...
Table of contents
| Table of Contents |
|---|
1. Introduction
These release notes provide information about the latest features of iProtect, including required software versions and hardware installation and operating manuals.
2. System requirements
This chapter lists the required hardware and software for iProtect, including the licensing scheme of iProtect upgrades.
2.1 Supported servers
Below is a list of existing servers that can be updated to Ubuntu 20.04:
TKH KP10
DELL KP13
DELL KP23
DELL KP24
DELL KP43
DELL KP44
IPT-S24
IPH-S24
IPH-S44
IPH-S10
2.2 Hardware specification
The hardware specification depends on many variables, so the required specification is customer specific.
Guide lines for 2500 card users and 250 readers and 5 concurrent users*.
Version | CPU | Ram | Disk |
10.00 | 2.0 Ghz dual core | 8 GB | >= 500GB |
10.01 | 2.0 Ghz dual core | 8 GB | >= 500GB |
10.02 | >= 2.0 Ghz dual core | 16 GB | >= 500GB |
10.03 | >= 2.0 Ghz dual core | 16 GB | >= 500GB |
Test system (small) | 1.6 Ghz dual core | 4 GB | 100GB |
| Info |
|---|
For large systems (>1000 readers, >20 concurrent users), a minumum of 32GB internal memory and 8 cores is recommended. * |
| Info |
|---|
Depending of the use of images (keymaps, photo’s), the diskspace should be checked. |
2.3 Software
The minimum required operating system version for iProtect
iProtect version | O.S. | iProtect setup | Internet connection required |
10.02 | Ubuntu 20.04 LTS | >= V3.0 | Yes, for installation and updates |
For iProtect 10.02 with Ubuntu 20.04, there is a TKH repository with all needed files for installing and maintaining the setup files.
...
On request there is an option to install iProtect without an internet connection but is not recommended !
2.4 License
From iProtect version 10.01 onwards, the licensing mechanisms have changed. The iProtect licensing has been brought in line with the Sense licensing scheme.
...
| Warning |
|---|
To be able to update an existing iProtect system (< 10.01.37) to version >=10.2, the existing system must first be updated to >= 10.01.37. The system can then be converted using a backup file. |
2.5 Browser support
All tests are done with default browser settings, if some functionalities require changes to the settings, this will be mentioned in the specific manual. The following browsers are supported in iProtect:
Browser | Version |
|---|---|
Google Chrome | >= 101 |
Mozilla Firefox | >= 78.15 ESR release |
Mozilla Firefox | >=101 |
Microsoft Edge | >=101 |
| Info |
|---|
Microsoft Edge Legacy is not supported anymore. |
3. End of support
The Alphatronics ML intrusion panel. Advised: replace by UNii intrusion panel.
Recogtech Palm reader
4. iProtect server and application
This chapter describes the additions and/or changes of the application.
...
Sense connection changed.
API is changed (login).
New (online) installation procedure.
New server dashboard named: cockpit.
New operating system.
Improved security for operating system and iProtect application.
New features
Maintenance
4.1 Sense support
The implementation of Sense connection is changed. Only a secure connection (SSL) is possible.
Video management server | Supported version |
|---|---|
Sense | >= 2.6.13 |
4.2 API
Connecting to iProtect via the API is more strict and has had some security improvements.
On request, a new API document is available.
...
| Note |
|---|
When using the API, it should be taken into account that the way of logging in has changed for security reasons! |
4.3 Cockpit
A new interface has been added to manage the server. Server-related functions are therefore removed from the traditional Maintenance page. The traditional Maintenance page remains available for settings specific to the iProtect application.
Cockpit is the server administration tool sponsored by Red Hat, focused on providing a modern look and user friendly interface to manage and administer servers. The most common used functions are briefly explained in the following chapters.
...
Location: Browse to: https://IP-ADDRESS/cockpitpanel (admin user login required)
4.3.1 Firewall
Firewall is now present by default.
...
| Info |
|---|
The Firewall is set by default to allow network traffic with TKH access control controllers. When connecting a third party system to iProtect, the network port settings must be added to the firewall. |
4.3.1 System time
This funtion is removed from the Maintenance page and moved to cockpit.
...
Location: Cockpitpanel | Overview | Configuration
4.3.2 Restart server
This funtion is removed from the Maintenance page and moved to cockpit.
Location: Cockpitpanel | Overview
4.3.3 Maintenance page
The "classic" Maintenance page or server box is also directly available within Cockpit.
Location: Cockpitpanel | Serverbox (atlas user login required)
4.4 Security updates
Security updates and settings have been applied in many areas. These are described in the chapters below.
...
| Info |
|---|
After updating iProtect to version 10.02, it is necessary to re-enter the Samba share password. |
4.4.1 Security settings
4.4.1.1 Cross-site request forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. It's also known as XSRF, “Sea Surf”, Session Riding, and Hostile Linking. The system administrator is able to enable/disable this protection.
Location: Installation | Settings | Server parameters tab: Database
4.4.1.1 Security setting: HTA enable
HTA is nowadays seen as a security risk. The system administrator is able to enable/disable this functionality.
...
| Info |
|---|
HTA is nowadays seen as a security risk, in time this function will be removed. |
4.4.1.3 Media element
A HTML media element has a new setting: Execute script allowed. E.g. iFrames will not execute when this checkbox is disabled, Only users with correct database rights are allowed to change this setting.
Location: General | Settings | Media element
4.4.1.4 Time between next execution
Each procedure has a new option “time between next execution (hh:mm:ss)”. This feature was added to prevent anyone (or a system) from performing this procedure multiple times within a specified amount of time when not allowed, or to prevent damage to ancillary systems.
Location: General | Settings | Procedure
4.4.1.5 Certificates in iProtect
To improve handling and security, changes are implemented to the iProtect certificates:
...
Location: Maintenance page | iProtect | Certificate | Configuration
4.4.1.6 Session management
If from a system user the password-, login name-, or 2FA seed is changed, all sessions of that system user will be closed. The exception is if you change something for yourself, all your own sessions will be closed, except for the application in which you made the change.
Location: Installation | System user
4.4.1.7 System users
From the security perspective, system permissions for system users have been adjusted. This is to limit the rights to the database. It is not possible anymore to have a user group for regular and installer users with full database rights.
...
| Note |
|---|
From a security point of view: Do not give a user more rights than they need to perform their task. It is recommended to check this if desired. |
4.5 New features
This chapter provides information concerning new features.
4.5.1 Confirm office mode
When a door/reader is set to office mode , and the door is not opened in within time X, the door/reader will switch back to automatic operation. Time X is the longest door opening time defined by the Unlock time or Alternate unlock time ( longest time) + Extra door open time.
...
| Info |
|---|
Option is only available for Pluto / Orion. |
4.5.2 Boot behavior
Normally a system is setup with the behavior that a door is closed while booting. In special cases it is desirable that a door is open during power-up. If door open during boot is desired, select this option "door open during power-up"
...
| Info |
|---|
Only available for Pluto with USB connected Orions and only effective when powering up the controllers. A reset will not activate this function. |
4.5.3 Cosmos access, multi select on interaction type
If multiple readers are selected and all off the readers are suitable for Cosmos access the multiselect option is available.
Location: Installation | Hardware | Reader
4.5.4 Mitsubishi elevator - communication speed up
There is an improvement made for the elevator connection. In the past the reaction time could be up to 5 seconds, now the reaction time is stable approx. 0,5 sec. with no network delays.
4.5.5 Download pdf
Due to limitations, it was not possible in the past to save every report in PDF format. Now in every report in the browser there is a button (top right) available to download the report in PDF format.
4.5.6 Rijkspas - User moves from CMS to Hub
At a Rijkspas system it is possible that a card that was imported in the "CMS way" is later again imported in the "HUB way. If this occurs then the link synchronized item will be removed automatically.
4.5.7 User interface - Display error message
If the user interface is temporarily not available (Error Code: 503) a new page is shown.
In this page two links will be available, Maintenace page and Cockpitpanel.
4.5.8 System user - Expire date
If the option is chosen to expire passwords, it no longer applies to the root password (so the root password never expires). It still gives you the option to change it, but it won't expire because otherwise you won't be able to use your root login anymore.
4.6 Maintenance
Changed and improved labels/translations (general).
HTA tool, import of multiple mail addresses.
Add authorization template to system user.
Speed up, access when card is not known in controller.
Change of default max. temperature setting for Orion. Now 60 degrees.
Firewall rules are now part of the backup.
Pre-selection presence reports fixes.
Multiple small issues fixed.