Sie sind auf Seite 1von 128

Enterprise Buildings Integrator

AXSS-II Access Control Configuration


Guide
Document Release Issue Date
EBI-ZZDOC410-10 410 4 June 2009

Notice
This document contains Honeywell proprietary information. Information
contained herein is to be used solely for the purpose submitted, and no part of this
document or its contents shall be reproduced, published, or disclosed to a third
party without the express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate,
Honeywell disclaims the implied warranties of merchantability and fitness for a
purpose and makes no express warranties except as may be stated in its written
agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential
damages. The information and specifications in this document are subject to
change without notice.
Copyright 2009 – Honeywell International Sàrl

Honeywell trademarks
Experion®, PlantScape®, SafeBrowse®, TotalPlant® and TDC 3000® are U.S.
registered trademarks of Honeywell International Inc.
Honeywell Enterprise Buildings Integrator™ is a trademark of Honeywell
International Inc.

Other trademarks
Microsoft and SQL Server are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
Trademarks that appear in this document are used only to the benefit of the
trademark owner, with no intention of trademark infringement.

Support and other contacts


For technical assistance, call your nearest Honeywell office.

2 www.honeywell.com
Contents

1 Getting started with an AXSS-II controller 7


Speeding up your work with checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
AXSS-II models supported by EBI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Related EBI documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2 Setting up an AXSS-II controller 13


AXSS-II setup and configuration checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
AXSS-II controller-to-server connection guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Ways to connect the AXSS-II controller to the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Multi-dropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
AXSS-II data types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Access points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Status points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Connecting and configuring an AXSS-II controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
AXSS-II communications settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3 Defining a channel, controller and points for an AXSS-II controller 21


Defining an AXSS-II channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
AXSS-II channel Main tab properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
AXSS-II channel Port tab properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Defining an AXSS-II controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
AXSS-II controller Main tab properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Defining an AXSS-II address for a point parameter value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Entering an address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Using the Address Builder to enter an address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
AXSS-II Status Point addressing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Using algorithms to enhance point functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Optimizing scanning performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Exception scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Initialization scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Troubleshooting AXSS-II scanning errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Configuring an AXSS-II controller in Station 43


Completing the configuration of an AXSS-II controller in Station . . . . . . . . . . . . . . . . . . . . . . 44
AXSS-II controller System Parameters tab properties . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Configuring AXSS-II report modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Report mode properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3
CONTENTS

Configuring the door definition of an AXSS-II access point . . . . . . . . . . . . . . . . . . . . . . . . . . . 49


AXSS-II access point Door Definition tab properties. . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring an AXSS-II monitor point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5 Configuring access control and security for AXSS-II controllers 55


AXSS-II access control and security configuration checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Setting up a system to use multiple credentials checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring the credential type in Station. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring the server to use multi-credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Specifying the credential type for the reader point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
About multiple credential systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring the cardholder database for AXSS-II controllers . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Defining a new field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring cardholder preferences for AXSS-II controllers. . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Cardholder preferences properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Configuring access levels for AXSS-II controllers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Defining zone names in Quick Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Enabling PGAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Defining a time period for AXSS-II controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Defining an access level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Naming rules for access levels, time periods, and zones . . . . . . . . . . . . . . . . . . . . . . . . 78
Deleting a zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Checking the zone configuration and re-enabling zone enforcement . . . . . . . . . . . . . . 80
Deleting a time period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Modifying an access level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Deleting an access level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
About access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
About zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
About anti-passback and Perimeter Global Anti-Passback (PGAP) . . . . . . . . . . . . . . . 87
Defining a cardholder template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configuring time and attendance tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Time and attendance batch file (timatd.bat) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Configuring the organizational model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Defining a cardholder management profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Downloading access information for AXSS-II controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Downloading cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Downloading modified access information to selected controllers . . . . . . . . . . . . . . . . 97
Downloading all access information to selected controllers . . . . . . . . . . . . . . . . . . . . . 98

6 Configuring Integrated PhotoID for AXSS-II controllers 99


Integrated PhotoID configuration checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Setting up the environment for taking portraits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Configuring the image capture settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

4 www.honeywell.com
CONTENTS

Image capture settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105


Where EBI stores Integrated PhotoID data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Integrated PhotoID image file naming conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Creating card layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Guidelines for creating card layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Cardholder database tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Setting up a card printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
About the Integrated PhotoID components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Cards and card printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Cameras and lighting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Image capture devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuring the cardholder comparison display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Preventing a door from automatically unlocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Cardholder comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

5
CONTENTS

6 www.honeywell.com
Getting started with an AXSS-II
controller 1
This guide describes how to:
• Set up and configure AXSS-II controllers.
• Configure access control and security.
• Configure optional access control features, such as Integrated PhotoID.

7
1 – GETTING STARTED WITH AN AXSS-II CONTROLLER

Speeding up your work with checklists


This guide uses checklists to help you work more efficiently. Each checklist
summarizes the major tasks you need to perform, and the order in which you
should, or must, perform them.

Tips
• Make a photocopy of each checklist before you start.
• Check that you have satisfied the Prerequisites before you start any task.
• Complete the tasks in order shown, unless specified otherwise.
• When you complete each task, return to the checklist and insert a tick in the
Done column.

Figure 1 A typical checklist

8 www.honeywell.com
SPEEDING UP YOUR WORK WITH CHECKLISTS

The major checklists in this guide


“AXSS-II setup and configuration checklist” on page 14
“AXSS-II access control and security configuration checklist” on page 56
“Integrated PhotoID configuration checklist” on page 100

9
1 – GETTING STARTED WITH AN AXSS-II CONTROLLER

AXSS-II models supported by EBI


For details about the supported AXSS-II models and firmware, see the Honeywell
Compatibility Matrix.

10 www.honeywell.com
RELATED EBI DOCUMENTS

Related EBI documents


• Configuration and Administration Guide. Describes how to configure aspects
of your system that are not directly related to access control and security, such
as Stations and reports. It also covers administrative tasks, such as archiving.
• Overview. Provides an introduction to the capabilities of EBI.
• Installation Guide. Describes how install EBI and associated software, and
how to set up associated server and client computers.
• Operators Guide. Describes how to use EBI.
Note that you can access the complete EBI documentation set from the Windows
Start menu by choosing Enterprise Buildings Integrator > EBI
Documentation.
The following manuals supplied with the AXSS-II controller are relevant to the
this controller and should be studied before using or installing the server AXSS-II
Interface:
• Installation Guide for AXSS-II
• User Guide for AXSS-II
• Product datasheet for AXSS-II

11
1 – GETTING STARTED WITH AN AXSS-II CONTROLLER

12 www.honeywell.com
Setting up an AXSS-II controller
2
This section describes how to set up and configure an AXSS-II controller so that
it can communicate with the server.

Attention Use the “AXSS-II setup and configuration checklist” on page 14 to guide
you through the tasks, and to avoid configuration problems.

13
2 – SETTING UP AN AXSS-II CONTROLLER

AXSS-II setup and configuration checklist


This checklist describes how to set up and configure an AXSS-II controller.

Tasks
Complete the tasks in the following order.

Task Go to: Done?


Connect the controller to the server. page 15
Configure the controller’s communications settings. page 20
Define an AXSS-II channel. page 22
Define an AXSS-II controller. page 27
Download the channel and controller definitions to the
server.
Check that the server is communicating with the
controller.
Define points that reference source/destination addresses page 30
in the controller.
If you want users with a privileged card to be able to seal/ page 37
unseal an area, use the Remote Seal/Unseal algorithm.
Download the point definitions to the server.
Complete the configuration of the controller in Station. page 44
Configure AXSS-II report modes. page 46
Configure AXSS-II doors. page 49
Configure an AXSS-II monitor point. page 53

14 www.honeywell.com
AXSS-II CONTROLLER-TO-SERVER CONNECTION GUIDELINES

AXSS-II controller-to-server connection guidelines


This section provides guidelines for the various ways in which you can connect
AXSS-II controllers to the server.
The tasks for setting up a AXSS-II controller are:

For: Go to:
Connecting to the server page 16
Communication settings page 20

15
2 – SETTING UP AN AXSS-II CONTROLLER

Ways to connect the AXSS-II controller to the server


Communication options for communicating with the Honeywell server are:
• RS-232 for connecting a single controller
• RS-485 for connecting up to 8 main controllers to the Honeywell server in a
multi-drop configuration
• 10/100 Mbps Ethernet LAN

Multi-dropping
Up to 8 AXSS-II main controllers can be multi-dropped on one RS-485 bus. The
RS-485 connection port is provided on each main controller. To connect to the
Honeywell server computer COM port, an RS232-RS485 converter is required.
Multi-dropping requires each AXSS-II controller on the same channel to have a
unique controller ID. The ID for AXSS-II controller is set from the DIP switches
on the main controller board.
The server performs serial communications using either on-board serial ports
(COM1, COM2, and so on) or by using a serial interface board such as DigiBoard
or RocketPort.
Every AXSS-II controller in the system is assigned an ID, a value between 1 and
8, which is used to address the AXSS-II. The ID of each AXSS-II on a single
channel must be unique.

16 www.honeywell.com
AXSS-II DATA TYPES

AXSS-II data types


The AXSS-II stores change of state and event data in a history journal. This is a
buffered record of all recent events occurring on that device. Each AXSS-II also
has data tables containing current status information.
The server acquires data from the AXSS-II by reading event and status data,
which is then stored in server as point values. There are two types of AXSS-II
data read by server:
• Access Data
- Cardholder
- Access reader
• Status Data
Both types of data can be read from the AXSS-II history journal. Status data can
also be periodically read from AXSS-II status tables.
The various types of AXSS-II data are stored by server in different formats, or
point types.

Access points
Access information about AXSS-II access readers is stored in an server access
point. Each point corresponds to a single AXSS-II access reader.

Status points
Status points are used to store inputs with discrete values such as ON, OFF,
OPEN, and FORCED.
The following table show status point address types.

Address Type Function


ALARM AXSS-II buzzer Latched Alarm state
BLDG Building mode
LOCK Lock status
RIOCOM RIO Communications Status
RIOTMP RIO Tamper
MNTR Monitor Point status
OPEN Door status (forced, ajar, normal)
POWER AC power status

17
2 – SETTING UP AN AXSS-II CONTROLLER

Address Type Function


RELAY Relay activation status
TAMPER Panel tamper status

18 www.honeywell.com
CONNECTING AND CONFIGURING AN AXSS-II CONTROLLER

Connecting and configuring an AXSS-II controller


The first stage in configuring the server AXSS-II interface is to establish
communications to the AXSS-II controller.
The basic architectural configuration of an AXSS-II is done through a Serial
Configuration Utility. Each main controller has this configuration utility which
provides an RS-232-based user interface.
You can use any simple computer-based terminal emulator application, such as
HyperTerminal (supplied with Microsoft Windows), to connect to the main
controller and to use the configuration utility.

To configure a controller:
1 Connect the cables.
2 Set the address on the main controller board using the DIP switches.
3 Use Quick Builder to define channels, controllers, and points and download
definitions to the Honeywell server.
4 Follow the AXSS-II Installation Manual and the AXSS-II User Guide.
5 Use an emulator application to connect to the main controller and use the
Serial Configuration Utility to configure the AXSS-II.

19
2 – SETTING UP AN AXSS-II CONTROLLER

AXSS-II communications settings


Communication options for communicating with the Honeywell server are:
• RS-232 for connecting a single controller
• RS-485 for connecting up to 8 main controllers to the Honeywell server in a
multi-drop configuration
• 10/100 Mbps Ethernet LAN
AXSS-II communication settings are:

Setting Value
Baud rate 9600bps
Data bits 8
Parity None
Flow control None

20 www.honeywell.com
Defining a channel, controller
and points for an AXSS-II
controller
3
This section describes how to configure AXSS-II channels, controllers and to
build points using Quick Builder.

For: Go to:
Defining an AXSS-II channel page 22
Defining an AXSS-II controller page 27
Defining an address for a point parameter value page 30
Optimizing scanning performance page 38
Troubleshooting AXSS-II scanning errors page 41

21
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Defining an AXSS-II channel


You need to define a channel for the connection the server uses to communicate
with AXSS-II controllers.

To define a channel using Quick Builder


1 Click to open the Add Items dialog box.
2 Select Channel from Add Items.
3 Select AXSS-II from Type.
4 Specify the properties on each tab.

Related topics
“AXSS-II channel Main tab properties” on page 23
“AXSS-II channel Port tab properties” on page 25

22 www.honeywell.com
DEFINING AN AXSS-II CHANNEL

AXSS-II channel Main tab properties


The Main tab defines the basic properties for an AXSS-II channel.

Property Description
Name The unique name of the channel. A maximum of 10
alphanumeric characters (no spaces or double quotes).
Description A description of the channel. 30 characters maximum,
including spaces.
Marginal Alarm Limit The communications alarm marginal limit at which the
channel is declared to be marginal. When this limit is
reached, a high priority alarm is generated. A channel
barometer monitors the total number of requests and the
number of times the controller did not respond or
response was incorrect. The barometer increments by 2
or more, depending on the error and decrements for each
good call.
To calculate an acceptable limit, multiply the square root
of the number of controllers on the channel by the
Marginal Alarm Limit defined for those controllers.
(Normally, you specify the same value for all controllers
on a channel). For example, if there are 9 controllers on
the channel and their Marginal Alarm Limit is set to
25, the value would be [ 3 is square root ] x 25= 75.
Fail Alarm Limit The communications alarm fail limit at which the
channel is declared to have failed. When this barometer
limit is reached, an urgent alarm is generated.
Set this to double the value specified for the channel
Marginal Alarm Limit.
Response Time Enter the maximum amount of time, in seconds, that the
server will wait, after issuing a control, for a response
from the controller if you do not want the default, 10. If
there is no response within the specified time, the server
raises an alarm. For example, an OP Fail alarm would be
raised on a point when an OP is being controlled and
there is no response within the specified time.
For Dialup channels the suggested value for Response
Time is 60 seconds.
Exception Scan Rate If exception scanning has been configured, enter the
amount of time, in seconds, the server will automatically
scan the device if you do not want the default, 2.

23
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Property Description
Diagnostic Scan Rate Enter the amount of time, in seconds, the server will
automatically initiate a scan of the controller to verify
communications integrity with the controller if you do
not want the default, 60.
One hardware diagnostic scan is automatically created
per scan packet.
Connect Timeout The time (in seconds) the server waits to connect to the
controller before abandoning the connection. The
default value is 10 seconds.
Use the default value unless the communications line
has a high error rate or unless you are using modems.
Read Timeout The time (in seconds) that the server waits for a reply
from the controller. The default value is 2 seconds.
Use the default value unless the communications line
has a high error rate or unless you are using modems.
Item Type Shows the type channel type.
Last Modified Shows the date of the most recent modification to this
channel’s property details.
Last Downloaded This shows the date that the item was last downloaded to
the server.
Item Number The unique item number currently assigned to this item.
You can change the item number if you need to match
your current server database configuration. The number
must be between 1 and the maximum number of
channels allowed for your system.

24 www.honeywell.com
DEFINING AN AXSS-II CHANNEL

AXSS-II channel Port tab properties


The Port tab defines the communication-related properties for a channel. The
Port Type for AXSS-II can be:
• Serial. A serial communications interface, such as RS-232. See “Serial Port
properties” on page 25.
• TerminalServer. A communications link that enables controllers with a serial
interface to be connected to a LAN. See “TerminalServer Port properties” on
page 25.
• LANVendor. Select this if the controller is directly connected to the LAN
connection. See “LANVendor Port properties” on page 26.

Serial Port properties


The Serial Port settings must match the settings on your communication devices.

Property Description
Serial Port Name The device name of the serial port.
Baud Rate The number of data bits per second. Always set to 9600
for AXSS-II.
Number of Data Bits The number of data bits used for transmission. Always
set to 8 for AXSS-II.
Stop Bits The number of stop bits used for transmission. Always
set to 1 for AXSS-II.
Parity The parity verification used on the port. Always set to
NONE for AXSS-II.
Checksum The type of checksum error detection used for the port.
Always set to None for AXSS-II.

TerminalServer Port properties

Property Description
Terminal Server TCP Host The name and port number of terminal server to which
Name the channel is connected.
Terminal Server TCP Port No You can specify either a TCP host name or an IP
address, but it must match the TCP host name used when
you installed and internally configured the terminal
server.

25
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Property Description
Idle Timeout The time, in seconds, the channel waits for a successful
connection to the server before closing the connection.
A value of 0 indicates that the connection is never
closed.
Checksum Always set to None for AXSS-II.

LANVendor Port properties

Property Description
Port Name The name of the TCP port used as defined in the \
%windir%\system32\drivers\etc\services file.
This is a text file and can be edited to add new Port
Names to match the controllers programmed port
number.
Note: All controllers on the same channel must be
configured to use the same port number.

26 www.honeywell.com
DEFINING AN AXSS-II CONTROLLER

Defining an AXSS-II controller


You need to define a controller to describe each AXSS-II on a channel.

To define a controller using Quick Builder


1 Click to open the Add Items dialog box.
2 Select Controller from Add Items.
3 Select AXSS-II Controller from Type.
4 Specify the properties on each tab.

Related topics
“AXSS-II controller Main tab properties” on page 28

27
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

AXSS-II controller Main tab properties


The Main tab defines the basic properties for a AXSS-II controller.

Property Description
Name The unique name of the controller. A maximum of 10
alphanumeric characters (no spaces or double quotes).
For LAN connected controllers, the name must not
contain underscore ( _ ) characters. This name is used to
look up the IP address in the TCP/IP database if you do
not specify an IP Address property.
Description A description for this controller. A maximum of 30
characters, including spaces.
Channel Name The name of the channel on which the controller
communicates. You need to have already defined the
channel in order for its name to appear in the list.
Marginal Alarm Limit The communications alarm marginal limit at which the
controller is declared to be marginal. When this value is
reached, a high priority alarm is generated. This limit
applies to the controller barometer which monitors the
total number of requests to the controller and the number
of times the controller did not respond or response was
incorrect. The barometer increments by 2 or more,
depending on the error and decrements for each good
call. The default value is 25.
Fail Alarm Limit The communications alarm fail limit at which the
controller is declared to have failed. When this value is
reached, an urgent alarm is generated.
Set this to double the value specified for the controller
Marginal Alarm Limit.
Controller ID Enter the device ID as configured by DIP switches on
the AXSS-II main controller. To communicate with the
AXSS-II, the server needs this ID. The controller
address on the channel must match the AXSS-II ID set
the main controller.
Item Type Shows the controller’s type.
Last Modified Shows the date of the most recent modification to this
channel’s property details.
Last Downloaded This shows the date that the item was last downloaded to
the server.

28 www.honeywell.com
DEFINING AN AXSS-II CONTROLLER

Property Description
Item Number The unique item number currently assigned to this
item.You can change the item number if you need to
match your current server database configuration. The
number must be between 1 and the maximum number of
channels allowed for your system.

29
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Defining an AXSS-II address for a point parameter value

Entering an address
For source and destination addresses the format for an AXSS-II controller address
is:
ControllerName Address

Part Description
ControllerName The name of the AXSS-II controller.
Address The address in the controller where the value is
recorded.

If you would like help when defining an address, click next to Address to
display the Address Builder.

Using the Address Builder to enter an address


To specify an AXSS-II controller address, enter the following property values:

Property Description
Address Type Select Controller.
Controller Select the appropriate AXSS-II controller. You need to have defined the
controller for the name to appear in this list.
Address The address in the controller where the value is recorded. See “Address
syntax” on page 30.

Address syntax
The format for the address is:
AddressCode AddressNumber

Part Description
AddressCode The code used for the address parameter. See “AXSS-II
Status Point addressing” on page 32.
AddressNumber The number configured for the address parameter.

30 www.honeywell.com
DEFINING AN AXSS-II ADDRESS FOR A POINT PARAMETER VALUE

The specific address format will depend on the type of point, and the type of
address.

Example Point PV Addressing


Status point
CNTAX1 LOCK 1

Access point
CNTAX2 ACCESS 1

31
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

AXSS-II Status Point addressing


Each type of status point requires a unique method of addressing. This section
describes the addressing methods, and relevant status values, of each type of
database point.

Access Point addressing (ACCESS)


All configuration relating to a door requires an access point.
Access points describe the access attempts on a door. One access point must be
defined for each sensor-controlled door. These points are defined as server
composite access points. Access points do not require states to be defined.
Format for the PV source address:
ControllerName ACCESS PointNumber
where PointNumber = 1 to 8, that specifies the particular AXSS-II door access
point.

Annunciator Alarm Contact (ALARM)


Each AXSS-II controller has a built-in Door Open Too Long buzzer that provides
a latched alarm contact. If this address is used, the server alarm acknowledge
function will automatically silence/cancel the alarm when used.
The format for the PV source and OP destination addresses:
ControllerName ALARM

The states of annunciator points are described as follows:

State Descriptor Meaning


0 OK OK
1 ALARM Alarm

Building Mode Status (BLDG)


This address describes the building state of the AXSS-II.
Format for the PV source and OP destination address:
ControllerName BLDG
AXSS-II access functionality depends on the building state of the controller. For
further details, see the relevant AXSS-II User Manual.

32 www.honeywell.com
DEFINING AN AXSS-II ADDRESS FOR A POINT PARAMETER VALUE

State Descriptor Meaning


0 OPEN Building is in normal open mode
1 LIMITD Building is in limited access mode
2 CLOSED Building is in secure, closed mode
3 EXPCLS Building is expecting to be closed

Door Status (OPEN)


This address describes the status of a door, if the door is configured with a door
sense switch. For more details see the relevant AXSS-II User Manual.
Format for the PV source address:
ControllerName OPEN x
where x specifies the particular AXSS-II door.
The states of door status points are described as follows:

State Descriptor Meaning


0 CLOSED Door closed
1 TOLONG Door open too long
2 FORCED Door forced open
4 OPNCCT 4-state monitoring open circuit
5 SHTCCT 4-state monitoring short circuit

Lock Point Status (LOCK)


The lock point address represents the state of the electric lock strike associated
with the door, and can be controlled to manually lock or unlock the door.
Format for the PV source and OP destination addresses:
ControllerName LOCK x
where x specifies the particular AXSS-II door.
The states of lock points are described as follows:

State Descriptor Meaning


0 LOCKED Lock closed
1 UNLOCK Lock open

33
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

RIO Communications Status (RIOCOM)


This address describes the communications state of the RIO connected to the
AXSS-II controller.
Format for the PV source address:
ControllerName RIOCOM x
where x = 1, 2, or 3 and specifies the particular RIO.
The states of RIO status points are described as follows:

State Descriptor Meaning


0 OK RIO comms OK
1 FAILED RIO comms failed

RIO Tamper Status (RIOTMP)


This address describes the tamper state of the RIO connected to the AXSS-II
controller.
Format for the PV source address:
ControllerName RIOTMP x
where x = 1, 2, or 3 and specifies the particular RIO.
The states of RIO status points are described as follows:

State Descriptor Meaning


0 OK RIO tamper OK
1 FAILED RIO tamper failed

Monitor Point Status (MNTR)


This address describes the status of a monitor contact.
The format for the PV source and OP destination address is:
ControllerName MNTR x
where x = input number on the device (1 to 32)
When configuring monitor points, consider the following:
• Monitor points that are configured as Request to exit (REX) or door sense
inputs on the access point detail page do not need to be built. They are
monitored through DOOR STATUS point.
• A report mode may be defined during point building using the RPTMODE
entry, but is usually configured in Station. For information about how to
define report modes, see the Configuration Guide for your server.

34 www.honeywell.com
DEFINING AN AXSS-II ADDRESS FOR A POINT PARAMETER VALUE

• Inputs 1 to 8 on the main controller board are mapped to monitor point


locations 1-8. RIO inputs 1 to 8 for each of the 3 RIO units are mapped to
monitor point locations by the relationship (RIO# * 8) + Input#. For
example, RIO 1 input 1 is MNTR 9, RIO 2 input 3 is MNTR 19.
The states of monitor points are described as follows:

State Descriptor Meaning


0 CLEAR Closed state
1 ACTIVE Open state
2 OPNCCT 4-state monitoring open circuit
3 SHTCCT 4-state monitoring short circuit

Panel Tamper Status (TAMPER)


This address describes the state of the AXSS-II main controller’s tamper circuit.
Format for the PV source address:
ControllerName TAMPER
The states of tamper points are described as follows:

State Descriptor Meaning


0 OK Okay
1 TAMPER Tamper circuit broken

Power Status (POWER)


This address describes the state of the AXSS-II controller’s AC power source.
Format for the PV source address:
ControllerName POWER

The states of the power source point are described as follows:

State Descriptor Meaning


0 OK Okay
1 FAILED Power Failed

35
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Relay Activation (RELAY)


This address provides relay control and limited relay status reporting for the
Relay contacts on the AXSS-II controller.
This point only updates by exception and will not indicate a state until controlled.
Format for the PV source and OP destination address:
ControllerName RELAY x
where x specifies the particular AXSS-II relay number (1 - 10)
Do not build a PVPeriod or an OPSource for this type of point.
The states of relay status points are described as follows:

State Descriptor Meaning


0 OFF Relay cleared
1 ON Relay activated

36 www.honeywell.com
DEFINING AN AXSS-II ADDRESS FOR A POINT PARAMETER VALUE

Using algorithms to enhance point functionality

Remote Seal/Unseal (Act Algo 73)


Use this algorithm to request a seal/unseal on a specified area whenever the
building mode is changed by a privileged card.
The Seal/Unseal task accesses or secures SMP alarm points in a defined area. For
general information about configuring areas, see the Configuration Guide for
your server.
This algorithm must be attached to a status point with an address of BLDG. This
algorithm requires an additional status point that is used for verification.

37
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Optimizing scanning performance


The maximum amount of data that can be acquired from a controller is influenced
by the rate of sending scan packets to the controller. An understanding of AXSS-
II scan packets will help you configure points so that optimal data acquisition
performance can be achieved by maximizing the amount of data acquired with
each scan packet.
The scan packets that have been built can be listed by using the list scan utility,
lisscn. Listing scan packets helps verify the scanning strategy. See the
Configuration Guide for your server for details about lisscn.

38 www.honeywell.com
OPTIMIZING SCANNING PERFORMANCE

Exception scanning
Data from the AXSS-II history journal is read at regular intervals and this does
not require point parameter scan periods as it is a server system-wide scanning
feature.
The server acquires status values from the AXSS-II using exception reporting.
Every exception scan rate period, the server sends a poll to each AXSS-II. The
AXSS-II will reply with all unreported status changes or attempted access events
in its history database. The server will use this information to update any related
points in its own database.
The exception poll is automatically scheduled by the server for every AXSS-II
controller.
Periodic scanning is not used for AXSS-II scanning as all changes of state are
read using exception scanning. No scan period should be assigned to points.

39
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

Initialization scanning
In addition to periodic and exception scanning, all configured points in the
server’s database are scanned by polling the AXSS-II controller upon
initialization. Initialization occurs at the following times:
• Server startup
• Start of day
• Controller/Channel in-service
• Recovery after communication failure
During initialization the following is performed:
• Download server time and date to AXSS-II

40 www.honeywell.com
TROUBLESHOOTING AXSS-II SCANNING ERRORS

Troubleshooting AXSS-II scanning errors


If the Point Detail display for a point shows a bad value (indicated by inverse
video), the point might be built with an address that is syntactically valid but not
configured in the controller or the controller scanning has failed.

41
3 – DEFINING A CHANNEL, CONTROLLER AND POINTS FOR AN AXSS-II CONTROLLER

42 www.honeywell.com
Configuring an AXSS-II
controller in Station 4
This section describes configuration tasks for an AXSS-II controller that you
perform in Station.

Attention Use the “AXSS-II setup and configuration checklist” on page 14 to guide
you through the tasks, and to avoid configuration problems.

43
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

Completing the configuration of an AXSS-II controller in


Station
The specific steps you need to perform to complete the configuration of an
AXSS-II controller depend on several factors, including:
• Its type (AXSS-II)
• What it is controlling (such as a simple door, or a door with keypad)
The following procedure summarizes the basic configuration steps.

To complete the configuration of a controller


1 Choose Configure > Access Control > AXSS-II/SE Parameters to call up
the AXSS-II Parameters display.
2 Click Next/Previous until you have selected the controller you want to
configure.
3 Configure the properties on each tab as appropriate.
4 When you have finished configuration, click Save to download your changes
to the controller.

Related topics
“AXSS-II controller System Parameters tab properties” on page 45

44 www.honeywell.com
COMPLETING THE CONFIGURATION OF AN AXSS-II CONTROLLER IN STATION

AXSS-II controller System Parameters tab properties


AXSS-II system properties can only be modified by a user with ENGR or MNGR
security level.

Property Description
Controller Definition
Name An intuitive name given to the controller.
Description Up to 32-character description of the controller.
Location Click the ellipsis button to select a location from the
Location Browser.
---------------------
PIN grace period The PIN grace period, in seconds. See the AXSS-II
User’s Manual for more information.
Enable Duress Enables duress entries on pinpad readers.
---------------------
Passback Auto Forgive Time The time intervals when passback violations are
Periods forgiven.
Building Closed Time Periods The time intervals when the controller is expected to be
in building closed mode.
Report Mode Assignments
Report modes are defined to report the following events.
Tamper report mode The report mode for tamper circuit detection.
Power Fail report mode The report mode for power fail detection.
Duress report mode The report mode for a duress situation detection.
---------------------
Facility code A common number associated with all access cards as
set by the card manufacturer. Only cards with the facility
code matching this setting can gain access at readers
connected to this controller.
Copy Details From Copy details from another downloaded controller by
selecting the controller name from the drop down list
and clicking Copy.

45
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

Configuring AXSS-II report modes


Report modes determine what actions are taken when specific events occur
during specified time periods.
For example, you may want to send a “building open” message to the server if the
building is opened during a particular time period.

Notes
• If you modify the default report mode 1 (SE-RPT1), be careful because it is
the default report for door and monitor alarms.
• If you select an action for all three building modes, selecting time periods
serves no purpose because the AXSS-II ACU is always is in one of the three
modes.

To configure a report mode


1 Choose Configure > Access Control > AXSS-II/SE Report Modes to call
up the Report Mode Summary display.
2 If you want to:
• Edit an existing report mode, click it.
• Create a new report mode, click a blank row.
This calls up the Report Mode display.
3 If you are creating a new report mode:
a. If you want to base the new report mode on an existing one, select it from
the Report mode to copy list and then click Copy.
b. Give the new report mode a name and description, and specify the location
to which it belongs.
4 Specify which action(s) you want a controller to perform when each event
occurs.
For example, if you select the Building open/Send to Host check box, a
“building open” message is sent to the server if the building is opened during
one of the associated time periods.

Action Description
Send to Host Reports the event to the server.
Close Latch This feature is not currently supported by AXSS-II.
Close Output Contact Energizes the output contact specified in the Output
contact property.

46 www.honeywell.com
CONFIGURING AXSS-II REPORT MODES

5 Configure the other properties, as appropriate.


6 When you have finished making changes, click Save to download the report
mode to the controllers that use the report.

Related topics
“Report mode properties” on page 48

47
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

Report mode properties

Property Description
Report Mode Definition
Name The report mode’s name, which can consist of up to 16
characters. It can be used for calling up the Report
Mode display, as well as for associating the report mode
with other access objects like AXSS-II door
configuration, AXSS-II monitor point configuration, or
AXSS-II system level configuration.
Description The description, which can consist of up to 32
characters.
Location Click the ellipsis button to select a location from the
Location Browser.
---------------------
Building open Building Limited mode is not supported by AXSS-II.
Building limited Building Limited selection is ignored by AXSS-II
Building closed controllers unless you want the report to be valid at all
times and have enabled the other two selections,
Building Open and Building Closed. For this case, you
should also enable the report during Building Limited
mode.
Time periods #1-3 Select the time periods from the drop down lists that
correspond with the action.
---------------------
Output contact The relay output contact to be energized when the report
mode action takes place.
Relay number and module:
• 1 to 4 - Main Controller
• 5 & 6 - RIO with ID 1
• 7 & 8 - RIO with ID 2
• 9 & 10 - RIO with ID 3.
Print * with log This feature is not supported by AXSS-II and this
configuration is ignored by AXSS-II controller.
Prevent building closure This feature is not supported by AXSS-II and this
configuration is ignored by AXSS-II controller.
Report mode to copy Copy details from another report mode by selecting the
report mode name from the drop down list and clicking
Copy.

48 www.honeywell.com
CONFIGURING THE DOOR DEFINITION OF AN AXSS-II ACCESS POINT

Configuring the door definition of an AXSS-II access


point
The specific steps you need to perform to configure a door depend on the type of
door (such as a simple door, an elevator or a door with keypad) and the type of
controller.
The following procedure summarizes the basic steps.

To configure the door-related properties


1 Call up the Point Detail display for the access point. (For example, double-
click the point’s name on the Doors tab on the controller’s display.)
2 Click each tab and configure the point’s properties, as appropriate.
3 When you have finished configuration, click Save to download your
changes to the controller.

Related topics
“AXSS-II access point Door Definition tab properties” on page 50

49
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

AXSS-II access point Door Definition tab properties

Property Description
Anti-passback The type of anti-passback action required for the door,
either None, Entry or Exit.
On a valid access, this entry checks the card in/out
status, and if valid for the attempted access, updates the
status of the card.
If you have not configured entry/exit doors, set this to
None.
Passback type The type of anti-passback checking to be performed:
• Hard. Access is denied if passback violation is
detected.
• Soft. Allows access anyway, but passback violation
is reported in either case.
VIP enable Enable the VIP pinpad.
Read key while door open AXSS-II ignores this configuration and reads keys every
time, even when the door is open.
Reverse action lock Puts the lock in reverse action mode. This option is
generally used if magnetic locks are used. Enable this if
you are using a fail safe door.
Notes:
• Fail safe doors are connected between NO and COM
points of the relay outputs.
• Fail safe doors open in case of controller failure.
• If the door is on a RIO and there is a communication
failure between RIO and the Main Controller, the
RIO grants an access on a failsafe door by simply
checking the facility code of the card.
• Fail secure doors mapped on the RIO remain closed
in case of communication failure.
• Fail safe doors are opened in case a fire input
connected and configured for AXSS-II Main
controller becomes active.
• Fail secure doors remain locked even in case of fire.

50 www.honeywell.com
CONFIGURING THE DOOR DEFINITION OF AN AXSS-II ACCESS POINT

Property Description
REX unlock Enables unlocking using a request to the Exit switch.
Many facilities require only entry through a door to be
checked by a card reader, whereas for exit through the
door, a simple Push button switch known as ‘Request to
Exit’ switch is used.
To enable an exit on REX switch active event, select this
option.
Door unlock time The length of time after which a door is re-locked after a
valid access/exit.
Door open time The maximum time the door can remain open after a
valid access/exit. If the door does not close after this
time, an “OPEN TOO LONG” alarm is generated.
Door switch The monitor number where the door sense switch is
connected. The monitor numbers are as follows.
Monitor Input number and location:
• 01 to 08 - Main Board
• 09 to 16 - RIO with ID 1
• 17 to 24 - RIO with ID 2
• 25 to 32 - RIO with ID 3.
REX switch The monitor number where the REX switch for the door
is connected. Monitor numbers are determined as for the
door switch.
Report Modes
The report mode defines what action is taken when a door-related event occurs.
Door Forced When forced door is detected by ACU.
Open Too Long When a door held open too long is detected by ACU.
Access Granted When valid access is granted through the door.
Access Denied When an attempted access through the door is denied by
ACU.
Exit Granted When a valid “REX” (that is, a request to exit) is granted
by ACU.
Exit Denied When an attempted “REX” request is denied by ACU.
Key Trace When a card with trace enabled is presented on the door
“sensor”.
Time Periods
Auto unlock A list of up to four AXSS-II time periods defining the
time intervals when the door is automatically opened.

51
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

Property Description
Valid REX A list of up to four AXSS-II time periods defining the
time intervals when Exit (REX) requests is accepted for
that door by the ACU.
VIP Enable Enable time periods for the VIP pinpad to be active.
VIP Enable check boxes
Building open Enable VIP pinpad when the building is in open mode.
Building limited Enable VIP pinpad when the building is in limited mode.
Building closed Enable VIP pinpad when the building is in closed mode.
Relay Configuration
Door relay The relay number to which the lock of this door is
connected. The relay numbering will be as follows.
Relay number and location:
• 01 to 04 - Main Board
• 05 & 06 - RIO with ID 1
• 07 & 08 - RIO with ID 2
• 09 & 10 - RIO with ID 3.

52 www.honeywell.com
CONFIGURING AN AXSS-II MONITOR POINT

Configuring an AXSS-II monitor point


You can configure an AXSS-II monitor point to initiate a report mode when the
point is activated.
You configure a monitor point through its Point Detail display. Call up the Point
Detail display for the point and then click the More link at the bottom right of the
display.

Property Description
Monitor Point Report Mode The report mode that is initiated when the monitor
becomes active. By default, the server sets this property
to the default report mode 1.
You must have MNGR security level to change the
monitor point report mode.
Download Use this button to download the monitor point
configuration to the relevant AXSS-II controller.
Note: If the specified report mode inhibits the “Send to
Host” action, then changes to the monitor point state are
not reported by exception to the server. Default period
background scanning does, however, continue to take
place.

53
4 – CONFIGURING AN AXSS-II CONTROLLER IN STATION

54 www.honeywell.com
Configuring access control and
security for AXSS-II controllers 5
This section describes how to configure access control and security for AXSS-II
controllers.

Attention Use the “AXSS-II access control and security configuration checklist” on
page 56 to guide you through the tasks, and to avoid configuration
problems.

55
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

AXSS-II access control and security configuration


checklist
This checklist describes how to configure access control and security for AXSS-II
controllers.

Prerequisites
• You have performed the basic configuration tasks for your system, for
example, you have defined the Facility and Organization Models, and, if
applicable, configured DSA and redundancy.

Tasks
Complete the tasks in the following order.

Task Go to: Done?


If applicable, configure your system to use multiple page 57
credentials.
Configure the cardholder database. page 63
Configure the cardholder preferences. page 68
Configure access levels. page 72
Define cardholder templates. page 88
Configure time and attendance reporting. page 89
Configure the organizational model. page 92
Define cardholder management profiles. page 93
Configure access control and security reports.
See “Configuring reports” in the Configuration and
Administration Guide.
Download your access control and security configuration page 94
to the controllers.
Configure Reception Management.
See “Configuring Reception Management” in the
Reception Management Module Guide.
If applicable, configure Integrated PhotoID. page 99

56 www.honeywell.com
SETTING UP A SYSTEM TO USE MULTIPLE CREDENTIALS CHECKLIST

Setting up a system to use multiple credentials checklist


If your site uses different types of cards and readers, for example, if you have
HID cards and readers as well as magstripe cards and readers, you need to
configure your site as a multi-credential site.
This checklist assumes that you have installed and configured the physical
controllers and readers.

Task Go to Done
Configure the credential type in Station. page 58
In Quick Builder configure the server to use multi- page 60
credentials.
Add reader points and specify the credential type the page 61
reader is to read
Add cards and specify the credential type for the card
as described in the Operator’s Guide.

Related topics
“About multiple credential systems” on page 62

57
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring the credential type in Station


To configure the credential type in Station if you do not have Temaline
1 In Station choose Configure > Access Control > Credential Type.
The Credential Types display appears.
2 In the Credential list, click the default credential.
3 In the Description box, type a meaningful description for your most common
credential type, for example, Proximity.
This description appears in the Credential Type list when you add a card.
4 Click Add New Credential Type.
5 In the Description box, type a meaningful description for your second
credential type, for example, MagStripe.
6 Repeat steps 4 and 5 until you have created credential types for all the
credential types you are using in your system.
7 Make a note of the credential type IDs and descriptions so that you can
duplicate these in your Quick Builder project.

To configure a credential type in Station if you have Temaline


1 Choose Configure > Temaline Configuration > Access Control Definition
> Credential Types.
The Credential Types display appears.
2 Click Open.
3 In the Credential list, click the default credential.
4 In the Description box, type a meaningful description for your most common
credential type, for example, Proximity.
This description appears in the Credential Type list when you add a card.
5 Click Save.
6 Click New.
7 In the Card Type list check that the card type is set to EBI legacy controller.
8 In the Description box, type a meaningful description for your second
credential type, for example, MagStripe.
9 Click Save.
10 Repeat steps 6 to 9 until you have created credential types for all the credential
types you are using in your system.
11 Click Open.

58 www.honeywell.com
SETTING UP A SYSTEM TO USE MULTIPLE CREDENTIALS CHECKLIST

12 Make a note of the credential type IDs and descriptions so that you can
duplicate these in your Quick Builder project.

59
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring the server to use multi-credentials


To configure the server to use multi-credentials
1 In Quick Builder, open the project that contains the definitions of your server.
2 In the tree view, expand System Components and click Servers.
The servers defined in the project appear in the list view.
3 In the list view click DefaultServer.
4 In the property page, click the Server Specific Options tab.
5 Select the Use Multi Credentials check box.
6 Click Default = 0 and click Remove.
7 In the Add box, type the description for your default credential type and click
Add.
For example, if in Station you set the default credential type to Proximity, type
Proximity = 0 and click Add.

8 In the Add box, type the credential description for your other credential types
to match the credentials you added in Station and click Add.
For example, if you have MagStripe with an ID of 1 (as configured in Station),
type MagStripe = 1 and click Add.
9 Save your Quick Builder project.
10 Download the DefaultServer item from Quick Builder to the server.

60 www.honeywell.com
SETTING UP A SYSTEM TO USE MULTIPLE CREDENTIALS CHECKLIST

Specifying the credential type for the reader point


To specify the credential type for the reader point
1 Open the Quick Builder project that has been configured to use multiple
credentials and contains the reader points.
2 In the tree view, expand System Components and click Points.
The points defined in the project appear in the list view.
3 In the list view click locate the required point.
4 On the Main tab select the appropriate credential type from the Card
Credential Type list.
5 Download the point to the server.

61
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

About multiple credential systems


A multiple credential system is required when you have more than one type of
card and card reader. For example, a site uses HID cards and readers however
there is a requirement to use a new type of “smart” card and reader. To enable the
site to use both types of cards and readers, the server is configured as a multiple
credential server. When the access points that represent the reader are created, the
reader type is identified.
Examples of why a site has more than one type of card and reader are:
• The existing readers are being replaced progressively throughout the building.
Until all readers are replaced, there is a requirement to support more than one
type of card and reader.
• Extensions to an existing building include new readers however the existing
readers are not being replaced.
• Legislation requires a certain type of card and reader be used in high-security
areas whereas existing readers and cards can be retained in low-security areas
of the site.
Using a multiple credential system is also a way of ensuring that card details are
downloaded only to the appropriate controllers and not downloaded to controllers
where they are not required.

62 www.honeywell.com
CONFIGURING THE CARDHOLDER DATABASE FOR AXSS-II CONTROLLERS

Configuring the cardholder database for AXSS-II


controllers
You can configure the cardholder database to suite your requirements. For
example, you can:
• Change field labels so that they reflect your terminology. For example, you
could change the label of the LastName field from “Last Name” to “Family
Name”.
• Define new fields to store specialized data (if the predefined user fields do not
meet your requirements).

Related topics
“Configuring fields” on page 64
“Defining a new field” on page 66
“Defining a cardholder template” on page 88

63
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring fields
You can configure fields so that they meet your requirements. For example, you
could change the label of the LastName field from “Last Name” to “Family
Name”.
Note that if you have a redundant or DSA system, you must perform this task on
the primary/publishing server, that is, the primary server of a redundant server
pair, and the publishing server in a Cardholder DSA system.

Prerequisites
You have backed up your database. See “Backing up EBI Server data using
fullbkup” in the Backup and Restore Guide.

To configure fields
1 If you have redundant or DSA servers, on the primary/publishing server:
a. Choose Start > Programs > Accessories > Command Prompt.
A Command Prompt window opens.
b. Type stoprepl all uninstall and press ENTER.
c. Close the Command Prompt window.
If the command is successful, you will receive feedback that all replication
has been stopped.
2 Log on to Station with a security level of MNGR.
3 Choose Configure > Cardholder Management > Cardholder Database to
call up the Cardholder Database display.
4 Click the tab of the cardholder type you want to view and configure.
If you only want to view the vehicle fields, for example, click the Vehicle tab.
5 Select the field you want to modify by clicking on the field.
The field’s properties appear below in the Selected Field definition section.
6 Change the properties listed in the following table, as appropriate.
Note that the properties you can change vary from field to field. For many
system fields (inbuilt fields which have predefined uses), you can only change
the Label property.
7 Repeat steps 5 and 6 for other fields you want to configure.
8 If you have redundant servers, resynchronize them.
9 If you have a DSA system, resynchronize with the other servers.

64 www.honeywell.com
CONFIGURING THE CARDHOLDER DATABASE FOR AXSS-II CONTROLLERS

Property Description
Searchable If selected, the field is included in the Advanced Search
display. Note that if the number of fields enabled for
searching is large, the time that searches take to
complete can increase. Do not set unnecessary fields to
be searchable.
Required If selected, the field is mandatory, that is, it must be
filled in when adding a cardholder.
In displays, mandatory fields are marked with an
asterisk (*).
Tool tip The tool tip can only be set to one field. The contents of
the specified field are displayed as a tool tip when the
mouse pointer hovers over the cardholders in the search
results listed in the Navigation pane.
Visible If selected, the field is displayed.
Label The label that appears next to the field in displays.
Data Type The type of data that is stored in the field.
Caution: Do not change the data type because it may
have unpredictable affects on your system. If the data
type is not suited to your needs, define a new field with
the required data type.
Default Value The default value given to the field when adding a
cardholder.
Note that, in general, you use cardholder templates to
define default values.

Related topics
“Defining a new field” on page 66
“Defining a cardholder template” on page 88

65
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Defining a new field


You can define new fields to store specialized information. (Note that you only
need to create a new field if the predefined user fields, for example U1 to U50, do
not satisfy your needs.)
The number of user fields is limited depending on whether you are using
redundancy or DSA. The maximum number of user fields if you are using
redundancy is 253. The maximum number of user fields if you are using DSA is
244.

Prerequisites
You have backed up your database. See “Backing up EBI Server data using
fullbkup” in the Backup and Restore Guide.

To define a new field


1 If you have redundant or DSA servers, on the primary/publishing server:
a. Choose Start > Programs > Accessories > Command Prompt.
A Command Prompt window opens.
b. Type stoprepl all uninstall and press ENTER.
c. Close the Command Prompt window.
If the command is successful, you will receive feedback that all replication
has been stopped.
2 Log on to Station with a security level of MNGR.
3 Choose Configure > Cardholder Management > Cardholder Database to
call up the Cardholder Database display.
4 Click the tab of the cardholder type you want to view and configure.
If you only want to view the vehicle fields, for example, click the Vehicle tab.
5 Click Add New Field to define a new field in the database.
6 In the Selected Field definition section, define the field’s properties, as
appropriate (described in the following table).
7 If you have redundant servers, resynchronize them.
8 If you have a DSA system, resynchronize with the other servers.

Property Description
Searchable If selected, the field is included in the Advanced Search
display. Note that if the number of fields enabled for
searching is large, the time that searches take to
complete can increase. Do not set unnecessary fields to
be searchable.

66 www.honeywell.com
CONFIGURING THE CARDHOLDER DATABASE FOR AXSS-II CONTROLLERS

Property Description
Required If selected, the field is mandatory, that is, it must be
filled in when adding a cardholder.
In displays, mandatory fields are marked with an
asterisk (*).
Tool tip The tool tip can only be set to one field. The contents of
the specified field are displayed as a tool tip when the
mouse pointer hovers over the cardholders in the search
results listed in the Navigation pane.
Visible If selected, the field is displayed.
Label The label that appears next to the field in displays.
Data Type The type of data that is stored in the field:
• boolean
• datetime
• list (If you select this, you must define each value in
the list and then click Add.)
• number
• text
• decimal
Default Value The default value given to the field when adding a
cardholder.
Note that you can also use cardholder templates to
define default values.

67
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring cardholder preferences for AXSS-II


controllers
You should configure the cardholder preferences so that they are optimized for
your needs, in particular to make it easier for operators to manage cardholders.
If your CMS is spread across several servers (sites), you must configure the
preferences on each server. If appropriate, you can set different preferences on
each server. For example, if each site uses a different card technology, you would
specify the appropriate card type for each site.

To configure cardholder preferences


1 Log on to Station with a security level of MNGR.
2 Choose Configure > Cardholder Management > Cardholder Preferences
to call up the Cardholder Preferences display.
3 Configure the properties as appropriate.

Related topics
“Cardholder preferences properties” on page 69

68 www.honeywell.com
CONFIGURING CARDHOLDER PREFERENCES FOR AXSS-II CONTROLLERS

Cardholder preferences properties

Property Description
Cardholder Preferences for Site Shows the server (site) to which these preferences apply.
Default Employee expiry The default expiry period or date for new employee
setting cardholders.
You can specify the date as either an offset from the date
when the cardholder or card is added (for example, 10
years), or as a fixed date.
Default External Personnel The default expiry period or date for External Personnel
expiry setting cardholders.
Default Vehicle expiry setting The default expiry period or date for Vehicle
cardholders.
Default Card expiry setting The default expiry period or date for new cards.
Show names by Specifies the default order in which names are listed in
displays.
Limit results returned by Specifies the maximum number of results that are
searches to returned from a search. The default is 1000.
Resize cardholder images to If cleared, the cardholder images are cropped to the size
show the entire image with no of the image window. For example, if an image is wider
cropping than the image window, the sides of the image that
exceed the image window are not visible. The image on
a printed card is also cropped.
If selected, the cardholder images are resized to fit
within the image window. The image on a printed card is
also resized.
The following displays contain an image window:
• Cardholder detail display
• Image capture display
• Image capture settings display
• Card print preview
• Event Summary detail pane
• Faceplate of an access point detail display

69
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Property Description
Display the details of each new This property controls whether the details of a newly-
Card or Cardholder added entity (that is, cardholders, templates, unissued
immediately after they are cards or external companies) are shown immediately
added after the entity is added to the system (if the property is
True), or if the Add page is shown again after adding a
new entity to the system (if the property is False,
allowing faster adding of multiple entities).
If details are being shown, and a range of unissued cards
is assigned in one go, then the details for all the new
multi-selected cards will be shown.
Remove Cardholder from If selected, deleting a cardholder deletes the
database on delete cardholder’s record from the database.
If cleared, deleting a cardholder marks the cardholder as
“deleted”, but retains the cardholder’s record in the
database.
Automatically append wildcard If selected, a wildcard character is automatically added
characters to search to the search string. For example, if the operator types
smi as a search string, cardholders Smith and Smithers
would be returned in the search results.
Limit number of active cards The maximum number of active cards that can be
per cardholder to assigned to a cardholder.
Auto Card Commencement and Expiry
Enable auto card If selected, the cardholder’s card(s) automatically
commencement and expiry commence and expire.
Validation interval The interval at which the system checks for cards and
cardholders that are about to commence or expire.
Warning time The number of days before a card is due to expire that
the card expiry warning is displayed. For example, if
this is set to 1, then the card expiry warning appears on
the card one day before the card is due to expire.
Cards will expire if not used for If selected, a card will automatically expire if it has not
been used for the specified number of days.
PIN Configuration

70 www.honeywell.com
CONFIGURING CARDHOLDER PREFERENCES FOR AXSS-II CONTROLLERS

Property Description
Number of PIN digits The number of digits in the card’s PIN (either 4, 5 or 6
digits). All access controllers support a 4 digit PIN code.
NexSentry Star II controllers support 6 digit PINs.
If some controllers in your system only support 4 digit
PINs, you can only use 4 digit PINs, even if you also
have some Star II controllers. For example, if you have
an SE only site with 5 or 6 digit PINs and want to add a
different controller technology (for example, Temaline),
you must change the PIN code length down to 4 digits.
Note: Changing the number of digits in a working
system will change every PIN, by either adding or
removing digits. Increasing the number of digits will add
zeros to the beginning of the PIN. For example, if the
current PIN is “1234”, changing to 6 digits will change
the PIN to “001234”. Decreasing the number of digits
will remove the most significant digit(s). For example, if
the current PIN is “123456”, changing to 4 digits will
change the PIN to “3456”.
If you have a DSA SE only system, ensure that the PIN
code lengths are consistent across the DSA servers to
ensure cardholders can move between servers with the
same card and PIN code working on each server in the
system.

71
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring access levels for AXSS-II controllers


This section describes how to configure access levels.

Attention Zone enforcement is enabled by default. Do not disable it unless instructed


to do so by your local Honeywell Technical Assistance Center

Tasks
Complete the tasks in the following order.

Task Go to: Done?


Define the zone names in Quick Builder and download page 73
them to the server.
If you want PGAP, enable it. page 74
Configure zones in Station. page 75
Define time periods for AXSS-II controllers. page 76
Configure holidays, shifts and schedules.
See “Configuring schedules” in the Configuration and
Administration Guide.
Define access levels. page 77
Download the access levels to the controllers. page 94

Related topics
“About access levels” on page 84
“About zones” on page 85
“About anti-passback and Perimeter Global Anti-Passback (PGAP)” on page 87
“Deleting a zone” on page 79
“Modifying an access level” on page 82
“Deleting an access level” on page 83

72 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Defining zone names in Quick Builder


You define the names of zones in Quick Builder when configuring:
• Access points (each of which represents a card reader).
• Floor points if you have elevators/lifts. Each floor point represents a floor to
which the elevator provides access.
The following procedure summarizes how to define zone names for points. (See
Quick Builder’s help for information about the other point properties.)

Prerequisites
• You have read the naming rules for access levels, time periods and zones.

To define the zone names


1 Select an access point.
2 Click the Main tab.
3 If the point represents an:
• “Entry to zone” card reader, in the Entry to Zone box, type the name of
the zone a cardholder enters after presenting a card to the reader associated
with this point.
• “Exit to zone” card reader, in the Exit from Zone box, type the name of
the zone the cardholder exits after presenting a card to the reader. (Note
that the anti passback applicable to Exit Zones is only associated with
NexSentry Plus controller anti passback.)
4 Repeat steps 1 to 3 for other access points.
5 If you have any floor points:
a. Select a floor point.
b. Click the Display tab.
c. In the Entry to Zone box, type the name of the zone a cardholder enters
after presenting a card to the elevator reader and selecting the floor which
the point represents.
d. Repeat steps a to c for any other floor points.
6 Click Save and download the points to the server.

Related topics
“Configuring access levels for AXSS-II controllers” on page 72
“Naming rules for access levels, time periods, and zones” on page 78

73
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Enabling PGAP
If you want to use Perimeter Global Anti-Passback (PGAP), you must enable it.
Note that all access points must have an Exit Zone configured.

To enable PGAP
1 Log on to Station with a security level of MNGR.
2 Choose Configure > Access Control > Zone Enforcement/Anti-passback
to call up the Zone Enforcement and Anti-Passback display.
3 Click Enable (in the Perimeter Global Anti-Passback (PGAG) section).

Related topics
“About anti-passback and Perimeter Global Anti-Passback (PGAP)” on page 87
“Configuring access levels for AXSS-II controllers” on page 72

74 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Configuring zones
You configure zones in Station, after you have downloaded their names (and
associated points) from Quick Builder.

To configure zones
1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Zones to call up the Zones display.
3 Click a zone to call up the Zone Definition display.
The access points that are listed in the display represent the card readers that
control entry to the zone.
4 If you want to base this zone definition on an existing zone definition:
a. In the Zone to copy from list, click the existing zone.
b. Click Copy.
The details are copied from the existing zone.
5 In the Description box, type a suitable description for the zone.
6 In the Location box, browse and select the location to which the zone is
attached.
7 If you have enabled PGAP and this is the outside zone, select the Outside
Zone check box.
A site can have more than one outside zone. This provides nested anti-
passback. The only requirement for an access level change is a transition from
outside to inside, or inside to outside.
8 Click Save.
9 If you want to configure other zones, return to the Zones display and repeat
steps 3 to 8.

Related topics
“Configuring access levels for AXSS-II controllers” on page 72
“Naming rules for access levels, time periods, and zones” on page 78
“About zones” on page 85

75
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Defining a time period for AXSS-II controllers


Time periods are used in conjunction with zones to define cardholder access
levels. A time period defines the times at which access is granted to the associated
zone(s).
AXSS-II controllers can be configured with a maximum of four time periods per
card per controller, with a maximum of 120 access codes. (Note that each unique
combination of time period and doors being accessed for a controller uses one
access code.) A maximum of 128 time periods is allowed.

Prerequisites
• You have read the naming rules for access levels, time periods, and zones.

To define a time period


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Time Periods to call up the Time
Periods display.
3 Click the first empty row in the list to call up the Time Period Definition
display.
4 If you want to base this time period on an existing time period:
a. In the Time period to copy from list, click the existing time period.
b. Click Copy.
The details are copied from the existing time period.
5 In the Details for list, click SE/AXSS-II.
6 In the Name and Description boxes, type the name and description for the
time period.
7 In the Location box, browse and select the location to which the time period
belongs.
8 In the Start time and Stop time boxes, type the start and stop times.
9 Select the appropriate Valid Days check boxes.
10 When you have finished, click Save.

Related topics
“Configuring access levels for AXSS-II controllers” on page 72
“Naming rules for access levels, time periods, and zones” on page 78
“About access levels” on page 84

76 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Defining an access level


An access level consists of a set of zone and time period pairs. On multi-
technology systems, cardholders can assign both access levels and Temaline
behavior models to determine their access rights.

Prerequisites
• You have read the naming rules for access levels, time periods and zones.

To define an access level


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Access Levels to call up the Access
levels display.
3 Click the first empty row in the list to call up the Access level definition
display.
4 If you want to base this access level on an existing access level:
a. In the Access level to copy from list, click the existing access level.
b. Click Copy.
The location and zone/time period pairs are copied from the existing
access level.
5 In the Name and Description boxes, type the name and description of the
access level.
6 In the Location box, browse and select the location to which the access level
belongs.
7 In the first row of the Zone/Time period list, choose a zone and the
associated time period.
8 If you want to add other zone/time period pair(s), repeat step 7.
9 When you have added all the zone/time pairs, click Save.
If an access level with identical zone/time period pairs and location already
exists, you are prompted whether you want to create a duplicate access level.

Related topics
“Configuring access levels for AXSS-II controllers” on page 72
“Naming rules for access levels, time periods, and zones” on page 78
“About access levels” on page 84
“About zones” on page 85

77
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Naming rules for access levels, time periods, and zones


The naming rules for access levels and zones are:
• Names must be unique
• Names can contain up to 16 alphanumeric characters, with at least one alpha
character.
• Names cannot contain any of the following characters:
- Tab
- Period (.)
- Comma (,)
- Forward slash (/)
- Backslash (\)
- Less than (<)
- Greater than (>)
- Single quote (‘)
- Double quote (“)
- Asterisk (*)
- Question mark (?)
- Vertical bar (|)
- Colon (:)
- Semi-colon (;)

78 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Deleting a zone
Deleting a zone involves first checking that it is not assigned to any access levels,
and then deleting the access points associated with the zone.

To delete a zone
1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Access Levels to call up the Access
levels display.
3 Check that the zone is not assigned to any access level.
If you have many access levels, it may be simpler to configure an Access
Level report to determine if the zone has been assigned any access levels.
Type the zone name in the report’s Zone field. See “Access level report” in the
Configuration and Administration Guide.
4 If the zone is assigned to an access level, you must modify the access level so
that it no longer uses the zone.
5 In Quick Builder, delete all the access points that are defined as entering the
zone.
6 Download the deletions to the server.
The zone is then automatically deleted.

79
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Checking the zone configuration and re-enabling zone enforcement


You only need to perform this task if you have previously disabled zone
enforcement and want to re-enable it.

Attention Zone enforcement is enabled by default. Do not disable it unless instructed


to do so by your local Honeywell Technical Assistance Center.
The check ensures that no access point is assigned to more than one zone (a
requirement for zone enforcement). If the check fails, it identifies the point(s) and
the zones to which they are assigned. In this case, you must reconfigure the
relevant zone(s) before repeating the check.

To check the zone configuration and enable it


1 Log on to Station with a security level of MNGR.
2 Choose Configure > Access Control > Zone Enforcement/Anti-passback
to call up the Zone Enforcement and Anti-passback display.
3 Click Check zones.
A prompt appears in the Message Zone.
4 Click Yes to reconfirm the check.
If your configuration passes the check, the following message appears.
Zone enforcement checked

5 Click Enable (in the Zone Enforcement section).

Related topics
“Configuring zones” on page 75

80 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Deleting a time period


Deleting a time period involves first checking that it is not assigned to any access
levels.
Time periods are used by other access items, such as door auto unlocks. These
would also need to be unconfigured if the time period is to be removed.

To delete a time period


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Access Levels to call up the Access
levels display.
3 Check that the time period is not assigned to any access level.
If you have many access levels, configure an Access Level report and type the
Time Period name in the report’s Time Period field to determine if the time
period has been assigned to any access levels. See “Access level report” in the
Configuration and Administration Guide.
4 If the time period is assigned to an access level, you must modify the access
level so that it no longer uses the time period.
5 Choose Configure > Access Control > Time Periods to call up the Time
Periods display.
6 Click the time period you want to delete. This calls up the Time Period
Definition display.
7 Click Delete.
A prompt appears in the Message Zone.
8 Click Yes to reconfirm the deletion.

81
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Modifying an access level


When you modify an access level, it affects all cardholders who have been
assigned that access level. Consequently, you must download your modification
so that it takes effect.

To modify an access level


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Access Levels to call up the Access
levels display.
3 Click access level you want to modify.
This calls up the Access level definition display.
4 Make the required changes.
5 Click Save.

82 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

Deleting an access level


You can only delete an access level if it is not assigned to any cardholders. If you
attempt to delete an access level that is assigned to cardholders, EBI lists them.
You must then update the access levels of those cardholders before you can delete
the access level.
To determine if the access level is assigned to cardholders, you can configure a
CMS Advanced Search for cardholders with the access level/right you want to
delete (see “Searching for a cardholder or card” in the Operator’s Guide). You
could also configure a Cardholder Details report with the access level name in the
Access Level field (see “Cardholder Details Report” in the Configuration and
Administration Guide).

To delete an access level


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Configure > Access Control > Access Levels to call up the Access
levels display.
3 Click the access level you want to delete.
This calls up the Access level definition display.
4 Click Delete.
5 If the access level:
• Is assigned to any cardholders, EBI lists them. You must update the access
levels of those cardholders, and then return to step 2.
• Is not assigned to any cardholder, a prompt appears in the Message Zone.
Click Yes to reconfirm the deletion of the access level.

83
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

About access levels


An access level consists of a set of zone/time period pairs, in which the zone
specifies the physical place to which a cardholder has access, and the time period
specifies when the cardholder has access to that zone.
For example, you could create an access level called “Office Workers” that
consists of the following zone/time period pairs
• The “Office” zone between 7:30 AM to 6:00 PM, Monday to Friday
• The “Car Park” zone between 7:15 AM to 6:15 PM, Monday to Friday
• The “Office” zone between 8:30 AM to 1:30 PM, Saturday
• The “Car Park” zone between 8:15 AM to 1:45 PM, Saturday
You should carefully analyze the access requirements of your site and of people
who need access to it. In particular, you should analyze:
• The security requirements of each part of your site. For example, if your site
consisted of an office, a production facility and a laboratory, you would
probably want to create three zones because each part of your site would have
distinct security requirements.
• The access needs of each type of cardholder. For example, maintenance
engineers may need 24 hour, 365 days a year access to the production facility;
whereas office workers may only need weekday access to the office.
You should use a “building blocks” approach when defining access levels, so that
they can be assigned in various combinations to meet the specific access needs of
every cardholder.
Keep the design as simple as possible. The aim is to set up a manageable set of
access levels that covers each cardholder's needs. Continually adding special
access levels to a system can result in it becoming difficult to manage.

Related topics
“About zones” on page 85
“About anti-passback and Perimeter Global Anti-Passback (PGAP)” on page 87
“Configuring access levels for AXSS-II controllers” on page 72

84 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

About zones
A zone represents a physical part of your site, to which entry is controlled by one
or more card readers.
If necessary, you can “nest” zones, providing the parent zone entirely encloses the
child zone(s). For example, in the following figure, zones 1, 2 and 3 are entirely
enclosed within zone 4 (which represents the whole floor).
Access to a zone can be controlled by more than one card reader. In the following
figure, the card readers for doors C and D both belong to Zone 3. Note, however,
that each card reader can only belong to one zone and this is called zone
enforcement.

Figure 2 Typical zone configuration for a floor

Zone 1 Zone 3
Computer Room Door B Engineering Department

Door C
Door A

Zone 2
Laboratory Door D
Door F

Zone 4
First Floor

Elevator Door E

You should carefully plan your zone definitions so that they meet your security
needs and are easy to maintain. For example:
• Only create a zone if it has specific security needs, either in terms of who can
access it, or when people can access it. For example, you may need close the
laboratory on weekends, or to limit access to the computer room to IT
personnel.
• Try to create zones that are controlled by just one or two card readers. Such
zones are easier to configure and manage.

Related topics
“About access levels” on page 84

85
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

“About anti-passback and Perimeter Global Anti-Passback (PGAP)” on page 87


“Configuring access levels for AXSS-II controllers” on page 72

86 www.honeywell.com
CONFIGURING ACCESS LEVELS FOR AXSS-II CONTROLLERS

About anti-passback and Perimeter Global Anti-Passback (PGAP)


Anti-passback is used to prevent a cardholder, who has just gained access to a
zone, passing their card back to another person so that they can also gain access.
Anti-passback is typically used for high-security or hazardous zones, where you
want to keep track who is inside each zone.
Anti-passback uses card readers to control both entry to, and exit from, the zone.
When a card is read at an entry reader, the cardholder is registered as being
“inside” the zone. That card can not be used again to gain entry until after it has
been read by an exit reader (which then registers the cardholder as being
“outside” the zone.)
Anti-passback is controlled at the controller level, that is, the controller manages
the “inside/outside” status of each cardholder. This means that you can implement
anti-passback on a zone-by-zone basis (providing the zone’s entry and exit card
readers are connected to the same controller).

Perimeter Global Anti-Passback (PGAP)


Perimeter Global Anti-Passback (PGAP) provides anti-passback control at the
site level, that is, each card reader is registered as being either “on site” or “off
site”.
PGAP is controlled at the server level, that is, the server manages the “on site/off
site” status of each cardholder.
The whole site is defined as the “outside zone”, and all other zones must be
enclosed (‘nested’) with it.
With EBI R400, there is the capability to ‘forgive’ a cardholder who has followed
somebody through a PGAP controlled door. The system normally downloads
access to a controller based upon the cardholder’s current zone. When a PGAP
Forgive is issued, it will download access to all readers assigned to the cardholder
regardless of the cardholder’s current zone. Upon the next access granted, a new
download will occur that will download the filtered access based upon the current
zone again.

Related topics
“About zones” on page 85
“Configuring access levels for AXSS-II controllers” on page 72

87
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Defining a cardholder template


Cardholder templates speed up the task of adding a cardholder because they allow
you to define default values that are automatically applied each time you add a
cardholder. For example, if your system manages the security for a large office
building, you could create a template for each tenant, which contained tenant-
specific values such as employer details and access levels.

To define a cardholder template


1 Log on to Station as an operator with a cardholder management profile that
allows them to add and modify an Employee Template.
2 Choose Configure > Cardholder Management > Add Templates to call up
the Add Employee Template display.
Alternatively, choose the relevant template type to create a template for
External Personnel, Vehicles or Visitors.
3 In the Name box, type an appropriate name.
4 In the Organization list, click the area to which the cardholders (who will be
added using this template) belong.
5 Click Add to call up the Template Definition display.
6 Define default values for the properties, as appropriate.
7 When you have finished, click Save.

88 www.honeywell.com
CONFIGURING TIME AND ATTENDANCE TRACKING

Configuring time and attendance tracking


If you have time and attendance readers, EBI can collect details about access
events, which you can then pass to another application.
Configuring time and attendance tracking involves configuring the associated
access points and modifying the batch file, timatd.bat. (This batch file runs each
time a card is presented to a time and attendance reader.)

To configure time and attendance tracking


1 In Quick Builder:
a. Select each access point that is associated with a time and attendance card
reader.
b. On the Main tab, select the Time and Attendance check box.
2 Using a text editor, such as Notepad, modify timatd.bat.

Related topics
“Time and attendance batch file (timatd.bat)” on page 90

89
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Time and attendance batch file (timatd.bat)


Each time a card is presented to a time and attendance reader, EBI runs a batch
file, \server\run\timatd.bat, and passes it the following data:
• Card number
• Cardholder
• The first four searchable user fields
• Reader name
• Date
• Time
You must modify the sample batch file so that it processes the data in an
appropriate manner. For example, if you have connected a time and attendance
system to one of the server’s communications ports, you would output the data as
a text string to that port. You can also configure the batch file so that it reads a
response from the device, confirming communication.

Example
This batch file outputs the data to the server’s COM1 port.
@echo off
rem #Time and Attendance Batch File
set param1=%1
set param2=%2
set param3=%3
set param4=%4
set param5=%5
set param6=%6
set param7=%7
set param8=%8
set param9=%9
rem #remove double quotes from parameters
set cardnumber=%param1:"=%
set cardholder=%param2:"=%
set index1=%param3:"=%
set index2=%param4:"=%
set index3=%param5:"=%
set index4=%param6:"=%
set readername=%param7:"=%
set date=%param8:"=%
set time=%param9:"=%
rem #select the suitable employee code
set employeecode=%index1%
rem #set up device port name for the Time and Attendance system
port
rem #note the "//./" is necessary for higher com ports.
set dev=//./COM1

90 www.honeywell.com
CONFIGURING TIME AND ATTENDANCE TRACKING

rem #set up baud rate for the Time and Attendance system port
set baudrate=9600
rem #set up data bits for the Time and Attendance system port
set databits=8
rem #set up parity for the Time and Attendance system port.
Options available are
rem parity=e
rem parity=o
rem parity=n
set parity=n
MODE %dev% BAUD=%baudrate% PARITY=%parity% DATA=%databits% > NUL
set cmdstr=%date% %time% %cardnumber% %cardholder%
%employeecode% %readername%
echo %cmdstr% > %dev%

Related topics
“Configuring time and attendance tracking” on page 89

91
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Configuring the organizational model


The organizational model is used to define companies and to control the “scope of
responsibility” for operators. For more information about organizational models,
see “Understanding, Planning and Building your Organization Model” in the
Configuration and Administration Guide.

92 www.honeywell.com
DEFINING A CARDHOLDER MANAGEMENT PROFILE

Defining a cardholder management profile


A cardholder management profile defines which tasks a user can perform when
they are assigned the profile.
For example, you could define an “access control manager” profile that enables
all tasks, and a “security operator” profile that only enables view access to
cardholder displays.
The Basic, Preregistration and Supervisor operator profiles are read-only system
profiles and cannot be modified.

To define a cardholder management profile


1 Log on to Station with a security level of MNGR.
2 Choose Configure > Cardholder Management > Operator Profiles to call
up the Cardholder Management Operator Profiles display.
3 Click Add to create a new profile.
4 In the Name and Description boxes, type the name and description for the
profile.
5 Click the ellipsis button next to the Organization field to display the
Organization Browser. Select the organization to which the profile belongs
and click Apply.
6 In the Card Management Tasks tree, select the tasks that operators with this
profile can perform.
7 Click Save.

93
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Downloading access information for AXSS-II controllers


All configuration changes within the EBI access control subsystem, including
changes to cardholder information, are automatically downloaded to the relevant
controllers when the Save button is clicked.

Notes
• The download indicator has three modes:
- Flashing yellow means a download is in progress
- Solid yellow means that one or more downloads had errors
- No color with the word ‘Download’ indicates that a download is pending.
This can be a local download or a remote download of a card that was
initiated locally.
• The action bar for a cardholder will display a ‘Download Pending’ label and a
link to the Download Summary display if the last download was
unsuccessful.
• To find out why the download failed, click the Downloads box to call up the
Download Summary display. The status provides a direct link to the
download report and may indicate several different statuses, such as Failed,
Retry Pending and Cancelled. If a card is marked as Failed, for example, click
Failed to see more information about why the download failed.
The following table describes the three ways you can manually initiate a
download.

Download technique Go to:


Download cards page 96
Use this technique to force individual cards to be downloaded, regardless
of whether any changes have been made.
Download modified access information to selected controllers page 97
Use this technique to download all access information that has been
modified but not downloaded to the selected controllers.

94 www.honeywell.com
DOWNLOADING ACCESS INFORMATION FOR AXSS-II CONTROLLERS

Download technique Go to:


Download all access information to selected controllers page 98
Use this technique when you have made major changes, for example:
• Upgraded a controller’s firmware.
• Replaced a controller.
• Cleared a controller’s memory.
• Upgraded an existing system, or commissioned a new system.
Note: You should only use this technique during off-peak times because
the Download All option removes all cards from the controller's memory
and then downloads all cards that have access assigned to that controller.
Cards will be denied access until they have been downloaded. This can
take a long time.

95
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Downloading cards
This section describes how to force individual cards to be downloaded, regardless
of whether any changes have been made.
Card and cardholder changes are downloaded automatically when Save is clicked
(or when you navigate away from the Cardholder Management display). There is
a Download Card button on the Cards tab of the Cardholder Management
display that allows you to select one or more cards and force them to be
downloaded, regardless of whether any changes have been made.
If PGAP is enabled, there are also two Forgive buttons that will force either the
selected card(s) or all of the cards belonging to the selected cardholder(s) to be
downloaded without PGAP restrictions.

To force a download of one or more cards


1 Click the Cards tab in the Cardholder Management display.
2 Select the card(s) you want to download, and click Download Card.
If PGAP is enabled, click the Forgive button to force the download without
PGAP restrictions.

96 www.honeywell.com
DOWNLOADING ACCESS INFORMATION FOR AXSS-II CONTROLLERS

Downloading modified access information to selected controllers


This procedure downloads all access information that has been modified but not
downloaded to the selected controllers.
A Download Modified would typically be used to complete a download that has
been cancelled. In the normal operation of a system, all access information is
automatically downloaded to the relevant controllers when it is saved. In this
scenario, the Download Modified operation would find no information requiring
download.
A Download Modified cannot always be used to complete a cancelled Download
All. If a Download All is cancelled, the download report will indicate for each
individual controller whether the download can be completed by a Download
Modified.

Attention This procedure may take some time. The amount of time depends on the
number of controllers you select, the complexity of your system and the
amount of modified information that needs to be downloaded.

To download modified information


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Action > Access Download to call up the Download display.
3 Select the controllers you want to download to.
Tip Click Select All to select all controllers.
4 Click Download Modified.
A message appears in the Message Zone asking whether you want to continue.
5 Click the Yes button on the right-hand side of the message.
6 If you want to view the progress of the download, click the Download Status
tab.
This tab displays the status of all downloads performed by the server, not just
those requested on the current Station. The final status of the download will be
reported as an operator message.
7 If there are any problems with the download, click the View Access
Download Summary link.

97
5 – CONFIGURING ACCESS CONTROL AND SECURITY FOR AXSS-II CONTROLLERS

Downloading all access information to selected controllers


This procedure downloads all access information to the selected controllers.
The Download All option removes all cards from the controller's memory and
then downloads the cards that have access assigned to that controller. Cards will
be denied access until they have been downloaded. This can take a long time.
Cards are downloaded in numerical order.

Attention This procedure may take some time, and should only be performed during
off-peak times, so that cardholders are not unnecessarily denied access.
(The time depends on the number of controllers you select and the
complexity of your system.)

To download all information


1 Log on to Station with a security level of SUPV (or higher).
2 Choose Action > Access Download to call up the Download display.
3 Select the controllers you want to download to.
Tip Click Select All to select all controllers.
4 Click Download All.
A message appears in the Message Zone asking whether you want to continue.
5 Click the Yes button to the right of the message.
6 If you want to view the progress of the download, click the Download Status
tab.
This tab displays the status of all downloads performed by the server, not just
those requested on the current Station. The final status of the download will be
reported as an operator message.
7 If there are any problems with the download, click the View Access
Download Summary link.

98 www.honeywell.com
Configuring Integrated PhotoID
for AXSS-II controllers 6
This section describes how to configure Integrated PhotoID, and how to create the
card layouts that are used when printing security cards.
You use Integrated PhotoID to:
• Capture photographs and signatures of cardholders from a variety of sources
and store them directly in the CMS database.
• Design the layout of photo-identification cards (badges).
• Print photo-identification cards.

Attention Use the “Integrated PhotoID configuration checklist” on page 100 to


guide you through the tasks, and to avoid configuration problems.

Related topics
“Integrated PhotoID configuration checklist” on page 100
“About the Integrated PhotoID components” on page 113

99
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Integrated PhotoID configuration checklist


This checklist describes how to configure PhotoID.

Prerequisites
• You have installed the Integrated PhotoID hardware in accordance with the
Installation Guide.

Tasks

Task Go to: Done?


Set up the environment for capturing portraits. page 101
Configure the image capture settings. page 103
Design and create the card layouts. page 108
Set up a card printer. page 112

100 www.honeywell.com
SETTING UP THE ENVIRONMENT FOR TAKING PORTRAITS

Setting up the environment for taking portraits


The portrait quality largely depends on the environment in which you take
portraits. Consequently, you need to consider the following factors:
• The lighting you use to illuminate the subject and the backdrop
• The backdrop you place behind the subject
• The way in which you frame the subject

The lighting you use to illuminate the subject and the backdrop
Lighting has a major effect on portrait quality, especially if you are using a video
camera as the image capture device. For best results, follow these guidelines:
• Use photographic or incandescent lights. The lights you use should be ones
that produce natural looking pictures. Use photographic (incandescent) lights
produce “warm” looking tones because they produce more natural skin colors.
Avoid fluorescent lights because they often produce skin colors with a
greenish tinge.
• Select a suitable lighting intensity. You need to adjust the lighting intensity,
so that the portraits are neither too dark or too bright.
• Use diffused (soft) lighting. Diffused lighting produces a more acceptable
result and avoids dark shadows. You can diffuse lighting by for, example:
- Reflecting the light off the ceiling or a wall
- Using a diffusing umbrella
- Using a frosted globe
- Moving the light further away from the subject
• Adjust the amount of lighting on the background. Adjust the lighting on
the background so that it is acceptable in the images you capture. Too much
lighting will make the portrait appear too dark; whereas too little lighting will
make the background appear too dark.

The backdrop you place behind the subject


It is important that the backdrop you place behind the subject is appropriate to
your needs.
If you want to apply chromakey, you need to ensure that the background is:
• Bright and uniformly colored, and that the color is unlikely to be worn by
cardholders, for example, bright green. For an example, see “Enhanced
security with ghosting and chromakey (AXSS-II)” on page 114.

101
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

• Uniformly illuminated, and is free of shadows.


If you do not want to apply chromakey, you should use a matt (non-reflecting)
background, preferably with a suitably muted color, such as blue or gray. (Note
that a gray background may merge with the facial tone colors; whereas blue
backgrounds may merge with clothing.)
You should use a matt (non-reflecting) background, preferably with a suitably
muted color, such as blue or gray. (Note that a gray background may merge with
the facial tone colors; whereas blue backgrounds may merge with clothing.)
You can purchase suitable backdrops from photographic suppliers and fabric
shops.

The way in which you frame the subject


Frame subjects so that:
• The subject’s face and head fill most of the frame.
• The subject is looking directly at the camera.

102 www.honeywell.com
CONFIGURING THE IMAGE CAPTURE SETTINGS

Configuring the image capture settings


The image capture settings are specific to the computer that is attached to the
capture device. If you capture images on more than one computer you need to
configure the image capture settings on each computer.

Prerequisites
You must have the Image Capture Operator Profile task selected in order to
configure the Integrated PhotoID image capture settings. This is set in the Card
Management Tasks/Card holder Tasks section of the Cardholder Management
Operator Profiles display.

To define the image capture settings


1 Choose Configure > Cardholder Management > Image Capture Settings
to call up the Image Capture Settings display.
2 From the Image Capture Source list, click the type of capture device you use
to for each image type you want to capture.
3 If you are using TWAIN devices and you have more than one TWAIN device,
from the TWAIN Device list click the specific device for the image type you
want to capture.
4 From the File Format list, select the appropriate file format for the image.
5 If you want to use the chromakey, ghosting, or post processing options, click
the Change Sample Portrait button and choose an image that has been
created in your image capture environment so that you can adjust the settings
appropriately.
6 To set the ghosting properties, move the Ghosting slider until the sample
image shows the appropriate changes for your site.
7 To set the chromakey properties, move the Chromakey slider until the sample
image shows the appropriate changes for your site.
8 To set the color properties, move the Red, Green, and Blue sliders until the
sample image shows the appropriate changes for your site.
9 From the Card Printer list, click the card printer you want to use to print
cards.
The printer you choose is automatically set as the printer in the Print dialog
box when you print a card.
10 If your card layouts are double-sided and if your card printer supports double-
sided printing, from the Double Sided Printing list, click True.

103
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Results
• The capture settings you have configured are applied to all images captured on
this computer.

Related topics
“Defining a cardholder management profile” on page 93
“Image capture settings” on page 105
“Enhanced security with ghosting and chromakey (AXSS-II)” on page 114
“Integrated PhotoID image file naming conventions” on page 107

104 www.honeywell.com
CONFIGURING THE IMAGE CAPTURE SETTINGS

Image capture settings

Property Description
Image Capture Source The source used to capture portraits, signatures or
documents:
• None. Disables image capture.
• MCI. Images are captured from a live video camera,
via a video capture board installed in the computer.
• TWAIN. Images are captured from devices such as
scanners, digital cameras and also some video
capture boards.
• Mouse. Cardholders “write” their signatures using a
graphics tablet that supports mouse emulation.
• Wintab. Wintab in name only. EBI uses third party
vendors software to interface with signature capture
tablets. Integrated PhotoID presently supports the
ePad ink series from Interlink Electronics and SigLite
series from Topaz.
File Format The format in which portrait or signatures are stored.
Note that the format you choose is restricted by the
capture source as follows:
• MCI capture supports JPG and BMP.
• TWAIN capture supports JPEG and BMP.
• Mouse/Wintab capture only supports BMP.
Ghosting Sets the ghosting properties for images captured using
this computer.
Chromakey Sets the chromakey properties for images capture using
this computer
Red Changes the amount of red color that appears in the
image captured using this computer.
Green Changes the amount of green color that appears in the
image captured using this computer.
Blue Changes the amount of blue color that appears in the
image captured using this computer.
Card Printer Sets the printer you want to use to print cards. The
printer you choose is automatically set as the printer in
the Print dialog box when you print a card.
Double Sided Printing Sets whether cards are printed double-sided.

105
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Where EBI stores Integrated PhotoID data


The EBI installation wizard automatically creates the following folder for storing
Integrated PhotoID data: drive:\Program Files\Honeywell\Server\cms\
PhotoID, where drive is the drive on which EBI server software is installed.

The installation wizard also creates the following folders under PhotoID:
• CardLayouts

• HolderImages

• Signatures

The installation wizard creates a virtual directory with read and browse
permissions for the PhotoID directory. Client computers can access the directory
through the following path: http://<server name>/cms/photoID, where <server
name> is the name of the EBI server.

106 www.honeywell.com
CONFIGURING THE IMAGE CAPTURE SETTINGS

Integrated PhotoID image file naming conventions


Integrated PhotoID uses the following naming conventions for image files:
• Portraits: Portrait_<GUID>.FileExtension
• Signatures: Signature_<GUID>.FileExtension
Where:
• Where <GUID> is a unique identifier for the file.
• FileExtension is the file extension of the image file, as specified in the
Image Capture Settings display.

107
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Creating card layouts


This section describes how to create card layouts. (If you have not created a card
layout before, see “Guidelines for creating card layouts” on page 109.)
The following procedure summarizes the main steps involved in creating a new
card layout from a sample layout. (For more information on using HMIWeb
Display Builder, see the HMIWeb Display Building Guide.)

To create a new card layout


1 Open the sample layout, for example Samplelf.sha in Program Files\
Honeywell\server\CMS\PhotoID\CardLayouts.

2 Choose File > Save As and save the layout with a different name.
3 Select the card layout and ungroup it into its subcomponents.
4 Modify the card layout as required.
5 If you want to include a database field in the layout, the name of the
associated object must be in the format <TableName>_<FieldName>
where <TableName> is the name of the database table that the field is coming
from, and <FieldName> is the name of the field to include.
Examples of system fields are Employee_Name or ExternalRegular_Surname.
Examples of user fields are EmployeeUserFields_UF15 or
VehicleUserFields_UF4.
(You can use any field listed in “Cardholder database tables” on page 110 plus
any user defined fields.)
6 When you have finished creating your new layout, select all objects and group
them into a single object. (You must do this for the card layout to function
properly.)
7 Save and close the layout.

108 www.honeywell.com
CREATING CARD LAYOUTS

Guidelines for creating card layouts


• We recommend you use a sample layout supplied with EBI as a starting point
for a new card layout. (Save a sample layout with a new name and then
modify it as required.)
• Give the new layout a descriptive name. We recommend that the name
indicates the layout’s orientation (portrait or landscape) and whether it is for
the front or back of the card. For example, add letter suffixes, such as p
(portrait), l (landscape), f (front) and b (back) to the filename. Also add the
cardholder type that the layout is for, for example, add emp (employee) or ext
(external personnel).
• If you want to print on both sides of a card, you need a separate layout for
back. Both the front and back must have the same orientation.
• Card Image objects are used to add cardholder portrait images and signature
images. To avoid distortion of the images, the Card Image objects must have
the same aspect ratio (width/height) as the captured images.
• To add a CMS data field to a card layout, the name of the associated object
must be in the format <TableName>_<FieldName>, where
<TableName> is the name of the database table that the field is coming from.
<FieldName> is the name of the field to include.
Examples of system fields are Employee_Name or ExternalRegular_Surname.
Examples of user fields are EmployeeUserFields_UF15 or
VehicleUserFields_UF4.
(You can use any field listed in “Cardholder database tables” on page 110 plus
any user defined fields.)
• Any text or alphanumeric objects must use a TrueType font to print correctly.
Mixed orientation of text on a single side is not supported.
• By default, card layouts are stored in drive:\Program Files\Honeywell\
Server\cms\PhotoID\CardLayouts where drive is the name of the drive
where EBI is installed on the server.

109
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Cardholder database tables


This section lists fields that are commonly used in card layouts from the
following Cardholder database tables:
• Commonly used Employee Cardholder table fields
• Commonly used Vehicle Cardholder table fields
• Commonly used ExternalRegular (External Personnel) Cardholder table fields
• Commonly used Card table fields
For a full listing of the cardholder database fields, refer to the Cardholder
Database Configuration display (Configure > Cardholder Management >
Cardholder Database).

Table 1 Commonly used Employee Cardholder table fields

Employee Cardholder fields Employee Cardholder fields


Name EMail
Surname ExpiryDateTime
AlternateIdentifier Floor
BirthDate Identifier
Building Office
Category PreferredName
CHImage (cardholder’s image) Room
CHSignature (cardholder’s signature) Telephone
CommencementDateTime Telephone2

Table 2 Commonly used Vehicle Cardholder table fields

Vehicle Cardholder fields Vehicle Cardholder fields


CHImage (cardholder’s image) NumberPlate
CommencementDateTime Trademark
ExpiryDateTime Trailer
Identifier Utilization
Kind VehicleType

110 www.honeywell.com
CREATING CARD LAYOUTS

Table 3 Commonly used ExternalRegular (External Personnel) Cardholder table fields

External Personnel Cardholder fields External Personnel Cardholder fields


Name EMail
Surname ExpiryDateTime
AlternateIdentifier Floor
BirthDate Identifier
Building Office
Category PreferredName
CHImage (cardholder’s image) Room
CHSignature (cardholder’s signature) Telephone
CommencementDateTime Telephone2

Table 4 Commonly used Card table fields

Card fields Card fields


CardNumber MailIndicator
CommencementDateTime ParkingEntryExit
Category SecondaryExpiryDate
DateIssued ShortDescription
Edition TypeMsg

ExpiryDateTime

111
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Setting up a card printer


Unlike other printers in EBI, you do not define card printers through Quick
Builder. Instead, you make it the default printer and set its default properties in
the same way you do when using a standard Windows application, such as
Microsoft Word.
The following procedure describes how to set up the card printer as the default
printer, and test its operation.

Prerequisites
• Cumulative security update for Internet Explorer 7 (KB947864) or later is
installed

To set up the card printer


1 Connect the printer to the network/computer used to print cards. (Follow the
instructions supplied with the printer.)
2 Install the print driver on the Station computer from which you want to print
cards. (Follow the installation instructions supplied with the printer.)
3 Log on to Station and select a suitable card for printing and click Print to call
up the Print Card display.
4 Click Card Print Setup. This opens the standard Windows Print Setup
dialog box. Note that there must be a default printer installed first.
5 Select the card printer and set its options as appropriate, and then click OK.
6 Click Print to print the card.
7 If the printed card is not acceptable, for example, it is too dark, you may be
able make minor adjustments to the printer options. However, you can only
make major changes by changing the setup used to capture the images.

112 www.honeywell.com
ABOUT THE INTEGRATED PHOTOID COMPONENTS

About the Integrated PhotoID components


In order to create good quality photo identification cards with Integrated PhotoID,
you need a suitable image capture device and printer. You also need to design an
appropriate card layout.
This section describes the major Integrated PhotoID components.

For: Go to:
Cards and card printers page 114
Cameras and lighting page 116
Image capture devices page 120
Card printers page 115

113
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Cards and card printers


This section includes information about:
• Enhanced security with ghosting and chromakey (AXSS-II)
• Printing options
• Card printers
• Handling cards

Enhanced security with ghosting and chromakey (AXSS-II)


You can make an ID card harder to falsify by applying ghosting and chromakey
effects to the cardholder’s photograph and signature. (Ghosting makes the
photograph semi-transparent so that objects behind it are partially visible.
Chromakey totally or partially removes the uniform background color from the
photograph.)

Table 5 A typical photo ID card that uses both ghosting and chromakey

A photograph as it appears in a photo


identification card with both chromakey
and ghosting applied

The original photograph

Printing options
You can print cards in a number of ways. For example:
• You can print cards on paper, cut them out and laminate them. This is a cost-
effective, but labor-intensive approach.
• You can print cards directly onto correctly sized plastic blanks.

114 www.honeywell.com
ABOUT THE INTEGRATED PHOTOID COMPONENTS

• You can print cards directly onto some access control cards. If you want to do
this, you need to ensure that the cards are qualified by the printer
manufacturer, and that they have the correct surface for dye sublimation
printing. (Some cards, especially those used for access control, are thicker
than normal cards, which may mean that you will have to make adjustments to
the printer.)

Card printers
You can use any suitable Windows-compatible printer to print PhotoID cards.
Unlike other EBI printers, you do not need to define a card printer in Quick
Builder. Instead, you install the printer driver onto the computer you use for
printing cards, and then use it as you would any other printer connected to the
computer.

Handling cards
Cards must be absolutely clean, unscratched, and free of dust before being placed
in the printer hopper. We recommend that you wear a pair of cotton gloves while
handling the cards, to prevent damage from fingerprints. You should not open
new packets until they are needed, and store unused cards in a sealed container
away from dust and dirt.
If you have to punch holes in the cards, you should do this after they have been
printed.

115
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Cameras and lighting


There are two main choices for the capture device: a digital (still) camera or a
video camera. The advantages and disadvantages of each are described below.
Whatever type of camera you decide to use, you should configure it so that it is
optimized for taking portraits.
This section includes information about:
• Digital (still) cameras
• Video cameras
• Cameras and color balance
• Color balance
• Automatic color balance
• Problems with color balance

Digital (still) cameras


Digital cameras are inexpensive and easy to set up, and typically have a built-in
flash, so are more tolerant of different lighting conditions. They are also portable
and can be used to capture images of personnel at locations other than at the
badge office.
Digital cameras typically add more time to the image capture process because of
the time to upload the image to the computer. For this reason, a digital camera is
most suitable for an installation where there is not a large number of new badges
being created.

Video cameras
Video cameras are a more popular choice for the image capture device. They have
the advantage that the image can be previewed before being captured. The
operator freezes the live video image and saves it if the subject is happy with the
portrait. This process is a lot faster than uploading an image from a digital
camera.
The disadvantage is that video cameras are very susceptible to variations in the
lighting conditions. Often some tuning needs to be done to get the video camera
to perform optimally.
The following types of video cameras are typically used:
• CCTV cameras (as used in the security industry) are cheap, generally very
sensitive to the level of light, and can operate in quite low light. For this
reason, the light source may need to be diffused to prevent blooming. Ensure
that the camera does not have a fish-eye lens as is commonly installed on
security cameras.

116 www.honeywell.com
ABOUT THE INTEGRATED PHOTOID COMPONENTS

• Home video cameras (analog or digital camcorders) offer some advantages


over CCTV cameras. They have many useful features such as automatic white
balance, auto-iris, auto-focus, and a zoom lens. They usually require higher
light levels than CCTV cameras because they are designed for outdoor use.
They are also generally more expensive. S-VHS cameras have higher
resolution than standard cameras and produce higher quality images.
• Video conferencing cameras have some of the advantages of CCTV cameras
(such as the ability to perform in low light) and some of the advantages of
video cameras (such as greater functionality). However many of the smaller
cameras have extremely low resolution, resulting in poor images. On some of
these cameras the Pan, Tilt and Zoom functions can be controlled remotely
using a hand held remote control unit.

Cameras and color balance


Color balance is a very important part of taking a good image.
The human eye sees color differently from a video camera. A camera is very
sensitive to the type of lighting about the subject. Often when looking at a person
having their image taken the operator does not see an obvious problem with the
lighting, but when the image is captured it may appear ruddy and “sunburnt”, or
white and “washed out”.
There are several possible causes of this:
• The video capture card may not be set up correctly. Always follow the
instructions supplied with the video capture card on how to properly set up the
card. You might need to adjust brightness, balance and positioning of the
overlay window. Make sure that the video capture card is working properly
before you try to use it with Integrated PhotoID. Use the utilities supplied with
the video capture card to debug any problems with the card’s operation.
The rest of this discussion assumes that the capture card has been correctly set
up.
• The camera may not be set up correctly. Check the instructions supplied with
the camera. Note particularly the discussion below on automatic color
balance.
• The lighting is incorrect. Problems with a captured image are usually the
result of an incorrect color balance. This is often caused by bad lighting
conditions.

Color balance
The light from a fluorescent light appears white but is actually slightly green. The
light from an incandescent light bulb is very yellow. The light coming from an
open window on a bright day is usually blue from the blue sky. The brain and the
human eye correct for these different lighting conditions, however a video camera

117
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

does not. When an image is captured the resultant image will sometimes have a
color “cast” on it unless care is taken to balance out the color cast that has resulted
from the lighting.

Automatic color balance


Most modern video cameras can perform a color balance automatically.
Sometimes certain conditions can trick the camera into balancing incorrectly.
When this occurs you usually get a very bad image.
The camera performs an automatic color balance by trying to adjust the average
of the colors in an image to approach its preset white value. This is based on the
premise that an average scene will have a random collection of color in it. The
combination of colors in the average scene usually results in white. If there is a
predominance of a certain color, (consider a birthday party scene lit by a light
bulb and candles - giving a yellow light), then the camera will add more of the
opposite color (in this case blue) to make the overall scene average to white. The
resultant image would appear on your monitor as the eye would expect to see it,
rather than a yellow lit scene. This is the color balance operation.
Different cameras perform the color balance in different ways. Some cameras
have a small white target with a sensor located inside the lens. The whole scene is
focussed on the white target so that the camera can tell what the overall color cast
is. These cameras will continuously perform color balancing. Other cameras
require you to press a button which calculates the color correction property. The
manufacturers of these cameras recommend that you place a white target such as
a piece of (white) paper at the subject and press the button to perform the
calculation and then take the image.
Finally some cameras require that you perform color balance manually. Many
CCTV cameras operate this way.

Problems with color balance


In this application, the usual scene is of a cardholder in front of a colored
background. These types of scenes show an average color that is not white.
Consider a person wearing a blue shirt in front of a blue background. The average
color is blue, because the area of color in the face is not enough to balance out the
predominance of blue in the scene.
A typical video camera views the scene and tries to balance it to average white. In
the above example it adds more red to the picture on the assumption that there is
blue light in a normal scene. The result is a pale blue background and a very red
face.
To avoid this problem check the specifications of the camera. Can the automatic
color balance be disabled? This is particularly important in the case of
continuously adjusting cameras. Because the camera does a different calculation
for each subject (that is, cardholder), the images will appear different from person

118 www.honeywell.com
ABOUT THE INTEGRATED PHOTOID COMPONENTS

to person. In the above example, the person with the blue shirt will have a red face
and the background will appear pale. A person with a white shirt will appear less
red and the background more blue.
When color-balancing a camera, be sure to use true white paper; some paper is
off-white. Ensure that the area where subjects are to have their image taken is
evenly lit and free of shadows. This is good general photography practice.
Ensure that the lighting around the portrait area is not subject to change. For
example, an area near an open window is not good. The lighting levels and color
balance will change from day to day as the weather and time of day changes.
Ideally, the photo taking area should be set aside for this purpose so that correct
lighting and camera positioning can be established. It should not have a window,
or at least be able to have the window covered so that external light sources don’t
affect the taking area.
Use a professional photographer quality lighting and camera tripod assembly.
These units provide a stable mount for the camera as well as supporting a halogen
lamp and umbrella for correct light diffusion.

119
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Image capture devices


Image capture devices are used to capture either a portrait of the cardholder or the
cardholder’s signature. There are a number of different image capture devices
such as a video capture card and video camera, a digital camera, a signature pad,
or scanner. Each of these devices might have different methods of interfacing to
systems. In EBI, three standard mechanisms are used to interface to such devices.
They are:
• MCI devices (video capture cards)
• TWAIN devices (digital cameras, scanners)
• Mouse emulation devices (signature pads)
If the device you want to use supports one of these methods of interfacing to a
computer, then you should be able to use it with EBI. Some devices have been
used and tested with EBI.

MCI devices (video capture cards)


Integrated PhotoID uses Microsoft MCI (Media Control Interface) to
communicate with Video Capture cards. This has the advantage that you need not
be tied to a single vendor for the video capture hardware. It also allows you to
change the video capture card as technology and prices improve.
The video capture process involves a live video source (camera), a video capture
card, a normal video card (VGA, Super VGA and so on,), a monitor and the
computer/software controlling it.
The video capture card usually overlays or superimposes a live video window on
top of the computer’s video signal from your video card (VGA, Super VGA, and
so on). This combined signal is then fed into your monitor. By this method you
can get a “preview” of the image from the camera about to be saved to disk. The
two signals must be mixed electronically; this means that the video capture card
may connect physically to your video card.

TWAIN devices (digital cameras, scanners)


Integrated PhotoID also allows you the choice of using a TWAIN device such as a
digital camera or scanner to capture images. These devices may be cheaper and
more portable than a video capture card/video camera setup but they may not be
as fast to use. They generally connect to your computer via a serial port.
TWAIN devices usually come with their own TWAIN driver software and
TWAIN capture program. When you use a TWAIN device, the TWAIN capture
program will be invoked. This may look a little different to the rest of the system.

120 www.honeywell.com
ABOUT THE INTEGRATED PHOTOID COMPONENTS

Mouse emulation devices (signature pads)


Some devices, particularly signature pads, replace or emulate a mouse as a means
to capture a signature. These devices are very easy to integrate into your system
and so are an excellent way to capture signatures.

121
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Configuring the cardholder comparison display


If your site uses Honeywell Digital Video Manager, you can configure a display
for operators to use to compare a cardholder image to live video of the person
who presented the card at a reader.

To configure the cardholder comparison display


1 In Quick Builder open the security.qdb project.
2 Locate the MICROLPM-RD02 access point.
3 Click the Script tab.
4 Click Create New or Edit Existing Server Scripts.
5 Select the script and press CTRL + C to copy the script.
6 Open the Quick Builder project that contains the definition for your access
points.
7 Select the access point that represents the card reader in the location of the
building where you want to use the cardholder comparison.
8 Click the Script tab.
9 Click Create New or Edit Existing Server Scripts.
10 Paste the script that you copied from the sample project.
11 From the Event list click the OnChange event.
12 From the Parameter list, click LSTACT.
13 Edit the script as follows:
a. In StationNumber specify the number of the Station where you want the
Cardholder Video Comparison display to appear.
b. In CameraNumber, specify the number of the camera that is to provide the
video for the display. (That is, the camera that is located near the card
reader.) If appropriate, in PresetNumber, specify the camera preset
number.
c. If you operators to be able to unlock and lock the door, specify the point
ID, the parameter and the value for the appropriate lock point in PointID1,

122 www.honeywell.com
CONFIGURING THE CARDHOLDER COMPARISON DISPLAY

PointParameter1, and PointValue1. To include a label on the button


specify the appropriate text (for example, Unlock) in PointLabel1.
You can have up to 4 buttons on the display.
d. If you want to specify access events to trigger the display to appear,
uncomment the following line in the script and edit appropriately:
If (AccessState = “Granted”) Then...
For example, you may want the Cardholder Comparison display to appear
only when access is denied.
14 Click OK.
15 Download the point to the server.

Next steps
• If you want an operator to manually unlock a door after they have verified a
cardholder, modify the controller so that the door is not automatically
unlocked whenever a cardholder is granted access at a card reader.

Related topics
“Cardholder comparison” on page 125
“Preventing a door from automatically unlocking” on page 124

123
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

Preventing a door from automatically unlocking


If you want to use the Cardholder Comparison Video display to verify that the
person who presented a card at a reader is the legitimate cardholder, you may
want to prevent a door from automatically unlocking if the cardholder is granted
access by the reader.

Caution
Before you perform this procedure, ensure that there is another mechanism, for example a
REX switch for unlocking the door in case communications between EBI and the
controller is lost.

Prerequisites
• The Cardholder Comparison display must be configured with lock and unlock
buttons as this procedure prevents access to the door. When you complete this
procedure, the cardholder comparison display is the only means by which the
door can be unlocked.

To prevent a door from automatically unlocking


1 In Station choose Configure > Access Control > SE Parameters.
2 Select the controller associated with the door you want to configure.
3 Click the Doors tab.
4 Select the door you want to configure.
5 Set the output associated with the door to 0.
This removes the association of an access granted event and unlocking the
door lock.
6 Save the change and download to the controller.

124 www.honeywell.com
CONFIGURING THE CARDHOLDER COMPARISON DISPLAY

Cardholder comparison
You may have secure areas in your site where you want to verify that the person
who has presented a card at a reader is in fact the owner of the card before they
are given access. The Cardholder Comparison display can be configured to
appear in Station whenever a card is presented to a reader. Live video from a
Honeywell DVM camera located at the reader can be compared to the image that
has been captured for the cardholder. If the images match, then the operator can
unlock the door to provide access to the cardholder.
Alternatively, you may want to configure the Cardholder Comparison display to
appear when a card or cardholder is denied access to a door. Live video from a
Honeywell DVM camera located at the reader can be used by the operator to
decide whether video of the event needs to be recorded.
The cardholder comparison can be used only if you use integrated photo ID and
Honeywell Digital Video Manager.

125
6 – CONFIGURING INTEGRATED PHOTOID FOR AXSS-II CONTROLLERS

126 www.honeywell.com
Index

A configuring AXSS-II door-related


properties 49
access control and security algorithms
access levels using with AXSS-II 37
about AXSS-II 84 AXSS-II channel properties
deleting AXSS-II 83 Main tab 23
modifying AXSS-II 82 Port tab 25
access levels, configuring AXSS-II 72 AXSS-II checklists
access levels, defining AXSS-II 77 introduction to 8
AXSS-II controllers setup and configuration 14
anti-passback and PGAP, described 87
AXSS-II controller properties
cardholder database, configuring
Main tab 28
AXSS-II 63
System Parameters tab (in Station) 45
cardholder management profile, defining
AXSS-II 93 AXSS-II controllers
cardholder preferences, configuring access control and security
AXSS-II 68 access levels, configuring 72
cardholder template, defining AXSS-II 88 access levels, defining 77
checklists access levels, deleting 83
AXSS-II 56 access levels, described 84
configuring AXSS-II 55 access levels, modifying 82
downloading access information AXSS-II 94 cardholder database, configuring 63
fields, configuring AXSS-II 64 cardholder management profile,
new field, defining AXSS-II 66 defining 93
organizational model, configuring cardholder preferences, configuring 68
AXSS-II 92 cardholder template, defining 88
PGAP, enabling AXSS-II 74 checklist 56
time and attendance reporting, batch file configuring 55
AXSS-II 90 downloading access information 94
time and attendance reporting, configuring fields, configuring 64
AXSS-II 89 new field, defining 66
time period, deleting AXSS-II 81 organizational model, configuring 92
time periods, defining AXSS-II 76 PGAP, enabling 74
zone enforcement, enabling AXSS-II 80 time and attendance reporting, batch
zone names, defining AXSS-II 73 file 90
zones, configuring AXSS-II 75 time and attendance reporting,
zones, deleting AXSS-II 79 configuring 89
zones, describing AXSS-II 85 time periods, defining 76
time periods, deleting 81
access points
zone enforcement, enabling 80
AXSS-II properties
zone names, defining 73
Door Definition tab 50
zones, configuring 75
zones, deleting 79

127
INDEX

zones, described 85 ghosting 114


communication settings 20 image capture devices, types of 120
configuring in Station 44 image capture environment, setting up 101
connecting to server 16 image capture settings, defining 103
defining 27 introduction to 99
documents 11 lighting 101, 116
getting started 7 MCI devices (video capture cards) 120
point parameter address 30 printers
report modes choosing 114
configuring 46 setting up 112
properties 48 signature pads 121
server connection guidelines 15 TWAIN devices 120
setting up 13
supported models 10
troubleshooting 41 P
AXSS-II monitor points point definitions
configuring 53 for AXSS-II access 17
for AXSS-II status 17
C point parameter address
defining AXSS-II 30
channel properties properties
AXSS-II Main tab 23 AXSS-II channel 23
channels AXSS-II controller 28
defining an AXSS-II channel 22
checklists
access control and security
S
AXSS-II 56 scanning
Integrated PhotoID 100 optimizing performance for AXSS-II 38
setup and configuration AXSS-II 14 servers
communications settings connecting to AXSS-II 16
AXSS-II controller 20
controllers
defining an AXSS-II controller 27 T
troubleshooting
I AXSS-II communication errors 41

Integrated PhotoID
background 101
cameras 116
card layouts
defining 108
ghosting and chromakey 114
guidelines for 109
cards 114
checklist 100
chromakey 114
color balance 117
components 113
database tables, cardholder 110

128 www.honeywell.com

Das könnte Ihnen auch gefallen