Bosch ASL-APE3P-BASE, ASL-APE3P-BEXT, ASL-APE3P-CLI, ASL-APE3P-RDR, ASL-APE3P-VIDB Installation Manual

Access PE 3.0

en Installation Manual

Access PE 3.0 Table of Contents | en 3

Table of contents

1

1.1 Restrictions and options 6

1.2 Installation on one computer 8

1.3 Installation on multiple computers 9

1.4 System Prerequisites 10

2

2.1 Introduction 12

2.2 User Login 15

2.3 Menu and Tool bar 18

2.4 General system settings 22

2.5 Layout of the main dialog 27

2.6 Menu and tool bar 28

2.7 Layout of the main dialog 32

2.8 Menu and Tool bars 33

2.9 Enrollment Configuration 35

2.9.1 Enrollment via AMC connected readers 37

3

3.1 Requirements 43

3.2 Beginning the Installation 44

3.3 Language Selection and Preparing 44

3.4 License Agreement 47

3.5 Customer Information 48

3.6 Choosing the type of Installation. 49

3.6.1 Entering the Server for Client installations 50

3.7 Choosing the installation path 50

3.8 Choosing Components 53

3.8.1 Client Installation 55

3.9 Selecting supported languages 56

3.10 Default configuration language (server only) 57

3.11 Confirming Choices 58

3.12 Setup Status 59

3.13 Installation completed 60

System Overview 5

General 12

Installation 42

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

4 en | Table of Contents Access PE 3.0

4

Product usage 61

4.1 Licensing 61

4.1.1 License packages and their content 62

4.1.2 Activating licenses 65

4.2 Setting Server access rights 68

4.3 Changing the backdrop 69

4.4 Language settings 70

4.5 Configuring the system to your needs 72

4.6 Map Viewer and Alarm Management 73

4.6.1 Configuring a map 74

4.6.2 Adding a device to a map 78

4.7 X-Protect Integration 81

5

Deinstallation - Reinstallation 83

5.1 Deinstallation 83

5.1.1 Windows Software 84

5.1.2 Initialization 85

5.1.3 Confirming the Deinstallation 86

5.1.4 Close all programs 86

5.1.5 Performing an Export 87

5.1.6 Declining the Export 88

5.1.7 DbiTool 88

5.1.8 Setup Status 90

5.1.9 Completion and Reboot 91

5.2 Modify the software 92

5.3 Reinstallation/Update 94

5.3.1 Import 95

5.3.2 DbiTool 97

5.3.3 Check the Configuration 97

5.3.4 Installation completed 98

6

User rights 99

6.1 User rights 99

6.2 Setting user access rights 103

6.3 User handover and workstation security 104

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 System Overview | en 5

1

System Overview

Access Professional Edition System (hereunder referred to as
Access PE) consists of four modules
– LAC Service: a process which is in constant communication

with the LACs (Local Access Controllers – hereafter
referred to as Controllers). AMCs (Access Modular

Controllers) are used as Controllers.
– Configurator
– Personnel Management
– Logviewer
These four can be divided into server and client modules.
The LAC service needs to remain in constant contact with the
controllers because firstly it constantly receives messages from
them regarding movements, presence and absence of
cardholders, secondly because it transmits data modifications,
e.g. assignment of new cards, to the controllers, but mainly
because it carries out meta-level checks (access sequence
checks, anti-passback checks, random screening).
The Configurator should also run on the server; however it can
be installed on client workstations and operated from there.
The modules Personnel Management and Logviewer belong to
the Client component and can be run on the Server in addition,
or on a different PC with a network connection to the server.
The following Controllers can be used.
– AMC2 4W (with four Wiegand reader interfaces) - can be

extended with an AMC2 4W-EXT
– AMC2 4R4 (with four RS485 reader interfaces)

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

6 en | System Overview Access PE 3.0

1.1

Restrictions and options

You can use Access PE for systems that do not exceed the
following thresholds for connectable components and
manageable data volume.
– Max. 10,000 cards
– Up to three cards per person
– PIN length: 4 to 8 characters (configurable)
– PIN types:

– Verification PIN
– Identification PIN
– Arming PIN
– Door PIN

– Access variants:

– Only with card
– Only with PIN

– PIN or card
– Max. 255 time models
– Max. 255 access authorizations
– Max. 255 area-time authorizations
– Max. 255 authorization groups
– Max. 16 workstations
– Max. 128 readers
– Max. one I/O extension board (AMC2 8I-8O-EXT, AMC2

16I-16O-EXT or AMC2 16I-EXT) per Controller
– The following restrictions apply to each controller type:

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0

System Overview | en 7

Controller AMC2 4W AMC2 4W

Readers/entrances

Max. readers per

4 8 8

with AMC2
4W-EXT

AMC2 4R4

AMC

Max. readers per

1 1 8

interface/bus

Table 1.1: System limits — readers and entrances

Video system — restrictions and options

– Max. 128 cameras
– Up to 5 cameras per entrance

– 1 identification camera
– 2 back surveillance cameras
– 2 front surveillance cameras
– You can configure one of these cameras as an alarm

and log book camera.

Offline Locking System (OLS) — restrictions and options

– Max. 1024 doors
– The number of entrances and authorization groups in the

authorizations depends on the dataset length that can be

written to the cards.
– Max. 15 time models
– Up to 4 periods per time model
– Max. 10 special days/holidays (from the online system)

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

8 en | System Overview Access PE 3.0

1.2

Installation on one computer

The following figure shows a complete Access PE system
installed on a single computer. Controllers can be connected via
a serial interface. If a dialog reader is used then this is also
connected via a serial interface.

Figure 1.1: System Overview – Single Computer Configuration

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 System Overview | en 9

1.3

Installation on multiple computers

The following figure shows an Access PE system distributed
across 2 computers. This is particularly beneficial in cases
where the Server to which the Controllers are connected is in a
locked computer room, but the personnel data is maintained,
for example, by the personnel department elsewhere.
The Access PE Client can be installed on up to 16 computers,
which access common data on the Server via the network.
Client workstations can be configured to use two monitors.
Window positions maintained by the operating system, ensure a
familiar operators’ environment across login sessions.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

10 en | System Overview Access PE 3.0

Figure 1.2: System overview – Distributed System

1.4

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

System Prerequisites

The installation of Access PE requires:
Operating Systems (one of):
– Windows XP SP2 Professional
– Windows XP SP3 Professional
– Windows 2008 Server
– Windows 7

Other software:

Access PE 3.0 System Overview | en 11

– To run the AmcIpConfig application supplied (and the

Bosch Video SDK), you need the .NET Framework 4.0

platform.
– To create and display lists and reports, you must install

Crystal Reports applications.
Separate setups are available on the installation CD.

Hardware Requirements

Both Server an Client require a Standard Windows PC with:
– 4 GHz CPU
– 4 GB RAM at least
– 20 GB free disk space (Server)
– 1 GB free disk space (Client)
– 100 Mbit Ethernet Network Card (PCI)
– Graphical adapter with 1024x768 resolution and 32k colors
– Resolution support:

– 1024 by 768

– 1280 by 1024

– 2048 by 768

– 2560 by 1024
– CD/DVD-ROM Drive
– I/O Expansion Option
– USB Keyboard and Mouse

Notice!

Microsoft Windows XP Professional is required for any video

integration.

Please consult the documentation of the chosen devices and

ensure that you can use an operating system supported by both

software and devices.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

12 en | General Access PE 3.0

2

2.1

General

Introduction

Access PE is an Access Control System which has been
designed to offer the highest standards of security and flexibility
to small and medium sized installations.
Access PE owes its stability and upgradeability to a 3-tier
design: The top tier is the administration level with its
controlling services. All administrative tasks are carried out
here, e.g. the registration of new cards and the assignment of
access rights.
The second tier is formed by the Local Access Controllers
(LACs) which govern each group of doors or entrances. Even
when the system is offline a LAC is able independently to make
access control decisions. LACs are responsible for controlling
the entrances, governing door opening times or requesting PIN­codes at critical access points.
The third tier consists of card readers which, like the
Controllers, are identical across all BOSCH access controls.
They provide not only a consistently high degree of security, but
also a simple upgrade and expansion path for the system,
protecting previous investments.
Access PE multi-user version allows multiple workstations to
control the system. Customizable user rights levels regulate
access and guarantee security. In this way it is possible, for
example, to maintain card data from one workstation whilst
using another to verify whether an employee is present in the
building.
Access PE offers exceptionally flexible configuration of access
rights, time models and entrance parameters. The following list
gives an overview of the most important features:

Quick & Easy card Assignment

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0

General | en 13

Cards (up to three) can be assigned to persons either manually
or using a dialog reader connected to a PC via a serial
connection. Only one card can be active per person at any one
time. When upgrading cards the old card is automatically
overwritten and becomes invalid, thus preventing old cards from
gaining access even if those responsible forgot or were unable
to cancel them.

Access Rights (including Group Privileges)

Each person can inherit group privileges as well as having
individual rights assigned to him. Privileges can be restricted by
area and time to an accuracy of one minute. Group privileges
can be used to grant and limit access rights for any or all
cardholders simultaneously. Group privileges can be made
dependent on time models which restrict their access to certain
times of day.

Access tracking

By defining Areas it is possible to track and enforce a correct
sequence of accesses. Even without monitoring, this
configuration makes it possible to display a cardholder's
location.

Anti-Passback

When a card has been read it can be blocked for a defined
period from entering at the same access point. Hence it is
possible to prevent "passback", where a user hands his card
back across a barrier to provide access for an unauthorized
person.

Automatic Cancelation of cards upon Expiration

Visitors and temporary staff frequently require access for a
limited period only.
cards can be registered for a specific time period, so that they
automatically lose their validity when that period expires.

Time Models and Day Models

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

en | General Access PE 3.0

14

A cardholder can be assigned to specific time models which
regulate the hours in which that person has access. Time
models can be defined flexibly using day models which
determine how specific weekdays, weekends, holidays and
special days deviate from normal working days.

Identification via PIN-Code

Instead of a card a person can use a special PIN-Code to enter.

Verification via PIN-Code

Particularly sensitive areas can be programmed to require
additional PIN-Codes. This protection can in turn be made
dependent on time models, so that, for instance, a PIN-Code is
only required for access during holiday times or outside of
defined working hours.

Flexible Door Management

Flexible parameterization of individual door models allows an
optimum balance between security and comfort. The "shunt" or
alarm suppression period can be individually specified to
regulate for how long a door may remain open. In cooperation
with an alarm system the access point can then optionally be
locked.

Periodic Door Release

In order to facilitate access, door alarms can be shunted to
release doors for specific periods. Door release periods can be
defined manually or automatically via a time model.

Time and Attendance

Access points can be parameterized to record ingress and
egress for time & attendance purposes.

Card Design

The graphical add-in module Card Personalization (CP) is fully
integrated into the Access Control system to allow the operator
to create cards without switching applications.

Assignment of Photos

If the add-in module Card Personalization (CP) is not activated
photographic identification can nevertheless be imported and
associated with cardholders.

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 General | en 15

Offline locking system

Areas which are not covered, for whatever reason, by the high­availability online access control system can nevertheless be
locked offline.

Administration of video devices

Entrances can be equipped additionally with cameras to identify
and track the movements of persons using them.

2.2

User Login

– Start the user applications using the desctop icons:

Personnel Management

Configurator

Logviewer

Map and Alarm Management

Video Verification

or choose the tools via : Start > Programs > Access
Professional Edition

– Start the : Map & Alarm Management application using the

desctop icon

Professional Edition > Map & Alarm Management.
– Start the : Video Verification application using the desctop

or via : Start > Programs > Access Professional

icon

Edition > Video Verification.

– Start the : Configurator application using the desctop icon

or via : Start > Programs > Access Professional Edition >

Configurator.

or via : Start > Programs > Access

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

en | General Access PE 3.0

16

– Start the : Logviewer application using the desctop icon

or via : Start > Programs > Access Professional Edition >
Logviewer.

– Start the : Personnel Management application using the

desctop icon

or via : Start > Programs > Access

Professional Edition > Personnel Management.

The system's applications are protected from unauthorized use.
A login with a valid username and password is required in order
to invoke the dialog-based subsystems.

The upper drop-down list can be used to select the desired
interaction language. The default is that language which was
used to install the application. If there is a change of user
without restarting the application then the previous language is
retained. For this reason it is possible for a dialog box to appear
in an undesired language. In order to avoid this, please log in to
Access PE again.
Access PE applications can be run in the following languages:
– English
– German
– Russian
– Polish
– Chinese (PRC)
– Dutch
– Spanish

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 General | en 17

– Portuguese (Brazil)

Notice!

All facilities such as device names, labels, models and user-

rights schemes are displayed in the language in which they

were entered.Similarly buttons and labels controlled by the

operating system may appear in the language of the operating

system.

If a valid username/password pair are entered then the button :
Change Password appears. This can be used to start a new
dialog to change the password.

The button Start the application checks the user's privileges
and, based on these, starts the application. If the system is
unable to authenticate the login then the following error
message appears: : Wrong username or password!

Login via Personnel Management

If the user is already logged into the Access PE Personnel
Management application, and if the user's rights include the
other tools, he can start the : LogViewer, : Configurator, : Alarm
Management and : Video Verification using the toolbar buttons.

If the user is already logged into the Access PE Personnel

Management application, and if the user's rights include :
LogViewer, then : LogViewer may be invoked directly using the

button in the tools list, without requiring a separate login to

the LogViewer application.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

18 en | General Access PE 3.0

If the user is already logged into the Access PE Personnel

Management application, and if the user's rights include :
Configurator, then : Configurator may be invoked directly using

the button in the tools list, without requiring a separate
login to the Configurator application.

If the user is already logged into the Access PE Personnel

Management application, and if the user's rights include : Video
Verification, then : Video Verification may be invoked directly

using the
login to the Configurator application.

If the user is already logged into the Access PE Personnel

Management application, and if the user's rights include : Alarm
Management, then : Alarm Management may be invoked

button in the tools list, without requiring a separate

directly using the
separate login to the Configurator application.

2.3

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Menu and Tool bar

The following functions can be invoked via the menus, the icons
in the toolbar or specific keyed shortcuts.

Function Icon/

Menu File

New

button in the tools list, without requiring a

Description

Shortcut

Clears all configuration dialog

Crtl + N

boxes (except for default
settings) in order to define a
new configuration.

Access PE 3.0 General | en 19

Function Icon/

Description

Shortcut

Open...

Crtl + O

Opens a dialog box to select a
different configuration for
loading.

Save

Saves changes into the current
configuration file.

Crtl + S

Save as... Saves the current configuration

into a new file.

Activate
Configuration

Activates a loaded configuration
and saves the hitherto active
configuration.

Send
Configuration to

Propagates saved configuration
changes to the LAC-Service.

LAC

List recently
active
configurations

Opens configurations directly,

circumventing the Open
function's selection dialog.

Exit Shuts down Access PE

Configurator.

Function Icon/

Description

Shortcut

Menu View

Tool bar Toggles display of the tool bar

(default = on).

Status bar Toggles display of the status bar

at the bottom edge of the
window (default = on).

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

20 en | General Access PE 3.0

Function Icon/

Description

Shortcut

Menu Configuration

General Opens the General Settings

dialog for setting up Controllers
and general system parameters.

Input signals Opens the dialog box for

parametrizing input signals.

Output signals Opens the dialog box for

parametrizing output signals.

Entrances Opens the Entrances dialog for

parametrizing doors and card
readers.

Areas Opens the Area Configuration

dialog for dividing the protected
installation into virtual areas.

Holidays Opens the Holidays dialog box

for defining holidays and special
days.

Day Models Opens the Day Models dialog

box for defining time periods
within a day for the activation of
access functions.

Time Models Opens the dialog Time Models

for defining timezones
dependent on days of the week
or calendar.

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 General | en 21

Function Icon/

Description

Shortcut

Personnel
Groups

Opens the dialog box Personnel
Groups for dividing personnel
into logical groups.

Access
Authorization
Groups

Opens the dialog box Access
Authorization Groups for
defining groupings of
authorizations to entrances.

Offline locking
system

Opens the Offline locking
system dialog for configuring
special elements of the
installation (Entrances, Time
models, Authorization groups).

Display Texts Opens the dialog box Display

texts for editing the texts to be
displayed at the card readers.

Log Messages Opens the dialog box Log

Messages for editing and
categorizing log messages.

Additional
personnel fields

Opens the dialog box
Additional personnel fields for
defining data fields for
personnel.

Wiegand - cards Opens the dialog box Wiegand-

cards for defining the structures
of card data.

Administering
video devices

Opens the Video devices dialog
for configuring cameras to be
used in video verification.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

22 en | General Access PE 3.0

2.4

Function Icon/

Shortcut

Map Viewer and
Alarm
management

Menu ? (Help)

Help topics Opens this help text.

About Access
Professional
Edition ­Configurator

Displays general information

Description

Opens the Map Viewer for an
areal view of maps and control
devices and the alarm list for
alarm handling.

about Access Professional
Edition - Configurator

General system settings

General system settings are displayed below the list of
controller settings. These are valid for all installations.

Parameter

Country Code 00 Some card data are appended

Customer Code 056720

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Default
value

Description

to the manually entered card
number.

Access PE 3.0 General | en 23

Parameter Default

Description

value

Poll interval on
serial
connected LAC
in ms

Read-Timeout
on serial
connected LAC
in ms

200 The time interval in milliseconds

between pollings by the LAC­Service to verify intact
connections to a controller.

500

Range of values for poll interval:
1 to 500
Possible values for read­timeout: 1 to 3000

Create TA dataat00:01 Specification of the time at

which the Time & Attendance
data file should be created.

Export
personnel and
TA data

deactivated When activated this option

causes time & attendance data
to written continuously to the
export file.
When not activated the data file
is created at the time specified
by the parameter Create TA
data at.

The file containing attendance time-stamps is created in the
following directory:
C:\Program Files\Bosch\Access Professional Edition\PE\Data
\Export
Under the name TA_<Current date YYYYMMDD>.dat

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

24 en | General Access PE 3.0

Parameter Default

value

Show welcome/

activated Given appropriate reader type
leaving
message

Show

aktiviert Readers with display will show
cardholder
name in display

Number of

4 Determines the number of
digits

Description

and settings (Arriving, Leaving
or Check ok in the Entrances
dialog) the reader will display
those welcome and leaving
texts which are stored for the
cardholder in the Personnel
Data dialog of the Personnel
Management application.
Does not apply to Wiegand
readers.

the Display Name as stored in
the cardholder's Personnel
Data.
Does not apply to Wiegand
readers.

digits a verification or arming
PIN requires.
This setting applies also to the
door PIN which can be set
during the configuration of
entrances.
Possible values: 4 to 8

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 General | en 25

Parameter Default

value

use separate

If no separate IDS PIN is set,

IDS PIN

Description

then a verification PIN can be
used to arm the IDS.
Only if the check box is
selected do the input fields for
the arming-PIN become active
in the Personnel dialog screen.
In this case the verification PIN
can no longer be used to arm
the IDS.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

26 en | General Access PE 3.0

Parameter Default

value

Count of retries

3 Number of failed attempts to
before blocking

Directory paths
to:
Database
Log file
Import files
Export files
DLL files
Image data
Test-Logging

C:\Program

Files

\BOSCH

\Access

Professiona

l Edition\PE

\Data...

\Db

\MsgLog

\Import

\Export

\Dll

\Pictures

\Log

Description

enter the PIN. If the cardholder
mistypes the PIN this many
times then s/he will incur a
system-wide block which can
only be removed by an
authorized system user
(Personnel Management).
Possible values: 1 to 9

These are the default paths. The
directories for import, export
and image files can be changed.

Notice!

When using Wiegand controllers and readers, in order to use

Identification-, arming- or door-PINs the Wiegand card definition

PIN or Card (Nr. 6) needs to be activated.

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Access PE 3.0 General | en 27

2.5

Layout of the main dialog

The dialog consists of the following parts:

1 = Menu bar — contains dialog functions displayed

according to the menu order.

2 = Toolbar — contains shortcut keys for the most

important dialog functions.

3 = Title bar — conforms to Windows standard and

contains buttons for minimizing or closing the dialog
window. The name of the registered user appears in
square brackets.

4 = Personnel table — lists all people known in the system

along with their attendance status (authorization and
location).

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

28 en | General Access PE 3.0

5 = Dialog field — the first time this field is opened or

when no user is logged in, it shows a neutral image
(map of the world). When an entry is selected from the
Personnel list, this person's data is displayed.

6 = Online swipe — lists the last five people (with

database image) that have swiped their cards at the
entrance selected.

7 = Device status — lists the configured devices and

entrances along with their connection status. Enables
door control functions.

8 = Event display — faults are indicated by a flashing red

bar (flashes three times) with details on the cause.

9 = Status bar — displays information on buttons and

menu entries that are controlled with the cursor.
Status display on card personalization program (CP),
dialog readers and LAC service.

When you enable the Video Verification component, additional
facilities will be added to this dialog; see Personnel
Management.

When you enable the Video Verification component, additional
facilities will be added to this dialog.

2.6

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH

Menu and tool bar

The following functions are available via the menus or the icon
buttons.

Function Icon Description

Menu Options

Refresh Refreshes the Personnel list

Access PE 3.0 General | en 29

Function Icon Description

Exit Exits the Access PE Personnel

Management application

Menu Persons

New person Opens a blank personnel and

card data dialog

Modify person Opens the personnel and card

data dialog with the data of the
selected person.

Delete person Deletes the selected person

(after confirming a safety check
dialog).

Transmit selected
person to the LAC
service

Transmit all
persons to the
LAC service

Set all persons
absent

Transmits the selected person's

data to the LAC service and
reports success.

Transmits all persons' data to

the LAC service and reports
success.

Sets all persons absent (after

confirming a safety check
dialog).

Set location of all
persons present
to unknown

Sets the location of all persons

to unknown and deactivates
access tracing for the next
booking of each person.

View/print reports Calls the dialog for creating

report lists.

Bosach Access Systems GmbH 2014-06 | 3.0 | Installation Manual

30 en | General Access PE 3.0

Function Icon Description

List

control

Restricts the persons shown to
those of the selected group.

Menu View

Symbol bar Toggles display of the tool bar.

Default = on.

Status bar Toggles display of the status

bar. Default = on.

Personnel data:
State
Card No.
Personnel-No.
Company
Personnel Group

Choice of columns displayed in

the personnel overview in
addition to symbol and name
columns.
Default = State - Company -

Location
Phone
Location

Menu Door management

open door These

functio
ns are

The entrance selected in the

device list is displayed and can

be opened (one-off).

also
availabl
e via

2014-06 | 3.0 | Installation Manual Bosach Access Systems GmbH