...
Installation Manual | IM-20230628-AVW-02 iProtect Access / Security | Functionalities | iProtect™ - SimonsVoss VCN  |
| Table of Contents |
|---|
...
1 iProtect Aurora and SimonsVoss VCN
iProtect Aurora can control SimonsVoss data on card (VCN), by means of using a data on card solution. The VCN system is a data on card system in which the access profiles are distributed via the access cards instead of online card readers. We also refer to this system as “native” or “offline” because the access rights are defined in the iProtect database itself and are distributed to the access card using a iProtect controlled enroll or update reader.
1.1 System architecture
...
...
Offline cylinder: The offline access control lock/cylinder.
1.2 System requirements
At least the specified firmware versions are needed to let the system work properly.
Hardware | Description | Extra information | Versions |
iProtect | SMS | - | From: 9.03.02 Recommended from: 10.01.xx |
Pluto | Reader manager | - | From 5.00.41 Recommended from: 5.03.23 |
Hardware control applet | only needed when using iProtect version 9.10.xx and lower | From: 3.00 | |
Orion | Door controller | Bootloader | From: 2.3.0.15 Recommended from: 2.4.2.17 |
Firmware | From: 1.4.40 Recommended from: 1.5.18.86 | ||
Sirius | I Serie | - | From firmware: 1.5.32 |
Sirius | IX serie |
| From firmware: 2.0.5.a.1 |
SimonsVoss | SmartIntego VCN
| Use with iProtect version 09.03.02 and higher | 2.1.6411.25403 |
Use with Smartintego VCN version: 2.1.6411.25403 | Access DB Engine Runtime 2007 | ||
SmartIntego VCN
| Use with iProtect version 10.01.xx and higher | From 3.0.7600.18050 | |
SimonsVoss lock firmware | SV SI2 Cylinder | 5.4.16 | |
SV SI2 handle | 5.6.09 | ||
SV AX handle and Cylinder | 1.1.519 | ||
Card | Mifare DESFire | - | ev1 and ev2 |
2 Installing the SimonsVoss software
Be sure before starting to integrate the solution, that the following software is installed as described in the SimonsVoss manual.
...
Please contact your consultant or the TKH service and support department for the “TKH_security_defaultSVVCN_cardconfig_DES.ikt” template file or the KEY information.
2.1 Password handling
Project password: The smartintego tool stores the locking system configuration in a project .ikp file. The project password protects the file access. This password is changeable in the tool itself.
...
Lockingsystem password: The configuration of the locks will be secured with the locking system password. The password will be written into every lock and is not changeable afterwards. With this password it is possible for example to do emergency opening or resets the locks. Keep this password protected!
2.2 Mifare DESFire ev1/ev2 card configuration
From Smartintego VCN version 3.0 the project must be started by opening the “TKH_security_defaultSVVCN_cardconfig_DES.ikt” template file. This template file has the card coding settings so there is no need to create a card configuration in Smartintego VCN. The password is 12345678.
...
Please contact your consultant or the TKH service and support department for the “TKH_security_defaultSVVCN_cardconfig_DES.ikt” template file or the KEY information.
3 Configuring iProtect for update/enrolment
iProtect needs to be configured before a card reader can be used as enrolment or update reader.
...
DESFire default interpretation (for regular readers)
Enrolment interpretation (for enrolment readers)
Update interpretation (for update readers, and VCN locks)
3.1 Configuring the card presentation
Click in iProtect™ Aurora on the menu item Access | settings | card coding | card data presentation
...
When using older iProtect versions the card data interpretation is called SV VCN KP Desfire compatible
3.1.1 Card interpretation for enrolment
Click in iProtect™ Aurora on the menu item Access | settings | card coding | card data interpretation
...
When using older iProtect versions the card data interpretation is called KP Desfire
3.1.2 Card interpretation for TKH DESFire
Click in iProtect™ Aurora on the menu item Access | settings | card coding | card data interpretation
...
When using older iProtect versions the card data interpretation is called KP Desfire
3.2 Configuring the Pluto
Make sure all connections are in accordance with the technical drawing and connect the Pluto to the network.
Open the Explorer and browse to the following address: https://192.168.1.195. The login screen appears.
Enter “controller” as username. The default password is “Pluto”.
On the maintenance page select “Network settings” and enter the desired information like IP address and IP address gateway.
Select “Hardware” and activate “Diagnostics”. Diagnostics enables automatic detection of devices connected to the Pluto and testing of it. Deactivate diagnostics after successful test.
Select “Tools” and verify the connection with iProtect™ by entering the IP address of the iProtect™ server together with port number 20100 at Netcat and press the “Test” button.
3.3 Configuring the line
Click in iProtect™ Aurora on the menu item Installation | Hardware | Line.
Right-click in the browse window and select “Add line‟. The detail window opens.
Enter the following data:
Name: “specify a logical name”
Type: “network device”
Provisioner group: “Pluto”
Active: (check)
Active with node: (check)
Function of the line “Keyprocessor”
IP address: “enter the IP address of the Pluto”
Click on the “Save” button.
Press the button “Send new Keystore”.
...
Click on the “read in” button. The Pluto will automatically detect and configure connected nodes.
Activate connected reader by presenting twice an access card. The reader LED should be blinking.
3.3.1 Configuring the enrollment reader
Click in iProtect™ Aurora on the menu item Installation | Hardware | Reader.
Click on the “Search” button and select the Reader that is planned for card enrolment.
Enter the following data:
Name: Specify a logical name
Card data interpretation: Enter the enrolment card data interpretation which is made in chapter 3.1.1
...
Before a card can be enrolled, an offline access profile bust be created. For more information of the availability see chapter 6.2.3.
3.3.2 Configuring the update reader
Click in iProtect™ Aurora on the menu item Installation | Hardware | Reader.
Click on the “Search” button and select the Reader that is planned for card update.
Enter the following data:
Name: Specify a logical name
Card data interpretation: Enter the enrolment card data interpretation which is made in chapter 3.1
Save the data.
4 Configuring iProtect for SimonsVoss
4.1 Configuration SimonsVoss line
Open menu Installation | Hardware | Line
Right-click to “add a new line”
Enter the following data:
Name: specify a logical name
Type: “Server”
Active: (check)
active with nodes: (check)
Modus: “Virtual line”
Save the data.
4.1.1 Configuring SimonsVoss node
Click in iProtect Aurora on the Virtual line which is created in 4.1
Right-click in the browse window and select “Add node‟. The detail window opens.
Enter the following data:
Name: Specify a logical name
Active: (check)
Node type: “SimonsVoss VCN”
Save the data.
4.1.2 Configuring offline reader
Click in iProtect Aurora on the menu item Installation | Hardware | Reader.
Right-click in the browse window and select “Add Reader‟. The detail window opens.
Enter the following data:
Name: Specify a logical name
Card data interpretation: the card data interpretation made at chapter 3.1
(Time Anti): The area where the reader belongs to
Modus: standard
Buzzer enabled: (check)
...
When the card data interpretation needs to be changed after programming the locks. This must be done using the wizard (right klick the Simons Voss VCN node)
4.1.3 Configuring offline reader groups
Click in iProtect Aurora on the menu item Access | Settings | Reader group.
Right-click in the browse window and select “Add Reader group‟. The detail window opens.
Enter the following data:
Name: Specify a logical name
Group type: Offline reader
Node: “The name of the SimonsVoss VCN node created at chapter 4.1.1
...
When offline reader groups are changed the involved VCN locks need to be reprogrammed.
5 Exchanging the configurations
To configure the locks with the in iProtect configured settings, an export is needed once.
5.1 iProtect to VCN
Click in iProtect Aurora on the menu item Installation | Hardware | Node.
Select at “Export” all if the whole configuration needs to be exported, or Non synchronized if only the changed readers need to be exported.
Click on “Export” and save the .XML file.
Go to the SimonsVoss VCN tool and open the project made at chapter 2.
Go to File | import | VCN configuration and select the saved .XML file.
Execute the tasks and save the project.
5.2 VCN to iProtect
If all desired tasks are executed, the configuration can be exported.
...
The export ID between the iProtect to VCN and VCN to iProtect .XML files should always be the same.
6 Supported features
This chapter will describe the supported functionalities and features.
6.1 Offline door features
The following features and settings can be used on the offline doors.
6.1.1 Name
Logical name of the card reader.
...
Default: empty
The name is mandatory.
Max value: 32 characters
6.1.2 Transaction storage enabled
Setting if the offline events must be stored in the reader or not.
...
If selected.
Offline transactions will be stored in the lock as long as possible based on first in first out.
If not selected
Offline transactions will be not stored in the lock.
6.1.3 Status
Fields with information gained from the offline lock:
...
Lock: firmware in the lock, presented as X.X.XX
Reader: firmware in the reader, presented as X.XX.XX
6.1.4 Unlock time
Default door open time used when a valid card is presented.
...
Step size: 1 second.
Max value: 25
Default value: 3
6.1.5 Alternate door unlock time
Depending on card settings an alternate door <unlock time> can be used.
...
Step size: 1 second.
Max value: 25
Default value: 5
6.1.6 Offline reader modus
Setting which determine if a lock can be set in office mode or not.
...
| Info |
|---|
From iProtect version 10.01 office mode will only be activated if at the timezone settings the checkbox “office mode Offline locks” Is activated. This timezone will then also determine the automatic end of the office mode. |
6.1.7 Buzzer enabled
Setting if the buzzer is enabled or not.
...
If selected
Reader buzzer is enabled
If not selected
Reader buzzer is disabled
6.1.8 Create lock tasks
It is possible to create lock specific tasks by pressing on the task buttons.
...
Tasks can be executed from the SimonsVoss VCN software by importing the XML file, use the steps described in chapters 5.1 and 5.2.
6.2 Card features
This chapter describes the features which concerns the offline locks.
6.2.1 Transaction and event storage
The following transactions and events will be stored on the card:
...
Transactions are stored on the card with an offset timestamp from the expiration date, this offset has a maximum of 21 days. So, when the validity period is set to long the offline transactions will have an incorrect timestamp. We advise a maximum validity period of 24:00.
6.2.2 Expiration date
Shows the offline expiration date.
...
The offline validity can be set in the card data interpretation of the enrolment/update reader see chapter 3.1.1 and 3.1.2.
6.2.3 Status
Shows the status of the offline access profile.
Normal:
card does not need an update
Update available:
offline access profile is available and the card can be update
6.2.4 Alternate door unlatch time
This function determines if the normal, or alternate door unlock time will be used.
...
If selected
Alternate unlock time will be used
If not selected
Normal unlock time will be used
6.2.5 Activate office mode
This function determines if the card may use the office mode functionality or not
...
| Info |
|---|
From iProtect version 10.01 office mode will only be activated if at the timezone settings the checkbox “Offline lock office mode” Is activated. This timezone will then also determine the automatic end of the office mode. |
6.2.6 blocklist
This function will block the affected card and this information will be spread to all locks with the cards which are in use for the offline locks.
...
This function is specifically designed for stolen and lost cards.
A block listed card is deactivated for use on offline locks when presented at the first offline lock that “knows” the card is block listed.
When a block listed card is removed from the blocklist it needs an update before it can work again
If a card is removed from the blocklist it cannot remove itself from the blocklist of a lock (that will only deactivate the card again for use on offline locks) only another card can remove a block listed card.
A maximum of 10 block listed cards can be programmed on an access card.
A maximum of 500 block listed cards can be programmed on an offline lock.
To prevent that the maximum amount is reached on a card or on a lock a block listed card will have an end of blocklist time. That is the Expiration date of the card plus a week.
6.2.7 Technical monitoring
To monitor the technical status of a lock, an analogue input is automatically created for the lock battery status. The battery status is updated to the iProtect system by the access cards using the update reader(s)
...
Input name | Available levels |
Battery status | OK |
Replace battery (30 days left) | |
Alarm (20 days left) | |
No status available |
6.3 Online reader features
This chapter describes the features of the online enrollment and update reader.
6.3.1 Enrolment reader
The enrolment reader is able to create the SimonsVoss VCN application at the Mifare DESFire card. After creating the application, the application will be updated with the offline access rights.
...
| Info |
|---|
When no programming action is required for the card the led of the enrolment reader will not turn blue, it will show the green led. |
6.3.2 Update reader
The update reader is able to update the access rights, validity or retrieving transactions.
...
Please notice that during an error, a transaction is created in iProtect. This transaction contains more detailed information.
7 Update iProtect and Smartintego
7.1 Update iProtect
In basis a iProtect update can be performed using the iProtect update manual, In most cases no extra preparation and steps are needed. However when updating from a iProtect version prior to 10.01.xx to iProtect version 10.01.xx or higher extra care is needed.
...
It is understandable that more time is needed to reprogram all the locks, and no problem with access is desired In that case it is possible to grant cards 24/7 access to the lock(s). Access will than work, offline transactions will than not have the correct time stamp. Before this action is performed we advise to discuss this with the person responsible for security.
7.2 Update Smartintego VCN version, 2.6 to 3.0
From iProtect version 10.01.xx Smartintego version 3.0 can be used. Smartintego 3.0 uses however another key set to communicate with the card, AX locks will only work with this key set. For this reason, a migration is needed when Smartintego is updated from version 2.6. to 3.0. This chapter describes the migration steps.
7.2.1 Migrate the existing cards to the new AX config.
To achieve this a “update migration” reader script is needed to migrate the existing (Smartintego II) config to the new (Smartintego AX) config. This script is by default added as a reader provisioner group in iProtect version from 10.01.xx and can be selected at an individual card reader or at the card data interpretation. The new AX card configuration is compatible with the old configuration, so migrated cards will still work on locks that are not migrated.
...
| Warning |
|---|
Enrolling a card with a Smartintego II config programmed, with an enroll reader set to AX will damage the card. For migration use a migration update reader. |
7.2.2 Migrate Smartintego VCN and the locks
When all accesscards are migrated (chapter 7.1) the VCN software can be updated.
...