1. Manuals
  2. Brands
  3. HID Manuals
  4. Control Unit
  5. PIVCLASS M2000
  6. Installation and configuration manual

HID PIVCLASS M2000 Installation And Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
CLASS® A
M
PIV
UTHENTICATION
ODULE
M
M2000
ODEL
I
C
G
NSTALLATION AND
ONFIGURATION
UIDE
PLT-01628, Rev. D.2
January 2019
hidglobal.com

Advertisement

Table of Contents
loading

Related Manuals for HID PIVCLASS M2000

Summary of Contents for HID PIVCLASS M2000

  • Page 1 CLASS® A UTHENTICATION ODULE M2000 ODEL NSTALLATION AND ONFIGURATION UIDE PLT-01628, Rev. D.2 January 2019 hidglobal.com...

  • Page 2: Revision History

    HID GLOBAL, HID, the HID Brick logo, the Chain Design, pivCLASS, Seos, and iCLASS are trademarks or registered trademarks of HID Global, ASSA ABLOY AB, or its affiliate(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.

  • Page 3: Table Of Contents

    Contents Section 1: Introduction ............. . 5 Product overview .
  • Page 4 PLT-01628, Rev. D.2 Section 5: PAM configuration ............21 Overview .

  • Page 5: Section 1: Introduction

    Reader Services or by the API. If the card is valid, the PAM sends the card’s derived badge ID to the PACS. 1.2 Scope of document This document provides information on the installation and configuration of the HID Global pivCLASS Authentication Module (PAM). 1.3 Assumed knowledge This document is aimed at experienced installers with knowledge of Physical Access Control Systems (PACS).

  • Page 6: Prerequisites

    Introduction PLT-01628, Rev. D.2 1.4 Prerequisites The following prerequisites are required: 1. Install hardware components, including the following: PACS panels (if applicable) Supported Smart Card readers: pivCLASS (PIN, BIO or CAK) Veridt Multimode 12 - 24V DC UL294 Access Control/Burglary Power Supply, capable of supporting power requirements as specified in Section 2 Specifications.

  • Page 7: Section 2: Specifications

    Section 2 Specifications 2.1 Technical specifications Parameter Specification 6.70 x 6.05 in (17 x 15.4 cm) Dimensions 7.32 x 6.61 in (18.6 x 16.8 cm), including Enclosure Input: 12 V DC @ 1.2Amp, 24 V DC @ 600mA (Note: PAM has a <10ms in-rush of ~2.2A on power on) Power Output Reader Power: 11.5 V DC, 300 mA (each) Dry Contacts...
  • Page 8 Specifications PLT-01628, Rev. D.2 This page is intentionally left blank. January 2019...

  • Page 9: Section 3: Module Description

    Section 3 Module description This chapter describes the physical and security features of the pivCLASS Authentication Module (PAM). 3.1 Physical features January 2019...
  • Page 10 Module description PLT-01628, Rev. D.2 Physical features include: Console: For internal use. SD Card Socket: Insertion point for the SD Card with PAM Firmware. Power Connector: Connects the PAM to the power supply. Ground Connector: Connect the PAM to Earth ( ) using the lug built onto the PAM.

  • Page 11: Security Features

    PLT-01628, Rev. D.2 Module description 3.2 Security features Security features include: All TCP ports are closed except for a single port that only accepts authenticated requests from the pivCLASS Reader Services. The default port is 10200. Communicates with the pivCLASS Reader Services by way of 256-bit AES encrypted over Ethernet TCP/IP.

  • Page 12: Pam Operation With Card Passthrough

    Module description PLT-01628, Rev. D.2 3.3.2 PAM operation with Card Passthrough When Card Passthrough is enabled, the PAM will direct the reader to perform an autonomous poll and process using a scan and process command. This can be sent at any point after receiving the response from the previous command to the reader.

  • Page 13: Section 4: Installing The Module

    Section 4 Installing the module This chapter describes installing, connecting and powering the pivCLASS Authentication Module (PAM). CAUTION ELECTROSTATIC SENSITIVE DEVICES Observe precautions for handling 4.1 Checking the package contents Before installing the PAM, unpack the contents of the shipping container and make sure that you have the items listed.

  • Page 14: Creating A Sd Card Image

    PAM firmware by downloading the SD card image from the pivCLASS software distribution web site. Note: Make sure to utilize the SD cards shipped from HID Global. Do not use SD cards acquired through other means.

  • Page 15: Enclosure Installation

    4.3 Enclosure installation Install the PAM in a UL 294 Listed enclosure. Furthermore, install the PACS and appropriate power supply (not supplied by HID Global) according to the manufacturer's instructions. 4.3.1 PAM mounting dimensions Use the dimensions below to mark the drilling holes on the enclosure (the illustration is not to scale).

  • Page 16: Making Jumper Connections

    Installing the module PLT-01628, Rev. D.2 Note: The mounting hole diameter is 0.14 inch. The recommended mounting screw size is #6 (Imperial) or M4 (Metric). The recommended clearance around the sides of the PAM is least 1 inch to allow for wiring and access to the SD card.

  • Page 17: Wiring Connections

    PLT-01628, Rev. D.2 Installing the module 4.5 Wiring connections This section explains wiring the PAM to the PACS panel and supported reader(s). 4.5.1 Connecting PAM to supported reader port Using a small flat-head screwdriver (1/8 inch or smaller), connect the Reader 1 or Reader 2 connector on the PAM to the supported reader(s) according to the following table.

  • Page 18: Connecting To The Network

    Installing the module PLT-01628, Rev. D.2 Some PACS panels may signal on the LED input (Green LED) when access is not granted. In these cases BZR should be wired to another output from the PACS panel (most likely the red LED). The PAM will ensure that the BZR input is not signaled and the LED is signaled in order to interpret the PACS as having provided access.

  • Page 19: Applying Power

    PLT-01628, Rev. D.2 Installing the module 4.8 Applying power After attaching all PAM connections apply power and configure the PAM (see Section 5 PAM configuration). 4.9 Disabling power For powering off the PAM, ensure all processes are complete and remove power. CAUTION Do not remove power to reboot, unless it is absolutely necessary, as data corruption on the SD card may occur.
  • Page 20 Installing the module PLT-01628, Rev. D.2 This page is intentionally left blank. January 2019...

  • Page 21: Section 5: Pam Configuration

    Section 5 PAM configuration 5.1 Overview This section describes the pivCLASS Authentication Module (PAM) Configuration application and provides procedures for PAM setup. When the PAM is placed into setup mode the PAM Configuration application, accessed through a web browser using a supplied IP address, provides an interface to configure the PAM. Note: From firmware version 5.4 and onwards the Panel Auto Discovery feature can be used to configure the PAM.

  • Page 22: Pam Configuration Application Overview

    PAM configuration PLT-01628, Rev. D.2 5.3 PAM Configuration application overview The following provides an overview of the pivCLASS Authentication Module (PAM) Configuration application. Function Description Used to configure the network settings that enable the PAM to connect to and communicate Networking with the network.

  • Page 23: Manual Pam Configuration

    PLT-01628, Rev. D.2 PAM configuration 5.4 Manual PAM configuration This section describes how to setup the PACS Service to PAM communication path and manually add a PAM within Reader Services. 5.4.1 Panel API communication options Before you begin manual PAM configuration check the panel API communication options in the PACS Service application: 1.

  • Page 24: Configure The Pam To Communicate With The Pacs Service

    PAM configuration PLT-01628, Rev. D.2 5.4.2 Configure the PAM to communicate with the PACS Service Follow the steps below to configure communication between the PAM and PACS Service. 1. Install the PAM and power it on. 2. Place the PAM into configuration mode: 1.
  • Page 25 PLT-01628, Rev. D.2 PAM configuration 6. From the PAM Configuration application main menu (see Section 5.3 PAM Configuration application overview), click Networking. 7. In the Networking window record the MAC Address for later use to create the PAM configuration in the PACS Service.
  • Page 26 11. Click Close to exit the screen. 12. For the PACS Service to trust the PAMs Signing Certificate move/copy the certificate .cer file to: C:\Program Files (x86)\HID Global\pivCLASS PACS Service\pam\clientcerts where: C:\Program Files (x86)\HID Global\pivCLASS PACS Service is the PACS Service installation directory. January 2019...

  • Page 27: Configure Pam In Reader Services

    PLT-01628, Rev. D.2 PAM configuration 5.4.3 Configure PAM in Reader Services 1. Start the PACS Service application. 2. On the PACS Service application main window, right-click within the Reader Services status window. 3. Select New > pivCLASS Authentication Module 5 from the menu. January 2019...
  • Page 28 PAM configuration PLT-01628, Rev. D.2 4. In the Panel dialog box, select the General tab and enter a description for the PAM in the Description field. 5. Enter the MAC address of the PAM in the MAC address field (do not include dashes or colons). The MAC address is the address previously recorded from the PAM Configuration window, see Section 5.4.2 Configure the PAM to communicate with the PACS Service, Step 6.
  • Page 29 PLT-01628, Rev. D.2 PAM configuration The newly created PAM is displayed in the Reader Services status window. 7. Return to the pivCLASS Authentication Module Configuration application main menu in the web browser. Note: Inactivity of a more than a few minutes may cause the web browser to time out. You will need to log back into the PAM Configuration application.
  • Page 30 PAM configuration PLT-01628, Rev. D.2 10. Click Select a certificate to upload from your computer to locate and select the PACS Service TLS certificate .cer file. 11. When certificate file is displayed click Close. 12. Click Close to return to the pivCLASS Authentication Module Configuration application main menu. 13.
  • Page 31 PLT-01628, Rev. D.2 PAM configuration 16. From the PAM Configuration application main menu (see Section 5.3 PAM Configuration application overview), click Reboot. 17. Disconnect the Ethernet cable from the computer and connect it to the switch or hub the PAM uses to communicate by the configured networking settings.

  • Page 32: Automatic Pam Configuration

    PAM configuration PLT-01628, Rev. D.2 5.5 Automatic PAM configuration This section describes how to setup the PACS Service to PAM communication path and configure a PAM in Reader Services using the automatic discovery feature. The automatic discovery feature can be used if the PACS Service is on the same subnet and/or the network is setup to allow UDP broadcast messages from Panel to the PACS Service computer.

  • Page 33: Add Automatically Discovered Pam

    PLT-01628, Rev. D.2 PAM configuration 5.5.2 Add automatically discovered PAM 1. Install the PAM and power it on. 2. Start the PACS Service application. Discovered PAMs are displayed in the Reader Services status window. 3. Double click on a discovered panel entry to launch the Panel form. January 2019...
  • Page 34 PAM configuration PLT-01628, Rev. D.2 4. On the General tab of the Panel form, enter the panel parameters and click OK to add the panel to the list of configured panels. Note: Select the Update panel firmware option (PAM 5 only) to indicate that the panel firmware should be updated when the panel is connected.

  • Page 35: Section 6: Troubleshooting

    Section 6 Troubleshooting This chapter provides troubleshooting hints and tips if you encounter problems with your pivCLASS Authentication Module (PAM). 6.1 LED activity The following table lists the LED indicators of the PAM. Purpose Indicates power to the PAM is on/off. The LED turns GREEN when power is ON. POWER Indicates the tamper status.

  • Page 36: Resetting To Factory Defaults

    Troubleshooting PLT-01628, Rev. D.2 6.2 Resetting to factory defaults WARNING Resetting the PAM to factory defaults permanently erases all configuration settings (including logs, keys and cached validation data). It also returns the module to the factory default IP address (192.168.0.222, with subnet mask 255.255.255.0). These changes are non-recoverable.

  • Page 37: Troubleshooting Configuration Problems

    PLT-01628, Rev. D.2 Troubleshooting 6.3 Troubleshooting configuration problems If there are PAM operation problems, follow these steps to troubleshoot the problem: Examine the PAM configuration (Setup Mode page). Enable additional message logging and download the logs using the pivCLASS Reader Services. Consult your provider.

  • Page 38: Swapping A Pam

    Troubleshooting PLT-01628, Rev. D.2 Issue Description Solution/Workaround Gig-E switch fails Gig-E/Gigabit Switch is used that Adjust the setting of the port the PAM is connected to a to auto-negotiate does not successfully 10/100MB port. If issues are still encountered attempt to set auto-negotiate speed connection the port to 100MB full duplex.

  • Page 39: Section 7: Regulatory

    (with an output voltage range of 10.2 to 26.2 V DC), 1.2 Amp minimum. CE Marking HID Global hereby declares that this product is in compliance with the essential requirements and other relevant provisions of Directives 2014/30/EU (EMC) and 2014/35/EU (LVD).
  • Page 40 hidglobal.com...

Table of Contents