Controlled Access to Restricted Areas of DESY Accelerators.
Andreas Labudda, DESY, Hamburg, Germany
single position the coordination of access can be done by
a single member of the accelerators crew.
DESY has two different systems for controlled access
to restricted areas. A pure hardware based system for the 2.1 The Design Goals of the New System of
first build accelerators like LINAC and DESY with eight Controlled Access
access doors and a software supported system for DORIS,
PETRA and HERA with 30 access doors. The Software These are several design goals. One design goal is to
has three design goals. control the access from a single position in the BKR. The
Scalability for different numbers of accelerators. other design goal is to build the systems in small software
All access doors can be operated from a central modules with well-defined interfaces. This enables an
position easy reaction in case of redesign of hardware systems
Small changes in applications due to changes in without effecting modules that interact with existing
the existing hardware. hardware. At least the system should be scaleable to
To reach this goal the software was implemented as a several accelerators without rewriting of code.
PC based client - server system in 1998.
2.2 The Equipment
1 INTRODUCTION Every point of access at DESY is equipped with nearly
No person should be near the accelerator if the identical hardware. At first Serial Data Acquisition
accelerator is going to be used. To ensure this a search (SEDAC) driven devices like
crew searches the area around the accelerators. Each part An access door with
of the accelerator must be registered as “clean” before the several contacts to
interlock is fixed and the accelerator can be turned on. register the state of the
After the area is searched any unauthorized access will
prevent the accelerator from use. A box of accelerator
keys. The accelerators
To enable a short-term work near the accelerator
can be turned on only if
without the necessity of a following search, the procedure
all of the keys are back in
of the “controlled access” is established. A person who
wants to access has to announce himself at the operator
Video cameras, which
via phone and video. If the accelerator is offline, the
are selected by video
operator has five steps to do.
multiplexers. There are
Select the video camera to see where the person
two different types of
wants to enter the accelerator.
multiplexers available. One type of
Register the person name. multiplexer is “eight to one“. It selects a
Enable the person to get a key for preventing the cameras signal to be displayed. The other
accelerator to be switched on. type of multiplexer is “four to four”. It selects the
Select the door to be bridged. screen, where the signal has to be displayed.
Bridge the doors contacts to let the person enter Several contacts which register the state of the
without breaking the interlock. area. Every area consists of several access doors.
Likewise exist optional serial driven card readers and
2 CONTROLED ACCESS AT DESY some devices, which are not controlled by the control
DESY has got two different systems for controlled system like lamps, telephones and speakers.
access. An old, pure hardware based system for the Every driven “access device “ of an accelerator is
smaller accelerators like the LINACS and DESYS and a connected to one device server PC.
software supported system for DORIS, PETRA and
HERA. Both systems for the controlled access are 3 The Implementation of the Software
concentrated at one single position in the BKR. By The device server PC hosts several applications to
concentrating the controlled access for all accelerators at a manage the controlled access. There are pure device
servers that act on hardware devices and of data server.
The data server registers the data of the controlled 3.6 Service Console
accesses like name of the person who accesses, location of
The service console is just for testing and debugging
access, time of access and duration of access.
the hardware. Every status bit is decoded and displayed at
For the operator there are two applications available.
the service console. Also every available bit of the device
One application for the procedure of controlled access
can be controlled. The service console is not designed to
and another application for services like device checking.
execute the controlled access.
3.1 The Device Server for the Boxes of Keys 3.7 Operating Console
and Doors of Access.
By the operating console the operator executes the
This device server reads the status of the boxes of keys procedure of controlled access. The operating console
and the interlock doors. The status can be: enables the operator
Is the box open? Yes or No? to view the states of the areas
Are all of the keys in the box? Yes or No? control the box of keys and
Is the interlock door open? Yes or No? prepare the interlock door for opening.
Is the interlock door prepared to use? Yes or No? The operating console also displays the states of the
The commands the server processes enable the box of devices, but no specific errors are displayed. The
keys to open and they prepare the contacts of the interlock operating console displays an “OK” if all devices in an
door to be bridged. area have no errors. If one device is not ok, its type of is
displayed. For further debugging the service console must
3.2 The Device Server for the Areas of be used.
The device server for the areas of controlled access 4 A Critical Review of the Software after
accepts no commands. The server only checks the state of Implementing and Two Years of Use.
the areas. The status can be “No Interlock”, “Cleaning the At first, the crew has not used the card server and the
area” and “Interlock OK”. data the server. Fore the pure hardware based system, the
registration of accesses has to be done manually. Also the
3.3 The Device Server for Video Multiplexers registration of access in the software-based system was
The device server for video multiplexers reads the done manually, too.
status of the connected devices via SEDAC. The status is The systems of the different accelerators are not well
the selected input line of each channel. The server accepts separated. The video signals of three different accelerators
commands selecting a channel of each multiplexer have to be displayed on two different video screens. One
separately. device server has to serve the switch where the connection
from the accelerators video signal to video display will be
3.4 The Device Server for Card Readers made. This is a single point of failure for all accelerators.
After all the controlled access to restricted areas is a
The device server reads the data of magnetic cards stable system, which needed no software support the last
including the owners name, the number and the period of two years.
validity. Also the device server reads the error status and
the some I/O statistics. For controlling the card readers
the device server offers commands to display text on the
5 A View Into the Future.
card readers display, eject cards, alter processing, reset a We plan to replace all card reader systems with a new
device and turn the device off and on. transponder system. This will result in a replacement of
the servers for card readers. There will be no software
3.5 The Data Server changes in any other device server. The amount of
changes of the console applications will depend on the
The data server has no connection to any device. The interface of the new server for the transponder.
Data Server holds the data of accesses to a controlled The plan is to equip the hardware based system with
area. All off them are made available by the consoles transponders, too. This will not interfere with the existing
commands. The server offers commands to check in, device server. Just the server of the central monitors has
check out and print statistics. No command is available to to be configured for the new input. A new instance of an
delete data. accelerators system of controlled access has to be adopted
The Names of persons, who did not check out yet are for the new integrated accelerators.
send as status data by the “Data Server”.