home · Networks · SKUD access control and management system bolid. Access control and management systems based on Bolid equipment. Building a system begins with a workstation - a personal computer

SKUD access control and management system bolid. Access control and management systems based on Bolid equipment. Building a system begins with a workstation - a personal computer

Orion ACS or it is also called Bolid ACS - a development from JSC NVP "Bolid". They occupy a very prominent place in the Russian market of manufacturers of electronic equipment and technical security systems. Own domestic developments, modern production and properly organized policy of the enterprise allow us for many years to literally resist imported analogues, not always of high quality and low price. Over a short period of time, Bolid specialists created a number of unique products under the general name “Orion Integrated Security System”. Orion ACS is only a small part of this integrated system, which flexibly organizes security and fire alarms, video surveillance, automatic fire extinguishing and facility dispatching.

ACS Bolid provides access control through control of blocking devices: gateways, turnstiles, gates, doors.

Basic technical data of the local ISO "Orion"
Number of devices connected to the RS-485 interface line up to 127
Number of zones combined into sections (Orion Pro workstation) up to 16,000
Number of zones combined into sections (PKU “S2000M”) until 2048
Number of sections (Orion Pro workstation) up to 10,000
Number of sections (PKU “S2000M”) up to 512
Number of access points up to 254
Number of outputs for controlling external devices (Orion Pro workstation) up to 16,000
Number of outputs for controlling external devices (PKU “S2000M”) up to 255
Number of users (Orion Pro workstation) not limited
Number of users (PKU “S2000M”) until 2047
RS-485 interface line length (without using additional repeaters) up to 3,000

Company "EngineeringGroup" This is the company that will help you install exactly your access control system. We have been successfully working in the security systems market for many years; we ourselves design, install and maintain various access control systems.

We cooperate with the best manufacturers of imported access control and management systems (ACS): Apollo, Linel, Honeywell Security, as well as Russian ones, Perco, Orion ACS, Parsec, Kodos, Sphinx and many others. We know very well the strengths and weaknesses of various systems, we know the prices, and we can carry out professional installation, training and subsequent maintenance. We work for safety in the interests of the customer and are aimed at long-term cooperation!

The main task of an access control system is restriction of access to the protected area by personnel and by time during the day, seven days a week. This purpose already emphasizes the main property of the system: to work - always, at any time of the year, in cold or hot weather, in case of computer breakdowns and electrical failures, in case of a LAN cable break and other emergency situations. How can you save money here? But there is always room for action for an unscrupulous contractor, so the customer’s representative must pay very close attention to technical documentation, especially to acts of hidden work and to as-built documentation.

ACS cost

During the design process, the issue of the cost of the future access control system is resolved. The design engineer lays down the configuration of the system, its elemental base, consisting of various components. The more expensive the components, the more expensive the system, everything is explained by reliability, they say, there can never be too much! But reliability is a very flexible concept and has no clear boundaries. For example, in elevators, in airplanes, in nuclear power plants, the safety margin is sometimes increased by 10 times and many systems are duplicated, but disasters also happen. How reliable should an access control system be and what might its cost be?

Functionality, for the future development of the access control system, you can be sold many additional functions that neither the customer nor the system will ever need, but will be expensive, so the customer or his contractor needs to carefully study the technical specifications, study the project and compare many options. Therefore, the more transparent the specifications for equipment and materials are, the more willing the installer’s representatives are to answer various questions, the less likely there is to make the wrong choice. The optimal choice of ACS manufacturer Most often it is based on the optimal price/quality ratio for the installed access point, but there are many other criteria that affect not only the final cost of the access control system, but also the cost of using the installed system.

Saving on electricity or the use of “green energy” also have a reasonable place in the design of access control and management systems, if the number of locking devices is more than a hundred pieces. Power supply for electric locks and controllers for access control systems consumes electricity and the distribution and redundancy of this system with a large number of access points requires serious design work. But it is possible to simply solve this problem at the customer’s expense, for example by installing separate power supplies for locks and controllers, especially since ACS manufacturers unanimously advise connecting the controller from a separate power supply.

So it turns out that for a hundred doors you are offered to buy two hundred power supplies with an incredible number of batteries!? In fact, there are many nuances that the customer does not have to know, but the people recommending and responsible for this should take everything into account and try to minimize costs.

Training, maintenance, repairs, warranty cases in an access control system are daily tasks that different companies solve in different ways. Emergency operating modes (failure of controllers, failure of external power supply, etc.) confirm the correctness of the customer’s choice after installation of the access control system. Not intrusive service, but full warranty and post-warranty service, providing free support to its customers throughout the entire life of the equipment - this is what distinguishes the right ACS installer.

Benefits of working with us

  • an integrated approach to solving assigned problems in close contact with the customer, developing several options and choosing the optimal solution;
  • knowledge of the customer’s tasks, goals and problems in the field of security and the ability to solve them in the shortest possible time;
  • many years of experience (more than 10 years) in installation and maintenance of various access control systems of domestic and foreign manufacturers;
  • availability of its own service center and qualified personnel for prompt response and maintenance of uninterrupted operation of the access control system throughout its entire service life.

Why do they trust us?

Low prices . We offer really low prices, and even more so for a complex order or for repeat applications, because you work not with intermediaries! cost of the project when ordering installation work! The cost of equipment and consumables is much lower than that of competitors due to experience and sales volumes. We consider the first year of maintenance (TO-1 and TO-2) to be a guarantee and it is free for our Customers!
Project department . Our GUI department is the core of all creative endeavors necessary to create a modern, high-quality product. Designers are the first to take an individual approach to each developed object, perform quick and high-quality calculations, detailed elaboration of technical documentation, carry out “designer supervision” and support the adopted engineering solutions.
Freedom of choice . We are not associated with the supply of any specific equipment; we have our own warehouse and many different suppliers. We install equipment at sites only from those manufacturers whose equipment meets all client requirements for reliability, efficiency, safety and price. The engineering systems we install allow you to reduce your costs at the construction stage, during operation and when expanding the system in the future.
Full-time specialists. Our engineers and installers working on site work on a permanent basis; we carry out all work from installation to commissioning ourselves, without the help of random installation teams. Our engineers are not sellers of related services and additional work, but trained professionals focused on results.
Legality. Our activities are legally established; we are always ready to provide you with the necessary permits, approvals, licenses and certificates. The absence of intermediaries allows you to reduce the time it takes to make technical decisions and ultimately save your money.
Service center . Since 2009, we have been providing you with maintenance and repair services for complex modern engineering systems; we have diagnostic equipment, a stationary workshop, and our own warehouse for spare parts and replacement stock. The qualifications of our employees allow us to repair and put into operation almost any security system in the shortest possible time, and the mobility of our teams and the presence of several strongholds allow us to arrive at the site of an urgent repair within 2 hours in Moscow.
Individual approach for us it is sensitivity to the customer’s expectations, complete mutual understanding, reliability of cooperation, efficiency and achievement of a common goal. We strive for long-term and mutually beneficial cooperation.

As you know, the Orion system is an almost universal modular system with a wide range of software and hardware designed for creating fire and security alarm systems, video surveillance, access control systems, as well as automation and dispatch of various engineering systems. The system can be geographically distributed, with basically all devices interacting with each other via RS485 or via the Ethernet network.

The access control and access control system produced by the Bolid company appeared on the domestic market quite a long time ago and managed to establish itself both among end consumers and among designers, installers and other specialists in the industry. Simplicity, ample capabilities and high quality at an affordable price - these are the main advantages of the ACS system from the Bolid company.

A significant advantage of the system was the ability to build not only small local (independent) systems, but also large ACS complexes integrated into the Orion system. In case of integration, it becomes possible to centrally manage multiple independent controllers using the Orion Pro automated workplace software package, which also processes and stores an event log, maintains and edits a database of electronic passes, taking into account their powers. Such a system can actively interact with the 1C program, making it possible to significantly simplify the control of labor discipline and payroll for employees.

The main elements of the system are the access controller S2000-2, readers and switching device. The S2000-2 controller controls one or two access points by recognizing codes received from readers connected to it, checking authority and granting or denying access by closing/opening relay contacts that control locking devices (electromagnetic/electromechanical locks and latches, turnstiles, barriers).

In addition, the device can analyze the state of 2 security alarm loops, displaying their states on light indicators, and also control arming and disarming them. When using the S2000-2 as part of the Orion ISO, the device transmits information to the system via RS-485, and in the absence of exchange, stores all data in its own non-volatile memory for 32,768 events.

The S2000-2 controller as part of an autonomous access control system supports the following operating modes:

In all applications, the S2000-2 controller performs the following functions:

  • Identification of users by electronic keys, cards and codes.
  • Providing access using one or more identifiers.
  • Granting access with confirmation - after checking the identifier, a special button must be pressed by a security officer.
  • Organization of access according to the rule of two/three persons, whose access levels are agreed upon.
  • Storage of a user database in the non-volatile memory of the device.
  • Granting/denying access depending on the state of the security alarm loops connected to the device.
  • Possibility of creating a code template for access by an unlimited number of persons.
  • Generating alarms when doors are broken into or locked, with light and sound alarms turned on.

To organize an access control system for 1 point, the Bolid company produces a controller with a built-in reader. The device itself is complete and does not require connecting additional equipment. Proxy-H1000 reads codes from cards, and then transmits a signal to the built-in relay that controls the electric lock. Non-volatile memory allows you to store up to 10 master card codes and up to 1000 user cards. Additionally, synchronization of 2 adjacent controllers is possible. The Proxy-H1000 controller is not integrated into the Orion system, however, it is possible to create a fairly large system by combining up to 32 controllers into a single network via RS-485.

The next no less significant elements of the Bolid ACS system are readers. The line is quite wide and includes the following models:, and. All of them are designed to read information from electronic cards and keys with its further transfer to the controller. The exception is a contactless reader designed to work with the Orion Pro workstation and transmitting information directly to a PC via a USB port. Otherwise, the main differences between the readers are the size and design of the case, mounting method (mortise/surface), reading distance, supply voltage and current consumption.

The main differences between Bolid readers

Special attention should be paid to the biometric access control system produced by the Bolid company. The main elements of the system were biometric controllers and . These devices are fundamentally different from their predecessors and make it possible to organize an access control system based on the recording and identification of users’ biometric indicators. The main advantage of such systems (compared to classic ones) was the impossibility of falsifying or losing identifiers, as well as transferring them to third parties. However, the most effective will be the use of biometric systems in conjunction with classic ones that recognize codes of electronic keys and cards. This combination avoids reading and recognition errors that can occur in both systems.

Biometric controllers S2000-BIOAccess-F18 and S2000-BIOAccess-MA300 are equipped with a built-in fingerprint reader, card reader and code-keyboard (for S2000-BIOAccess-F18), which allows users to be verified using one or more identifiers simultaneously.

The main differences between the biometric controllers S2000-BIOAccess-F18 and S2000-BIOAccess-MA300

The relays built into the controllers allow you to control the siren and electromechanical lock. Additionally, outputs are provided for connecting an “exit” button and a door sensor. Thus, biometric controllers are complete integral devices that allow you to organize a full-fledged autonomous access control system. In addition, the controllers are successfully integrated into Orion systems. In this case, all fingerprint templates are stored in the main system database.

A special reader is provided to enter employee fingerprints into the database. The device connects to a PC via USB and allows you to read fingerprints, after which the built-in microcontroller converts them into a format compatible with the S2000-BIOAccess-F18 and S2000-BIOAccess-MA300 controllers. The device allows you to easily and quickly register new users in the system without the need to use biometric controllers for this.

Thus, the development of the biometric system significantly expands the capabilities of both small autonomous access control systems and large multi-tasking systems integrated into the Orion hardware complex.

Designed to control access through one or two access points by reading codes of presented identifiers (Proximity cards, Touch Memory keys and PIN codes), checking rights and access restrictions and closing (opening) relay contacts that control locking devices (electromechanical and electromagnetic locks and latches, turnstile, barrier). Designed for use as part of the Orion system or independently.

UK-VK/06

The device contains two relays with switching contacts and a control circuit that allows you to turn on the relay with a logical level signal “1” (+ 5V CMOS). Used in conjunction with the “S2000-2” access controller, operating in the “Barrier” mode, to control traffic lights, as well as switch actuators in fire alarm and access control systems.

С2000-BIOAccess-MA300

Designed to work together with the Orion Pro automated workplace and organize an access control and management system (ACS) using biometric identifiers - fingerprints. The controllers are networked via an Ethernet interface (TCP/IP).

С2000-BIOAccess-ZK4500

Designed to work together with the Orion Pro workstation and register fingerprints with their subsequent saving in the database and access controllers S2000-BIOAccess-F4/F8/F18/MA300. Connects to a PC via USB 2.0 interface.

Proxy-5MSG, Proxy-5MSB

Designed to read the code of identification cards and transfer it to control panels or ACS controllers that support the input data format - Dallas Touch Memory. In ISO "Orion" they are used to provide procedures for managing loops and sections of fire alarm systems and identifying users at access points.
The readers implement functionality for working with protected sectors of MIFARE cards (protected mode), which allows for protection against copying of identification cards.

Proxy-5MS-USB

Designed for programming master cards and user cards intended for use in conjunction with contactless readers "Proxy-5MSG" and "Proxy-5MSB" in secure operating modes.

Proxy-KeyAV, Proxy-KeyAH, Proxy-KeyMV, Proxy-KeyMH

Designed for typing a code on a keyboard, or reading a unique code of a contactless card with its further transmission to the access controller via the Wiegand interface.
Offline operation mode (code panel) is provided.

S2000-Proxy

"S2000-Proxy" is designed to read the code from identification cards and transfer it to reception and control devices or ACS controllers.
In ISO "Orion" it is used to provide procedures for managing loops and sections of fire alarm systems and identifying users at access points.

Connecting Bolid equipment directly to the VideoNet platform allows you to create a single solution with full functionality for administering a single system, control in a single interface and a comprehensive system of reactions and interactions when alarming events occur. This method of building a security system allows for deep interaction between various equipment. The peculiarity of this integration is that you are not limited to the functionality that Bolid provides and expand the capabilities of the equipment using VideoNet.

The VideoNet 9.1 SP1 version implements full-featured direct interaction with ACS controllers from NVP BOLID. In VideoNet, the operator can control connected ACS devices (providing a single pass, emergency opening, etc.), or set up a schedule for the devices to operate in automatic mode. In this case, all results of device operation and operator actions are logged in the system event log.

Connection and management of equipment is carried out directly in the VideoNet platform, all reporting, time tracking and a photo verification module are also available.

Name

Photo

Description

Supported Versions
S2000-4 Supported Bolid ACS equipment A universal solution. The “S2000-4” block allows you to simultaneously organize access control systems, security, alarm and process alarms.

Designed for use as part of ISO "Orion" for monitoring various types of security and fire non-addressable detectors, contactors and signaling devices with normally closed or normally open contacts and relay control of external actuators. Can be used in standalone mode for security alarm and access control.

 S2000-4 versions*: 1.12, 2.00, 2.02, 2.03, 2.04, 2.05, 2.06, 2.10, 3.00, 3.01, 3.50 S2000-4
S2000-2 Controller "S2000-2". Designed to control access through one or two access points by reading codes of presented identifiers (Proximity cards, Touch Memory keys and PIN codes), checking rights and access restrictions and closing (opening) relay contacts that control locking devices (electromechanical and electromagnetic locks and latches, turnstile, barrier).

Complex access modes: antipassback, template access, synchronization of multiple access points, integration with breathalyzers.

S2000-2 versions*: 1.01, 1.02, 1.05, 1.06, 1.07, 1.10, 1.11, 1.15, 1.20, 1.21, 2.00, 2.01, 2.02, 2.20 S2000-2

* To connect Bolid equipment to the VideoNet platform, you need the “Orion ISB hardware control software module**”.

** The software provides an interface for security system integrators to control Orion ISO instruments. The software interface is based on the XML-RPC remote calling standard and allows you to work simultaneously with several client modules over an Ethernet network. The control module has 5 versions - to control 4, 10, 20, 127, 512 ISO Orion devices and works only in conjunction with the electronic security key USB key of JSC NVP Bolid, which is connected to the USB port of the computer.

  • Access Controller is a device designed to control access through controlled access points by analyzing user identifiers read using readers (checking rights). Access controllers can make their own decisions to grant or deny access if user IDs are stored in the controller's memory (in which case local access is said to be used). Also, user IDs can only be recorded in the network controller (in the software database). In this case, the access controller performs the functions of a relay - it sends code to the network controller and receives from it a decision on granting or not granting access (in this case we talk about centralized access). Access controllers control barring devices using relay contacts;
  • Identifiers– unique characteristics of ACS users. The identifier can be a Touch Memory electronic key, a contactless Proxy card, a radio key fob, a PIN code, biometric data (fingerprint, palm print, iris or retina pattern, geometric characteristics of the face, etc.). In the access control system, each identifier is assigned certain powers, in accordance with which access controllers allow or deny access;
  • Readers– devices designed to read the user ID code and transmit it to the access controller;
  • Access point– the logical object of the access control system is actually a physical barrier equipped with an access controller and a reader. The access point can be a door, gate, turnstile, barrier, gateway, etc. Access points can operate in two modes: with and without control of the direction of passage. Access points with control of the direction of passage can be either bidirectional (equipped with two readers) or unidirectional (with one reader, without the possibility of passage in the opposite direction). Exit through access points without controlling the direction of passage is most often carried out using a button;
  • Access area– ACS logical object. Access zones are areas into which the territory of a protected enterprise is divided. Access points with the direction of passage are always located at the boundaries of access zones. Access zones are configured for access points if the system uses functions such as working time calculation and re-entry prohibition (antipassback rule);
  • Access level– individual access rights, which determine the rules for passage through points and presence in access zones assigned to the user ID. Based on these rights, access controllers (or network controllers) decide whether to grant or deny access;
  • Windows of time– a set of time intervals during which passage is allowed. Time intervals can be set for each access point or zone individually;
  • Software– component of the access control and management system. Using the software, ACS controllers are configured, including setting user IDs, access levels and time windows in them. The software is also used to implement such additional functions as relaying events about passages to implement a re-entry ban, real-time monitoring of employees and visitors of a protected facility, logging (and accumulation in the system database) of access control events, recording time worked by facility employees , creation of various reports on ACS events.

Standard pass mode. Each access point in the enterprise that is subject to control is installed with an access controller and reading devices. In order for employees to be able to pass through access points, each of them is given a unique user identifier; biometric information can also serve as an identifier. The identifier is stored in advance in the memory of the access controllers or network controller, where access levels are assigned to it. If the system is controlled by software (AWS), then usually part of the employee’s personal data is also entered into the AWS database. Upon presentation of the identifier, the device or network controller makes a decision to grant or deny access to the employee. All facts of passages through access points, as well as events associated with them, are stored in the memory of the access controllers, and are also transmitted to a PC and entered into the workstation database. Subsequently, based on these events, you can receive various reports, calculate the time worked by employees, etc.

Anti-passback(rule antipassback) is used to ensure that one identifier cannot be used again to enter any access zone without first leaving it. The access controller's response to an antipassback rule violation depends on the antipassback mode set for the access level of the identifier in question. One of the following modes can be used:

  • Strict - the system prohibits repeated entry into the access area until exit;
  • Temporary - during the specified time, the system prohibits repeated entry into the access area until exit;
  • Soft - the system will not deny access, but the fact of violation of the antipassback rule will be recorded in the event log.

The anti-passback rule can only be used for doors with directional control. Supported only by the S2000-2 controller.

Access according to the rule of two (or more) persons. To control access to access areas with increased security requirements, the passage mode can be used according to the “rule of two (three) persons” with agreed access levels. When the first identifier is presented, the access controller goes into standby mode for the second identifier. If the key presented after this has an inconsistent access level, the controller will deny access. If the access level is agreed upon, access will be granted (if access is used according to the three-person rule, this procedure will be repeated for the third key). This pass mode is an access parameter for the identifier and is configured independently for each pass direction (for each reader) in the access level. This function is supported only by the S2000-2 controller.

Access with confirmation. If not all persons participating in the access procedure according to the two (three) person rule are expected to enter the protected access zone (for example, a security officer confirms the access of another employee), then the “Confirmer” access mode is set for the access level of such persons. Independent access using a key with this access mode is impossible, and when accessing according to the rule of two (three) persons using such a key, the “Access granted” and “Passage” messages will not be generated. This function is supported only by the S2000-2 controller. The S2000-2 devices, starting with version 2.0x, also support the ability to organize confirmation not only with an additional identifier, but also with a special button.

Double identification. Each of the controller readers can operate in a mode where identification requires the presentation of two identifiers (for example, a Proxy card and a PIN code). This mode can be enabled independently for each reader. With double identification, the procedure for granting access begins with providing the main code (first identifier). If the key is recognized and there are no violations of the access mode, the controller goes into standby mode for an additional code. If an additional code is presented, the identification procedure is considered successfully completed. We recommend using “Proxy-KeyAH”, “Proxy-KeyAV” (for EM-Marine cards), “Proxy-KeyMH”, “Proxy-KeyMV” (for Mifare cards) as readers for this access mode.
The device can also be temporarily switched to “Open” or “Closed” access mode.

Access under duress. It is possible to alert the security of the facility that access or arming/disarming control is being carried out under duress. To do this, the user, instead of the usual identifier, presents a “Coercion Code” on the reader. In this case, an alarm message is generated, but otherwise the use of such an identifier does not differ from the usual one. There are two ways to present the Duress Code. In the first method, the user is given two identifiers instead of one. In normal mode, the first identifier is used, and under duress, the second. If dual identification is used, then you can use the second method to present the “Coercion Code”. To do this, in addition to the usual additional code, a second special “Additional duress code” is added to the main user code. Most often, with double identification, a PIN code is used as an additional key code. Therefore, the user only needs to have a single primary identifier and remember two PIN codes - a regular one and a duress code.

Closed access mode. In this case, all types of access through the managed point are prohibited. The device can be switched to this mode by a centralized command via the RS-485 interface, upon presentation of a key of the “Closing” type, or upon arming of access-blocking alarm loops. The mode can be used to temporarily block security service access to certain areas of the facility.

Open access mode. There is free passage through the controlled point without presenting identifiers. In the “Access Open” mode, the controller constantly provides an opening action to the corresponding relay (the relay in a given direction is either continuously on or continuously off), so this access mode generally cannot be used for some types of locking devices, for example, electromagnetic latches. The device can be switched to this mode by a centralized command via the RS-485 interface, upon presentation of a key of the “Opening” type. In “S2000-2” devices, starting with version 2.0x, the possibility of fully opening free access has been introduced using electromechanical latches, which open with a short pulse and go into the “closed” state only after opening and then closing the door. In this case, when the “Access Open” mode is turned on, the relay will turn on briefly (for the same time as when access is granted) each time the door is closed and the lock will be open all the time. Also, the new version of the “S2000-2” devices can be switched to open access mode using an external relay signal detected by the device’s AL.

The following important parameters are configured in the “S2000-2” device and the “S2000-4” block:

  • View of the interface of connected readers - Touch Memory, Wiegand, Aba Track. This parameter is responsible for the method of transmitting the code of the read identifier to the controller.
  • Passage sensor - the parameter indicates that the controller uses a passage sensor. The main purpose of the sensor is to generate a “Pass” message when this circuit is triggered after access is granted. The presence of the “Passage” event is necessary for the implementation of the antipassback function and for the correct operation of the “Work Time Accounting” function in the automated workplace;
  • Door blocking control - when the door is opened during passage for a time exceeding the “Blocking timeout”, an alarm message “Door blocked” is generated;
  • Burglary control - when this parameter is enabled, when a door is opened without granting access, an alarm message “Door is hacked” is generated;
  • Access zone number - from 0 to 65535. Number of the access zone, the entrance to which is controlled by this reader (65535 - access zone number is not defined - for walk-through doors);
  • Turn off when the door is opened - early interruption of the “opening” relay program when the door is opened (the relay turns off after the passage sensor is triggered). It is advisable to enable this function when using electromechanical locks (to which there is no point in supplying power when the door has already been opened);
  • Turn off when closing the door - early interruption of the “opening” relay program after closing the door (the relay turns off after the passage sensor is restored). It is advisable to turn it on when using the turnstile, when after turning the turnstile you can begin a new procedure for granting access. When using a gateway, this option is always considered enabled, since when leaving the gateway, you cannot enter it again without presenting an identifier, and you can exit from inside only after pressing the exit button;
  • Access controller relays can operate as either closing or opening switches. The relay operating tactics are selected depending on the locking mechanism used.

To organize one or several autonomous access points at an object in ISO "Orion", you can use a specialized access controller "S2000-2", a control panel "S2000-4" with access control functionality and biometric access controllers "S2000-BIOAccess-MA300" , “S2000-BIOAccess-F22”, “S2000-BIOAccess-PA10”, “S2000-BIOAccess-SB101TC”, “S2000-BIOAccess-W2”. The S2000-2 access controller can be used to organize bidirectional and unidirectional access points with and without control of the direction of passage. For access points organized using S2000-2, you can apply the antipassback rule, use access with confirmation or according to the rule of two (or more) persons. A reception and control unit with access control functionality “S2000-4” and biometric access controllers allow you to organize a unidirectional access point with or without control of the direction of passage.


The access controller “S2000-2” has the ability to operate in several modes: “two doors per entrance”, “one door per entrance/exit”, “turnstile”, “barrier”, “gateway”. The controller memory can store 32768 user IDs; 32768 events in case of lack of communication with the network controller, 100 time windows and 100 access levels. The logic of the controller depends on the selected operating mode. “S2000-2” also has two alarm loops, to which you can connect contact security detectors, signals for switching the controller to open access mode, and signals for allowing reading identifiers. The controller can be configured to lock the door if any security loops are armed. You can control the acquisition and removal of loops from the same reader and the same identifier that is used to control the access control system. To ensure the possibility of providing access to a wide range of people whose identifiers are difficult or impossible to enter into the controller’s memory (for example, there are too many of them), provided that the code of all these identifiers satisfies some well-known rule, access templates are implemented in S2000-2.

Operating modes of "S2000-2"
Two entrance doors

In this mode, the controller controls access through two independent access points, and granting access in one direction (entrance) requires the presentation of identifiers, and to grant access in the opposite direction, the “EXIT” button is pressed.
For each reader, you can configure dual identification, access based on the rule of two (or more) persons, and access with confirmation. Both readers in this operating mode of the device operate independently of each other. Those. when free access is opened (or, conversely, access is closed) on one reader, the second will function in standby mode until the corresponding command is also sent to it. In general, in this mode of operation, the antipassback rule cannot be used for doors (since the doors are not access points with control of the direction of passage in this case). However, if the exit button for one of the access points will not be used, antipassback mode can be configured for it.

One entry/exit door

This mode is designed to control access through one door, which has only one locking device and is controlled by one passage sensor. Providing access in both directions requires the presentation of user IDs. Exit buttons can also be used to provide access (for example, to open a door from a security post).
In this mode, the antipassback rule, access according to the rule of two (or more) persons, access with confirmation, and double identification can be used. In the “One door per entry/exit” operating mode, when free access is opened, the controller readers work synchronously - when a command is sent to one reader of the device, the second reader will automatically be switched to the same mode.

Turnstile

In this operating mode, the S2000-2 controller controls passage through the electromechanical turnstile. The turnstiles have two control circuits for each direction of passage (usually these control circuits are located in the remote control unit that comes with the turnstile). Moreover, providing access in each direction requires the presentation of user IDs on readers installed on both sides of the turnstile. To remotely provide access, the operator can use the “Exit” buttons. If it is necessary to authorize access and register passage by an identifier that would be denied access in normal mode (the time window is not active, the validity period has expired, antipassback is violated, or the identifier is not stored in the controller’s memory at all), an additional “Permission” button can be connected to the controller. . The “Resolution” button can be used for all operating modes of the device, except for the “Gateway” mode.
In the “Turnstile” mode, the antipassback rule, double identification, access according to the rule of two (or more) persons, and access with confirmation can be used. Both readers in this operating mode of the device operate independently of each other. This means that when free access is opened (or, conversely, access is closed) on one reader, the second will function in standby mode until the corresponding command is sent to it too.

Barrier

In this mode, the controller controls bidirectional access through one access point with one blocking device - a barrier. The first relay of the controller controls the opening (raising) of the barrier, and the second relay controls the closing (lowering). Typically, the controller relays are connected to the barrier control unit. Providing access in both directions requires the presentation of user IDs on readers installed on both sides of the barrier. For remote (manual) control of the barrier, the “Enter” and “Exit” buttons can be used. Car passage sensors, in addition to registering passage, perform the function of protection against lowering the barrier onto the car. As long as at least one of the passage sensors is in the activated state, the barrier will not lower. For this reason, passage sensors (usually optical beam sensors are used) are placed on both sides of the barrier so that any vehicle located under the barrier will trigger at least one sensor. To increase imitation resistance, vehicle presence sensors in the reader area can be connected to the controller alarm loops. In this case, the identifiers will be perceived by the controller only if there is a car near the reader. It is possible to control traffic lights using switching devices “UK-VK/06”. To turn traffic lights on/off, the reader LED control outputs are used. UK-VK/06 devices can switch voltages up to 220 V (AC) and currents up to 10A, which allows you to control almost any traffic lights.
In the “Barrier” operating mode, the antipassback rule, double identification, access according to the rule of two (or more) persons, and access with confirmation can be used. In the “Barrier” operating mode, when free access is opened, the controller readers work synchronously - when a command is issued to one reader of the device, the second reader will automatically be switched to the same mode.

Gateway

In this mode, the controller controls access through one access point, which is two doors with a closed space between them (gateway), and both doors cannot be opened at the same time. At the entrance to the gateway, two readers are installed on each side (outside the gateway). At the security post that controls the operation of the gateway, two “Exit” buttons are installed so that the guard can let a person into the gateway without presenting an identifier, two “Confirmation” buttons to let the person out of the gateway, and a “Ban” button to deny access. To go through the first door (entrance to the gateway), you must present an ID. The second door opens either automatically, after closing the first door, or after the guard presses the “Confirmation” button (set when describing the access level). If there is no security post and the gateway operates exclusively in automatic mode, then the “Confirmation” buttons still need to be connected so that a person has the opportunity to exit through the door through which he entered if he changes his mind or stays inside for more than the allotted time. The allowed time for a person to stay in the gateway is set by the “Time to confirm access” parameter. During this time, any of the “Confirm” buttons can be pressed and the corresponding door will open. If during this time none of the “Confirmation” buttons was pressed, then the access procedure is considered incomplete and the gateway is free. A person can be released from the gateway after the “Time to confirm access” has passed only through the door through which he entered by pressing the “Confirmation” button of this door. On the one hand, the “Time to confirm access” must be selected sufficient for additional identification; on the other hand, if a person presented an identifier but did not enter the gateway, then a new access procedure will not be able to begin during this time. When you press the “BAN” button, the “Access Denied” message is generated and no door opens. You can only let a person out of the airlock through the door through which he entered by pressing the corresponding “CONFIRMATION” button. If you equip the gateway with a presence sensor and connect it to the “BUSY” input of the controller, then there will no longer be a strict time frame - additional identification can be carried out as much as necessary. Doors must be equipped with opening sensors (the “Passage sensor” parameter is considered to be always on). In this operating mode, the antipassback rule, double identification, and access with confirmation can be used. In the “Gateway” operating mode, when free access is opened, the controller readers work synchronously - when a command is issued to one reader of the device, the second reader will automatically be switched to the same mode.

Organization of complex access points

When organizing complex access points, if during access through the reader of one controller “S2000-2” ver. 2.0x it is necessary to block access through the readers of other similar controllers, their operation can be synchronized using the “Busy” signal. In this case, upon presentation of the identifier, the device analyzes the “Busy” input and provides access only if the input is not active. From this moment until the fact of passage is registered, the controller activates its “Busy” output in order to block the readers of other controllers for this time. The “Busy” contact is both an input and an output of the device. To synchronize several “S2000-2”, it is enough to connect their “Busy” contacts to each other (as well as the “GND” contacts if the controllers are powered from different power sources). In addition, it is necessary to enable the “Accept BUSY” and “Issue BUSY” parameters for the reader, so that access through this reader is blocked when accessed through readers of other controllers, and vice versa, so that when accessed through this reader, readers of other controllers are temporarily blocked. At the same time, the “BUSY” signal can be used to connect a presence sensor if the next access procedure can only be started after the access point is released.

This scheme can be used, for example, when equipping the entrance to a two-level parking lot. One device controls the barrier from the street side, and the other two control the barriers at the entrance to the first and second levels. Presence sensors monitor the presence of a vehicle on the ramp. To block the simultaneous entry of a car onto a ramp from different levels, it is necessary to set the parameters “Issue BUSY” and “Receive BUSY” at one of the readers of each controller (the one that allows entry to the ramp). For those readers that control exit from the ramp, these parameters should be turned off.


The “S2000-4” block can control access through one access point, and providing access in one direction requires the presentation of user IDs, and to provide access in the opposite direction, the “Exit” button is pressed. When using the access control functionality in the block, the first loop is used to connect the exit button and the passage sensor, and the first relay is allocated to control the locking device. “S2000-4” has access blocking functionality if any (or all) of the unit’s alarm loops are armed. You can control the acquisition and removal of loops from the same reader and the same identifier that is used to control the access control system. Since using the block you can only organize a unidirectional access point without controlling the direction of passage, you cannot configure an antipassback rule for it. The block supports dual user identification mode.
The block supports up to 4096 user IDs, and the block event buffer is designed for 4088 events. Up to 16 time windows can be stored in memory.


When using inexpensive proximity cards (EM-Marine standard) or Touch Memory keys as identifiers, the security service or facility operation may encounter cases of cloning (copying) of identifiers by users. Reliable protection against card copying will be the use of specialized readers with the anti-clone function “Proxy-5MSG”, “Proxy-5MSB” and MIFARE standard cards (MIFARER Classic 1K (S50), MIFARER Classic 4K (S70), MIFARER Plus S 2K, MIFARER Plus S 4K, MIFARER Plus SE 1K, MIFARER Plus X 2K, MIFARER Plus X 4K).
In the first option, the factory unique card number will be used to identify the user, but the reader will transmit it only if authorization is successful. Authorization is carried out using a secret word written in a protected area of ​​the card’s memory, which is checked by the reader.
In the second option, not the factory code of the card will be used as an identifier, but the code stored in its protected memory area. This code is written to the card directly at the facility.
The third option is similar to the second. The difference is that the card code, stored in a protected memory area, is additionally encrypted. This option is recommended for use with less secure MIFARER Classic cards.
Selecting the operating mode of the “Proxy-5MSG”, “Proxy-5MSB” readers and setting the parameters for working with protected sectors is carried out using a master card. To create master cards and user cards, the Proxy-5MS-USB reader and free SecurityCoder software are used.
The readers have a Dallas Touch Memory output interface and are compatible with all ISO Orion devices.


Just like the “S2000-4” block, the “S2000-BIOAccess-MA300”, “S2000-BIOAccess-F22”, “S2000-BIOAccess-SB101TC”, “S2000-BIOAccess-W2” controllers can control access through one access point, Moreover, providing access in one direction requires the presentation of user identifiers, and to provide access in the opposite direction, the “Exit” button is pressed.
Fingerprints are used as the main user identifiers when working with “S2000-BIOAccess-MA300”, “S2000-BIOAccess-F22”, “S2000-BIOAccess-W2”. “S2000-BIOAccess-PA10”, along with a fingerprint reader, is equipped with a palm vein reader, and “S2000-BIOAccess-PA10” is equipped with cameras for identification based on the geometric characteristics of the face. Also, all controllers are equipped with a built-in proximity card reader and, with the exception of the S2000-BIOAccess-MA300, a keyboard for entering a password to provide access using a combination of any identifiers (biometrics, proximity card, password).
The controllers are connected to the system via an Ethernet network (TCP/IP). Since devices can only be used to organize a unidirectional access point, you cannot configure an antipassback rule for it.

Attention! S2000-BIOAccess-W2 uses a new biometric data storage algorithm that is incompatible with other controllers. It makes sense to use it only in new systems that are not planned to be supplemented with controllers of other modifications.


Based on contactless keyboard “Proxy-Key” readers of various modifications, it is possible to implement the most cost-effective solution for access control through one point. Moreover, providing access in one direction requires the presentation of user identifiers, and to provide access in the opposite direction, the “Exit” button is pressed. Proximity cards or passwords are used as user identifiers. The products do not connect to the system via information interfaces and operate only in offline mode.
Readers support up to 1000 key codes or 8 passwords.


Integrating several access controllers with an RS-485 interface into a single system can provide the ACS with the following advantages and new functions.

Network and zonal antipassback

If there is a network controller (S2000/S2000M console or APM), messages about passages through access points will be automatically relayed to all access controllers. Thus, the antipassback rule will be triggered for all access points that allow the identifier into the access zone in question. The described operating mode of the system is called “Network antipassback”.
The antipassback rule can be made more strict by setting the “Zonal antipassback” (“Route Control”) parameter in the access level. In this case, passes to any access zone are taken into account, and if an attempt is made to pass through one of the access controller readers, then to fulfill the antipassback rule it is required that the last registered pass was to the zone where this reader is located. That is, it is possible to move from zone to zone only in order - 0, 1, 2 and in reverse order.

Integration with security systems

To unblock escape routes in case of fire, the “S2000-2” device and the “S2000-4” block can be switched to open access mode by centralized commands via the RS-485 interface coming from the “S2000M” consoles or the workstation that controls the fire alarm. ACS readers can be used for remote centralized acquisition/removal of alarm loops from other devices. In this case, the same identifier and reader can be used both for local access control and for centralized control of the security system.
The “S2000-BI” and “S2000-BKI” display blocks allow you to display the status of access points and readers controlled by the “S2000-2” and “S2000-4”: “Dress”, “Door hacked”, “Door locked”, “Door open”, “Door closed”, “Access open”, “Access closed”, “Access OK”.
The “S2000M” remote control can control the outputs of the BOD and relay units related to the fire alarm system upon the fact of breaking, blocking, opening and closing doors, as well as opening and blocking free access.

Centralized configuration. Event collection and processing

Often, even in small facilities with several access points, there is a need to add new or edit the powers of existing identifiers simultaneously in many access controllers. It is most convenient to perform these manipulations centrally, when you only need to carry out the adding/editing procedure once, and then write new data to all devices. In addition, the functionality of generating reports on ACS events and calculating time worked is in demand. For these purposes, software (AW) is used.


ISO "Orion" uses the following software to work with ACS: Uprog, BAProg, automated workplace "Orion Pro". Uprog software allows you to freely configure the configuration parameters of the S2000-2 access controllers and the S2000-4 unit, namely:

  • operating mode, dual identification, access according to the two (three) person rule, number of the controlled access zone, interface type of connected readers, enable/disable the use of the passage sensor, blocking control, blocking timeout, etc.;
  • recording and editing access level controllers, time windows and user IDs in memory.

BAProg software allows you to freely configure similar configuration parameters of biometric access controllers “S2000-BIOAccess-MA300”, “S2000-BIOAccess-F22”, “S2000-BIOAccess-PA10”, “S2000-BIOAccess-SB101TC”, “S2000-BIOAccess- W2".
When using Uprog and BAProg, it is not possible to configure several devices at the same time. Thus, these programs are used only for the initial setup of devices. During subsequent operation of the Uprog and BAProg systems, it is advisable to use only for small systems (no more than 5 devices).

The Orion Pro automated workplace software allows you to implement the following:

  • accumulation of ACS events in the database (passes through access points; blocking and unblocking of access points; unauthorized attempts to pass, etc.);
  • creating a database for a protected object - adding ACS logical objects (access points and zones) to it. As well as their arrangement on graphic plans of premises to implement the possibility of centralized provision of access and monitoring the condition of these objects;
  • formation of a user database - entering the details of employees and visitors, indicating for each person all the necessary attributes (full name, information about affiliation with a company, division, work and home address and telephone number, etc.), as well as setting access rights (authorizations to pass through access points, being in the access zone). The Scanner software allows you to automate the entry of personal data of employees and visitors into the database by recognizing documents (passports, driver’s licenses, etc.);
  • creating a database for recording working hours - creating work schedules, as well as calculation rules for various employees;
  • polling and management of controllers connected to a PC, as well as integration with storage systems for keys, small items and electronic safes (Electronic Safe software);
  • group configuration of access controllers - centralized recording of time windows, access levels, user IDs into the device memory;
  • network antipassback operation;
  • configuration and operation of zonal antipassback;
  • displaying the state of ACS objects on graphic floor plans;
  • displaying information about the employee’s location accurate to the access zone;
  • displaying CCTV cameras, as well as managing the status of these cameras;
  • recording video at the command of the officer on duty, when a motion detector alarms, or according to a control scenario (for example, according to the event of granting access or an attempt at unauthorized passage);
  • Thanks to the integration of the license plate recognition module into the Orion Pro video system, it becomes possible to use the video surveillance system not only for photo and video verification, but also as an additional means of identification in the access control system: providing access through barriers upon successful recognition of the license plate (Orion Auto system ").

It is worth noting that the devices are physically connected to the system computer on which the Orion Pro Operational Task is installed. When organizing distributed systems, remote objects can connect to a single “Operational Task” via a local network using S2000-Ethernet converters. It is also possible to install “Operational tasks” directly on remote objects. The second option will require large material costs, however, it will be more preferable if it is necessary to organize photo verification at remote sites (this function will be available even in the event of a communication channel failure between objects).
It is recommended to connect no more than 500 S2000-2 devices to one operational task.
To enter user IDs into the database of the Orion Pro automated workplace, you can use USB readers: “Proxy-USB-MA” (for EM-Marin, HID and Mifare cards), “Proxy-5MS-USB” (to implement the “anti-clone” function ) and “S2000-BioAccess-ZK9500” (for fingerprints of all biometric controllers with the exception of “S2000-BIOAccess-W2”).
Software modules can be installed on computers arbitrarily - each module on a separate computer, a combination of any modules on a computer, or installation of all modules on one computer. The ISO Orion block diagram shows the number of jobs that can be used in the system.



The “S2000-2” controller, designed for the access control and access control system in the ISO “Orion”, is powered by a low-voltage power supply (IE) with a voltage of 10.2 to 15 V, biometric controllers “S2000-BIOAccess-MA300”, “S2000- BIOAccess-F22", "S2000-BIOAccess-PA10", "S2000-BIOAccess-SB101TC", "S2000-BIOAccess-W2" from IE with voltage from 9.6 to 14.4 V, and the "S2000-4" block supporting ACS functions, has a supply voltage range from 10.2 to 28.4 V, which allows the use of sources with a rated output voltage of 12 V or 24 V accordingly (Fig. 36-40). A special place in the access control system can be occupied by a personal computer with a workstation of the duty operator or administrator. It is usually powered by AC power and its power supply is provided by UPS type sources.
To ensure the continuous execution of ACS tasks, it is advisable to implement a redundant power supply system using built-in RIP or external low-voltage batteries. The current regulatory document - GOST R 51241-2008 “Means and systems for access control and management” recommends that the IE have an indication that the battery is discharged below the permissible limit. At the same time, for stand-alone ACS systems, the discharge indication can be light or sound, and for networked systems, the battery discharge signal can be transmitted to the operator’s console. Distributed placement of equipment over a large facility, which is easily implemented in ISO “Orion” through the use of communication lines of the RS-485 interface, requires providing power to ACS devices (controllers, electromagnetic locks and electromechanical latches) at their installation sites. Depending on the size of the object, you may need from one IE to several dozen. There is a wide range of power supplies recommended for ACS.
In small systems, you can use RIP-12 version 11 (RIP-12-1/7P2) (output current 1 A, light indication of battery presence, charge and discharge). For systems with significant current consumption, the following are used:

  • RIP-12 isp.02, RIP-12 isp.04 with an output current of 2A.
  • RIP-12 isp.01 with an output current of 3A.

For network systems, with the transmission of messages about the state of the power supply to the operator console, you can use any RIP for fire automatics that has relay outputs, or a RIP with an RS-485 interface.

For the S2000-2 device and the S2000-4 unit, the following recommendations should be taken into account. The electromagnetic lock (latch) can be powered from the same power source as the controller, or from a separate power source. When powered from one source, the controller's power supply circuit and the lock's supply circuit must be made of different pairs of wires, which are combined only at the terminals of the power supply. If the readers have a current consumption of more than 100 mA or they are located at a long distance from the controller (100 m or more), then to power the reader it is necessary to use a separate pair of wires going directly to the power source. If the reader is powered from a separate power source, then the “GND” contact (negative power circuit of the reader) must be connected to the “GND” (for “S2000-2”) or “0V” (for “S2000-4”) contact of the device.
For free-standing controllers it is convenient to use “RIP-12 isp.20”. With a rated output current of the source equal to 1 A, the RIP is capable of delivering up to 1.5 A to the load for a long time. A design feature of this RIP is the presence of “two tiers”: a power supply module is attached to the rear of the case, and above it, due to the presence special U-shaped corners - the selected device is placed and fixed with screws (for example, “S2000-2” or “S2000-4”), the functionality of which is not limited in any way (see figure).

A 12 V battery with a capacity of 7 Ah is installed in the lower part of the case. Placing it inside the access controller will save on installation work and further maintenance.
Network access control systems may also require reliable power supply to communicators, modems, and splitters. For these purposes, you can effectively use RIP-24 isp.06, converter modules MP isp.02 and a switching protection unit BZK. The ability to install rechargeable batteries with a capacity of 2x40 Ah in the RIP-24 isp.06 allows you to repeatedly increase the operating time of the system in the absence of mains voltage compared to other power supplies. The MP module isp.02 converts the 24 V voltage to the required level: 3.3; 5; 7.5; 9; 12 V. The UPC protects each power bus separately, i.e. Malfunctions in one of the devices will not affect the performance of the remaining equipment.