Pro-Watch® Security Management Suite
Architect and Engineering
Specifications
Release 3.80
Contents
1 General 3
1.1 Summary 3
1.1.1 References 3
1.1.2 SYSTEM Overview 3
2 Products 4
2.1 SYSTEM Software Requirements 4
2.1.1 Multi-User/Network Capabilities 4
2.1.2 Concurrent Licensing 5
2.1.3 Microsoft® Certifications 5
2.1.4 Security Key 5
2.1.5 Access Control Software Suite 5
2.1.6 Terminal Services 9
2.1.7 Operating System 9
2.1.8 Relational Database Management System 9
2.1.9 LDAP/ Microsoft Active Directory Services 9
2.1.10 Unicode 9
2.1.11 Encryption 10
2.1.13 Compliance and Validation 10
2.1.14 Clean Room Solution 10
2.2 Operational Requirements 11
2.2.1 SYSTEM Operations 11
2.2.2 Access Control Functional Requirements 19
2.2.3 Application Localization 37
2.2.4 Event Manager 37
2.3 Hardware Requirements 38
2.3.1 Hardware Support 38
2.4 Field Controllers 38
2.4.1 SYSTEM Controllers 38
2.4.2 Cardkey Controllers: 45
2.5 SYSTEM Interfaces 46
2.5.1 Analog CCTV Switchers 46
2.5.2 Digital Video Recording Systems 47
2.5.3 MAXPRO VMS Integration 48
2.5.4 Stentonfon Intercom Interface 49
2.5.5 Commend Intercom Interface 49
2.5.6 VISTA-128FBP and VISTA-250FBP Controllers 50
2.5.7 Galaxy Dimension GD264 and GD520 Controllers 53
3 Execution 53
3.1 Examination 53
3.2 Installation 53
3.3 Testing and Certification 53
1 General
1.1 Summary
The intent of this document is to specify the minimum criteria for the design, supply, installation, and activation of the Security Management System, hereinafter referred to as the SYSTEM, which shall be a modular and network enabled access control system. The SYSTEM shall be capable of handling large proprietary corporations with multiple remote sites, alarm monitoring, video imaging and ID badging, paging, digital video control and CCTV switching that allows for easy expansion or modification of inputs and remote control stations.
1.1.1 References
1.1.1.1 Federal Communications Commission (FCC):
· FCC Part 15 – Radio Frequency Devices
· FCC Part 68 – Connection of Terminal Equipment to the Telephone Network
1.1.1.2 Underwriters Laboratories (UL):
· UL294 – Access Control System Units
· UL1076 – Proprietary Burglar Alarm Units and Systems
1.1.1.3 National Fire Protection Association (NFPA):
· NFPA70 – National Electrical Code
1.1.1.4 Electronic Industries Alliance (EIA):
· RS232C – Interface between Data Terminal Equipment and Data Communications Equipment Employing Serial Binary Data Interchange
· RS485 – Electrical Characteristics of Generators and Receivers for use in Balanced Digital Multi-Point Systems
1.1.1.5. Federal Information Processing Standards (FIPS):
· Advanced Encryption Standard (AES) (FIPS 197)
· FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors
800-07601 Rev A Page 61 of 62
September 2010
1.1.2 SYSTEM Overview
The SYSTEM shall integrate access control, alarm monitoring, CCTV, digital video, ID badging and database management. A modular and network-enabled architecture shall allow maximum versatility for tailoring secure and dependable access and alarm monitoring solutions for medium and large facilities. The SYSTEM shall at a minimum include the following capabilities:
· Direct wire operation, local area network (LAN) (Ethernet) or wide area network (WAN) operation, or remote operation via modem. When configured for dialup, any one port can support multiple dialup locations.
· A flexible and modular design shall provide ease of installation, robustness, reliability and expansion.
· Distributed architecture shall allow controllers to operate independently of the host. The architecture shall place key access decisions, event/action processing and alarm monitoring functions within the controllers, eliminating degraded mode operation.
· Communication between the server/workstations, controllers and other hardware shall be via the SYSTEM software.
· Proprietary software programs and control logic information used to coordinate and drive system hardware shall be stored in read-only memory.
· Upgrades to the hardware and software shall occur seamlessly without the loss of database, configurations, or historical report data.
· Flash memory management shall support firmware updates and revisions to be downloaded to the system.
· Both supervised and non-supervised alarm point monitoring shall be provided. Upon recognition of an alarm, the system shall be capable of switching CCTV cameras that are associated with the alarm point.
· Manual or automatic arming or disarming alarm points shall be performed by time of day and day of week.
· Database partitioning shall provide the option to restrict access to sensitive information by user ID.
2 Products
2.1 SYSTEM Software Requirements
The SYSTEM shall be a modular and network-enabled access control system. The SYSTEM shall be capable of controlling multiple remote sites, alarm monitoring, video imaging, ID badging, paging, digital video and CCTV switching and control that allows for easy expansion or modification of inputs and remote control stations. The SYSTEM control at a central computer location shall be under the control of a single software program and shall provide full integration of all components. It shall be alterable at any time depending upon facility requirements. SYSTEM reconfiguration shall be accomplished online through system programming. The SYSTEM shall include the following:
2.1.1 Multi-User/Network Capabilities
The SYSTEM shall support multiple operator workstations via local area network/wide area network (LAN/WAN). The communications between the workstations and the server computer shall utilize the TCP/IP standard over industry standard IEEE 802.3 (Ethernet). The communications between the server and workstations shall be supervised, and shall automatically generate alarm messages when the server is unable to communicate with a workstation. The operators on the network server shall have the capability to log on to workstations and remotely configure devices for the workstation. Standard operator permission levels shall be enforced, with full operator audit.
800-07601 Rev A Page 61 of 62
September 2010
2.1.2 Concurrent Licensing
The SYSTEM shall support concurrent client workstation licensing. The SYSTEM application shall be installed on any number of client workstations, and shall provide the ability for any of the client workstations to connect to the database server as long as the maximum number of concurrent connections purchased has not been exceeded.
2.1.3 Microsoft® Certifications
A Microsoft® Gold Certified Partner shall develop the SYSTEM software. Microsoft Gold Certified Partners meet a higher set of criteria for each category, including enhanced certification and a portfolio of real-world customer references, and are thus identified as the most skilled partners in specific solution areas. Microsoft Gold Certified Partners encompass a broad range of technical expertise, including specialized disciplines such as e-commerce, networking, collaboration, commitment to emerging technology and providing excellence in customer solutions.
2.1.4 Security Key
The SYSTEM shall only require a single security key dongle to be present on the database server for the SYSTEM to operate. Security keys shall not be required at the client workstations. The SYSTEM shall allow a user to read the information that is programmed on the server security key dongle. The SYSTEM shall support export of the information using the ‘Export Dongle information’ button, which shall allow the user to forward to the integrator when upgrading new dongle features.
2.1.5 Access Control Software Suite
The SYSTEM shall offer a premier security management software suite available in four scalable versions: Lite, Professional, Corporate, and Enterprise Editions. The SYSTEM platform shall offer a complete access control solution; alarm monitoring, video imaging, ID badging and CCTV control. All four editions of software shall provide a convenient growth path from small to midsized applications to global enterprise solutions.
2.1.5.1 Lite Edition
Pro-Watch Lite Edition shall provide a security management solution for entry level applications. The SYSTEM shall be designed to maximize value and decrease installation time including enhanced ease-of-use features Built-in software wizards shall enhance system uniformity across sites, reduce installation time, and improve the overall learning curve for new users. The SYSTEM shall utilize the Microsoft SQL Express to provide a powerful solution for applications with one to four users and up to 32 entrances. Pro-Watch Lite sites shall be easily upgraded to Professional, Corporate or Enterprise Edition. The Lite platform shall include the following features and benefits:
· Ease-of-use features accelerate system setup, configuration and deployment.
· Powerful integration to Honeywell’s Rapid Eye™ platform and built-in video MUX (multiplexer).
· Seamless growth from a two-door system to a 20,000-door Enterprise system without ever having to change user interfaces or learn a new application.
· Seamless integration with other third party facility management subsystems including video, pagers, intercoms, biometric devices, and digital storage devices. Pro-Watch supports a “generic channel” capability that allows customized interfaces to previously unsupported third-party devices.
· Integrated add-a-card, hardware and permission wizards reduce the number of clicks required to configure and deploy a system.
· Hand geometry template storage and administration through application.
· Multiple database partitioning provides a higher level of security by allowing the system administrator to restrict access to sensitive information by user ID.
· Direct import of select versions of AutoCAD drawings with layer views reducing commissioning costs and time.
· Global search utility allows information to be easily accessed and recalled.
· Integrated ID badging and video functions with a single user interface eliminate the need for multiple software/hardware packages and redundant data entry.
· Search templates are available for quick lookup of all system parameters.
· Macros combine multiple operations into a single keystroke or mouse click.
· Integrated real-point status monitor allows for quick evaluation of point status.
· 128-bit data encryption between host and PW-5000/PW-6000 access control panels.
· The SYSTEM shall support one to three users and up to 32 doors.
· The SYSTEM shall use Microsoft SQL Express (2005 or later).
· The SYSTEM shall operate on Windows XP Professional Edition (32-bit), Windows Vista (32-bit) and Windows 7 (32-bit and 64-bit) operating systems.
2.1.5.2 Professional Edition
Pro-Watch Professional Edition shall provide an economical solution for small to midsized applications. Pro-Watch Professional Edition shall operate efficiently without the requirement of a server-based operating system. The SYSTEM shall utilize Microsoft SQL Express (SQL 2005 or later) for smaller applications from one to five users and up to 64 doors.
The SYSTEM shall provide a set of tools to easily backup, restore and maintain the SYSTEM database. The SYSTEM shall allow for expansion to Corporate and/or Enterprise Edition without changing the user interface or database structure. The common platform shall include the following features and benefits:
· Leverage existing network infrastructure by using standard network protocols to communicate to all system hardware.
· CHIP hardware protocol support (communicates to Honeywell’s existing Star II series controllers).
· PW series hardware protocol support (communicates to Honeywell’s existing PW-2000, PW-3000, and PW-6000 series controllers).
· SEEP hardware protocol support (communicates to Honeywell’s existing Star I, 4100, and 800 series controllers).
· Comprehensive database-partitioning scheme shall allow extensive flexibility in managing operator permissions.
· Real-time status monitor shall provide “at a glance” status of the entire SYSTEM and the ability to quickly evaluate the details of any point in the SYSTEM.
· Pro-Watch Report Manager shall provide savable report templates, exporting options, and a scheduler for added user convenience.
· Integrated digital video solutions from Honeywell including Rapid Eye series and Fusion series recorders, as well as IP-based solutions from the Honeywell Video Management System (HVMS) series.
· Database Import/Export utility shall allow information to be transferred dynamically to and from third party databases, enabling a convenient interface to HR or Active Directory controlled systems.
· Direct import of AutoCAD drawings with layer views.
· Integrated ID badging and CCTV functions in a single user interface shall eliminate the need for multiple software systems and reduces data entry time.
· Integrated intrusion functions in a single user interface shall enable operators to see alarms and to bring up cameras on alarm events. Additionally, the SYSTEM server shall be able to link access events to intrusion actions and vice versa so users can arm/disarm a system based upon reader events.
· Integrated intercom options in a single user interface shall enable operators to speak with badgeholders while providing mechanisms to perform video verification and to momentarily open doors.
· The SYSTEM shall provide support for hardware protocols from a variety of manufacturers.
· The SYSTEM shall support up to five users and 64 doors.
· The SYSTEM shall use SQL Express (2005 or later).
· The SYSTEM shall operate on Windows XP Professional (32-bit), Windows Vista (32-bit), Windows 7 (32-bit and 64 bit) Windows Server 2003 (32-bit) and Windows Server 2008 (32-bit and 64 bit).
2.1.5.3 Corporate Edition
Pro-Watch Corporate Edition shall be provided for more demanding security management applications. The SYSTEM shall operate in the Windows Server 2003 (32-bit) or Windows Server 2008 (32-bit and 64-bit) environment and utilize SQL 2005 (32-bit) or SQL 2008 (32-bit or 64-bit) as the database engine.
In addition to the features listed for the Professional Edition, Pro-Watch Corporate Edition shall also include the following features and benefits:
· Flexible software licensing packages and hardware components shall allow the SYSTEM to be tailored to individual application needs.
· E-mail capability to assign an e-mail address that the SYSTEM shall notify should the alarm originate from the designated point. This process shall be a function of SQL 2005 Server, which shall negotiate e-mail transfer to the Microsoft Exchange Server.
· The SYSTEM shall support two users and 96 readers as a standard, and will be upgradeable to unlimited users and readers.
· The SYSTEM shall utilize Microsoft SQL Server 2005 (32-bit) or SQL Server 2008 (32-bit and 64-bit) Standard Edition Data Engine.
· The SYSTEM shall utilize Windows Server 2003 (32-bit) or Windows Server 2008 (32-bit or 64-bit) as primary operating system.
· The SYSTEM shall support high availability options for LAN and WAN.
2.1.5.4 Enterprise Edition
Pro-Watch Enterprise Edition shall incorporate regional server architecture to meet the needs of global business. Regional sites shall operate autonomously with all information required to maintain security locally.
The enterprise server shall maintain any critical system information via synchronization with each regional site. This system of synchronization shall ensure the integrity of data throughout the enterprise.