Recommendations for the selection of equipment and design of Elsys ACS.

Recommendations for selecting equipment and designing Elsys ACS.

Main stages of equipment selection

Equipment selection consists of several main stages:

1. For each access point or group of similar access points (for example, several equal access points at one checkpoint), it is necessary to determine the design of the Elsys-MB series controller.
2. For older models of Elsys-MB controllers in Light, STD, Pro, Pro4 versions, it is additionally necessary to select the version of the Elsys-XB series memory expansion module and the interface type.
3. For the system as a whole, it is necessary to select communication equipment — interface converters, RS-485 communication line repeaters (repeaters), communication network controllers (CNC), in accordance with the developed structure of the ACS information network.

Detailed information on the selection of equipment and recommendations for system design are provided below.

Selection of Elsys-MB controller versions for various access points

The most common applications for various Elsys-MB controller versions are listed in the table.

* — for all versions except Elsys-MB-SM, an Elsys-XB series memory expansion module is required, the quantitative parameters are determined by the version of the module.

In the junior model of Elsys-MB-SM controllers, all functions, input and output assignments are fixed, expansion, change of settings and configuration is impossible. All applications of this model, other than those recommended in the table, should be used by the installer consciously, taking into account the existing limitations and work experience. The manufacturer does not perform modifications to the product and software to resolve issues that arise during its non-standard use.

For the older models of Elsys-MB controllers of Light, STD, Pro, Pro4 versions, only the main parameters and typical applications are indicated. To implement additional functionality, it is necessary to read the Elsys ACS operating manual and the Bastion-Elsys APCS module setup manual.

If you have sufficient experience in programming hardware interactions, installing and configuring the system, you can create your own controller configurations to solve almost any problems in organizing access and managing auxiliary equipment.

For example, many common models of turnstiles, in particular those from PERCo, require three galvanically isolated outputs (relays) for full secure control.

For this reason, in typical applications, it is recommended to use Elsys-MB-STD controllers.

When using turnstiles of other types or implementing simplified control algorithms, the installer, using his knowledge and experience of working with turnstiles and controllers, can decide to use control devices of the Elsys-MB-Light or Elsys-MB-Pro4 design and independently develop (modify) their configuration to organize work with one or two turnstiles, respectively.

Another example is the use of the Elsys-MB-Pro4 controller to work with four access points equipped with one-way identification.

The basic module of the controller supports this mode, but the power supply is designed to connect only two locks. If you have experience in selecting system equipment to solve the problem, you can organize the power supply of two additional locks from an external source.

The number of typical controller configurations is constantly expanding, including through the exchange of experience with Elsys ACS consumers. All currently existing configurations are included in the Bastion APCS. A demo version of the product is available on the technical support website.

Selection of the memory expansion module type for older Elsys-MB controllers

The Elsys-XB series memory expansion module determines the capacity of the pass (access card) database and event buffer, the number of available time intervals, access levels, and the availability of a number of functional capabilities.

The controllers are supplied without an expansion module for ease of assembly. For most applications, the presence of a memory expansion module is mandatory.

For example, such parameters as high pass intensity, support for the «global antipassback» mode in systems with the Elsys-MB-Net KSK, support for the Elsys-IP Ethernet interface module, security functions and memory redistribution are available only if the memory expansion module is installed.

The expansion module specifications indicate the capacity values ​​of the permanent pass database and the default event buffer.

When setting up the system, it is possible to change the memory distribution to change one or more parameters at the expense of others.

For example, it is possible to increase the capacity of the pass database by reducing the capacity of the event buffer.

The main parameter when choosing a memory expansion module is the capacity of the pass database (access cards). In some cases, for systems operating in autonomous mode for a long time, the capacity of the event buffer is an important parameter.

When assessing the number of passes for systems operating with temporary and one-time passes, it is necessary to take into account that one temporary (one-time) pass in terms of the volume of stored information is equivalent to two permanent ones.

For example, when using 2000 permanent and 1000 one-time or temporary passes, the database capacity required is at least 4000 (2000+1000*2) passes. When the system works only with permanent passes, it is enough to know the number of personnel who will be issued access cards.

Passes with identification by two features (card + PIN code) require a capacity 30% greater than permanent passes without additional identification.

Thus, 1000 passes with identification by two features are equivalent to 1300 permanent passes.

Typically, this method of identification is not very common, it is used for particularly important premises with a small number of personnel and does not provide high throughput due to the rather long process of entering the PIN code by the employee.

The approximate required capacity of the database of passes Nбд. can be calculated using the formula Nбд.=Nпост.+2*Nвр. without using PIN codes or Nбд.=1.3*Nпост.+2.3*Nвр. when using PIN codes, where Nпост. is the number of permanent passes, Nвр. is the number of temporary and one-time passes.

The capacity of the event buffer determines the number of the latest events that will be saved in the controller's memory during autonomous operation (the ACS server is turned off).

When calculating the duration of autonomous operation, it is necessary to remember that each pass through the access point in one direction generates 3 events on average.

Thus, to prevent loss of information about passes during 2 days of operation in autonomous mode with 500 passes per day, a buffer with a capacity of more than 3000 (500*2*3) events is required.

The parameters «Number of access levels» and «Number of time intervals» are almost impossible to calculate at the system design stage.

Actual values ​​are usually determined when filling the personnel database during the setup and operation of the system.

Typical values ​​of these parameters for the extension module in most cases allow you to create a system of any complexity.

When determining the required capacity of the controller memory module, it should be taken into account that its parameters relate to a specific access point and do not determine the capacity of the system as a whole. For example, an enterprise has a staff of 15,000 employees.

The employees are divided into four equal groups, each of which has the right to access the territory through one of the four checkpoints. Thus, each checkpoint serves 3,750 employees.

If employees within a single checkpoint can enter through any access point, the capacity of the memory module of each controller at that checkpoint must ensure storage of at least 3,750 passes.

When splitting flows within a single checkpoint, the requirements for the capacity of the modules can be further reduced, for example, half of the employees go through one group of turnstiles, and the other half through the second.

For access points located on the premises of an enterprise, the values ​​of these parameters may be significantly smaller. For example, only a few dozen employees may have access to some areas of an administrative building using passes. For such access points, smaller capacity modules can be used.

Having determined the required number of passes and the required volume of the event buffer, you can select the module design.

When selecting, it is not recommended to focus on modules with a smaller typical capacity in the calculation of memory redistribution, since the lack of a reserve may lead to the need to replace the module when expanding the staff, introducing or increasing the number of temporary and one-time passes, increasing the requirements for the duration of operation in autonomous mode.

Default memory allocation options, maximum values ​​​​for redistribution and controller parameters without an expansion module are given in the table.

Examples of memory allocation settings

The values ​​specified in the table are valid when the controller serves either one or two (or four for the Pro4 controller) equal access points.

If the controller serves access points that operate with different passes, the module capacity should be selected based on the sum of all passes that have access to these access points.

For example, the Pro4 controller serves two doors.

2500 passes have the right of passage to both points, 1500 passes have an additional access to the first point, and 2000 to the second. The required capacity is calculated as the sum of 2500 + 1500 +2000. = 6000 passes.

Changing the interface type of older Elsys-MB controllers

In the basic configuration, all controllers are supplied with an RS-485 interface.

Elsys-MB devices of Light, STD, Pro and Pro4 versions support the possibility of installing an additional Elsys-IP Ethernet interface module.

The Elsys-IP module is supplied separately.

Installing the module ensures that the controller is connected directly to the Ethernet network.

A separate module is required for each controller.

Hereinafter, the controller equipped with the Elsys-IP Ethernet interface module will be designated as an IP controller.

When setting up the ACS server database, all IP controllers are programmatically divided into network groups containing no more than 63 devices.

Devices within one network group operate similarly to controllers with an RS-485 interface connected to one communication line.
Different network groups are independent, there are no hardware interactions or «global antipassback» between them.

To combine network groups into a single system, it is necessary to include one Elsys-MB-Net KSK in each of them.

Selecting an access point configuration

The controllers support work with both access points equipped with one-way identification and access points equipped with two-way identification.

In the first case, entry is permitted by reading the registered identifier, exit — by pressing the exit button. In the second case, entry and exit are permitted by reading the registered identifier.

The choice of configuration is determined by the tasks that the ACS solves at each specific access point.

Two-way identification is mandatory for access points that ensure control over the time of employees' presence at the workplace to account for working hours.

As a rule, such access points are located at the checkpoints of the enterprise, at the entrance to the working area of ​​the department, etc.

Two-way identification additionally increases the level of security, as it prevents the free exit of people who have entered the territory without authorization — for example, following an employee, through a window or fence.

When organizing access points with two-way identification, it is necessary to provide measures to protect the life and health of personnel in the event of a fire or natural disaster.

These include various devices for centralized and local unlocking of access points, the type and method of application of which must be agreed upon with the state fire inspection.

In other cases, when the main task is to prevent free entry from the outside, one-way identification can be used.

Recommendations for organizing RS-485 communication lines

When selecting the structure of the network of access control system controllers with the RS-485 interface, it is necessary to comply with a number of requirements that ensure stable operation of the system and high speed of information transfer:

1. The length of one segment of the communication line should not exceed 1200 meters.

2. Each segment of the communication line should be implemented as a bus passing through all devices, branches longer than 0.5 meters are not allowed.

3. Segments must be combined into a single line using Elsys-RC-232/485 interface repeaters.

4. The total number of devices, such as controllers, interface converters and repeaters, connected to one communication line segment must not exceed 32.

5. Terminating resistors must be connected only to devices located at the beginning and end of the communication line segment.

6. It is recommended to use a two-wire unshielded twisted pair (UTP) of at least category 3 with a conductor diameter of at least 0.5 mm (cross-section 0.2 mm2) as the physical medium for transmitting information. The use of other types of cable may lead to a reduction in the permissible segment length and/or a decrease in the information transfer rate.

7. It is recommended to additionally connect the «GND» contacts of all controllers and converters/repeaters of one segment of the communication line with a wire of double cross-section, for example, using two conductors of a free twisted pair. This equalizes the potentials of the interface signal lines, improves the operation of the galvanic isolation circuits of the repeaters and interface converters, and helps to increase the speed and reliability of information exchange.

8. To connect the communication line to the USB or RS-232 serial port of the computer, it is recommended to use the Elsys-CU-USB/232?485 interface converters or the Elsys-RC-232/485 interface converters/repeaters, respectively. It is not recommended to use devices of other types, since testing of operation with them is not carried out and there are no recommendations for troubleshooting communication line errors.

For example, to connect 63 devices to one communication line, it is necessary to organize 3 segments.

The first segment can contain the Elsys-CU-USB/232?485 interface converter, no more than 30 controllers and the Elsys-RC-232/485 interface repeater for connection to the next segment.

The second segment is connected to the interface repeater of the first segment, and can also contain no more than 30 controllers and end with an Elsys-RC-232/485 interface repeater.

The third segment is connected to the interface repeater of the second segment and can contain no more than 31 controllers.

Thus, 63 controllers can be evenly distributed across three communication line segments, each of which can contain 21 controllers.

Selection of the ACS network structure

When selecting a network structure, the main criteria are the scale of the system and the presence or absence of the need to organize a single information space for the ACS controllers.

A single information space ensures interaction between controllers without the involvement of the ACS server software.

This makes the system functions “global hardware antipassback” and “inter-controller interactions” available within the entire system, including a branch network of large facilities united by a single Ethernet computer network.

In the absence of a single information space, the specified modes operate only within local groups of controllers, each of which can contain no more than 63 devices connected to one RS-485 communication line (for devices with an RS-485 interface) or included in one network group, for IP controllers.

There is no interaction between groups.

It is possible to use a mixed structure, in which part of the system is part of a single information space, and one or more local groups of controllers are not its integral part.

For small local systems containing no more than 63 controllers with the same interface, a single information space is provided automatically if the following conditions are met:

• all controllers with an RS-485 interface are connected to a single communication line;
• the RS-485 communication line is connected to a single port of the ACS server via an interface converter (RS-485/USB, RS-485/RS-232) or to an Ethernet network via the Elsys-MB-Net access control system;
• all IP controllers are located in the local Ethernet network and assigned to a single network
group.

In mixed systems containing no more than 63 controllers with an RS-485 interface and no more than 63 IP controllers (up to 126 controllers in total), a single information space is provided if the following conditions are met:

• all controllers with an RS-485 interface are connected to a single communication line;
• the RS-485 communication line is connected to the Ethernet network via the Elsys-MB-Net KSK;
• all IP controllers and Elsys-MB-Net KSK are located in the same local Ethernet network and assigned to the same network group.

Let's consider options for organizing an ACS network for distributed and large facilities depending on the selected type of system:

1. It is necessary to organize a single information space.

Despite the higher complexity of the internal mechanisms of the ACS, the organization of such a system is simpler and more understandable.

This option is more universal, as it allows using any Elsys ACS modes without restrictions, creating distributed systems and eliminating the binding of the location of the equipment server to the location of the ACS communication lines.

The only drawback may be the higher cost of the equipment, which in most cases is offset by a decrease in the cost of installation.

There are no restrictions on the joint use of controllers with an RS-485 interface and controllers equipped with an Elsys-IP Ethernet module.

The system must operate under the control of one hardware server. The total number of controllers in the unified information network of the ACS must not exceed 15120.

A mandatory condition is the use of the Elsys-MB-Net ACS for each RS-485 communication line and for each group of IP controllers, including up to 63 devices.

The total number of network groups of IP controllers and RS-485 communication lines must not exceed 240.

One Elsys-MB-Net ACS can simultaneously service one RS-485 communication line and one group of IP controllers.

Using more than one ACS server and interface converters to connect RS-485 communication lines to a computer is unacceptable.

It is not recommended to include in one group IP controllers and Elsys-MB-Net ACS located at geographically remote sites of a large system — branches, offices, warehouses located in other parts of the city or in other regions. This is due to the peculiarity of information flow over the Ethernet network.

For example:

Task:
It is necessary to equip an enterprise with an isolated territory with three checkpoints, a four-story office, a warehouse and assembly shops with an Elsys ACS.

The enterprise has a single local Ethernet network connecting the office, checkpoints and warehouse.

The number of access points on each floor of the office does not exceed 63, all access points go out into a common corridor.

It is necessary to organize two access points at the checkpoints and in the warehouse.

There is no need to organize an ACS in the workshops.

It is necessary to provide for the expansion of the system after the completion of the construction of the central office, located in the city center, equipped with a structured cable network, and connected to the unified computer network of the enterprise.

The number of access points in the central office is 85.

After installing the ACS, the equipment server must be moved to the central office.

Solution:
In the office, it is advisable to use controllers with an RS-485 interface.

The controllers of each floor are connected by an RS-485 communication line connected to the Elsys-MB-Net KSK.

It is advisable to install IP controllers at remote checkpoints and in the warehouse, which must be included in one network group.

For the network group of IP controllers to interact with other elements of the system, it is necessary to include one Elsys-MB-Net KSK in it, servicing the RS-485 communication line of any floor.

Thus, to organize a single system at the first stage, four Elsys-MB-Net KSKs are required.

The ACS server, Elsys-MB-Net KSKs and IP controllers are connected to the enterprise's local network. No additional devices are required to connect the system equipment to the computer.

When expanding the system in the central office, it is advisable to use IP controllers for each access point.

The controllers must be divided into two network groups, each of which contains no more than 63 devices.

To include the subsystem in a single information space, one Elsys-MB-Net KSK must be included in each network group.

All IP controllers and Elsys-MB-Net KSK must be connected to the enterprise's local network in the central office.

2. Organization of a single information space is not required.

A system of this type can have any architecture, including RS-485 communication lines, network groups of IP controllers, several equipment servers operating under a single database.

Connection of communication lines to equipment servers can be performed via interface converters or Elsys-MB-Net KSK depending on the structure of the facility, equipment location and economic feasibility.

The system can contain up to 15 equipment servers. No more than 16 communication lines can be connected to the USB or RS-232 serial ports of one server.

The total number of controllers in all groups must not exceed 16128.