Browser, which runs on the login server, the remote server is entered in the appropriate list in the Server Structure dialog.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
22
en | Server installation
BIS 2.2 - Access Engine
This entry will appear subsequently in the menu Connections. If Access Engine is not listed underneath the remote server then it will need to be added here. For more details on creating Connections please consult the online help for the Configuration Browser.
3.3
Server workstation The installation of the BIS system turns the server into a workstation where all applications and dialogs can be executed from the same computer, and where configuration of the
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Server installation | en
23
system software can be undertaken cf. Section 4.2 Setting up a configuration, Page 25. TThe pre-installed User Adminstrator can log onto the platform as soon as s/he has configured the Internet Explorer (cf. BIS Installation manual) and can then use the full functionality of the dialogs and the Access Engine applications. Only the user BIS requires additional adjustments in order to use Access Engine cf. Section 4.5 Setting up BIS user, Page 30. NOTICE!
i
The server workstation account is protected and can not be deleted or modified. Even if the server is not used as a workstation the account will still remain. Further details about creating administrative accounts can be found in Section 5 Setting up additional workstations, Page 33.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
24
en | System configuration
4
BIS 2.2 - Access Engine
System configuration The installed BIS software and its integrated engines cannot be used until the system has been configured. Configuration means adapting the system to a particular client’s environment individual requirements. It is possible create multiple different configurations, nevertheless only one can be activated, i.e. loaded, at any one time.
i 4.1
NOTICE! In the case of Access Engine, the configuration selected in the Configuration Browser must also be loaded so that the specific applications can be called.
Starting the Configuration Browser To create a system configuration or to modify an existing one, you must first start the Configuration Browser. To start the Browser proceed as follows: 1.
If the BIS Manager has not yet been started: –
Start the BIS Manager by double-clicking the desktop icon.
– 2.
Log in with your username and password.
On the System start/stop tab, click the Start button to the left-hand side of the Configuration Browser label
3.
A new window is opened for creating and reopening configurations. Select the configuration you require in the Recent configuration field by clicking the corresponding entry.
i
NOTICE! To create a new configuration, first carry out the steps described in Section 4.2 Setting up a configuration, Page 25. 1.
Another login dialog appears; log in with an Administrator username and password.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
System configuration | en
25
The Configuration Browser is started and can be used as far as the user’s authorization allows, to edit or view the current configuration.
4.2
Setting up a configuration With Access Engine there is a difference between the creation of an initial configuration and adding additional configurations.
4.2.1
Creating an initial configuration
Once the BIS software has been installed as described in the BIS installation manual, a client-specific configuration can be created using the Configuration Browser. Once the settings specified in this configuration have been made, the BIS system is ready for use and can be started. To create the first configuration proceed as follows: 1.
Make sure that the hardware dongle is plugged in.
2.
Start the BIS Manager by double-clicking its desktop icon.
3.
Log in with your username and password.
4.
Call the License page. –
The serial number and order number of the hardware dongle are displayed in the Dongle information field. You can call up this information again by clicking the Update button to make sure that the dongle is being read correctly.
–
The contents of the license file that is currently loaded are displayed in the License information list field. After the installation, this field does not generally contain any information. Click the Import button in the Import license file field to search for and import the directory containing the license file. The serial and order numbers displayed in the list field must match the specifications of the hardware dongle.
5.
Switch to the System start/stop page and click the Start button to the left of the Configuration Browser entry.
6.
The Recent configurations field in the configuration selection window of the Configuration Browser does not
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
26
en | System configuration
BIS 2.2 - Access Engine
yet contain any entries - therefore select the New configuration entry in the Configuration management field. 7.
Another dialog is opened offering a choice of pre-installed default configurations. –
Select the Access Engine entry in the Group field and
–
For the new configuration, you must first create a new
confirm with OK. folder in the Customer Configuration directory. Rename the folder as desired. –
When you confirm the new directory structure, the default values of the Access Engine configuration are copied into this folder.
–
Confirm the message that appears regarding the update of the version with Yes.
8.
Clicking a configuration in the Configuration Browser brings up the Operator logon window. Log on with the user data of the preinstalled Administrator user or the BIS user.
9.
Two messages appear regarding the synchronization of the platform; confirm both messages with Yes.
10. A message then appears telling you that the synchronization was successful; confirm this message with OK. NOTICE!
i
As this is the initial configuration of the system, it is automatically loaded. Later when multiple configurations exist they will need to be explicitly loaded using the Configuration Browser Load/save configuration tab. The Configuration Browser is opened initially displaying the standard License page in the Administration menu.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
1.
System configuration | en
27
Check the license file contents in the License dialog are correct. –
If these do not match the file imported in the BIS Manager, you can copy the imported file for the configuration using the Read button.
2.
Make sure that the correct login server is entered in the Server structure dialog (this applies mainly to distributed systems).
i 4.2.2
NOTICE! If you performed this setup using the user BIS then see also the instructions in Section 4.5 Setting up BIS user, Page 31.
Creating additional configurations
To create additional configurations proceed as follows: 1.
If the BIS Manager has not yet been started: –
Start the BIS Manager by double-clicking the desktop icon.
– 2.
Log in with your username and password.
On System start/stop tab, click the Start button to the left of the Configuration Browser entry (not the button marked BIS Server).
3.
Perform steps 6 to 9 from Section 4.2.1 Creating an initial configuration, Page 25.
NOTICE!
i
Unlike the setup of the initial configuration a loaded one already exists. However, since the configuration to be modified must be loaded (i.e. made current) in order to configure the Access Engine, an error message appears at this point.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
28
en | System configuration
Figure 4.1
1.
BIS 2.2 - Access Engine
Error message when the configuration is not loaded
Confirm both this message and the message that follows regarding the creation of placeholders with OK. A placeholder is a dummy configuration which supports connections but can not be edited. We will replace it in the following steps.
Figure 4.2
Message regarding the use of placeholders
1.
Close the Configuration Browser.
2.
Switch the current configurations as described in Section 4.3 Loading a configuration, Page 29 - however, respond with No when asked whether to start the system (i.e. the BIS Server component).
3.
Now restart the Configuration Browser on the System start/stop tab. –
In the blue configuration selection window click open current configuration to open it for editing.
–
Log on to the Configuration Browser.
–
Check the entries on the License and Server structure dialog pages as described in steps 11 and 12 in Section 4.2.1 Creating an initial configuration, Page 25.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
4.
System configuration | en
29
Switch to the Connections menu and select the Access Engine placeholder entry in the Explorer. –
Remove the Access Engine placeholder entry using the x button or the Remove command in the context menu (right-click on Access Engine).
–
Answer Yes to the confirmation prompt following the deletion.
–
Next select the server entry and click the + button or select the Add subsystem command in the context menu.
–
Select the Access Engine entry from the list in the Select new subsystem dialog and confirm the selection with OK.
5.
The synchronization messages and the completion message appear (see step 9 and 10 in Section 4.2.1 Creating an initial configuration, Page 25)
The Access Engine applications and dialogs can now be used.
4.3
Loading a configuration Only one of the configurations you have created can run in the BIS be loaded at a time. To swap/exchange configurations proceed as follows: 1.
If the BIS Manager has not yet been started: –
Start the BIS Manager by double-clicking the desktop icon.
–
Log in with your username and password.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
30
en | System configuration
2.
BIS 2.2 - Access Engine
In the BIS Manager switch to the Load/Save configuration page. –
In the Load new configuration field click the ellipsis button (…) and select the directory with the new configuration.
–
Check that the paths in the Configuration display field are correct and press the Load button beneath.
–
Confirm the confirmation prompt about the
–
Answer Yes to the question regarding the system (BIS
configuration change with Yes. Server component) start.
i
NOTICE! If the BIS Manager is already running with a configuration, the question regarding the system start is omitted and the configuration change starts immediately. While changing the configuration change a progress dialog is shown, followed by confirmation of completion. 1.
Close the confirmation of completion by clicking the Close button.
i 4.4
NOTICE! If the platform has been started on a workstation, any BIS user who is logged on will be automatically logged off with a message informing him of the configuration change.
Copying configuration changes If the changes were made when the BIS Server was not running, then the changes just need to be saved using the Apply buttons in the Configuration Browser dialogs. The current settings will be loaded automatically when the system is started. However, if changes are made while the system is running, these do not come into effect until the changed configuration is reloaded. To load a changed configuration follow steps 2 and 3 in Section 4.3 Loading a configuration, Page 29.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
4.5
System configuration | en
31
Setting up BIS user During the system installation, the users Administrator and BIS are created. Both users automatically receive full privileges for the BIS platform, the Access Engine dialogs and the server workstation.
i 4.6
NOTICE! The functionality of the preinstalled profiles is explained in Section 6.4.1 User with Administrator profile, Page 60.
Further Settings In the BIS Configuration Browser Menu Infrastructure you will find a number of Access Engine applications for the special access control settings.
4.6.1
Definition of Custom fields
Up to ten extra text fields (Custom fields) can be defined to appear on the various tabs of the Persons dialog. The following points should be noted: Each field can appear on only one tab. Each field can appear on any tab. All fields can appear together on any tab. All fields can be moved to a different tabs, by changing the tab assignment in the “Display in section� column of the Custom fields screen. The field label can be freely defined. The field label can be up to 20 characters long. The fields themselves can contain any text. The field text can be up to 40 characters long. All fields can be defined as obligatory (required input). Custom fields are displayed in the same order as defined. If a field definition is skipped then no gap is left in the persons dialog. However if that field is later defined it will be displayed at its original position and hence push the fields after it back by one position.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
32
en | System configuration
4.6.2
BIS 2.2 - Access Engine
PIN Code Settings
These configuration settings refer to the permitted number of mistyped attempts. the minimum length of the PIN
4.6.3
Card encoding
The reader parameter Check membership only values can be set in the device editor. If set then only the company data on the badge are checked against the stored values. Up to four different company codes can be stored. This setting allows employees from different branch offices access at the specified readers’ entrances, even if their personal card data are not stored locally.
4.6.4
Card readers at Access Engine workstations
Each workstation is configured to allow searches for or capture of personnel data based on the manual entry of a card number. These workstations can also be equipped with card readers which allow faster data capture and entry. Card readers with a serial or USB interfaces are suitable for the purpose. For USB readers virtual COM ports need to be configured.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
5
Setting up additional workstations | en
33
Setting up additional workstations In addition to the preinstalled server workstation (login server) further workstations can be installed on which it will be possible to run the BIS platform and the Access Engine . These can be any computers in the network (for distributed systems see Section 2.2 Distributed system, Page 23), or the remote server. If that there are no extensions then up to five workstations can be installed for the Access Engine.
i 5.1 5.1.1
NOTICE! With distributed systems, the login server is always listed under the "trusted sites".
General Settings Installation at a workstation
Please consult the general BIS installation manual for software installation and settings for Internet Explorer. This information is also valid for Access Engine workstations.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
34
en | Setting up additional workstations
Figure 5.1
BIS 2.2 - Access Engine
System overview with additional workstations
If you wish to install this workstation for special tasks (e.g. card personalization), please see the instructions in Section 7 Setting up Card Personalization, Page 14.
5.1.2
Setting up the Configuration Browser
For the Access Engine dialogs to be executed on a workstation, they must be entered specially in the Configuration Browser. 1.
To do this, start the Configuration Browser as described in Section 4.1 Starting the Configuration Browser, Page 24.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
2.
Setting up additional workstations | en
35
In the Administration menu switch to the ACE Workstations dialog. –
Select the node DMS in the explorer of this dialog.
–
Add a new entry by clicking the + button above the list field.
–
Enter the DHCP name and/or the IP address of the new workstation.
–
i
Save your entries by clicking the Apply button.
NOTICE! When created each new workstation receives the default profile WP-Administrator which allows use of all dialogs on the workstation. If you would like to assign a different (non-default) user profile to this workstation please proceed as follows: Change to the dialog ACE Workstation Rights. –
Select the new workstation in the upper list window
–
Remove thecurrently assigned profile from the workstation by double-clicking on it in the left column.
–
Assign at least one of the available profiles by doubleclicking on it in the right hand column, or selecting the desired profile and clicking the < button.
i 5.1.3
NOTICE! For information about the functionality and the installation of additional profiles, see Section 6.2 User and workstation profiles, Page 49.
Configuring Internet Explorer
Internet Explorer needs to be configured for each new workstation. This is begun by right clicking on the IE desktop icon and selecting Properties, or, in an open Internet explorer, clicking Internet options in the tools menu.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
36
en | Setting up additional workstations
Figure 5.2
BIS 2.2 - Access Engine
Internet Explorer - Properties: General tab
Enter the name of the login server as home page.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Setting up additional workstations | en
37
Figure 5.3 Internet Explorer - Properties Security
Change to the Security tab. In the upper window click Trusted Sites and then the Sites button.
Figure 5.4 Internet Explorer - Properties: Trusted Sites
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
38
en | Setting up additional workstations
BIS 2.2 - Access Engine
Uncheck the box Require Server verification for all sites in this Zone ... amd create the following entries using the upper text box: http://<Name of the Login Server> http://localhost Save each entry from the upper text box by clicking Add and finally confirm your entries by clicking OK. Back on the Security tab click the button Custom Level...
Figure 5.5
Internet Explorer - Properties: Security Settings
In the security settings enable all ActiveX settings and confirm both this window and the security check with OK. Restart Internet Explorer so that it displays the new home page.
5.1.4
Connecting a dialog reader
A dialog reader can be used for checking cards and searching for data records. In addition to the manual entry of the card number, the dialog reader can capture card data for faster searches.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Setting up additional workstations | en
39
Readers with serial interface Dialog readers are generally special readers with an RS232 interface meaning they can be connected to any workstation as follows: Connect the dialog reader to a free COM port on the workstation using an RS232 cable. For readers with their own address setting, set the reader address to "1". Readers with USB interface 1.
Start the Configuration Browser as described in Section 4.1 Starting the Configuration Browser, Page 24.
2.
In the Infrastructure menu switch to the ACE dialog reader dialog. –
from the left-hand list select the workstation to which the dialog reader has been connected .
i
NOTICE! If you can not see the workstation in this list field, first create the workstation as described in Section 4 Setting up the Configuration Browser, Page 6. –
Select the connected reader type in the Reader type list field.
–
Change the default entry in the COM port field according to the selected interface.
–
If necessary, change the default parameters according to the manufacturer's instructions for the dialog reader.
i
NOTICE! You can reset parameter definitions back to the default values at any time by clicking the Default values button.
in order to use the card reader to capture and search for personnel data you will need to change the default setting from manual input. In Access Engine > Personnel Data > Persons click the u button to the right Reader button and select the Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
40
en | Setting up additional workstations
BIS 2.2 - Access Engine
appropriate reader. The same button is also vailable in other Personnel Data dialogs such as Print Badge, Cards, PIN Code, Blocking, Blacklist and Areas. NOTICE!
i
As reader-based data searches require the physical presence of the card at the workstation, which though fast is not always feasible, it is still possible at all workstations to search on manually input card data.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
5.2
Setting up additional workstations | en
41
Setting up Card Personalization
5.2.1
Software
Install the Card Personalization program from the BIS installation CD. This need be done only on those individual computers which you intend to use for creating ID cards.
i
NOTICE! Donâ&#x20AC;&#x2122;t start the BIS setup for a workstation installation, but open the tool BISACECardPersonalization.exe on the CDfolder \BIS\Tools.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
42
en | Setting up additional workstations
5.2.2
BIS 2.2 - Access Engine
Hardware
Before they can be used for creating ID cards, cameras and badge printers need to be installed with their respective drivers as provided by the manufacturers. After thus installing and connecting the devices they should be configured using the Card Personalization dialog. Invoke ACE Configuration Card Personalization from the tools menu of the Configuration Browser. Cameras are configured on the Video tab and badge printers on the Print tab.
5.2.3
Creating Badge Layouts
Badge layouts can only be created using the corresponding Configuration Browser application on the server. This is available at all workstations where the Access Engine dialog Print Badges is enabled. 1.
Start the Configuration Browser as described in
2.
Switch to the Tools menu and invoke the application dialog
Section 4.1 Starting the Configuration Browser, Page 24 ACE Badge Designer –
To start the application itself click button Badge Designer
–
The button New invokes a menu with predefined card layouts. Choose the layout which fits your requirements and click OK.
–
Create the new card layout in accordance with your company standards.
NOTICE!
i
You can create any number of layouts in order to distinguish between, for example, employees and visitors and their respective access rights. For help with layout and formating please consult the application’s own online help. –
Save the layouts you have created under descriptive names which will mean something to those eventually responsible for creating badges.
–
In order for the layouts to become accessible to other workstations they will need to be published (File >
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Setting up additional workstations | en
43
Release Card). This process copies the layouts to the directory <InstallDrive>:\MgtS\AccessEngine\CP\Layouts
NOTICE!
i
The strict separation between saving a layout and releasing it for general use enables you safely to store half-finished or prototype layouts for later editing, without fear that they will inadvertently be used.
5.2.4
Printing Badges
In order to print a badge please proceed as follows: 1.
Open Access Engine > Personnel Data > Print Badges
2.
Select the personnel data for which the badge should be printed.
3.
Select the required layout from the combo-box Layout.
4.
If no picture is yet available for this person, but required for the badge, then you can photograph, imnport or scan a picture at this point. Please refer to the ACE Card Personalization programâ&#x20AC;&#x2122;s own online help if further assistance is required.
5.
Click the button Print. â&#x20AC;&#x201C;
Check the correctness of the data in the preview before printing.
i
NOTICE! If the preview is not satisfactory please close the dialog.
All options belonging to badges, like picture import or scanning, selecting layouts, and so on, can only be done with a running card personalization program. Therefore it is installed as an automatically starting tool. Console Window After logon a console window is displayed for a short duration during the starting process. If the card personalization program
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
44
en | Setting up additional workstations
BIS 2.2 - Access Engine
has started, the console window will be closed and a systray icon appears.
Via the context menu (right mouse click) of this icon the console window can be opened again.
After starting and before any action was execute the console window shows the successfully started processes and a short help to enter commands.
i
NOTICE! If you close the console window using the X button of the title bar insted of the command I, the program will be ended.
Manual Program Start Every time you made changes in the configuration dialog and you have end the program using the End program option in the context menu or the command X in the console window you F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Setting up additional workstations | en
45
have to start it manually. Therefore you can double clicking on the SfmApp-4.exe entry in the folder: \\runtime-drive\MgtS\Access Engine\CP\BIN If the program isn't up, you cannot execute any function of the Print Badges dialog in the Access Engine System. Calling up this dialog a message box appears to give a hint of the not running program.
Calling up the Configuration Dialog It is a difference for calling up the configuration dialog between BIS-Server BIS-Server (Standalone- or Login-Server) and other servers and workstations. (Standalone- or Login-Server): Here you should use the ACE Configuration Card Personalization dialog in the Tools menu of the Configuration Browser. Every other PCin the BIS-System: Missing a Configuration Browser on these computers you can call up the Configuration dialog with two methods: â&#x20AC;&#x201C;
Open the context menu (right mouse click) of the systray icon and choose the Show console window function. Enter C to enable a command line and then sfm cfg, finally confirm the input with the ENTER key.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
46
en | Setting up additional workstations
–
BIS 2.2 - Access Engine
Double clicking on the SfmCfgApp.exe entry in the folder \\runtime-drive\MgtS\Access Engine\CP\BIN
5.2.5
Creating card layouts
Card layouts can only be created using the relevant application in the Configuration Browser on the server. These are available at all workstations that can execute the Access Engine Print card dialog. 1.
Start the Configuration Browser as described in Section 4.1 Starting the Configuration Browser, Page 24.
2.
Switch to the Tools menu and call the application dialog ACE .... –
To start the actual application click the ... button in
–
A selection dialog with predefined card formats opens
the dialog field. when you click the New button. Select the format you require and confirm your choice. –
Create the card layout in accordance with your company requirements.
NOTICE!
i
You can create any number of card layouts and therefore, for example, make a distinction between staff and visitor cards or mark different access right levels by special characteristics. See the online help for this application for more information regarding the formatting and design of layouts.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
â&#x20AC;&#x201C;
Setting up additional workstations | en
47
Save the created layouts using names that everyone will understand - your colleagues should be able to work with these names too.
â&#x20AC;&#x201C;
In order for the layouts to be available on the workstations, they must be released. When you release them, they are copied to the directory Drive:\MgtS\AccessEngine\....
i 5.2.6
NOTICE! Having two separate functions for saving and releasing layouts means that you can create samples and drafts and keep working on them without them being used in the system.
Creating cards
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
48
6
en | User administration
BIS 2.2 - Access Engine
User administration User administration for the Access Engine controls the access rights of the workstation users via profiles that define the use of certain dialogs and programs as well as the scope of data processing. Profiles can be created and changed individually for each user or can be assigned to a group of users with the same areas of activity. At least one profile must be assigned to a user, so that he can log on to workstations. Workstations also have profiles.These define among other things which profile a user must have to be able to log on the particular workstation. The functionality of user and workstation profiles is illsutrated in the following sections before the creation of new users is described on the basis of certain configurations. The scenarios reflect certain configurations and conditions. Look for the relevant case for your current problem to apply it to your special situation - for example, if you do not need any new profiles but want to create new users, follow the steps of the example in Section 7 Creating new Access Engine users, Page 15. The following dialogs are available in the Administration menu urof the BIS Configuration Browser in order to set up user and worstation rights: Authorizations
For setting general user
Operators
authorizations in BIS. For setting up BIS users and seperate
ACE User Profiles
rights for Access Engine. For setting editing rights for Access
ACE Workstation
Engine dialogs. For hiding or revealing dialog displays
profiles at workstations. ACE Workstation rights For assigning users and workstation ACE Workstations
profiles to specific workstations. For setting up new workstations fot Access Engine.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
6.1
User administration | en
49
Standard users The installation process creates standard users Administrator and BIS. These have full editing rights for the Building Integration System and Access Engine and can log in at any of the workstations (even at those added later) as long as the standard settings governing this have not been changed cf. Section 5.1.2 Setting up the Configuration Browser. As with any newly added user these predefined users receive an initial password identical to the username. CAUTION! These standard users are not customer specific but are
!
installed as described here on all systems. This represents a potential security risk. We therefore recommend that the passwords be changed the first time the accounts are used.
6.2
User and workstation profiles
6.2.1
Setting up user profiles 1.
Start the Configuration Browser as described in
Section 4.1 Starting the Configuration Browser, Page 24. 2.
In the Administration menu switch to the ACE User Profiles dialog.
3.
Create a new profile by ... –
... giving the profile a unique name descriptive of its rights or restrictions, or use the Description field.
–
In the list field select the dialogs and applications that are to be activated for the profile - here you can shiftclick to make multiple selections.
–
Set the default entries for a column from No to Yes by pressing the spacebar.
NOTICE!
i
In order to activate a dialog (indented entry) for a user profile it is necessary to activate the menu it belongs to. Otherwise the dialog, though activated, is not displayed to the user, and hence not usable.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
50
en | User administration
â&#x20AC;&#x201C;
BIS 2.2 - Access Engine
To move to the next column while keeping the same selection use the right arrow key.
NOTICE!
i
The individual column entries have the following meaning: View: The dialog is displayed and the data can be selected. Change: The user has the right to change existing data records. Add: The user has the right to create new data. Delete: The user has the right to delete data records.
i
NOTICE! The activation of the columns Change, Add and Delete requires the activation of the View column. Data records can only be edited if dialog view and data selection are also allowed. â&#x20AC;&#x201C;
Save the profile by clicking the Apply button at the bottom right of the dialog.
For more information, see the online help for the Configuration Browser.
Examples: UP-Administrator: Contains all rights for all Access Engine applications. NOTICE!
i
The UP-Administrator profile is preinstalled and its rights cannot be modified. However, it can be assigned to any user and any workstation profile.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
User administration | en
51
User profile B: Contains the rights for the personal data dialogs that are required for card personalization: –
Persons
–
Companies
–
Print card
–
Cards
–
PIN code
User profile C: Contains the rights for the visitor dialogs. User profile D: Contains the rights for the dialogs in the System data menu.
User profiles and their rights
i 6.2.2
NOTICE! Setting up user profiles can limit the availability of dialogs and applications so that users only see the dialogs that they actually need to use.
Setting up workstation profiles 1.
Start the Configuration Browser as described in
Section 4.1 Starting the Configuration Browser, Page 24. 2.
In the Administration menu switch to the ACE Workstation Profiles dialog.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
52
en | User administration
3.
BIS 2.2 - Access Engine
Create a new profile by ... –
... giving the profile a unique name - try to describe the rights or restrictions contained in the name or use the Description field.
–
In the list field select the dialogs and applications that are to be activated for the profile - here you can shiftclick to make multiple selections.
–
Set the default entries of the columns from No to Yes by pressing the spacebar.
NOTICE!
i
In order to activate a dialog (indented entry) for a user profile it is necessary to activate the menu it belongs to. Otherwise the dialog, though activated, is not displayed, and hence not usable.
i
NOTICE! With workstation profiles, activation only refers to their display. Editing rights are controlled exclusively in the user profiles.
–
Assign at least one user profile to the workstation
–
Save the profile by clicking the Apply button at the
profile. Also see Section 6 How profiles work, Page 12. bottom right of the dialog. CAUTION! The preinstalled WP-server profile must be adapted to the
!
individual requirements - it cannot be used with its default settings, as these contains no rights at all. We recommend that you configure it with all rights, so that every user sees the full range of dialogs on the server workstation.
For more information, see the online help for the Configuration Browser.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
User administration | en
53
Examples: WP-Administrator:
Contains all rights for all Access Engine dialogs and applications. WP-Server: Preinstalled workstation profile with no viewing rights. NOTICE! The workstation profiles WP-Administrator and WP-Server are
i
preinstalled. The UP-Administrator user profile is already assigned to the WP-Administrator; this setting cannot be changed. Whereas the WP-Administrator profile cannot be changed, the execution rights and user profile assignments for the WP-Server profile can be freely assigned. Workstation profile XXX: All Internet Explorer dialogs can be called. Workstation profile YYY: Only the dialogs in the Visitor menu can be executed. Any user profile can be assigned to any workstation profile with the exception of the WP-Administrator profile, which cannot be changed. This resulting possibilities are shown in Figure .
i
NOTICE! For the restrictions and peculiarities that may be caused by assignments, see the comments in Section 6 How profiles work, Page 12.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
54
en | User administration
BIS 2.2 - Access Engine
Workstation profiles and possible user profile assignments
6.2.3
How profiles work
Each user can be assigned one or more user profiles. Similarly each workstation can be assigned any number of workstation
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
User administration | en
55
profiles. The rights in user profiles are cumulative, and the rights in workstation profiles are also cumulative. However when a user sits at a workstation he has only those of his user rights which are also allowed by the workstationâ&#x20AC;&#x2122;s profiles. i.e. only the intersection of the two rights packages.
i
NOTICE! If the two rights packages do not overlap at all then, even if a user has the right to log on to a particular workstation, s/he will not see any dialogs or applications, and hence cannot use them. Regarding the examples above the following peculiarities should be noted: WP-Administrator: Both this workstation profile and its assigned user profile (= UP-Administrator) contain the execution rights for all dialogs and applications in Access Engine. A user who has been assigned the UP-Administrator profile can therefore execute all dialogs and applications fully on each workstation with the WP-Administrator profile. WP-Server: All user profiles can be assigned to this workstation profile. However, the user of the UP-Administrator profile only receives full execution rights if the WP-Server profile also enables all dialogs and applications. All other user profiles (B to D) can use only those dialogs for which they are authorized, provided that the WP-Server profile does not have any additional restrictions. NOTICE! In practice, restrictions regarding the execution of dialogs and
i
applications are generally controlled using specific user profiles. In this case, the WP-Server profile is installed with all rights and is assigned to all workstations. Every user has their full range of dialogs on any workstation that they can log onto.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
56
en | User administration
BIS 2.2 - Access Engine
Assignment of the default profiles to workstations Workstation profile XXX: (cf. Figure ) All users with user profiles B, C or D (or combination) receive the execution rights for dialogs in accordance with their profiles. Only users with the UPAdministrator profile cannot execute any applications of the Configuration Browser. NOTICE!
i
This restriction could sometimes be useful, since the applications of the Configuration Browser can only be executed on the server workstation and on this workstation the user with the UP-Administrator profile has protected access rights.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
User administration | en
57
Workstation profile YYY: (cf. Figure ) Users with user profiles B and D will not see any dialogs on workstations with this workstation profile, since the rights of their user profiles and the workstation profile do not overlap. Only users with the UPAdministrator profile or profile C will be able to execute the dialogs in the Visitor menu. NOTICE! In special cases, it may be necessary to prevent the execution of certain dialogs on certain workstations, for example, for
i
workstations in porter's offices, where there is potential for abuse by unauthorized persons. In these cases, a workstation profile with restricted rights is created and assigned to the workstation. All users - including the administrator - can only execute the dialogs in the workstation profile.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
58
en | User administration
BIS 2.2 - Access Engine
Overview of the assignment options for workstation profiles
6.3
Creating new Access Engine users The Configuration Browser is used to create new users for any workstations. To do this, the steps are as follows:
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
1.
User administration | en
59
Start the Configuration Browser as described in Section 4.1 Starting the Configuration Browser, Page 24.
2.
In the Configuration Browser select the Operators entry in the Administration menu. –
Create a new entry in the left-hand list field by clicking
–
Rename the default entry - when issuing the name,
the + symbol above the list. note that the user’s default password is exactly the same as his/her username. –
Assign user rights for the BIS platform to the new user on the General operator settings dialog tab.
NOTICE!
i
Newly created users automatically receive user profile UPAdministrator. This user profile has full viewing and editing rights at all workstations. Hence the default setting for a new user is to have all rights at all workstations. If, instead of this default profile UP Administrator, you wish to assign a different profile to this workstation then go to the On the ACE operator settings tab and proceed as follows: –
Remove the default user profile assigned to him (left hand list)
assign at least one of the available profiles by double-clicking an entry on the right or selecting it and clicking the < button. The user can now log on to all workstations that have a workstation profile with one of these user profiles. CAUTION!
!
The fact that new users’ passwords are, by default, initially the same as their usernames is a potential security risk. For this reason we recommend that the passwords be changed at first login. In the sections that follow, the setup of users is described in more detail using concrete examples.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
60
en | User administration
BIS 2.2 - Access Engine
6.4
Users of a server workstation
6.4.1
User with Administrator profile
Due to the preinstalled setup and assignment of the UP- and WP-Administrator profiles to the server workstation, new users can only access the Access Engine dialogs and applications if they are assigned the UP-Administrator profile. To do this, execute the steps described in Section 7 Creating new Access Engine users, Page 15.
New user with Administrator profile for the server workstation
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
6.4.2
User administration | en
61
User with new profile
If you do not want users to be able to execute all dialogs and applications on the server workstation, this can be achieved by assigning new user profiles with reduced rights to the modifiable WP-Server workstation profile. 1.
To do this, first create a new profile by executing the steps described in Section 4 Setting up user profiles, Page 5.
2.
Then switch to the ACE workstation profile dialog and select the WP-Server profile. –
If this profile does not yet have any rights, select the desired dialogs and applications - also see steps 3 b and c in Section 5 Setting up workstation profiles.
–
Assign the new user profile to the WP-Server workstation profile.
–
Save your entries by clicking the Apply button.
Since the WP-Server workstation profile is already assigned to the server workstation, the new user has access to dialogs and applications of the Access Engine in accordance with the rights of his/her user profile.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
62
en | User administration
BIS 2.2 - Access Engine
New user with new user profile for the server workstation
6.5
Users of other workstations
6.5.1
Existing user on new workstation 1.
To create a new workstation, proceed as described in Section 5.1.2 Setting up the Configuration Browser, Page 34.
2.
In the Configuration Browser dialogs ACE workstation profiles and Operators check that at least one of the user profiles belongs to both the relevant user and to the workstation profile that you have assigned to the new workstation.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
User administration | en
63
Assignment of workstation profiles to a new workstation
6.5.2
New user on existing workstation 1.
To create a new user, proceed as described in
Section 7 Creating new Access Engine users, Page 15. 2.
In the Configuration Browser dialogs ACE workstation profiles and ACE workstation rights check that at least one of the user profiles is assigned to the workstation profile that has been assigned to the workstation.
Figure also shows this assignment.
6.5.3
New user on new workstation 1.
To create a new user, proceed as described in
Section 7 Creating new Access Engine users, Page 15. Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
64
en | User administration
2.
BIS 2.2 - Access Engine
To create a new workstation, proceed as described in Section 5.1.2 Setting up the Configuration Browser, Page 34.
3.
Make sure that at least one of the user profiles that belongs to the new workstation via the workstation profiles is assigned to the new user - to do so, check the settings in the ACE workstation profile dialog.
Figure also shows this assignment.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
7
Connecting the controllers | en
65
Connecting the controllers This chapter describes the connection variants for controllers. With distributed systems (see Section 2.2 Distributed system, Page 23), the controller is connected to the remote or connection server.
7.1
General The AMC2 4W controller will be connected to the host system via Ethernet, only.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
66
en | Connecting the controllers
7.1.1
BIS 2.2 - Access Engine
Creating the controllers in the device editor
Configuration is performed in the Configuration Browser. Start the Configuration Browser as described in Section 4.1 Starting the Configuration Browser, Page 24. 1.
In the Connections menu, open the device data editor by clicking the Access Engine explorer entry. A controller can only be created directly under the MAC node.
1.
Once you have selected the MAC entry, select the New Object option in the context menu (right mouse button) and click the New button in the dialog toolbar.
2.
Select an controller from the list.
3.
Enter the connection parameters for the controller in the relevant fields - for more information, see the online help for the Access Engine configuration.
NOTICE! In principle, you can give the controllers any name you want
i
and can use the default values of the device editor as well. However, you should always be able to identify the controllers, therefore we recommend names that clearly indicate the controllerâ&#x20AC;&#x2122;s location and usage (e.g. Elevator 1 in Building 2, or Parking lot west) .
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
7.2
Connecting the controllers | en
67
Ethernet 1.
Set up the the AMC as described in Section 3 Creating the controllers in the device editor, Page 5.
2.
Select UDP as the interface type.
3.
Enter the IP address of the AMC as the host name.
NOTICE!
i
To allocate the IP address and the name, use the application AmcIpConfig.exe , which can be started from <InstallationDisk>\MgtS\Access Engine\AC\Bin and can be executed from any computer in the network.
7.3
I/O - Extension boards The AMC2 8I-8O-EXT and AMC2 16I-16O-EXT extension boards can be connected to the associated only via RS485.
7.3.1
Hardware installation 1.
Connect the 6-pole RS485 extension interface of the AMC
(S1) to the same interface on the extension board. â&#x20AC;&#x201C;
If the extension board is supplied with voltage via the AMC, then the supply lines (1 and 2) must be connected in addition to the data lines.
â&#x20AC;&#x201C;
If the extension board is to be supplied by a separate power supply , only the data lines from the AMC need to be connected. The power is supplied via the 7-wire interface of the extension board.
2.
Open the casing of the extension board and set the address switch to the desired address. Extension boards can have addresses 1 to 3.
7.3.2
Software configuration
The hardware installation stipulates that the extension board be created below the respective AMC.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
68
en | Connecting the controllers
1.
BIS 2.2 - Access Engine
In the device data editor (Configuration Browser > Connections > Access Engine) select the respective AMC in the explorer (left). –
Open the context menu (right mouse button) and select the New Object entry.
–
Another selection list opens. In this list select the New
–
There now appears a dialog for selecting the required
Extension Board entry. extension board . Using the Type column, you can choose between 8 and 16 I/O boards. Up to three of these extensions can be connected to one AMC. A combination of 8 and 16 I/O boards is possible. NOTICE!
i
The addresses of the extension boards (1 to 3) are allocated based on the order in which you created them. When creating the boards, remember that the addresses may need to be aligned with the addresses set in the hardware (cf. Hardware installation of the extension boards).
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Connecting readers and doors | en
8
Connecting readers and doors
8.1
Readers for AMC2
69
Up to four readers with Wiegand interface can be connected to an AMC2. However, it is possible that when selecting certain door models or installing additional signals some reader slots remain unused, as they cannot be technically configured any more.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
70
en | Connecting readers and doors
BIS 2.2 - Access Engine
The following table provides an overview of the readers that can
X X X X
ARD-RK40-AMC01
X X X X
ARD-R40
X X X X
ARD-R30
X X X X
WIE1 WIE1 WIE1 WIE1K WIE1 WIE1 WIE1 WIE1K
ARD-R10
ARD-ProxPointPlus ARD-MiniProx ARD-Prox80 ARD-EntryProx ARD-R10 ARD-R30 ARD-R40 ARD-RK40-AMC01
ARD-EntryProx
data editor
ARD-Prox80
the device
ARD-MiniProx
Catalog description Selection in
ARD-ProxPointPlus
currently be connected and their possible combinations.
X X X X
X X X X
X X X X
X X X X
Table 8.1 Overview of Wiegand readers
8.2
Interface allocations When setting up an access control system, it does not matter in which order the software-technical and hardware-technical configuration are performed. However, it is important that the person who carries out the initial work documents and passes on the relevant information.
8.2.1
Printout of the configuration data
If the configuration is created via the device data editor first, for example, the engineer who will later install the devices must be informed which devices are to be connected to which interfaces.The system configurator can print out the configuration and the connection allocation on the signal page of each controller. These information pages contain the following statements:
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
1.
2.
3.
Connecting readers and doors | en
71
Controller –
Name, description
–
Interface type
–
Set connection parameter
Reader –
Designation for the reader interface
–
Reader name
–
Entrance to which the reader belongs
Signals –
Signal number
–
Entrance for which the signal was configured
–
Sorting after input and output signals
–
Signal designation
–
Interfaces and used contacts of this interface
AMC_4W Data sheet Device information: Name:
AMC 4-W-3
Description:
AMC
Interface type:
COM
Local port:
0
Bus number:
3
Remote port:
10001
Program:
LCMV3702.RUN
Reader: Connector
Reader
Entrance
S5
Reader-P 1 IN
Parking-1 IN
S9
Reader-P 1 OUT
Parking-1 OUT
S13 S17
Signals: Signal
Entrance
Exit signal
Entrance
Input signal
0
0
Parking-1 IN
Contact restoral (S3; 1,2,3)
Parking-1 IN
Door Contact (S4; 1,2)
0
1
Parking-1 IN
Door is permanent open (S2; 1,2,3)
Parking-1 IN
Door strike (S4; 3,4)
0
2
Parking-1 IN
Stoplight green (S7; 1,2,3)
Parking-1 IN
Passage locked (S8; 1,2)
0
3
Parking-1 IN
Alarm suppression (S6; 1,2,3)
Parking-1 IN
Passage completed (S8; 3,4)
0
4
Parking-1 OUT
Contact restoral (S11; 1,2,3)
Parking-1 OUT
Door Contact (S12; 1,2)
0
5
Parking-1 OUT
Door is permanent open (S10; 1,2,3)
Parking-1 OUT
Door strike (S12; 3,4)
0
6
Parking-1 OUT
Stoplight green
Parking-1 OUT
Passage locked
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
72
en | Connecting readers and doors
8.2.2
BIS 2.2 - Access Engine
Installation documentation
If the devices are installed first, however, which will normally be the case, the wiring carried out must be documented and communicated to the system configurator. The following plan can be used for the declaration of the selected interfaces - use the S-identifications, which uniquely identify the connectors.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
9
Setting System Parameters with SPEdit | en
73
Setting System Parameters with SPEdit The default Access Engine system settings will satisfy most customer requirements. Nevertheless it may be desirable in some cases to change the default settings above and beyond that which can be customized in the BIS Configuration Browser. For this pupose Access Engine provides the ACE System Parameter Editor (SPEdit), which makes Windows registry changes for the Access Engine application.
9.1
Starting the SPEdit You can only start SPEdit from the BIS Configuration Browser. 1.
In BIS Manager, click the Start button beside Configuration Browser on the first tab.
2.
Click on one of the following entries: â&#x20AC;&#x201C;
In the field Recent configurations choose the desired entry.
â&#x20AC;&#x201C;
In the field Configuration management click on Open a configuration if you want to browse for it or on Open current configuration if you want to see the currently used parameters.
3.
Login to Configuration Browser.
4.
Select the Tools menu.
5.
Select the ACE System Parameter Editor entry in the top left window.
6.
Click the System Parameter Editor button to open the program.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
74
en | Setting System Parameters with SPEdit
1.
BIS 2.2 - Access Engine
Load the registry file for the workstation of your choice: File > Load...
There follows a list of some of the settings which can be made in this editor. Full descriptions are available SPEditâ&#x20AC;&#x2122;s online help function.
9.2
Display the Last Access in the Status Bar The status bar in the persons dialogs can also show the date and time of the last access of the selected person. This feature can be activated via the system parameter ShowLastAccess beneath the topic DlgMgr.
9.3
Listbox or Search Dialog for Companies In order to select the names of companies in the personnel dialogs a search applet can be invoked by clicking the button labeled with an elipsis (three dots) next to the company text field. If the number of companies listed in the system is small then a more comfortable alternative would be a combo box. The setting can be switched to combo-box by setting the parameter PersData > StyleManyCompanies to false.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
9.4
Setting System Parameters with SPEdit | en
75
Making Company a required field Depending on customer demands the assigning of a company to a person can be made required. The field description will marked accordingly with an underlined label. Therefore the system parameter CompanyRequired of the topic PersData must get the value true.
9.5
Toolbar of the Reports Preview The buttons of the toolbar of the reports preview can individually be configured. The topic Crystal includes the system parameters to enable or disable the functions. Parameter
Description
CanDrillDown
activates a vertical scroll bar
HasCancelButton
not used
HasClosedButton
shows the button to exit the preview -
HasExportButton
activates the button to export the data -
HasGroupTree
activates the button to display an explorer -
HasLaunchButton
not used
HasNavigationControls
activates the arrow buttons to navigate to other pages -
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
76
en | Setting System Parameters with SPEdit
BIS 2.2 - Access Engine
Parameter
Description
HasPrintButton
activates the button to print the preview -
HasPrintSetupButton
activates the button to choose an other printer -
HasProgressControls
shows the number of the selected data â&#x20AC;&#x201C;
HasRefreshButton
activates the button to actualize the preview results -
HasSearchButton
activates the button and input field of the search criteria -
HasZoomControl
activates the zoom control -
ShowDocumentTips
without any function
ShowToolbarTips
activates the tooltip of the toolbar buttons
9.6
Valid-From Date for Authorizations When authorizations are assigned the valid-from date is set to the current date by default, so that the authorization becomes valid immediately. It is possible to set authorization from a
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Setting System Parameters with SPEdit | en
77
future date, but the standard installation does not allow an authorization to be backdated (i.e. to start in the past). This default can be overriden by changing the system parameter AuthorizeValidFromInPast in the topic CardData.
9.7
Valid-From Date for Lockouts As with authorizations, lockouts can not normally be set to begin in the past. This default can be overriden by changing the system parameter LockoutValidFromInPast in the topic CardData.
9.8
Visitor Profiles Only In the default configuration you can assign visitor authorizations by two ways: â&#x20AC;&#x201C;
Choosing an Access Profile which is marked as a Visitor Profile.
â&#x20AC;&#x201C;
Assigning the available Access Authorization separately.
To decrease the risk of error this second possibility can be diabled by setting the parameter DisableStuffAuth of the topic Visitors to true. Now only profiles can be choosen.
i
NOTICE! Make sure that Visitor access profiles do exist, because only visitor profiles can be selected in the Visitors dialog.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
78
en | DMS - Data Management System
BIS 2.2 - Access Engine
10
DMS - Data Management System
10.1
System operation
10.1.1
Starting
The master process is set up and installed as an XP/W2000 service and is controlled by the operating system's Service Control Manager (SCM). It appears in the list of services.
Figure 10.1
Windows XP services dialog
This provides independence with respect to the users currently logged on - the DMS starts or continues to run even without user logon or during a user changeover. If for some reason the service is not started, it will start as soon as the Dialog Manager is called up via the BIS System Manager. Process description file In order to start the whole system on the server only the master process need be started. The information that is required to start all processes correctly is read from the process description file while the master is initializing. This process description file is a UCI command file that holds process characteristics in the form of UCI (Universal Command Interpreter) commands and parameters The command file is divided into blocks. Each block stands for a special core system process. Each block begins with the command 'define', followed by the position parameter 'name', which contains the process name. The process characteristics are specified by the command 'set' plus a named parameter. F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
79
Possible named parameters are described in table 2-1. The block concludes with the command 'add', which adds the process characteristics to the process table. The following example illustrates the structure of a block: define Loggifier set /description="Logging and Notification" set /executable=loggifier.exe set /parameter="/t=2 /o=DBG_OUTPUT_DEFAULT" set /type=BASE set /exitNumber=1 set /restartLimit=2 add define Process-x set /description=(...,...,...) . . . add . . . Named Parameter description
Description Process description. Since the length of process names is often limited, a short description of the process that
executable parameter
explains its functionality is given. Name of the executable file. Parameters and options that are passed on to the process as program arguments, e.g. process name, trace level, and output mode.
Table 10.1
Block entries in the process description file
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
80
en | DMS - Data Management System
Named Parameter type
BIS 2.2 - Access Engine
Description Process type: BASE: Base Process - the process is essential. If such a process fails then the BIS system as a whole will crash. NORMAL: the process is not treated in a special manner. Failed processes of this type are typically restarted by their parents. BATCH: The process is a batch process that is started at a particular time. Indicates whether the master has to
ready
wait until the process has sent the message that it is ready. 0: master does not have to wait. 1: master has to wait for the ready batchStart batchPeriod
message. Start time of the batch processes Describes how the processes are started periodically at different times: DAILY: has to be started daily.
errorReset
WEEKLY: has to be started weekly. Time after which the error counter is
exitNumber
reset (in hours). Describes the process order for shutting down the system. restartLimit - maximum number of restarts permitted. In case of a process failure, a restart counter is set up and the process is restarted. If the restart counter exceeds the restart limit, the process is no longer restarted.
Table 10.1
Block entries in the process description file
The processes are started in the sequence in which they appear in the process description, except for the batch processes. F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
81
Special delays such as the start delay, the restart delay, idle times before terminating a process, etc. are specified by the system parameters that are saved in the registry. The master process uses the time control properties that are explained in the table above to start the server processes. These include batch programs for tasks that only need to be performed periodically. This reduces the number of processes that are running continuously. If the core system is to be halted, the master process uses “exit numbers” to determine the process sequence in which the system will be shut down. The processes with the highest exit numbers are stopped first. Processes with a low exit number are only stopped once the processes with the higher exit numbers have been terminated. If a process does not terminate correctly, it is closed after a short idle time. NOTICE!
i
Interactive processes can have a high exit number, the core areas, however, should have low exit numbers. The loggifier, for example, which is a central process of the system, should be stopped last, as other processes may require this service in order to shut down properly.
10.1.2
Closing
The closing and shutdown of the access control system is handled exclusively using the BIS System Manager and should not be forced by terminating the service.
10.1.3
The master console
The master console can be called up using the context menu (right mouse button) of the Systray icon
. It is possible to open either only this console window or to open the control window for all DMS processes by selecting the “Process Control” option - see following section. Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
82
en | DMS - Data Management System
BIS 2.2 - Access Engine
In order to protect the console window and the process control window against unauthorized access, a separate authentication dialog appears when you call up one of these functions, which asks once more for the authentication data of an operating system administrator user.
Figure 10.2
Authentication window - process control or master console
This authentication remains valid for all subsequent invocations of these functions within the session. Message display Using the master console, the system start, termination of processes, and any anomalies during runtime can be observed.
Figure 10.3
Messages on system start
The final message â&#x20AC;&#x153;Core system successfully startedâ&#x20AC;? indicates that all processes started correctly. In addition, the start phases of each process are displayed. F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
83
The corresponding messages also appear when shutting down the system:
Figure 10.4
Messages on system shutdown
The start and end of batch processes can also be controlled:
Figure 10.5
Messages for batch processes
However, the console window displays only messages that appeared since the last start of the master. All messages are also saved in the corresponding log files however, so that they can also be viewed after restarting the master. Function overview Each console window has a pool of commands and functions with which additional information can be requested and process controls can be undertaken.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
84
en | DMS - Data Management System
BIS 2.2 - Access Engine
To obtain a summary of the possible command entries, enter the command “help” in the console window:
Figure 10.6
Master console: list of commands
To execute the commands, you need only to enter their abbreviations (shown in capitals). Some calls require additional details, however, - the form in which these must be entered is also displayed if you enter “help” and then the name of the command. Example: help info
Figure 10.7
Help for individual commands
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
85
Examples of diagnosis pages
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
86
en | DMS - Data Management System
BIS 2.2 - Access Engine
Using the master console, information about all other processes can also be displayed. The list below corresponds to the information displayed in the process control window - see the next section.
10.1.4
Process control
Like the master console, the process control window is also called up using the context menu of the Systray icon - see the previous section.
Figure 10.8
Process Control window
This window provides an overview and summary of the most important details from the diagnosis pages regarding the highlighted processes. In addition, individual processes of type “normal” and type “batch” can be stopped and restarted, and their console windows opened. The table below gives more details on the individual text boxes: in this window.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
Processes
87
List of the processes from the process description file. The corresponding information is displayed in the fields for the
Executable Process type
selected process. Name of the executable file. Classification of the process: BASE: Base Process - the process is essential. If such a process fails then the BIS system as a whole will crash. NORMAL: the process is not treated in a special manner. Failed processes of this type are typically restarted by their parents. BATCH: The process is a batch process that
Process ID
is started at a particular time. Number (PID) of the process in the
Process state
Windows Task Manager. Displays the current status of the process. This option is used primarily during the start phase of the system if the initialization phases of the processes depend on one another. During the initialization of the loggifier, it makes no sense, for example, to start additional processes that connect with the loggifier. The process status can assume the following values: INACTIVE: The process is not running. STARTED: The process is in the initialization phase. RUNNING: The process was has been fully initialized. TERMINATING: The process is being terminated.
Table 10.2
Parameters displayed in the Process Control window
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
88
en | DMS - Data Management System
Exit state
BIS 2.2 - Access Engine
The exit state can assume the following values: NORMAL: The process has been terminated normally and all resources used have been garbage-collected and released. CRASHED: The process was not closed normally. KILLED: The process was closed by the master. If the master cannot shut down the process normally, for example, it must kill
Description Output mode
the process. Short description of the process. The output mode specifies the outputs, that is, the results of a process, such as traces or error messages. Parameters and options that are passed to
Parameter
the process as program arguments, e.g. trace level and output mode. Traces are used to test the processes during
Trace level
their development. The trace level specifies which messages are displayed. This value can be changed separately here for each process without influencing the Restart limit
default setting. If a process cannot be started, the master
Wait for
restricts the number of restart attempts. The processes indicated expect messages
Readyevent
telling them that other processes have
Error reset
started successfully. The error counter is reset after the specified
First start time
time. Time of the last system start.
tries to restart it - specifying an upper limit
Table 10.2
Parameters displayed in the Process Control window
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
Restart counter
89
If an error causes a process to be terminated, the restart counter increases by 1 and the process restarted. Restarts are attempted until the maximum permitted number of restarts (restart limit) has been
Last start time
reached. Last start time of this process. This is only different from the first start time if the process has been restarted in the
Error counter
meantime. For diagnostic reasons, the master keeps an
Last stop time
error counter for each core system process. The last time this process was terminated; only displayed if individual processes were
Exit number
terminated and not the whole system. Order number for the sequence of the termination of processes from the process
Batch start time Batch period
description file. Start time of the batch processes. Describes how the processes are started periodically at different times: DAILY: has to be started daily. WEEKLY: has to be started weekly.
Table 10.2
Parameters displayed in the Process Control window
“Actions” menu
Figure 10.9
Bosch Sicherheitssysteme GmbH
“Actions” menu
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
90
en | DMS - Data Management System
BIS 2.2 - Access Engine
Generally, all core system processes (except batch programs) run with the master. If for particular reasons individual processes were terminated, a restart of all master-dependent processes can be initiated using the “Auto start” function. This avoids having to restart the entire system. The “Shut down” and “Quick shut down” options should not be used as the access control system is terminated exclusively by the BIS System Manager.
“Tracing” menu
Figure 10.10 “Tracing” menu
While the trace level of individual processes can be changed in the Process Control window, here it is possible to make this change for all processes in one step. “Level 0" displays only error and warning messages, “Level 3,” on the other hand, displays all incoming and outgoing messages. However, this does not cause changes in the default settings that are entered in the process description file - the next time the system is started, the default values will be used. Additional functions in this menu are the opening and closing of all console windows in one step.
10.2 10.2.1
Server Processes Summary
Several processes are executed on the DMS server that are essential for the functionality of the access control system.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
91
These processes are controlled and monitored by the master process. Process LOGGIFIER ACSP-n
Features Responsible for log messages Responsible for communication with the MAC - there is an ACSP process
ACTA
for each MAC. Responsible for database access in
CDTA
access control Responsible for database access of
CALTA
the configuration Responsible for database access for
Batch processes
calendar data Midnight processes
Table 10.3
DMS processes
While the master is active, it monitors the other subprocesses. If one of the processes fails, it is restarted by the master, provided this has been configured (set in the process description file - see â&#x20AC;&#x153;Process Managementâ&#x20AC;? section). With each restart, an error counter is incremented for this process. If the number of restarts exceeds a certain limit (can be set in the process description file = restart limit), the failed process can no longer be started. Since all error counters are reset automatically after a certain time-out, the next attempt to restart this process will be after this time-out. Subprocesses that are not started when the master is started, but only at scheduled times, are monitored by the DMS master. Such processes are known as batch processes. The start times of these programs are specified in the configuration file. The parameters might look something like the following:
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
92
en | DMS - Data Management System
BIS 2.2 - Access Engine
set /type=batch
Specifies that this is a batch
set /batchStart=00:02.00
process Specifies that the process should be started 2 minutes
set /batchPeriod=daily
after midnight Specifies that the process start should be repeated daily
Table 10.4
10.2.2
Start time parameters
Loggifier
Here, we list the command entry options of the console window.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
10.2.3
DMS - Data Management System | en
93
ACSP - process for access control
The various functional areas are connected to the DMS as selfsufficient subsystems via interface processes. The interface processes comprise various interfaces: –
The DMS interface to the loggifier, via which data changes are recognized (which then cause data change orders on the subsystem) and events reported by the subsystem are entered into the event logs.
–
A client interface via which control orders from the DMS to
–
The interface to the subsystem via which both control and
the subsystem can be transmitted. data change orders to the subsystems and also status and event messages from the subsystem are exchanged. The status of the subsystem is also monitored via this interface. Functions The actual access control system is controlled by the MAC (Main Access Controller). It receives all necessary data from the DMS from a dedicated interface process.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
94
en | DMS - Data Management System
BIS 2.2 - Access Engine
The ACSP (Access Control Subsystem Process) is responsible for the connection of the access control system. Its individual tasks are: –
The initialization of the access control system.This is carried out by loading all relevant data onto the responsible MAC after a cold start.
–
The transmission of DMS control orders.
–
The transmission of data changes.
–
The receipt of event messages and, if necessary, the execution of associated data changes.
–
The updating of device statuses.
–
The updating of the locations.
Initialization On each system start, the MAC checks its local database for completeness. If it finds that data is missing, it requests this from the DMS using a request telegram. The corresponding database tables are then downloaded to it using the corresponding data telegrams from the ACSP. In case of the first start or a cold start, this is all access-relevant data. This includes, for example, device, personnel, and authorization data as well as time models.
Control orders It is possible to transmit control orders to the access control system. This is carried out by the corresponding dialog functions of the DMS. A possible control orders might be, for example, individual rights extensions, or the changing or requesting of a person’s current location. These control orders are transmitted to the ACSP using a function of the client interface, which then transcribes these in a corresponding control telegram to the MAC. The MAC acknowledges the control order with a corresponding data or event telegram.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
95
A query of a location, for example, would be acknowledged by a data telegram, the changing of the location by an event telegram.
Data changes Each data change in the DMS triggers an event message to the Loggifier. The ACSP is also informed of this by this mechanism. If access-relevant data is changed, the ACSP generates a data change telegram and sends it to the MAC. Each of these telegrams is acknowledged by the MAC.
Event messages All relevant system events are recorded by the access control system. These include successful, unsuccessful and interrupted access attempts. All these events are sent to the ACSP by the MAC with an event telegram and the ACSP then enters them in the appropriate DMS event logs. If a transmission to a process fails, then the transmitting process buffers all messages accumulated during the malfunction. Once the malfunction has been removed, these buffered messages are appended. This ensures that no event messages are lost. Device statuses The status of the access control system devices (with the exception of the MAC itself) is monitored by the MAC. Each change of a device status is reported to the ACSP as an event message. The ACSP enters the message in the appropriate logbook and posts the new device status in the DMS database. The MAC itself is monitored by the ACSP by means of regular status telegrams from the MAC to the ACSP. If these telegrams fail to arrive then the MAC is marked as faulty. The MAC in turn monitors the status of the DMS server. If it determines a malfunction, it generates an event message to this effect. If the malfunction is corrected, this message is sent to the ACSP, together with the event messages that have been Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
96
en | DMS - Data Management System
BIS 2.2 - Access Engine
transmitted and buffered in the meantime, and logged accordingly by the ACSP.
Locations In the access control system there is only one place where the current location of a person is known with sufficient certainty, and this is the MAC. The MAC informs the DMS of every change in the location of a person by means of an event message. The ACSP then posts the new location in the DMS database.
Console window The console window of the ACSP process also offers various information pages. First, however, we present a list of the possible input commands as displayed by the â&#x20AC;&#x153;helpâ&#x20AC;? command:
10.2.4
Transactors
Most database updates are performed with user dialogs. As a rule there are many of these and most of the changes are made here. In order to guarantee a constant entry in the logbook, it is therefore advantageous to restrict database updating to one or a few processes. These processes are called transactors since they take over the database transactions for the user dialogs.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en
97
Transactor are inserted into each application module, e.g. one for access control, one for configuration data management, etc. The client dialogs never execute the updates directly in the database; instead, they always transmit a corresponding request to their transactor. However, many actions of the dialogs cause more than one update of the databases. Such extensive actions can be combined into database transactions; all necessary actions are concentrated in the transactor instead of being divided up among many user dialogs. In client/server terminology, this approach is known as “business rules” and is sometimes regarded as a third link between the client and server. The “business rule” link is inserted into the DMS in the form of transactor processes, which receive central knowledge about, for example, how ID cards are activated or deactivated, how a person's access rights are changed or how an authorization model is deleted. The existence of these “business rules” is the reason why all interactive database changes can only be executed by the dialogs of the DMS, and tools such as MS Query or MS Access are not used. The use of such tools would enable the user to make changes to a database table without transmitting these changes to the other tables. These tools should therefore only be used in “read-only” mode. Transactors are processes that take over the database changes. There are different transactors for different areas of the system, e.g. –
ACTA (Access Control Transactor) - transactor for the access control system
–
CDTA (Configuration Data Transactor) - transactor for the configuration data
–
CALTA (Calendar Transactor) - transactor for the data of the calendar model
Transactor for access control (ACTA) All updates of the access control data are executed by a single process on the server side. This process is called the transactor Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
98
en | DMS - Data Management System
BIS 2.2 - Access Engine
for access control. The abbreviation ACTA stands for Access Control Transactor. The transactor receives the update requests from the dialogs and executes all necessary actions in the database. It then creates a corresponding logbook message and sends it to the loggifier. The transactor offers various services that can be used from a dialog or from other components connected with the access control. Data changes generated by the MAC are also processed via the ACTA.
Transactor for configuration data (CDTA) This section describes the process that handles all requests for entries, updates, and deletions in the configuration data tables. This process is called the transactor for configuration data. The abbreviation CDTA stands for Configuration Data Transactor. The transactor receives the requests from the device data editor and the configuration data utility and executes all necessary actions in the data of the DMS. It then creates corresponding logbook entries and sends these to the loggifier.
Calendar transactor (CALTA) This section describes the calendar transactor that handles all requests for the insertion, update or deletion of data in the database tables of the calendar. It is responsible for making sure that the references for the tables that form the central calendar are correct. The abbreviation CALTA stands for Calendar Transactor. The calendar transactor receives the update requests from the dialogs and executes all necessary actions in the database. Each change request for a table first triggers a check. The requested action is only executed when all checks have concluded successfully. Corresponding logbook entries continue to be created for â&#x20AC;&#x201C;
Start of work on the request
â&#x20AC;&#x201C;
Each elementary database action
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
–
DMS - Data Management System | en
99
End/cancellation of work on the request
and sent to the loggifier.
Calendar library The calendar library is based on Julian dates, including the corresponding conversion functions. This time format makes the applications independent of the special time form of the relevant system. The basic function is extended by the definition of a date class and a date time class Based on the Julian date, the number of days since January 1, 4714 B.C., the date class offers the following applications –
To calculate day differences (with automatic consideration of leap years),
–
To compare data,
–
And to convert data from an internal database format into a format for presentation in the dialogs. The date time class is based on Julian time, the number of 0.1 microseconds since 1.1.1601-00:00:00 UTC, and the date class including the following applications
–
To calculate time differences (including the change between standard time and daylight savings time and viceversa),
–
And to convert the time between the different time formats, especially the internal database format and the format for presentation in dialogs.
An additional calendar library CAL was inserted, which administers the complex structure of the tables that form the central calendar. The library hides this structure from its users and simplifies access, especially to the time models. Its users are dialogs and applications such as the access control interface process. This class library contains classes for carrying out the following functions: –
Creation of day models
–
Creation of an overview of the existing day models
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
100 en | DMS - Data Management System
–
BIS 2.2 - Access Engine
Loading of day models (all or according to a selection scheme)
–
Update and deletion of day models
–
Creation of a special day and check as to whether two special days coincide with one another
– –
Creation of an overview of the existing special days Loading of special days (all or according to a selection scheme)
–
Decision as to whether a particular date is a special day
–
Update and deletion of special days
–
Creation of a time model with corresponding references
–
Creation of an overview of existing time models
–
Loading of time models (all or according to a selection scheme)
– –
Invocation of the day model for a particular day Invocation of a set of day models for a particular time interval, beginning with a special day
–
Update and deletion of time models
Console window Each transactor has its own console window and provides process-specific information. As with the master console, by entering “help” a list of available commands can be displayed this is the same for all transactors:
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en 101
The following figures show information pages using the example of the ACTA transactor. These can be invoked with the corresponding commands.
10.2.5
AEOPC
The AEOPC server is a process that is provided by the DMS but can only be started from the BIS. If an OPC connection is established with the DMS server, AEOPC is started and enables the device statuses to be displayed and commands from the BIS and messages from the Access Engine to be transmitted. No console window is available for this process.
10.2.6
MDS (QueryServer)
All client requests that require database access are received by the MDS, also called the Query Server, and forwarded to the responsible ODBC database since there is no direct ODBC
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
102 en | DMS - Data Management System
BIS 2.2 - Access Engine
connection in the Access Engine system between the clients and the server.
10.2.7
Report Server (REPS)
The REPS creates all requested reports centrally on the server. It receives a corresponding request from the client via http. The REPS checks these and creates the report. During the creation time, the client keeps asking until the REPS sends it a message to say that it is complete. The REPS then sends another request with the command to transmit the created file so that the file is transmitted and displayed on the client.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
10.2.8
DMS - Data Management System | en 103
State Information Process (SIPServer)
All device and personal/card status information is collected and stored here and can be called up via the OPC connection and displayed as event messages.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
104 en | DMS - Data Management System
10.2.9
BIS 2.2 - Access Engine
Time Attendant Account Exchange (TAccEXC)
When using the door model 06, where only two readers are configured for the recording of booking times, the TAccEXC sends the collected bookings to these readers at predefined times and forwards them to an external time management system.
10.3
Batch processes
10.3.1
Overview
Under the name midnight processes or batch processes, all processes are combined that are not necessary for the system flow and thus do not need to be active constantly. They are started around midnight. These functions primarily consist of updating and â&#x20AC;&#x153;housekeepingâ&#x20AC;? tasks for the database. The start time was selected as the date change takes place at 00:00:00. The date change is important, for example, if an identification card is only to be valid as of a particular day. When the date change takes place at midnight, therefore, a process is started that releases all identification cards that are to be valid as of this date and that locks all identification cards that were valid until the previous day. Like all DMS processes, the batch processes are also controlled by the master. For this there is also one entry apiece in the file PrcTable.tbl: define LOP set /executable=lop-d.exe set /ready=0 set /parameter="/O=(Term,File,Logsrv) /t=2" set /restartlimit=3 set /type=batch set /errorReset=100 set /exitNumber=1500 set /batchStart=00:02.00 set /batchPeriod=daily add
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
DMS - Data Management System | en 105
In addition to the type designation, these entries distinguish themselves from the other processes by the additional parameters batchStart and batchPeriod, which determine the time of day and the intervals at which this process is started by the master. Using the ProcessControl application of the master, these processes can also be started at any time to check their runtime behavior.
10.3.2
Lock-Out Process (LOP)
For each person different identity card locks can be set up based on time intervals and other reasons. These locks are checked and administered by this process. The process checks the data and sets the corresponding locks or removes them again by informing the access control system about the locks using the loggifier. All locks are removed as soon as they have expired.
10.3.3
Authorization Monitoring Process (AMP)
The validity of access authorizations is restricted by a time interval, that determines the first and last day on which the access authorization is valid. The time interval is defined by the database fields AuthFrom and AuthUntil in the ACPersons table or in the Visitors table for visitor identification cards. The process checks the data and informs the access control system via the loggifier when a person's access authorization begins or expires. All access authorizations for a person are deleted depending on the system parameters KeepAuthPerPerson (for the table AuthPerPerson) and KeepAuthPerVisitor (for the table AuthPerVisitor) as soon as they have expired.
10.3.4
Cleanup Visitor Data (CLV)
External visitors' data is stored for a time period of six months (system parameter VisitStorTime). After the end of this period,
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
106 en | DMS - Data Management System
BIS 2.2 - Access Engine
the visitor data is deleted. The cleanup utility searches the Visitors table periodically and deletes the expired data records in all relevant tables including Persons, AuthPerVisitor, etc. depending on the data entered in the database field DepartDate.
10.3.5
Cleanup Utility (CLU)
The cleanup utility is started daily as a batch process to delete the access control data that the system no longer needs. Since this tool has a UCI interface, the user can let it run interactively on a server if, for example, this process is not started automatically for some reason. The interactive mode enables the user to carry out a complete cleansing for all data (as with the batch processes) or selective data cleansing. The following sections summarize which data is cleansed. Deleting personal data When deleting per dialog, personal data is only flagged for deletion. All data about the person in the relevant tables such as Lockouts, AuthPerPerson, Fingerprint, Users, etc. is not actually deleted until a time span of 6 months has passed (system parameter PersDelTime). Cleansing of the data flagged for deletion For some database tables, the deletion of a data record does not cause an immediate physical removal. In these tables, the data record is only flagged for deletion. These include, for example, Authorizations and Devices tables. There are a number of reasons for this delayed deletion. The most important reason is that if the DMS should fail, the buffered messages can still be entered in the logbook correctly by the MAC. The cleanup utility deletes all data records that were flagged for deletion. A system parameter (RecordDelTime) controls the number of days after which a data record marked for deletion is also removed physically.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
10.3.6
DMS - Data Management System | en 107
Backup
This batch process creates an up-to-date database extract and backs up the system parameters of the MICOS branch in the registry. These backups are saved in the C:\MgtS\Access Engine\AC\Backup (standard installation path) directory. A file with the current date for a time stamp and the extension .gz is created. Additional the folder CardholderImages (with the pictures from the persons of the access control system) and Layouts (with the layouts created by the badge designer) will be copied into the Backup-folder. Using these backups and the last installation CD, the system can be restored at any time to the previous day's state.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
108 en | MAC - Main Access Controller
BIS 2.2 - Access Engine
11
MAC - Main Access Controller
11.1
Functions The MAC has many functions which are absolutley essential to access control at entrances.
11.1.1
Basic functions – –
Download of reader programs from the DMS above it. Distribution of programms to the LACs and readers below
it. –
Download of data from the DMS, storage of data in the local databas and distribution to the LACs of:
Badge/Card and personnel data Fingerprints Authorizations Time Models Device Data –
Forwarding of event messages (either from the MAC itself, or from one one the LACs). The messages are stored in the MAC until they have been successfully transmited to the DMS.
–
Forwarding of control commands originating from the DMS or BIS (e.g. to open a door) to the responsible LAC-
11.1.2
Access Control functions
The MAC is primarily responsible for operative access control functions. Depending on the the individual configuration these can be activated, deactivated or customized. The main access control functions run by the MAC include: –
Checking access rights at entrances.
–
Tracking the locations of persons.
–
Processing access control functions which require input fom multiple LACs, e.g.
Access sequence tracking Path control (route monitoring) Antipassback Man-trap control, in as far as multiple LACs are involved. F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
MAC - Main Access Controller | en 109
Tracking how often a PIN code has been incorrectly entered. –
Interfacing with alarm systems (e.g. UGM) and alarm suppression.
–
Counting how many personnel are in a certain area.
–
Reporting to external systems depending on the number of personnel in a certain area, e.g. arming an alarm system.
11.2
Data defintions The MAC database is of the CTREE ISAM type . The database consists of individual tables. Each table consisits of a data file (.dat) and one or more index files (.idx).
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
110 en | MAC - Main Access Controller
Table-Nr.
Name
1
MESSAGETEXTS
BIS 2.2 - Access Engine
Description Definition of message numbers and event texts
2
MESSAGEACTIONS
Definition of Actions
3
AREAS
Definition of Areas
4
DEVICES
Definitionof devices
5
RCP
Definition of entrances (Registration and Control Point)
6
DESTINATIONMAP
Definitions for elevators and parking lots.
7
TIMEMODELS
Definition of time models
8
AREATIMEMODELS
Definition of area/ time models
9
CARDS
Definition of badge data
10
BLACKLIST
Definition of the balacklis
11
PERSONS
Definition of personnel data
12
FINGERPRINT
Definition of Fingerprint data
13
ROUTE
Definition of route control
14
SYSTEM
Definition of Systemwide parameters
15
COMMAND
Internal table for the MAC
Table 11.1
Database tables of the MAC
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
MAC - Main Access Controller | en 111
These tables are present on e very MAC system, but may be empty depending on the configuration. The master controller of all data is always the superior system, i.e. in general the Access Engine DMS.
11.3
Operating the MAC
11.3.1
Startup
Der MAC is started automatically as an operating system service, and runs in the background without user login. The Master starts all processes it needs to control based on the file ProcessTable.txt (path C:\MgtS\Access Engine\MAC\Config). The startup order is the order in which they appear in this file. A MAC icon is displayed in the systray after startup. Default settings dictate that the console windows for the individual processes remain closed. These can however be displayed in the ProcessControl application, which can be started by rightclicking on the MAC systray icon and logging in with the name and password of a local Windows administrator. Cf. also Section 11.4 Process Control, Page 113
11.3.2
Shutdown
Shutting down the MAC causes all subordinate processes to be shut down in (increasing) order of their "Stop Numbers". The MAC itself has the highest stop number and so is terminated last. There are several ways of shutting down the MAC: 1.
Via the shutdown command in the context menu (right click on systray icon). A safety check dialog appears in order to prevent inadvertent shutdowns. As a running MAC is essential for access control a further dialog is displayed after all subprocesses have been terminated. You must answer Cancel in order to shutdown the MAC completely. Here too the deliberate intervention of the operator is required. If the response is not forthcoming, or if the operator gives the default response by pressing ENTER,
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
112 en | MAC - Main Access Controller
BIS 2.2 - Access Engine
then the MAC will be restarted. Not until the MAC has been shut down completely will its corresponding service be terminated. 2.
Terminating the service "AUTO_MAC".
With this option the safety check and termination message are not displayed. 1.
Shutting down the Master ProcessControl. All dependent processes will be stopped before the master finally terminates itself. The safety check does not appear in this case, but the restart message does. Even when the MAC has been terminated the service remains in status "started". Hence the service must be terminated and restarted in order to restart the MAC.
11.3.3
Warm start
Along with the shutdown option ProcessControl provides a means of restarting individual processes: A restart of the master proceeds similarly to shutdown scenario 3 above; i.e. if one requires a restart then the restart query should be affirmed or left unsanswered. Warm start then reinitilizes the individual processes. With the exception of MESSENGER and SYSTEM all other MAC processes can also be restarted. The restart is initiated automatically after shutdown without further user intervention.
11.3.4
Cold start
Cold, as opposed to warm, start means that all essential system data should be requested and loaded from the DMS. To do this it is necessary to delete the data already loaded thus forcing the MAC to request all data at startup. Shut down the MAC and then delete all files with the extensions .dat and idx in the MACâ&#x20AC;&#x2122;s DB directory. Do not delete the folders PROTO and SAVE). Then restart the MAC.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
MAC - Main Access Controller | en 113
NOTICE!
i
Depending on the amount of data, but particularly if there are many personnel and badge data, loading the database can take some hours. During this period those access control functions which are exclusively MAC-based (e.g. access tracking) will not be available.
11.4
Process Control The preceding sections have touched already on this application, and described some of its functions. This section will summarize the application in order to provide more clarity, even at the cost of some repetition. Right click on the MAC systray icon and select ProcessControl. The ProcessControl dialog is displayed
Figure 11.1
MAC - Invoking Process control
Figure 11.2
MAC - Process Control
The Control field offers the following functions:
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
114 en | MAC - Main Access Controller
BIS 2.2 - Access Engine
Reset restart count
Resets the restart count to "0".
Start task
Starts the selected process (only active if the process is not running already).
Restart task
Halts and restarts the selected process (only active if the process is already running ).
Stop task
Halts the selected process (only active if the process is already running ).
Shutdown MAC
Halts all MAC processes. This is equivalent to halting the Master.
The left-hand field Processes, and the right-hand field Consoles display all the MAC processes. This list corresponds to the entries in the process table. Process which are commented out, or not listed there, will not be displayed. By selecting a process in the left hand list you display details about that process in the middle fields. The upper middle field System process info displays operating system information regarding the selected process, e.g. Parent PID and PID, as may be seen also in the Windows Task Manager.
i
NOTICE! If ParentID is missing this means that the MAC was started manually via the .exe file.
As the Master is started by MacProcessControl.exe its PID ios the Parent PID of the Master. All other MAC processes have the Masterâ&#x20AC;&#x2122;s PID for their parent. The Executable field shows the running executable and its path. The field MAC process info shows those parameters and options listed in the process table. In addition it shows the last startup time and the number of starts since the last system F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
MAC - Main Access Controller | en 115
start. The trace-level, which governs how many messages are generated, can be set on-the-fly here also. After a restart the process will resume with the default level. The Control field can be used to halt or restart all processes which are not BASE processes (with the exception of the Master). Until the restart-counter is reset the buttons correspond to the functions in the Control menu. The right-hand field Consoles can be used to display or hide console windows for the listed processes. These windows are purely passive and can not be used to control the processes, nor can they be closed via the "x" icon in the title bar, but only via the check-boxes in this right-hand field. As a convenience to the user, ProcessControl remembers which of the consoles were running when the master was closed and will reopen them next time it is restarted.
11.5
The processes of the MAC As has been mentioned already, the console windows are purely for information and can not be used to control the processes themselves. Control commands can only be given via ProcessControl. The MAC Master starts, stops, monitors and controls the following processes. Depending on the individual installation some of these will not be required and hence will not be started: Process MESSENGER
Function Communication with all the processes listed below.
AC
Access Control
DMS
Connection to the DMS-Server
INFO
Responsible for event log messages
LAC
Control of Local Access Controllers (LACs)
SYSTEM Bosch Sicherheitssysteme GmbH
Responsible for monitoring devices Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
116 en | MAC - Main Access Controller
11.5.1
BIS 2.2 - Access Engine
MAC-Process: Master
Starts, stops and controls the run-time of all processes in the process table and their subprocesses. The MAC startup process consists of the following phases: Phase 1
Initialization of all internal data.
Phase 2
Initialization of the host interface. The database contents are checked. If found to be incomplete they are requested and downloaded from the host. The host is also able to delete the MACâ&#x20AC;&#x2122;s data and reload them.
Phase 3
The interfaces to the connected devices and, depending on configuration, to the partner-MAC are initialised. The MAC determinces whether it is to run as master, slave or single computer configuration.
Phase 4
A MAC in slave mode remains in this phase until switched to master-mode.
Phase R
Normal running phase for master and single computer configurations
The system communicates with its peripheral devices and processes requests from them.
11.5.2
MAC-Process: Messenger
The Messenger is the systemâ&#x20AC;&#x2122;s information distributor. It receives all messages from the MAC processes, database changes and commands fromthe DMS. When the MAC starts up all processes register with the Messenger to receive their respective message types. The messenger distributes messages to the individual processes based on these registrations.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Figure 11.3
11.5.3
MAC - Main Access Controller | en 117
Console of the Messenger process
MAC-Process: System
This process is responsible for all MAC-database changes coming, for example, from the DMS. Device statuses (e.g from LACs or readers) are entered in the database by this process.
Figure 11.4
11.5.4
Console of the System process
MAC-Process: AC
This process is responsible for the checks necessary for access control. These include: –
Verifying the authorization of persons.
–
Carrying out access tracking and anti-passback controls.
–
Controlling guard tours.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
118 en | MAC - Main Access Controller
Figure 11.5
11.5.5
BIS 2.2 - Access Engine
Console of the AC process
MAC-Process: DMS
The DMS process on the MAC forms the interface to the Access Engine DMS. All communication between the systems passes through this interface (DMS - ACSP). Not only the the data required by the MAC, but also the event messages passed from MAC to the DMS pass this way. The DMS provides the following functions:: –
Communication with the DMS.
–
At system startup the checking and, if necessary the initialisation of the MAC database.
–
Requesting fresh data from DMS in the case of empty, missing or corrupted tables.
–
Receiving records of DMS data changes:
newly assigned badges newly assigned or changed authorizations newly assigned or changed PIN-Codes blocking, modifying and deleting etc. –
Sending event messages to the DMS; these can be access control events (e.g. passage through an entrance) or alarms stemming from the system’s own failure monitoring.Senden von Ereignismeldungen an das DMS.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Figure 11.6
11.5.6
MAC - Main Access Controller | en 119
Console of the DMS-Process
MAC-Process: LAC
This process displays on its console the message telegrams to and from connected LACs. At the same time it fowards important information from the DMS and MAC to the LACs, so that these are capable of making basic access control decisions on their own. Only system-wide decision criteria are held on and decided on by the MAC. The LAC process has the following responsibilities: –
Communications with all connected LACs.
–
Gerneration of status information pertaining to all LACs, readers and, if necessary, devices connected to LACs.
–
Program downloads for LACs and readers.
–
Initialization of LACs with their required parameters.
–
Receiving and forwarding of event messages generated by
–
Receiving of access control requests from LACs
LACs. (authorization checks etc.). The forwarding of requests via the central Messenger to the responsible MAC processes and returning results to the LACs.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
120 en | MAC - Main Access Controller
Figure 11.7
BIS 2.2 - Access Engine
Console of the LAC process
This dialog can be used for deactivating the communication to individual LACs. This setting should be used with care and only for test purposes as every device-message from the Access Engine System will overwrite the setting.
11.5.7
MAC-Process: Info
The Info process provides a central collection point for all MACmessages, so that the user can see at a glance the origins and destinations of messages without having to open a console window for each process. It can be compared to a stock ticker machine generating a continuous stream of diverse, short-lived information. Access attempts can be classified based on the messages. For example "Access" means that an authorized badge has been used for this access, and the LAC opened the door; "door opened without authorizat" indicates unauthorized entry; "unknown" means that a badge has been read, the number of which is unknown to the system.
Figure 11.8
Console of The INFO process
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
12
Setting up Video Verification | en 121
Setting up Video Verification Setting up Video Verification BIS can be configured so as to display a cctv image of the relevant area whenever someone checks in at a particular reader. At the same time an archive photo of the person checking in can be displayed for comparison. Based on this visual verification the operator can decide whether or not to admit the person.
i
NOTICE! Necessary extra equipment is a camera which is able to view the relevant area. In order to set up this functionality please proceed as follows: 1.
Open a Windows Explorer on <InstallationDisk>: \MgtS\Customer_Configuration\<Name of Configuration>\Documents\Actionplans. –
Select the file VideoVerificationACE.htm.
–
Open the file in a text editor: (right click) > Open with... > <Editor>. Note: if you double click the file this will normally start the Internet Explorer. An editor (normally Notepad) may be invoked from here by clicking View > Source
–
Find the lines containing LiveImageUrl.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
122 en | Setting up Video Verification
–
BIS 2.2 - Access Engine
Depending on the type of camera you wish to use, uncomment the appropriate line by removing the slashes // at the beginning of it, and change the IPAddress in the file to that of the camera you wish to use.
i
NOTICE! Only one LiveImageUrl URL may be active (uncommented) at one time. Please make sure that the other is commented out or deleted. – 2.
Save and close the file.
Start the BIS Configuration Browser and click the menu Connections. –
Select the entry reader for the relevant entrance in the device explorer.
–
Select the tab Door Control and check the box labeled Host Verification.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
– 3.
Setting up Video Verification | en 123
Save the settings by clicking Apply.
Change to the menu Locations and start the dialog Tree Structure. –
Create a new node in the tree called e.g. Video and select it.
–
In the Documents field click the Modify... button, which opens the dialog Selection of Documents.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
124 en | Setting up Video Verification
BIS 2.2 - Access Engine
–
Click the New button to choose a document.
–
Select the list entry Action plan and then click Select.
–
Open the file VideoVerificationACE.htm, where you previously modified the URLs
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
4.
Setting up Video Verification | en 125
–
Accept the selection by clicking OK.
–
Save your settings with the Apply button.
In the same menu (Locations) switch to the dialog Detector placement. –
Here you will find a similar structure view to that in Tree structure. Select the newly created entry (here: Video) in the Explorer.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
126 en | Setting up Video Verification
â&#x20AC;&#x201C;
BIS 2.2 - Access Engine
In the Devices field select the entry <ComputerName>/ AccessEngine/Devices.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
â&#x20AC;&#x201C;
Setting up Video Verification | en 127
The Groups field now lists all the readers in Access Engine. Select the reader which you have configured for video verification
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
128 en | Setting up Video Verification
â&#x20AC;&#x201C;
BIS 2.2 - Access Engine
Drag the reader and drop it in the left hand explorer window (location tree). The detectors for this reader now appear in the list field Detectors directly at Location
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
â&#x20AC;&#x201C;
Setting up Video Verification | en 129
After this you can delete detectors for which you do not require video verification. Select the readers in the list field Detectors directly at Location and remove them with the button Delete mapping.
5.
Now switch to the menu General Settings and invoke the dialog Associations. â&#x20AC;&#x201C;
Use the New button to create a new entry in the Jobs tree, and rename this to e.g. Video.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
130 en | Setting up Video Verification
–
BIS 2.2 - Access Engine
Right click on the new job and select the option Create Trigger.
–
In the dialog Create a new Trigger select Address and confirm with OK.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
â&#x20AC;&#x201C;
Setting up Video Verification | en 131
The dialog Address Selection is opened. Select the reader you wish to configure for video verification by clicking Devices in the Devices field then the chosen reader in the Groups field.
â&#x20AC;&#x201C;
Confirm your choice and check all three boxes on the right hand side of the dialog.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
132 en | Setting up Video Verification
–
BIS 2.2 - Access Engine
Right-click the trigger in the left hand list field and select the option Create THEN Control.
–
A Dialog Create new “THEN” Control. is opened. For object choose Message from the combo box and enter (if you wish) a comment as a label for the control.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
â&#x20AC;&#x201C;
Setting up Video Verification | en 133
Confirm your choice with OK and make sure that the option Use alarm address is activated for the control.
6.
Save all changes and load the configuration via the BIS Manager.
As a BIS operator you perform video verification as follows. 1.
Log into BIS. â&#x20AC;&#x201C;
If you receive a Video Access Request in the messages window...
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
134 en | Setting up Video Verification
–
BIS 2.2 - Access Engine
... accept it by double-clicking in the Status column of the appropriate row.
–
The Action plan tab is opened showing the html page with a live picture from the entrance and the database archive photo of the badge owner for comparison.
–
Underneath the picture the BIS operator can decide whether to admit the badge holder based on the comparison. S/he may use one of the buttons: Open door and delete message or Deny access and delete message.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Backup and Restore | en 135
13
Backup and Restore
13.1
Standalone-Server
13.1.1
Backup
Daily configuration backups are made automatically by the system. In addition, a manual configuration backup is recommended after significant changes to the configuration have been made. To perform a backup a freely chosen point of time, go to the Backup / Restore Configuration tab in BIS Manager.
i
NOTICE! Backups can only be done during the system runs.
Specify a target directory if you donâ&#x20AC;&#x2122;t use the default setting C:\Backup clicking the
button. Now click the Backup button. The following dialog will inform you about the progress of the action.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
136 en | Backup and Restore
BIS 2.2 - Access Engine
Depending on the systems components, which have to be saved, the backup process creates a folder structure, which includes the folder CardholderImages (with the pictures from the persons of the access control system) and Layouts (with the layouts created by the badge designer), as follow.
13.1.2
Restore
Any backup, whether it may be made automatically or manually, can be restored.
i
NOTICE! To restore a backed up configuration, the system has to be stopped. Next, go to the Backup / Restore Configuration tab in BIS Manager.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Backup and Restore | en 137
Now click Restore and confirm the next message.
The next dialog will inform you about the progress of the action.
After the configuration has to be restored the system can be started immediately confirming the finish message.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
138 en | Backup and Restore
BIS 2.2 - Access Engine
13.2
Remote- and Login-Server
13.2.1
Backup
The Backup can be started using the BIS manager running on the Login Server and is the same like described for the Standalone Server. On the Login-Server the system components installed on this computer will be saved in the folder C:\Backup (= default installation path). At the same time the Remote-Server gets an order to create a local backup. The DMS process Backup will be started and saves the backup file named ACEyyyymmdd.gz (with the actual date) and the folder CardholderImages (with the pictures from the persons of the access control system) and Layouts (with the layouts created by the badge designer) into the folder C:\MgtS\Access Engine\AC\Backup (= default installation path).
i 13.2.2
NOTICE! The system administrator has to save these files separately.
Restore
The restore of the configuration must be done on both computers - the Login and the Remote Server.
Login Server First stop the BIS manager and start the restoring of the BIS configuration clicking the Restore button on the tab Backup/ Restore configuration. The procedure is the same as for the Standalone-Server.
Remote Server â&#x20AC;&#x201C;
Take care that the Access Engine system is running.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
–
Backup and Restore | en 139
Start the tool BackupAndRestore.exe in the folder C:\MgtS\Access Engine\AC\Bin (= default installation path) with a double click.
–
In the dialog choose the option Restore from.
–
Search for the backup file using the
–
–
button.
Click the Start button to start the restore process.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
140 en | Backup and Restore
â&#x20AC;&#x201C;
BIS 2.2 - Access Engine
The restore steps will be displayed in the lower field.
In detail there are the following steps to restore the system: stopping MAC stopping ACE import registry import database starting ACE starting MAC The BackupAndRestore tool will be closed automatically after the last step has finished.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Troubleshooting | en 141
14
Troubleshooting
14.1
User administration
14.1.1
Dialog system of the Access Engine does not start
When the Access Engine is called, an empty Internet Explorer is displayed. Reason:
The workstation is not set up as an Access Engine workstation. –
In the ACE workstations Configuration Browser dialog, check whether the workstation is entered. If not, enter it.
14.1.2
Login is denied
After logging in to the Access Engine, the following error message appears:
Possible reasons are: 1.
The user has no assigned user profile for the Access Engine: –
In the Operators Configuration Browser dialog, check whether at least one profile is contained in the list on the left-hand side of the ACE user settings page.
2.
The user profile assigned to the user was not assigned to the workstation profile used for this workstation: –
In the ACE workstation profiles Configuration Browser dialog, check whether the user profile assigned to the user was also assigned to the respective workstation profile.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
142 en | Troubleshooting
3.
BIS 2.2 - Access Engine
No workstation profile or an invalid profile was assigned to the workstation: –
In the ACE workstation rights Configuration Browser dialog, check whether the correct workstation profile has been assigned to the respective workstation.
As these causes - even when in combination - always generate the error message described above, we recommend that you perform all checks in the specified order.
14.1.3
Empty Access Engine Internet Explorer
If the dialog system of the Access Engine is started, but no menus and dialogs are available, this can be due to the following: 1.
The workstation profile and the user profile do not overlap/intersect: –
In the Configuration Browser dialogs ACE user profiles and ACE workstation profiles, check whether the rights contained are identical or have at least some overlap.
i
NOTICE! This case will only occur if you are working with restricted workstation profiles in your system. 1.
The workstation profile and/or the user profile do/does not contain any rights for the menus: –
In the Configuration Browser dialogs ACE user profiles and ACE workstation profiles, check whether the rights contained also include the relevant menus.
2.
The workstation profile and/or the user profile do/does not contain any rights for executing the dialogs: –
In the Configuration Browser dialogs ACE user profiles and ACE workstation profiles, check whether the entries in the View column are set to Yes.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
BIS 2.2 - Access Engine
Troubleshooting | en 143
14.2
System settings
14.2.1
Change the timezone
If the timezone of the BIS server will be changed, messages coming from the access system have a wrong time stamp as long as the system is restarted.
14.2.2
Regional and Language Options
If you use a operating system with different language to the local area, it might be that special functions like search have not the expected results. So if it neccessary to have this operating system, you must set the following parameters. Open the dialog Regional and Language Options over Start > Settings > Control Panel and choose the tab Languages. Select and install the language you need checking the control of Supplemental language support. Go to the tab Advanced and select the language in the field Language for non-Unicode programs and activate the control of Default user account settings.
Bosch Sicherheitssysteme GmbH
Installation manual
F.01U.028.713 | V 2.2.0.1 | 2008.09
144 en | Troubleshooting
BIS 2.2 - Access Engine
After these changes a reboot is required.
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
146 en | Index
BIS 2.2 - Access Engine
Index
F.01U.028.713 | V 2.2.0.1 | 2008.09
Installation manual
Bosch Sicherheitssysteme GmbH
Bosch Sicherheitssysteme GmbH Robert-Koch-Straße 100 D-85521 Ottobrunn Germany Telefon +49 89 6290-0 Fax +49 89 6290-1020 www.boschsecurity.com © Bosch Sicherheitssysteme GmbH, 2008