1 General information

1.1 Review of regulatory documents

When developing the project, the requirements of the following regulatory documents were taken into account:

• GOST R 51241-98;
• R 78.36.005-99;
• SNiP 3.05.06-85;
• SNiP 12.1.30-81;
• SNiP 111-4-80;
• GOST 12.2.013-87;

All technical measures are developed in accordance with the requirements of environmental, sanitary-hygienic, fire safety and other standards in force in the Russian Federation and ensuring safe operation of the complex system for human life and health, subject to compliance with the measures provided for in the working documents.

The initial data for the design were: technical specifications for the design issued by the Customer, space-planning drawings.

1.2 Characteristics of the protected object

The facility is an administrative building with a protected area, located at the address: Moscow.

Entry to the site is through 4 checkpoints, with installed automatic gates equipped with an access control system. Entrance to the building is through 4 turnstiles, also equipped with an access control system. In the building, 150 service and technological premises are subject to ACS protection.

2 Main technical solutions adopted in the project

2.1 General characteristics of the system

2.1.1 The adopted technical solutions are based on an integrated approach to protecting the facility, taking into account the requirements for equipment installed at the facility.

To ensure the protection of the facility and fulfill all the requirements of regulatory documentation, the project provides for the use of the following control equipment:

• ACS-102-CE-B - RusGuard ACS controller;
• TTR-04.1- turnstile "Perco";
• RDR-102-EH - access card reader;
• PR-EH05 - anti-vandal access card reader;
• CAME ATI 5000 - linear self-locking gate drive;
• CAME ZF1N - drive control unit.

2.1.2 ACS-102-CE-B controllers are installed in the security room (turnstile control) and at the checkpoint (gate control). Readers are connected to the controller, as well as control circuits for actuators (turnstiles, gates).

The controllers are combined into a bus via the CAN-HS interface and connected to the existing local network of the facility via the Ethernet port of one of the controllers.

2.1.3 Gates at the checkpoint are equipped with automatic drives with a control unit. The gate is controlled from a checkpoint or from an access control system. Anti-vandal RFID readers are installed on the entry and exit sides.

2.1.4 Passage through the turnstiles is permitted by a security guard from the turnstile control panel, or by the access control system upon identification of the user using the attached card.

2.2 Description of the main characteristics of RusGuard ACS

2.2.1 Basics

The RusGuard access control and management system is the latest development based on the latest advances in microprocessor technology and software development technologies. RusGuard is a registered trademark, and the equipment has all the necessary certificates of conformity.

RusGuard ACS compares favorably with other products on the market due to its versatility, both hardware and software.

RusGuard ACS controllers support work with all types of access points:

• door,
• two doors,
• turnstile with card reader,
• gate/barrier with card reader and traffic light control.

The versatility of the hardware greatly simplifies system maintenance, as there is no need to purchase spare parts for different types of controllers. The reliability of the equipment guarantees its trouble-free operation throughout its entire service life.

ACS controllers operate autonomously or as part of a network system together with RusGuard Soft software. Controller-server communication interface:

• CAN-HS - High Speed ​​Control Area Network (two-wire interface data bus).
• Ethernet 10/100 BASE-T.

Due to the presence of several interfaces at once, the controllers easily fit into the existing SCS of the facility, allowing you to create different equipment connection models: each controller to an Ethernet network, connection via a CAN bus, connection of controllers in CAN-Ethernet converter mode.

2.2.2 Distinctive features of the equipment

The use of CAN and Ethernet buses by the controllers as a communication interface with the server, as well as the use of a specially developed upper-level protocol, made it possible to implement a number of unique functions directly related to the features of the CAN and Ethernet interface, namely:

• Implementation of a “Master-Master” network architecture and refusal to constantly poll devices from the server. The system structure does not have a Master device (remote control, server, etc.) that constantly polls all system components and transmits commands to them. All devices on both the CAN bus and the Ethernet network are equal, and each can initiate a connection with a server or other device on the bus to transfer information.
• High speed and no delays in transmitting information to the server. Due to the implementation of the “Master-Master” architecture, there are no static delays in the transmission of information in the system, due to the need for constant cyclic polling of all devices in the system. Information exchange is carried out in real time. The high speed is due to the characteristics of the interfaces used (CAN - up to 1 Mbit/s, Ethernet - up to 100 Mbit/s).
• Implementation of the global (in a network of several controllers) “AntipassBack” function without server participation. The controllers allow you to implement up to 255 “AntipassBack” zones, including nested ones.
• Implementation of the global (in a network of several controllers) “Double pass-through prohibition” function without server participation. A function for tightening the “AntipassBack” rule, which allows you to instantly block the user’s card in devices on the bus, after it has been read by one of them, but before the user passes through (i.e. before the global “AntipasBack” algorithm comes into effect).
• Execution of global reaction algorithms by any ACS controller (transmission of commands to other devices on the network) without the participation of the Master device (remote control, server, etc.). For example, to implement the “Emergency Unblocking” function, there is no need to combine the unlocking circuits of each Controller; it is enough to connect the circuit of one Controller, which in turn will transmit the Emergency Unblocking command to other devices on the bus.

2.2.3 Distinctive features of RusGuard Soft software

The technologies underlying the RusGuard software, together with the technical features of the equipment, make it possible to build a single combined system that includes an unlimited number of equipment servers, local database servers, etc., with the organization of both local monitoring centers and centralized ones, allowing control of the entire system entirely.

Main features of RusGuard software:

• Unlimited number of controllers, users, remote workstations in the system.
• Possibility of unlimited scaling and expansion of the system without additional costs.
• Complete protection of information in the system based on SSL and TLS certificate mechanisms (it is possible to use corporate certificates).
• Built-in automatic document recognition module.
• Wide integration capabilities with third-party systems (ISO Orion (NVP Bolid), 1c, ITV, VisitorControl, Ivideon, etc.).
• Report server web interface.
• Ability to edit and create your own templates for the reporting module.

2.3 Description of the main characteristics of ACS-102-CE-B controllers

2.3.1 Purpose

The controller operates autonomously or under the control of server software “RusGuard Soft”, JSC “RusGuard”.

Autonomous mode is the operating mode of the controller with the provision or denial of access using a key stored in the non-volatile memory of the controller, depending on the access rights of this key, the operating mode of the controller, etc. Occurring events are saved with a time stamp in the non-volatile memory of the controller.

The operation of the controller under the control of server software is similar, with the difference that events occurring in the system are read by the server software, where the information received from the controller is visualized, stored and transmitted to connected remote workstations.

The controller is designed for installation inside a facility and is designed for round-the-clock operation.

2.3.2 Main characteristics

2.3.2.1 The controller is powered from a built-in modular DC power supply. The main power supply is supplied from an alternating current network with a voltage of 220 V 50 Hz.

Type of modular power supply - switching.

Rated output current - 4000 mA.

Power consumed from a 220 V 50 Hz network is no more than 80 W.

2.3.2.2 The ACS-102-CE-B controller supports the backup power supply function. If the main power supply (~ 220 V 50 Hz) is lost, the system switches to a backup source (battery - 7 A∙h). The functions of automatic battery charging and disconnecting loads when the battery is deeply discharged with the provision of relevant information are supported.

2.3.2.3 The maximum current consumed by the controller from the DC power source is no more than 150 mA.

2.3.2.4 The number of independent load power supply channels is 4 (+12V-1, +12V-2, +12V-3, +12V-4).

2.3.2.5 Characteristics of overload protection along load power supply channels:

• +12V-1, +12V-2 - 500 mA.
• +12V-3, +12V-4 - 1500 mA.

Each channel has an individual self-healing electronic overcurrent protection circuit. If the established current limits are exceeded, the corresponding channel is switched off. Once the cause of the overload is eliminated, power is automatically restored.

2.3.2.6 The number of executive relays for controlling external devices is 8.

Relay type - electronic, with individual thermal protection and overcurrent protection circuits.

The maximum switching voltage of relay EK1-EK4 is 42 V.

The maximum switched current of relay EK1-EK4 is 1500 mA (up to 3000 mA in pulse mode).

The maximum switching voltage of relay EK5-EK8 is 17 V.

The maximum switched current of relay EK5-EK8 is 50 mA.

2.3.2.7 The number of simultaneously connected readers is 3.

Reader interface - Wiegand26, Touch Memory (1-Wire, μ-LAN).

The polarity of the indication control is adjustable.

2.3.2.8 The controller analyzes the case tamper circuit for opening and provides the corresponding information.

2.3.2.9 The controller has an input for emergency opening of the access point by an external signal. The type of control circuit contacts is customizable.

2.3.2.10 Communication interface between the controller and the server:

• CAN-HS - High Speed ​​Control Area Network.
• Ethernet 10/100 BASE-T.

2.3.2.11 The controllers provide simultaneous performance of the functions of a CAN - Ethernet converter.

2.3.2.12 Supported access point types:

• Door.
• Two doors.
• Turnstile with card reader.
• Gate/barrier with card reader + traffic light control.

The controller operating mode is selected using settings from the configurator.

2.3.2.13 The maximum number of keys/events is 32,000/60,000 (static memory allocation).

2.4 Description of the main characteristics of RusGuard Soft software

2.4.1 Supported OS

Supported OS (both 32 and 64 bit versions):

• Windows XP (remote workstations only);
• Windows 7 (Home Premium, Professional, Enterprise, Ultimate);
• Windows 8 (all editions);
• Windows 2008 Server R2 (all editions);
• Windows 2012 Server (all editions).

2.4.2 Description of the modules included in the RusGuard Soft software:

Hardware Configuration Module

Allows you to integrate various equipment into the system and configure it:

• RusGuard ACS controllers;
• Equipment ISO “Orion” (NVP Bolide);
• USB GSM modems for use in the Reactions module;
• Email accounts for use in the Reactions module;
• Ivideon video servers (works with any IP video cameras);
• Ivideon personal accounts (creation of distributed IP video surveillance systems);

The number of connected equipment is unlimited.

Database Configuration Module

Provides functionality for working with employees:

• Creating a list of positions;
• Creating a tree of employee groups;
• Creation of schedules;
• Creating lists of holidays and transfers;
• Creating a list of access levels;

The number of employee groups, employees, access levels is unlimited.

The module allows you to work with any USB scanners and WEB cameras to receive and save employee photos.

When editing the properties of an employee, it is possible to use the document recognition functionality (passport, foreign passport, driver's license), which allows you to quickly fill out all the fields of the employee's card by scanning through any USB scanner and automatically recognizing it.

Workplace configuration module

Allows you to create custom workstations with a specific set of system modules, configure operating and display modes of various modules, configure module display screen parameters, etc.

For each workstation and its included modules, it is possible to set unique settings for displaying various elements, as well as allowing the operator to change them during operation.

The number of user jobs created is unlimited. Each workstation can include an arbitrary set of system modules. Operator access to certain workstations is configured in the system control module.

System Configuration Module

Purpose of the module: management of system operators, creation of groups of operators, roles, access rights to created workplaces, delimitation of access rights to system functions.

The number of groups and system operators is unlimited. Each group of operators is assigned access rights to a specific set of created user workstations.

Also in this module, server Reactions are configured. When creating reactions, time schedules for reactions are set, filters are configured for devices, employees, etc.

Available actions for reactions:

• sending SMS. Messages are sent to a separate list of numbers and/or to a list of numbers of the user who caused this reaction.
• sending Email. Messages are sent to a separate list of numbers and/or to a list of numbers of the user who caused this reaction.
• video recording from integrated IP cameras. The recording time before the event and the recording time after the event are configured. Video fragments are accessed from event logs in the Reports module.
• launching an external application/script. The launch parameters pass event data for use in various scripts.

Module plans

Allows you to work with graphic plans. The number and nesting of plans is unlimited. The plans contain icons of devices included in the system (controllers, video cameras, zones, partitions, etc.) that display the current state and allow you to manage them.

When adding IP cameras to the system, it is possible to view live video from these cameras.

Photo identification (video verification) module

Allows you to display photos of employees passing through selected access points, as well as live video from integrated cameras.

The screen configuration (creating zones for displaying photo or video content), the number of displayed photos and other parameters are configured by the user.

With appropriate equipment settings, it allows you to control the access point in the “Pass by operator permission” mode.

Report module

Allows you to build reports using existing templates. Templates can be edited, customized, and you can also create new ones yourself and add them to the system.

Existing templates allow you to build reports:

• By system events
• Coming and going
• Latecomers
• Gone Before
• Employees in the office
• Absent employees
• Work time
• Working hours including absences
• and etc.

Created reports can be exported to Word, Excel, PDF, CSV, XML.

The report server allows you to configure automatic (scheduled) generation of reports, saving or sending them via Email (when using the MS SQL Server Standard edition or higher).

Report server web service

The Report Server has a WEB interface, the use of which will allow you to quickly access the functionality of the Report Module without the need to install RusGuard AWS.

3 Cable network

3.1 Laying cable network

Connect the ACS-102-CE controllers, as well as all associated circuits, using UTP 4×2×0.52 wire. If necessary, to connect individual devices and blocks, the wire, UTP 4×2×0.52 can be replaced with KSPV 2×0.5, KSPV 4×0.5, KSPV 8×0.5, KPSVEV 2×2×0.5.

The access controllers are powered using a VVGng-LS 3×2.5 wire.

Lay the lines behind the suspended ceiling in a flexible corrugated pipe with a diameter of 16 mm, along the open ceiling and walls - in a closed PVC cable channel.

When laying wires and cables, take into account the requirements of the PUE,

SNiP 3.05.06-85 and the corresponding section SP 5L 3130.2009.

4 Power and Grounding

4.1 General requirements for power supply and grounding

Power supply of access controllers is carried out in accordance with the "PUE" from a 220V 50 Hz network.

Elements of electrical equipment of security systems must meet the requirements of GOST 12.2.007.0-75.

All metal parts of electrical equipment that are not energized, but which may become energized due to insulation failure, are subject to grounding (grounding). The resistance of the grounding device must be no more than 4 ohms. Grounding (grounding) must be performed in accordance with the relevant section of the "PUE", SNiP 3.05.06-85, the requirements of GOST 12.1.30-81 and the technical documentation of component manufacturers.

Installation of grounding devices must be carried out in accordance with the requirements of SNiP 3.05.06-85.

5 Occupational health and safety measures

5.1 General requirements for occupational safety

Installation work must be carried out by a specialized organization when the facility is ready for construction, in strict accordance with the current standards and regulations for installation, testing and commissioning of security system installations and the requirements of RD 78.145-93.

Installation and adjustment work should begin after completion of safety measures in accordance with SNiP 111-4-80 and the incoming inspection report.

All electrical installation work, maintenance of installations, frequency and testing methods of protective equipment are carried out in compliance with the “Rules for the technical operation of consumer electrical installations” and “Inter-industry rules for labor protection (safety rules) during the operation of electrical installations.”

Persons who have undergone safety training are allowed to install and maintain the system. Completion of the training is noted in the safety log, which must be kept by the responsible person at the site.

The equipment is allowed to be installed after receiving inspection with the drawing up of a report in the prescribed form.

When carrying out construction and installation work, installers' workplaces must be equipped with devices that ensure the safety of work.

When working with power tools, it is necessary to ensure compliance with the requirements of GOST 12.2.013-87. Electrical installation work in existing installations should be carried out only after the voltage has been removed.

Commissioning work should be carried out in accordance with the requirements of SNiP 3.05.06-85.

6 Professional and qualified personnel working at the facility for maintenance and operation of the security system

6.1 Requirements for personnel servicing the security system

To maintain installations and signaling devices, it is recommended to involve specialized organizations that have licenses to carry out this type of work.

Control room attendants must be trained in the rules of operating the installed equipment.

Main decisions made in the ACS project

The access control system is built on the basis of the equipment of the integrated system "Orion" from NVP "Bolid". The following technical means of the system are accepted:

Access controllers "S2000-2" Bolide;
- monitoring and control panel "S2000M";
- personal computer with Uprog software, Orion Pro workstation (included in volume CC8);
- electromagnetic locks AL-250uz;
- card readers "S2000-Proxy";
- door closer DORMA TS-68

Access controllers "S2000-2", backup power supplies "RIP-12 isp.01" with batteries, are installed on the 4th level in the premises: cash collector, communications, cash desks, security post and on the 1st level in the fire station room security, communications. The monitoring and control panel "S2000-M", a personal computer with software (the computer is taken into account, see the SS-8 kit) are installed in the fire department (1st level). The control panel is installed at a height of no more than 1800 mm from the floor level and no less than 50 mm from other devices, both vertically and horizontally.

"S2000-Proxy" card readers and AL-250uz electromagnetic locks are installed at the entrances and exits of controlled access points and at a height of 1500 mm from the floor level.

The construction of the system begins with a workstation - a personal computer.

An RS-232 to RS-485 interface converter (S2000-PI) is connected to the computer. Devices "S2000-M", "S2000-2" are connected via the RS-485 interface (cable KSPVVng-LS 1x2x0.5). From the S2000-2 controllers to the electromagnetic locks and readers, the KPSVEV 2x2x0.5 cable is laid in a cable channel.

The main and backup power is provided from backup power supplies RIP-12 isp.01 (3A) and from built-in 17Ah batteries. Which in turn are powered from an AC mains voltage of 220V category 1. If the power supply is interrupted, it is ensured that the system equipment can operate from power sources and built-in batteries for at least 24 hours in standby mode and for at least 1 hour in emergency mode. Power supply from power supplies to devices is supplied via cable KSPV 2x0.8.

The ACS is controlled from the "S2000-2" controllers and the "S2000-M" remote control. Controlled entry and exit to office premises is carried out using contactless plastic cards. To do this, everyone working in this building is provided with an individual, contactless access card, upon presentation of which the lock controller automatically identifies the presented card, compares it with the list of allowed cards and the time of allowed passage.

If the presented card satisfies all the conditions, the electromagnetic lock automatically opens and all information is entered into the event log. The system operator, through the Orion workstation, manages all system controllers and devices connected to its outputs, and has access to viewing the history of system events. To transfer data to the SMIS server, a SCADA server is installed (see kit CC-8).

• IO-102-5 embedded magnetic contact security detector for blocking doors from unauthorized opening and/or holding;
• electromagnetic lock Aleko AL-150-12/24, designed for locking entry/exit doors of premises
• door closer, for doors weighing up to 100 kg DORMA TS-72;
• readers PR-P05, PR-P09, PR-P16 are designed to read the code of identification cards with the Mifare standard and transfer it to ACS controllers.
• MA 120 readers are designed for reading biometric data (fingerprint) and transmitting data to the ACS controller.

The full composition of the ACS equipment with the amount of consumables and auxiliary materials is given in the equipment specification.

Block diagram and operating principle of the system

An access control server connected to an Ethernet network is used as the main receiving and control equipment of the access control system. The server constantly polls devices connected via an Ethernet local network, receives information about the status of door loops, requests to check access codes, and issues commands in accordance with a given algorithm.

An access control server connected to an Ethernet network is used as the main receiving and control equipment of the access control system. The server constantly polls devices connected via an Ethernet local network, receives information about the status of door loops, requests to check access codes, and issues commands in accordance with a given algorithm.

To differentiate access to entrance/exit to premises, proximity readers are installed next to the door to work with Mifare contactless access cards, which are used as electronic passes. To quickly issue passes, a PR-P08 reader is connected to (AWS No. 2).

Software description:

The integrated ParsecNET 3 system supports the management of one to several hundred access points. The system uses Proximity cards as keys.

PNWin software supports, in addition to the standard ones, many necessary additional functions: a database of personnel photographs, graphic plans of alarm zones, time tracking, and so on.

PNWin also allows you to export created reports, personnel databases, access points, etc. to CSV files (these are text files in which data is separated by certain characters, for example, semicolons).

PNWin software can run on one PC or simultaneously on several connected to a local network. In this case, the hardware can be connected to several PCs simultaneously. A security unit is connected to the server, which stores the general configuration and a list of modules available for operation. The software installed on the server collects and stores information, as well as organizes network communications and data exchange. All functions for managing and administering the system are available both from workstations (by entering the System Administrator password) and from the server.

The maximum number of concurrent PCs in a ParsecNET 3 system is determined when ordering the system. The project provides for ordering software for one workstation and one server.

The access control and management system includes emergency exit buttons, which are necessary in critical situations (fire, emergency evacuation). These emergency exit buttons are connected to the ACS system controller in such a way that even if the connection with the ACS system server is lost, people will be able to leave the room protected by the access system.

Software composition:

• basic software for 8 access points. Software necessary for normal operation of the system, including both PNWin itself and some modules (ParsecNET 3 plan editor, access group manager, task scheduler, task manager);
• module for preparing and printing passes. The module allows you to develop templates for pass cards and save them in a database, print passes using prepared templates and the system personnel database. There are functions for correcting photo quality;
• module for generating a monthly time sheet with information output to the standard T-13 form, generating weekly time sheets, as well as generating reports on various types of deviations (lateness, leaving early, absenteeism, and so on);

System functions

ACS provides the following main functions:

• setting regulations for the functioning of the system in accordance with the requirements of the administrator and established modes;
• the ability to differentiate user rights using a personal identification code;
• issuing alarm signals to the duty officer's post;
• providing information to the duty officer about the condition of each door of the premises;
• control of the door loop for short circuit, open circuit, detector “normal”, detector “alarm”;
• confirmation of reception of the “alarm” signal with the corresponding indication on the operational duty officer’s workstation;
• maintaining, viewing and printing protocols of operational information;
• detection of unauthorized entry of people into the premises of the facility when the door is broken;
• prompt preparation and issuance of contactless pass cards;
• employee time tracking;
• automatic and manual control of access controllers;
• manually unlocking the access point during emergency evacuation (from the operational duty officer's workstation).