AEOS (Nedap) - ICX-AlphaCom integration

This article describes the integration between AEOS (Nedap) and ICX-AlphaCom. The main content is written by our platinum partner Elbo, with updates from Patrick Castelein.

Functional Specifications

The link AEOS <-> ICX-AlphaCom is a bi-directional coupling, based on the Socket interface on the AEOS side and based on EDO/EDI commands on the ICX-AlphaCom side. The link is realized based on a local intercom server to AEOS and not based on an AlphaNet. It may also be possible to log in directly to the AEpu (door controller), but this is not included in this document.

The following functionalities are available with this link:

1. Opening doors in AEOS during an intercom call (ICX-AlphaCom to AEOS) by issuing the ICX-AlphaCom "door-open" command (default is to press number key "6" during an intercom call).
2. Play an audio message or make a call when an access badge has been authorized or denied (AEOS to ICX-AlphaCom)

ICX-AlphaCom requirements

General equipment

• AlphaCom XE server, or ICX-500 server

This link has been realized with AlphaPro: 12.1.3.0 en AMC firmware: 13.1.3.4

Door control to AEOS

• No further licenses required for AlphaCom XE
• License ILI-IF Interface enabling (1002602400) required for ICX-500

Action after access badge is allowed or denied from AEOS

Making a call

• Display names of the intercom stations should be the same as the service name of the AEpu (door controller)
• No further licenses required

Playback of audio messages

• The display names of the intercom stations should be identical to the service names of the AEpu (door controller)
• Audio Messaging License (basic 1009648500 or enhanced 1009648501 depending on the number of audio messages required)

AEOS requirements

• No further licenses required

Connection settings

The communication is via TCP/IP on eth0 of the ICX-AlphaCom. The IP address is determined per project. The TCP port used is 8035 (default port AEOS socket interface) where the ICX-AlphaCom acts as a client and logs into the interface.

Messages from ICX-AlphaCom to AEOS

Login

To establish a connection to the Socket interface in AEOS, the ICX-AlphaCom must log in to AEOS. In the Event handler an event needs to be created that will be used to log in.

The following commands are sent to AEOS.

String: EDO 1 "login(socketuser,socketpw)\x3B\r\n"

• Login =login command
• Socketuser =user name
• Socketpw =user password

String: EDO 1 "setRmiCommandConnection(true)\x3B\r\n"

• setRmiCommandConnection = enable sending commands towards the socket interface

String: EDO 1 "setRmiEventConnection(true)\x3B\r\n"

• setRmiEventConnection(true) "= activate receiving events from the socket interface

Door control

During a call, a master station can activate door control by pressing the 6 during the call. The command below is sent by the ICX-AlphaCom to the socket interface of AEOS for door control:

String: EDO 1 "executeArgs(provideAccess\,[]\,\"aepu1:frontdoor\")\x3B\n\r"

• Aepu1 = name of the Aepu (“Hostname” in AEOS)
• frontdoor = service name of the door in the Aepu (“Access Point” in AEOS)

Messages from AEOS to ICX-AlphaCom

When a badge is denied or allowed, one or more actions can be performed by means of the link, such as a call to reception when a badge is expired. Or a welcome message when access is granted. The connection from AEOS is also checked for a heartbeat. When the heartbeat is lost, the ICX-AlphaCom will try to log on again once per minute.

Heartbeat

AEOS sends a heartbeat once a minute as a live check, see string below. The ICX-AlphaCom responds to "HB" in the string. If it is not received the ICX-AlphaCom will try again to log in to the socket interface of AEOS.

String:

Event:HB|409||;

HB = heartbeat

Action in ICX-AlphaCom after "Access granted"

When access is granted after presenting a badge, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to the code 1015 (field 6) of the string. 1015 stands for "Authorized Badge Access" in AEOS.

String:

Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1015|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;

• voordeur = The service name of the door on Aepu1
• 1015 = Access granted

Action in ICX-AlphaCom after "Badge unknown"

When an unauthorized access badge is presented, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to code 1015 (field 6) of the string. 1227 stands for "Badge unknown" in AEOS.

String:

Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1227|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;

• voordeur = The service name of the door on Aepu1
• 1227 = Badge unknown

Action in ICX-AlphaCom after "Access Denied"

When access is denied after presenting an access badge, a message can be sent from AEOS to which the ICX-AlphaCom can respond with an audio message or other action. The ICX-AlphaCom responds to the code 1201 (field 6) of the string. 1201 stands for "BadgeNoAccessEvent" in AEOS.

String: Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1201|20161108|104548|NedapXS Cards 9|Darthvader||0|| ;

• voordeur = The service name of the door on Aepu1
• 1201 = No Access

AEOS Socket interface documentation

For more explanation about the Socket interface and the related events, please refer to the following Nedap documents:

• AEOS Socket Interface
• AEOS Generic Event Description

Description configuration/events ICX-AlphaCom

EDIO port

In AlphaPro, create an EDIO port under "Exchange & system -> Serial Ports -> EDIO" with the following settings

• Port type: TCP/IP Client
• IP address: IP address of the AEOS server
• Port: 8035
• Keep Alive: Checked
• Write option: Connect at ICX-AlphaCom startup

ICX-AlphaCom Firewall Filter Settings

In the ICX-AlphaCom - System Configuration - Filters, create a rule to open port TCP 8035.

• Protocol name: AEOS Socket interface
• TCP/UDP: TCP
• Port: 8035

Activate the rule for the wanted Eth0 and/or Eth1 port.

Events

Login AEOS

The event below is used to log onto the AEOS socket interface with authentication.

• Owner Type: EDI text config
• Even type: 28
• Subevent: 1 (refers to EDIO 1 port)

Comment:
Login in AEOS

Action commands:

LOG "## Data received on EDI 2 from NEDAP >%scutc(%edi,0,95)"
tmp 0 "%sscan(%edi,Status:connected,16<)"	Scan for “Status:connected” and store this in variable 0
tmp 1 "%sscan(%edi,true,4<)"			“”
tmp 2 "%sscan(%edi,getServices,12<)"		“”
tmp 3 "%sscan(%edi,getServiceKeys,14<)"	“”
LOG " >%edi \n\r"				Log string to system log for debugging
LOG " tmp0 = %tmp(0) \r\n"			
LOG " tmp1 = %tmp(1) \r\n"
LOG " tmp2 = %tmp(2) \r\n"
IF %scmp(%tmp(0,16<),Status:connected)  	Check if “Status:connected” then:
  LOG "login(socketuser,socketpw)\x3B"
  EDO 1 "login(socketuser,socketpw)\x3B\r\n"	Login with username and password
  STOP
ENDIF
IF %scmp(%tmp(1,4<),true)			Check if “true” is in string, then:
  LOG " setRmiCommandConnection(true)\x3B"	
  LOG " setRmiEventConnection(true)\x3B\r\n"
  EDO 1 "setRmiCommandConnection(true)\x3B\r\n"	Start sending commands to AEOS
  EDO 1 "setRmiEventConnection(true)\x3B\r\n"	Start receiving events from AEOS
  STOP
ENDIF

Scan heartbeat, access granted or access denied

The event below scans the incoming data for heartbeat and events when access is granted or denied by a card reader.

• Owner Type: EDI text config
• Even type: 28
• Subevent: 1 (refers to EDIO 1 port)

Important:

Adjust the value of the last available physical number in the event, this occurs twice in this event. In the example below, the event stops at 553, as there can be a maximum of 552 stations in one ICX-AlphaCom.

Action commands:

IF %op(%tmp(7),=,553)		Last physical number reached (in this case 553). STOP event ######

Comment: Filter incoming data on heartbeat and 1201 (badge denied) 1015 (badge allowed)

Action commands:

tmp 0 "%scutf(%edi,|,0)"		Filter field 0 from string store in temp variable 0
tmp 1 "%scutf(%edi,|,1)"		“”	     1
tmp 2 "%scutf(%edi,|,2)"		“”	     2	
tmp 3 "%scutf(%edi,|,3)"		“”	     3	
tmp 4 "%scutf(%edi,|,4)"		“”	     4
tmp 5 "%scutf(%tmp(4),:,1)"		Filter name from filter 4 from string and store in temp variable 5
tmp 6 "%scutf(%edi,|,5)"		Filter field 5 from string and store in temp variable 6
LOG " tmp0 = %tmp(0,2)"			Write to System log for debugging
LOG " tmp1 = %tmp(1)"
LOG " tmp2 = %tmp(2)"
LOG " tmp3 = %tmp(3)"
LOG " tmp4 = %tmp(4)"
LOG " tmp5 = %tmp(5)"
LOG " tmp6 = %tmp(6)"
IF %scmp(%tmp(0,2),HB)			If temp variable 2 contains “HB” then:
  $ST L699 W610				Start timer for heartbeat control on station (699)
  LOG "Heartbeat received"
  STOP
ENDIF

IF %scmp(%tmp(6),1201)			If Temp variable 6 contains (1201) access refused, then:
  tmp 7 "1"
  LOG " tmp 7 = %tmp(7)"
  LOOP					Start LOOP
   IF %op(%tmp(7),=,553)		Last physical number reached (in this case 553). STOP event ######
     LOG "end of loop badge refused"
     STOP
   ENDIF
   OWN %rdir(%tmp(7))			Set Temp variable 7 (physical) owner of the event 
   LOG "%1.nam"
    IF %scmp(%tmp(5),%1.nam)		If Temp variable 7 is equal to the owner displaytext then: 
      $DD L%1.dir G8182			Start playback of audio message 8182 (Access refused)
     STOP
    ENDIF
    tmp 7 "%op(%tmp(7),+,1)"		Increment Temp variable 7 with +1
    LOG " value %tmp(7)"
  ENDLOOP				STOP LOOP
ENDIF

IF %scmp(%tmp(6),1015)			If Temp variable 6 contains (1015) access allowed then:
  tmp 7 "1"
  LOG " tmp 7 = %tmp(7)"
  LOOP					Start LOOP
    IF %op(%tmp(7),=,553)		Last physical number reached (in this case 553). STOP event ######
      LOG "end of loop badge access"
      STOP
    ENDIF
    OWN %rdir(%tmp(7))			Set Temp variable 7 (physical) owner of the event
    LOG "%1.nam"
    IF %scmp(%tmp(5),%1.nam)		If Temp variable 7 is equal to the owner displaytext then:
      $DD L%1.dir G8181			Start playback of audio message 8181 (Access allowed)
      STOP
    ENDIF
    tmp 7 "%op(%tmp(7),+,1)"		Increment Temp variable 7 with +1. 
    LOG " value %tmp(7)"	
  ENDLOOP				STOP LOOP
ENDIF

Timer Heartbeat

The following event is used to initialize the heartbeat timer from AEOS.

• Owner Type: n.a.
• Even type: 27 – System status
• Subevent: 65
• When changed to: ON

Comment: Start watchdog timer

Action: Action commands:

$ST L699 W800			Start Timer for 80 seconds. For heartbeat check.

Timeout heartbeat

The event below is used to re-login to the AEOS socket Interface in case there is no more heartbeat received from AEOS.

• Owner Type: testtoestel (any name)
• Even type: 21 – Event time out
• Subevent: -
• When changed to: ON

Comment:

Log back in after heartbeat is no longer received.

Action commands:

LOG "timer heartbeat ended"
LOG "login(socketuser,socketpw)\x3B"
EDO' 1 "login(socketuser,socketpw)\x3B\r\n"
$ST L%1.dir W610

Door control to AEOS

The following event is used to control a door in AEOS.

• Owner Type: Station with door control
• Even type: 2 – Door opening
• Subevent: -
• When changed to: ON

In the action command, the AEOS controller and AccessPoint name must be entered, exactly as programmed in AEOS:

Example: nvc2522aepu1:voordeur

Comment: Door open control to AEOS

Action commands:

EDO 1 "executeArgs(provideAccess\,[]\,\"nvc2522aepu1:voordeur\")\x3B\n\r"
LOG "## Door open to AEOS S%2.dir,D%1.dir"

Devices

To perform actions after events from AEOS it is important that the devices at the door has the same name as the AccessPoint in the Aepu (door controller Nedap). The name is compared with the incoming data from the events.

DO NOT USE accented letters.

See the example below:

Event:GE|411|AEOS|210|nvc2522aepu1:voordeur|1015|20161108|104548|NedapXS Cards 9|Darthvader||0||---- ;

NEDAP AEOS settings

AEOS version:

• 2019.2.3 or higher

Check if webservices are installed

• During the installation of AEOS you can check in 1 of the last steps whether the SOAP Webservices are installed or not. If not, the whole setup needs to be executed again. This means that AEOS will be down and nobody will be able to log in. The Controllers will continue to work as before.

Starting Webservices

• In AEOS under system properties we need to look at section "44.15 SOAP WebService" and this should be checked. If not, it should be checked and the application service restarted from AEOS (under Services on the server).

Open windows firewall for TCP traffic on port 8035

• Usually, we open all ports or disable the Windows Firewall since the server is well protected.

Creating the Socketuser

• Name is free to choose (case sensitive).

Suggestion : StentofonSocketUser

Password : ****** (use only standard characters, no accented letters)

Assign the appropriate rights to this user

• This is done under the user role in AEOS and it is given the following properties:

How to check if this user is logged in?

• This can be checked under "Maintain connected users" in AEOS:

How to check if a door-open command comes in and is executed in AEOS?

• This can be checked under Monitor => Events => View Log and best set a filter on "Provide access".

• All the real socket interface operations are also found in the log:

Check the web services for correct operation.

• This can be checked by going to the following link (random example):
  https://192.168.10.250:8443/aeosws?wsdl
• If you see the following page there it is OK:

• In the Event Handler action commands, the AEOS controller and the AccessPoint name must be entered EXACTLY as programmed in AEOS, Example: nvc2522aepu1:frontdoor
• So, an export list is needed from AEOS with this data.