Design Considerations
- 1 Controllers
- 2 Typical Connections
- 3 Expansion Board Options
- 3.1 Memory Expansion Boards
- 3.2 Alarm Expansion Boards (AEB8)
- 3.3 Relay Expansion Boards (REB8)
- 3.4 RS-485 Readers Expansion Board (RREB)
- 3.5 Secure Network Interface Board (SNIB2 or SNIB3)
- 3.5.1 SNIB2
- 3.5.1.1 Benefits of SNIB2
- 3.5.1.2 SNIB2 Network Configuration Options Overview
- 3.5.2 SNIB3
- 3.5.2.1 Benefits of the SNIB3
- 3.5.2.2 SNIB3 Power Rating
- 3.5.2.3 SNIB3 Network Configuration Options Overview
- 3.5.1 SNIB2
- 3.6 Power Supplies
Key Notes:
Requirements and limitations of each component.
System-wide considerations
Power concerns for each device
Wiring concerns for each device
Each controller can power a specific number of ScramblePads, MATCH interfaces, and attached readers
Expansion boards are used to enhance or expand the controller’s capabilities.
When installed, the SNIB2 or SNIB3 expansion board enables an Mx series controller to be programmed, monitored, and controlled from a properly-configured IBM-compatible host PC running the Velocity software.
This document discusses the considerations you may face while designing and configuring Hirsch security components. These topics are discussed:
Requirements and limitations of each component
System-wide considerations
Power concerns for each device
Wiring concerns for each device
Hirsch by Identiv physical access control components are designed and manufactured with the highest quality standards. To ensure your physical access control system operates at its full potential, it is recommended that you select electric locks, door contacts, alarm sensors, cable, and other accessories and components of high quality.
Controllers
As a general rule, locate the Controller in a safe and secure area. It is often installed in electrical rooms, telephone equipment rooms, closets, or the security operations office. An environmentally managed room is not required if the temperature ranges don’t exceed the Controller’s specifications.
In addition to monitoring, reporting, and controlling a variety of devices, each controller can power a specific number of ScramblePads, MATCH interfaces, and attached readers. Other devices, such as interior motion sensors and some readers, may require power from a separate power supply.
Detailed information about the Mx controller (which can be configured to control either 2, 4, or 8 doors) is provided in “Mx Controller”.
Detailed information about the Mx-1 (and Mx-1-ME) controller is provided in “Mx-1 Controller”.
Typical Connections
The controller can connect to a number of input and output devices:
Typical Line Module Inputs
Typical Door Relay Outputs
ScramblePad/MATCH Inputs
Typical Line Module Inputs
The Line Module is an intermediate connection between Door Contacts (or Alarm Sensors), RQE devices, and the controller’s input terminal blocks.
Figure 1-7: Typical Line Module Input Connection
The recommended gauge and maximum distances for a cable between the Controller and
the Line Module are shown in Table 1-3:
Table 1-3: Controller to Line Module Wiring Recommendations in Feet (Meters)
Wire | DTLM/MELM 1 | DTLM/MELM 2 | DTLM/MELM 3 | Belden Ref. |
---|---|---|---|---|
20 | 5,200 (1,575) | 2,500 (750) | 900 (275) | 8761 |
22 | 8500 (2,500) | 4,500 (1,375) | 1,200 (350) | 8762 |
18 | 13,000 (3,975) | 7,500 (2,275) | 2,000 (600) | 8760 |
16 | 20,000 (6,100) | 11,500 (3,500) | 3,100 (950) | 8719 |
14 | 32,000 (9,750) | 18,000 (5,500) | 5,000 (1,525) | 8720 |
12 | 50,000 (15,250) | 28,000 (8,550) | 8,000 (2,450) | 8718 |
For wiring requirements between the Line Module and alarm devices, see “Line Modules” .
Typical Door Relay Outputs
The typical door relay output terminal block provides the connection between a door lock and the controller.
Figure 1-8: Typical Door Wiring Example
Cable runs for electric and magnetic locks must be separated by at least 6 inches (15cm) from ScramblePad and DTLM circuits, unless you use twisted-pair cable for all circuits.
All electronic locks induce electrical noise or interference on their control lines. These lines, when connected to the relays inside the controller, can interfere with normal controller function.
Surges, spikes, and noise produced by the lock can be suppressed by adding either an MOV or diode near the locking device. Some door locks include suppression. However, in many cases, you must install a Metal Oxide Varistor (MOV) or Diode at the lock. You can use an MOV with either AC or DC locks. Use a diode with DC locks only. The diode required is a 1A, 400V diode. Because a diode has a cathode and anode side, it is polarity-sensitive. Make sure to connect the cathode side of the diode to the positive (striped) side of the locking device.
When connecting to a door lock or some other output device requiring more than the Contact Ratings of the controller’s relays, an intermediate relay is required. The Relay Contact Ratings are shown in this table:
Table 1-4: Relay Contact Ratings
Relay Type | Ratings |
---|---|
Door Relays | 24V DC, 10A, resistive |
Alarm/Control Relays | 24V DC, 1A, resistive |
The maximum length for lock power runs (in feet and meters) depends on this formula and the wire gauge table associated with it:
where:
W = Cable Impedance Multiplier
VL = Lock Voltage
IL = Lock Current
W is calculated using Table 1-5:
Table 1-5: Cable Impedance Multiplier
Wire Gauge | Cable Impedance Multiplier | |
---|---|---|
Feet | Meters | |
22 | 5 | 1.52 |
20 | 9 | 2.74 |
18 | 14 | 4.27 |
16 | 22 | 6.70 |
14 | 35 | 10.67 |
The lock cable can be run in the same conduit with ScramblePad/MATCH circuits or line module input circuits, but the lock cable must always be a twisted pair.
For example, if the lock voltage is 24 VDC and the lock current is .125 Amps, and the lock is connected to the controller with 18 AWG cable, then the maximum allowed distance is:
ScramblePad/MATCH Inputs
The typical ScramblePad or MATCH input terminal block provides the connection between the controller and a ScramblePad or MATCH Interface.
An example of such a connection is shown in Figure 1-9.
Figure 1-9: ScramblePad/MATCH Inputs
Table 1-6 shows absolute maximum cable distances allowed in feet and meters between the controller and any one or two ScramblePad combinations according to wire gauge:
Table 1-6: Maximum Cable Distances Between Controller and ScramblePad
Cable | Maximum Distance in feet (meters) from Controller to: | ||||
---|---|---|---|---|---|
1 L | 1 H | 2 L | L + H | 2 H | |
22 | 750 (228.6) | 500 (152) | 375 (114) | 280 (85) | 230 (70) |
20 | 1,200 (366)* | 800 (244) | 600 (183) | 460 (140) | 375 (114) |
18 | 1,800 (549)* | 1,200 (366)* | 935 (285)* | 720 (219) | 585 (178) |
16 | 3,000 (914)* | 1,875 (571)* | 1,500 (457)* | 1,150 (350)* | 935 (285)* |
In Table 1-6, the DS47L/DS47L-SPX keypads are abbreviated as L and the DS47L-HI (or weatherized version DS47L-HW) are abbreviated as H. The MATCH Interface is abbreviated as M. Items followed by asterisks (*) indicate cable capacitance must not exceed a total of 100,000 pƒ.
Use half of these distances when the controller is supplying power to a ScramblePad with an SPSH-1 heated back cover.
Table 1-7 shows absolute maximum cable distances in feet and meters between the controller and any MATCH and/or 1 or 2 ScramblePad combinations according to wire gauge:
Table 1-7: Maximum Cable Distances Between Controller and MATCH
Cable Gauge | Maximum Distance (feet/meters) from Controller to: | |||||
---|---|---|---|---|---|---|
M | M+L | M+H | M+2L | M+L+H | M+H+H | |
22 | 1875 (572)* | 535 (183) | 375 (114) | 310 (94) | 250 (76) | 205 (62) |
20 | 3000 (914)* | 860 (262) | 600 (183) | 500 (152) | 400 (122) | 330 (100) |
18 | 4500 (1371)* | 1340 (408)* | 935 (285) | 780 (238) | 625 (190) | 515 (157) |
16 | 7500 (2286)* | 2150 (655)* | 1500 (457)* | 1250 (381)* | 1000 (305) | 825 (251) |
In Table 1-7, the DS47L/DS47L-SPX keypads are abbreviated as L and the DS47L-HI (or weatherized version DS47L-HW) are abbreviated as H. The MATCH Interface is abbreviated as M. Items followed by asterisks (*) indicate cable capacitance must not exceed a total of 100,000 pƒ.
Table 1-7 is applicable for MATCH-powered 5VDC readers, as allowed by the MATCH Interface’s 28V/5V switch power supply efficiency. A reader drawing 200 mA at 5VDC translates to only about 40 mA at the MATCH Interfaces’s 24VDC input side. Because the MATCH uses a switching power supply, the load presented by two 5VDC readers is no greater than that for one 5VDC reader. Therefore, this table is valid whether one or two readers are powered by the MATCH Interface.
Overall shield or individual shielded pairs are acceptable. Color coded cable – black, red,green, white – is recommended. Pair one, the black and red wires, provides power to the ScramblePad or the MATCH Interface; pair two provides data communications between the Controller and the ScramblePad or MATCH Interface.
If two ScramblePads are installed at the same door – one for entry and the other for exit – they can share the same cable run. Connect the second ScramblePad to the removable connector of the first ScramblePad. For longer cable runs, provide a local auxiliary power supply to the ScramblePad or MATCH Interface.
An Mx controller provides 12VDC power at the Wiegand terminal blocks, and 24VDC at the MATCH terminal blocks. For additional information, see “ScramblePad/MATCH2 Power Requirements”.
An Mx-1 or Mx-1-ME controller provides 12VDC power at its two Wiegand reader terminals, and 12VDC at its RS-485 OSDP readers terminal. (For the Open Supervised Device Protocol (OSDP), when an optional exit reader is needed, it is wired “through” the entry reader.) For additional information, see “Mx-1 Controller Power Draw Capacity”, or “Mx-1-ME Controller Standby Battery Capacity”.
Expansion Board Options
Several expansion boards are available for Mx series controllers. Expansion boards are used to enhance or expand the controller’s capabilities.
For information about the expansion boards available for the Mx controller, see “Expansion Boards for the Mx Controller”.
For the Mx-1-ME controller, see “Expansion Boards for an Mx-1-ME Controller”. (The Mx-1 controller has a compact plastic case which does not have room for any expansion boards.)
The ribbon cable used to connect these boards to the Controller board is the EBIC5, which can link up to five expansion boards.
All expansion boards have the same dimensions and shipping weight:
Dimension: 6”H x 4.25”W x 0.75”D (15.2cm x 10.8cm x 1.9cm)
Shipping Weight: 1 lb (0.5 kg)
For detailed information about the setup and installation of expansion boards, see “Expansion Board Installation”.
Memory Expansion Boards
There are two different memory expansion boards available for Hirsch controllers: the MEB/CB64 and the MEB/CB128.
The MEB/CB64 supports 64,000 user records, expands the alarm and event buffers, or provides a combination of both records and buffers. This means that a portion of memory can be allocated to storing users while the remainder is used for buffering events. Normally, it takes twice as much space to store a user profile as it does to store an event (for example, the board can store two users or four events). Hirsch’s velocity security management program supports an option to allocate 20% of the board to alarm/event buffer usage. This option is irreversible.
The MEB/CB128 supports up to 128,000 users, expands the alarm and event buffers, or provides a combination of both users and buffers.
Install only one Memory Expansion Board type for code expansion in a controller at a time.
Figure 1-10: Memory Expansion Boards (MEB/CB128 and MEB/CB64)
The newer CCM V7.0 can diminish the number of events that an expansion board can successfully buffer, because the event string is up to four times longer. For example, a buffer that could comfortably store 4,000 events with the previous CCM (V6.6 and earlier) now buffers only 1,000 events using the V7.0 CCM.
CCM 7.0 now supports increased User and Alarm/Event capacity for up 132,000 user records. With CCM 7.0, the capacities of the Expansion Boards are additive, rather than in lieu of the base memory.
Older boards—the MEB/CE4, MEB/CE16, MEB/CE32, and MEB/BE—still work with CCM 7.0, but at reduced capacities. If a controller has one of these boards and is upgraded to CCM 7.0, it might also be necessary to upgrade the memory expansion boards. Upgrading memory boards can provide the added benefit of increasing expansion board capacity, because the Code Expansion (CE) and Buffer Expansion (BE) can now reside on a single board—the MEB/CB64 or the MEB/CB128.
Table 1-8 describes the maximum user capacities for each memory board type as a function of both IDF and CCM version. Note that your system’s actual capacity could be less, as explained in “Velocity Features that Reduce Available Memory”.
Table 1-8: Memory Board User Capacities
Maximum User | CCM 6.6 | CCM 6.6 | CCM 6.6 | CCM 7.0 |
---|---|---|---|---|
Base Controller | 1,000 | 500 | 250 | 4,000 |
With CE4 | 4,000 | 2,000 | 1,000 | 5,000 |
With CE16 | 16,000 | 8,000 | 4,000 | 8,000 |
With CE32 | 32,000 | 16,000 | 8,000 | 20,000 |
With CB64 | N/A | N/A | N/A | 68,000 |
With CB128 | N/A | N/A | N/A | 132,000 |
The allocated user memory is the memory that is currently dedicated to users. The projected maximum user capacity is the amount of memory the CCM can auto-allocate to users as additional users are enrolled. 1024 is the base allocated user memory. If you add more than 1024 users, more memory is allocated in units of 256. So, if you add 1025 users, it increases the total memory to 1280; if you add 1281 users, it increases it to 1536, and so on.
There is a feature in Velocity that enables the operator to allocate 20% of MEB/CB expansion memory to the buffer. If the operator selects this setting, the host buffers increase the capacity and the projected maximum user capacity is slightly lower. The minimums are then 1560 buffer events and 1024 users. These values do not decrease, no matter how much extra memory is allocated.
For information about setup and installation of the memory expansion boards, see “Memory Expansion Boards Installation”.
Velocity Features that Reduce Available Memory
There are several places in this document which list the capacity of the various controllers and memory expansion boards to support user records or alarms and events. These capacities assume that you are running a version of Velocity which only uses data structures of a certain size. Your system’s capacity could be reduced by up to 50% when using any of the following features (which require larger data structures):
Feature | Initially Released in |
---|---|
Timed anti-passback | Velocity 3.1 and CCM/CCMx firmware 7.4.25 |
Multiple access zones | Velocity 3.6 and CCM/CCMx firmware 7.5.28 |
PIV, PIV-I, or PIV-C cards | Velocity 3.6 SP2 and CCM/CCMx firmware 7.5.64 |
Alarm Expansion Boards (AEB8)
To expand the line module input capacity of the controller, use the Alarm Expansion Board (AEB8). These provide an additional 8 line module inputs per board.
Expansion line module inputs are used for a variety of security monitoring functions. In intrusion detection applications, they normally monitor interior motion sensors, perimeter doors and windows for forced entry or intrusion into a protected area; however, they are generally not employed for door access control applications.
Up to four AEB8s can be installed in a controller.
Figure 1-11: Sample AEB8 Board
The wiring and settings of the AEB8 are shown in Figure 1-12.
Figure 1-12: Alarm Expansion Board (AEB8)
As Figure 1-12 shows, the shield should be floated at the line module. Also, it is recommended that line module inputs be wired NC.
The AEB8 has four address jumpers. Each jumper allocates a range of eight addresses. This addressing scheme enables up to four AEB8's to reside in one controller. (For the M16, which has 16 inputs on the base controller board, two additional AEB8s can be added to the controller for a total of 32 inputs.)
For more about line module inputs, see “Request-To-Exit Devices (RQE)”. For more information about DTLM, MELM, and SBMS3, see “Line Modules”. For information about setup and installation of the AEB8, see “Alarm Expansion Board (AEB8) Installation” .
Relay Expansion Boards (REB8)
To expand the control relay capacity of the controller, use the Relay Expansion Board (REB8). This provides eight additional 2 Amp Form C dry relay outputs, rated for 24VDC. These relays are socketed and removable.
Figure 1-13: Relay Expansion Board (Physical View)
Up to five REB8s can be installed in an Mx or Mx-1-ME controller.
The wiring and settings of the REB8 are shown in Figure 1-14.
Figure 1-14: Relay Expansion Board (REB8)
Unlike the large heavy-duty door relays used to switch electric lock or strike power at 10 Amp loads, the expansion relays are normally used for signal level switching or pilot duty. Such switches, when closed, provide an input to a low-voltage sensing circuit like the one shown in Figure 1-15:
Figure 1-15: Alarm or Pilot Relay Circuit For Low-Power Switching
However, the switch can also be used to activate the coils of a remote heavy-duty relay like this:
Figure 1-16: Remote Relay Circuit for Heavy-Duty Output Device
The examples above connect across the NO and C terminals so no power is consumed when the device is in the normal state. This is the case in applications like elevator control where the control relays provide a contact closure to elevator control equipment only.
There is almost no distance limitation for the cable between the REB8’s terminal block and an isolation relay. If a powered device is being activated or energized, use the ScramblePad distance limitations (see Table 1-6 in section “ScramblePad/MATCH Inputs” as a good measure of distance capability. However, for accuracy, voltage drop calculations should be made for the specific load, cable, and distances involved, similar to lock calculations in section “Typical Door Relay Outputs”.
The REB8 is equipped with a Master Relay Override DIP switch. This switch can override all relays ON or all relays OFF. In the OFF position, relays cannot be activated by the controller until the Master Override OFF is returned to the normal operating position.
For information about the setup and installation of the REB8, see “Relay Expansion Board (REB8) Installation”.
RS-485 Readers Expansion Board (RREB)
The RS-485 Readers Expansion Board (RREB) is the component of Identiv’s end-to-end FICAM solution which provides eight independent RS-485 communication ports, for fast processing of PIV or PIV-I credentials at FICAM-compliant smart card readers (which are part of a physical access control system) using the bi-directional Open Supervised Device Protocol (OSDP). Each port is capable of supporting a door with both an entry reader and an exit reader.
The following figure shows an RREB, and identifies its connections.
Figure 1-17: Connections on the RS-485 Readers Expansion Board (RREB)
Government agencies transitioning from a traditional PACS to FICAM will need to replace their old readers and upgrade their version of the Velocity software, but the RREB (in conjunction with the SNIB3) enables them to reuse their existing wires and door controllers (including the M2, M8, and Mx series). The RREB:
provides the necessary connections to FICAM-compliant smart card readers (which are part of a physical access control system), for two-way communication with the SNIB3 communications expansion board
uses standard RS-485 wiring (two-pair stranded and twisted 18 AWG wires, with an overall shield) to readers
has the same form factor as other expansion boards, and draws power through the controller’s EBIC5 ribbon cable
Example Wiring Diagram for an RREB
The following figure shows an example wiring diagram for an RREB and a pair of Identiv’s uTrust TS Government Readers, which are the entry reader and the optional exit reader for a door. Note that:
The exit reader is wired through the entry reader for a door, so it shares an RS-485 port on the RREB.
On the exit reader, a jumper wire is needed between P1.1 and P1.4 (or between the orange and the black wires on the pigtail model) to designate that it is the exit reader.
All of these readers have a default OSDP Address of 0, which is the correct value when they are used as the entry reader for a door. If a door also requires an exit reader, then adding a jumper wire between P1.1 and P1.4 (or between the orange and the black wires on the pigtail model) changes the default OSDP Address to 1, which is the correct value for an exit reader. Be sure that you specify the correct OSDP
Address when you configure each reader in a FICAM-capable version of the Velocity software.The diagram shows power being supplied to the readers from the RREB. But depending on the types and quantity of readers being used, you might need to power some of the remotely located readers from an external power supply. For more information, see “Power Provided at the RREB’s RS-485 Terminal Blocks”.
Figure 1-18: Example Wiring Diagram for an RS-485 Readers Expansion Board (RREB)
The following table lists Identiv’s FICAM-capable High Frequency TS readers (which appear in the Readers > uTrust TouchSecure > Government FICAM category of the Product Catalog for Hirsch by Identiv Physical Access Control Solutions).
Mullion:
Model Number | Wiring | Ethernet? |
---|---|---|
8002ABPFF00 | Pigtail | No |
8002ABTFF00 | Terminal | No |
8032ABPFF00 | Pigtail | Yes |
8032ABTFF00 | Terminal | Yes |
Wall Mount:
Model Number | Wiring | Ethernet? |
---|---|---|
8102ABPFF00 | Pigtail | No |
8102ABTFF00 | Terminal | No |
8132ABPFF00 | Pigtail | Yes |
8132ABTFF00 | Terminal | Yes |
Keypad:
Model Number | Wiring | Ethernet? |
---|---|---|
8202ABTFF00 | Terminal | No |
8232ABTFF00 | Terminal | Yes |
TS ScramblePad:
Model Number | Wiring | Ethernet? |
---|---|---|
8332ABTFF00 | Terminal | Yes |
For information about installing the RREB, see “RS-485 Readers Expansion Board (RREB) Installation”.
Power Provided at the RREB’s RS-485 Terminal Blocks
An RS-485 Readers Expansion Board (RREB) draws its power from the EBIC5 cable connecting a controller to its expansion boards. The following table shows the power provided at the RS-485 terminal blocks of an RREB.
Table 1-9: Voltage and Maximum Current Draws for an RREB’s RS-485 Terminals
Voltage | Max. Current Draw | Max. Current Draw |
---|---|---|
12 VDC | 0.5 A | 4.0 A |
Because each RS-485 port is fuse-limited to a maximum of 0.5 Amps, you will need to use an external power supply when the combined requirements for the entry reader and the exit reader of a door exceed that limit.
RREB Power Rating
The RREB is powered by the 28V rail from the EBIC5 cable from the control panel.
The quiescent current draw of the RREB is 10mA @ 28V.
The RREB converts the 28V into two power rails 5V and 12V. The 5V rail can power the SNIB3 and the 12V rail powers the readers.
Max Rating of 5V rail on RREB - 3A
Max Rating of 12V rail on RREB - 4A
Each of the 8 reader ports on the RREB is fused at 500mA.
Wiring Distance Limits for an RREB
The following table shows the wiring distance limits between an RS-485 Readers Expansion Board (RREB) and a FICAM-compliant smart card reader (which is part of a physical access control system). Note that the wires must be stranded and pair twisted, with an overall shield.
Table 1-10: Wiring Distance Limits Between an RREB and a FICAM-compliant Smart Card Reader
Type of Wired Connection | Maximum Distance |
---|---|
RS-485 data only using 22 gauge wires | 4,000 feet (1,220 meters) |
Secure Network Interface Board (SNIB2 or SNIB3)
When installed, the SNIB2 or SNIB3 expansion board enables an Mx series controller to be programmed, monitored, and controlled from a properly-configured IBM-compatible host PC running the Velocity software. Communication is secured by Hirsch’s proprietary Hirsch Encrypted Standard (HES) protocol SCRAMBLE*NET network. The SNIB, SNIB2, and SNIB3 boards are shown in Figure 1-19:
Figure 1-19: SNIB, SNIB2, and SNIB3
SNIB2
The SNIB2 is a high-security encryption Secure Network Interface Board. The main components of the SNIB2 are shown in Figure 1-20.
Figure 1-20: SNIB2 Board
The SNIB2 includes an RS-232 and RS-485 as well as an Ethernet port. In addition, SNIB2 supports full encryption from the host to the last downstream controller. The SNIB2 also offers XBox functionality with support for global I/O from the master SNIB2 downstream to all attached slave SNIB2s. The SNIB2 supports both an Ethernet or RS-232 connection between the host PC and the master SNIB2. Downstream connections from the master SNIB2 to slave SNIB2s must be RS-485.
The SNIB2 is a controller-resident communication board that enables a host PC running Velocity (version 2.6 SP2 or higher) to program, monitor, and control up to 63 SNIB2-resident controllers per SNIB2 Ethernet port. A NET*MUX4 is required whenever there are more than 16 controllers. Additional NET*MUX4s may be required to ensure that there are never more than 16 controllers per port.
Figure 1-21: SNIB2 Connections
For more information, see “SNIB2 Cabling”. Each connected controller must have its own SNIB2 (or SNIB3) board installed. The SNIB2 provides RS-485, RS-232, and 10/100BaseT Ethernet ports. The SNIB2 supports the XNET2 protocol.
Physically, the SNIB2 board differs from the original SNIB in that it has:
Three switch banks (SW1, SW2, and SW3)
An Ethernet RJ-45 connector with its accompanying daughterboard
Three pairs of status LEDs (see “Controller and SNIB2 LED Diagnostics”)
With the SNIB2 board, a host PC running Velocity can program, monitor, and control up to 63 controllers with NET*MUX4 (as shown in Figure 1-22), or up to 16 without NET*MUX4. The SNIB2 provides a downstream/multi-drop RS-485 port as well as an upstream 10/100 Mbps Ethernet port and an RS-232 port for direct host connections (not dial-up).
Figure 1-22: SNIB2 to Controller Using a NET*MUX4
If required, you can add a second level of NET*MUX4s to create additional controller runs; however, Hirsch does not support more than two levels of NET*MUX4s.
Figure 1-23: NET*MUX4 Second Level Support
Benefits of SNIB2
The SNIB2 provides these functional advantages over the original SNIB:
AES encryption
Ethernet connectivity (if required)
XBox functionality
Higher serial communication speeds
Each of these features is explained below.
AES Encryption
The SNIB2 employs AES-Rijndael asymmetric 128-bit block data encryption.
The National Institute of Standards and Technology (NIST) has awarded the SNIB2 AES Certificate #280.
Ethernet Connectivity
A standard RJ-45 Ethernet port is included on the SNIB2. This enables the connected controller installed with a SNIB2 to communicate with the server using TCP/IP over 10BaseT or 100BaseT Ethernet networks. This eliminates the need for external device servers for LAN connectivity.
XBox Functionality
The SNIB2 also incorporates full XBox gateway functionality, thereby eliminating the need for an XBox. This enables the SNIB2 to function as a gateway for up to 63 controllers (with inclusion of the NET*MUX4), and provides the ability to globalize certain features.
Globalizing is the task of connecting two or more controllers so credential user management and control zone information can be shared amongst all connected controllers.
Globalization can only be performed within a local XBox node. One SNIB2 acting as an XBox cannot talk to and share information with another XBox or another master SNIB2.
Higher Serial Communication Speeds
Communications between multidropped SNIB2s are now supported at speeds up to 115,200 bps with Cat5/Cat6 cable.
When using one or more NET*MUX4s, the maximum SNIB2 speed is limited to 9600 bps. When combining SNIBs and SNIB2s, the maximum speed is limited to the lower SNIB speed – that is, the lowest speed that all connected devices have in common.
Communications become less robust as baud rates increase, wire gauge decreases, and distances increase. Most tables for wire gauge and distance in this document are based on 9600 bps.
At higher baud rates, maximum distances are decreased and minimum wire gauge is increased. It may not be possible to implement the higher baud rates supported by the SNIB2 if you have long wire runs or small wire gauges.
For more information about setup and wiring of any SNIB board, see “Secure Network Interface Boards (SNIB2 or SNIB3)”. For installation instructions, see “Secure Network Interface Board (SNIB2 or SNIB3) Installation”.
SNIB2 Network Configuration Options Overview
The SNIB2’s Ethernet port provides high-speed TCP/IP communication over an Ethernet network between the host computer and the controller as shown in Figure 1-24.
Figure 1-24: SNIB2 Ethernet Connection Using XNET2
In a multiple controller sequence, the configuration can look like Figure 1-25.
Figure 1-25: Multiple Controller Sequence Using SNIB2
This enables communication between the controller with the master SNIB2 and host PC at 10/100BaseT. Speeds between the master SNIB2 and other connected downstreamSNIB2s range up to 115200 bps when using Cat5/Cat6 cable. Speeds between a master SNIB2 and downstream SNIBs are limited by the top speed of the older SNIBs (38400 bps).
Higher baud rates are also more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed a total of 100,000 pf.
Before the Velocity server can communicate over Ethernet with a SNIB2, you must first configure the SNIB2 through Velocity. For more about this, refer to “Configuring a Master SNIB2 in a Different Subnet”.
Whenever an Ethernet connection is employed between the host and the SNIB2, Velocity views the SNIB2 as an XNET port because the SNIB2 includes XBox functionality. The host communicates with the Ethernet-connected SNIB2 using AES-encrypted XNET 2.
Controller-to-controller speeds range from 9600 to 115200 bps. For each string of controllers, the first (master) SNIB2 with the Ethernet connection must be assigned the same address as the XBox port.
For more about this, refer to “Configuring a Master SNIB2 in a Different Subnet”.
SNIB3
The Secure Network Interface Board v3 (SNIB3) is an update to the previous SNIB2 board. The SNIB3 is based on a new, more powerful hardware platform that supports IPv6 as well as IPv4.
The SNIB3 also supports more robust encryption (with a 256-bit key length) through the XNET3 protocol. For compatibility with older SNIB2-equipped controllers, the SNIB3 can run in XNET2 mode using 128-bit AES encryption. (If you are using SNIB2 boards in some of your controllers, you cannot use the XNET3 protocol, and those controllers must be downstream slaves to a master SNIB3, connected using the RS-485 port, as
shown in Figure 1-28.)
The SNIB3 includes one available RJ-45 Ethernet port (connector 1) that is used to connect the Velocity host to this board. When the SNIB3 is in a master configuration, it supports RS-485 serial connectivity to downstream SNIB2 or SNIB3 slave controllers.
The main components of the SNIB3 are shown in Figure 1-26.
Figure 1-26: Main Components of the SNIB3 Board
Benefits of the SNIB3
The SNIB3 provides these functional advantages over the previous SNIB2:
Faster Ethernet Speed
The standard RJ-45 Ethernet port included on the SNIB2 enables the connected controller to communicate with the Velocity host using TCP/IP over 10BaseT or 100BaseT Ethernet networks. The SNIB3’s RJ-45 Ethernet port is capable of 10BaseT, 100BaseT, or 1000BaseT (gigabit) speeds.
IPv6 Addressing
The SNIB3 supports version 6 of the Internet Protocol, which uses 128-bit addresses to identify and locate devices on the Internet. (The previous IPv4 used 32-bit addresses.)
AES Encryption with 256-bit key length
The SNIB3 supports more robust encryption (with a 256-bit key length) through the XNET3 protocol. For compatibility with older SNIB2-equipped controllers, the SNIB3 can run in XNET2 mode using 128-bit AES-Rijndael asymmetric data encryption.
FIPS 140-2 Certification
The SNIB3’s cryptographic modules use the OpenSSL library, which has been certified by the National Institute of Standards and Technology (NIST) to meet their Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules. (The Velocity software uses Microsoft’s BCRYPTPRIMITIVES library, which also has been certified by NIST to meet FIPS 140-2.)
Hardware Security Authentication Module (SAM)
The SNIB3 has a Security Authentication Module (SAM) for securely storing keys. One application for this module is to secure firmware downloads, using a TRN format as used on Touch Secure readers. In this method the firmware is first verified for authenticity by using the SAM keys before downloads are allowed.
SNIB3 Power Rating
SNIB3 Network Configuration Options Overview
Be aware that the SNIB3 is backwards compatible with the SNIB2, but not with the original SNIB. Each connected controller must have its own SNIB2 or SNIB3 board installed. The SNIB3 provides both an RS-485 port and a 10/100/1000BaseT RJ-45 Ethernet port.
If you are using only SNIB3 boards in all of your controllers, you can use either the XNET2 or the XNET3 protocol, and the downstream controllers in your security network can either be connected directly using the RJ-45 Ethernet port, or be connected to a master
SNIB3 using the RS-485 port. These options are shown in Figure 1-27.
Figure 1-27: Example Network Configurations Using Only SNIB3 Boards
If you are using SNIB2 boards in some of your controllers, you cannot use the XNET3 protocol, and those controllers must be downstream slaves to a master SNIB3, connected using the RS-485 port, as shown in Figure 1-28.
Figure 1-28: Example Network Configuration Using SNIB2 and SNIB3 Boards
The SNIB3 also supports connections to the NET*MUX4, as explained in “Using NET*MUX4s with SNIB3s”. This enables more controllers to be managed through a single network port, but it limits the data communication speed to 9600 baud.
Power Supplies
Locks and other output devices require separate power supplies to function. While DIGI*TRAC or Mx series controllers can power a number of ScramblePads and MATCH interfaces (see “ScramblePad/MATCH Inputs” for more information), a separate power supply can be used to power ScramblePads and MATCH interfaces which require more current than the controller can provide.
When using an external power supply, make sure that it is UL-listed and has the required capacity.
Powering ScramblePads/MATCH Interfaces Locally
Ordinarily the controller provides sufficient power to operate attached ScramblePads and/ or MATCH interfaces; however, there are conditions which require more power than the controller can supply. This usually occurs when readers connected to the MATCH draw more current or require a different voltage than the MATCH can supply, or if the wire run between the Controller and the MATCH is more than 1800 feet (549 meters).
When this happens, connect a local 24V DC power supply to the ScramblePad or MATCH’s connector as follows:
Use the black wire from the controller. Do not use the red wire.
Wire from the power supply to the respective G and + terminals on the ScramblePad or MATCH.
Figure 1-29 provides a view of this arrangement:
Figure 1-29: Powering the ScramblePad Locally
Figure 1-30: Powering the MATCH Locally
When powering locks and other output devices, always read the device’s manual before proceeding.
For information about using power supplies to power locks, see “Locks/Strikes”. For information about powering other output devices, see “Remote Output Components”.
For more detailed information about local power, see “Powering ScramblePads/MATCH Interfaces Locally” and see “Powering the MATCH Locally”.
Using the PS2 Power Supply
The PS2 power supply is a companion product to the DIGI*TRAC Controllers. It is designed to power electrified locks or magnetic locks and provide auxiliary power to ScramblePads and MATCH interfaces. The PS2 incorporates several unique features:
High inrush capacity, up to 16 Amps current on each of its two powered outputs. This enables the PS2 to be used to power the Von Duprin electrified Panic Devices as well as other electrified locking hardware with heavy surge requirements.
Continuous duty holding current capacity is limited to 500 mA total or 250 mA from each powered output. This covers most 24V DC locks on the market.
Dual battery standby packs – one for the controller and one for the locks. Both batteries must be installed to operate surge locks. Both batteries share the responsibility of unlocking locks and operating controllers during AC power failure. They are float charged by a unique circuit that balances power demand between controller operation and lock operation to maximize the charge rates at all times.
Power connector for locally powering ScramblePads or MATCHs at the controlled door. PS2-supplied keypad power is 500mA @ 28VDC.
The optional PS2H adds high security supervision on a lock relay cable run. This prevents bypassing of the access control system by shorting the lock cable to cause the lock to actuate, or by jumping the cable with a battery strong enough to unlock the lock.
Figure 1-31: Illustration of the basic PS2 Power Locking System wiring plan
As shown in the above diagram, when a valid code is entered or an RQE device is activated, the DIGI*TRAC controller's door relay trips, completing the circuit to the input on the PS2. Whenever the PS2 input sees a circuit closed, it simultaneously trips the associated power and dry relay contact. The power relay is allocated for a 24 VDC lock and the dry relay can be used for alarm shunting, camera call-up, and other uses.
The maximum distance (in feet) for the lock power cable is a function of the wire gauge and lock current:
DISTANCE=WGV/LockInrushCurrent
Here:
WGV is the Wire Gauge Value that can be calculated using this table:
|
|
|
|
|
|
|
---|---|---|---|---|---|---|
Wire Gauge | 22 | 20 | 18 | 16 | 14 | 12 |
WGV | 123 | 198 | 312 | 500 | 794 | 1258 |
and the LockInrushCurrent can be calculated using this formula:
LockInrushCurrent = LockVoltage/ImpedanceofLockCoil=24V/ΩLockCoil
Obtain the Impedance of the Lock Coil from the lock or strike manufacturer’s data. This will provide you with the maximum cable distance between a lock/strike and the PS2.
If the necessary wiring distance is longer than the calculated maximum, either:
Choose a larger wire gauge and recalculate
Install the PS2 closer to the lock
For example, if you are using a 24 VDC lock with a lock coil impedance of 10 ohms connected to the controller by 18 AWG lock cable, then maximum distance would be calculated in this manner:
LockInrushCurrent = 24V/10Ω=2.40
Distance= 312/240=130 feet
There is also a keypad power connection for powering ScramblePads and MATCH interfaces locally instead of directly from the DIGI*TRAC Controller. If ScramblePads are powered by the PS2, these are the maximum cable lengths allowed in feet (and meters):
Table 1-11: PS2-to-ScramblePad Cable Distances
AWG | DS37L | DS37L-HI | 2 DS37L | DS37L + DS37L-HI | 2 DS37L-HI |
---|---|---|---|---|---|
22 | 750 (230) | 450 (138) | 375 (115) | 275 (84) | 225 (69) |
18 | 1800 (549) | 1150 (350) | 925 (282) | 700 (213) | 575 (175) |
The relay contact ratings for RELAY 1 and RELAY 2 are as follows:
Power Contacts: 24V DC unregulated (18V-27V), 16A Inrush current for 0.5 second, 0.3A continuous holding current
Unpowered Contacts: 10A resistive at 24V DC