PROJECT NAME:

TC279_TA_High Level Design

DATE: 26-October 2023

VERSION: 1.0

CLASSIFICATION: Internal Use Only

DISCLAIMER
This document contains information from Tawazun Council (TC) that is confidential and privileged. The information is intended
for the private use of TC. By accepting this document you agree to keep the contents in confidence and not copy, disclose, or
distribute this without written request to and written confirmation from TC. If you are not the intended recipient, be aware that
any disclosure, copying, or distribution of the contents of this document is prohibited.
1. DOCUMENT CONTROL:

2|P a g e
2. DOCUMENT PUBLICATION HISTORY:

All
Document title TC279_TA_HIGH LEVEL DESIGN

Reference ID 231026/TC/ITS/ITSP/TC279/TA/HLD

Version 1.0

Status Reviewed and Approved

Publish date 26/10/23

Revision date 26/10/23

revisions made to this document must be listed in chronological order, with the most recent revision at the
bottom

Version Date Author Remarks

0.1 26/10/23 Jiby Jacob Delivered

All revisions should be approved. Review and Approval can be done only by Tawazun ITSU

Version Date Reviewer & Approver Remarks

3|P a g e
3. DISTRIBUTION LIST

Name Designation Department/unit

Information Technology and Security Unit NA Information Technology and Security Unit

4|P a g e
Table of Contents
1. DOCUMENT CONTROL:
2. DOCUMENT PUBLICATION HISTORY:
3. DISTRIBUTION LIST
3.1 PURPOSE
3.2 TERMINOLOGY
4 PURPOSE & BACKGROUND
BACKGROUND
4.1 HOW IVANTI CONNECT SECURE WORKS
5 PROPOSED SOLUTION DESIGN
5.1 HIGH LEVEL NETWORK DESIGN
6 BILL OF MATERIAL - SUMMARY

EXECUTIVE SUMMARY
Objective of this document is to describe the implementation procedures to be followed for performing the installation of
TIMECHECK

INTRODUCTION
The purpose of the Time Attendance system is to track the employee movements and calculate the attendance, including the late,
early and overtime for the employees. The movements are clocked using access control readers, and once the movements are
polled from the reader, it is used for the employee attendance calculation, based on the schedule, grace times, leaves and holidays.
The users should be able to use the system by logging into the system.

SOFTWARE DETAILS

5|P a g e
PREREQUISITES

1. Application Server
Server Role for Web Server and Application Development should be enabled with below features:

1. Management Tools , IIS Management Console , IIS 10.0 Management Compatibility , IIS 10.0 Metabase
2. Compatibility, IIS Management Scripts and Tools, Management Services.
3. Common HTTP Features , Default Document , Directory Browsing , HTTP Errors , Static Content , HTTP
4. Redirection, WebDAV Publishing
5. Health and Diagnostics, HTTP Logging, Logging Tools , Request Monitor , Tracing
6. Performance, Static Content Compression, Dynamic Content Compression
7. Security, Request Filtering, Basic Authentication, Windows Authentication, URL Authorization, IIS
8. Client Certificate Support, IP and Domain Restrictions, Digest Authentication, Client Certificate
9. Mapping Authentication
10. .NET Framework 4.5, TCP Port Sharing, Web Server (IIS) Support
11. .NET Extensibility 3.5 / 4.5
12. ASP.NET 3.5 / 4.5
13. CGI , ISAPI Extensions , ISAPI Filters , Server Side Includes
14. WebSocket Protocol
15. Windows Process Activation Service Support, HTTP Activation, Named Pipes Activation, TCP
16. Activation
17. Windows Deployment Services, Deployment Server, Transport Server

2. Client Application Runtime Prerequisite

1. MS WINDOWS SERVER 2022 (Windows Server 2022 R2 Standard Edition x64 fully updated)
2. English and Arabic both
3. MS SQL SERVER 2022 Native Client
4. PDF Viewer
5. Crystal Report 13.0.5 or greater.
6. System Language Settings
7. ODBC Dot Net Provider

SERVER DETAILS

SERVERS Quantity Description

Application Server 3 1) UAT

2) Production Server 1
3) Production Server 2

Database Server 2 1) Database Server Node1

2) Database Server Node 2

6|P a g e
Application Server Details

DNS NAME {{DNS Name}}

OS Windows Server 2022 R2 Std

Asset Name Time and Attendance UAT

No. of CPU 4

RAM (Gb) 8

Drives C:\120, D:\50

SAN Capacity (Gb) 170GB

VLAN Non-Prod-App

IP Address {{IP Address }}

Subnet {{Subnet }}

Gateway {{Gateway }}

DNS NAME {{DNS Name}}

OS Windows Server 2012 R2 Std

Asset Name Time and Attendance Prod App Server1

No. of CPU 2

RAM (Gb) 8

Drives C:\120, D:\50

SAN Capacity (Gb) 170GB

VLAN Prod-App 25

IP Address {{IP Address }}

Subnet {{Subnet }}

Gateway {{Gateway }}

Backup IP {{Backup IP}}

DNS NAME {{DNS Name}}

OS Windows Server 2022 R2 Std

Asset Name Time and Attendance Prod App Server2

No. of CPU 4

RAM (Gb) 8

Drives C:\120, D:\50

SAN Capacity (Gb) 170GB

VLAN Prod-App 25

7|P a g e
 IP Address {{IP Address }}

Subnet {{Subnet }}

Gateway {{Gateway }}

Backup IP {{Backup IP}}

Database Server Details

DNS NAME {{DNS Name}}

SQL Server SQL Server 2022 Standard/Enterprise

OS Windows Server 2022 R2 Std

Asset Name Time and Attendance Database Node 1

No. of CPU 8

RAM (Gb) 32 GB

Drives 2

SAN Capacity (Gb) 200GB

VLAN VLAN 24 DB

IP Address {{IP Address }}

Subnet {{Subnet }}

Gateway {{Gateway }}

Backup IP {{Backup IP}}

PORT {{PORT}}

DNS NAME {{DNS Name}}

SQL Server SQL Server 2022 Or greater Standard/Enterprise

OS Windows Server 2022 R2 Std

Asset Name Time and Attendance Database Node 2

No. of CPU 8

RAM (Gb) 32 GB

Drives 2

SAN Capacity (Gb) 200GB

VLAN VLAN 24 DB

IP Address {{IP Address }}

Subnet {{Subnet }}

Gateway {{Gateway }}

Backup IP {{Backup IP}}

PORT {{PORT}}

8|P a g e
FIREWALL.

SOURCE DESTINATION Protocol Ports

IP Address, Hostname, Location IP Address, Hostname,
Location

Application Server1,2, UAT Database Server TCP 1433

Application Server1,2, UAT AD Server TCP 1531

Database Server SMTP Server TCP 25

Application Server1,2, UAT Local Network HTTP/HTTPS 80/443

Application 1, 2, UAT (Mobile API) Internet HTTP/HTTPS 8081

Application Server1,2, UAT ERP/HRMS HTTP {{ERP PORT }}

Database Server Access Control DB Server TCP 1433

DATABASE IMPLEMENTATION DETAILS

1. Environment Setup Detail SQL cluster server is required to configure the databases for time & Attendance.
2. Creating Database (SQL Server)
Databases for TIMECHECK application have to be created (default name TIME_ROOT and TIME_MAIN). Restore
“TIMECHECK” existing database backup which will be used to retrieve existing Transactions, schedules and single permissions.
Create a database login/user named ‘-svc-tasapp’ with database owner privilege on TIMECHECK DBs (TIME_ROOT,
TIME_MAIN_TAWAZUN)
3 Creating Linked Servers (SQL Server)
Need access to bridge_Database to work on linked server.

4. Integration with ERP System

A. Overview
The following information should be provided from the ERP system:
• Organization
• Grade
• Leave Type
• Nationality
• Employee Type
• Employee Details
• Employee Leaves

Above information will be fetched from ERP system and pushed into TIME_MAIN_TAWAZUN database. ERP will share the
views to be consumed by TIMECHECK in order to synchronize the Inbound and out bound information.

B. DATA FROM ERP

ERP will share the views to be consumed by TIMECHECK in order to synchronize the Inbound and out bound
information.

9|P a g e
10 | P a g e
 C. TIMECHECK DATABASE SERVER TO ACCESS CONTROL DATABASE LINKED SERVER
Repeat previous step to create Linked server from TIMECHECK Database to Access Control Linked Server name should be
“{{ IP Address}}” and Server type should be SQL Server as Access Control Db uses.

OVERVIEW
TIMECHECK application is integrated with access control system. The integration is made possible using database link with SQL
direct queries and pushing Access control data and event details into bridge database “TimeCheck_TA_Bridge”. Access Control
data is available in AC database from connected devices automatically without any delay.
TIMECHECK will be synchronizing periodically with access control database to fetch the new transactions and process them
automatically according to the configured TIMECHECK policy.
TIMECHECK application requires the transactional data to be available with below attributes in specified format to enable the
integration with access control system

DATA FROM ACCESS CONTROL

11 | P a g e
SYNCHRONIZATION / DATABASE ARCHITECTURE
This part will elaborate that how system is fetching IN / OUT events from access control system.
1. TimeCheck TimeCheck portal is mainly integrated with ERP system for employees, holidays and leaves information.
TimeCheck is fetching updated employee’s, holiday and leaves information from ERP system on daily bases and then
sending back employee’s absent details to EPR system at the end of every day. Moreover, for TA events, TimeCheck is
getting employees IN/OUT movements from access control system. Below is the Design diagram for reference

8081
1433

1433

12 | P a g e
Organizations

13 | P a g e
14 | P a g e
15 | P a g e
CREATING SYNCHRONIZATION JOBS (SQL SERVER AGENT)

Below is the list of jobs that needs to be scheduled for integration of TIMECHECK with Access Control system Database and
ERP Database

16 | P a g e
17 | P a g e
18 | P a g e
19 | P a g e
20 | P a g e
Note: Due to always on environment (high availability) you need to create the above jobs on all the available nodes and whenever
a failover occurs kindly start at the active server and stop at secondary. (As per infra team)

21 | P a g e
22 | P a g e