Services#
Services in Access are required to select options for connecting to external systems.
All fields are required unless otherwise stated in the description.
Apacs#
This service is designed to interact with the APACS 3000 ACS.
Software integrations of the APACS ACS with the FRS are implemented to ensure the passage of recognized persons through a turnstile/door with a magnetic lock.
- The supported version of the APACS ACS is 8.3.1.0.
Supports connection of AAM LAN 8W controllers.
Apacs service functionality#
Main functions:
- adding devices with which LP will work;
- receiving regular updates from the ACS software database;
- sending requests for adding/changing data to the LP;
- receiving identification events;
- sending a request to the ACS software about identiloginfication events;
- logging of events about an attempt by an unidentified employee to pass through the turnstile.
Configuring parameters for connecting to the APACS ACS#
Service settings and possible values (Table 11):
Table 9. Setting up the APACS service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined service name | Any textual names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| bio_system_id | The identifier of the biometric system | - | - |
| host | IP address of the server with installed APACS software | IP address in the form X.X.X.X | - |
| port | Port on which APACS is deployed | - | 7010 |
| enable_ssl | Data encryption method for network transmission. It depends on the type of network you are using. | On - https | Off |
| Off - http | |||
| login | Login of ACS software user. Input of Latin characters, numbers and symbols is supported. | User created in APACS ACS software | - |
| password | The user's password created in the APACS ACS software. | The input of Latin letters, numbers and symbols is supported. | - |
| feature_profile | The profile key belonging to the master key of the system. The key data is located in the APACS ACS software: Help → About the program | - | - |
| rabbitmq_login | Username from RabbitMQ from Apacs | The input of Latin letters and numbers is supported | - |
| rabbitmq_password | The password of the user from RabbitMQ from Apacs | The input of Latin letters and numbers is supported | - |
| card_format_source | The type of map format for uploading organization codes and their offsets. For more information, see below | - | - |
| max_workers | Number of parallel threads for face replication | >0 | 10 |
The type of card format (card_format_source) can be found in any Apacs client application in the Console tab → System Root section → Hardware Server section → select a network driver → select a controller → Group: Card Format section → select any card format → General tab → field ""The type of the object"".
Guest pass with two-factor authentication#
If you need to pass a guest with active two-factor authentication and no possibility to get a guest photo, you need to perform the following steps:
1․ Add a person to the ACS without a photo with full name and card number.
2․ Enable the use_cards_without_face option in the Apacs2FA pipeline settings.
Creating a user in RabbitMQ#
To create a user in RabbitMQ with read- and write-only rights to a specific queue, follow these steps:
Available on the server where Apacs is deployed.
1․ Open the Windows command prompt.
2․ Navigate to the directory of executable files for RabbitMQ:
cd "c:\Program Files\RabbitMQ Server\rabbitmq_server-*.*.*\sbin"
Substitute the value of the RabbitMQ Server version instead of the
*character.
3․ Add the user to RabbitMQ:
rabbitmqctl add_user <login> <password>
Substitute your own values instead of
<login>and<password>. For more information, see the official website.
4․ Add rights to the user:
rabbitmqctl set_permissions -p / <login> "^apc.webapi.vl-access-2$" "^apc.webapi.vl-access-2$" "^apc.webapi.vl-access-2$"
Substitute your own value instead of
<login>. For more information, see the official website.
These rights make it possible to create an exchange for the Apacs ACS in order to queue events about user changes. These rights also allow you to read events from this queue for further synchronization of users for Access.
Bastion#
This service is designed to interact with the Bastion ACS.
Software integration of the Bastion ACS software with the face recognition system (LP5) is implemented to ensure the passage of recognized persons through the turnstile/door with a magnetic lock.
- Supports Bastion ACS version 2.1.11.2337.
When using Bastion version 3, the
LunaEventListenerpipeline is not required.
The ACS synchronizes employees with the list in Luna and listens to events based on which it decides to open or not open the turnstile. These events are generated in Access by the CreateBastionEvent pipeline.
Bastion functionality#
Main features:
- adding devices that LP5 will work with;
- receiving regular updates from the ACS software database;
- sending requests to add/change data to LP5;
- receiving identification events;
- sending requests to the ACS software about identification events;
- logging events about an attempt by an unidentified employee to pass through the turnstile.
Bastion settings#
The following settings are used when creating a new service (Table 12):
Table 10. Bastion Service Configuration
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Drop-down list for selecting the biometric system identifier (LP5 or CBS) in Access. | - | - |
| host | IP address of the server with installed Bastion software | IP address in the form of X.X.X.X or site.domain | - |
| port | ONVIF port of Bastion service | - | 10112 |
| enable_ssl | SSL encryption support for messages. It must be activated if necessary to maintain confidentiality. When activated, the load on the device and the message transmission time increases | On - https | Off |
| Off - http | |||
| username | Bastion ONVIF user login. Input of Latin characters, numbers and symbols is supported. | The user created in Bastion | - |
| password | Bastion ONVIF user password. Input of Latin characters, numbers and symbols is supported. | User password | - |
| vl_access_host | IP address of the server where Access is installed | IP address in the form of X.X.X.X or site.domain | - |
| vl_access_port | Port of the server where Access is deployed | - | 9091 |
Setting up Bastion ACS software#
1․ Go to the server where the Bastion ACS is deployed and open the ACS software.
2․ Go to the Operator Window tab → Drivers → Driver Face → Configuration.
3․ In the Main settings section, set the port, ONVIF login and password.
4․ In the KBI Server section, add a new server by clicking "+".
5․ In the new server setup, enter the addresses of the person profile management service and the event service, the Access address in the "host:port" format, set the login and password for both services.
6․ In the Waypoint setting, add a new waypoint by pressing "+".
7․ Select the entry point Door N RM.
8․ In the Description field, enter the name of the camera that works with this access point.
9․ Select the operating mode "Access in identification mode"
The description of the access point must match the name of the device in Access.
10․ Save your changes by clicking on the floppy disk icon.
11․ Set up pass management on the Tools tab → Passes → Bureau of Passes.
12․ Creating an application for a pass. Go to Application → Main → Pass Management → New application.
13․ Fill in the required fields and click OK.
14․ Issuance of passes. Go to Application → Basic → Pass Management → Issue → Generate the card number → Ok.
Issued passes are displayed on the Issued tab.
15․ Edit the pass. Go to the Issued → Required Pass → Edit → Ok section..
When changing the mode at the access point in the ACS, it is necessary to restart the Bastion service in Access.
Bolid#
Hardware and software integration required for communication between the FRS/CBS and the Bolide ACS software to ensure control of the connected device (C-2000 series devices or other devices compatible with the Bolide software).
Supports Bolid version 1.20.3, Orion Pro integration module version 1.4.
Information interaction is provided through the Orion Pro automated workplace software.
The Orion PRO licensed integration module must be installed and launched.
The integration module is a SOAP web service accessed via the HTTP/HTTPS protocols. The description of the web service complies with the WSDL version 2.0 specification.
The service runs under Windows 7/8/8.1/10 (32 bit or 64 bit).
Bolid functionality#
Main features:
- sending a pair of “user ID” — “managed device” via the Orion Pro API;
- data replication from the ACS software database.
Bolid settings#
The following settings are used when creating a new service (Table 13):
Table 11. Setting up the Bolid service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Drop-down list for selecting the ID of the Luna service in Access. | - | - |
| login | Username of the Bolid user. It is set in the Bolide software: DB → Passwords → The password type is ""Remote control"" | The user created in the bolid. The input of Latin letters, numbers and symbols is supported. | - |
| password | Bolid user password. Input of Latin characters, numbers and symbols is supported. | User password | - |
| host | IP address of the server with installed Bolid software | IP address in the form X.X.X.X | - |
| port | Bolid service port | - | 8090 |
| enable_ssl | SSL encryption support for messages. It must be activated if necessary to maintain confidentiality. When activated, the load on the device and the message transmission time increases | On - https | Off |
| Off - http | |||
| max_workers | Number of data replication handlers from the Luna list to Bolid. If there is a large amount of data, it is recommended to set from 2 to 5. | >0 | 10 |
| token_ttl_sec | Time to refresh the access token (in seconds). Find the value of the TokenLifeTime field in the file ProgramData\BolidIntegrServ\settings.ini |
It is not recommended to change this Parameter | 300 |
Preparatory actions with Orion Pro software#
To launch and configure Bolid, you need to perform preparatory steps with the Orion Pro software:
1․ On the OrionShell panel, run the BDA (Bolid Database Administrator) module (Figure 119):
2․ Add a new employee. Fill in the required fields according to the rules for creating employees at the facility (Figure 120).
3․ Go to the Employees section
4․ Click the "add" button
5․ Fill in the required employee fields
Select the status of “Administrator” or another department with employees who have full access to the system.
6․ Add “Maximum” access level to the new user and set a password (Figure 121).
7․ Go to the Access section
8․ Click Add
9․ Select the desired employee, enter the password
10․ Select access level Maximum
11․ Add new section (Figure 122):
12․ Select the “System structure” tab;
13․ Select “Sections”;
14․ Select all “Sections”;
15․ Add a new section with default settings and name it.
16․ Bind devices to the newly created section (Figure 123).
17․ Select a section
18․ Click the “Add” button at the bottom left.
19․ select the required device in the list of devices (Figure 124);
20․ select it with the “>>” button and move it to the right field;
21․ confirm the changes with the “OK” button;
22․ click the “Save” button at the bottom left.
23․ Edit the orion.ini file in the folder with the installed Orion Pro application (for example, C:\BOLID\ARM_ORION_PRO1_20_3), adding Parameters to it (if there are none):
[Checkerdb]
Remarks=1
timechecker=5
Logon=1
RemoteCmd=1
CmdOn=1
[ChangeDB]
on=1
24․ Restart all Orion Pro applications.
Configuring the “ORION PRO INTEGRATION MODULE” application#
To configure the “ORION PRO INTEGRATION MODULE” application, follow these steps:
1․ Download the official distribution kit of the “ORION PRO INTEGRATION MODULE” application (link).
2․ Run the installation. After the installation is complete, launch the module, check the database connection settings. If everything works correctly, close the module.
3․ Install the module to run as a service. To do this, run the command in the terminal as administrator in the folder with the installed module (for example: C:\BOLID\IntegrServ):
IntegrServ.exe /INSTALL
4․ In the system control panel, find the installed service and run it by clicking the right mouse button and selecting “Start” (Figure 125).
CbsAlpha#
It is used to get the identifier of the descriptor in CBS Alpha from a photo.
Only LUNA PLATFORM 5.10 and later is supported.
A service for synchronizing two lists from CbsAlpha. The service tracks changes in the cbs list and compares them with persons from the luna list. If there are duplicates of persons, then the duplicate is deleted from the luna list.
Setting up parameters for connecting to CbsAlpha#
Service settings and possible values (Table 14):
Table 12. Setting up the CbsAlpha service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | The name of the service specified by the user | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| host | FRS IP address in KB | IP address in the form of X.X.X.X or site.domain. | - |
| port | Port for connecting to the FRS in CBS | - | 5000 |
| enable_ssl | SSL encryption support for messages. It must be activated if necessary to maintain confidentiality. When activated, the load on the device and the message transmission time increases | On – active | Off |
| Off – inactive | |||
| username | Username of the FRS user | - | - |
| password | Password of the FRS user | - | - |
| account_id | UUID of the FRS user | - | - |
| handler_id | UUID of the handler for handling pass events, created in the FRS. | UUID of the handler | - |
| default_list_id | UUID of the ID of the FRS list that employees will be synchronized with | The ID of the list created in the FRS. | - |
| face_detection_threshold | The minimum threshold for face recognition is | 0...1 | 0.5 |
| event_receiving_mode | Mode for receiving events from FRS | websocket/Webhook | websocket |
| vl_access_host | IP address of the server on which Access is installed | IP address in the form X.X.X.X | - |
| vl_access_port | The port of the server where Access is deployed | - | 9091 |
| vl_access_basic_username | Login for interacting with Access | - | - |
| vl_access_basic_password | Password for interacting with Access | - | - |
| max_greatest_side_size | During replication, resize the larger side of the photo to the specified size, maintaining the proportions (Blank value - do not resize the photo) | -,0...1920 | - |
| cbs_list_id | ID of the EBS list of persons | - | - |
| synchronisation_interval_hours | The frequency of synchronization start. | Hours 0...100 | - |
CbsMts#
Used to retrieve the descriptor identifier in the MTS CBS from a photo.
Configuring CbsMts settings#
Service settings and possible values (Table 15):
Table 13. Setting up the CbsMts service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined service name | Any textual names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| host | FRS IP address in CBS | IP address in the form of X.X.X.X or site.domain. | - |
| port | Port for connecting to the FRS in CBS | - | 5558- |
| enable_ssl | SSL encryption support for messages. It must be activated if necessary to maintain confidentiality. When activated, the load on the device and the message transmission time increases | On – active | Off |
| Off – inactive | |||
| urn | Path to the directory of persons in CBS | - | /cbs/persons |
| token | VisionLabs token for access to MTS CBS | - | - |
| timeout | Timeout time in seconds when connecting to the service fails. It is necessary to take time if there is a large delay between servers. | The time is selected taking into account the network delay to maintain performance. | 10 |
| cert_name | The name of the certificate to connect to the CBS. Certificate storage directory `/tls/ | - | - |
LunaStreams#
Service for working with LUNA Streams.
LUNA Streams is a service of VisionLabs FaceStream.
The service is designed to:
- receive a list of stream names from LUNA Stream for subsequent transmission to the ACS;
- generating a detection event based on a frame from LUNA Stream for subsequent sending for matching to Luna, CbsMts or CbsAlpha.
Supported version is FaceStream 5.1.6 or newer.
Configuring LunaStreams settings#
Service settings and possible values (Table 16):
Table 14. Setting up the LunaStreams service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined service name | Any textual names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| host | IP address of the server with installed LunaStreams | IP address in the form X.X.X.X | - |
| port | Port of the server where LunaStreams is deployed | - | 34569 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| handle_event_interval | The delay interval between receiving detections from one source. | 1...15 | 3 |
Gate#
The service is designed to interact with Gate PACS.
The integration module (sync.exe), launched in the Gate Server directory, detects changes in the database and sends changes to the ip:port specified in the .env settings file. VL Access accepts and processes these requests, and makes appropriate changes to the Luna list.
Supported versions: Gate Terminal 1.22.95, Gate Server 1.22.95
Configuring Gate settings#
Service settings and possible values (Table 17):
Table 15. Gate Service Configuration
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined service name | Any textual names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| luna_id | Drop-down list for selecting the Luna service identifier | - | - |
Luna#
The service is designed to redirect data from/to LP to external systems and devices.
Supported versions: 5.10 and higher.
Luna settings#
The following settings are used when creating a new service (Table 18):
Table 16. Setting up the Luna service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| host | IP address of the server where Luna is installed | IP address in the form of X.X.X.X or site.domain | - |
| port | Port of the server where Luna is deployed | - | 5000 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| username | Admin login in LP5. Input of Latin characters, numbers and symbols is supported. | - | - |
| password | Admin password in LP5. Input of Latin characters, numbers and symbols is supported. | - | - |
| account_id | UUID of user lP5. | - | - |
| handler_id | UUID of the handler for working with passage events, created in Luna | - | - |
| default_list_id | UUID of identifier the LP5 list with which the employees will be synchronized | The identifier of the list created in LP5. | - |
| face_detection_threshold | The minimum threshold for face recognition is | 0...1 | 0.5 |
| event_receiving_mode | Mode for receiving events from FRS | websocket/Webhook | websocket |
| vl_access_host | IP address of the server on which Access is installed | IP address in the form X.X.X.X | - |
| vl_access_port | The port of the server where Access is deployed | - | 9091 |
| vl_access_basic_username | Login for interacting with Access | - | - |
| vl_access_basic_password | Password for interacting with Access | - | - |
| max_greatest_side_size | During replication, resize the larger side of the photo to the specified size, maintaining the proportions (Blank value - do not resize the photo) | -,0...1920 | - |
LunaAceConverter#
Service for sending data received from LUNA ACE devices to LP5. The received request from the device is redirected to the RRL, then a response is generated for the device based on the received response from the LP5.
Supported version LUNA ACE 1.2.23
LuaAceConverter settings#
The following settings are used when creating a new service (Table 19):
Table 17. Setting up the LUNA ACE service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | Drop-down list with Luna service IDs in Access | - | - |
Setting up LUNA ACE#
1․ Connect to the device via SSh.
2․ Open the file: vi /opt/luna_ace/ace_device.conf .
3․ Specify the URL of the LunaAceConverter service in the luna_platform_address parameter.
To get the URL of the service, you need to go to the created LunaAceConverter service in Access and copy the full path from the browser search bar:
http://<ip_address>:9092/service/<UUID>
4․ Change to the directory: cd /opt/luna_ace/services/ace_device
5․ Restart the device: restart
LunaCars#
Software and hardware integration required for communication between LUNA CARS and barriers (boom barriers, sliding gates, bollards, and others) for vehicle access control.
Supported LUNA CARS modules:
- LUNA CARS API: v.1.0.3;
- LUNA CARS Stream: v.2.0.4;
- LUNA CARS Analytics: v.3.0.3.
Access links to LUNA CARS Analytics backend.
Events in the queue are of type CarDetectionEvent.
LunaCars settings#
The following settings are used when creating a new service (Table 20):
Table 18. Setting up the LunaCars service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| host | IP address of the server where LUNA CARS is installed | IP address in the form of X.X.X.X or site.domain | - |
| port | Port of the server where LUNA CARS is deployed | - | 8080 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| api_port | Port of the server where LUNA CARS API is deployed | - | 8100 |
| login | LUNA CARS Analytics administrator login. Input of Latin characters, numbers and symbols is supported. | - | admin@test.ru |
| password | LUNA CARS Analytics administrator password. Input of Latin characters, numbers and symbols is supported. | - | admin |
| event_expiry_time | After how many seconds events can be skipped as obsolete. It is necessary to reduce the time to ~15 seconds if the vehicle flow is constant | >10 | 60 |
| min_license_plate_accuracy | Minimum accuracy of vehicle registration plate recognition | The value is formed at the design stage and corrected at the testing stage (0,00...1,00) | 0,6 |
| event_memory_time | Time during which the service does not create a repeat event for the same vehicle (in seconds). It is necessary to increase the value if the vehicle stands in the recognition zone for a long time in the queue for entry, etc. | 60…180 | 90 |
| timeout | Timeout for an unsuccessful attempt to connect to the service. It is necessary to increase the time if there is a large delay between servers | The time is selected based on the delay in the network to maintain performance | - |
Parsec#
This service is designed to interact with the Parsec ACS to ensure the passage of recognized persons through a turnstile/door with a magnetic lock.
The service allows you to process requests from access control systems, such as:
- transfer of the list of employees to the Luna list,
- adding/editing/deleting employees in the Luna list,
- receiving detection events from devices.
The service executes the following requests to the ACS:
- sending url address of ONVIF services;
- receiving card swipe events;
- getting access point IDs.
When starting the service, access point identifiers are first requested and their names are generated.
Regardless of the selected authorization mode (one-factor or two-factor), the ACS polls Access for detections and generates a response that contains the employee identifier, as well as the access point identifier.
As soon as a valid face detection occurs, the service simply returns a response to the access control system.
Configuring devices for integration with Parsec requires using access point names generated by the service itself. They are generated in the format 'access point name - identifier'. For example: 'turnstile_exit - 907efa78-cb2f-4f46-b374-785c7f9901a5'
The resulting access point names must be inserted into the appropriate fields:
- When using internal Access devices (HikvisionTerminal, Panda ...), indicate in the "name" field.
- When using LunaStream, indicate in the "source" field.
Parsec functionality#
Main features:
- transferring a list of employees to a Luna list;
- adding/editing/deleting employees in the Luna list;
- receiving detection events from devices.
Parsec settings#
The following settings are used when creating a new service (Table 21):
Table 19. Setting up the Parsec service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Drop-down list for selecting the biometric system identifier (LP5 or CBS) in Access. | - | - |
| host | IP address of the server where Parsec is installed | IP address in the form of X.X.X.X or site.domain | - |
| port | Port of the server where Parsec is deployed | - | - |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| username | Parsec user login. Input of Latin characters, numbers and symbols is supported. | - | - |
| integration_key | Parsec integration key.Used as a password to connect to the device | - | - |
| vl_access_host | IP address of the server where Access is installed | IP address in the form of X.X.X.X or site.domain | - |
| vl_access_port | Port of the server where Access is deployed | - | 9091 |
Configuring Access and Parsec ACS integration#
To launch and configure the Parsec ACS software, install Parsec.NET and run the Administration program and check the settings (Figure 126):
1․ Make sure that the ""Advanced Mode"" is running (File→Advanced Mode).
2․ Go to the “Equipment editor” section and make sure that the controllers are connected .
3․ For each required controller, set the following settings in the “Access Modes” tab (Figure 127).
4․ Go to the “System settings editor” section, then open the “Face Recognition (ONVIF)” tab (Figure 128).
5․ In the “Face recognition (ONVIF)” window, click the “Change” button and make sure that the “Use FRS” item is enabled, and the “FRS type” is set to “ONVIF face recognition”.
6․ In the “IP Address” and “Port” fields, enter the Access server data.
7․ Click the “Check connection” button only after configuring Access, this will require the “Integration key”.
8․ After clicking on the “Check connection” button, the fields in the “Face recognition system services” block will be filled in automatically.
9․ Click the “Save” button.
10․ Replicate employees to the Luna list by clicking the “Transfer employees and visitors” button. Before, make sure that all staff members are correctly added in the "Staff Editor" section, see «Adding staff to Parsec ACS»
Example of displaying staff member unloaded from Parsec ACS to LUNA PLATFORM list (Figure 129).
Configuring access groups in Parsec ACS#
1․ Click the «Access group editor» section.
2․ Add a new access group.
3․ Add an access territory where the access points are included (Figure 130).
4․ Click the Save button.
Adding staff to Parsec ACS#
Adding staff members to Parsec ACS is necessary for their subsequent upload to LUNA PLATFORM (Figure 131).
1․ Click the «Staff Editor» section.
2․ Click the button of adding a new staff member.
3․ Fill in the «Last Name» and «First Name» fields.
4․ Add a photo of the staff member.
5․ Fill in the «Card code» field. The «PIN» field will be filled in automatically.
If card access is not provided at the facility or the staff member does not have a card, enter any value in the «Card code» field.
6․ Select the staff member's access group.
7․ Click the Save button.
If you add staff members correctly, all new or changed data will be added to the LUNA PLATFORM database automatically.
PercoWEB#
Software integration of the PERCo-Web ACS software with LP5 is implemented to ensure the passage of recognized persons through a turnstile/door with a magnetic lock.
Supports PERCo-Web system version 2.0, build number 4.30.
Performs user data replication from the PERCo ACS to the specified Luna list and generates PercoController controllers from the received list of devices for execution of entry or exit requests.
PercoWEB functionality#
Main features:
- adding devices that LP5 will work with;
- receiving regular updates from the ACS software database;
- sending requests to add/change data to LP5;
- receiving identification events;
- sending requests to the ACS software about identification events;
- logging events about an attempt by an unidentified employee to pass through the turnstile.
PercoWEB settings#
The following settings are used when creating a new service (Table 22):
Table 20. Setting up the PercoWEB service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| host | IP address of the server where PERCo-Web is installed | IP address in the form of X.X.X.X or site.domain. | - |
| port | Port of the server where PERCo-Web is deployed | - | - |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| login | PERCo-Web user login. Input of Latin characters, numbers and symbols is supported. | The user created in PERCo-Web | - |
| password | PERCo-Web user password. Input of Latin characters, numbers and symbols is supported. | User password | - |
| token_ttl_min | The validity period of the security token. The value must match the PERCo-Web software, location of the PERCo-Web Manager → Settings → Advanced Settings → The lifetime of the session. | Minutes 0...10000 | 1440 (1 day) |
| luna_id | Drop-down list with Luna service IDs in Access | - | - |
| max_workers | The maximum number of threads that can be used for face replication | 1-10 | 10 |
Rusguard#
Software integration of Rusgurad ACS software with SRL is implemented to ensure the passage of recognized faces through the turnstile.
- Поддерживает версию СКУД Rusguard: 3.3.1
Rusguard functionality#
Main functions:
- adding devices with which SRL will work;
- receiving regular updates from the database on ACS;
- sending requests for adding/changing data to the SRL;
- receiving identification events;
- sending a request to the ACS software about identification events;
- logging of events about an attempt by an unidentified employee to pass through the turnstile.
Configuring parameters for connecting to Rusguard#
Service settings and possible values (Table 23):
Table 21. Setting up the Rusguard service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | The name of the service specified by the user | Any text names. Latin and Cyrillic characters are supported. It is not recommended to enter more than 30 characters. | - |
| luna_id | Dropdown list to select Luna Service ID in Access. | - | - |
| host | IP address of the server with installed Rusguard | IP address in the form X.X.X.X. | - |
| port | Port of the server where Rusguard is deployed | - | 8089 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| target_photo_number | The number of the photo in the database that is used for replication. | 0...100 | - |
| target_card_type_id | Replicated card type. If the field is empty, any employee card is replicated. | - | - |
| replicate_session_interval_sec | The frequency of synchronization of the ACS database and Access storage. It is necessary to specify the minimum allowed synchronization time, since Access does not receive notifications from external systems about the addition/removal of an employee. | Set in seconds 0...100 | 5 |
RusguardCBS#
The service is designed for interaction the Rusguard PACS and CBS.
The service replicates employees from the PACS to its own database, requesting the descriptor identifier in CBS based on the employee's photo. The replication session restarts after 5 seconds for data synchronization after completion.
- Supported versions: System - 3.3.1, Database - 3.3.1
Configuring parameters for connecting to RusguardCBS#
Service settings and possible values (Table 24):
Table 22. Setting up the RusguardCBS service
| Parameter | Description | Possible values | Default value |
|---|---|---|---|
| name | User-defined service name | Any textual names. Only Latin characters are supported. It is not recommended to enter more than 30 characters. | - |
| cbs_id | CBS service identifier | - | - |
| host | IP address of the server with installed Rusguard | IP address in the form X.X.X.X. | - |
| port | Port of the server where Rusguard is deployed | - | 8089 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| min_face_similarity | The minimum percentage of compliance for searching for a candidate in the CBS during replication. | 0...1 | 0,7 |
| target_photo_number | The number of the photo in the database that is used for replication. | 0...100 | - |
| target_card_type_id | ID of the map type being replicated. If the field is empty, any employee card is replicated. Available card type identifiers are displayed in the Info block. | - | - |
| replicate_session_interval_sec | The frequency of synchronization of the ACS database and Access storage. It is necessary to specify the minimum allowed synchronization time, since Access does not receive notifications from external systems about the addition/removal of an employee. | Set in seconds 0...100 | 5 |
Salto#
This service is designed to interact with the Salto ACS.
- Supported system version: 6.6.3.0.
Replicates user data from the Salto PACS to the specified Luna list and generates "SaltoController" controllers from the received list of devices for subsequent execution of pass.
To configure the Salto ACS software, please refer to the official documentation.
Salto settings#
The ACS synchronizes employees with the list in Luna and listens to the events, based on which it decides to open or not open the turnstile. These events are generated in Access by the SendToSalto pipeline.
The following settings are used when creating a new service (Table 25):
Table 23. Setting up the Salto service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | The service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| luna_id | The Drop-down list with Luna service IDs in Access | - | - |
| host | IP address Salto | - | - |
| port | Port of the server where Salto is deployed | - | 8100 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| login | Salto user login. Input of Latin characters, numbers and symbols is supported. | The user created in Salto | - |
| password | Salto user password | User password. Input of Latin characters, numbers and symbols is supported. | - |
| max_workers | The maximum number of threads that can be used for face replication | 1-10 | 10 |
Sigur#
Supports Sigur ACS version 1.1.1.9s.
This service is designed to interact with the Sigur ACS.
Software integrations with Sigur ACS software are implemented to provide:
- with LP5 for the passage of recognized persons through the turnstile / door with a magnetic lock.
- with LUNA CARS to provide access control of vehicles when passing through barrier devices.
Configuring Access and Sigur PACS integration#
To launch and configure the Sigur PACS software, follow these steps:
1․ Make sure you are using Sigur PACS software version 1.1.1.9.s or newer.
2․ In the menu of the Sigur control program, select “Help” → “About the program”.
3․ Check the software version against the one listed on www.sigur.com (https://sigur.com/last_releases/).
4․ Update the software to the latest version if necessary.
5․ Set up interaction between the integration module and the Sigur PACS software server.
6․ In the menu of the Sigur control program, select “File” → “Settings”.
7․ In the “Edit Settings” dialog, go to the “Video Surveillance” item.
8․ Add video surveillance server (Figure 132).
9․ “Server name” — enter the server name;
10․ “Server type” — “User system”;
11․ click “OK”;
12․ enter the server (Figure 133)
13․ “Server address” and “Server port (HTTP)” are used when accessing the server from the PACS via HTTP protocol;
14․ “Server address” corresponds to the IP address of the machine on which Access is running;
15․ “Server port (HTTP)” is the port for the integration module (the default value is 9091; if the port is already in use, change it);
16․ "Path to service" sets the common path prefix on the server for all requests from the ACS. This value should be taken from the information block of the Sigur component in Access, the value of the webhook-url field (Figure 134).
17․ Enable the flag Upload photos to the server when using the Sigur service, disable when using the SigurThroughDatabase service.
18․ Activate the flag Receive events from the server.
19․ Enable face recognition.
20․ In the “Edit Settings” dialog, go to the “Face Recognition” item.
21․ Check the box next to “Enable face recognition” (Figure 135).
Configuring access points in Sigur#
You may need to restart the Sigur PACS server in order for it to be able to connect to the integration module.
To configure access points in Sigur, follow these steps:
1․ In the side menu of the Sigur control program, select the “Equipment” item (Figure 136).
2․ Select the required access point and configure video surveillance settings for it (Figure 137):
3․ “System” — select the name of the created user system;
4․ “Camera” — select a camera. When you click on the drop-down list, it should show the names of all devices created in Access. This indicates that the integration is working properly and Sigur was able to connect to Access. Select the device that is used to identify the required access point;
5․ check the box next to “Enable face recognition”;
6․ click the “Apply” button.
Direct connection#
Sigur functionality
Main features:
- adding devices that LP5 and LUNA CARS will work with;
- receiving regular updates from the ACS software database;
- sending requests to add/change data to LP5;
- receiving identification events;
- sending requests to the ACS software about identification events;
- logging events about an attempt by an unidentified employee to pass through the turnstile.
Sigur settings
The ACS synchronizes employees with the list in Luna and listens to the events, based on which it decides to open or not open the turnstile. These events are generated in Access by the SendToSigur pipeline.
The following settings are used when creating a new service (Table 26):
Table 24. Setting up the Sigur service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | The service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Drop-down list for selecting the biometric system identifier (LP5 or CBS) in Access. | - | - |
| host | IP address Sigur. | - | - |
| luna_cars_id | LUNA CARS service ID in Access | - | - |
| mark_for_ignore | When synchronizing with Sigur, if this combination occurs in the body of an employee's request, then the request is ignored.This is required to distribute different copies of Sigur in one system | On — ignore requests; | Off |
| Off — execute requests |
Connecting through the database — SigurThroughDatabase#
The service is designed to interact with the Sigur ACS directly through its database. It synchronizes employees from the database with the list in Luna. The ACS opens a connection in which the service returns events to it as they occur. These events are generated in VL Access by the SendToSigur pipeline.
SigurThroughDatabase functionality
Main features:
- adding devices that LP5 will work with;
- receiving regular updates from the ACS software database;
- sending requests to add/change data to LP5;
- receiving identification events;
- sending requests to the ACS software about identification events;
- logging events about an attempt by an unidentified employee to pass through the turnstile.
SigurThroughDatabase settings
The following settings are used when creating a new service (Table 27):
Table 25. Configuring the SigurThroughDatabase service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| host | IP address of the Sigur database | IP address in the form of X.X.X.X or site.domain. | |
| db_username | Username used to connect to the Sigur database | - | - |
| db_password | Sigur database user password | - | - |
| luna_id | Drop-down list with Luna service IDs in Access | - | - |
Strazh#
Strazh functionality#
Supported software version of Strazh: 1.2.211201.648.
Performs replication of user data from the Strazh ACS to the specified Luna list and generates StrazhController controllers from the received list of devices for execution of entry or exit requests.
Strazh settings#
The following settings are used when creating a new service (Table 28):
Table 26. Setting up the Strazh service
| Parameter | Description | Values | Default value |
|---|---|---|---|
| name | Service name specified by the user | Any text names. Only Latin characters are supported. It is not recommended to enter more than 30 characters | - |
| bio_system_id | Drop-down list for selecting the biometric system identifier (LP5 or CBS) in Access. | - | - |
| login | Strazh user login. Input of Latin characters, numbers and symbols is supported. | The user created in Strazh | - |
| password | Strazh user password. Input of Latin characters, numbers and symbols is supported. | User password | - |
| host | IP address of the server where Strazh is installed | IP address in the form of X.X.X.X or site.domain. | - |
| port | Port of the server where Strazh is deployed | - | 443 |
| enable_ssl | Method of encrypting data during transmission over the network. Depends on the network type in the solution. | On - https | Off |
| Off - http | |||
| max_workers | The maximum number of threads that can be used for face replication. | 1-10 | 10 |
| additional_person_field | Name of the additional person field from the ACS, where the descriptor identifier will be written. | - | - |
Configuration of Strazh ACS software#
Follow these steps to set up the software:
1․ Add the parameter "Travel confirmation by an external system" at the passage point.
2․ Add the parameter "Maximum waiting time for confirmation of passage by an external system, sec.
3․ Adjust the timeout for waiting for an external system response and the default solution if the system does not have time to process the request.
After that, when trying to pass through this point with a card whose privilege level is less than the privilege level of the point, an event with type access_confirmation and data will be sent through the SSE mechanism in the form of a JSON object with the request and response fields.
The request contains a request for a hike, the response contains a preliminary decision of the ACS on the possibility of a hike (i.e. a decision after standard checks of the profile, schedule, etc.).
Next, the ACS expects that it will be sent a decision on the campaign by HTTP POST to /access_confirmation indicating the UUID of the request and the decision to let it in or not.
Regardless of the ACS solution, the external system may or may not let it in in response.