AEOS (Nedap) - ICX-AlphaCom integration
From Zenitel Wiki
This article describes the integration between AEOS (Nedap) and ICX-AlphaCom. The main content is written by our platinum partner Elbo, with updates from Patrick Castelein.
Contents
Functional Specifications
The AEOS <-> AlphaCom interface is a bi-directional connection, based on the Socket interface on the AEOS side and a EDO/EDI connection on the AlphaCom side. The link is actualized on the basis of local intercom server ICX-500/ICX-Core to AEOS, without the inclusion of AlphaNet.
It is also possible to log in directly to the AEpu (door controller), but this is not included in this document. The functionalities below become available with this interface:
- Opening doors in AEOS environment during an intercom conversation (ICX-AlphaCom to AEOS) after providing the “open door” command in ICX-AlphaCom and playing a prerecorded audio message on the intercom when the door is opened by AEOS. By default, this involves pressing the “6” key during an intercom conversation.
- Play a prerecorded audio message in an intercom station or make a call when an access key or badge is authorized or denied (AEOS to ICX-AlphaCom).
ICX-AlphaCom requirements
General equipment
- AlphaCom XE server, or ICX-500 server
This link has been realized with AlphaPro: 12.1.3.0 and AMC firmware: 13.1.3.4
Door control to AEOS
- No further licenses required for AlphaCom XE
- License ILI-IF Interface enabling (1002602400) required for ICX-500
Action after access badge is allowed or denied from AEOS
Making a call
- Display names of the intercom stations should be the same as the service name of the AEpu (door controller)
- No further licenses required
Playback of audio messages
- The display names of the intercom stations should be identical to the service names of the AEpu (door controller)
- Audio Messaging License (basic 1009648500 or enhanced 1009648501 depending on the number of audio messages required)
AEOS requirements
- No further licenses required
Connection settings
The communication is via TCP/IP on eth0 of the ICX-AlphaCom. The IP address is determined per project. The TCP port used is 8035 (default port AEOS socket interface) where the ICX-AlphaCom acts as a client and logs into the interface.
Messages from ICX-AlphaCom to AEOS
Login
To establish a connection to the Socket interface in AEOS, the ICX-AlphaCom must log in to AEOS. In the Event handler an event needs to be created that will be used to log in.
The following commands are sent to AEOS.
String: EDO 1 "login(socketuser,socketpw)\x3B\r\n"
- Login =login command
- Socketuser =user name
- Socketpw =user password
String: EDO 1 "setRmiCommandConnection(true)\x3B\r\n"
- setRmiCommandConnection = enable sending commands towards the socket interface
String: EDO 1 "setRmiEventConnection(true)\x3B\r\n"
- setRmiEventConnection(true) "= activate receiving events from the socket interface
Door control
During a call, a master station can activate door control by pressing the 6 during the call. The command below is sent by the ICX-AlphaCom to the socket interface of AEOS for door control:
String: EDO 1 "executeArgs(provideAccess\,[]\,\"aepu1:frontdoor\")\x3B\n\r"
- Aepu1 = name of the Aepu (“Hostname” in AEOS)
- frontdoor = service name of the door in the Aepu (“Access Point” in AEOS)
Messages from AEOS to ICX-AlphaCom
When a badge is denied or allowed, one or more actions can be performed by means of the link, such as a call to reception when a badge is expired. Or a welcome message when access is granted. The connection from AEOS is also checked for a heartbeat. When the heartbeat is lost, the ICX-AlphaCom will try to log on again once per minute.
Heartbeat
AEOS sends a heartbeat once a minute as a live check, see string below. The ICX-AlphaCom responds to "HB" in the string. If it is not received the ICX-AlphaCom will try again to log in to the socket interface of AEOS.
String:
Event:HB|409||;
HB = heartbeat
Action in ICX-AlphaCom after "Access granted"
When access is granted after presenting a badge, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to the code 1015 (field 6) of the string. 1015 stands for "Authorized Badge Access" in AEOS.
String:
Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1015|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;
- voordeur = The service name of the door on Aepu1
- 1015 = Access granted
Action in ICX-AlphaCom after "Badge unknown"
When an unauthorized access badge is presented, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to code 1015 (field 6) of the string. 1227 stands for "Badge unknown" in AEOS.
String:
Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1227|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;
- voordeur = The service name of the door on Aepu1
- 1227 = Badge unknown
Action in ICX-AlphaCom after "Access Denied"
When access is denied after presenting an access badge, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to the code 1201 (field 6) of the string. 1201 stands for "BadgeNoAccessEvent" in AEOS.
String: Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1201|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;
- voordeur = The service name of the door on Aepu1
- 1201 = No Access
AEOS Socket interface documentation
For more explanation about the Socket interface and the related events, please refer to the following Nedap documents:
- AEOS Socket Interface
- AEOS Generic Event Description
Description configuration/events ICX-AlphaCom
EDIO port
In AlphaPro, create an EDIO port under "Exchange & system -> Serial Ports -> EDIO" with the following settings
- Port type: TCP/IP Client
- IP address: IP address of the AEOS server
- Port: 8035
- Keep Alive: Checked
- Write option: Connect at ICX-AlphaCom startup
ICX-AlphaCom Firewall Filter Settings
In the ICX-AlphaCom - System Configuration - Filters, create a rule to open port TCP 8035.
- Protocol name: AEOS Socket interface
- TCP/UDP: TCP
- Port: 8035
Activate the rule for the wanted Eth0 and/or Eth1 port.
Events
Login AEOS
The event below is used to log onto the AEOS socket interface with authentication.
- Owner Type: EDI text config
- Even type: 28
- Subevent: 1 (refers to EDIO 1 port)
Comment:
Login in AEOS
Action commands:
LOG "## Data received on EDI 2 from NEDAP >%scutc(%edi,0,95)" tmp 0 "%sscan(%edi,Status:connected,16<)" Scan for “Status:connected” and store this in variable 0 tmp 1 "%sscan(%edi,true,4<)" “” tmp 2 "%sscan(%edi,getServices,12<)" “” tmp 3 "%sscan(%edi,getServiceKeys,14<)" “” LOG " >%edi \n\r" Log string to system log for debugging LOG " tmp0 = %tmp(0) \r\n" LOG " tmp1 = %tmp(1) \r\n" LOG " tmp2 = %tmp(2) \r\n" IF %scmp(%tmp(0,16<),Status:connected) Check if “Status:connected” then: LOG "login(socketuser,socketpw)\x3B" EDO 1 "login(socketuser,socketpw)\x3B\r\n" Login with username and password STOP ENDIF IF %scmp(%tmp(1,4<),true) Check if “true” is in string, then: LOG " setRmiCommandConnection(true)\x3B" LOG " setRmiEventConnection(true)\x3B\r\n" EDO 1 "setRmiCommandConnection(true)\x3B\r\n" Start sending commands to AEOS EDO 1 "setRmiEventConnection(true)\x3B\r\n" Start receiving events from AEOS STOP ENDIF
Scan heartbeat, access granted or access denied
The event below scans the incoming data for heartbeat and events when access is granted or denied by a card reader.
- Owner Type: EDI text config
- Even type: 28
- Subevent: 1 (refers to EDIO 1 port)
Important:
Action commands:
IF %op(%tmp(7),=,553) Last physical number reached (in this case 553). STOP event ######
Comment: Filter incoming data on heartbeat and 1201 (badge denied) 1015 (badge allowed)
Action commands:
tmp 0 "%scutf(%edi,|,0)" Filter field 0 from string store in temp variable 0 tmp 1 "%scutf(%edi,|,1)" “” 1 tmp 2 "%scutf(%edi,|,2)" “” 2 tmp 3 "%scutf(%edi,|,3)" “” 3 tmp 4 "%scutf(%edi,|,4)" “” 4 tmp 5 "%scutf(%tmp(4),:,1)" Filter name from filter 4 from string and store in temp variable 5 tmp 6 "%scutf(%edi,|,5)" Filter field 5 from string and store in temp variable 6 LOG " tmp0 = %tmp(0,2)" Write to System log for debugging LOG " tmp1 = %tmp(1)" LOG " tmp2 = %tmp(2)" LOG " tmp3 = %tmp(3)" LOG " tmp4 = %tmp(4)" LOG " tmp5 = %tmp(5)" LOG " tmp6 = %tmp(6)" IF %scmp(%tmp(0,2),HB) If temp variable 2 contains “HB” then: $ST L699 W610 Start timer for heartbeat control on station (699) LOG "Heartbeat received" STOP ENDIF
IF %scmp(%tmp(6),1201) If Temp variable 6 contains (1201) access refused, then: tmp 7 "1" LOG " tmp 7 = %tmp(7)" LOOP Start LOOP IF %op(%tmp(7),=,553) Last physical number reached (in this case 553). STOP event ###### LOG "end of loop badge refused" STOP ENDIF OWN %rdir(%tmp(7)) Set Temp variable 7 (physical) owner of the event LOG "%1.nam" IF %scmp(%tmp(5),%1.nam) If Temp variable 7 is equal to the owner displaytext then: $DD L%1.dir G8182 Start playback of audio message 8182 (Access refused) STOP ENDIF tmp 7 "%op(%tmp(7),+,1)" Increment Temp variable 7 with +1 LOG " value %tmp(7)" ENDLOOP STOP LOOP ENDIF
IF %scmp(%tmp(6),1015) If Temp variable 6 contains (1015) access allowed then: tmp 7 "1" LOG " tmp 7 = %tmp(7)" LOOP Start LOOP IF %op(%tmp(7),=,553) Last physical number reached (in this case 553). STOP event ###### LOG "end of loop badge access" STOP ENDIF OWN %rdir(%tmp(7)) Set Temp variable 7 (physical) owner of the event LOG "%1.nam" IF %scmp(%tmp(5),%1.nam) If Temp variable 7 is equal to the owner displaytext then: $DD L%1.dir G8181 Start playback of audio message 8181 (Access allowed) STOP ENDIF tmp 7 "%op(%tmp(7),+,1)" Increment Temp variable 7 with +1. LOG " value %tmp(7)" ENDLOOP STOP LOOP ENDIF
Timer Heartbeat
The following event is used to initialize the heartbeat timer from AEOS.
- Owner Type: n.a.
- Even type: 27 – System status
- Subevent: 65
- When changed to: ON
Comment: Start watchdog timer
Action: Action commands:
$ST L699 W800 Start Timer for 80 seconds. For heartbeat check.
Timeout heartbeat
The event below is used to re-login to the AEOS socket Interface in case there is no more heartbeat received from AEOS.
- Owner Type: testtoestel (any name)
- Even type: 21 – Event time out
- Subevent: -
- When changed to: ON
Comment:
Log back in after heartbeat is no longer received.
Action commands:
LOG "timer heartbeat ended" LOG "login(socketuser,socketpw)\x3B" EDO' 1 "login(socketuser,socketpw)\x3B\r\n" $ST L%1.dir W610
Door control to AEOS
The following event is used to control a door in AEOS.
- Owner Type: Station with door control
- Even type: 2 – Door opening
- Subevent: -
- When changed to: ON
In the action command, the AEOS controller and AccessPoint name must be entered, exactly as programmed in AEOS:
Example: nvc2522aepu1:voordeur
Comment: Door open control to AEOS
Action commands:
EDO 1 "executeArgs(provideAccess\,[]\,\"nvc2522aepu1:voordeur\")\x3B\n\r" LOG "## Door open to AEOS S%2.dir,D%1.dir"
Devices
To perform actions after events from AEOS it is important that the devices at the door has the same name as the AccessPoint in the Aepu (door controller Nedap). The name is compared with the incoming data from the events.
DO NOT USE accented letters.
See the example below:
NEDAP AEOS settings
AEOS version:
- 2019.2.3 or higher
Check if webservices are installed
- During the installation of AEOS you can check in 1 of the last steps whether the SOAP Webservices are installed or not. If not, the whole setup needs to be executed again. This means that AEOS will be down and nobody will be able to log in. The Controllers will continue to work as before.
Starting Webservices
- In AEOS under system properties we need to look at section "44.15 SOAP WebService" and this should be checked. If not, it should be checked and the application service restarted from AEOS (under Services on the server).
Open windows firewall for TCP traffic on port 8035
- Usually, we open all ports or disable the Windows Firewall since the server is well protected.
Creating the Socketuser
- Name is free to choose (case sensitive).
- Suggestion : StentofonSocketUser
- Password : ****** (use only standard characters, no accented letters)
Assign the appropriate rights to this user
- This is done under the user role in AEOS and it is given the following properties:
How to check if this user is logged in?
- This can be checked under "Maintain connected users" in AEOS:
How to check if a door-open command comes in and is executed in AEOS?
- This can be checked under Monitor => Events => View Log and best set a filter on "Provide access".
- All the real socket interface operations are also found in the log:
Check the web services for correct operation.
- This can be checked by going to the following link (random example):
https://192.168.10.250:8443/aeosws?wsdl - If you see the following page there it is OK:
- In the Event Handler action commands, the AEOS controller and the AccessPoint name must be entered EXACTLY as programmed in AEOS, Example: nvc2522aepu1:frontdoor
- So, an export list is needed from AEOS with this data.