Using network technologies in perimeter security systems..
ILYIN Dmitry Vyacheslavovich
USING NETWORK TECHNOLOGIES IN PERIMETER SECURITY SYSTEMS
When building security systems for extended perimeters, designers and installers have to deal with the complexities of laying cable lines through which signals from remote sensors are transmitted to the security post. The cost of this cable system and the labor intensity of its installation are quite significant and are often limiting factors when building large security systems.
In addition, traditional cable systems often do not allow for two-way data exchange with modern «intelligent» security devices installed far from the central equipment.
All these factors force the use of modern network technologies that allow to solve problems associated with the integration of various security devices based on a single system with the ability to monitor, remotely control and configure.
How do security system manufacturers respond to these trends? Let's look at the experience of the largest of them. The article examines the use of network technologies in the equipment of four well-known global manufacturers of perimeter security systems: Italian companies GPS Standard and CIAS Electronica, Canadian — Senstar Stellar and English — Geoquip.
Multiplex 2000 system by GPS Standard, Italy
GPS Standard is well known for its perimeter security systems. The company produces the vibration-sensitive CPS system and its microprocessor modification CPS Plus, which use a coaxial microphone cable as a sensor. The company also produces a system for underground GPS installation, which uses special flexible hoses filled with antifreeze as pressure sensors. In addition, the company's production program includes multi-beam infrared barriers IPS, tension strain gauge system WPS and others.
To combine its security equipment into a single complex, GPS Standard has developed the Multiplex 2000 system.
The Multiplex 2000 system is a communications network for data transmission at a speed of 115 KBd using a specially developed protocol called COM 115. The network operates under the control of the UCP 2000 (Perimeter Control Unit) control unit, housed in a 19” rack-mountable enclosure with a height of 5 U.
Up to 64 security devices of 16 different types from the range produced by GPS Standard can be connected to one UCP 2000 control unit via one 4-wire cable. The network configuration when connecting to the control unit can be of two variants: the first is connecting two independent beams to two ports of the control unit, the second is connecting a communication cable in a ring. In the first case, the length of the protected perimeter will be up to 10 km, 5 km for each beam, in the second — only 5 km, but this provides one important advantage: if the network cable breaks, all connected devices will remain in touch, which significantly increases the security of the system.
If it is necessary to connect more than 64 devices, additional UCP control units are used, which are connected to a personal computer via the same COM 115 bus or via the RS 485 interface. The number of additional control units connected in this way can reach 64.
All new generation GPS Standard systems, which feature built-in microprocessors, digital signal processing, violation pattern recognition, and self-learning mode, and have the Plus index, have the ability to directly connect to the Multiplex 2000 communication system via the COM 115 bus.
To connect previous versions of security systems (without the Plus index) to the Multiplex 2000 system, as well as analog devices, such as magnetic contact or passive IR sensors with dry relay contacts at the output, the system has a special interface module (Sensor Interface Unit).
When connecting a personal computer to the UCP 2000 control unit, it becomes possible to use specially developed software to monitor the system, remotely configure and test security devices connected to the network, record and analyze analog sensor signals in real time without losing connection with other sensors, and store and edit the event log.
The software developed for system management is designed to operate in the Windows operating system environment and has a familiar Windows application interface with drop-down menu windows. The Multiplex 2000 software interface is shown in Fig. 1.
Fig. 1. Multiplex 2000 system interface
Alarms, accidents, openings, etc. from the control unit are output to relay modules for their transmission to other control panels or other security systems (notifications, video surveillance). At the same time, with the help of software, it became possible to remotely configure each relay output in accordance with the requirements.
Using a special data transfer protocol allows, firstly, to additionally protect the system from unauthorized intrusion and interception of data from connected security systems, which is especially important for facilities with increased security system requirements, and secondly, it ensures easy connection and configuration of devices using this protocol. But on the other hand, to expand the system, it is necessary to use devices that support this protocol, which is not very convenient if you are limited by time, and, of course, is more expensive than devices with standard network protocols.
MagNet and Senstar 100/Sennet systems by Senstar Stellar, Canada
Among the developments of the Canadian company Senstar Stellar, there are several systems for global control and management of security equipment at the facility, but we will dwell in more detail on two of them — MagNet and Senstar100/Sennet.
The MagNet system is developed on the basis of a communication line using standard TCP/IP network protocols. The MagNet system equipment allows you to combine into a single security complex not only perimeter systems from Senstar Stellar (Innofence, Yale, Barricade), but also security sensors from other manufacturers, as well as video surveillance systems, access control, voice notification, fire alarms, etc.
A regular personal computer running the Windows NT 4.0 operating system is used as a server to manage the system.
To monitor and configure the system, special UWS (User Workstation Software) software is used, installed on the terminals of the system operators. A plan or photo of the facility can be exported to the UWS graphical interface to facilitate the visual perception of the structure of security zones and signals received from perimeter sensors. The facility plan displays interactive icons of security equipment, which will be highlighted in different colors when the sensor status changes.
Access to the system is protected by personal passwords and has a hierarchical structure.
NetRix video servers with DTS-1000 video capture cards manufactured by Magal and special software are used to integrate the video surveillance system into the MagNet system. One server allows receiving and transmitting signals from 32 cameras.
To connect analog devices to the system, special servers with installed relay block boards are used. One block contains 8 input and 8 output relays. One server can control up to 508 relay blocks.
The Senstar 100/Sennet system is designed for facilities with increased requirements for the level of security, as well as the reliability of perimeter systems, control and information collection systems. Such facilities include airports, communication centers, military bases, oil and gas plants, power plants, etc.
As described above, this system is designed to combine perimeter security systems, video surveillance systems and additional security and auxiliary devices that can be installed at the facility into a single security complex.
The Senstar 100/Sennet system uses both fiber-optic and copper cable (twisted pair or coaxial) as a data transmission medium, with redundancy provided for each communication line.
Data in the network is transmitted using a special protocol Sennet. The protocol has a powerful algorithm for error processing, which allows receiving data without distortion even in the presence of strong interference in the line and unstable network operation.
The server that controls the system is running the QNX operating system. This operating system has a microkernel structure and is used to solve critical tasks, i.e. tasks with very high requirements for response time to emergency situations, requirements for reliability and continuity of control. The system has two server stations to increase the level of reliability.
The Sennet network consists of a network controller NC (Network Controller) and 62 network devices that can be connected to it. These devices include TU (Transponder Units), LTU (Large Transponder Units), and «intelligent» perimeter systems from Senstar Stellar, such as the Perimetrax radio wave system and the vibration-sensitive IntelliFlex. Simple analog security devices with «dry» relay contacts at the output, as well as actuators (security lighting, sirens, gate controllers, etc.) are connected directly to the Perimetrax and IntelliFlex analyzer units.
The video surveillance system is connected directly to the server via the RS-232/RS-422 line. To connect perimeter systems to the server, there is an information port that supports the StarCom1 serial data transfer protocol via the RS-232/RS-422 line.
To reduce the operator's response time to incoming alarm signals, the Senstar 100/Sennet system uses tactile panels (Touch Panel) instead of conventional monitors. The panel displays a site plan with the location of security equipment, an event log, information about the system status, fault testing results, and other service information. The system allows you to save up to 128 graphic diagrams of the protected site in memory.
The Senstar 100/Sennet system has several levels of access for personnel (operator, engineer, administrator), which differ in the ability to access the menu and functions of the system.
The use of the unique QNX operating system, redundant data lines, server and terminal equipment, and the use of a special protocol in the Senstar 100/Sennet system make it highly protected not only from accidental equipment failures, but also from various types of sabotage.
The use of tactile panels and automatic modes for switching video cameras based on alarm events allows for an increase in the speed of the operator's response to alarm signals from security devices, and, consequently, to increase the security of the facility.
Gthernet system by Geoquip, UK
The English company Geoquip, known for its developments in the field of vibration-sensitive systems with microphone sensor cables (Guardwire, Defensor, MikrAlert), in 2006 began production of a completely new system called Gthernet.
The Gthernet system allows you to combine under your control not only the equipment of perimeter security systems produced by Geoquip, but also security equipment from other manufacturers, as well as a number of additional systems that can be installed on the perimeter, such as a video surveillance system, an alert system, an access control system, a weather station, etc.
The Jitternet system is a communication network designed to transmit alarm signals from security systems to the operator's console via fiber-optic or copper cable, as well as for monitoring and remote configuration, viewing and editing of the event log. The network operates in full-duplex mode at speeds up to 100 Mbit/s. An example of a Jitternet network configuration is shown in Fig. 2.
Fig. 2. Jitternet system configuration diagram
The network is controlled by a server based on an industrial computer, called a «base station». The server operates under the Linux operating system as an unattended device, its parameters are configured at the manufacturer's factory and it does not require additional configuration. If necessary, the user has the ability to connect a keyboard and monitor for testing and additional debugging of the network.
The optical cable is connected to the base station via optical fiber-twisted pair converter units, which are structurally located inside the base station housing.
The communication network is built using a ring topology. This configuration increases the security of the system in cases of accidental breakage or intentional damage to the optical cable, since all devices connected to the network will be able to remain in touch after the cable breaks, transmitting signals via two independent beams.
The length of the optical ring is not limited, but special devices — switches (nodes) — must be installed every 1.5 km of the optical line. In addition to the repeater function, they are used to connect security systems to the network and to create branches from the main ring. When using copper cable (such as twisted pair category 5) to connect devices to switches, its length should not exceed 100 m.
The switch is a maintenance-free device with three ports with an RJ45 connector. Thus, up to three Ethernet-compatible devices can be directly connected to each switch. The switch unit is placed in a dust- and moisture-proof aluminum case for installation directly on the perimeter. The switch is powered from a DC source. The Jitternet network switch is an analogue of a switch/hub device used in a standard Ethernet network. The Jitternet network switch is shown in photo 1.
Photo 1. Switch unit of the Jitternet system
The Jitternet system uses standard TCP/IP protocols to transmit signals, which makes it easy to install and integrate monitoring and control systems, including video surveillance equipment, Geoquip's MikrAlert series perimeter security systems, and other manufacturers' security alarm and access control equipment.
The Jitternet system includes three different types of additional modules that adapt signals from external devices to connect them to the Ethernet network via switches.
The following modules are included in these additional modules.
- Interface module (LIM – Legacy Interface Module) for connecting security sensors with relay outputs to the switch. This module is installed directly on the switch board and is placed in its case. The module provides connection to the switch of up to 8 security sensor loops and up to 8 relay outputs.
- Serial & Audio Module (SAM). This module is available in two versions. It is used to communicate with devices via the RS 232 interface (CCTV systems, weather stations, etc.) and to connect Guardwire, Defensor, and MikrAlert analyzers to switches. The module has an input for an analog audio signal, which is digitized and transmitted to the network. The base station decodes this signal into analog form and plays it back in the event of an alarm via the connected audio system. SAM modules are installed either in separate cast aluminum housings or in MikrAlert analyzer housings. In both cases, the housings are protected from moisture and dust, and the electronic units are designed for installation directly on the perimeter. The SAM module is shown in photo 2.
- Expansion module (GEM — Gthernet Expander Module). It is similar in purpose to the LIM module, but allows you to connect a larger number of external devices — up to 96 security sensor loops and up to 512 relay outputs. These functions are implemented using the CenterAlert system units: GCMBA type cross-connect units (for connecting security loops) and GCRLY type relay units (for relay control of external devices).
Photo 2. Module for transmitting serial
and audio signals of the Gthernet system
Each module is assigned its own unique IP address at the manufacturing plant, so they do not require additional configuration.
To control and monitor the Jitternet system, Geoquip has developed special software Geolog, and as an alternative, software from another company, Datalog, can be used. Both control programs are installed on a personal computer, which will be used as the operator's workstation.
The difference between these software products is that the Datalog program runs on the Microsoft Windows platform and is configured by the developer for a specific, previously known structure of the security system. In this case, the operator's computer is connected to the base station via the RS232 serial interface, while the Geolog program uses the Linux platform, has an open architecture and connects to the Jitternet network directly via the Ethernet network interface.
The number of computers connected to the network as operator consoles can be any. At the same time, the login to the system has a hierarchical structure and is protected by passwords.
Using a fiber-optic cable as the main information backbone allows for a significant increase in the reliability and quality of data transmission, and most importantly, to resolve the issue of the maximum length of the protected perimeter, which is especially important for large extended facilities. Also, using a single fiber-optic cable to transmit all signals allows for significant savings on copper signal cables that would need to be laid from each system to the signaling device when using standard control equipment.
The use of standard TCP/IP network protocols allows direct connection to the network of a wide range of equipment (IP video cameras, video storage devices, etc.) that supports these protocols, as well as free scaling of the system, including any amount of necessary equipment and creating a network of any topology in the branches of the optical ring within the Ethernet standard.
IB-system-R system by CIAS Electronica, Italy
CIAS Electronica has been known in the security systems market for over 30 years and is one of the leading companies in the development and production of radio beam security sensors for perimeter protection. Among the latest developments of CIAS are radio beam barriers with built-in microprocessors, digital signal processing, an intruder pattern recognition system based on the use of fuzzy logic algorithms, and built-in network interfaces.
One of the latest developments of CIAS is the IB-system-R network communication system. The system allows you to control the entire complex of CIAS security devices, as well as additional equipment from other manufacturers.
The IB-system-R system consists of the IB-server server unit, the IB-hub concentrator unit, and the IB-island relay units. The system units (photo 3) are made in aluminum frame structures with a height of 3 U for subsequent installation in a standard 19” rack.
Photo 3. IB-system-R units in an aluminum
frame for installation in a 19” rack
The communication network is capable of connecting up to 128 security devices or up to 64 two-position microwave barriers manufactured by CIAS via fiber optic or copper cable (twisted pair type), using the RS 485 protocol. An example of the IB-system-R network configuration is shown in Fig. 3.
Fig. 3. Configuration diagram of the IB-system-R system
Using a personal computer connected to the IB-server via the RS-232 port with the IB-test software installed, it is possible to receive signals from the connected equipment in real time, view the event log, and remotely configure digital models of CIAS security sensors, such as the ERMO 482X PRO, CORAL, MANTA two-position microwave barriers and the ARMIDOR single-position Doppler effect sensor. The system allows you to transfer an analog signal from these sensors to the operator's monitor for analysis, the parameters of the signal levels on the receiving and transmitting units, the values of the set thresholds of the monitored parameters and other data necessary for selecting the optimal settings for the devices, which can also be done remotely from the system operator's workplace. The software has a clear graphical interface for displaying and configuring the operating parameters of the security devices, a built-in event log, in which, in addition to a record of the event, device address and date, you can view a record of the analog signal from this device (the function is available only for microprocessor sensors). The IB-test interface is shown in Fig. 4.
Fig. 4. IB-test software interface
To switch from a fiber-optic line to a copper cable, the IB-system-R system uses special converters supplied with the main equipment. Also, to connect analog devices, CIAS has developed a special interface module that assigns an individual address to each device connected to it, allowing this device to be recognized in the network.
The use of such a system is justified at a long-distance facility, as it minimizes the costs of purchasing and laying numerous signal cables, allowing them to be replaced with fiber-optic or one copper cable. Also, instead of the usual relay control panels, a personal computer with software is used to display alarm signals, the graphical interface of which allows you to display a plan of the facility and quickly localize the alarm location and, accordingly, reduce the response time of the personnel. The presence of remote control makes it possible for an operator or engineer to quickly change the settings and diagnose the equipment without involving additional assistance and significantly simplifies the procedure for installing the equipment.
Conclusion
In the process of introducing network technologies into perimeter security systems, manufacturers have outlined two paths.
The first way is for the manufacturer to use its own data transfer protocols. This allows for better protection of the system from unauthorized intrusion, taking into account all the features of the security equipment in the protocol, best revealing its capabilities in the field of remote control.
The negative aspect may be that the equipment implementing these protocols becomes unique and, as a result, expensive.
Also, the use of special protocols may be justified when designing a system with increased requirements for the security and reliability of data transfer.
The second way is to use standard network protocols, such as TCP/IP. By following this path, security system manufacturers have ensured the ability to easily include multiple devices that already use these protocols (video cameras, digital video storage devices, access control systems, etc.) in the system. However, in this case, more attention must be paid to protecting information in such networks, especially if they are connected to the Internet.
Despite the fact that it is possible to use standard equipment (switches, converters), manufacturers still have to make their own, since the standard equipment does not meet the strict requirements for operating conditions (temperature, humidity, etc.).
Obviously, each approach has its advantages and disadvantages.
But they both help to make wider use of the digital capabilities of modern perimeter security systems, which means that both have a right to exist.