1.

Title Page

Prepared (also subject responsible if other) Subject

Tewelde Y. / Nechi B. AS Built Documentation: Nov 22, 2024
Approved Checked Date Rev Reference
Destalem Fitiwi Destalem F. 22/11/2024 01

• Project Name: Supply, Installation, Implementation, and Configuration of Biometrics

Attendance and Access Control System

• Client Name: Amhara Bank SC

• Version: 1.0 (Document Version)

i
Contents
1. Title Page ............................................................................................................................................... i
2. Table of Figures .................................................................................................................................... iii
3. Project Overview ...................................................................................................................................... 1
3.1 Project Scope: ..................................................................................................................................... 1
3.2 Description of System/Infrastructure: ................................................................................................. 1
3.3 Stakeholders: ....................................................................................................................................... 2
3.4 Timeline .............................................................................................................................................. 2
4. System/Network Architecture ................................................................................................................... 3
4.1 High-Level Overview: ........................................................................................................................ 3
4.2 Hardware List: .................................................................................................................................... 5
4.3 Software Components ......................................................................................................................... 5
5. Configuration Details ................................................................................................................................ 6
5.1 Network Configuration: ...................................................................................................................... 6
5.2. User accounts and permissions ........................................................................................................ 12
5.3 Services running on servers .............................................................................................................. 12
5.4 Application Configuration: ......................................................................................................... 13
5.3 Software settings ......................................................................................................................... 16
6. Changes from Original Design ............................................................................................................... 17
7. Testing and validation ............................................................................................................................. 18
8. Maintenance & Support Information ...................................................................................................... 19
8.1 System Access Information: ............................................................................................................. 19
8.2 Backup & Recovery Procedures ....................................................................................................... 20
8.3 Monitoring & Alerts: ........................................................................................................................ 20
8.4 Support Contacts ................................................................................................................................... 21
9. As-Built Diagrams and Schematics ........................................................................................................ 21
10. Documentation of Custom Scripts and Automation ............................................................................. 25
11. System Hardening and Security Measures............................................................................................ 25
12. Lessons Learned.................................................................................................................................... 26
13. Appendices............................................................................................................................................ 27

ii
 2. Table of Figures

Figure 1: High level overview ........................................................................................................................ 3

Figure 2: Diagram ......................................................................................................................................... 4
Figure 3: Device Floor 16 .............................................................................................................................. 6
Figure 4: Device Floor 18 .............................................................................................................................. 7
Figure 5: device floor 19 ............................................................................................................................... 7
Figure 6: Device Floor 20 .............................................................................................................................. 8
Figure 7: Device Floor 21 .............................................................................................................................. 8
Figure 8: Device Floor 22 .............................................................................................................................. 9
Figure 9:Device Floor 23 ............................................................................................................................... 9
Figure 10: Device floor 24 ........................................................................................................................... 10
Figure 11: Device Floor 25 .......................................................................................................................... 10
Figure 12: cloud service settings ................................................................................................................. 11
Figure 13: HR policy .................................................................................................................................... 16
Figure 14: Attendance Report Sample ........................................................................................................ 18
Figure 15: Access Control Report ................................................................................................................ 19
Figure 16: Monitoring ................................................................................................................................. 20
Figure 17: Network topology ...................................................................................................................... 21
Figure 18: Physical cabling .......................................................................................................................... 23
Figure 19: Integration ................................................................................................................................. 25

iii
3. Project Overview
3.1 Project Scope:

A summary of the project’s purpose and objectives.

The scope of the project is supply, installation and configuration of attendance and access control
machines with software for managing and monitoring door access and employee time attendance system
of Amhara bank SC head office.

3.2 Description of System/Infrastructure:

Centralized employee time attendance and access control management system, equipped with nine
ZKTeco FaceDepot -7B Time attendance and access control terminal together with other accessories
including magnetic lock, brackets, exit-button, door closer and Glass breaker.
Employees use their fingerprint for time attendance purposes and face recognition for door access control
purposes.

In addition to the hardware machines installed ZKBioCV Security web-based software has been installed
for managing all the terminals, adding employees to the system, setting time tables, shifts, schedules,
access levels of employees, system monitoring and generating daily, weekly, monthly, absence, late, early
out and overtime reports. Please refer to HR user manual in this regard.

What was built or implemented (e.g., a network infrastructure, software application, server deployment,
etc.).

A network of time attendance and access control management system was implemented within the
existing network infrastructure of the bank.
Both hardware and software were supplied and implemented in this project. The hardware consists of
time attendance and access control terminals, magnetic locks, exit-buttons, door clos and glass breaker.
And the software supplied and installed was ZKBioCV Security.

1
3.3 Stakeholders:

Project Manager: Destalem Fitiwi

Technical Leads: Tewelde Yohannes

Nechi Berhe

Mulugeta Kebebe

Client Contacts: Nebyu –HR Manager

Eyob- Database team

Gemechis Dawo- Network Infrastructure

Ermias- API integration

3.4 Timeline

Task Start Date End Date

Installation 01/05/2024 30/05/ 2024
Software Customization 05/06/2024 08/08/2024
Device customization 12/08/2024 10/09/2024
API Integration 11/05/2024 07/10/2024
Data collection 22/11/2024 24/11/2024
Training 25/11/2024 15/11/2024
UAT 26/11/2024 26/11/2024
Project submission 27/11/2024 27/11/2024

2
4. System/Network Architecture
4.1 High-Level Overview:

• Description of the system architecture (e.g., physical layout, network topology, software stack).

Figure 1: High level overview

3
• Diagrams: System diagrams, network topology maps, or flowcharts showing components and
interconnections.

Figure 2: Diagram

4
4.2 Hardware List:

S.No Device Model Serial Number Description Manufacturer

1 FaceDepot-7B GAZ4240500009 Time attendance and access ZKTeco

GAZ4240500007 control terminal
GAZ4240500012
GAZ4240500010
GAZ4240500017
GAZ4240500016
GAZ4240500008
GAZ4240500014
GAZ4240500015
2 CM-280HS Electromagnetic Lock ZKTeco

3 DC6085L Door closer ZKTeco

4 ZK-AS603 Alarm ZKTeco

5 ZK-AS32 Door Sensor ZKTeco

6 Tleb 102 Exit-button ZKTeco

7 ZKABK900A-G/R Emergency Break Glass ZKTeco

4.3 Software Components

The application ZKBioCVSecurity has been installed in the virtual server provided by the bank.

ZKBioCV Security provides a comprehensive web-based security platform with the adoption of hybrid
biometric and computer vision technology. It contains multiple modules: Personnel, Time & Attendance,
Access Control, Visitor Management, Parking, Elevator Control, Face Kiosk, Consumption, Video
Surveillance, Intelligent Analytics, Intrusion Alarm, Locker Management, Video Intercom, Service
Center, and other smart sub-system.

Software Version :6.1.1R

Virtual Machines:

If applicable, document virtual machines (VMs) created, including:

o Hypervisor information –ESXI version 8.0.2

o VM names- ATTENDANCE_PROD

o OS versions- Microsoft Windows Server 2022 (64-bit)

o Assigned resources (CPU=4, memory=16 and HDD=150)

5
5. Configuration Details
5.1 Network Configuration:
• IP addressing scheme (IPv4/IPv6)
• System Server IP:10.100.13.51
• Port (ADMS):8088
• Port (Web):8098
• IP address used in the devices: 172.26.250.x/24
Here is the exact IP address of each device.

Floor 16: 172.26.250.25

Figure 3: Device Floor 16

6
Floor 18: 172.26.250.24

Figure 4: Device Floor 18

Floor 19: 172.26.250.23

Figure 5: device floor 19

7
Floor 20: 172.26.250.22

Figure 6: Device Floor 20

Floor 21: 172.26.250.21

Figure 7: Device Floor 21

8
Floor 22: 172.26.250.16

Figure 8: Device Floor 22

Floor 23: 172.26.250.18

Figure 9:Device Floor 23

9
Floor 24: 172.26.250.46

Figure 10: Device floor 24

Floor 25: 172.26.250.19

Figure 11: Device Floor 25

10
 For all devices Cloud server settings is set to:
Server IP: 10.100.13.51
Port: 8088

Figure 12: cloud service settings

• Subnet mask: 255.255.255.0

• Gateway address: 172.26.250.1
• DNS:172.26.250.1
• TCP communication port:4370

o VLAN configurations- VLAN 990

o Routing tables- Attendance Device connected to our wireless-router (GPON) by using

configured default gateway, and through Tele link it will communicate to internal server
at our Data center.

o Firewall rules- provide: In internal firewall access policy, the attendance network have
allowed to access attendance servers.

o DNS configurations->>10.100.13.55, 10.100.13.65

o VPN settings (if applicable)->>NA

11
5.2. User accounts and permissions

1. Admin User

Permission

This user has full access to the software’s functionality.

• Add, View, Delete Personnel, Department, Position

• Setting Attendance rules Such that, create view delete and update
timetables, shifts, group rules global rules and departments, assign,
remove, view, update schedule
• View leave, Absence
• View and export daily, monthly, weekly…attendance reports
• Create new users
• Setting access control rules
• Manage Access control and attendance devices
2. HR User

HR user is eligible to view the above listed functionalities.

Refer to HR User Manual if you need detail.

5.3 Services running on servers

• Storage Configuration:
o Postgre SQL embedded database
o LUN mapping= not applicable
o Disk quotas = not applicable since it is VSAN

12
5.4 Application Configuration:

One way integration between ZKBio CVSecurity and HR software was made.

5 APIs were implemented.

1. Sign In

2. Get All Active Employee

3. Get Specific Employee

4. Get All Leave Taken

5. Get Leave Taken By Employee

API message format: - API response is in the format of JSON (JavaScript object notation).
Authentication: - to access those API, the request organ needs to provide authentication token in request
header.

13
2. getAllActiveEmployee: this API endpoint return all active employee in the bank. To access
this endpoint, providing authentication token is mandatory.

BaseURL = https://10.100.13.44:5561/API/v1.0.0/utility

Endpoint = /getEmployeeData

Method = GET

Headers = Authentication: “eyJ…….-w”

3. getSpecificEmployee:

This API endpoint return single employee full information by employee ID.

Also to access this endpoint authentication token is required

BaseURL = https://10.100.13.44:5561/API/v1.0.0/utility

Endpoint = /getEmployeeDataByEmployeeId

Method = GET

Headers = Authentication: “eyJ…….-w”

4. getAllLeaveTaken: used to access all leave taken by all employee in the bank. Also,
authentication token is required.

BaseURL = https://10.100.13.44:5561/API/v1.0.0/utility

Endpoint = /getLeaveData

Method = GET

Headers = Authentication: “eyJ…….-w”

5. getLeaveTakenByEmployee: this endpoint returns all leave taken by specific employee. To

access this endpoint authentication token is required.

BaseURL = https://10.100.13.44:5561/API/v1.0.0/utility

14
Endpoint = /getLeaveDataByEmployeeId

Method = GET

Headers = Authentication: “eyJ…….-w”

These API’s are inserted in ZKBIO CV Security personnel module HRMS Setting and
the employee’s data are being synced from HRMS to ZKBIO CV security.

15
5.3 Software settings

Attendance Policy was set in accordance to HR policy. Refer to HR user Manual.

Figure 13: HR policy

16
 o Database configuration (if applicable)-

Postgre SQL-embedded to the software.

o Web server details ( SSL version3.0,TLS 1.2):

You can access server via browser using: https:\\10.100.13.51:8098

6. Changes from Original Design

Initial Design: ZKBio CVSecurity software which didn’t support special character was provided

Deviations: Customizing ZKBio CV security software

o Reasons for the changes

The bank’s Employees ID contain special character which is not supported by the software.
Our suppliers Java team started working for the possibility but they have informed us that the “/”
character has lot of dependency and conflicts with the internal script, library files, commands,
paths and parameters. Therefore, it is very difficult to use this character as user ID.

In regards to creating conflict with the device firmware, firmware developer team has checked it
and come up with the confirmation that the “/” can’t be used as user ID in any standard firmware
(any device of Linux or Android FW). It is an illegal/void character which conflicts with
firmware source code. So, using “/” is impossible theoretically.

o Impact of the changes (e.g., performance, security)

This adjustment allowed the software to handle employee data with special characters
seamlessly.

Unforeseen Issues and Resolutions:

o Network issue

At the outset of the project, the devices were configured with IP addresses within the 192.168.1.X and
192.168.0.x ranges, while the server maintained a static IP of 10.100.13.51. However, due to the absence
of IP address exclusion in the bank’s DHCP configuration, device IPs were occasionally reassigned to
other devices in the event of a power loss, despite the static IP settings configured on the devices
themselves.

This issue was promptly addressed through collaboration between our Project Manager, Mr. Destalem,
and the bank's network team. After thorough discussions, a resolution was reached to allocate a separate
network range—172.26.250.x—for the devices, ensuring there would be no overlap with the server’s IP
(10.100.13.51).

This change effectively resolved the conflict and improved network stability moving forward.

17
7. Testing and validation

• Test Plan: Description of testing protocols used to validate the system (e.g., functional
testing, performance testing).
• Functional Test

Testing Device: fingerprint, face, palm verification as well as door functionality test have
performed.

Software Testing: we validated the reports generated from the software whether they are working
based on the HR policy.

Testing Doors: Checked whether doors are opening and closing as expected.

• Performance result
The above tests have been done and the system is operational 100%.

• Test Results: It includes any logs, screenshots, or data that verifies the system operates as
expected by the Client.

Attendance Report Sample

Figure 14: Attendance Report Sample

18
 Access Control Report Sample

Figure 15: Access Control Report

• Acceptance Criteria: Proof that the system met all the client's acceptance criteria.

UAT will be done by client and I will attach the proof later on.

• Security Testing: penetration tests, vulnerability scans are performed by security department
and fixed by the client’s security rules.

8. Maintenance & Support Information

Maintenance issues will be handled by Dehay technologies and 1 year period support will be given.

8.1 System Access Information:

• Administrative access (root/admin credentials for servers and network devices)

Default user name: admin

Default Password: admin
New user name: admin
New password: aba@2024

• Remote access configuration

Address: 10.100.13.51

Username: attendanceuser

Password:Test@123!

19
8.2 Backup & Recovery Procedures

o Backup strategy: Full

o Backup schedules: backup is scheduled, weekly file location C:\SecurityDBBack.
Client can copy backup files to their DR site.
o Recovery procedures and DR plans
Database can be recovered via task bar then press hidden icon and then select server controller then select
restore Database.
The above Backup and recovery plan is only for the software and its data so we recommend the clients to
take their VM Backup.

8.3 Monitoring & Alerts:

The software has its own monitoring Dashboard. The dashboard has Alarm Center and Message
notification as shown on the bellow image

Figure 16: Monitoring

Clients can monitor List of alerts configured (CPU usage, disk space, network availability) on their
monitoring tool based on their configured storage Policy.

20
8.4 Support Contacts

Key personnel for support: Nechi Berhe (0933100854)

Escalation contacts: Tewelde Yohannes (0941622562)

Destalem Fitiwi (0922171414)

Email addresses: [email protected]

[email protected]

9. As-Built Diagrams and Schematics

• Network Diagram: Updated network topology showing actual deployment.

Figure 17: Network topology

21
 • Explanation of the network Topology:

First, biometric data should be collected from employees. Subsequently, individuals will provide
input (fingerprint or facial scan) to the device on a regular basis. This input is then sent to a
database for authentication, where the data is stored. If the individual is authorized, the door will
unlock. If not, the door remains closed, and the user will be prompted to try again. For attendance
purposes, if the person is authenticated, a transaction record will be saved.

In regards to accessing the Software:

The user will enter their account credentials, which will be verified. If authentication is
successful, the system proceeds to the authorization step, where the user is granted access only to
the resources they are authorized to use. Following this, the system logs the activity, and a history
of actions is stored for auditing purposes. On the other hand, the login will be denied should the
account credentials are incorrect.

• Rack Layout: A detailed diagram showing equipment installed in racks, including vlans and IP.

VLAN= VLAN 13 Enterprise

IP=10.100.13.51

Device Ip =172.26.250.X

22
• Physical Cabling Diagrams: Diagrams of how servers, switches, and other devices are
connected.

Figure 18: Physical cabling

23
• Logical Diagrams: High-level flowcharts showing software components, integrations, or data
flow (for applications or databases).

24
 Software integration

Seamless integration has been made between ZKBIO CV Security and HRMS system.

intergrated

Figure 19: Integration

10. Documentation of Custom Scripts and Automation

• Scripts:

List any custom scripts or automation routines used in the system: NA

• Purpose of Each Script: What each script is designed to do (e.g., backup scripts, automation of
network configurations): NA

• Code/Commands: Include the full code or commands for scripts, with comments where
necessary: NA

11. System Hardening and Security Measures

• Security Policies Applied:

o Firewalls- every device has an access list on the FTD firewall based on their specific IP
address to access attendance server (10.100.13.51).

o port security-NA

• Encryption:

o Types of encryption used (SSL 3.0, TLS1.2)

o Certificates installed and their validity dates: NA

25
 • Authentication:

o Methods of authentication (LDAP, Kerberos, 2FA)NA

12. Lessons Learned

• Challenges Faced: Any significant challenges encountered during implementation or
deployment.

o Network infrastructure of the bank

o ID of the bank contains Special character which was not supported by our software

• What Worked Well: Aspects of the project that went according to plan or exceeded
expectations.

o API integration was implemented between ZKBio CVSecurity and HRMS client
software. This enabled one way seamless communication between ZKBio CVSecurity
and HRMS.
o We have customized ZKBio CVSecurity as to support special.

• Recommendations for Future Projects: Improvements or recommendations based on the

project experience.

o Requirement should be specified clearly before proceeding to implementation.

o Smooth network infrastructure has to be provided

26
13. Appendices
• Glossary: Explanation of any terms or acronyms used in the document.

NA-not applicable

Aba=Amhara Bank

VM= Virtual Machine

HRMS-> Human resource management system

• References: Any references to external documentation or user manuals.

1. HR user manual- Prepared by Dehay technologies

2. API documentation-prepared by Ermias

• Version History: Record of revisions to the As-Built document.

o Date of revision:11/14/2024

o Version number:1.0

o Description of changes: NA

27