View
2.142
Download
7
Category
Preview:
DESCRIPTION
Cisco Physical Security solution, access control: Technology and products
Citation preview
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec 1
Решения Cisco по физической безопасности
Cisco Video Surveillance and Access Control
Тимур Муминов
muminovtm@cisco.com
2
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
О чѐм пойдѐт речь
Системы физической безопасности
Видео-наблюдение:
Управление
Архивация
Просмотр
Распределение
Системы контроля физического доступа
Реалии дня текущего
Обзор устройств: IP мир возможностей
Немного на иностранном языке
3
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Беспроводная
связь
Система
доступа
Оповещение Информация
Наблюдение Тревога
Телефония
Система безопасности
4
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Контроль физического доступа
5
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Serial /
RS485 Networ
k
До 32
Контроллеры
/ Панель
управления
Сервер
управления
IP
Сеть
Дверной блок
управления
1. Complex and expensive to design, deploy and maintain
2. Not capable of incremental deployment : Upfront design cycle required
3. Separate power circuit required to power door hardware
Контроль доступа: реалии дня сегодняшнего
6
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Обзор устройств контроля доступа
Уникальное решение для реализации управления доступом
Базируется на инфраструктуре IP,
Интегрируется с другими решениями Physical Security
1. Аппаратное обеспечение:
Cisco Access Gateway connects existing door hardware (readers, locks etc.) to the network
Additional doors can be managed by connecting expansion modules to the Access Gateway
2. Программное обеспечение
Cisco Physical Access Manager (Cisco PAM) is a Management Appliance for configuration, monitoring and report generation.
7
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Контроль доступа Cisco
1. Cisco Physical Access Manager (CPAM):
управление контроллерами,
авторизация через службу каталогов (AD),
планировки, зоны доступа, antipassback
отчеты,
интеграция, автоматизация
2. Дверной контроллер Access Gateway
подключение по IP (поддерживается PoE)
подключение до 2 дверей (Wiegand)
250 000 пользователей, 150 000 событий
шифрование AES 128бит
возможность расширения дополнительными модулями
3. Модули расширения
подключение по шине CAN
удаление до 400 метров от дверного контроллера
модуль считывателей
модуль цифровых входов (подключение датчиков)
модуль цифровых выходов (подключение устройств)
8
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Уникальная масштабируемая архитектура
Cisco Access Gateway 250,000 encrypted credentials
Autonomous or Networked
Operation Layer 2
Switch
IP
Network
LAN/WAN
Cisco Physical Access
Manager LDAP / Microsoft
Active Directory
HR Database
Other IT Apps
POE
Scalable Modular Architecture, open systems integration with IT systems
CA
N B
us
Additional
Modules
9
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco Physical
Access Gateway
Output
Module
Reader
Module
Input
Module
Обзор устройств
Mandatory component. Connects up to 2 doors, and up to 15 additional modules (connected via a 3 wire CAN bus).
Power: POE or 12V – 24V DC
2 Ethernet ports
10 pin Weigand Reader port : can be configured as two 5 pin Weigand ports
1 RS-485 port
3 Outputs (Form C Relays)
3 Supervised inputs
Tamper & PF inputs (can be configured as additional inputs)
Requires Access Gateway
Connects up to 2 doors, to the Cisco Access Gateway via CAN bus.
Power: 12V – 24V DC
10 pin Weigand port : can be configured as two 5 pin Weigand ports
1 RS-485 port
3 Outputs (Form C Relays)
3 Supervised inputs
Tamper & PF inputs (can be configured to be used as additional inputs)
CAN Termination switch
Requires Access Gateway
Connects up to 10 inputs to the Cisco Access Gateway via a CAN bus.
Example inputs are: Pushbutton switches, Glass Break sensors, or any contact closure input. circuit
Power: 12V to 24V DC
10 Supervised inputs
Tamper & PF inputs (can be configured to be used as additional inputs)
CAN Termination switch
Requires Access Gateway
Connects up to 8 outputs to the Cisco Access Gateway cia CAN bus..
Example outputs are: lights, LEDs, or any contact closure output circuit.
Power: 12V to 24V DC
8 Form C (5V, 30A) outputs
Tamper & PF inputs (can be configured to be used as additional inputs)
CAN Termination switch
10
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Архитектура развертывания
Максимум 400 метров
Дополнительные модули могут находиться на расстоянии до 40 метров от Access Gateway
Cisco Access
Gateway Reader Module
Reader Module
Input Module
Output Module
CAN Bus
Модули могут добавляться и удаляться в любое время без влияния на работу других модулей
Любые комбинации дополнительных модулей (до 15 ) могут подсоединяться к Access Gateway через 3-х проводную Controller Area Network (CAN) шину
Cisco Access Gateway требуется всегда, может самостоятельно контролировать до 2-х дверей
11
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Single Door POE Connection
Weigand
Reader
Reader & Lock
Power: Total Draw
650 mA at 12 V
REX
Door Sensor
Strike/Lock
Ouput (NO)
Weigand readers can be
configured with a single 10
wire interface (including Power
and GND) or as two 5 Wire
readers. The Power and GND
connections are shared
between the two readers.
Total external power supplied is
limited to 650 mA at 12 V DC.
This can be used to power
readers and a strike, as long as
total peak current intake
between all devices is less than
650 mA.
Wire gauge depends on
distance from Gateway: choose
20 AWG for up to 100 Feet
Peak Current
Device Description Consumption (mA)
HID 6005
HID Prox
Point Reader 75
HES RF5010
HES
Integrated
Reader &
Strike 240
Example POE Devices
12
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Hardware
Access Gateway 50 4 100
Reader Module 0 46 0
Input Module 4 4 4
Output Module 1 1 1
Software
Cisco PAM
Appliance 1 1 1
Module License 64 Module 64 Module 128 Module
Badge Enroller 1 1 1
Пример внедрения: дверей 100, входов 40, выходов 5
External power External power POE power
Access GWs
& I/O Modules
Access GWs, Readers,
& I/O Modules
Access GWs
(Single Door)
13
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco Access Gateway Преимущества использования
Benefit Feature
250K Cardholder cache, 150K
Transaction buffer
Web server built in
All communication is128 Bit AES
encrypted
Device pre-provisioning using network
services
Plug & Play support
Door continues to function in case
network connectivity is lost
Protects credentials, preserves security
Simplifies deployment
Modules can be added or deleted without
disrupting service
Simplifies configuration and monitoring
14
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco Physical Access Manager (Cisco PAM)
1. 1 RU Appliance
2. Java Thin Client Architecture
3. Policy Support: Two-Door, Anti-Passback
4. Report Generator (Canned & Custom)
5. Badge Design & Enrollment
6. Microsoft Active Directory integration
7. Fine grained user rights
8. Global I/O
9. Device Pre-Provisioning
10. Capacity & Feature Licenses
11. IT Data integration
12. Warm Standby High Availability
13. Audit Trails
IP Network
Java Thin
Clients
Cisco PAM
15
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Warm standby with database replication between two Cisco PAM instances
Virtual IP address for client transparency: both IP addresses bonded to a single virtual IP address
Secondary server takes over when primary fails
Secondary server only requires a HA license: acquires all primary licenses
Cisco PAM Отказоустойчивость
16
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Execute
Cisco PAM: Решения уровня предприятий
Integrates Cisco PAM data with other databases/IT applications
Design
Cisco PAM
EAI Module
CSV File
EAI Studio
EAI Studio is a standalone
tool running on Windows XP
Select Data sources
Select fields
Select schedules
Import
HR
DB
Cafeteria
DB
17
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco PAM Лицензирование
1. Simple licensing model. No limits on number of badges enrolled, or on number of administrative users/ monitors of the system
2. Capacity license upgrades for : 64, 128, 512 and 1024 modules (Access GW, Reader, Input or Output), allowing for flexible deployment choices
3. Migration licenses to take over existing installations. Licensing based on number of readers installed: 64, 128, 512 and 1024 Reader licenses available
4. Additional feature licenses for the following:
Badge Designer
Enterprise Application Integration
Enterprise Data Distribution
High Availability
Elevator Access Control
18
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Интеграция с системой видеонаблюдения
Интеграция на уровне обмена событиями с Cisco VSM
Позволяет ассоциировать камеру с дверью
Для каждого связанного с дверью события может быть просмотрено видео (живое либо из архива)
19
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
1. How Many Doors Per Location
2. How Many Readers Per Door
3. Are Biometrics Required
4. Is POE Available?
We can power the door hardware over POE if it is an „E‟ series switch
5. What Type of Reader is Required
We support Prox and Pin type readers today.
6. Any other requirements
Elevator Control
High Availability
Integration to Video System (Non-Cisco)
Enterprise Integration (HR, AD, etc)
Time and Attendance Integration
Visitor Management
Smart Card Integration
Что надо определить до … (Доступ)
20
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS
for Campus Safety
21
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Types of Safety Incidents
Student
and Staff
Violence
School and
Community
Violence
Disasters
Gang activity
Hazing
Sexual assaults
Shootings
Stabbings
Stalking
Thefts
Abduction
Bomb threats
Terrorist attacks
Vandalism
Contagious diseases
Earthquakes
Floods
Pandemics
Tornadoes
Human and manmade incidents
22
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Traditional Systems Response
Actions
are linear Communication
and decision
support
systems are
independent
Relies heavily
on human
intervention
23
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Campus Safety
Students
Campus Police
Faculty
Community
President/Dean
Community Police
Facilities
Collaborative Effort
24
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Converged Systems Response
Actions occur
in parallel
Communication
and decision
support systems
are connected and
trigger policy-
related responses
Less dependent
on human
intervention
25
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Students
Campus Police
Faculty
Community
President/Dean
Community Police
Facilities
Convergence Enables Collaboration
26
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Four Areas of Campus Safety
Create active, visible
countermeasures that
dissuade disruptive
actions
Immediate notification that
disruptive acts are
occurring and activating
preplanned policies
Facilitate incident
management process that
helps halt or mitigate
disruptive actions
Deny the means and ability
to plan, act, or acquire
materials intended to cause
disruptive actions
27
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IP Interoperability and Collaboration System (IPICS)
Devices/Networks Organizations
Locations Applications
Fire
Dept Police
Dept
Other
Agencies
Main
Campus
Remote
Campus Departments
Video
Surveillance
Unified
Communications
GIS and
Data
Eliminates Campus Communications Silos
IP
Phones PTT
Radios
PC
Clients
Nextel
Phones
Mobile
Phones
Cisco® IPICS
Intelligent Platform
Controls Media and
Information
28
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS
IPICS
VHF
RADIO
UHF
RADIO
PSTN
PTT over
Cellular
VoIP PTT Cell
Mgmt.
Software
Enables Communications Between Multiple Devices
Cisco IP Phone
29
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Comprehensive Communications Interoperability
Mobile
Phones Nextel PTT
Phones
Landline
Phones Messaging/
Paging
Interoperability to Telephony
and Notification
Telephony
Networks
Interoperability
to PCs & IP Phones
IP Network
P25 & Tetra
Radio Systems
Analog Trunking
Radio Systems
Analog
Conventional
Systems
Interoperability Across
Radio Systems
30
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Primary Notification Methods
Radio Other PTT
Clients
Phones (IP,TDM
Cell)
Email SMS Other
First Responder Notification
X X X
Second//Third Responder Notification
X
Mass Notification
X X X Radio, TV,
Pager
IPICS
31
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Other Differences Between Notification Types
1. First Responder Notification
Small group of people (1-10)
PTT conferencing - requires radio interoperability
2. Second Responder Notification
Small group of people (1-10)
Multi-way conferencing (radio possible)
3. Mass Notification
Wide group of people (1000‟s, 10,000‟s, 100,000‟s)
Notification confirmation and tracking
Much room for added value (GIS, User Registration, devices, etc.)
No one solution fits it all. However, IPICS can deliver the common platform for a comprehensive notification solution
IPICS
32
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Notification Begins with IPICS
Cisco IPICS Server
and Policy Engine
Cisco IP Phones
w/ PTT Services
IPICS Management Console
Cisco IPICS
PMC Client VHF/UHF/Nextel
PTT Radios
Secure
VoIP Network LMR Gateway
and Media Services
PSTN
PSTN/Cellular
Phones
VoIP Gateway
Vo
IP
Cisco
IP Phones
R
Other gateways:
SMS / Email
33
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
TRIGGER
Delivering First Responder Notification
Cisco IPICS Server
and Policy Engine
Cisco IP Phones
w/ PTT Services
IPICS Management Console
Cisco IPICS
PMC Client VHF/UHF/Nextel
PTT Radios
Secure
VoIP Network LMR Gateway
and Media Services
PSTN
PSTN/Cellular
Phones
VoIP Gateway
Vo
IP
Cisco
IP Phones
R
Other gateways:
SMS / Email
NOTIFICATION Virtual Talk Group
34
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
TRIGGER
Delivering Second Responder Notification
Cisco IPICS Server
and Policy Engine
Cisco IP Phones
w/ PTT Services
IPICS Management Console
Cisco IPICS
PMC Client VHF/UHF/Nextel
PTT Radios
Secure
VoIP Network LMR Gateway
and Media Services
PSTN
PSTN/Cellular
Phones
VoIP Gateway
Vo
IP
Cisco
IP Phones
R
Other gateways:
SMS, Email
NOTIFICATION Virtual Talk Group
35
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
XML
(.wav,addr)
Delivering Mass Notification
Cisco IPICS Server
and Policy Engine
Cisco IP Phones
w/ PTT Services
3rd-Part Application
(e.g. SI, ATP)
Cisco IPICS
PMC Client VHF/UHF/Nextel
PTT Radios
Secure
VoIP Network LMR Gateway
and Media Services
PSTN
PSTN/Cellular
Phones
VoIP Gateway
Vo
IP
Cisco
IP Phones
R
Other gateways:
SMS, Email
NOTIFICATION RESPONSE (OPTIONAL)
36
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
XML
(.wav,addr)
Delivering Notification w/Hosted Service Provider
Cisco IPICS Server
and Policy Engine
Cisco IP Phones
w/ PTT Services
3rd-Part Application
(e.g. AT&T)
Cisco IPICS
PMC Client VHF/UHF/Nextel
PTT Radios
Secure
VoIP Network LMR Gateway
and Media Services
PSTN
PSTN/Cellular
Phones
Vo
IP
Cisco
IP Phones
R
Other gateways:
SMS, Email, IM,
TV, Radio, etc VoIP Gateway
NOTIFICATION
37
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Physical Security Systems
Network as the Platform
IP Cameras
Analog Video Surveillance
Manager Access Control
Integrated
Comms
Policy Engine
Web Client
Legacy Integration
G
Capture Store View Respond
38
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco Open Platform for Safety and Security
Security Management Recording, Monitoring, and Policy-Based Administration
Access Controls Physical and Info
System access control
Correlation Physical and info security event correlation
Connectivity Wired or Wireless
Any-to-Any
Self Defending Network Enabling connected systems to identify and prevent threats
Communications Interoperability
How to Deliver “Right Information, Right Time,
Right Format to the Right Person”
Convergence Physical and Info Security policy based control, enforcement and auditing
39
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS
Mass
Notification
Cisco Digital
Media System
Cisco Unified
Communications
Cisco 3200
Series Router
Communications
Cisco Video
Surveillance
UHF
VHF
Nextel
How do we make this work?
40
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS
Mass
Notification
Cisco Digital
Media System
Cisco Unified
Communications
Cisco 3200
Series Router
Communications
Cisco Media
Manager
UHF
VHF
Nextel
41
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS
Mass
Notification
Cisco Digital
Media System
Cisco Unified
Communications
Cisco 3200
Series Router
Communications
Cisco Video Surveillance
UHF
VHF
Nextel
42
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Benefits for Your Campus
1. Ensure different organizations and agencies can communicate regardless of their network or device
2. Extend push-to-talk (PTT) and voice services from land mobile radio (LMR) networks to IP networks
3. Create policies that define standard operating procedures, including talk group establishment and user notification
4. Allows dispatchers and incident commanders to manage operations from one or more locations
43
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
When Today’s Incident Strikes….
1. Rapidly inform and assemble the response team….
Notify individuals and groups wherever they are
Via whatever communications device they have
Quickly—at the touch of a button
2. And enable them to talk NOW
Invite and join a Virtual Talk Group
With whatever device they have
From wherever they are Increase Situation Awareness. Improve Response Times. Save Lives.
44
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Maximize The Value of Your Networks
1. Leverage the Infrastructure You Already Have
Enable disparate systems to function as a Network of Networks
Use secure, proven, reliable, and open IP standards to increase the value of your LMR, Telephony, and IP networks
2. Gracefully Migrate to New Technologies
Link Legacy to Legacy, Legacy to P25, & P25 to P25 radio systems
Combine Today‟s Narrowband LMR with Tomorrow‟s Broadband Wireless
3. Cost-Effective Interoperability Today
Deploy in a fraction of the cost, time and complexity of a radio replacement/upgrade
Fund with savings realized, Cisco Capital, the Public Safety Interoperable Communications (PSIC) Grant and other Homeland Security Grants
45
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Boulder County
Colorado
Bryant
University
State of Georgia
Forestry Commission
Piedmont Regional
VoIP Interoperability Project
Cisco Safety
and Security
Massachusetts
HLS District
Halifax,
VA
Public Safety and Security with Cisco IPICS
Escalating Public
Safety Threats
Increased Reliability
& Resiliency
Rapidly deployable
resources
Improved
Service Levels
“Leverage Radio
and IP Networks”
Enable Agency
Collaboration
Interoperability
Beyond Radio
Agency
Collaboration
TCO
Scale to need of
any emergency
Broadband
Mobility
Secure
Communications
46
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Cisco IPICS Integrated Interoperability Solution
Cisco
IPICS
Server
Cisco IPICS
PTT
Management
Console
Cisco IPICS
IP Phone
Clients
Cisco Unified
Communications
Manager
Incident
Management
Console
Policy and
Notification
Engine
Analog & Digital
Radio Systems
Local or Tactical
Site
Mobile Incident
Command
Telephony
PSTN, Mobile, & IP
Phones
IP Network
Raytheon JPS
ACU-2000 IP Mobile Data and
Incident Area
Network
Mobile
Broadband
Wireless Standard SIP
Interface
Control
Interface
Nextel
PTT Phones
Cisco Media
Services Routers
Ops View
Resource
Mgt
47
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
More Information
1. More Information on Cisco Interoperability Systems
http://www.cisco.com/go/ipicssolution
2. Flash Demo
http://www.cisco.com/cdc_content_elements/flash/ipics/index.html
3. Videos
http://newsroom.cisco.com/ *Search for “IPICS” on Video Archives
4. Case Studies
http://www.cisco.com/en/US/products/ps6718/prod_case_studies_list.html
Boulder County, Colorado
State of Georgia Forestry Commission
Bryant University
Cisco Safety and Security
Solution Overviews for Municipal, State, Emergency Services
5. Technical Resources:
http://www.cisco.com/en/US/products/ps7026/tsd_products_support_series_home.html
48
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
Читать:
1. Continue your Cisco Live learning experience with further reading from Cisco Press
2. Check the Recommended Reading flyer for suggested books
49
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public MTM-PhySec
On the Web: http://www.cisco.com/go/physicalsecurity
E-mail me: muminovtm@cisco.com
Recommended