.png?version=1&modificationDate=1662974935412&cacheVersion=1&api=v2)
Technical Manual | TM-20210309-TP-22 iProtect Access / Security | Coupling |  |
This manual represents the knowledge at the above-mentioned time. TKH security works non-stop to improve her products. For the most recent technical information please contact your consultant or dealer.
1 Introduction
This document describes the Elevator service in iProtect. It explains its purpose and how it should be
configured. Currently, this integration is available for the DOAS Mitsubishi Lift system.
1.1 Short explanation
The TKH security iProtect integration with elevators control systems adds higher security and destination control to the elevators in your building. The integration means that you can restrict access to elevators and floors for cardholders via time schedules and access rights.
For example: a user can be assigned access to only the ground floor and 12th floor from 07:30 till 19:00 hour.
The operation is such that cardholders swipe their card on the elevator reader that is present in the so called elevator call unit. The elevator call unit in turn only shows the available floors or the user can only enter the floor numbers, to which the user is also entitled. (depending on the type of call unit) In this integration, the iProtect software sends a command directly from the server to the elevator controller over the IP network. This replaces the conventional method of using relays for the connection.
The purpose of the elevator link is to send a command to the elevator controller when:
a: access is granted (based on the normal access rights)
b: the person has rights to travel with the elevator
c: the reader has a call location and a known ID for the elevator controller
If all these conditions are true, a message is send to the elevator controller.
1.2 Schematic overview (user interface)
1.3 Schematic overview (technical)
1.4 Communication
Communication when presenting a card:
When a card is presented to a reader that is related to a call location (and access is granted) a message
is send to the Elevator Service containing to which node manager (Pluto) and reader a card is presented.
The Elevator Service will gather extra information based on the call location (related to the reader) and the
floor group (related to the card).
With this information a Call Request is created and is sent to the Elevator Device.
If the request is handled by the Elevator Device, a message is send back to the Elevator Service
(containing the elevator car that is used) or an error message if something goes wrong.
This message is sent back to the node manager. There an event is created that an elevator call was
successful or not and is send to the iProtect Server.
Communication for communication state:
Each node manager that has a reader that is related to a call location will send heart beat messages every
60 seconds. It contains which readers are functioning properly.
The Elevator Device is informed if the access control system(iProtect) is functioning properly or not.
If not, the Elevator Device may be set in calamity mode.
The Elevator Device may also send heart beats to the Elevator Service to inform iProtect it’s connection
state. This connection state will be sent to the iProtect Server
2 Elevator Service setup
2.1 License
To activate the iProtect Elevator service a special license is required:
· License number 1800: Smart Elevator control
2.2 Configuration
A new Elevator synchronization service can be created in the Database Link form which is available via the
menu selection:
Installation | Settings | Database Link
You can add a new Database Link by pressing the right mouse button in the tree view panel and selecting
Add database link.
In the Database link details form you select <Elevator call service> as database type and the details of this
service appear.
With the mandatory Name and Elevator type parameter you give this service a unique name and select the
manufacturer/type interface
Other settings depend on the selected elevator type
2.3 Status
With the Active checkbox the elevator service can be started and stopped.
Functional state: information
· Service in calamity mode
· Service partly functional
· Service full functional
3 Elevator type Mitsubishi
3.1 General Mitsubishi
iProtect has an integration with the DOAS Mitsubishi Lift system. ELSGW (Elevator Secure Gateway)
Mitsubishi Electric’s DOAS system optimizes multi-car elevator systems by allocating cars efficiently
according to the floors that passengers input while waiting in the hall/lobby, helping to reduce both wait and
travel times. The integration means that you can restrict access for a the person via time schedules and
floors increasing security and efficiency of movement around the building.
The implementation support a number of features like
· VIP traveling
· Management traveling
· Handicapped function (also called disabled)
· Non-stop calls
· Elevator lobby calls
· Entrance calls
· Room calls
3.1.1 Security gate calls ELSGW version
The integration is tested with:
· ELSGW emulator V1.03
· ELSGW version
o Rom Name: GXSE501-AE
o Version: 1.00
3.2 Service
The elevator service has the following parameters for the communication with the Nodemangers (e.g. Pluto):
The service makes use off the same certificate that is used for the user interface.
IP address or hostname iProtect: The IP address of the iProtect server who communicate with the
Pluto(’s)Port :
o Default: <443>Use SSL: Checkbox determines whether SSL is used to encrypt the communication between the Pluto
and iProtect.
o default: <yes>Allow self-signed: client allow self-signed certificate
o default: <yes>Allow insecure: client allow insecure server
o default <yes>Allow expired: do not check the expire date of the certificate.
o Default: <yes>Skip Server Cert: client skip server certificate hostname check
o Default: <yes>
Ensure that when using a hostname, the Pluto device is configured with the correct DNS settings.
Starting from iProtect version 10.04, the SSL settings are now included within a secure communication type profile. When utilizing a custom iProtect certificate, please select the “less secure” option.
3.3 Remote server
The parameters in this panel determine what and how the connection is made with the ELSG controller.
Elevator controller status: Show the current status of the connection
IP address elevator controller: is the IP address of the Elevator controller (ELSGW)
o default: <192.168.0.11>Port: This is the port number that is used by the Elevator controller (ELSGW)
o default: <52000>Dysfunctional readers: whether we have to report to the elevator controller if one or more readers
are not functional.
o default: <do not report dysfunctional readers>Multicast address:
o default: <empty>Security System Id:
o default <1> (an reference number in the elevator controller)
4 Set up
A lifts group is a logical group of elevators that are next to each other. An elevator call applies to all these lifts.
Installation | Hardware | Elevator | Elevator group
Note:
An elevator group, called by Mitsubishi “banks” or Address device number
Supported by the ELSGW controller are Bank 1,2,3 or 4
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Service: Type: drop down list
· List of all available elevator services
Elevator group number: Type: number
· Unique code for the elevator group (Bank nr:)
· Only 1,2,3 for 4 can be used dependent on the elevator configuration
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
By language: use a logical name for the elevator group for example
<EG1 1234> Elevator group 1, elevator 1,2,3 and 4
4.2 Elevator Floor
Floors are also called stop locations,
Installation | Hardware | Elevator | Floor
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Elevator group: Type: drop down list
· List of all available elevator groups
Floor ID (1-255): Type: text
· Select the floor ID/ stop location as used in the Elevator controller
Elevator door: Type: drop down list
Determines the location of the door.
· Front
· Rear
If both are available you should program 2 floors for it.
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
By language: use a logical name for the Floor ID for example:
EG1_-2F (1) > Elevator group 1_etage -2 Front (stop location 1)
EG2_22R (25) > Elevator group2_etage 22 (stop location 25)
4.2.1 Elevator floor group
Here we define the elevator floor groups.
Floor groups consists of 1 or more floors and those can be on multiple elevators groups.
A floor group can be linked to a person, see chapter 5.
Access | Settings | Floor group
Visitor use: Type: checkbox
· If selected, the rights group will be available for visitors
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
By language: use a logical name for the Elevator floor group for example:
EG1 all > Elevator group 1 all floors
EG1,2 all > Elevator group 1&2 all floors
EG1 -2,-1,0,1,2,3,4,5,6 > Elevator group 1_floor -2 till 6
TKH > all floors for the company TKH
4.2.1.1 Adding a floor to the floor group
At the moment a floor group is created, you are able to add or change floors to this group.
Double click on the name in the tree view, and select <Elevator group floor list>
In the detail screen select the floors you want to add and save your settings.
4.2.1.2 Adding a timezone to the floor
It is possible to add for each floor in the group a separate timezone , this timezone setting is only valid for the group in which the setting is made.
Double click on the < Elevator group floor list > item in the tree view
All linked floors are now visible in the tree view
Select the floor which you want to add a timezone
Select you desired timezone in the detail screen
4.2.2 Call type
A call type is a feature that is dependent on the elevator manufacturer.
These features can be linked to a person, see chapter 5.
Installation | Hardware | Elevator | Call type
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Service: Type: drop down list
· List of all available elevator services
Feature: Type: drop down list (For Mitsubishi there are four features available)
· Non stop
· Disabled
· VIP
· Management
For the exact behavior of those feature’s contact your Mitsubishi representative.
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
4.2.3 Call location
A call location creates the relation of all involved settings that are necessary to inform the elevator controller
about an call request. A call location is logical connected to a card reader.
Installation | Hardware | Elevator | Call location
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Verification type: Type: drop down list
· List of all available types
o Lobby (outside the car)
o Car (inside the car)
Verification location: Type: drop down list
· Only visible when <Lobby> is selected for verification type
· List of all available types for Mitsubishi
o Elevator lobby
o Entrance
o Room
o Security gate
Elevator floor: Type: drop down list
· Only visible when <Lobby> is selected for verification type
· List of all programmed floors
Elevator group: Type: drop down list
· Only visible when <Car> is selected for verification type
· List of all programmed elevator groups
Car: Type: text
· Only visible when <Car> is selected for verification type
· Car number what is used in the Elevator controller
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
By language: use a logical name for the call location for example
CL_EG1_0F_lobby
CL_EG1_CAR 1
4.2.4 Reader
For the card reader, an extra field has been added to the Other tab, for elevator calls.
When a card reader is in use for elevator calls the response of the led on the reader is different.
The response of the reader after badging a valid card:
· slow blinking: waiting for response of the elevator controller (ELSGW)
· continuous green during relay time: elevator request is done
· fast blinking: no access, elevator request failed (normally after 30 seconds waiting)
Installation | Hardware | Reader
Code: type: number
· Unique reference code for the reader and used by the elevator controller to determine the exact
location of the card reader. (relation to the DOAS)
· Used numbers are defined by Mitsubishi and should be between 1 and 9999
· The code is also called “device number”’
· Max number of supported card readers is 1024 for the ELSGW
Call location: Type: drop down list (tab other / elevator )
· List of all programmed <call locations>
Note:
The reader code is used as identifier for the elevator controller to make the relation with the DOAS terminal
(1-1024) If this is not used an error will occur. (-8603)
5 Daily management
After setting up the elevator configuration, we have to create floor groups and add those elevator rights to the persons. This chapter describes how we create them and give elevator rights to a person.
5.1 Elevator floor group
Here we define the elevator floor groups.
Floor groups consists of 1 or more floors and those can be on multiple elevators groups.
A floor group can be linked to a person or multiple persons, see chapter 5.2
Access | Settings | Floor group
Visitor use: Type: checkbox
· If selected the rights group will be available for visitors
Authorization group: Type: drop down list
· List of all the programmed authorization groups
Description: Type: text
· Language 1: default English
· Language 2: default Dutch
· Language 3: default German
By language: use a logical name for the Elevator floor group for example:
EG1 all > Elevator group 1 all floors
EG1,2 all > Elevator group 1&2 all floors
EG1 -2,-1,0,1,2,3,4,5,6 > Elevator group 1_floor -2 till 6
TKH > all floors for the company TKH
5.1.1 Adding a floor to the floor group
At the moment a floor group is created you are able to add or change floors to this group.
Double click on the name in the tree view, and select <Elevator group floor list>
In the detail screen select the floors you want to add and save your settings.
5.1.2 Adding a timezone to the floor
It is possible to add for each floor in the group a separate timezone , this timezone setting is only valid for the group where the setting is made.
Double click on the < Elevator group floor list > item in the tree view
All linked floors are now visible in the tree view
Select the floor which you want to add a timezone
Select you desired timezone in the detail screen
5.2 Person
General | Person
When the elevator license is valid in the Person dialog there is an extra field available <Floor group>
Elevator: floor group: Type: drop down list
· List of all programmed elevator floor groups
If a floor group is selected, the person has the rights associated with this group to travel with the elevators.
Elevator call types:
Optional you can add <elevator call types> to personalize the elevator call
Press right mouse button on the name in the tree view and select <Elevator call type list>
Mark the desired options.
6 Ohter
6.1 Check connections
For maintenance and installation of the elevator functionality there is a specific status overview available to
check all the connections.
Installation | Overview | Status | Reader-Elevator
This overview shows the status for all card readers that are involved with elevator calls
The following items are shown for each reader
Overall status | red / green |
Reader name | name of the reader |
Line name | name of the line |
Service name | name of the elevator service |
Line status | red / orange / green |
Node status | red / orange / green |
Reader status | red / green |
Service status | red / green |
Status text | service status text |
6.2 Specific events
Webserver disconnected => connection: <nr>, Process: Elevator call service, Database link:
<name>
o Connection is lost with the elevator controllerWebserver connected => connection: <nr>, Process: Elevator call service, Database link: <name>
o Connection is established, elevator commands can be givenElevator call => Reader:<name>, Card: <number> ..
o No error message
§ Correct elevator call
o Error: No floor group for elevator request
§ Person has elevator rights but not for this elevator group
o Error: Elevator service internal error for elevator request
§ If this message appear after approx. 30 seconds there is no feedback from the
ELSGW. The message is send but the ELSGW cannot proceed with it. Probably due
a wrong configuration like:
· an unknown floor number is used by the call location
· No or wrong <code> used by the card reader (see chapter reader)
· Elevator group is not active in elevator controller (wrong or in inactive bank)
· Elevator line status => Line: <name>,
o Error: OK
§ This line is now OK
o Error: connection failed TCP/IP
o Error: Server asks client to close connection
o Error: Elevator system not connected for elevator request
§ It is not possible to make an elevator call, probably the webserver is disconnected
· Service functional state change => database link :<name>:
o functional State: Service partly functional
§ not all controllers are communicating with the elevator service
§ there is no communication with the elevator controller
o functional State: Service full functional
§ all controllers are communicating with the elevator service
o functional State: Service in calamity mode
§ This status is reached when the setting dysfunctional readers is set to <report
dysfunctional readers> and not all controllers are communicating with the elevator
service.
§ The elevator service will not send any heartbeats to the elevator controller as long the
service is in calamity mode.
Note:
It can take some time before the service functional state changes occur after the network connection is
reestablished
Error messages
-631 No floor group assigned to person
Subscriber card no access => Error No floor group assigned to person
Person has no floor group assigned
-632 No response on time from elevator service
-2189 No access, need elevator call
-8600 Elevator service not active for elevator request
-8601 No floor group for elevator request
Subscriber card: No access => Error: No floor group for elevator request
user has rights but not the right ones
-8602 No active floors for elevator request
-8603 Elevator service internal error for elevator requestoccurs when in reader dialog the code is left empty
occurs when network settings in the ELSGW are not correct (ADRIP setting)
-8604 Elevator system not connected for elevator request
6.3 ELSGW terminal option
Important note:
Use this tool only in consultation and presence of Mitsubishi
The ELSGW controller has an option to login by using PuTTY as terminal software.
With this terminal software it is possible to configurate the ELSGW but also there are some helpful commands to check the status and communication.
Default IP address: 192.168.0.1 (the same IP as the communication with iProtect)
Port number: 52173
Protocol: TCP/IP
PuTTY settings: (different as default)
Connection type: Raw
Terminal
-local echo Force off
-Local line editing Force off
--Keyboard
---Backspace key Control-H
Some useful commands
· IPCONFIG
· INFO?
· ELCON?
· PKT?
· AC?
· TRACE?
· SNET?
· ADRIP?
· ADRIP=X.X.X.X (return IP address must be the iProtect IP address)