2 Security Administrator S2 System ArchitectureInternetTemp ProbeDoor LockPortalNetDoor NodeIP NetworkReaderVideo RecorderAnalog CameraPhoto ID CameraPhoto ID BadgePrintingSecurity AdministratorIP CameraIP Camera (PTZ)IP NetworkSecurity MonitorNetBox NodeNetBoxTemp ProbeDoor LockReaderPortalAlarmRemote SupportAlarm PanelDoor LockPortalReader654321ElevatorGateReaderPortalLighting
3 Security Administrator IP NetworkAlarmDoor LockReaderPortal654321ElevatorLightingNetBoxSecurity MonitorRemote SupportSecurity AdministratorIP CameraVideo RecorderAnalog CameraAlarm PanelNetBox NodeTemp ProbeIP Camera (PTZ)Photo ID CameraPhoto ID BadgePrintingS2 System ArchitectureInternetNetDoor NodeGateNetDoor Node
4 S2 Hardware Architecture Controllers & Nodes1 ea Controller32 ea Nodes (Solid State)? ea Nodes (Enterprise)NetDoor Node
10 Access Control Blade 4 Inputs 4 Outputs Two card reader connectors Readers using standard Wiegand output up to 128 bits are supported.Four Supervised InputsDoor contacts and REX devices.Standard two wire inputs.Wide variety of input supervision types.Four Relay OutputsStrike output, door opener, buzzer.Standard 3 pin normally open or normally closed.NOTE: Inputs and Outputs not used for door hardware can be used for other functions.4 Inputs4 Outputs2 WiegandReaders
11 Alarm Inputs 8 Standard two wire inputs. A variety of supervised and unsupervised inputs can be configured: PIR, Exit Request, Alarm button. Door Status MonitorInput blade barcode numerals begin with “01.”
12 Temperature Inputs 8 Standard two wire inputs. S2 temperature probe Temperature blade barcode numerals begin with “08.”
13 Output Blade Output devices: Strikes, Mag locks, sounders, etc. Eight 3-pin output relaysStandard normally open or normally closed Form C RelaysSuitable for controlling many strikes, but a step up relay should be used for magnetic locks.Requires appropriate suppression: MOVs or diodesOutput devices: Strikes,Mag locks, sounders, etc.
17 10 Steps to Gain Simple Access Connect a ReaderSet up a ReaderConfigure a Door Lock OutputDefine a Portal with Reader and LockDefine a Card FormatSetup an Access Level for Readers/GroupsAdd a PersonAssign a CardAssign an Access LevelPresent the card to the reader to unlock the Door
18 Decoding Credentials Test and Compare to determine format Decode content
20 Personal Information Optional Tabs User Defined Tab Contact Other ContactUser DefinedVehicles (Parking)User Defined Tab20 fields availableUser Defined Labels for Tab and Fields.Show? Y/NUse fields for sorting and filtering reports
21 Photo ID License required (Badge) Supports Canon PowerShot digital cameras A70, A75, A80, A85, A95, A510, A520, A620, A640, G3, G5, G6, G7, G9, Pro 1, S3 IS, S5 IS, S70, S80 and SX100 IS
22 Support InformationYour Company Contact InformationOn “Dealer Info” PageOn “About” page
23 Support InformationYour Company Contact InformationOn Dealer PageOn “About” page
24 Securing NetBox Data:Assumption: Interactions between the various networked components in our system are not secure.Each of these pathways is secured.
25 Secure by Design Minimal security vulnerabilities: Network Security The NetBox is a “locked down” networked information appliance.S2 controls the software/firmware that is on it.The NetBox has a single purpose.It is not a general purpose computer.Minimal chance for virus attacksNetwork SecurityUser Login, User Roles, Session TokenSSLEncryptionAuthentication & Tamper Detection
26 Backups (Backup is only needed when you haven’t) (Murphy’s IT corollary) Automatic Backup daily.System holds up to 6 weeksSunday is a full backup … all others are differential backups.Seventh week starts overwrite of oldest backup.Backup writes to CFCOptional to NAS and FTP site.Must set up NAS or FTP address and password.Will not overwrite old backups.Use “get” to off-load backup to laptop or off-site.Save, Shutdown or Reboot save to ROM is automatic (v3.0 or higher).
27 Backups to NAS or FTP sites FTP Backup (File Transfer Protocol) web site.Network Storage (NAS=network attached storage).
28 Inputs Two Pin Relays Supervision Types Used to monitor status or receive inputSupervision TypesDual Resistor NO or NCFour States: Normal, Alarm, Short, OpenParallel Resistor NO or NCThree States: Normal, Alarm, Open/ShortSeries Resistor NO or NCUnsupervised NO or NCTwo States: Normal, Alarm
36 Output Relay Connectors Normally Not EnergizedNormally Energized
37 Local to Node Events Output activated by Portal Status Timed or for Length of Status.
38 Time Specs & HolidaysHolidays: normal function does not apply unless specified as part of the controlling Time Spec.Define Beginning Date/Time and Ending Date/Time3 Holiday Groups: Must be in at least one group.Holidays are not part of Access Level unless specified in the Time Spec.
39 Time Specs & Holidays Time Spec is a period of time definition 2 standard time specs (Cannot be changed)AlwaysNeverSpecify Start and End TimesDays of the week and Holidays that apply
40 Time Specs: Where are they used? When Access is allowed :Access Level: Time SpecFloor Groups: Free Access Time SpecPortal Groups: Unlock Time SpecAutomate Change in Status:Alarm Panel: Auto Arm Time SpecInput Groups: Auto Arm Time SpecOutput Groups: Auto Activate Time SpecWhen Additional Restrictions ApplyPortals: Keypad Time Spec, Exit Reader/Keypad Time SpecGroups are used to apply time specsThere are four types of group/time spec usageAccess levels – specifies when access is allowedPortal groups – unlock time spec. Portals don’t have to be in a portal group unless you want to unlock them.Input groups – auto-arm time spec. Inputs must be in an input group to operate (REX and DSM).Output groups – auto-activate time spec. Outputs should hardly ever be put in an output group; only to turn on a light at night or something. The output must not already be used in a portal as a lock.
41 First in Unlock, (Monitored Unlock) Works with Portal Group Unlock Time SpecSet up in System RulesRequires a special Access Level (You should limit who can do this)Set Unlock access level (required to activate unlock time spec)Set Re-Lock access level (automatic relock at end of time spec)Set reset time: resets to locked starting position.Portal Group must haveUnlock Time SpecFirst In Unlock RuleUnlocks Door(s) with badge read during unlock time specRelock at end of unlock time spec or with Relock Access Level badge read.
42 Momentary and Scheduled Actions Access Portals for impromptu unlock/lockMomentary – quick unlock and relockScheduled Portal UnlockUsed to temporarily unlock for one-time activityStart time and date or NowEnd time and date or after X period of timeComment is a good idea – it documents unlock reason
43 Threat LevelsPre-defined to match US Homeland Security Definition and color coding.You can add your own (snow day)You can upload your own Threat IconUse to mass change Access abilityActivated by Event or Manually by pre-authorized person.Quick Lock downMust Assign Threat Level Groups to all Access LevelsMust reset after Threat Level has changedManually (may require password)Input Event with change Threat Level actionMake sure someone has access during Lock Down.
44 Passback and Tailgate Violations Definitions:Passback is when a card is “passed back” to another person so both can gain access on same card.To Tailgate is to gain access without a valid card read and without forced entry.Regions are used to determine either violationAt least two regions required for passback violation.At least three regions required for Tailgate violation.Actions to be taken (defined in Region definition)Soft - Log entry but allow accessHard - Log entry and deny accessIgnore – allow access.
45 Regions Region 2 Uncontrolled Region 3 Region 1 Uncontrolled Reader A: In UncontrolledPortal: Main EntranceReader 1. Reader AAccess to Region 1UncontrolledRegion 3Region 1Uncontrolled
46 Regions Region 2 Uncontrolled Region 3 Region 1 Uncontrolled Reader G: In UncontrolledReader F: In Region 2Portal: Back EntranceReader 1. Reader GAccess to Region 2Reader 2. Reader FAccess to UncontrolledUncontrolledRegion 3Region 1Uncontrolled
47 Regions Region 2 Uncontrolled Region 3 Region 1 Uncontrolled Reader D: In Region 3Reader E: In Region 2Portal: Lab Back DoorReader 1. Reader EAccess to Region 3Reader 2. Reader DAccess to Region 2UncontrolledRegion 3Region 1Uncontrolled
48 Regions Region 2 Uncontrolled Region 3 Region 1 Uncontrolled Reader B: In Region 1Reader C: In Region 3Portal: Lab Front DoorReader 1. _________________Access to ________Reader 2. _________________UncontrolledRegion 3Region 1Uncontrolled
49 Technical and Installation Information * For a password (must register on website):Support Phone: (508)
52 Miscellaneous Information Photo ID URL – Storage location for Person PicturesDefault on Controller /upload/picsOff-board location NASPhoto ID Layout – default layout for badgesEnrollment Reader – for assigning access cards to PeopleDefault Card Format – Can change when issuing cardsHide Unpermitted Access Levels – Only allows certain User Roles to see Access LevelsPIN entry timeout – System wide time allowed for PIN entry after card read.ODBC Report user password – password protection for ODBC connection direct to Network Controller for user defined reports.Log Archive Interval – Time interval between automatic archive creation of Activity Log.Temperature Scale – For Temperature input unit of measure.Unacknowledged Alarm Audio – Wave file to play once per minute during unacknowledged alarm (System Wide Action)
53 Configure Remote Nodes Portable Node Configuration UtilityFinds Nodes on networkDisplays Node Address, Netmask and GatewayAssign Network Controller
54 System UpgradeUpgrade File (need i-button number, - serial number -)Backup SystemUpload patch fileApply Upgrade
55 What you have accomplished so far… Set Controller Network address, Initmode.Enable and connect NodeSetup PortalAccess LevelCard/Keypad FormatAdd Person, assign card and PINCustomize Personal Information TabsSetup Customer ID and Support contact infoBadge and Photo ID APIBackups, NAS, FTPInputs, Outputs, Portal DSM, REX, Alarm OutputsTime Specs, HolidaysFirst-in UnlockScheduled Actions (Momentary Unlock)Threat Levels (Quick Lock-down, Snow-days)Time sensitive Access RequirementsTimed Anti-PassbackSystem Security: SSLSystem Maintenance, Portable Backups / System Restore / System ShutdownConnecting Remote NodesController Default Settings
56 Yet to Come … IP Cameras and Monitoring Desktop Events and Actions Video Recording and PlaybackFloor PlansAlarm PanelsElevator ControlsCustom User RolesImporting Person InformationHistory Reports; standard and customResetting System Defaults
57 IP Camera and NetBox Interface S2oBerdoiwVPTZ SetupserUI
58 IP Camera Configuration The Install Guide has a list of IP cameras that we have tried but any webcam should work. System ships with a growing set of camera types.Camera Types are user configurable – see manufacturer’s documentation for pan, tilt, and zoom (PTZ) URLs etc.Definitions – Browser Address is video feed. Control Address is PTZ control. May need DNS or IP forwarding for access from outside a firewall.Presets – enter on camera web site first.Views – PIP (picture in picture), Quadview.Monitoring Desktop has tabs for Cameras and views.SHOW THIS IN THE DEMO SYSTEM!No “approved device list”, any webcam should work; system ships with a growing set of camera typesCamera Types are user configurable – see manufacturer’s documentation for pan, tilt, zoom URLs etc.Definition – browser address is video feed, control address is pan, tilt, zoom. May need DNS or IP forwarding for access from outside firewall.Presets – to return to “home”; enter on camera web siteViews – PIP (picture in picture), QuadviewMonitoring Desktop tabs for Cameras and views
59 Events Something that requires action Door ForcedDoor HeldInput in abnormal stateDesignated Alarm InputAcknowledgment may be required to fixActions triggered by EventLock a PortalUnlock a PortalMomentarily unlock a PortalActivate a RelayDeactivate a RelaySend anSend an SMS (text) messageMove a Camera to a Preset (IP cameras must be set up before you can use them in an Event)Save the event to an Activity LogRecord VideoSet a Threat Level
60 Putting Events to Work Portal Status: System Wide Actions React to Door StateReact to Card ReadInput Action: Off-normal eventInput activates Action(s)
61 Putting Events to WorkTemperature Events: Temp too High or too Low or Not ReadingNode Status: Node Tamper, Timeout or Disconnect Alarm
62 Putting Events to WorkVideo Action: Record Video or Notify of Failed CameraNormal activates when Camera returns to normalMotion activates RecordingFail activates when camera fails or stops communicating
63 Conceptually, the DVR and NVR are treated the same DVR or NVRS2BrowseUIVidSetup
64 The Five Steps to DVR/NVR Setup 1: Complete the set up of the DVR/NVR.2: Point the S2 NetBox to the DVR/NVR.3: Verify live video from the NetBox interface.4: Set up Video Motion Detection from DVR/NVR.5: Set up Video Recording Actions from the NetBox.
65 1: Complete the set up of the Milestone NVR. Milestone Windows UIS2Milestone ServiceMilestoneS2Milestone Generic Event BuilderVideo Server
66 1: Complete the set up of the Milestone NVR. Install the software:Milestone Systems software components.S2 Milestone ServiceHandles communications between Milestone and the S2 Netbox.Service should start itself.Service creates its own Event Log, “S2 Milestone Log.”Make sure you set “Overwrite events as needed”Service should add itself to the Windows Firewall (requires Windows XP SP2).S2 Milestone Generic Event Builder (copy)Creates correct Start, Stop and PTZ events for each camera.
67 To open the Windows Firewall applet select Settings : Control Panel : Windows Firewall
68 1: Complete the set up of the Dedicated Micros DVR. worBMD
69 1: Complete the set up of the Dedicated Micros DVR. Plenty of documentation and support from Dedicated Micros.Make sure you set up the cameras first, and verify that you can see live video through the DS2 interface.Be aware of browser capabilities.DM is promoting use of Java over ActiveX.JRE or 5.0 required.We are integrating their Java applet into our S2 NetBox interface.
70 2: Point the S2 NetBox to the Milestone Server S2 Browser UIMilestoneVideo ServerSetup
71 2: Point the S2 NetBox to the DM DVR. S2 Browser UISetup
72 3: Verify live video from the NetBox interface. S2 Browser UIVDVR or NVR
73 4: Set up Video Motion Detection from NVR/DVR 2oBerdoiwVsSetup VMDerUIDVR or NVRVMD Events
74 5: Set up Video Recording Actions from NetBox Events, VI, TriggersiVRecording EventsDVR or NVRVMD Events
75 Floorplans Used to Monitor Activity or Status of Portals – temporarily unlockCameras – thumbnailTemperature – Graph of last hour, day, week.Link Detailed Floor Plans to General Floor PlansSetup SequenceUpload jpg filesDefine FloorplanPlace ResourcesSet PlaceResource typeResource selectSave Floorplan
76 Alarm PanelsIdentify 2 Inputs for “zone” and “armed” status from panelOne Output to allow arming or disarming from NetBoxAuto ArmingOutput to sound warning device.Warning durationAuto Arming Time Spec (armed period).When the panel should be armed.Auto Arm Inactivity TimeLength of time for panel to show all zones as inactive.Arm Panel request timeout – time to wait for armed status input.5 seconds longer than panel’s grace period.Disarm reader group – card read for disarm access level to disarm panel.Disable reader group – disabled (deny access) readers when panel is armed.EventsSpecify Event to occur when there is failure to arm.Event to occur when activity detected during armed period.
78 Define Floors 5 & 6 for Elevators 1 and 2 4321Elevator 1Output 1Output 2Reader 1Elevator 2Output 3Output 4Reader 2
79 Define Floors 5 & 6 for Elevators 1 and 2 4321Elevator 1Output 1Output 2Reader E1Elevator 2Output 3Output 4Reader E2FreeRestricted
80 Other uses of Elevator Controls Floor 6 ThermostatFloor 5 ThermostatFront Entrance
81 Personal Information Access Control Photo ID User Defined (optional) BadgeAccess LevelPINPhoto IDUser Defined (optional)User Labels and fieldsDisplay all or someContact (optional)Other Contact (optional)Vehicle (optional)LoginRecent Activity
82 User Roles Predefined Categories Custom User Roles Monitor – Monitor menu onlyAdminister – Monitor plus Administration menusSetup – Setup plus Monitor and Administration menusCustom User RolesSetup and or Administration PrivilegesMonitor limitationsCamera groups: view, go to presets, PTZPortal Groups: view, momentary unlock. extended unlock extended lockElevator Groups: viewEvent Groups: view, acknowledge, clear actionsFloorplan Groups: viewAccess Levels: assign
83 History Reports History Reports Access History - General Event History Portal Access Count by User - Custom Reports
85 System Reset and Evaluation Reset to Factory DefaultsUse for configuring before going to the site.Be sure to wait for single beep.Activate InitmodeLeave Plugged inTear out Evaluation pageFill inLeave with instructor
86 Thank you for your attention! Thanks for takingS2 Training_________________________________________________________