Id-Logon

The Id-Logon system is developed to ensure biometric access control in operating and information systems.
1. SOFTWARE DESCRIPTION
SYSTEM COMPONENTS
For the correct functioning of the System, the following minimum equipment is required:
- Server
- Client PC
- Сameras
The detailed description of the recommended characteristics of the equipment is indicated below.
ARCHITECTURE
The system consists of the following components:
- Id-Logon Core — the server part of the System, consisting of separate services, including the System settings interface, recognition algorithms, database and reports.
- Id-Logon Tracker — video preprocessing server.
- WinLogon — a client application for Windows providing biometric authentication for access to the Windows operating system.
- AppLogon — a client application for Windows providing biometric authentication for access to applications and information systems.
- UserControl — a client application for Windows providing biometric control of presence and other rules of being at a PC.
The System can be integrated with:
- Active Directory (LDAP), using the adapter that is supplied along with the System
TECHNOLOGIES
The System is developed using the following programming languages and software:
- Golang
- C#
- Angular
- RabbitMQ
- Nginx
- PostgreSQL
- Redis
Id-Logon Core includes the following services:
Service | Description | Port |
---|---|---|
mauth-win-logon | Client application for Windows authentication | None |
mauth-client-app-config | Service for client settings | None |
Nginx | A web server and mail proxy server | 80, 443, 23231 |
PostgreSQL | Free and open-source relational database management system (RDBMS) | 5432 |
RabbitMQ | Service providing work with data queues | 5672, 15672 |
Redis | Open-source software for managing NoSQL databases | 6379 |
mkvz-tracker | Service for preprocessing video stream (tracker) | 8001 |
mkvz-launcher | Service for managing client applications | 8876 |
mkv-server-report | Service for generating reports: includes reports by gender, age, visits, etc. | 11084 |
mu-server-api | Notification service | 11090 |
support-server-api | Service for system maintenance | 11091 |
mkv-server-url-shortener | URL shortening service | 11092 |
mas-server-api | Management service, which provides API for processing data about devices, applications, cameras | 11101 |
mas-server-settings | Service for storing configuration settings and sending them to the modules | 11102 |
mauth-server-api | Service for managing authentications in Windows and applications | 11200 |
mauth-server-report | Service for generating reports on user biometric authentication | 11201 |
user-control-server-api | Service for controlling of the user presence at their workplace | 11202 |
user-control-server-report | Service for generating reports on user presence control | 11203 |
mpdn-secret-vault-api | Service for storing personal data | 11204 |
mfs-server-api | Service for storing and working with images | 11300 |
mfs-server-thumbnail | Service for working with thumbnails of the file storage | 11301 |
fs-server-api | File storage service | 11302 |
mi-sender-email | Service for sending e-mail notifications | 11400 |
mi-sender-http | Service for sending notifications by http (push) | 11401 |
mi-sender-smsmodem | Service for sending SMS with a USB gsm modem | 11402 |
mi-server-api | Service for implementing API functions to work with services | 11403 |
mi-sender-telegram | Service for sending SMS to Telegram | 11404 |
mi-controller-acs | Service for integration with external systems and request routing between them | 11406 |
mi-controller-idm | Service for integration with external IDM systems and sending requests to corresponding adapters | 11407 |
mi-adapter-idm-ad | Service of integration adapter with Active Directory | 11431 |
mkv-server-admin | User interface for the System administration module | 11500 |
mkv-server-api | The service contains API methods to work with the main functionality of the System | 11501 |
mkv-server-auth | Service for authorization in the System by entering a username and password | 11502 |
mkv-server-ws | Application back-end for working with the client via WebSocket | 11503 |
backup-client-server-api | System data backup service | 11506 |
logging-server-api | Service is used to get logs from services | 11509 |
event-configuration-api | Service for simplifying working with event storage, so that a single request creates a pool of necessary entries in the dictionaries for event processing | 11510 |
event-storage-server-api | Service for processing System events and performing various actions depending on the type of event | 11511 |
mkv-client-profiles-import | Service for importing profiles into the System | 11514 |
mas-meta-server-api | Meta information service | 11515 |
monitoring-server-api | Services for monitoring statuses of the running services | 11517 |
statistics-server-api | Service for recording statistics on the System operation | 11518 |
audit-server-api | Auditing and logging service | 11521 |
mkv-server-auth-ldap | Service for authorization in the System via LDAP/AD | 11522 |
mkvz-onvif-cameras | Service for searching and connecting cameras supporting ONVIF protocol | 11550 |
mas-server-report | Report service for MAS | 11553 |
mie-export-api | Service for exporting customized data sets from CSV | 11555 |
mie-import-api | Service for importing customized data sets to CSV | 11556 |
logging-server-siem | Service for SIEM logging | 11557 |
mmpd | Service for managing detecting processes | 11600 |
compromise-server-api | Service for compromise control | 11605 |
modi-image-worker | Service for processing photos (crop, resize, etc.) | 11700 |
modi-server-api | Service for processing discrete images | 11701 |
modi-ubda-tevian-[01-04] | Service for processing photos: searching faces and creating biometric templates | 11710 y [01], 11711 y [02], 11712 y [03], 11713 y [04] |
mrp-server-api | Service that provides API for processing data during working with the streaming video | 11800 |
mrp-server-ubt-broker | Service for UBT proxying to other systems | 11801 |
mrp-matching-tevian-go | Matching service for the Tevian engine | 11806 |
mrp-server-broker | Service managing a request queue to the matching algorithms | 11821 |
mrp-server-image-broker | Service for image distribution among trackers | 11822 |
ms-server-filecache | Service providing file caching | 11900 |
mkv-scheduler-api | Service that implements working with scheduled tasks | 11910 |
video-restreamer-server | Server for video restreaming | 40000, 40001 |
One of the server requirements for installing the Id-Logon Core software package is the absence on the server of the software specified in the table above and the presence of free ports indicated in the table.
2. REQUIREMENT FOR CORRECT WORK
ID-LOGON SERVER
It is recommended to install the Id-Logon Core on the server. Server characteristics directly depend on the number of cameras processed by the System. An approximate calculation for the most common values is presented in the table below.
Number of cameras | CPU (Core) | RAM (GB) | HDD (GB) | SSD (GB) |
---|---|---|---|---|
1 camera | 5 | 16 | 600 | 240 |
2 cameras | 6 | 16 | 700 | 240 |
3 cameras | 8 | 16 | 700 | 240 |
5 cameras | 10 | 32 | 800 | 240 |
7 cameras | 14 | 32 | 900 | 240 |
10 cameras | 18 | 64 | 1000 | 240 |
Operating System: Windows 10 Pro (2004 and later, according to the end date of the operating system support), Windows Server 2016/2019 and later. The account (login/password) (including for a remote user) must remain unchanged throughout the installation. The account (login/password) must allow upgrading privileges to Administrator if necessary.