En - Security Center Administrator Guide 5.2

Security Center Administrator Guide 5.
Copyright notice
2013 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes an end-user license agreement and is furnished under license and may be used only in accordance with the terms of the license agreement. The contents of this document are protected under copyright law. The contents of this guide are furnished for informational use only and are subject to change without notice. Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any derivative works be created therefrom without Genetec Inc.s prior written consent. Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the state of a product at the time of documents last revision, and may not reflect the product at all times in the future. In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is incidental to or consequential upon the instructions found in this document or the computer software and hardware products described herein. The use of this document is subject to the disclaimer of liability found in the end-user license agreement. "Genetec", "Omnicast", "Synergis", "Synergis Master Controller", "AutoVu", "Federation", "Stratocast", the Genetec stylized "G", and the Omnicast, Synergis, AutoVu and Stratocast logos are trademarks of Genetec Inc., either registered or pending registration in several jurisdictions. "Security Center", "Security Center Mobile", "Plan Manager", "Stratocast" and the Security Center logo are trademarks of Genetec Inc. Other trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products. All specifications are subject to change without notice.
Document information
Document title: Security Center Administrator Guide 5.2 Document number: EN.500.003-V5.2.C1(1) Document update date: April 19, 2013 You can send your comments, corrections, and suggestions about this guide to documentation@genetec.com.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
ii
About this guide

This guide provides the information you need to set up and configure your Security Center system. It explains the basic settings you must configure before your system can be used, as well as other settings you'll need to change such as adding additional users and resources (servers) to your system. This guide also provides the conceptual information and instructions on how to build and configure your Security Center video-surveillance, access control, and license plate recognition (LPR) systems. A reference section is included that provides information about each window and tab, and the related settings in the Config Tool. Last-minute updates can be found in the Security Center Release Notes. This guide is written for users who need to configure and manage Security Center. You should be familiar with the following concepts and systems:
Microsoft Windows administration Installation, configuration, and use of Microsoft SQL Server 2008 Video surveillance concepts Access control concepts Vehicle law enforcement and parking enforcement concepts Wiring of access control equipment such as door controllers and input/output modules
Notes and notices

This section explains how the following notes and notices are used in this guide:
Tip. Suggests how to apply the information in a topic or step. Note. Explains a special case, or expands on an important point. Important. Points out critical information concerning a topic or step. Caution. Indicates that an action or step can cause loss of data, security problems, or performance issues. hardware.
Warning. Indicates that an action or step can result in physical harm, or cause damage to
iii
Contents
About this guide . . . . . . . . . . . . . . . . . iii
Part I: Introduction to Security Center

Chapter 1: Welcome to Security Center
What is Security Center? . Common/Core features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4 4 4 5 6 6 7
Omnicast Video surveillance features . Synergis Access control features . Architecture overview . . . . . . . .
AutoVu License plate recognition (LPR) features . About Security Center components. What is Genetec Server?
Chapter 2: Getting started with Config Tool

Connecting to Security Center Log on . Log off . . . . . . . . . . . . . . . . Change your password . Close the application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 9
. 10 . 10 . 10 . 11 . 13 . 13 . 14 . 16 . 19
Differences between Config Tool 5.1 and 5.2 . Config Tool interface tour Home page overview . How Config Tool is organized .
Administration task workspace overview Maintenance task workspace overview .
iv
Chapter 3: Working with tasks

Adding a task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 . 22 . 23 . 24 . 24 . 25 . 25 . 26 . 27 . 27 . 27 Create a new task Load a saved task
Working with your current tasks . Task list commands . Close the current task Reordering tasks Save a task . . . .
Send a task to another workstation . Change the taskbar position . Set the taskbar to auto-hide .
Chapter 4: Working with reports

Generate a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 . 31 . 31 . 31 . 32 . 32 . 32 . 33 Export and print your report . Export your report . Print your report Resize columns . Select columns . . . .
Customize the report pane .
Change the column order
Part II: Security Center administration

Chapter 5: Basic principles about entities
Entities as basic building blocks Configuring entities . . . . Create an entity manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 . 37 . 37 . 38 . 39 . 40 . 40
v
Common entity attributes . Using geographical locations
Entities created automatically by the system . Further readings on entity configuration

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
Searching for tasks and entities Search for a task . . . Search for entities by name . Delete an entity . . . .
. . . .
. . . .
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. 42 . 42 . 43 . 43 . 45
Search for entities using the Search tool.
Chapter 6: Common administrative tasks

Managing servers and roles Managing servers . Managing roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 . 47 . 48 . 49 . 51 . 52 . 52 . 53 . 53 . 54 . 55 . 56 . 57 . 57 . 58 . 59 . 60 . 61 . 61 . 62 . 64 . 65 . 66 . 66 . 67 . 68 . 68 . 69
vi
Add an expansion server to your system
Diagnose role problems Managing databases .
Common database settings .
Where should the database be hosted? . Move a database to a different computer Create a database . . . . . . . . . . . . . .
Connect roles to a remote database server . View information about a roles database Turn on role database notifications . Back up your role database . Restore your role database . Delete a database . . . . . . . . . . . . . . . . . .
Configuring Security Center for high availability . Configuring role failover . How role failover works in Security Center . Which roles support failover Configure failover for roles . Troubleshooting failover .
Configuring Directory failover and load balancing
How Directory failover and load balancing works . Directory failover and load balancing prerequisites . Add a server to the Directory failover list Modify the license for all servers . . . . . . . . . .
Change the order of the Directory servers .

Manually switch the main server Bypass default load balancing .
. .
. .
. . . .
. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 69 . 70 . 70 . 71 . 71 . 72 . 74 . 75 . 75 . 76 . 81 . 82 . 82 . 82 . 83 . 85 . 85 . 86 . 89 . 89 . 90 . 93 . 96 . 99 101 102 103 103 106 109 110 111 111

vii
Remove a server from the Directory failover list . Configuring Directory database failover . How Directory database failover works .
Configure database failover through backup and restore . Configure database failover through mirroring . Monitoring your systems health . About the Health Monitor role . Configuring the Health Monitor. Managing the Network view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring your systems health using maintenance tasks What is the Network view? . Purpose of the Network view Creating network entities Managing the Logical view . About the Logical view . Managing software security Defining partitions . Defining users . . Defining user groups . . . . . . . . . . .
Configuring the Logical view
Introduction to software security
Configuring user privileges . Using privilege templates
Importing users from an Active Directory Automating system behavior . Using schedules . . . . . . . . . . . . . Using event-to-actions . Using scheduled tasks Using macros . . . . Managing alarms . What is an alarm?
Create an alarm Testing alarms .
. .
. .
. . . . .
. . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 112 . 112 . 113 . 113 . 115 . 116 . 117 . 117 . 117 . 119 . 121 . 122 . 122 . 123 . 127 . 128 . 128 . 128 . 131 . 133 . 134 . 136 . 136 . 136 . 138 . 139 . 140 . 140 . 140 . 141 . 142 . 142 . 143 . 146 . 147
viii
Trigger alarms manually Responding to alarms . Managing threat levels .
Trigger alarms automatically using event-to-actions Investigating current and past alarms . What are threat levels for? . Create a threat level . .
Differences between threat levels and alarms Configuring threat level actions Actions exclusive to threat levels Threat level limitations . Threat level scenarios . Threat level related tasks Federating remote systems Types of federations . . . . . . . . . . . .
What are federated entities?
Federating Omnicast systems .
Federating Security Center systems . Defining custom fields and data types Why use custom fields?. Add a custom field . . Add a custom data type. . . . . . . . . . . .
Advanced settings for large federations .
Modify a custom data type .
Integrating with Windows Active Directory . What is Active Directory integration? . What are the benefits of AD integration? How does synchronization work? . .
How does Active Directory integration work? .
What information can be synchronized with the AD? . Import security groups from an Active Directory
Select which cardholder fields to synchronize with the AD . Mapping the credential card format to an AD attribute .
Map custom fields to synchronize with the AD . Resolve conflicts due to imported entities Modifying imported users . . . . . . . . Modifying imported cardholders Managing intrusion panels . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
148 149 151 151 153 155 155 156 156 158 159 160 160 160 161 161 163 164 164 164 165 165 165
Logging on with an Active Directory user
How are intrusion detection panels represented in Security Center? . What does the Intrusion Manager role do? . Enroll an intrusion panel . . . . . . . . . . . . . . . . . . . . . . . . Edit intrusion detection unit peripherals. Create an intrusion detection area . Managing zones . . . . . . . . . . . . . . . . . . . . . What is IO linking? . What is a zone? . Creating zones .
About zone management roles .
Which type of zone works best for me? . Supporting cross-platform development . What does the Web-based SDK role do? . Using the Web-based SDK . Creating tile plugins . . . . . . . . .
Create a tile plugin that links to a Web site . Create a tile plugin that links to a map file
Chapter 7: Troubleshooting
Viewing system messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 170 171 172 177 179 180 181
ix
Viewing system health events . System status task . . . .
Viewing the health status and availability of entities . Monitoring the status of your system . Troubleshooting entity states . Diagnosing entities . . .
Finding out who made changes on the system .

Investigating user related activity on the system . Viewing properties of units in your system . .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 182 . 184
Part III: Omnicast IP video surveillance

Chapter 8: Deploying Omnicast
What is Omnicast? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 . 188 . 190 . 190 . 191 . 193 . 193 . 193 . 194 . 197 . 202 . 202 . 202 . 203 . 204 . 204 . 206 . 207 . 208 . 208 . 209 . 209 . 210 . 212 . 213 . 214 . 218 . 220
x
What are the Omnicast entities? . Omnicast deployment process
Omnicast deployment prerequisites Omnicast deployment procedure . Configuring the Archiver role What is the Archiver? . Configure the Archiver . . . . . . . . .
Adding video units to your system . Configuring video units for trickling Configuring the Media Router role What is the Media Router? . Configure the Media Router Beware of RTSP port conflict . . . . . . . .
Configuring the Auxiliary Archiver role . What is the Auxiliary Archiver? Configure the Auxiliary Archiver .
Associate cameras to the Auxiliary Archiver
Remove a camera from the Auxiliary Archiver . Move the Auxiliary Archiver to a different server Configuring cameras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Recommended camera configuration process . Configuring video streams . Configure visual tracking . Configure PTZ motors . .
Test the video quality of your camera . Creating camera sequences . Configuring analog monitors .
Configure analog monitors .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
220 222
Testing your analog monitor configuration .
Chapter 9: Managing Omnicast

Managing video archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 224 225 227 227 227 229 229 231 233 234 235 236 237 239 240 241 244 247 248 249 What constitutes a video archive? Managing the archive storage Protecting your video archives .
Protecting your video archive against storage failure . Protecting video archive against routine cleanup. Protecting video archive against tampering . Protecting video files . Replace video units . . . . . . . . . . . . . . . . . . . . . . . Viewing properties of video files . Diagnosing video streams . . . . . . . . . . . . . . . . . . . . . . .
Protecting your video archive against hardware failure .
Troubleshooting video units that are offline . Diagnosing Waiting for signal errors
Diagnosing Impossible to establish video session with the server errors. Troubleshooting no playback video available . Troubleshooting cameras that are not recording . Troubleshooting video units that cannot be added Troubleshooting video units that cannot be deleted Solving H.264 video stream issues . Investigating Archiver events . . . . . . . . . .
Part IV: Synergis IP access control

Chapter 10: Deploying Synergis
What is Synergis? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 252 253
xi
How does Synergis work?
What are Synergis entities? .

Uniqueness of the Synergis model . Synergis deployment process . . . . Synergis deployment prerequisites . Synergis deployment procedure Configuring the Access Manager role . Configure the Access Manager role .
. . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 254 . 256 . 256 . 257 . 260 . 260 . 261 . 261 . 267 . 267 . 267 . 268 . 268 . 268 . 269 . 269 . 270 . 271 . 271 . 272 . 274 . 274 . 275 . 275 . 278 . 278 . 279 . 279 . 280 . 280 . 281 . 281 . 283 . 283
xii
Add the unit manufacturer extensions . Configuring access control units . . . . . . . . . . . . . . . . . . . . . . .
Adding access control units to your system . Understanding unit synchronization Configuring doors . . . . . . . . .
Synergis Master Controllers unique characteristics . Wiring doors to access control units Create and configure your doors Configuring a buzzer . . . . .
Configuring readerless doors using Input/Output modules . Associate cameras to doors . Using the Walkthrough wizard
Why use the Walkthrough wizard? . Configuring elevators . . . . . . . . . . . . . . . . . . . . . . .
Assigning doors to access control units using the Walkthrough Wizard . Hardware for elevator control and floor tracking Configuring elevator floors . Create an elevator . Create an area . . . . . . . . . . . Configuring secured areas Add members to an area Configure antipassback. Configure interlock . Configuring access rules .
Configure doors for an area
Create and configure access rules . Create a cardholder in Config Tool .

Configuring cardholders and cardholder groups .
Create a cardholder group in Config Tool Import cardholders from a flat file . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
284 284 284 284 284 285 285 287 287 287 287 289 294
About the maximum cardholder picture file size . Importing cardholders from an Active Directory Managing cardholders in Security Desk . Configuring credentials . . . . . . . . Create a credential in Config Tool . Import credentials from a flat file
Importing credentials from an Active Directory . Enrolling credentials from Security Desk Using custom card formats . Defining badge templates . Testing your configuration . . . . . . . . . . .
Chapter 11: Managing Synergis

Managing global cardholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 296 296 301 303 305 308 309 310 311 312 314 314 315 315 317 318 319
xiii
What is global cardholder management? Rules and restrictions regarding GCM . Operating on global entities . . . . . . .
How does global cardholder management work? Configuring global cardholder management . Viewing access control health events . Investigating access control unit events Replace access control units . . .
Viewing IO configuration of access control units . Replacing HID VertX 1000 units with SMC units . Troubleshoot HID discovery and enrollment . Common discovery and enrollment issues . HID unit enrollment issues . . . . .
HID unit cannot be found with the discovery tool
Finding out which entities are affected by access rules . Viewing properties of cardholder group members . Viewing credential properties of cardholders .
How the Access troubleshooter tool works Troubleshooting access points . . . Troubleshooting cardholder access rights.
. . .
. . .
. . .
. . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. 320 . 321 . 322 . 323 . 324 . 325 . 326 . 326 . 326 . 327
Diagnosing cardholder access rights based on credentials Finding out who is granted access to doors and elevators . Finding out who is granted/denied access at access points Troubleshoot door issues . Request to exit events . Credential issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Resolution of reader issues .
Part V: AutoVu IP license plate recognition

Chapter 12: Deploying AutoVu
Part VI: Config Tool reference

Chapter 13: Entity types
Common configuration tabs . Identity Cameras Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 . 332 . 334 . 335 . 336 . 337 . 338 . 340 . 343 . 344 . 345 . 346 . 347 . 349 . 350
Custom fields . Access control unit Properties (HID) Portal (SMC) . Network (HID). Peripherals . Health . Access rule . . . . . .
Properties (SMC) .
Synchronization Properties .
xiv
Alarm .
. .
. . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
351 352 354 357 358 360 361 363 364 365 366 368 369 378 379 387 388 389 393 394 395 396 397 398 399 400 401 402 403 404 405 406 408
xv
Properties . Advanced Analog monitor Properties . Area . . . . Properties . Members Access rules . Badge template.
Badge designer . Video . . . . . . . . . . . . . . . . .
Camera (video encoder) Recording . Color . . . . . .
Motion detection Visual tracking . Hardware Cameras Cardholder . Picture . Camera sequence .
Properties .
Cardholder group . Properties . Cash register Credential . . .
Properties . Door . . .
Badge template . Properties . Hardware .
Unlock schedules
Access rules Elevator . . . . . Floors . Access . Hotlist. .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 409 . 410 . 411 . 412 . 413 . 414 . 415 . 418 . 421 . 422 . 423 . 424 . 425 . 426 . 427 . 429 . 430 . 431 . 432 . 433 . 434 . 435 . 437 . 438 . 439 . 440 . 442 . 444 . 445 . 447 . 448 . 449 . 450 . 451
xvi
Advanced . Properties . Advanced . Properties . Properties . Peripherals . LPR unit . Macro . . . . Properties . Properties . Monitor group Monitors . Network . . Properties . Properties . Overtime rule . Properties . Parking lot . Parking facility Properties . Partition . . Properties . Patroller . .
Intrusion detection area . Intrusion detection unit .
Default execution context .
Output behavior .
Accepted users . Properties .
Permit .
. . . . . . . .
. . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
453 454 457 458 460 461 462 463 464 465 468 469 470 471 472 473 473 476 480 481 482 483 485 486 488 489 490 491 493 494 495 496 498
xvii
Properties . Properties . Parking lot . Public task . Role . . . Schedule . . .
Permit restriction .
Properties .
Setting the time range Scheduled task . Properties . Server . . . Properties . Server Admin Directory tab Tile plugin . User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the ordinal pattern
Genetec Server tab . Properties . Properties . Workspace . Security . Privileges User group . Security . Privileges Video unit . Identity . . . . . . . .
Properties .
Properties . Peripherals .
Zone (hardware) . Properties . Arming . Zone (virtual) . Properties . Arming . . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. 502 . 503 . 504 . 506 . 507 . 508
Chapter 14: Role types

Access Manager Properties . Extensions . Resources . Properties . Links . Archiver . Trickling . . . Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 . 512 . 513 . 514 . 516 . 517 . 518 . 520 . 521 . 522 . 524 . 528 . 533 . 543 . 544 . 546 . 547 . 551 . 551 . 551 . 552 . 553 . 554 . 557 . 558 . 559
xviii
Active Directory .
Camera recording . Extensions . Resources .
Auxiliary Archiver Cameras Directory . . . . . .
Camera recording . Resources .
Configuring the Directory role . Managing the Directory role Directory Manager Directory servers . . . . . . . . . . . .
Database failover . Properties . Resources . . . . .
Global Cardholder Synchronizer .
Health Monitor Properties . Resources .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
560 561 562 563 564 565 566 567 568 584 585 586 588 590 591 592 593 594 595 596 597 598 599 599 600 601 602 603 604 605 606 607
Intrusion Manager . Properties . Extensions . Resources . LPR Manager . Properties . Resources . Media Router . Properties . Resources Identity . Resources Plugin . . Point of Sale . . . . .
Omnicast Federation . Properties .
Properties . Cash registers Resources . Report Manager Properties . Resources Identity . Resources . . .
Security Center Federation Properties . Web-based SDK Properties . Resources .
xix
Zone Manager . Properties . Resources .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. 608 . 609 . 610
Chapter 15: Administration tasks

Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 . 613 . 615 . 617 . 618 . 618 . 619 . 622 . 624 . 625 . 626 . 627 . 628 . 629 . 630 . 632 . 633 . 634 . 636 . 638 . 639 . 640 . 649 Logical view Security System . .
Network view .
General settings Custom fields . Events . Actions. . . . . .
Logical ID .
User password settings . Activity trails . Audio . Video . . . . . . . . Threat levels Access control .
Roles and units . General settings Intrusion detection LPR . . . . Roles and units . General settings Plugins . . .
Chapter 16: Tools and utilities

Security Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 . 652 . 653 . 654
xx
Access troubleshooter . Unit discovery tool Unit replacement .
Move unit . Import tool
. .
. . .
. . .
. . .
. . . .
. . . .
. . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
655 655 657 657 662 666 666 668 668 670 670 677 678 679 681 683 685 688 689 690 691 692
Moving units
Sample import scenario .
Fields that can be imported from a CSV file . About entity creations and updates . Replacing old credentials Copy configuration tool Custom card format editor . . . . . . . . . . . . . . . . . . . . . . .
Using the copy configuration tool Defining custom card formats . Deleting a custom card format . Options dialog box . General options . Visual options . Video options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Keyboard shortcuts .
User interaction options. Performance options External devices . .
Date and time options .
Adding shortcuts to external tools .
Chapter 17: User privileges

Application privileges . General privileges . Logical entities . Physical entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695 696 697 697 697 700 701 703 703
xxi
Administrative privileges .
Schedule Management . Alarm management LPR management . . .
Access control management
Task privileges
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 704 . 708
Action privileges .
Chapter 18: Reporting task reference

Query filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712 . 723 Report pane columns .
Chapter 19: Events and actions in Security Center

Event types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745 . 758 Action types .
Chapter 20: Keyboard shortcuts in Config Tool

Default keyboard shortcuts . . . . . . . . . . . . . . . . 765
Part VII: Appendices

Appendix A: License options
Viewing license information from Config Tool . Viewing license information from Server Admin . License option descriptions Synergis license options AutoVu license options. Mobile license options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Center license options . Omnicast license options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769 . 770 . 771 . 771 . 772 . 773 . 774 . 774 . 775
Certificate license options .
Appendix B: Default Security Center ports

Common communication ports . AutoVu-specific ports . Synergis-specific ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777 . 778 . 779 . 780
Omnicast-specific ports .
xxii
Appendix C: HID reference

Network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782 . 782 . 783 . 784 . 785 . 785 . 785 . 785 . 786 . 787 . 788 . 788 . 791 . 791 . 791 . 799 . 799 . 799 . 799 . 800 . 800 . 801 . 802 Refer to HIDs documentation for initial hardware setup Using the HID Discovery GUI utility . HID initial configurations For HID V1000 units . Other HID hardware . . . . . . . . . . . . . .
Special considerations when configuring HID units .
HID factory default input settings . Modify input configurations Supported features and models
Interpreting the Power and Comm LEDs on an HID unit Supported access control software and hardware Access control unit modes of operation .
About offline, mixed, and online modes of operation Supported modes of operation per unit type Access control unit configuration . General versus dedicated inputs Configuring a door with reader Wiring diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring a door with two door sensors . HID Edge reader & Edge Plus . HID VertX V1000 . HID VertX V2000 .
Appendix D: Bosch reference

How Bosch intrusion panel integration works . . . . . . . . . . . 804
Appendix E: Honeywell reference

How Galaxy Dimension control panel integration works . . . . . . . . . 806
Glossary Index .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.807 .847
xxiii
Part I
Introduction to Security Center
Take a tour of Security Center and learn the basics of using the user interface. This part includes the following chapters: Chapter 1, Welcome to Security Center on page 2 Chapter 2, Getting started with Config Tool on page 8 Chapter 3, Working with tasks on page 21 Chapter 4, Working with reports on page 29
1
Welcome to Security Center
This section includes the following topics:
"What is Security Center?" on page 3 "Architecture overview" on page 6
What is Security Center?

Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance, Synergis IP access control, and AutoVu IP license plate recognition system. The Security Center unified security platform provides:
One platform controlling and managing video/access/LPR edge devices. One user interface for monitoring, reporting, and managing events and alarms for video
surveillance, access control, and LPR - Security Desk. One user interface for configuring video surveillance, access control, and LPR - Config Tool. Unified live video viewing with video searches and video playback.
Security Center features are divided into four main categories:
Common/Core features Omnicast Video surveillance features Synergis Access control features AutoVu License plate recognition (LPR) features
Common/Core features

Alarm management Zone management Federation Intrusion panel integration Report management Schedule and scheduled task management User and user group management Windows Active Directory integration Programmable automated system behavior
Omnicast Video surveillance features

Full camera configuration and management (new in 5.2) View live and playback video from all cameras Full PTZ control using the PC or CCTV keyboard, or on screen using the mouse Digital zoom Motion detection Bookmark any important scene to ease future video archive search and retrieval Save and print video snapshots Search video by alarm, bookmark, event, motion, or date and time View all cameras on independent or synchronized timelines Visual tracking: follow individuals or moving objects across different cameras Export video in the Genetec G64 format, or a public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks
Synergis Access control features

Cardholder management Credential management Visitor management Door management Access rule management People counting
AutoVu License plate recognition (LPR) features

Fixed and mobile (with Patroller) LPR solution management Automatic identification of stolen (or scofflaw) vehicles Enforcement of city parking regulations (not involving permits) Enforcement of parking lot regulations (involving permits) License plate inventory in large parking facilities
Architecture overview
This section provides an overview of the components in a Security Center system. The setup and configuration of these components are explained later in this guide. This section includes the following topics:
"About Security Center components" on page 6 "What is Genetec Server?" on page 7
About Security Center components

Security Centers architecture is based on a client/server model, where all system functions are handled by a pool of server computers distributed over an IP network. Every Security Center system must have its own pool of servers. Their number can range from a single machine for a small system to hundreds of machines for a large scale system.
NOTE The icons colored in blue represent the computers where Security Center server and client
components are installed.
What is Genetec Server?

Genetec Server is the Windows service you must install on every computer that you want included in the pool of servers available for Security Center to use. Every server is a generic computing resource capable of taking on any role (set of functions) you assign to it. You can increase the computing power of your Security Center system at any time by adding more servers to your pool of resources.
What is the main server?

The main server is the only server on your system that hosts the Directory role. The Directory is the role that gives your system its identity. All other servers on the system must connect to the main server in order to be part of the same system. You can have only one main server on any Security Center system.
What is an expansion server

An expansion server is any computer other than the main server that you add to your system to increase its total computing power. An expansion server must connect to the main server and can host any role in Security Center, except the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
What is a role?
A role is a software module that performs a specific job within Security Center. For example, you can assign roles for archiving video, for controlling a group of units, or for synchronizing Security Center users with your corporate directory service. You create and configure roles using Config Tool. You can assign one or more roles to a single server, or assign multiple servers to the same role to provide load balancing and failover. For more information, see "How role failover works in Security Center" on page 61. For each role you create, you can specify its parameters. After youve configured a role, you can move it to any server on your system (for example, one with a faster processor or more disk space) without having to install any additional software on that server. For a list of role types available in Security Center and what they are used for, see "Role types" on page 510.
2
Getting started with Config Tool
This section provides you with basic knowledge about Config Tool, the main application an administrator needs to configure Security Center. Once youve learned the basic concepts described in this section, you can refer to the "Config Tool reference" on page 330 for specific information on Config Tool topics. This section includes the following topics:
"Connecting to Security Center" on page 9 "Differences between Config Tool 5.1 and 5.2" on page 11 "Config Tool interface tour" on page 13
Connecting to Security Center

This section describes how to connect to Security Center. This section includes the following topics:
"Log on" on page 9 "Change your password" on page 10 "Log off " on page 10 "Close the application" on page 10
Log on
Before you begin: You need your username, password, and Directory name. 1 To open Config Tool, click Start > All Programs > Genetec Security Center 5.2 > Config Tool.
2 In the Logon dialog box, enter the required information. If you have just installed Security Center, log on with the default administrative user Admin with a blank password. The Directory name is the name or IP address of your main server. If you are running Config Tool on your main server, you can leave the Directory field blank. 3 Click Log on. The Home page appears. For more information, see "Home page overview" on page 14. After you are done: Change the Admin users password if it hasnt been changed yet.
IMPORTANT If active directory integration has been set up by your system administrator, and you
are connecting over a VPN connection, you must clear the Use Windows credentials check box and type your username in the format DOMAIN\Username.
NOTE More logon options are available when an Active Directory is integrated to Security Center. For more information, see "Logging on with an Active Directory user" on page 153.
Change your password

Best practice: It is recommended to change your password regularly. 1 From the Home page, click About. 2 In the About page, click Change password. The Change password dialog box appears.
3 Enter your old password, then enter your new password twice. 4 Click OK.
Log off
You can log off from Security Center without closing Config Tool. Logging off disconnects you from the Directory. Use this command when you plan to log on again using a different username and password.
From the Home page, click Log off.
Close the application

1 In the upper-right corner of the Config Tool window, click Exit ( ). If you have unsaved tasks in your workspace, you are prompted to save them. 2 Click Save to automatically load the same task list the next time you open Config Tool.
10
Differences between Config Tool 5.1 and 5.2

The following table highlights the differences between Config Tool 5.1 and 5.2.
Item Config Tool 5.1 Config Tool 5.2
Home page Favorites Recently used Private/public tasks License options Task organization
Access the Home page by clicking the Home button. Favorite items displayed in the Favorites tab in the Home page. Recent items displayed in the Recently used tab in the Home page. Private and public tasks are saved in the Saved tasks tab in the Home page. All license options are displayed in the About page. Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance), and solution type (access control, video, intrusion investigation, and LPR). Can hide some of the notification tray items. Selector contains different tabs, such as Logical view and Query tab. Report commands grouped in the Report tab (export and print report) in Maintenance tasks. Select which columns to display from the Report tab in Maintenance tasks. Alarm entity configuration pages found in the System task Allows you to enroll credentials.
Access the Home page by clicking the Home tab. Favorite items listed in the Tasks tab in the Home page. Recent items listed in the Tasks tab in the Home page. Private and public tasks are saved as separate tabs in the Home page. Some license options displayed in the About page can be turned on or off. Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance). The solution types are indicated by a colored line under the task icons; red for access control, green for video, and yellow for LPR. All notification tray items can be shown or hidden. The Logical view and Query tab are displayed, but the selector is not indicated in the user interface. Report commands found at the top of the report pane (export and print report) in Maintenance tasks. Select which columns to display by right-clicking a column heading in the report pane in Maintenance tasks. Alarm entity configuration pages found in the new Alarms task. Renamed to Credential management task. Allows you to enroll credentials, create and assign credentials, and respond to credential card printing requests. Two tabs for configuring cardholders: Identity and Access rules. Credentials tab is merged into the Identity tab.
Notification tray Selector Report commands
Select columns
Configuring alarm entities Credential enrollment task
Cardholder management
Three tabs for configuring cardholders: Identity, Credentials, and Access rules.
11
Item
Config Tool 5.1
Config Tool 5.2
Access control unit configuration report
Access control maintenance report, where you can view the configuration of access control units in your system.
Renamed to Hardware inventory report. A general maintenance report, where you can view the configuration of access control, video, intrusion detection, and LPR units in your system.
12
Config Tool interface tour

This section describes the main components of the Config Tool user interface. This section includes the following topics:
"How Config Tool is organized" on page 13 "Home page overview" on page 14 "Administration task workspace overview" on page 16 "Maintenance task workspace overview" on page 19
How Config Tool is organized

Config Tool is organized by tasks. All tasks can be customized, and multiple tasks can be carried out simultaneously. You might not see all the tasks and commands described in this guide, depending on your license options and user privileges. There are user privileges for each Config Tool task, and for many commands in Config Tool. Tasks in the Home page are organized into three categories:
Administration. Administration tasks used to create and configure the entities required to
model your system.
Operation. Tasks related to day-to-day Security Center operations. Maintenance. Tasks related to maintenance and troubleshooting.
Under each major category, the tasks are further divided as follows:
Common tasks. Tasks that are shared by all three Security Center software modules. These
tasks are always available regardless of which modules are supported by your software license.
Access control. Tasks related to access control. Access control tasks are displayed with a red
line under their icons. They are only available if Synergis is supported by your software license.
Intrusion detection. Tasks that let you manage intrusion detection areas and units. LPR. Tasks related to license plate recognition. LPR tasks are displayed with a yellow line
under their icons. They are only available if AutoVu is supported by your software license.
Video. Tasks related to video management. Video tasks are displayed with a green line
under their icons. They are only available if Omnicast is supported by your software license.
13
Home page overview

This section describes the Home page, and key components of the Config Tool user interface. The Home page is the main page in Config Tool. You can open the Home page by clicking Home ( ). It is also shown if the task list is empty.
A B C D
E F G H I J K L M
A B
Home tab Current tasks
Click to show or hide the Home page.Right-click for a list of commands (for example, save the workspace, close tasks, and so on). Lists the tasks you currently have open and are working on. Click a task tab to switch to that task. Right-click a tab for a list of commands. See "Working with your current tasks" on page 24. Displays important information about your system. Hold your mouse pointer over an icon to view system information, or double-click the icon to perform an action. You can choose which icons to show in the notification bar from the Options dialog box. See "Notification tray" on page 684. Click to view a list of all open tasks. This button only appears if the task tabs take up the width of the taskbar.
Notification tray
List all tasks
14
E F G
Search box Tasks Private/ public tasks
Type the name of the task, tool, or entity you are looking for. All tasks, tools or entities containing that text in their category, name, or description, are shown. Lists your recent items, favorites, and all the task types that are available to you. Select a task to open from this tab. Click to view the saved tasks that are available to you. Private tasks. Tasks that you saved that are only available to you. Public tasks. Tasks that you or someone else saved that are available to the general public. To save a private or public task, see "Save a task" on page 26. Click to view the tools that you can start directly from your Home page. The Tools page is divided into two sections: Tools. This section shows the standard Security Center tools. External tools. This section shows the shortcuts to external tools and applications. See "Adding shortcuts to external tools" on page 692. Click to configure Config Tool options. See "Options dialog box" on page 678. Click to view information regarding your Security Center software, such as your license, SMA, and software version. From the About page, you can also view the following: Help. Click to open the online help. Change password. Click to change your password. See "Change your password" on page 10. Contact us. Click to visit GTAP or the GTAP forum. You need an Internet connection to visit these Web sites. See "Technical support" on page 869. Installed components. Click to view the name and version of all installed software components (DLLs). Copyright. Click to display software copyright information. For information about your software license, see "License options" on page 768. Click to log off without exiting the application. Right-click any task or tool to add or remove it from your Favorites list. You can also drag a task into your favorites list. Tasks listed in favorites no longer appear in the Recent items list. Lists your recently opened tasks and tools. Click to view all the tasks available to you. Click a task icon to open the task. If it is a single-instance task, it will open. If you can have multiple instances of the task, you are required to type a name for the task. If the task has multiple entity views, you need to select an entity. See also, "Adding a task" on page 22.
Tools
I J
Options About
K L
Log off Favorites
M N
Recent items Browse tasks
15
Administration task workspace overview

Administration tasks used to create and configure the entities required to model your system. This section takes you on a tour of the administration task layout, and describes the common elements of most administration tasks. The Security task was used as an example. You can open the Security task by typing its name in the Search box on the Home page. For more information about administration tasks, see "Administration tasks" on page 611.
A B C D E F
A B
Entity views Entity filter
Youll typically find one view for each entity type managed by the task. Enter a string in this field and type Enter to filter the entities in the browser by name. Click Apply a custom filer ( ) to hand pick the entities you want to show in the browser. Use these buttons to browse through recently used entities within this task. Click an entity in the browser to show its settings on the right. The icon and name of the selected entity is displayed here. The entity settings are grouped by tabs. For more information about the configuration tabs for each entity type, see "Entity types" on page 331.
C D E F
Entity history Entity browser Current entity Configuration tabs
16
Configuration page Apply/cancel changes Contextual commands
This area displays the entity settings under the selected configuration tab. You must Cancel or Apply any change you make on the current page before you can move to a different page. Commands pertaining to the selected entity are displayed in the toolbar at the bottom of the workspace. See "Contextual command toolbar" on page 17.
Contextual command toolbar

The commands pertaining to the selected entity in the browser are displayed at the bottom of the task workspace, in the contextual toolbar. The following table describes them all in alphabetical order.
Icon Command Applies to Description
Activate role Add a cardholder Add a credential Add an entity Assign to new door Audit trails
All roles Access rules and cardholder groups Cardholders All entities Access control units All entities
Activates the selected role. Creates a cardholder and assigns it to the selected entity. Creates a credential and adds it to the selected cardholder. See "Create an entity manually" on page 37. Creates a door and assigns it to the selected access control unit. Creates an Audit trails task for the selected entity. See "Finding out who made changes on the system" on page 181. Opens the Active Directory conflict resolution dialog box. See "Resolve conflicts due to imported entities" on page 149. See "Copy configuration tool" on page 668. Creates an access rule and assigns it to the selected entity. Deactivates the selected role. Deletes the selected entity from the system. Discovered entities can only be deleted when they are inactive.
Conflict resolution
Active Directory role All entities Areas, doors, elevators All roles All entities
Copy configuration tool Create an access rule Deactivate role Delete
17
Icon
Command
Applies to
Description
Diagnose Enable maintenance mode
All roles, and some entities Roles and physical devices
Performs a diagnosis on the selected role or entity. Set a role or a physical device in maintenance mode so its down time will not affect its availability calculation by the Health Monitor. See "Set an entity in maintenance mode" on page 80. Creates a Health statistics task for the selected entity. See "Viewing the health status and availability of entities" on page 171. Flashes an LED on the selected unit to help locate it on a rack. Opens a dialog box showing live video from the selected camera. See "Test the video quality of your camera" on page 213. Opens the Move unit tool, where you can move units from one manager to another. See "Move unit" on page 655. Pings the video unit to check if you can communicate with it. This is helpful for troubleshooting purposes. Allows you to select a badge template and print a badge for the selected cardholder or credential. Restarts the selected unit. Runs the selected macro. See "Using macros" on page 110. Triggers the selected alarm so it can be viewed in Security Desk. See "Testing alarms" on page 112. Opens the Unit discovery tool, where you can find IP units connected to your network. See "Unit discovery tool" on page 653. Opens a browser to configure the unit using the Web page hosted on the unit. A tool that enrolls doors into Synergis in bulk, by having a cardholder present his credential at the doors to be enrolled. See "Using the Walkthrough wizard" on page 271.
Health statistics
Roles and physical devices Video units Cameras
Identify Live video
Move unit
Access control and video units Video units
Ping
Print badge Reboot Run macro Trigger alarm Unit discovery tool
Cardholders and credentials Video and access control units Macros Alarms Access control and video units Video units Cardholders
Units Web page Walkthrough wizard
18
Maintenance task workspace overview

Maintenance tasks are where you generate customized queries on the entities, activities, and events in your Security Center system for maintenance and troubleshooting purposes. This section takes you on a tour of the maintenance task layout, and describes the common elements of most maintenance tasks. The Access rule configuration task was used as an example. You can open the Access rule configuration task by typing its name in the Search box on the Home page.
A B C D
F A Number of results Query filters Displays the number of returned results. A warning is issued when your query returns too many rows. If this happens, adjust your query filters to reduce the number of results. Use the filters in the query tab to set up your query. Click on a filter heading to turn it on ( ) or off. Invalid filters display as Warning or Error. Hover your mouse over the filter to view the reason it is invalid. For a list of query filters available in Security Desk, see "Query filters" on page 712. Click to export or print your report once it is generated. See "Generate a report" on page 30.
Export/print report
19
Select columns Report pane
Right-click a column heading to select which columns to display. For a list of report columns available in Security Desk, see "Report pane columns" on page 723. View the results of your report. Drag an item from the list to a tile in the canvas, or right-click an item in the list to view more options associated with that item, if applicable. Click to run the report. This button is disabled if you have not selected any query filters, or when you have invalid filters. While the query is running, this button changes to Cancel. Click on Cancel to interrupt the query.
Generate report
20
3
Working with tasks
"Adding a task" on page 22 "Working with your current tasks" on page 24
21
Adding a task
There are two ways you can add tasks to your workspace:
"Create a new task" on page 22 "Load a saved task" on page 23
Create a new task

1 From the Home page, do one of the following:
Type the task name in the Search box. Click the Tasks tab, and then click Browse all tasks.
2 Click the task. 3 Depending on the task type you select, do one of the following:
If only one instance of the task is allowed, the new task is created. Single-instance tasks cannot be renamed. (Only Administration tasks) If the task contains more than one entity view, select a view to configure. This option is only available for administration tasks. Tasks that allow you to configure more than one entity are indicated with a plus sign on the task icon.
If more than one instance of the task is allowed, you are prompted to provide a task name. Enter the task name, and click Create.
22
Adding a task
NOTE This behavior can be changed in the User interaction tab in the Options dialog box. For more information, see "User interaction options" on page 685.
The new task is added to your task list.
Load a saved task

You can load tasks that you have previously saved as private or public tasks.
Private tasks. Tasks that you saved that are only available to you. Public tasks. Tasks that you or someone else saved that are available to the general public.
1 From the Home page, click the Private tasks or Public tasks page. 2 Click a task. The task you select opens.
23
Working with your current tasks

"Task list commands" on page 24 "Close the current task" on page 25 "Reordering tasks" on page 25 "Save a task" on page 26 "Send a task to another workstation" on page 27 "Change the taskbar position" on page 27 "Set the taskbar to auto-hide" on page 27
Task list commands

You can edit and work with your current tasks by right-clicking any tab in the task list.
Command
Description
Rename task Save Save as
Click to rename the selected task. Only tasks that accept multiple instances can be renamed. You can also select the task tab, and then click F2 to rename the task. Click to save any changes you made to a previously saved task. Click to save the task under a different name and scope (private or public). See "Save a task" on page 26.
24
Command
Description
Send Close task Close all tasks Close all other tasks Add to Favorites Remove from Favorites Save workspace
Click to send the selected task to another Security Desk user or workstation. See "Send a task to another workstation" on page 27. Click to close the selected task. See also "Close the current task" on page 25. Click to close all tasks in your current task list. Click to close all tasks in your current task list, except the selected task. Click to add the selected task to your Favorites list on the Home page. Click to remove the selected task from your Favorites list on the Home page. Click to save the current task list and workspace. The same tasks and workspace layout loads automatically the next time you log on to Security Desk with the same username. If you make changes to a task and save the workspace again, the previous configuration is lost. See also "Save a task" on page 26. Click to reorder the tasks in alphabetical order from left to right. See "Reordering tasks" on page 25. Click to hide the selector pane, the event pane, and the dashboard. Only the canvas tiles and task list are visible. This option is mainly used for the Monitoring task. Click to display the Security Desk window in full screen mode.
Sort by name Tiles only
Full screen
Close the current task

On the task tab, click
.
Reordering tasks
"Sort tasks by name" on page 25 "Reorder tasks manually" on page 26

Sort tasks by name
You can automatically reorder the tasks in the task list by name.
Right-click anywhere on the task list, and select Sort by name.
25
Reorder tasks manually

You can choose the task position in the task list manually.
Click and hold a task tab, and drag it to the desired position in the list.
Save a task
You can save your tasks permanently in either the private task list that only you can access, or in the public task list that everyone can access. The benefits for doing so are:
You can delete your task from your active task list and reload it when you need it. Public tasks can be shared with other users. Public tasks can be used as a report template with the Email a report action.
The task characteristics that are saved are:
The filter settings used by the task query. The report layout (choice and order of columns in the report). The canvas layout and the entities displayed in each tile.
NOTE The query results are not saved as part of the task definition. Only the query filters are saved. The results are regenerated every time you run the query.
To save a task in a permanent list: 1 Do one of the following:
Right-click the task tab, and click Save as. Use the CTRL+T keyboard shortcut.
NOTE A reporting task can be saved only when the query is fully qualified. You know that
your query is valid when the Generate report button in the Query tab is activated. 2 In the dialog box that appears, select the list you want to save your task to:
Private tasks. The task can only be accessed by you. Enter a name for the saved task, or select an existing one to overwrite it. Public tasks. Anyone can reuse your task. Enter a name for the saved task or select an existing one to overwrite it, and select the Partition that the task should belong to. The partition ensures that only certain users can view or modify this task.
3 (Optional) Rename the saved task.

TIP The saved task name should be descriptive. For example, a saved monitoring task that displays your parking lot cameras might be saved with the name Parking Lot - Monitoring. A saved investigation task that queries for video bookmarks added over the last day might be saved as Todays Bookmarks.
4 Click Save.
26
Send a task to another workstation

You can send your current tasks to another Security Desk user on another workstation. This could be helpful if youve selected specific cameras to monitor and you want to share the task with someone else. Or, perhaps youve configured the query filters for a certain investigation task, and you want somebody else to run the same report. 1 Open the task you want to send. 2 (Optional) Configure the task.
EXAMPLE Modify the tile layout, display certain cameras, configure query filters, add
entities to be monitored, etc. 3 Right-click the task tab, and then click Send. The Send task dialog box opens. 4 Click . 5 Depending on whether you want to send the task to a user or a workstation, set the UserMonitor toggle switch to the appropriate type of recipient. 6 Select your recipient. 7 (Optional) If you are sending the task to a user, write a message in the Message field. 8 Click Send. The recipient receives a pop up message explaining that someone has sent them a task. They are prompted to accept the task before it loads in their Security Desk.
Change the taskbar position

You can configure the taskbar to appear on any edge of the Security Desk window. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683. 3 From the Taskbar position drop-down list, select the edge where you want the taskbar to appear. 4 Click Save.
Set the taskbar to auto-hide

You can configure the taskbar to appear only when the mouse cursor hovers over the edge where the taskbar is located. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683.
27
3 Select the Auto-hide the taskbar option.

NOTE This option hides both the taskbar and the notification tray. See "Notification tray" on page 684.
4 Click Save.
28
4
Working with reports
"Generate a report" on page 30 "Export and print your report" on page 31 "Customize the report pane" on page 32
29
Generate a report
Generate a report
To generate a report for any task, you need to set the query filters, and then run the query. After you generate the report, you can work with your results. 1 Select an existing reporting task, or create a new one. See "Adding a task" on page 22. 2 Use the filters to create a customized search. 3 Click Generate report to run the query. If there are invalid filters, the Generate report button is unavailable. If your query returned too many results, you receive a warning message. Fine tune your query and run it again. The query results are displayed in the report pane.
NOTE The maximum number of report results you can receive in Config Tool is 10, 000. By
default the maximum number of results is 2000. This value can be changed from the Options dialog box. See "Performance options" on page 689. 4 (Optional) Customize your query results. You can select the columns you want to show in your report, change the width and order of the columns, and sort the rows. See "Customize the report pane" on page 32. 5 Work with the query results. Depending on the items in the query results, you can print the report, or save the report as an Excel or PDF document. See "Export and print your report" on page 31. 6 Save the report as a template. Save the reporting task (query filters and report layout) as a report template that can be used with the Email a report action.
30
Export and print your report
Export and print your report

"Export your report" on page 31 "Print your report" on page 31
Export your report

In every reporting task, you can export your report once it is generated. 1 At the top of the report pane, click Export report. The Save report as dialog box appears.
2 Select the file format. You must select CSV, Excel, or PDF file format. If you choose CSV format, you must also specify where the attached files, such as cardholder pictures or license plate images, are to be saved. 3 Select the destination file name. 4 Click Save.
Print your report

In every reporting task, you can print your report once it is generated. 1 At the top of the report pane, click Print report. The Report preview dialog box appears.
Click Print (
) in the preview window, and select a printer.
You can also export the report as a Microsoft Excel, Word, or Adobe PDF document.
31
Customize the report pane

Once you have generated your report, you can customize how the results are displayed in the report pane, such as re-ordering the rows and columns, choosing which columns to display, and so on. This section includes the following topics:
"Resize columns" on page 32 "Select columns" on page 32 "Change the column order" on page 33
Resize columns
You can change the column width in the report pane in any task.
Click between two column headings and drag the separator to the right or to the left.
Select columns
You can choose which columns to show or hide in the report pane. 1 In the report pane, right-click on a column heading, and then click Select columns ( A dialog box showing all available columns for your report appears. ).
32
2 Select the columns you want to show, and clear the columns you want to hide.
3 To change the column order of appearance, use the 4 Click OK.
and
arrows.
5 (Optional) To save your column selection, right-click in the taskbar, and then click Save workspace.
Change the column order

You can change the column order in the report pane in any task. 1 Click and hold a column heading in the report pane, and drag it to the desired position. 2 Repeat for all the columns you want to move.
33
Part II
Security Center administration
Learn about administration tasks for configuring your system. This part includes the following chapters: Chapter 6, Common administrative tasks on page 46
5
Basic principles about entities
"Entities as basic building blocks" on page 36 "Configuring entities" on page 37 "Searching for tasks and entities" on page 42 "Delete an entity" on page 45
35
Entities as basic building blocks
Entities as basic building blocks

Everything that requires configuration in Security Center is represented by an entity. Entities are the basic building blocks of Security Center. An entity can represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module. Configuring your system is about creating and configuring the entities required to model your system. For more information about the Administration tasks you can use to configure the entities in your system, see Chapter 15, Administration tasks on page 611.
36
Configuring entities
As the basic building blocks of Security Center, most entities must be created manually. Other entities, such as those representing hardware devices connected to your system, must be discovered by Security Center. This section includes the following topics:
"Create an entity manually" on page 37 "Common entity attributes" on page 38 "Entities created automatically by the system" on page 39 "Using geographical locations" on page 40 "Further readings on entity configuration" on page 40
Create an entity manually

All entities are manually created by specialized entity creation wizards in Config Tool. All the administration tasks allow you to create every entity type. The difference is how quickly you can get to the wizard you want. Every administration task is designed to favor a certain family of entities, so it is helpful to know them well. 1 From the Home page in Config Tool, open the administration task that is most appropriate for the type of entity you want to create. 2 At the bottom of the task workspace, click Add an entity ( has. ) or whatever name this button
If this button has an entity type name, it will immediately open the corresponding entity creation wizard. If not, youll need to click a few more times to find the entity type you want to create. 3 Follow the steps in the entity creation wizard to guide you through the creation process. Most wizards start with a first step called Basic information. For more information, see "Common entity attributes" on page 38. After you are done: Most wizards only help you create the entity. You might need to perform more configuration work before the entity is usable. For more information, see "Further readings on entity configuration" on page 40.
37
Common entity attributes

During the entity creation process, you must always go through a step (usually the first step) called Basic information. The following screenshot is for a user entity.
You will be asked to enter the following information:
Entity name. This name identifies the entity everywhere in the Config Tool. You can create
two entities with the same name (except for user entities), but it is not recommended. In some cases, a default entity name is created for you, but you can override it.
Entity description. Optional information regarding the entity. Partition. Partitions are logical groupings used to control the visibility of certain entities by
certain users on the system. Only users with permission to use a partition can see the entities placed in that partition. You have the following choices:
Existing partition. Allows you to select an existing partition from a drop-down list. Selecting Public partition makes the entity visible to everyone on the system. New partition. Allows you to create a partition before placing the new entity in it. System partition. Puts the new entity in the System partition. Only administrators can view and modify entities belonging to the System partition.
TIP If you are not planning to divide your system into partitions, it is better to leave everything in the Public partition rather than the System partition.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 38
For more information on partitions, see "Defining partitions" on page 90.
Entities created automatically by the system

Not all entities in the system are created manually. Some are discovered by the system, while others support both automatic and manual creation. As a general rule, the system requires a live connection to a hardware device before the entity representing it can be created. The following table lists the special cases:
Icon Entity type Automatic creation Manual creation
Server Network Access control unit Video unit
Always. Adding a new server automatically creates a new network. Only for units that support automatic discovery. See "What is automatic discovery?" on page 196. Only for units that support automatic discovery. See "What is automatic discovery?" on page 196. Always. Camera (or video encoder) entities are created when the encoding video units are added to your system. Always. Analog monitor (or video decoder) entities are created when the decoding video units are added to your system. Fixed LPR units are discovered by the LPR Manager roles. Mobile LPR units (mounted on patrol vehicles) are added when the Patroller entities are added. Always. Never. Created by the Intrusion Manager role when the intrusion panel is enrolled.
Not supported. Supported, but generally not required. Supported, but requires a live connection to the unit. Supported, but requires a live connection to the unit. Not supported.
Camera (video encoder)
Analog monitor
Not supported.
LPR unit
Supported for fixed LPR units, but generally not required.
Patroller Intrusion detection unit Intrusion detection area
Not supported. Supported, but requires a live connection to the intrusion panel. Supported only if the Intrusion Manager cannot read the area configurations from the unit.
39
Using geographical locations

The geographical location (latitude, longitude) of the entity has several different uses. For example, for video units, it is used for the automatic calculation of the time the sun rises and sets on a given date. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated with the LPR unit on the map in Security Desk. To set the latitude and longitude: 1 In the Location tab of an entity, click Select. A map window appears. 2 Navigate to the location of your entity on the map. You can click and drag to zoom in, zoom out, and pan. 3 Click Select in the map window. The cursor changes to a cross. 4 Click on the desired location on the map. A red pushpin appears on the map. 5 Click OK. The latitude and longitude fields are filled with the coordinates of the location you clicked on the map. For more information, see "Location" on page 336.
Further readings on entity configuration

Entity configuration is the biggest part of a system administrators job. Depending on the type of system you have, your configuration strategy might be quite different. The following chapters deal with general configuration strategies:
"Common administrative tasks" on page 46 "Deploying Omnicast" on page 186 "Deploying Synergis" on page 251 "Deploying AutoVu" on page 329
Regarding the specific settings available for each entity type, please refer to the following chapters under Part V Config Tool reference.
"Entity types" on page 331 "Role types" on page 510

Finally, a number of tools are available through the Config Tools Home page Tools menu that are specifically geared towards entity configuration. They are:
"Copy configuration tool" on page 668 "Going through the import steps" on page 658
"Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655
41
Searching for tasks and entities

If you cannot find the tasks, tools, or entities you need, there are three ways you can search for them in Config Tool:
"Search for a task" on page 42 "Search for entities by name" on page 43 "Search for entities using the Search tool" on page 43
Search for a task

The easiest way to find a task or tool is to use the search from Config Tools Home page. 1 From the Home page, type in the Search box. All tasks, tools, and entities in your system whose name or description contains your search text appear in the Home page.
2 Click a task or a tool to open it, or click an entity to jump to that entitys configuration page. 3 Click Clear filter ( ) to stop filtering your tasks.
42
Search for entities by name

If you cannot find the entity you need in a task, you can use the name search to reduce the number of entities listed in the selector. 1 In the Search box in the selector, type the entity name you are searching for. 2 Click Search ( ).
Only entities with names containing the text you entered are listed. 3 Click Clear filter ( ) to stop using the search filter.
Search for entities using the Search tool

In many Config Tool tasks, you can apply a set of filters to find the entities you need using the Search tool. The filters available depend on the task you are using. For example, in the Health history task, you can filters entities by name, description, entity type, and partition. 1 In the Search box in the selector, click Apply a custom filter ( The Search window opens. 2 Use the filters to specify your search criteria.
).
To turn on a filter, click on the filter heading. Active filters are shown with a green LED ( ). To turn off a filter ( ), click on the filter heading. icon to see why the filter is
NOTE Invalid filters are shown in red. You can point to the
invalid. 3 Click Search ( ). The search results appear on the right. The total number of results is displayed at the bottom of the list. 4 (Optional) Click Select columns ( 5 Select the entities you want. ) to choose which columns to display in the result list.
43
TIP Hold the CTRL key for multiple selections. Click pages of results.
and
to scroll through multiple
6 Click Select. Only the entities you selected appear in the selector. 7 Click Clear filter ( ) to stop using the search filter.
44
Delete an entity
Delete an entity
You can delete entities that you have manually created, and those that were discovered automatically by the system. Before you begin: If the entity was automatically discovered, it must be offline or inactive (shown in red) before you can delete it. 1 Select the entity in the Logical view. 2 In the contextual command toolbar, click Delete ( ). 3 In the confirmation dialog box that appears, click Delete.
45
6
Common administrative tasks
This section explains the basic tasks required to configure Security Center. This section includes the following topics:
"Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring Security Center for high availability" on page 60 "Configuring role failover" on page 61 "Configuring Directory failover and load balancing" on page 66 "Configuring Directory database failover" on page 71 "Monitoring your systems health" on page 75 "Managing the Network view" on page 82 "Managing the Logical view" on page 85 "Managing software security" on page 89 "Automating system behavior" on page 103 "Managing alarms" on page 111 "Managing threat levels" on page 117 "Federating remote systems" on page 128 "Defining custom fields and data types" on page 136 "Integrating with Windows Active Directory" on page 140 "Managing intrusion panels" on page 155 "Managing zones" on page 160 "Supporting cross-platform development" on page 164 "Creating tile plugins" on page 165
46
Managing servers and roles

Every Security Center system requires its own pool of servers to run the systems functions. As system administrator, you must ensure that enough computing power is available for your system to carry out its required load. For more information, see "Architecture overview" on page 6. This section includes the following topics:
"Add an expansion server to your system" on page 47 "Managing servers" on page 48 "Managing roles" on page 49 "Diagnose role problems" on page 51
Add an expansion server to your system

You can add expansion servers to your system at any time to increase the total computing power of your system. 1 Install Genetec Server on the computer that you want to add to the server pool. Genetec Server is installed as part of Security Center Server. For more information, see Install an expansion server in the Security Center Installation and Upgrade Guide. 2 Connect that computer to the Security Centers main server. The main server is the one that hosts the Directory role. This is done with the Server Admin through a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. 3 Open Config Tool on any workstation. 4 From the Home page, open the Network view task. The server you just added should appear in the network tree. The name of the server entity should match the domain name of the server. 5 Select the new server entity, and click the Properties tab. If the server is used as the proxy server for a private network protected by a firewall, set its Public address and Port as configured by your IT department. For more information, see Server "Properties" on page 472. 6 Click Apply. The new server is now ready to take on any role you wish to assign to it.
47
Managing servers
After Genetec Server is installed on a machine, you can change its password and other settings using Server Admin. Server Admin is a Web application running on every machine where the Genetec Server service is installed. It allows you to change the settings of that particular server. For more information, see Server "Server Admin" on page 473.
Open Server Admin using Internet Explorer

You can access Server Admin on any server in your system using Microsoft Internet Explorer, which allows you to fully configure that server. Before you begin: You need to know the servers DNS name or IP address, the Web server port, and the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 Do one of the following:
In the address bar of your Web browser, type http://machine:port/Genetec, where machine is the DNS name or the IP address of your server, and port is the Web server port specified during Security Center Server installation. You can omit the Web server port if you are using the default value (80). If connecting to Server Admin from the local host, then double-click the Genetec Server Admin icon in the Genetec Security Center 5.2 program folder.
A dialog box requesting a password appears. 2 Enter the server password, and click Log on. The Genetec Security Center Server Admin page appears in your browser. After you are done: Configure the server. See "Server Admin" on page 473.
Open Server Admin using Config Tool

You can access Server Admin on any server in your system using Config Tool, without requiring a server password or port number. When you open Server Admin from Config Tool, you cannot upgrade or restore the Directory database. Before you begin: You need to know the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 From the Home page in Config Tool, open the Network view task. 2 Select the server you want to configure, and click the Server Admin tab. 3 Click Log on. The Genetec Security Center Server Admin page appears in the Server Admin tab. After you are done: Configure the server. See "Server Admin" on page 473.
Convert a main server to an expansion server

When a computer comes pre-installed with Security Center, the Main server configuration is always used by default. You might need to convert a main server to an expansion server since only one main server is allowed per system. Before you begin: Make sure you have another main server to connect to before you decommission your current main server. For more information, see Install Security Center on a main server in the Security Center Installation and Upgrade Guide. 1 Log on to Server Admin on your computer using a Web browser (Internet Explorer). For this operation, using the Config Tool wont work. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 In the Server Admin page, click the Genetec Server tab. 3 Scroll to the end of the browser page and click Deactivate Directory. This operation will restart Genetec Server. 4 Log on again to Server Admin. This time, the Directory tab should not appear. 5 Scroll to the section labelled Main server connection, and configure the name and password of the main server it is supposed to connect to.
6 Click Apply.
Managing roles
What is a role?
A role is an entity in Security Center that defines the following:
A specific set of functions (role type) that should be performed by the system, such as the
management of video units and associated video archives.
A specific set of parameters (role settings) within which the system should operate, such as
the retention period for the video archives, or the database the system should use.
The servers that should be hosting (running) this role.

After a role has been defined, it can be moved from one server to another without requiring changes on the server or additional software installed. The process might cause a short pause in the roles operations.
49
Some roles can spawn subprocesses (called agents) and execute them simultaneously on multiple servers for greater scalability.
Create a role entity

Create roles to add or extend the functionality of your system. For more information about the role types available in Security Center, see "Role types" on page 510. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, click Add an entity ( ), and select a role type. 3 From the Server drop-down list, select the server assigned to this role. 4 Select the database server database, and click Next. For the Database server, the path you indicate is relative to the selected server. 5 Enter the Basic information for this role, and click Next. For more information, see "Common entity attributes" on page 38. 6 Confirm the information displayed on the Creation summary page. 7 Click Create, and click Close. The new role entity is created. 8 Select the roles Resources tab to configure the role server and database.
To use a different database than the default, see "Create a database" on page 55. To switch the role to a different server, see "Move a role to a different server" on page 50. To ensure the availability of the role in case of hardware failure, see "Configure failover for roles" on page 64.
9 Configure other role properties if necessary. For more information, see "Role types" on page 510. 10 Click Apply. The new role should be active and running. If not, see "Diagnose role problems" on page 51.
Move a role to a different server

Before you begin: Make sure you have another server configured and ready to accept a new role. For more information, see "Add an expansion server to your system" on page 47.
NOTE The following procedure does not apply to the Archiver role.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to modify. 3 Click the Resources tab. 4 If the role requires a database, do one of the following:
If the database resides on a third computer, you have nothing to change.
50
If the database is empty, you can create it anywhere you want. See "Create a database" on page 55. If the database contains data and is residing on the current server, you need to move the database to the new server or to a third computer. See "Move a database to a different computer" on page 53. ).
5 Under the Servers list, click Add an item (
A dialog box appears with all available servers on your system. Select the substitute server and click Add. 6 Select the current server in the Servers list, and click Delete ( 7 Click Apply. The role now runs on the new server. ).
Deactivate a role
A role can be deactivated for maintenance purposes. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to deactivate. 3 In the Contextual commands toolbar, click Deactivate role ( The role turns red (inactive) in the browser.
TIP To reactivate the role, click Activate (
).
) in the Contextual commands toolbar.
Diagnose role problems

A role that is not properly configured is displayed in yellow in the Role view. The diagnostic tool can help you troubleshoot your problem. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to troubleshoot. 3 In the Contextual commands toolbar, click Diagnose ( ). A troubleshooting window opens, showing the results from the diagnostic test performed on the selected role. Click Refresh ( ) to rerun the tests. 4 Click Close to end the diagnosis.
51
Managing databases
Managing databases
Most roles require a database to store the data they collect. Managing those databases is an important part of the system administrators responsibilities. This section includes the following topics:
"Common database settings" on page 52 "Where should the database be hosted?" on page 53 "Move a database to a different computer" on page 53 "Connect roles to a remote database server" on page 54 "Create a database" on page 55 "View information about a roles database" on page 56 "Turn on role database notifications" on page 57 "Back up your role database" on page 57 "Restore your role database" on page 58 "Delete a database" on page 59
Common database settings

All roles requiring a database have a group of settings related to that database in the roles Resources tab, as illustrated below.
From this group of settings, you can check the current status of the database, and perform the following maintenance functions:
Button Command For more information
Create a database Delete the database
See "Create a database" on page 55. See "Delete a database" on page 59.
52
Managing databases
Button
Command
For more information
Database info Notifications Resolve conflicts Database backup
See "View information about a roles database" on page 56. See "Turn on role database notifications" on page 57. See "Resolve conflicts for Access Manager roles" on page 515. See "Back up your role database" on page 57.
Where should the database be hosted?

By default, the roles database is hosted on the same server that hosts the role. This is shown in the roles Resources tab by the value(local)\SQLEXPRESS in the Database server field. If you plan to change the server hosting the role, or add secondary servers for failover, the database must be hosted on a different computer. For information about setting up a remote database server, see "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54.
NOTE The computer hosting the database server does not have to be a Security Center server (meaning a computer where Genetec Server service is installed), unless you are configuring Directory database failover using the backup and restore method.
Move a database to a different computer

If you want to change the server hosting a role, or add secondary servers for failover, you must host the roles database on a different computer.
NOTE This procedure is not necessary for the Archiver role. For Archiver roles, it is recommended to host the database locally.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role whose database you want to relocate. 3 In the Contextual commands toolbar, click Deactivate role ( 4 Click the Resources tab. 5 Back up the current database. See "Back up your role database" on page 57.
TIP Since the backup folder is relative to the current server, it might be a good idea to select a network location that can be reached by any server on your system.
).
6 (Optional) Delete the current database. See "Delete a database" on page 59. 7 Create the database on the new machine. See "Create a database" on page 55. 8 Restore the backed up content to the new database. See "Restore your role database" on page 58. 9 Click Apply.
53
Managing databases
10 In the Contextual commands toolbar, click Activate (
).
Connect roles to a remote database server

If a roles database is hosted on a different computer than the role, you must configure the remote database server (SQL Server) to accept connection requests from the role. 1 On the computer hosting SQL Server, open the TCP port 1433 on Windows Firewall. 2 Enable remote connection on your SQL Server instance. a Open Microsoft SQL Server Management Studio and connect to the database server used by Security Center. b In the Microsoft SQL Server Management Studio window, right-click the database server ( ) in the Object Explorer, and select Properties. c In the Server Properties window, select the Connections page. d Under the section Remote server connections, select the option Allow remote connections to this server. e Click OK and close Microsoft SQL Server Management Studio. 3 Make your SQL Server instance visible from the SQL Server Browsers installed on other computers on your network. a Open Microsoft Management Console Services (services.msc). b Start the service named SQL Server Browser. c Right click the SQL Server Broswer server, and click Properties. d In the General tab, from the Startup type drop-down list, select Automatic. This SQL Server instance is now available from the Database server drop-down list of any roles Resources tab in Config Tool. 4 Enable Named Pipes and TCP/IP protocols on your SQL Server instance. a Open SQL Server Configuration Manager. b Expand the SQL Server Network Configuration section, and select the protocols for your database server instance (for example, Protocols for SQLEXPRESS). c Right-click the Named Pipes and TCP/IP protocols, and set the status to Enabled.
54
Managing databases
d Close SQL Server Configuration Manager. 5 Restart your SQL Server instance to enable the settings you have changed. a Open Microsoft Management Console Services (services.msc). b Right-click the SQL Server instance service (for example SQL Server (SQLEXPRESS)), and click Restart. 6 On every server that hosts your Security Center roles, change the logon user of the Genetec Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open Microsoft Management Console Services (services.msc). b Right-click the Genetec Server service, and click Properties. c In the Log on tab, select the This account option, and type an administrator Account name and Password. d Click Apply > OK. 7 On every server that might be used to host your Security Center roles, change the logon user of the SQL Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open SQL Server Configuration Manager. b Click SQL Server Services. c Right-click the SQL Server service, and click Properties. d In the Log on tab, select the This account option, and type an administrator Account name and Password. e Click Apply > OK.
Create a database
You might need to create a new database, overwrite the default database assigned to your role by the system, or select a different database prepared by your companys DBA group if you plan on using a dedicated database server. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, select a role, and click the Resources tab 3 From the Database server drop-down list, type or select the name of the database server. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server 2008 Express Edition that was installed by default with Genetec Security Center Server. To specify a database server on a different server than the one hosting the role, enter the name of that remote server. 4 From the Database drop-down list, type or select the name of the database. The same database server can manage multiple database instances. 5 Click the Create a database command. 6 Specify the database creation options.
Managing databases
CAUTION If you select the Overwrite existing database option, all current content of the
selected database is lost. If you need to create a backup first, see "Back up your role database" on page 57. 7 Click OK. The database creation starts. A window appears, showing the progress of this action. You can close this window, and review the history of all database actions later on by selecting Database actions from the View menu. 8 Wait until you see Database status indicating Connected. 9 (Optional) See "Turn on role database notifications" on page 57. 10 Click Apply. The Status of the Database status field should indicate Connected.
View information about a roles database

You can view information about a roles database, such as the database and database server versions, how much disk space is available, the number of archived events, and so on. The database information provided varies depending on the role. You might be asked to provide information on a roles database when you contact Technical support. To view a roles database information: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Database info (
).
The following information can be displayed, depending on the role: Database server version. Software version of the database server. Database version. Schema version of the roles database. Approximate number of events. (Also called Approximate number of archived events and Event count) Number of events that are stored in the roles database. Source count (Archiver and Auxiliary Archiver only). Number of video sources (cameras) that have archives. Video file count (Archiver and Auxiliary Archiver only). Number of video files. Size on disk. Size of the Database files.
56
Managing databases
Turn on role database notifications

You can configure the role to send you an e-mail notification when the database space is running low. Before you begin: To make sure that the email notification is sent, configure the SMTP and Watchdog settings on the server hosting the role. See "Server Admin" on page 473. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Notifications (
).
4 In the dialog box that opens, set the following options: Disk space. Sends a notification when the remaining free space falls below a certain threshold (in GB). Database usage. Sends a notification when the used space reaches a certain percentage. This option is only for the Express edition of SQL Server, whose database size is limited to 4 GB for the 2005 version, and 10 GB for 2008 R2. If you are using a full edition of SQL Server, this option has no effect.
5 Click OK.
Back up your role database

You can protect the data in a roles database by regularly backing up the database. The backup file is created with the file extension BAK. The name of the file is the database name, followed by _ManualBackup_, followed by the current date (mm-dd-yyyy). Best practice: Always back up your databases before an upgrade. To backup your role database: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore ( The Backup/Restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Backup folder field, click Select folder ( and select the folder where you want to save the backup file. running Config Tool. 5 Click Backup now. A backup file is created in the backup folder. ), ).
NOTE The path is relative to the server hosting the role, not to the workstation where you are
57
Managing databases
Setting up an automatic backup

For extra protection, configure the database backup to be performed periodically. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore ( ). 4 In the Backup/Restore dialog box, switch the Enable automatic backup option to ON. 5 Select the day and time to perform the backup (every day or once a week).
TIP It is a good idea to stagger the backup operations if several different databases need to be
backed up on the same machine. 6 Specify how many backup files you want to keep.
NOTE The backup files you create manually are not counted in that number.
7 Click OK > Apply. The automatic backup starts at the next scheduled date and time.
Restore your role database

You can restore an old database Before you begin: Back up the current database before you restore an old database. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore ( The backup and restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Restore folder field, click Select folder ( and select the backup file you want to restore. running Config Tool. 5 Click Restore now. The current content of the database is replaced by the content restored from the backup file. ), ).
NOTE The path is relative to the server hosting the role, not to the workstation where you are
58
Managing databases
Delete a database
To free up disk space, delete databases you no longer use. 1 From the Database drop-down list in the Resources tab of a role, select the database you want to delete.
NOTE This does not need to be your current database.
2 Click Delete the database (
).
CAUTION A confirmation dialog box appears. If you continue, the database is permanently deleted. Clicking Cancel in the Config Tool toolbar will not restore it!
3 Click Delete in the confirmation dialog box. The database instance is permanently deleted. 4 Do one of the following:
If a database is already created for your role, click Cancel in the Config Tool toolbar. If there was no database created for your role, create a new database. See "Create a database" on page 55.
5 Click Apply.
59
Configuring Security Center for high availability
Configuring Security Center for high availability

To ensure that there is uninterrupted access and data protection for your system, Security Center offers the following high availability features:
Directory failover. Ensure that the Directory role is still available if its primary server fails
(see "Configuring Directory failover and load balancing" on page 66). The Directory role handles failover for all other roles, so it is important that the Directory role is available at all times.
Directory load balancing. A benefit of Directory failover. The Directory can run
simultaneously on up to 5 servers to share the workload of the Directory role. All servers that are set up for Directory failover are automatically used for load balancing.
Database failover (only for Directory role). Protect the Directory database, using one of
the following methods:
Backup and restore. Regularly backup your database, and restore it if a failover occurs. Microsoft SQL Server Database Mirroring. The database instances are kept in synch by Microsoft SQL Server.
For more information, see "Configuring Directory database failover" on page 71.
Archiver failover. Ensure that the Archiver role and the video archives are still available if
the Archivers primary server fails (see "Protecting your video archive against hardware failure" on page 227).
Other role failover. Ensure that other roles in your system are still available if their primary
server fails (see "Configuring role failover" on page 61). If the role database must be protected, you should consider one of the following third party solutions: SQL Server Clustering or Database Mirroring.
NEC ExpressCluster X LAN. Third party solution for roles that do not support failover.
For more information, see Security Center Installation Guide for NEC Cluster. Click here for the most recent version of this document.
Windows 2008 Server failover cluster. Third party solution for roles that do not support
failover. For more information, see Security Center Installation Guide for Windows Cluster. Click here for the most recent version of this document. Other ways you can ensure high availability are to detect problems early, and prevent those problems from reoccurring. For more information, see "Monitoring your systems health" on page 75.
60
Configuring role failover

This section explains what role failover is, and how to configure it. This section includes the following topics:
"How role failover works in Security Center" on page 61 "Which roles support failover" on page 62 "Configure failover for roles" on page 64 "Troubleshooting failover" on page 65
How role failover works in Security Center

Role failover is a backup operational mode where a role is transferred from its primary server to a standby server if the primary server becomes unavailable, either through failure or scheduled down time. Role failover is managed by the Directory role.
Primary server. Server that normally hosts a role for it to work on the system. Secondary server. Standby servers that are assigned to a role to keep it running in case the
primary server becomes unavailable. There is no limit to the number of secondary servers you can assign to most roles. However, the more servers you add, the less cost-effective it might be for you. The secondary server for one role can be the primary server for another role, provided that both servers have enough resources (CPU, memory, disk space, and network bandwidth) to handle the combined load of both roles in case of a failover.
IMPORTANT Security Center does not handle database failover, except for the Directory role. Besides performing regular backups of your database, one solution you might consider to protect your data is to use SQL Server Clustering or Database Mirroring.
61
Before failover, a role is hosted on the primary server, and connects to a database server hosted on a third computer. When the primary server fails, the role automatically fails over to the secondary server and reconnects to the same database server.
Before failover
Primary server (hosting the role) Secondary server (on standby)
After failover
Primary server (failed) Secondary server (hosting the role)
Fails over Role Role
Database server
Database server
Which roles support failover

The following table lists which Security Center roles support failover, the failover approach they use, and any special constraints they might have.
Role Supports failover Exceptions
Access Manager
Yes, configured
Only supported with Synergis Master Controller (SMC). For more information, see the Synergis Master Controller Configuration Guide.
Active Directory Archiver
Yes Yes Can only have one secondary server. Each server requires a separate database, hosted locally, or on another computer. See "About Archiver failover" on page 227.
Auxiliary Archiver
No. It ensures that video archives are still available if the main Archiver fails. Yes Can run simultaneously on up to five servers. Also supports Directory database failover. See "Configuring Directory failover and load balancing" on page 66.
Directory
Directory Manager
No. It manages the Directory failover and load balancing.
62
Role
Supports failover
Exceptions
Global cardholder synchronizer Health Monitor Intrusion Manager
Yes Yes Yes Only when the intrusion panels are connected using IP. Failover is not supported if the intrusion panels are connected using serial ports. Extra resources must be shared between the primary and secondary servers. The Root folder of the role must point to a UNC location that all servers have access to. File paths of hotlist and permit entities must be entered as a UNC location accessible to all servers. Also, the WatermarkEncryptionParameters.xml file located in the installation folder of the primary server must be copied to the secondary servers. The primary and secondary servers can each have a separate database, hosted locally, or on another computer.
LPR Manager
Yes
Media Router Omnicast Federation Plugin Point of sale Report Manager Security Center Federation Web-based SDK Zone Manager
Yes Yes Yes Yes Yes Yes Yes Yes
63
Configure failover for roles

To configure failover for roles on your system, you must select secondary servers to be on standby in case the primary server hosting the role becomes unavailable. Before you begin: For roles that require a database (except for the Archiver), the database must be hosted on a different computer than the primary and secondary servers, and all the servers must be able to communicate with the database server. See "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to configure failover for. 3 Click the Resources tab where the roles primary server is listed. 4 Under the Servers list, click Add an item ( ). A dialog box listing all remaining servers on your system not assigned to the role appears. 5 Select the server you want to add as a secondary server, and click Add. The secondary server is added below the primary server. The green LED indicates which server is currently hosting the role. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. When the primary server fails, the role automatically switches to the next server in the list.
6 After a failover occurs, if you want the primary server to take control of the role once it is restored, select the Force execution on highest priority server option. By default, the role remains on the secondary server after a failover occurs to minimize system disruptions. 7 Click Apply. 8 To make the new server the primary server: a Select it in the list, and click to move it to the top of the list. b Select the Force execution on highest priority server option, and click Apply. After a few seconds, the green LED moves to the new server, indicating that it is now the one hosting the role.
64
Troubleshooting failover
If you encounter problems when trying to configure failover for your system. check the following:
Make sure the correct ports are open on your network.

See "Default Security Center ports" on page 776.
Make sure your database connections are configured properly, and that the servers being
used for failover can communicate with the database server. See "Connect roles to a remote database server" on page 54.
Make sure the database path is correct in the Server Admin.

See Server Admin - "Database" on page 474.
Make sure the Genetec Server and SQL Server services are running under a local Windows
administrator user account. See "Connect roles to a remote database server" on page 54.
(Directory database failover using Backup/Restore method only) Make sure that the user
account has access read/write access to the backup folder.
(Directory database failover using Backup/Restore method only) Make sure that the
Genetec server is installed on the remote database server. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide.
65

This section explains what Directory failover is, what load balancing is, and how to configure it. This section includes the following topics:
"How Directory failover and load balancing works" on page 66 "Directory failover and load balancing prerequisites" on page 67 "Add a server to the Directory failover list" on page 68 "Modify the license for all servers" on page 68 "Change the order of the Directory servers" on page 69 "Manually switch the main server" on page 69 "Remove a server from the Directory failover list" on page 70 "Bypass default load balancing" on page 70
How Directory failover and load balancing works

The Directory service is available as long as its two components are available:
Directory role. Manages your system configuration, and handles failover for all other roles. Directory database. Stores your system configuration.
The Directory Manager role handles Directory failover and load balancing for your system. It manages failover for the Directory role and Directory database independently, allowing you to have separate lists of servers assigned to host the two components. These two lists of servers can overlap or be completely separate.
NOTE There can only be one Directory Manager role in your system. It is created automatically when your software license supports multiple Directory servers.
Differences between Directory servers and the main server

To configure Directory failover and load balancing, you must know the difference between Directory servers and the main server.
Directory server. Servers assigned to host the Directory role. The Directory role can run on
five Directory servers simultaneously for load balancing. They distribute the workload for credential authentication, software license enforcement, Directory database report queries, and so on. Users can log on to Security Center through any of the Directory servers. By default, the Directory Manager redirects the connection requests across all Directory servers in a round robin fashion. To change this behavior, see "Bypass default load balancing" on page 70.
66
Main server. The main Directory server in your system (
). It has full read/write access to the Directory database. If your system is configured for Directory failover and load balancing, the additional Directory servers ( ) only have read access to the database.
When a Directory server fails, only the client applications connected to Security Center through that server must reconnect. If the main server fails, then all clients on the system must reconnect, and the responsibility of being the main server is passed down to the next Directory server in the failover list.
Directory failover and load balancing prerequisites

Before you can configure the Directory for failover and load balancing, make sure you have the following:
Your Security Center license must support multiple Directory servers. If you need to update
your license, see Activate license in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
Your System ID and Password, found in the Security Center License Information document.
Genetec Technical Assistance sends you this document when you purchase the product. All servers you plan to use as Directory servers must be up and running as expansion servers. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide. For all the expansion servers you plan to use as Directory servers, make sure their general properties configured in Server Admin are the same as those of the main server. This ensure that your data, such as the alarm retention period and so on, is stored for the same amount of time. For information about configuring Directory properties in the Server Admin, see "Server Admin" on page 473.
The Directory database must be hosted on a remote computer from the Directory servers.
See "Move a database to a different computer" on page 53. The database server must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54.
67
Add a server to the Directory failover list

You can convert up to five expansion servers into Directory servers to be used for load balancing and failover.
IMPORTANT Do not try to add a server to the Directory failover list by activating the Directory
on that expansion server with Server Admin. This action disconnects the server from your current system and transforms it into the main server of a new system. Before you begin: Read "Directory failover and load balancing prerequisites" on page 67. 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 4 Click Add an item ( ). ), and then click the Directory servers tab.
5 In the dialog box that appears, select the server you want to add, its connection port (default=5500), and click Add. The server is added to the failover list. 6 To add more Directory servers, repeat Step 4 and Step 5. You can add up to five Directory servers. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. If the main server fails, the role switches to the next server in the list, and that server becomes the main server. 7 Update your license to include the servers youve just promoted to Directory Servers. For more information, see "Modify the license for all servers" on page 68. 8 Click Apply. The expansion servers are converted into Directory servers and the updated license is applied to all Directory servers in the list. Client applications and roles on expansion servers can connect to Security Center using any of the Directory servers.
Modify the license for all servers

You must update your Security Center license every time you make a change to the list of servers assigned to host the Directory role. 1 In the Directory servers tab, click Modify license for all servers. The following dialog box appears. 2 In the License management dialog box, update your license in one of the following ways:
Web activation. (Recommended) Activate your license via Internet. In the dialog box that appears, enter your System ID and Password and click Activate. Manual activation. Update and activate Security Center manually using license file. For more information, see "Manual license activation" in the Security Center Installation and Upgrade Guide.
68
Change the order of the Directory servers

The first server in the Directory server list is your default main server. After a Directory failover, the next server in the list becomes the new main server ( ).To minimize the number of system disruptions (disconnection and re-connection), the responsibility is not automatically transferred back to the original main server once it is back online. You can change this behavior in the Directory servers tab. To change the order of the servers in the Directory failover list: 1 In the Directory servers tab, select a server in the list. 2 Click Up ( ) or Down ( ) to move the Directory servers up or down in the list. 3 To force the first server in the failover list as the main server whenever it is available, select Force the first server in the list to be the main server option. By default, the role remains on the Directory server that becomes the main server when failover occurs. 4 Click Apply.
Manually switch the main server

If necessary, you can manually assign any server in the Directory failover list to be the main server. For example, when maintenance work needs to be done on the current main server. 1 In the Directory servers tab, select a server. 2 Click Activate main server ( 3 Click Continue. All client applications and roles are disconnected, the main server switches to the Directory server you selected, and all applications and roles reconnect. ).
69
Remove a server from the Directory failover list

IMPORTANT Do not try to remove a server from the Directory failover list by deactivating the Directory on that server with Server Admin. Your change will not last because the Directory Manager will change it back to a Directory server.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 5 Repeat Step 4 if necessary. 6 Update your license to exclude the servers youve just removed. For more information, see "Modify the license for all servers" on page 68. 7 Click Apply. The removed servers are reverted to the status of expansion servers, and the updated license is applied to all remaining Directory servers. Users can no longer connect to the system using the servers that have been removed. Clients connected to Security Center through these servers are disconnected, and reconnected to the remaining Directory servers. ), and then click the Directory servers tab. ). 4 Select the server you want to remove, and click Remove the item (
Bypass default load balancing

When you have more than one Directory server on your system, load balancing is automatically in effect. This means that the Directory Manager systematically redirects a logon request to the next Directory server in the list based on the previous one being used. If connection redirection is not desirable, for example when the client is on a remote LAN, you can bypass this behavior for that specific workstation by selecting the Prevent connection redirection to different Directory servers option in the Options dialog box. For more information, see "General options" on page 679.
70
Configuring Directory database failover

This section explains what Directory database failover is, and how to configure it using the backup and restore method, or database mirroring. This section includes the following topics:
"How Directory database failover works" on page 71 "Configure database failover through backup and restore" on page 72 "Configure database failover through mirroring" on page 74
How Directory database failover works

Two database failover modes are supported for the Directory:
Backup and restore. The Directory Manager protects the Directory database by regularly
backing up the master database instance (source copy). During a failover, the latest backups are restored to the backup database thats next in line. Two schedules can be defined: one for full backups, and another for differential backups.
Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to
Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover. The following table compares the differences between the two database failover modes.
Backup and restore (Directory Manager) Mirroring (Microsoft SQL Server)
Multiple backup instances of the Directory database are kept relatively in synch with its master instance via regular backups performed by the Directory Manager role. The failover database can only be as up to date as the most recent backup. Changes made while the Directory is connected to the backup database are lost when the Directory switches back to the master database. Both master and backup databases must be hosted on Security Center servers. Can work with SQL Server Express edition which is free. Recommended when the entity configurations are not frequently updated.
A single copy (the mirror instance) of the Directory database is kept perfectly in synch with the master copy (or principal instance) using SQL Server database mirroring. The failover database is an exact copy of the principal database. Changes can be made to the Directory database at any time without ever losing data. The principal and mirror database instances can be hosted on any computer. Requires SQL Server 2008 Standard Edition or better with the mirroring feature. Recommended when entity configurations are frequently updated, such as for cardholder and visitor management.
71
Backup and restore (Directory Manager)
Mirroring (Microsoft SQL Server)
Causes a temporary disconnection of all client applications and roles while the database failover is in progress. Database failover is handled by the Directory Manager role.
No client application disconnection during failover. Database failover is executed by a separate Witness server running on SQL Server Express (optional but highly recommended) or it has to be manually detected and executed by the database administrator.
Configure database failover through backup and restore

You can configure Directory database failover using the backup and restore method. For more information about the backup and restore options in the Database failover tab of the Directory Manager role, see "Backup and restore" on page 554. Before you begin:
Your Security Center license must support multiple Directory servers. If you need to update
your license, see Activate license in the Security Center Installation and Upgrade Guide.
The database servers must be running on remote computers from the Directory servers. See
"Move a database to a different computer" on page 53. All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. All database instances must be the same version, and an expansion server must be installed on each database server. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide.
What you should know

IMPORTANT Changes made to the system configuration while you were operating from the backup database are not automatically restored to the master database when it is restored to active service.
To preserve the changes made to your system configuration while you were operating from
the backup database, you must restore the latest contingency backup (created in the ContingencyBackups subfolder under the restore folder) to your master database before reactivating it. To avoid losing the configuration changes made while you were operating from the backup database, you can transform the backup database into your master database. To do this, select it from the database failover list to move it to the top of the list. However, keep in
72
mind that your backup database is only as up to date as the most recent backup before the failover took place. To configure database failover through backup and restore: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( ), then the Database failover tab. 4 Switch the Use database failover option to ON. 5 Select Backup and restore for Failover mode. 6 Click Add an item ( ). 7 In the dialog box that appears, specify the Security Center server, the database server, the database instance, and the folder where the backup files should be copied.
You can assign as many backup databases as you want. However, the more backup databases you have, the longer it takes to back up the Directory database content. 8 Click OK. The new backup database instance is added.
NOTE The server flagged as (Master) is the one currently hosting the database. The green
LED (
) indicates the database that is currently active (not necessarily the master).
9 Repeat Step 6 to Step 8 if necessary. 10 To force all Directory servers to reconnect to the master database once it is back online after a failover, select the Automatically reconnect to master database option.
CAUTION Switching the active database causes a short service disruption, and all changes made to the system configuration while the master database was offline are lost. Use this option only if you are ready to lose the changes made to the system configuration while you were operating from the backup database.
11 Under Master backup, specify the frequency at which the full backup and the differential backup should be generated.
73
A differential backup only contains the database transactions made since the previous backup, so it is much faster to generate than a full backup. Frequent differential backups ensure that your backup database is most up to date when you fail over, but might take longer to restore. 12 Click Apply. After you are done:
IMPORTANT Once the Backup and restore failover mode is enabled, all subsequent changes to the master database from Server Admin (restoring a previous backup for example) must immediately be followed by a full manual backup executed from Config Tool. Failing to do so causes your master and backup databases to become out of synch and the database failover mechanism to no longer work. See "Back up your role database" on page 57.
Configure database failover through mirroring

You can configure Directory database failover using the mirroring method. For more information about the options in the Database failover tab of the Directory Manager role, see "Mirroring" on page 556. Before you begin:
The Principal database server, the Mirror database server, and the Witness server (optional
but highly recommended) must be configured. For the configuration of SQL Server for mirroring, please refer to Microsoft SQL Server Database Mirroring documentation. Your Security Center license must support multiple Directory servers. If you need to update your license, see Activate license in the Security Center Installation and Upgrade Guide.
The database servers must be running on remote computers from the Directory servers. All database servers must be accessible from all Directory servers. To configure the remote
database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. To configure database failover through mirroring: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select Directory Manager ( ), then the Database failover tab. 4 Switch the Use database failover option to ON, and select the Mirroring option. The database youre currently connected to is the Principal database. 5 Under Mirror database, enter the database server name of the Mirror database. 6 Click Apply.
74
Monitoring your systems health

Health monitoring refers to a set of tools to monitor your Security Center system's health. The goal is to detect health issues early enough to avoid more serious problems in the future. Health monitoring also provides you with the information to identify the root cause of various health problems so that they can be prevented from occurring again. This section includes the following topics:
"About the Health Monitor role" on page 75 "Configuring the Health Monitor" on page 76 "Monitoring your systems health using maintenance tasks" on page 81
About the Health Monitor role

The Health Monitor role is created at system installation and cannot be deleted. It monitors the health of entities such as servers, roles, units, and client applications. The following table gives you some examples of health events that can be monitored:
Entity Health event Description
Access control unit Archiver Video unit Media router Patroller Security Desk
Synchronization failed RTP packet loss high Connection to unit lost Role stopped unexpectedly Offload failed Application stopped unexpectedly
Server and access control unit cannot synchronize databases. Packet loss ratio is greater than 10% over 5 seconds. Server cannot connect to video unit. Media router is unavailable and the cause is unknown to the system. Autovu Patroller offload unsuccessful. Security Desk application failed.
You can choose which health events to monitor and keep them in a database which enables you to generate health history and statistics reports.
75
Configuring the Health Monitor

The Health Monitor role is configured to watch all health events by default. This section includes the following topics:
"Initial Health Monitor setup" on page 76 "Health event definitions" on page 77 "Configure health events to monitor" on page 79 "Set an entity in maintenance mode" on page 80 "Change the firing threshold of a health event" on page 80
Initial Health Monitor setup

Best practice: The process of setting up and configuring a system can generate many health events. It is normal that health errors and warnings are produced during this time. After initial setup is complete, you should reset the health monitoring database to its initial, clean, state. To reset the Health Monitor database to its default state: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Resources tab. 4 Click Delete the database ( ). 5 When prompted if you want to delete this database, click Delete. The Database actions window opens.
6 When you see confirmation that the database has been deleted, click Clear finished, then click Close. 7 In the Contextual commands toolbar, click Deactivate role (
).
76
8 Click Activate role (
).
After 15-30 seconds, a new HealthMonitor database should be created in the Health monitor roles Resources tab. The health errors and warnings generated during the setup are deleted. As a result, all health statistics are reset.
Health event definitions
The table below lists the health events by their error number and indicates their severity
level, Information (
Error number
), Warning (
), or Error (
).
Severity
Health event
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Archiving started Archiving stopped Application connected Application disconnected by user Application disconnected unexpectedly Application started Application stopped by user Application stopped unexpectedly Connection restored Connection failed Connection to unit restored Connection to unit lost Connection to unit stopped by user Database automatic backup restored Database automatic backup failed Database recovered Database lost CPU usage normal CPU usage high Memory usage normal
Information Error Information Information Warning Information Information Warning Information Error Information Error Information Information Error Information Error Information Warning Information
77
Error number
Health event
Severity
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
Memory usage high Database space normal Database space low Patroller offload restored Patroller offload failed Patroller online Patroller offline Point of Sale database recovered Point of Sale database lost Role started Role stopped unexpectedly Role stopped by user RTP packet loss normal RTP packet loss high Server started Server stopped by user Server stopped unexpectedly Synchronization recovered Synchronization failed Video signal recovered Video signal lost Disk access restored Disk access unauthorized Alarm trigger rate normal Alarm trigger rate high Directory started Directory stopped unexpectedly
Warning Information Warning Information Error Information Information Information Error Information Error Information Information Warning Information Information Error Information Warning Information Error Information Warning Information Warning Information Error
78
Error number
Health event
Severity
48 49 50 51 52 53 54 55 56
Directory stopped by user Remaining archive disk space normal Remaining archive disk space low Live server monitoring restored Live server monitoring failed Directory failover: Main database recovered Directory failover: Main database lost Database restore succeeded Database restore failed
Information Information Warning Information Error Information Error Information Error
Configure health events to monitor

You can configure the Health Monitor role to ignore certain health events, and change how it generates some health events.
NOTE If you want to ignore all health events, deactivate the Health Monitor role. If you want to
temporarily ignore an entitys health events because you are performing maintenance work on it, set it to maintenance mode. See "Set an entity in maintenance mode" on page 80. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Properties tab. 4 Under Events to monitor, select or clear the desired events. Expand the list as necessary. Most health events come in pairs, such as Database lost and Database recovered. They can only be selected or ignored together.
IMPORTANT Clearing a health event in the monitoring list does not remove it from the Health history query filter, but it could make some of the health statistics calculations impossible.
Some events allow you to adjust the thresholds used to generate the event. For example, the default configuration is set so that any server whos CPU runs higher than 80% for a period of 10 seconds will generate a CPU usage high health event. See "Change the firing threshold of a health event" on page 80. 5 Click Apply.
79
Set an entity in maintenance mode

Downtime spent in maintenance mode is considered Expected down-time and is not used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities and roles can be set to maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, the maintenance mode must be set from the Health Monitors Properties tab. 1 Switch the Client app. maintenance mode option to ON. 2 Click Apply.
NOTES
Setting something in Maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only. When you set Security Center Federation roles or Omnicast Federation roles in maintenance mode, you might need to press F5 to refresh the roles icons in the Logical view.
Change the firing threshold of a health event

1 Select the desired event to be modified.
2 Click Edit (
) on the selected line or at the bottom of the list.
The event details window opens. 3 Adjust the values as required. 4 Click Save.
80
5 Repeat with another event if necessary.
Monitoring your systems health using maintenance tasks

To help you monitor the health of your system, there are two maintenance tasks in Config Tool:
Health history. View system health events (errors, warnings, issues) related to selected
entities. For more information, see "Viewing system health events" on page 170.
Health statistics. Monitor the overall health of your system. By monitoring the health and
availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and possibly prevent critical system failures. For more information, see "Viewing the health status and availability of entities" on page 171.
81
Managing the Network view

"What is the Network view?" on page 82 "Purpose of the Network view" on page 82 "Creating network entities" on page 83
What is the Network view?

Your network infrastructure is illustrated in the entity browser of the Network view task. The browser gives you a simple representation of your systems network infrastructure by showing you the networks ( ) and the servers ( ) found in your system. The main server hosting the Directory role is shown with a different icon ( ).
Purpose of the Network view

Network view is the only place in Config Tool where you can configure the entities that represent the networks and servers used by your Security Center system. An accurate representation plays a critical role in the proper operation of your system.
82
Creating network entities

"When do I need to configure the Network view?" on page 83 "How network entities are created" on page 83 "What is the Default network?" on page 83 "Create a network manually" on page 84
When do I need to configure the Network view?

You need to configure the Network view when:
Your system spreads across multiple networks. You allow users to connect to your main server over the Internet.
How network entities are created
Network entities are created automatically by the system. After installing Security Center on your main server, youll have two network entities on your system. The Default network is at the root of the network tree, and attached to it is a second network entity that corresponds to your companys network (where your main server is located).
After that, more network entities are added to your system when you add new servers belonging to different networks. You can also add new networks manually, rename them, and change their initial configuration. You can also move networks and servers around in the network tree.
What is the Default network?

The Default network is the root node on the network tree. Its video transmission capabilities are set to Unicast TCP, which is the characteristic shared by all IP networks. You cannot delete the Default network entity.
83
Create a network manually

You can manually create network entities as needed. 1 From the Home page in Config Tool, open the Network view task. 2 If you are creating a subnet, select the parent network in the network tree. 3 Click Network ( ). The network creation wizard appears. 4 Enter the Basic information. See "Common entity attributes" on page 38. 5 Click Create, and click Close. A new network entity is attached below the selected one in the network tree. 6 Click the Properties tab, and configure the new networks characteristics. See Network "Properties" on page 435. 7 If there are servers that belong to the new network, move them under the network in the network tree using drag-and-drop.
84
Managing the Logical view

"About the Logical view" on page 85 "Configuring the Logical view" on page 86
About the Logical view

You can find and view all the entities in your system quickly, using the logical view. The entities in the logical view are organized in a hierarchy (or entity tree) according to their logical relationships with areas ( ). For example, the doors leading to an area, and other devices located within the area, such as cameras, are shown as child entities of that area (below that area in the hierarchy). The changes you make to the Logical view in Config Tool are also displayed in Security Desk.
A B C D
85
A B C
Search box System entity Additional commands Area entity Yellow entity Rename entity Arrow icons Red entity Federated entity
Type in the Search box to find the entities containing that text in their category, name, or description. See "Searching for tasks and entities" on page 42. At the root of the hierarchy is the system entity ( hosts the Directory role. ), which is the server that
Right-click an entity in the Logical view to use additional commands, such as adding or deleting entities, diagnosing the selected entity, launching a report on the selected entity, or refreshing the Logical view. Area entities ( grouping. ) can represent a concept or physical location. It is a logical
D E F G H I
Whenever an entity name is displayed in yellow, it means that there is a problem with the settings. Press F2 to rename the selected local entity. NOTE You cannot edit names of federated entities. Click the arrows in the Logical view to show or hide child entities. Indicates that the entity is offline and the server cannot connect to it, or the server is offline. All entities imported from federated systems are shown with a yellow arrow superimposed on the regular entity icon ( ). They are called federated entities.
Configuring the Logical view

The structure of the Logical view is configured in Config Tool. As the system administrator, you should create a structure that is easy for everyone to understand and to navigate. For more information about the Logical view task, see "Logical view" on page 613. This section includes the following topics:
"Add a new area to the Logical view" on page 86 "Move entities around in the Logical view" on page 87 "Rename entities in the Logical view" on page 87 "Copy entities in the Logical view" on page 87 "Delete an entity from the Logical view" on page 88
Add a new area to the Logical view

You can add new areas anywhere in the Logical view hierarchy. 1 From the Home page in Config Tool, open the Logical view task. 2 Click the system entity ( ) or an area entity ( ).
86
3 In the Contextual commands toolbar, click Add an entity ( The new area is added under the selected entity. 4 Type a name for the area, and press ENTER.
), and then click Area.
After you are done: Configure the new area. For information about area properties, see "Area" on page 360.
Move entities around in the Logical view

You can re-organize the entities in Logical view by dragging them to another area. You can also select multiple entities at once and drag them to another area.
Do one of the following in the Logical view:
Select an area or another entity, and then drag it to another area. Hold the SHIFT key, select multiple entities, and then drag them to another area.
The selected entities are now a child entities of that area (below that area in the hierarchy).
Rename entities in the Logical view

You can rename local entities from the Logical view.
NOTE You cannot edit federated entities.
Select an entity in the Logical view, press F2, rename the entity, and press ENTER.
Copy entities in the Logical view
You can create multiple copies of the same entity under areas in the Logical view.
Hold the CTRL key, click the entity you want to copy, and then drag the entity into another
area. A copy of the entity is created under the area. If you copied an area under another area, all its child entities (entities below that area) are also copied.
87
Delete an entity from the Logical view

You can delete an entity or the selected copy. Before you begin: If an entity cannot be deleted, the Delete button does not appear. 1 Select an entity in the Logical view. 2 In the Contextual commands toolbar, click Delete. A confirmation dialog box appears. 3 The next step depends on whether you have more than one copy of the entity in the tree.
If it is the only copy of that entity in the tree, click Delete. If more than one copy of the entity exists, make the choice to delete them all or only the selected copy.
If you deleted an area that has child entities, those child entities are also deleted.
88
Managing software security

"Introduction to software security" on page 89 "Defining partitions" on page 90 "Defining users" on page 93 "Defining user groups" on page 96 "Configuring user privileges" on page 99 "Using privilege templates" on page 101 "Importing users from an Active Directory" on page 102
Introduction to software security

While Security Center protects your company's assets (buildings, equipment, important data collected in the fields, etc), your job as a system administrator is to protect the Security Center software against illegal access and wrongful usage. There are three questions you should ask:
Who uses the system? What do they use it for? What parts of the system are they allowed to access?
How is software security configured?
The software security of your system is modelled by three entity types:
User. The user entity represents a person who needs to use Security Center applications to
do their job. Each user is identified by a username and a password. What the user is allowed to do on the system is defined by their privileges, and the partitions they have access to.
User group. The user group entity defines the common attributes shared by a group of
users, such as their privileges and other security attributes. A user who is a member of a user group automatically inherits the characteristics of that group. This mechanism simplifies the configuration process because it eliminates the tedious task of configuring users individually.
Partition. A partition is a grouping of entities for security or management purposes, so that

only certain users on the system have the right to access the entities belonging to that partition. This concept eliminates the tedious task of creating one-to-one relationships between users and the entities they are allowed to access. If a user does not have the right to a partition, that partition and everything in it are invisible to that user.
89
Recommended configuration sequence

Best practice: It is best practice to define your security partitions first when setting up your system. As you add new entities to model your system, you can create them directly in the partition where they belong. 1 Define partitions first. Identify the parts of your system that are relatively independent of each other, and create a partition for each. For example, if your system covers multiple sites, and if the security staff at each site work independently of the other sites, then create a partition for each site. For more information, see "Defining partitions" on page 90. 2 Define user groups before users. Identify the groups of users who share the same roles and responsibilities, and create a user group for each. For example, all security operators can form one group, and all investigators can form another group. If, within each group, you have subgroups working on different partitions, define a user group to represent each subgroup, and add them as members of the larger group. Each individual subgroup can then be assigned to their corresponding partitions. For more information, see "Defining user groups" on page 96. 3 Define users last. Define the individual users and add them as members of the user groups you already created, trying to add them as members of the smallest group. A user can belong to multiple user groups. Let each user entity inherit everything from the parent user group, resorting to individual configurations only for exceptions. For more information, see "Defining users" on page 93. Related topics:
"Importing users from an Active Directory" on page 102
Defining partitions
"Why use partitions?" on page 91 "What constitutes a partition?" on page 91 "Who is a partition manager?" on page 91 "Differences between Public and System partitions" on page 91 "Create a partition" on page 91 "Add members to a partition" on page 92 "Add accepted users to a partition" on page 92 "Promote a user to partition manager" on page 93
90
"Nesting partitions" on page 93

Why use partitions?
Partitions are used to divide a large system into smaller subsystems. This has two benefits:
Reduces the scope of what a user can access for security reasons. In a multi-site system, it
might be undesirable for the security team of one site to be able to see or interfere with the activities of a security team on another site. Reduces the scope of a users work to make it more manageable. If a user is only concerned with one part of the system (one site in a multi-site system), it is better for that person not to be distracted by the entities they have nothing to do with.
What constitutes a partition?

Each partition is defined by the following lists:
List of members. Entities that belong to the partition (areas, doors, cameras, etc.). List of accepted users. Users and user groups that have the right to access the entities
contained in the partition. The type of user access varies according to the user privileges. A new set of privileges that override the user's basic privileges, can be defined on the partition level.
Who is a partition manager?

A partition manager is an accepted user of a partition who has full administrative rights over that partition and its members. A partition manager can add and remove members from the partition, as well as modify and delete the entities contained in the partition.
Differences between Public and System partitions

By default, two partitions are created in Security Center. These two partitions cannot be deleted or renamed, but the administrator can change their contents (member entities).
Public partition. This partition has the unique characteristic that all its members are visible
to all users on the system.
NOTE This does not mean that every user is automatically an accepted user of the Public
partition. Only partition managers who have been explicitly configured as accepted users can exercise their administrative privileges over the members of the Public partition.
System partition. This is a hidden partition. This partition has the unique characteristic
that its members are only visible to the administrative users (Admin user and members of the Administrators user group).
Create a partition
1 From the Home page in Config Tool, open the Security task.
2 Click the Partitions view, and click Partition (
).
3 In the partition creation wizard, enter the Basic information. See "Common entity attributes" on page 38. All partitions are created by default in the System partition. Selecting an existing partition will create the new partition as its subordinate. For more information, see "Nesting partitions" on page 93. 4 Click Create, and click Close. An empty partition is created. 5 Define the content of the partition. See "Add members to a partition" on page 92.
TIP You can also place the new entities you create directly into the partition.
6 Define who has permission to access the entities contained in the partition. See "Add accepted users to a partition" on page 92.
NOTE You might have to perform this step later if the users have not yet been created.
7 (Optional) Name an accepted user as partition manager. See "Promote a user to partition manager" on page 93.
Add members to a partition

NOTE An entity cannot be placed in more than three partitions.
1 Click the Properties tab of a partition entity. 2 At the bottom of the Properties tab, click Add ( ). 3 Select the entities you want to add, and click Select. The selected entities are added to the Members list. You do not have to click Apply. 4 Repeat the previous steps as needed. For more information about partition properties, see "Properties" on page 448.
Add accepted users to a partition

1 Click the Accepted users tab of a partition entity. 2 At the bottom of the Accepted users tab, click Add ( The selected entities appear in the list. 4 Repeat the previous steps as needed. 5 Click Apply. For information about the Accepted users tab for partition entities, see "Accepted users" on page 449. ). 3 Select the users and user groups you want to add, and click Select.
92
Promote a user to partition manager

A partition manager has full administrative rights over the partition and its members. 1 Click the Accepted users tab of a partition entity. 2 Select the Partition manager option next to the user or user group you want to promote. 3 Click Apply.
Nesting partitions
By default, partitions are created at the top level and can be nested if required.
The red arrows illustrate the following:
When using the Config Tool, accepted users of a partition can see all entities that belong to
that partition and its subordinates. When using the Security Desk, accepted users of a partition can monitor all entities that belong to that partition and its subordinates.
Defining users
"How are users represented?" on page 93 "What are Admin and Service users?" on page 94 "Create a user" on page 94 "Add a user as a member of a user group" on page 95 "Force Security Desk to run in full screen mode" on page 95
How are users represented?

A user is anyone who can use Security Center applications. To log on to the system, that person needs a username and a password.
93
What a person can do on the system is restricted by their user attributes:
Privileges. Limits the types of activities the user can perform on the system. See
"Configuring user privileges" on page 99.
Partitions. Limits the entities on which the user can exercise their privileges. See "Defining
partitions" on page 90. A user can be a member of one or more user groups, from which it inherits most of its attributes.
What are Admin and Service users?

The following users are created by default and cannot be deleted or renamed.
Admin. This user has full administrative rights to configure Security Center. A person
logged on as Admin can change, modify, and delete any entity in Security Center.
Service . This is a hidden user account reserved exclusively for the Genetec Server service.
A person cannot use this account to connect to Security Center.
Create a user
1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, and click User ( ). 3 In the user creation wizard, enter the Basic information. See "Common entity attributes" on page 38.
NOTE The entity name is also the username, therefore, it must be unique.
4 Select partition rights for the user. a Select Give this user administrative rights over the partition to make the user a manager of the partition you selected. b Select Give this user access to the partition to make the user an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next. 6 Enter the User information, and click Next. See "Using privilege templates" on page 101. 7 Click Create, and click Close. The new user account is created. 8 (Optional) Configure the users membership in user groups. See "Add a user as a member of a user group" on page 95. 9 Click the Properties tab, type the persons email address, and click Apply. 10 Click the Security tab, configure the security properties, and click Apply. See "Security" on page 486. 11 Click the Privileges tab, define the user privileges, and click Apply.
See "Privileges" on page 488 and "Force Security Desk to run in full screen mode" on page 95. 12 Click the Workspace tab, define the users Security Desk workspace, and click Apply. See "Workspace" on page 485.
Add a user as a member of a user group

A user who is a member of a user group inherits all the attributes of that group. 1 Click the Identity tab of the user entity. 2 In the Relationships section, click User groups. 3 Click Insert an item ( 4 Click Apply. ), select one or more parent user groups, and click Select.
Force Security Desk to run in full screen mode

If a users job is to focus on monitoring live video, you can force Security Desk to run in full screen mode and prevent the user from switching to windowed mode. You can force the full screen operation on a user or a workstation. To force full screen operation on a user: 1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, select a user, then click the Privileges tab. 3 Expand the Application privileges, and the Security Desk privileges. 4 Deny the privilege Change client views to that user. For information, see "Privileges" on page 488 and "Application privileges" on page 695. 5 Click Apply. Security Desk will always run in full screen mode for that user. The Restore Down command and the F11 key (switch between full screen and windowed mode) are disabled.
95
To force full screen operation on a workstation: 1 On the workstation, open the Security Desk Properties dialog box. 2 Select the Shortcut tab, and add the option /forcefullscreen (or /ff ) to the end of the string found in Target.
3 Click Apply. The next time a user starts Security Desk using this shortcut, the application will start in full screen mode. The Restore Down commands and the F11 key (switch between full screen and windowed mode) are disabled.
NOTE Locking Security Desk in full screen mode does not prevent the user from minimizing the
Security Desk window with ALT+ESC or to switch to another application with ALT+TAB.
Defining user groups

"Why do I need to create user groups?" on page 97 "What is the Administrators user group?" on page 97 "Create a user group" on page 97 "Make a user group a subordinate of another user group" on page 98
96
Why do I need to create user groups?

User groups serve to group users with common attributes (such as privileges) together so those attributes only need to be defined once. A user group can also be a member of another user group.
What is the Administrators user group?

The Administrators user group is a system entity that is created upon installation. It cannot be deleted or renamed. Members of this user group have the same administrative rights as the Admin user, and their rights cannot be revoked. Best practice: For reasons of traceability, rather than letting everyone use the same Admin account, it is best to create a separate user account for each administrator.
Create a user group

1 From the Home page in Config Tool, open the Security task. 2 Click the User groups view, and click User group ( ). 3 In the user group creation wizard, enter the Basic information. See "Common entity attributes" on page 38. 4 Select partition rights for the user. a Select Give this user group administrative rights over the partition to make every member of this user group, a manager of the partition you selected. b Select Give this user group access to the partition to make every member of this user group an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next, enter the User group information, and click Next. See "Using privilege templates" on page 101. 6 Click Create, and click Close. The new user group is created. 7 (Optional) Make this user group a subordinate of another user group. See "Make a user group a subordinate of another user group" on page 98. 8 (Optional) Click the Properties tab, type the groups email address, and click Apply. 9 (Optional) Click the Security tab, configure the security properties, and click Apply. See "Security" on page 491. 10 (Optional) Click the Privileges tab, define user privileges, and click Apply. See "Privileges" on page 493.
97
Make a user group a subordinate of another user group

A group that is subordinate to a another user group inherits all the attributes of that group. 1 Click the Identity tab of the user group entity. 2 In the Relationships section, click Parent user groups. 3 Click Insert an item ( 4 Click Apply. ), select one or more parent user groups, and click Select.
98
Configuring user privileges

"What are user privileges?" on page 99 "How are privileges granted to users?" on page 99 "About privilege hierarchy" on page 99 "About privilege inheritance" on page 100 "Differences between Basic and Partition privileges" on page 101 "About privilege templates" on page 101 "What are the privilege templates?" on page 101
What are user privileges?

Privileges are applied to users and user groups to control which operations they are allowed to perform in Security Center, independently of what entities they can access, and within the constraints set by the software license. Privileges in Security Center are divided into the following groups:
Application privileges. Grant access to the Security Center applications. General privileges. Grant access to the generic Security Center features. Administrative privileges. Grant access to system entity configuration in Config Tool. Task privileges. Control accessibility to the various Security Desk tasks. Action privileges. Control the actions that can be performed on the system entities.
For a complete list and definition of all privileges, see "User privileges" on page 694.
How are privileges granted to users?

Each privilege can be granted explicitly to a user or inherited from a user group. Each privilege can be granted with one of these settings:
Allow. The privilege is granted to the user. Deny. The privilege is denied to the user. Undefined. This privilege must be inherited from a parent user group. If the user is not a
member of any group, or if the privilege is also undefined to the parent user group, then the privilege is denied.
About privilege hierarchy

Privileges are organized in a hierarchy, with the following behavior:
For a child privilege to be allowed, the parent privilege must be allowed. If a parent privilege is denied, all child privileges are denied.
A child privilege can be denied when the parent privilege is allowed.

About privilege inheritance
Privilege settings can be inherited from user groups and replaced at the member (user or user group) level according to the following rules:
A privilege that is undefined at the group level can be allowed or denied at the member A privilege that is denied at the group level is automatically denied at the member level. When a user is a member of multiple user groups, the user inherits the most restrictive
privilege settings from its parents. This means that Deny overrules Allow, and Allow overrules Undefined. There are exceptions to the above rules: level. A privilege that is allowed at the group level can be denied at the member level.
Administrator status. The Admin user, and members of the Administrators user group,
have a special status that grants them full administrative rights. These users can configure the Security Center as they see fit; they can view and modify all entities in all partitions. The Admin user and the Administrators user group are created at installation and cannot be deleted or renamed.
Partition manager status. A user or user group assigned to a partition can be given the
status of Partition manager over that partition. This special status confers full administrative rights over the entities contained in that partition. It supersedes all privileges configured at the partition level for that user. A partition manager can add, modify, and delete all entities within their partition, including the users and user groups. Unlike users with the administrator status, the Application, General, and Task privileges can be denied to a partition manager.
100
Differences between Basic and Partition privileges

The Basic privileges of a user (or user group) are the end results of the privileges inherited from their parent user groups, plus the ones explicitly allowed/denied to the user. When a user is given access to a partition, their Basic privileges are applied by default to the partition. Later, an administrator or a partition manager can overwrite the privileges a user has over a specific partition. For example, a user can be allowed to configure alarms in partition A, but not in partition B. This means that a user can have a different set of privileges for each partition they have access to. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.
Using privilege templates

"About privilege templates" on page 101 "What are the privilege templates?" on page 101
About privilege templates
Privilege templates are predefined privilege configurations, based on standard security personnel profiles, that you can apply to users and user groups to simplify the creation process. Once applied, you can fine tune the privileges manually. Privilege templates are only available when creating a user or user group. You cannot rename, modify, or delete the privilege templates. However, you can freely modify the privilege settings after they are applied to a user or user group. The best way to use privilege templates is to create one user group for each template if necessary. After your model user groups are created, users can inherit privileges from them.
What are the privilege templates?

Security Center provides the following privilege templates:
Reporting. This template only grants the privileges to run Security Desk and to execute the
most basic reporting tasks, excluding those for AutoVu LPR. A user with this set of privileges alone cannot view any video, control any physical devices, or report incidents.
Operator. This template is for security operators who need to monitor real time events in
the system. It grants them the privileges to use the Monitoring task, view video, manage visitors, credentials, and badge templates, add bookmarks and incidents, save snapshots, unlock doors, and so on.
Investigator. This template is for investigators. It grants the privileges to use the Monitoring
task, view video, control PTZ cameras, record and export video, add bookmarks and incidents, use investigation tasks, manage alarms and visitors, override door unlock schedules, save tasks, and so on.
101
Supervisor. This template is for people who have supervisory responsibilities. It grants the
same privileges as the Investigator template, plus the privileges to use maintenance tasks, manage cardholders and credentials, modify custom fields, set threat levels, block cameras, and perform people counting.
Provisioning. This template is for the system installer. It grants almost all configuration
privileges, with only a few exceptions (managing roles, macros, users, user groups, custom events, activity trails, threat levels, and audio files).
Basic AutoVu Operator. This template is for security operators using AutoVu LPR. It
grants them privileges to use LPR tasks, configure LPR entities, create LPR rules, monitor LPR events, and so on.
Importing users from an Active Directory

Users and user groups can be created by importing them from your corporate directory service. For more information, see "Integrating with Windows Active Directory" on page 140.
102
Automating system behavior

Security Center offers you many ways to automate the systems behavior. This section includes the following topics:
"Using schedules" on page 103 "Using event-to-actions" on page 106 "Using scheduled tasks" on page 109 "Using macros" on page 110
Using schedules
Schedules are useful in Security Center to dynamically control the behavior and settings of the system based on timetables. This section includes the following topics:
"What is a schedule?" on page 103 "What is the default schedule?" on page 104 "Warning about time zones" on page 104 "What is a twilight schedule?" on page 104 "Create a schedule" on page 105 "Resolving schedule conflicts" on page 105
What is a schedule?
The schedule entity ( ) defines a set of time constraints that can be applied to many situations, such as when a user can log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is characterized by two sets of properties:
Date coverage. Defines a date pattern, or specific dates to be covered by the schedule.
Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year.
Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This setting is ideal for special events that occur only once. Time coverage. Defines which time periods apply during a 24-hour day.
103
All day. Covers the entire day. Range. Covers one or multiple distinct time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. Daytime. From sunrise to sunset. Only supported by twilight schedules. Nighttime. From sunset to sunrise. Only supported by twilight schedules.
For more information on Daytime and Nighttime settings, see "What is a twilight schedule?" on page 104.
What is the default schedule?

When Security Center Directory is installed, a schedule named Always is created by default. This schedule has a 24/7 coverage, and cannot be renamed, modified, nor deleted. This schedule has the lowest priority in terms of schedule conflict resolution. For more information, see "Resolving schedule conflicts" on page 105.
Warning about time zones

The time of day for a schedule is based on the local time zone set in each individual context where it is applied. For example, if the schedule is used to set continuous video recording from 9 a.m. to 5 p.m., whether the video unit is in Tokyo or London, the recording will occur on schedule according to the local time. This is due to every video unit having a time zone setting, to control video settings and recordings relative to the units local time. For more information, see "Location" on page 336. When a schedule is applied to an entity that has no time zone settings, such as the logon schedule for a user, the local time is taken from the server hosting the Directory role.
What is a twilight schedule?

A twilight schedule ( ) is a special type of schedule that covers either daytime or nighttime. These special time coverages vary according to the day of the year. The calculation of the time of day when the sun rises and sets is based on a geographical location (latitude and longitude). Twilight schedules are designed for situations where the sunlight has an impact on the systems operation, such as video settings and recording. Some typical uses of the twilight schedules are:
To record video only during daytime. To boost the video encoders sensitivity after sunset. To disable motion detection during twilight.
Twilight schedules have the following restrictions:
Cannot be used in any situation involving access control entities. Requires that the entity it applies to has a geographical location setting, such as video units
and LPR units. See "Using geographical locations" on page 40. The Weekly option for date coverage is not available.
104
The All day and Range options for time coverage are not available. Twilight schedules are not visible in contexts where they are not applicable.
For more information, see "Date coverage" on page 103.
Create a schedule
Schedules must be created in advance if you plan to use them in any settings. 1 From the Home page in Config Tool, open the System task. 2 Click the Schedules view, and click Schedule ( ). 3 In the schedule creation wizard, enter the Basic information, and click Next. For more information, see "Common entity attributes" on page 38. 4 In the Schedule information page, select one of the following:
Select Standard schedule if you want to be able to use this schedule in all situations. Select Twilight schedule if you specifically need Daytime or Nighttime coverage.
CAUTION The schedule type cannot be changed after the entity is created. For more information, see "What is a twilight schedule?" on page 104.
5 Click Close. A default daily schedule is created. 6 Click the Properties tab to configure the desired date and time coverage. For more information, see Schedule "Properties" on page 464. 7 Click Apply.
Resolving schedule conflicts

You might have a scheduling conflict when two overlapping schedules are applied to the same function. For example, two schedules applied to the recording of the same camera. Security Center can resolve some of these conflicts by giving priority to the most specific (or restrictive) schedule. The specificity of a schedule is determined by its date coverage option. The following lists the date coverage options in decreasing order of priority: 1 Specific (Runs only once. Highest priority) 2 Ordinal (Repeats on a monthly or yearly basis) 3 Weekly (Repeats every week) 4 Daily (Repeats every day) 5 Always (The default schedule. Has the lowest priority)
CAUTION When two overlapping schedules with the same priority level are applied to the same
function, you have an unresolved conflict. An Entity warning is raised by the system, and the entity with the faulty configuration is displayed in yellow in the entity browser. For more information, see "Viewing system messages" on page 168.
Using event-to-actions
An event-to-action is the coupling of an action to an event, to confer automatic and intelligent behavior to the system. This section includes the following topics:
"What is an event?" on page 106 "What is a custom event?" on page 106 "What is an action?" on page 106 "Create an event-to-action" on page 107 "Search for event-to-actions" on page 108
What is an event?
Security Center uses events to record activity on the system. The types of events generated by Security Center vary from entity to entity. For instance: Access denied to a cardholder, Signal lost on a camera, License plate matched to a hotlist, and so on. Some of the ways you can make use of system events are the following:
View them in Security Desk in real-time. Have the system record them in event logs for viewing and analysis at a later time. Configure the system to take action automatically by associating actions to various types of
events, such as triggering an alarm, or sending a message. This is called an event-to-action. This is the most powerful and versatile method for handling events. For more information, see "Actions" on page 624. Events can arise from many sources, such as recording started by a user on a camera, a door being left open for too long, or an attempt to use a stolen credential. For a complete list of the predefined event types in Security Center, see "Event types" on page 745.
What is a custom event?

In addition to the predefined event types, you can also define custom events to precisely represent each of the various combinations of input signals received from different units on your system. For more information, see "Managing zones" on page 160 and "Custom events" on page 623.
What is an action?
An action is a user-programmable function that can be triggered as an automatic response to an event (door held open for too long, or object left unattended) or executed according to a specific time table.
106
For a complete list of the predefined action types in Security Center, see "Action types" on page 758. For other action usages, see "Using scheduled tasks" on page 109.
Create an event-to-action
1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. For more information, see "Actions" on page 624. 3 Click Add an item ( ).
4 In the Entity type page, select the type of the source entity and click Next. The source entity is the entity to which the event is attached. 5 In the Source page, select the source entity and click Next. Enter a search string if necessary. Only entities corresponding to the selected type are listed. 6 In the Event page, select an event type and a schedule, and click Next. Only events pertaining to the selected entity type are listed. The schedule determines when the event should occur in order to trigger the action. For example, you might want to sound an alarm only when a window is opened during the weekend. By default, Always is selected.
107
7 In the Action page, select an action type and configure its parameters.
The Next button becomes enabled only when all the arguments required by the selected action type are properly configured. For a full description of all action types you can choose from, see "Action types" on page 758. 8 Click Next. The Creation summary page appears. 9 Verify that all information is correct, click Create, and click Close. If the information is incorrect, click Back and fix the errors. The new event-to-action is added to the list of system actions. For more information, see "Actions" on page 624.
Search for event-to-actions

You can search for an event-to-action by any combination of source entity (name and type), event type, and action type. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. 3 Click Advanced search (

) to show search filters.
Entity name. Search for source entity names starting with the search string. Entity type. Select a specific source entity type (default=All).
108
Event. Select a specific event type (default=All). Action. Select a specific action type (default=All).
4 Use the action buttons at the bottom of the page to fix or delete the unwanted event-toactions. For more information, see "Actions" on page 624.
Using scheduled tasks

"What is a scheduled task?" on page 109 "Comparison between scheduled tasks and event-to-actions" on page 109 "Create a scheduled task" on page 109
What is a scheduled task?
A scheduled task is an entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.
Comparison between scheduled tasks and event-to-actions

The similarities between the two concepts are:
Both have access to the same set of actions. Both use recurring schedules.
The differences between the two concepts are:
A scheduled task is saved as an entity, an event-to-action is not. A scheduled task is triggered on schedule, not on event. A scheduled task can be turned on and off. The scheduling options are different:
Once. Executed once at a specific date and time. Every minute. Executed every minute. Hourly. Executed at a specific minute of every hour. Daily. Executed at a specific time every day. Weekly. Executed at a specific time on selected days of the week On startup. Executed on system startup. Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.
Create a scheduled task

This sample procedure creates a scheduled task that synchronizes an Active Directory role. 1 From the Home page in Config Tool, open the System task.
2 Click the Scheduled tasks view, and click Scheduled task ( A new scheduled task entity appears in the Logical view. 3 Type a name for the scheduled task, and press ENTER. 4 Click the Properties tab.
).
For more information, see Scheduled task "Properties" on page 470. 5 Set the Status switch to Active. 6 Set the desired Recurrence pattern. a Click on the drop-down list and select Weekly. b Set the desired start time on the scheduled dates. c Select the days of the week when the action is to be executed. 7 Select the type of action to be executed. Additional parameters might be required based on the selected action. For our example, scroll down and click Trigger synchronization, then select the Active Directory role that needs to be synchronized. 8 Click Apply.
Using macros
"What is a macro?" on page 110 "Creating macros" on page 110

What is a macro?
You can write programs in C# using Security Center SDK to add custom functionality to your system. These programs are loaded into Security Center as macro entities. If you need help to develop custom macros, contact Genetec Professional Services through your sales representative for a quote, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.
Creating macros
You can write your C# programs with an external text editor, or use the text editor found in Config Tool. For more information, see Macro "Properties" on page 430.
110
Managing alarms
Managing alarms
"What is an alarm?" on page 111 "Create an alarm" on page 112 "Testing alarms" on page 112 "Trigger alarms manually" on page 113 "Trigger alarms automatically using event-to-actions" on page 113 "Responding to alarms" on page 115
What is an alarm?
An alarm entity describes a particular trouble situation in Security Center (intrusion, broken window, door forced open, and so on) that requires immediate attention. The basic properties of an alarm are:
Name. Alarm name. Priority. Priority of the alarm (1-255), based on the urgency of the situation. Higher
priority alarms are displayed first in Security Desk.
Recipients. Users who are notified when the alarm occurs, and are responsible for
responding to the alarm situation. Recipients can be notified all at once, or one after another in a sequence.
Attached entities. Entities that help describe the alarm situation (for example, cameras,
area, doors, and so on). When the alarm is received in Security Desk, the attached entities can be displayed one after another in a sequence or all at once in the canvas, to help you review the situation.
111
Managing alarms
Create an alarm
You create alarms from the Alarms task in Config Tool. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and click Alarm ( A new alarm entity ( ). ) appears in the Logical view.
3 Type a name for the alarm, and press ENTER. Best practice: Provide a name best describes the situation, so it is easy to determine what happened when the alarm is triggered. 4 Click the Properties tab, configure the essential properties, and click Apply. For more information, see "Properties" on page 352. 5 Click the Advanced tab, configure the advanced settings, and click Apply. For more information, see "Advanced" on page 354. After you are done: Test the alarm you just created. See "Testing alarms" on page 112.
Testing alarms
The simplest way to test an alarm is to trigger it manually from Config Tool, and make sure you receive it in Security Desk. Before you begin: Log on to Security Desk as one of the alarm recipients. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and select the alarm to test. 3 In the Contextual commands toolbar, click Trigger alarm ( ). The triggered alarm should appear in the Security Desk notification tray, and in the alarm list in the Alarm monitoring task. The Alarm monitoring task opens automatically if Security Desk is configured open the task when an alarm is triggered. To set this behavior, see Customizing alarm behavior in the Security Desk User Guide. If the Alarm monitoring task does not open automatically, doubleclick the alarm icon in the Security Desk notification tray to open it.
Troubleshooting alarms
If you do not receive an alarm, check the following:
Is the alarm schedule preventing you from triggering the alarm at this moment? Does the alarm recipient have the correct privileges to receive alarms (Alarm monitoring
and Acknowledge alarms)?
Managing alarms
Trigger alarms manually

When you observe a trouble situation happening in Security Center, you can manually trigger an alarm. To trigger an alarm manually:
Do one of the following:
In the Alarms task in Config Tool, select an alarm, and then in the Contextual commands toolbar, click Trigger alarm ( ). In the notification tray in Security Desk, click Hot actions ( Trigger alarm ( ), select an alarm, and then click OK. ) > Manual action. Click ), select an
In the Alarm monitoring task in Security Desk, click Trigger alarm ( alarm, and click Trigger alarm.
Trigger alarms automatically using event-to-actions

You can configure events that occur to trigger alarms, using event-to-actions. This is the most common way alarms are triggered.
NOTE If an alarm is triggered and displayed in the canvas and the triggering event is caused by
an entity that is associated with cameras (for example a door), then the associated cameras are displayed in the canvas before the entities attached to the alarm. For more information, see Alarm Properties "Attached entities" on page 353. For more information about creating event-to-actions, see "Using event-to-actions" on page 106. To trigger an alarm automatically: 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view. 3 Click the Actions tab, and click . 4 In the Entity type page, select an entity type, and click Next. The source entity is the entity that the event is attached to. 5 In the Source page, select the source entity and click Next. 6 In the Event page, select an event type Only events related to the selected entity type are listed. For a list of events available in Security Center, see "Event types" on page 745. 7 Select a schedule, and click Next. The schedule determines when the event will trigger the action. For example, you might want to trigger an alarm only when a window is opened during the weekend. By default, Always is selected. 8 In the Action page, select Trigger alarm.
Managing alarms
9 From the Alarm drop-down list, select an alarm to trigger. 10 (Optional) From the Acknowledgement condition drop-down list, select an event that must be triggered before the alarm can be acknowledged. This option is only available when you select some source event types. For a list of event types that could require an acknowledgement condition to be cleared before the alarm can be acknowledged, see "Event types that could require an acknowledgement conditions" on page 114. 11 To require a user to acknowledge the alarm after the acknowledgement condition is cleared, select the User acknowledgement required option. If you clear this option, the alarm is automatically acknowledged when the acknowledgement condition is cleared. 12 Click Next > Create > Close.
Event types that could require an acknowledgement conditions

For some event-to-actions that trigger alarms, you can configure them so that a second event must be triggered before the triggered alarm can be acknowledged. The second event is the acknowledgement condition. The following is a list of event types that allow you to select an acknowledgement condition that must be cleared before the alarm can be acknowledged.
Source event type Entity type Acknowledgement condition
AC fail Application lost Asset offline Asset online Battery fail Door forced open Door opened Door opened too long Hardware tamper
Access control unit, Intrusion detection unit Roles Asset Asset Access control unit, Intrusion detection unit Door Door Door Access control unit, Intrusion detection unit, Zone (hardware)
AC fail input normal Application online Asset online Asset offline Battery fail input normal Door closed Door closed Door closed Input normal
114
Managing alarms
Source event type
Entity type
Acknowledgement condition
Intrusion detection area alarm activated
Intrusion detection area
Disarmed (not ready) Disarmed (ready to arm) Master armed Perimeter armed
Intrusion detection area input bypass activated Manual station activated Signal lost Unit lost Zone armed/ disarmeda
Input bypass deactivated
Door Camera Access control unit, Intrusion detection unit, LPR unit, Video unit Zone
Manual station reverted to normal state Signal recovered Unit online Zone state normal Zone state active
a. Events that are associated with the normal, active, and trouble states of a zone can also be configured with an acknowledgement condition. For more information about zone states, see "Properties" on page 503.
Responding to alarms
You respond to active alarms from the Alarm monitoring task in Security Desk. When you receive an alarm, you can snooze the alarm, forward it to a colleague, or acknowledge it. The alarm can also be automatically acknowledged after a period of time, if it is configured that way. For alarms with an acknowledgement condition, the process is a bit different. Before the acknowledgement condition is cleared, you can investigate the alarm to let other users know you have seen it, and are taking care of it. You can only acknowledge the alarm after the acknowledgement condition is cleared. The alarm can also be automatically acknowledged by the system after the acknowledgement condition is cleared, if it is configured that way.
EXAMPLE A Unit lost event occurs, which triggers an alarm with an acknowledgement
condition of Unit online. Before the unit comes back online, the alarm can be snoozed, forwarded, investigated, or an administrator can forcibly acknowledge it. After the event Unit online occurs, the alarm can be acknowledged.
NOTE Administrators can force all local alarms to be acknowledged at any time, even if the acknowledgement condition is not cleared.
For more information on acknowledging alarms, see Acknowledging alarms in the Security Desk User Guide.
Managing alarms
Investigating current and past alarms

You can search for and examine current and past alarms, using the Alarm report task in Security Desk. For more information about using the Alarm report task, see Investigating current and past alarms in the Security Desk User Guide.
116
Managing threat levels

"What are threat levels for?" on page 117 "Differences between threat levels and alarms" on page 117 "Create a threat level" on page 119 "Configuring threat level actions" on page 121 "Actions exclusive to threat levels" on page 122 "Threat level limitations" on page 122 "Threat level scenarios" on page 123 "Threat level related tasks" on page 127
What are threat levels for?

A threat is a potentially dangerous situation, such as a fire or a shooting, that requires immediate response from the system and the security personnel. A threat could affect only one area or the entire system. As the Security Center administrator, you define threat levels to help the security personnel deal promptly with threatening situations. Each threat level is characterized by a name and a color, and associated to two lists of actions that the system executes automatically, one when the threat level is set, and another one when the threat level is cleared. The full range of Security Center actions is at your disposal to dictate the behavior of the system, plus some actions that are unique to threat levels, such as denying certain cardholders access to areas in your system, or forcing certain users to log off from the system. Threat levels are set by Security Desk operators when a situation calls for such an action. The operator must have the Set threat level privilege. The operator can set a threat level on an area or on the entire system (includes all areas). For more information on dealing with threats from an operators perspective, see Set threat levels in the Security Desk User Guide.
Differences between threat levels and alarms

The following table highlights the differences between threat levels and alarms. For more information on alarms, see "Managing alarms" on page 111.
Characteristics Alarm Threat level
Purpose
Deals with localized events, such as a forced entry or an object being left unattended in a public area.
Deals with widespread events affecting an whole area or the entire system, such as a fire or a shooting.
117
Characteristics
Alarm
Threat level
Configuration privileges
Config Tool Add/delete alarms Modify alarms Typically triggered by an event-toaction. Can also be triggered by a manual action. Recording starts automatically on cameras associated to the alarm. The alarm icon turns red in the Security Desk notification tray. Depending on your Security Desk configuration, the Alarm monitoring task might be brought to the foreground. Security Desk users configured as alarm recipients. Alarms are ranked according to their priority level (1=highest, 255=lowest). Higher priority alarms are displayed first. When the priority level is the same, the most recent is displayed first. A Security Desk user (alarm recipient) must acknowledge the alarm. Alarms can also be automatically acknowledged by the system after a specified delay or when the acknowledgment condition is met. The acknowledged alarm is removed from all active alarm list (Alarm monitoring task in Security Desk). Alarm triggered Alarm being investigated Alarm condition cleared Alarm acknowledged Alarm acknowledged (Alternate) Alarm forcibly acknowledged
Only administrative users can configure threat levels.
Activation
Typically set manually by a Security Desk operator. Can also be set by an event-to-action. The threat level activation action list is automatically executed. The threat level icon turns red in the Security Desk notification tray. When a threat level is set at the system level, the background of Security Desk turns to the color of the threat level. All Security Desk users. Threat levels are independent of each other. Only one threat level can be set on an area at any given time. The last threat level set overrides the previous one. A Security Desk user must manually clear the threat level or set a different threat level. A threat level can also be automatically cleared using an event-toaction (Set threat level to None). The threat level deactivation action list is automatically executed. Threat level set Threat level cleared
System response on activation Notification method
Who gets the notification? Event ranking
Deactivation
System response on deactivation Related events
118
Characteristics
Alarm
Threat level
Operator privileges
Security Desk (Application) Alarm monitoring (Task) Alarm report (Task) Trigger alarms (Action) Snooze alarms (Action) Forward alarms (Action) Acknowledge alarms (Action) NOTE Only administrative users can forcibly acknowledge alarms. None.
Security Desk (Application) Set threat level (Action) The same privilege is used for both setting and clearing threat levels. To clear a threat level is to set it to None. NOTE The threat level activation and deactivation actions are carried out by the system, independently of the operators privileges. Set minimum security clearance Set minimum user level Set reader mode For more information, see "Actions exclusive to threat levels" on page 122.
Exclusive actions
Create a threat level

Only administrative users can configure threat levels. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view and select the Threat levels page. For a description of this page, see "Threat levels" on page 629. 3 At the bottom of the threat level list, click Add an item ( The Threat level configuration dialog box appears. 4 Enter the Name, Description, Logical ID (optional), and Color of the threat level. Make sure you choose a distinctive color for each threat level. The threat level color is used to color the Security Desk background when the threat level is set at the system level. 5 Configure the threat level Activation actions. These actions are executed by the system when the threat level is set, independently of the privileges and permissions of the user who set the threat level. For information on what actions you can configure, see "Configuring threat level actions" on page 121 and "Actions exclusive to threat levels" on page 122. 6 Configure the threat level Deactivation actions. These actions are executed by the system when the threat level is cleared or overwritten by another one, independently of the privileges and permissions of the user who cleared the threat level.
CAUTION The system does not automatically revert the configuration back to what it was before the threat level was set. You need to explicitly configure the deactivation actions to take care of that.
).
7 Click OK to close the configuration dialog box. A new threat level ( 8 Click Apply. After you are done: Do the following: ) appears in the threat level list.
Grant Set threat level privilege to all users who need to set threat levels.
NOTE For users who need to set system threat levels, they must be accepted users of the
Public partition. For more information, see "Action privileges" on page 708.
(Optional) Configure additional threat level activation and deactivation actions for specific
areas. For more information, see "Threat levels" on page 362.
120
Configuring threat level actions

Actions in Security Center typically affect a single target entity (see "Action types" on page 758). However, when actions are used to configure threat levels, the scope of many of them can be extended to all entities found under the area where the threat level is set that match the type of the target entity. For example, the action Start recording normally applies to a specific camera. If you select All entities for the Camera argument, recording will start on all cameras found under the area where the threat level is set.
NOTE If you select a specific entity for your action, the action will be applied to the selected entity regardless whether the entity is found under the area where the threat level is set or not.
121
Actions exclusive to threat levels

The following actions are unique to threat level configuration.
Action name Target entity Description
Set minimum security clearance
area (Location)
Sets the minimum security clearance level required from cardholders to access the area on top of the restrictions imposed by the access rules. Additional parameter: Security clearance. The minimum security clearance level required for the selected area. (0=highest level, 99=lowest level or no special clearance required). NOTE The security clearance is only visible to administrative users. This action only works with door controllers that support this feature. The range of supported values might vary, depending on the access control hardware. Logs out users with a lower user level than the one you specify when a threat level is set, and prevents them from logging back on. Additional parameter: User level. The minimum user level (1=highest level, 254=lowest level) required to log on to the system, or to stay logged on to the system. NOTE This action is only executed when the threat level is set of the system level. If the user setting the threat level has a user level below the required minimum, that user will be logged off the system the moment the threat level is set. Sets the reader mode for accessing doors. Additional parameter: Reader mode. Select whether access is granted using Card and PIN, or Card or PIN, for the selected areas. NOTE This action only works with door controllers and readers that support this feature.
Set minimum user level
N/A
Set reader mode
area, door (Location)
Threat level limitations

The following limitations apply when using the threat level feature:
Threat levels work independently of partitions. Therefore, a threat level set at the system
level by the users of one partition might affect the entities belonging to another partition, if the actions have a generic scope (applied to All entities). Threat levels cannot be applied to federated areas.
122
Threat level scenarios

The following scenarios serve to illustrate the use of threat levels.
"Scenario #1: Fire" on page 123 "Scenario #2: Gunman" on page 125
Related topics:
Set threat levels in the Security Desk User Guide Clear threat levels in the Security Desk User Guide
Scenario #1: Fire
In case a fire breaks out, we want the system to respond immediately with the following actions:
Sound the fire alarm

NOTE For the sake of illustration. Not a recommended practice.
Unlock all doors to let people evacuate

NOTE For the sake of illustration. Not a recommended practice.
Log off all low priority users to free as much resources (especially network bandwidth) as
possible for high priority users to manage the current threat. Record the entire evacuation process at high video quality for as long as it lasts.
123
The threat level configured to handle a fire could be as follows:
When an operator sets this threat level, the following actions are executed by the system:
Trigger output. Sounds the fire alarm by sending the Fire alarm output behavior to the
output pin Building Exit - Output-1, assuming that this is where the alarm bell is connected.
Set the door maintenance mode. Sets all doors within the area where the threat level is set
to maintenance mode, effectively unlocking all of them for an indefinite period of time. This is better than using the Unlock door explicitly action which only unlocks the doors for a few seconds.
Set minimum user level. Immediately logs off all users with a user level lower than 1,
basically every one that is not an administrator, encouraging them to leave their desk at once, as well as stopping all unnecessary activity on the network, so the administrators can have as much bandwidth as possible at their disposal to deal with the situation.
124
NOTE This action is only executed if the threat level is set at the system level. So if the fire is
limited to one area, we do not want to log off everyone from the system.
Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued. When an operator clears this threat level, the following actions are executed by the system:
Trigger output. Stops the fire alarm by sending the Normal output behavior to the output
pin Building Exit - Output-1.
Set the door maintenance mode. Turns off the maintenance mode on all doors within the
area where the threat level is set. This effectively restores all doors to their normal behavior.
Set minimum user level. Resets the minimum user level to 254 (the lowest value), allowing
all users to log back on.
Recording quality as standard configuration. Restores the standard recording quality on

all cameras within the area where the threat level is set.
Stop recording. Stops recording on all cameras within the area where the threat level is set.
This action will not stop the recording on cameras that are on a continuous recording schedule.
Scenario #2: Gunman

In case a gunman or a shooter is spotted, we want the system to respond immediately with the following actions:
Block access to where the gunman/shooter is from innocent bystanders. Record the shooting incident in high quality video as evidence in court. Protect the video recordings of the whole event against accidental deletion. Block the sensitive video footage from the public eye in case some of the video streams are shown on public web sites.
125
The threat level configured to handle a gunman/shooter could be as follows:
When an operator sets this threat level, the following actions are executed by the system:
Set minimum security clearance. Prevents the cardholders who have a security clearance
lower than 5 (between 6-99) from entering the area where the gunman is, and hopefully, preventing the gunman from getting out.
NOTE This configuration assumes that only armed security personnel have a clearance level higher than 5 (between 0-5), and that security operators continue to monitor all exits and can manually unlock doors to let the innocent people out.
Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued.
Start applying video protection. Starts protecting the videos recorded from the cameras
within the area where the threat level is set, from now until the Stop applying video protection command is issued, for an unlimited period of time.
Block and unblock video. Block all users with a user level lower than 5 from viewing the
video from the cameras within the area where the threat level is set, from now until the video blocking is explicitly stopped, for an unlimited period of time.
NOTE This configuration assumes that all security personnel has a user level higher than 5
and can continue to monitor the scene. When an operator clears this threat level, the following actions are executed by the system:
Set minimum security clearance. Restore normal access to the area to all cardholders by
setting the security clearance to 99 (the lowest level).
Recording quality as standard configuration. Restores the standard recording quality on

all cameras within the area where the threat level is set.
Stop recording. Stops recording on all cameras within the area where the threat level is set
after 30 seconds. This action will not stop the recording on cameras that are on a continuous recording schedule.
Stop applying video protection. Stops protecting the videos recorded from the cameras
within the area where the threat level is set, after one minute.
Block and unblock video. Unblock all cameras within the area where the threat level is set.
The video recorded during the time when the threat level was active will remain blocked for playback to the users whose user level is lower than 5.
Threat level related tasks

You can monitor threat level related activities with the following maintenance tasks:
System status. Use this task to monitor the threat level and security clearance set on each
areas. See "Monitoring the status of your system" on page 177.
Activity trails. Use this task to find out when threat levels have been set and cleared, and
who did it. See "Investigating user related activity on the system" on page 182.
127
Federating remote systems

The Federation is a virtual system formed by joining multiple independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system to view and control the entities belonging to independent remote systems as if they were on your local system. This section includes the following topics:
"Types of federations" on page 128 "What are federated entities?" on page 128 "Federating Omnicast systems" on page 131 "Federating Security Center systems" on page 133 "Advanced settings for large federations" on page 134
Types of federations
Security Center can join (or federate) Omnicast 4.x systems and other Security Center systems into a large federation. The system that joins other systems together is called the Federation host. Security Center does this by creating a specific federation role for each system it needs to unify. Two types of federation roles are available:
Omnicast Federation. Federates an Omnicast 4.x system so that its cameras and events can
be used in your local system. For more information, see "Federating Omnicast systems" on page 131.
Security Center Federation. Federates an independent Security Center system so that its
entities can be used in your local system. For more information, see "Federating Security Center systems" on page 133.
What are federated entities?

Federated entities are entities imported from remote independent systems. They do not belong to your local system. You can view and manipulate them in your local system, but you cannot change their native settings.
Identification of federated entities

Federated entities are easily identifiable by the yellow arrow that is superimposed on their entity icon. The following are some examples of federated entities:
Federated area entity (they are called sites in Omnicast) Federated alarm entity Federated fixed camera entity
128
Federated dome camera entity Federated camera sequence entity Federated virtual camera entity (Omnicast only) Federated cash register entity Federated door entity (Security Center only) Federated elevator entity (Security Center only) Federated cardholder entity (Security Center only) Federated credential entity (Security Center only)
Using federated entities

You can perform the following operations on federated entities in Security Desk:
View live or playback video from federated cameras. Add bookmarks, start/stop recording, and export video from federated cameras. Control the PTZ on federated dome cameras (except PTZ locking). Switch cameras on CCTV matrices via virtual cameras federated from Omnicast 4.x. For more information, see "Federating Omnicast systems" on page 131.
View, start/stop cycling, pack/unpack federated camera sequences.

For more information, see "Limitations with Omnicast Federation" on page 131.
Receive, acknowledge, snooze, forward, start/stop cycling, pack/unpack federated alarms.

For more information, see "Exceptions regarding federated alarms" on page 130 and "Limitations with Omnicast Federation" on page 131.
View and control federated tile plugins. Lock/unlock federated doors. Arm/disarm federated intrusion detection areas. Arm/disarm federated zones.
Can federated entities be configured locally?

Most federated entity properties cannot be changed on your local system, but you can use the federated entities to configure your local entities.
You cannot change their name and description. You cannot change any attributes that inherently defines the entity. This includes most
properties defined in the entity configuration tabs, although you can view them. You can assign a logical ID to each federated entity. The logical ID is a local attribute associated with the federated entity to uniquely identify it within the Federation.
129
You can choose what events you want to receive from the federated system. Based on these You can control the visibility of the federated entities to your local users via partitions. You can configure the visual tracking for cameras federated from Omnicast systems. You can use them in the configuration of local entities, such as attaching federated cameras
to local entities, or use them to define local alarms and camera sequences. events, you can define event-to-actions for the federated entities. The actions can either be executed on the Federation host or on the federated system. You can view their activity and audit trail reports in the Reporting tab.
Exceptions regarding federated alarms

Not all alarm properties are federated. Most properties pertaining to the alarm display in Security Desk must be configured locally on the Federation host. The exceptions for federated alarms are the following:
The alarm schedule follows the original configuration of the remote system. Since schedule
entities are not federated, the default schedule Always is shown instead. Alarm priority:
Omnicast: Original value is not federated. You can redefine it (default=1) locally on the Federation host.
Entity cycling is a local property to the Federation host. You can change its setting and it will Create an incident on acknowledgement is a local property to the Federation host. You can
change its setting and it will not affect the federated system. Automatic video recording is an inherent property of the alarm and cannot be modified. not affect the federated system. Automatic acknowledgement is an inherent property of the alarm and cannot be modified.
Security Center: Original value is federated and cannot be modified. Reactivation threshold is an inherent property of the alarm and cannot be modified.
Protect recorded video is an inherent property of the alarm and cannot be modified. Video display is a local property to the Federation host. You can change its setting and it will
not affect the federated system.
Alarm procedure (URL):
Omnicast: Original value is not federated. You can redefine it locally on the Federation host.
Security Center: Original value is federated and cannot be modified. Attached entities are federated as far as they are federated entities. The list is an inherent property of the alarm and cannot be modified. Alarm recipients must always be configured locally for the Federation host.
130
Related topics:
"Alarm" on page 351
Federating Omnicast systems

The Omnicast Federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. For the exact versions of Omnicast 4.x systems supported in this release, see the Security Center Release Notes.
Limitations with Omnicast Federation

Federating an Omnicast system has the following limitations:
Alarms are federated, but the alarm priority and the alarm procedure must be configured
locally on the Federation host. For more information, see "Exceptions regarding federated alarms" on page 130. Some playback capabilities are not supported on federated cameras. Smooth reverse playback is not available and the rewind speed is limited to -10x, -20x, -40x, and -100x. Camera sequences are federated, but they behave as a single camera on the Federation host. This means that the users on the Federation host cannot unpack nor stop the camera cycling on camera sequences ( ) federated from Omnicast. ) with a Web page tile
Sites ( ) are federated as areas ( ) in Security Center. Sites with a Map (URL) property ( ) are federated as areas (
plugin attached.
Configure an Omnicast federation

Before you begin: The Omnicast Compatibility Pack corresponding to the version of the Omnicast system you plan to federate must first be installed on the server where the federation role is to be hosted, and on the client workstation where Config Tool is running. The same Compatibility pack must also be installed on all secondary servers you plan to assign to the federation role, and all Security Desk workstations viewing the federated cameras. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Click Add an entity ( ), and click Omnicast Federation. 4 From the Server drop-down list, select the primary server for this role.
NOTE The Compatibility pack corresponding to the Omnicast system you wish to federate
must be pre-installed on that server. 5 In the Directory field, enter the name of the Omnicast Gateway connecting you to the remote Omnicast system.
131
6 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Omnicast system. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 7 From the Version drop-down list, select the version of the remote Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack is installed. 8 In the Federated events section, select the types of event that you want to receive on the your local system, and click Next. Events are necessary if you plan to monitor the federated entities in Security Desk, or to configure event-to-actions for the federated entities. 9 Click Next. 10 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 11 Confirm the information displayed on the Creation summary page. 12 Click Create, and click Close. The new federation role ( ) is created. 13 If you plan to host more than 40 Omnicast Federation roles on the same server, you need to assign a different role group to every 40 roles you create. For more information, see "Advanced settings for large federations" on page 134. 14 Click the Properties tab, and finalize the role configuration. For more information, see "Properties" on page 592. 15 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Omnicast Federation" on page 590.
132
Federating Security Center systems

The Security Center Federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. For the exact version of Security Center systems supported by the release you have, see the Security Center Release Notes. 1 From the Home page in Config Tool, open the System task. 2 Click Add an entity ( ), and click Security Center Federation. 3 From the Server drop-down list, select the primary server for this role. 4 In the Directory field, enter the Directory server name of the remote Security Center system. 5 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Security Center system, and click Next. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 6 Click Next. 7 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 8 Confirm the information displayed on the Creation summary page. 9 Click Create, and click Close. The new federation role ( ) is created. 10 If you plan to host more than 100 Security Center Federation roles on the same server, you need to assign a different role group to every 100 roles you create. For more information, see "Advanced settings for large federations" on page 134. 11 Click the Properties tab, and complete the role configuration. For more information, see "Properties" on page 603. 12 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Security Center Federation" on page 601.
133
Advanced settings for large federations

On a large scale deployment, Security Center can federate thousands of independent remote systems. However, there are hardware and software limitations you need to consider. The number of federation roles you can host on a single server depends on the following:
Type of federation roles you are hosting. Number of federation roles you are hosting. Type of computer running Genetec Server.
Low capacity: Intel Core 2 Duo 3.0 GHz, 2 GB RAM Medium capacity: Dual Core Intel Xeon 2.66 GHz, 4 GB RAM High capacity: Quad Core Intel Xeon, 2.00 GHz, 4 GB of RAM
What is a role group?

When a large number of federation roles are hosted on the same server, they need to be divided into multiple role groups. All roles belonging to the same role group are executed by the same process on the same machine. There is a limit to the number of roles a single process can handle. The following table helps determine how many role groups you need on your server.
NOTE These calculations assume that each federated system (either an Omnicast system or a Security Center system) has 150 cameras.
Role type Number of federation roles supported on a single server
Single role group (Any hardware profile) Omnicast Federation Security Center Federation 40 100
Multiple role groups (Low and Medium capacity hardware profiles) Contact Genetec Technical Assistance (see "Technical support" on page 869) Contact Genetec Technical Assistance (see "Technical support" on page 869)
Multiple role groups (High capacity hardware profile) 100 500
EXAMPLES
A single role group can have up to 40 Omnicast Federation roles. Therefore, a high capacity
computer hosting 100 Omnicast Federation roles requires three separate role groups, divided as follows: 30 roles on the first group, 30 roles on the second group, and 40 roles on the third group. A single role group can have up to 100 Security Center Federation roles. Therefore, a high capacity computer hosting 500 Security Center Federation roles requires five separate role groups.
134
Configure the role group

You need to configure the role group for federation roles only when you have a large number of roles to host on the same server. 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the role entity to configure. 3 Click the Identity tab. 4 In the Name field, type Ctrl+Shift+A. The Advanced settings appear at the bottom of the tab. 5 Change the Role group if necessary. To determine how many roles you can put in the same group, see "What is a role group?" on page 134. 6 Click Apply.
135
Defining custom fields and data types

"Why use custom fields?" on page 136 "Add a custom field" on page 136 "Add a custom data type" on page 138 "Modify a custom data type" on page 139
Why use custom fields?

Custom fields can be added to some types of entities. These fields can be used to collect additional information. For example, you can add gender, home phone number, and cellphone as custom fields on a user entity. Custom fields are also useful for holding additional information when users and cardholders are imported from your companys Active Directory. For more information, see "Integrating with Windows Active Directory" on page 140. Custom fields can be of any type and you can define them yourself. Once added, the custom field is available in all database reports and queries. When custom fields contain private information, you can restrict their access to contain groups of users.
Add a custom field

Before you begin: A custom field can be based on a standard data type or a custom data type. Custom data types must be created beforehand if they are to be used to create custom fields. For more information, see "Add a custom data type" on page 138. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. For more information, see "Custom fields" on page 619.
136
3 Click
at the bottom of the custom field list.
The Add custom field dialog box appears.
4 From the Entity type drop-down list, select the entity type. 5 From the Data type drop-down list, select the data type for this field. Both standard and custom data types are listed. The standard data types are:
Text. Alphanumeric text. Numeric. Integers in the range -2147483648 to 2147483647. Decimal. Real numbers from -1E28 to 1E28. Date. Gregorian calendar date and time. Boolean. Boolean data, represented by a check box. Image. Image file. The supported formats are: bmp, jpg, gif, and png. Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of field. See "Search for entities using the Search tool" on page 43.
137
6 In the Name field, type the name for this custom field. 7 (Optional) In Default value field, type or select the default value for this field. 8 Depending on the selected data type, the following additional options appear:
Mandatory. Select it if this custom field cannot be empty. Value must be unique. Select it if the value of this custom field must be unique.
NOTE The unique value option can only be enforced after the field is created. To enforce this
option, you must first make sure that all entities in your system have a distinct value for this custom field, then come back to this tab to apply the unique value option to it. 9 (Optional) Under the Layout section, type the Group name, and select the Priority from the drop-down list. These two attributes are used when displaying the field in the Custom fields tab of associated entity. The group name is used as the group heading, and the priority dictates the display order of the field within the group. 10 (Optional) Under the Security section, click to add users and user groups that will be able to see this custom field. By default, only administrative users can see a custom field. 11 Click Save and close. The new custom field is available in the Custom fields tab of the selected entity type and can be used in reports. For an example, see Common configuration tabs "Custom fields" on page 335.
Add a custom data type

Custom data types define a list of values based on a standard data type. Custom data types appear in a drop-down list in the Custom fields tab of the entitys configuration page. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. 3 Click the Custom data types tab. For more information, see System General settings "Custom data types" on page 621. 4 Click at the bottom of the custom data type list. The custom data type creation wizard appears. 5 In the Edit custom data type page, enter the Name, Description, and Type for your custom data type, and click Next. 6 In the Data entry page, enter a value in the Value field and click The entered value is added to the enumerated list. 7 Repeat Step 6 to define all possible values for this data type. 8 When you are finished, click Next, Next, and Close. .
138
Modify a custom data type

Before you begin: You can modify a custom data type even after it is being used in a custom field. For instance:
You can rename a custom data type. You can add new values to the custom data type. You can delete a value as long as it is not used as the default value for a custom field.
If you delete a value that is already being used by an entity, the value of that custom field for that entity is replaced by its default value. But there are restrictions:
You cannot change the standard data type on which the custom data type is based. Modifying a value is equivalent to deleting the old value and adding a new value.
NOTE Suppose you have a custom data type with the possible values of A, B, and C, and a
custom field based on this custom data type with A as its default value. If you change the value C to D in the custom data type, the entities using the value C for this custom field will not see their values change to D, but to A (the default value). To modify a custom data type:
Select it in the Custom data types tab, click
, and follow the wizard.
139
Integrating with Windows Active Directory

"What is Active Directory integration?" on page 140 "What are the benefits of AD integration?" on page 140 "How does Active Directory integration work?" on page 141 "What information can be synchronized with the AD?" on page 142 "How does synchronization work?" on page 142 "Import security groups from an Active Directory" on page 143 "Select which cardholder fields to synchronize with the AD" on page 146 "Mapping the credential card format to an AD attribute" on page 147 "Map custom fields to synchronize with the AD" on page 148 "Resolve conflicts due to imported entities" on page 149 "Modifying imported users" on page 151 "Modifying imported cardholders" on page 151 "Logging on with an Active Directory user" on page 153
What is Active Directory integration?

The integration of Windows Active Directory (AD) into Security Center allows you to manage all personnel security information from a single location, whether it is for logical security (IT) or for physical security (control access to physical locations). You can import security groups from an AD into Security Center as user groups and/or cardholder groups. Members can be imported as users and/or cardholders. Both standard and custom attributes can be imported from the AD. Most imported fields can only be modified within the AD and are read-only in Security Center. You can import entities from more than one AD if necessary. For example, from Security Center, you can manage access to a facility shared by multiple companies, such as an office building. As system administrator, you can import users and/or cardholders from their individual Active Directories, and manage them in separate partitions.
What are the benefits of AD integration?

Having a centralized security information management system provides many benefits.
Less data entry means fewer errors and better control during initial Security Center setup,
since users and cardholders can be imported from an existing AD.
140
Consistency and better security since all shared information is entered only once.
A new user account added to an imported security group automatically adds a new user and/or cardholder in Security Center.
A user account that is disabled in the AD automatically disables the corresponding user and/or cardholder in Security Center. Single logon capability for synchronized Security Center users.
Users logged on to Windows do not have to log on to Security Center.
How does Active Directory integration work?

To import users and/or cardholders from one or more ADs, you need to create an Active Directory role for each AD. The Active Directory role connects your Security Center system to an Active Directory server, and imports users and/or cardholders from selected security groups. Imported entities are identified in Security Center by a yellow arrow ( ) superimposed on the regular entity icon. Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the AD. Another function of the Active Directory role is to pass the logon credentials of imported users to the AD service for validation.
141
How does synchronization work?

All imported entities are synchronized with their source by the Active Directory role. Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder properties (see "Modifying imported users" on page 151 and "Modifying imported cardholders" on page 151). Imported entities cannot be deleted unless they are deleted from the AD.
CAUTION If you move a security account from a synchronized AD security group to one that is not synchronized, it is as though the account ceases to exist in Security Center. The Active Directory role deletes the corresponding entities (users and/or cardholders) from Security Center the next time it synchronizes with the AD.
Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:
Manually. Synchronization is performed when you explicitly request it. This is the default
setting. The advantage of this approach is that you have perfect control over when you want the synchronization to be done.
On schedule. The imported groups are synchronized using a scheduled task. For more
information, see "Using scheduled tasks" on page 109.
What information can be synchronized with the AD?

Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user group, user, cardholder group, and cardholder fields to import from the AD in the Links tab of the Active Directory role. The standard attributes you can import from the AD are:
User group
Name Description
Email address User

Username Password Description Membership in the imported user group First name Last name Email address Account status: Active or Inactive
142
Cardholder group
Name Description
Email address Cardholder

Cardholder name Description Membership in the imported cardholder group First name Last name Email address Partition Cardholder picture Profile status: Active or Inactive Card data Card format Card number Credential name Credential partition Credential status Facility code
Additional attributes are imported from the AD by mapping them to Security Center custom fields. The Active Directory role keeps all imported fields synchronized with the AD. See "Map custom fields to synchronize with the AD" on page 148.
Import security groups from an Active Directory

When you import an AD security group, you must import all members of that group. If you only want to import a subset of its members, for example, only Security Center users, then you need to define a new AD security group with only the members you wish to import.
IMPORTANT
If multiple ADs are to be integrated into Security Center, they must all belong to different
domains. If you have servers in your system that are still running an older version of Security Center, you should upgrade them to the current version before using them to host a new Active Directory role.
143
To import security groups: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, then click Add an entity ( 3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted. b In the Active Directory field, enter the hostname or the IP address of the AD server.
NOTE If encrypted communication is used, the default port is 636. If you selected a different port, you need to append it to the AD server name, separated by a colon (:),
) and select Active Directory.
c Specify how you want the role to connect to the AD server. With both choices, you must have read access to the selected AD service.
Use the Windows credentials assigned to the Genetec Server service running on the server hosting the Active Directory role. Specify a different set of Windows credentials (username, password).
4 In the Basic information page, enter the name, description, and partition where the Active Directory role will be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Active Directory role ( the AD server. ) is created. Wait a few seconds for the role to connect to
6 In the Properties tab, select the AD security groups to import.

NOTE There are two types of groups in Windows Active Directory: distribution groups and
security groups. Security Center can only synchronize with security groups. a Click Add an item ( ).
144
b Select the security groups to add to your Active Directory role. Use one of these two methods:
(Recommended) Type text in Find Active Directory groups, and click
If the text you entered matches a single group, it is automatically added to the Selected groups list. If the text you entered matches multiple group names, a second dialog box will appear listing all the group names that match the text you entered. Select the ones you want, and click OK to add them to the Selected groups list.
Under the Selected groups list, click (
).
The Active Directory members dialog box appears. Select a security group, and click OK. Only security groups can be synchronized. If you selected an item that is not a security group, the OK button remains disabled.
NOTE The names shown in that dialog box are display names. Security Center only synchronizes the account names because they are guaranteed to be unique. Typically, the display names and the account names are the same. The only way to tell them apart is that the display names contain spaces.
c Repeat the previous step as often as necessary until all security groups you wish to synchronize with the AD are listed in Selected groups, then click OK. The selected groups are listed under Synchronized groups in the Properties tab. For more information about the Properties tab, see Active Directory "Properties" on page 517. 7 For each of the synchronized groups, specify how you want to import them.
You have the following options:
As user group. Select this option to import the synchronized group as user group, and the group members as users. Create user on first logon. This is the default option, and it creates an empty user group. User entities will only be created when someone tries to log on with it. It avoids having to create all user entities at once, which can freeze up the system. If you clear this option, all user entities will be created at the same time as a user group.
145
As cardholder group. Select this option to import the synchronized group as cardholder group, and the group members as cardholders. There is no delayed creation for cardholders. All synchronized cardholders are created at once. Import credentials. Select this option to import the credential information of the synchronized cardholders
8 If you are importing the AD security group as cardholder group, select which cardholder fields you want to synchronize with the AD. See "Select which cardholder fields to synchronize with the AD" on page 146. 9 (Optional) "Map custom fields to synchronize with the AD" on page 148. 10 Click Apply, and then click Synchronize now ( ). All synchronized groups and their members are imported as Security Center entities according to your specifications, with a yellow arrow ( ) superimposed on their icon. After you are done: Some additional configuration might be required, depending on what you synchronized with the AD:
If you already had entities configured in your system, you might need to resolve some
conflicts due to the import. See "Resolve conflicts due to imported entities" on page 149. (Optional) Configure the imported user groups with proper privileges and security options so when new user entities are created, they can automatically inherit those properties from their parent user group. For more information, see "Defining user groups" on page 96. (Optional) Configure the imported cardholders and cardholder groups. For more information, see "Configuring cardholders and cardholder groups" on page 283. (Optional) Create a scheduled task to synchronize imported entities with the AD on a regular basis. For more information, see "Create a scheduled task" on page 109. After you create a scheduled task, the warning message No scheduled task exists to synchronize this role disappears from the Properties tab.
Select which cardholder fields to synchronize with the AD

Before synchronizing with the AD, you need to select which cardholder attributes you want to import from the AD by mapping them to Security Center fields in the Links tab of the Active Directory role. The mapping can be different for each Active Directory role in your system.
146
To map AD attributes to cardholder fields: 1 From the Links tab of the Active Directory role, click Add an item ( ).
2 Select a Security Center cardholder field and an AD attribute, and then click OK.
IMPORTANT The data type of the Security Center field must match that of the AD attribute: text with text, decimal with decimal, date with date, and so on. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 If you are importing cardholder credential fields, do the following in the Links tab:
From the Card format drop-down list, select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147. From the Badge template drop-down list, select a default badge template to use for the imported cardholder credentials.
5 Click Apply. The mapped cardholder fields are displayed in the Links tab. When you synchronize with the AD, most of them are read-only.
Mapping the credential card format to an AD attribute

If you decide to map the credential Card format property to an AD attribute, that attribute must contain either a numeric value (for standard card formats) or the exact card format name (text).
147
The following table shows you the numeric value and the text value corresponding to each of the standard card formats supported by Security Center, and their descriptions.
Number Format name (Text) Facility code range Card number range
0 1 2 3 4
Standard 26 bits HID H10306 34 Bits HID H10302 37 Bits HID H10304 37 Bits HID Corporate 1000
0 to 255 0 to 65 535 Not required 0 to 65 535 0 to 4095 (also known as Company ID Code
0 to 65 535 0 to 65 535 (also known as Card ID Numbers) 0 to 34 359 738 367 0 to 524 287 0 to 1 048 575 (also known as Card ID Numbers)
For custom card formats, you must use the exact spelling used to create the custom card format. For more information, see "Custom card format editor" on page 670.
Map custom fields to synchronize with the AD

In addition to default attributes, you can import other attributes from the AD by mapping them to Security Center custom fields. The custom field mapping can be different for each Active Directory role in your system. Before you begin:
The workstation where Config Tool is running must be on the same network domain as the
AD server. The custom fields that will receive data from the AD must be defined beforehand. For more information, see "Defining custom fields and data types" on page 136. No more than 32 custom fields can be mapped to the AD.
To map custom fields, do the following: 1 From the Links tab of the Active Directory role, click Add an item ( ).
148
2 Select the custom field and the AD attribute, and then click OK.
IMPORTANT The data type of the custom field must match that of the AD attribute: text with text, decimal with decimal, date with date, etc. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 Click Apply. The mapped custom fields are displayed in the Links tab. When you synchronize with the AD, they are read-only.
Resolve conflicts due to imported entities

Conflict resolution might be necessary if you have existing entities (users and/or cardholders) in your database prior to importing entities from the AD. When a synchronized entity has the same name as a local entity, the Active Directory role sees it as a potential conflict. You can use the Conflict resolution tool to merge local entities with synchronized ones, by copying the nonsynchronized fields from the local entity to the synchronized entity ( ). The relationships the local entity had with other entities in the system are also copied. When the merge is complete, the local entity is deleted, eliminating duplicate entities. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Active Directory role ( 3 In the Contextual command bar, click Conflict resolution ( ) from the entity browser. ).
149
The Active Directory conflict resolution dialog box appears. All synchronized entities are listed to the left. The ones that conflict with a local entity are flagged in green.
4 Select a conflicting entity from the Synchronized entities list. All local entities that can be merged with the imported entity are listed to the right. Do one of the following:
Select No selection if you do not wish to merge it with a local entity. Select the local entity to be merged with the imported entity.
5 Repeat the previous step for all synchronized entities flagged in green. 6 Click Finish to save the conflict resolution decisions to a file on disk. The default file name is Conflict_Manifest.data. Be sure to save the file to a location that can be accessed from your main server and all servers hosting the Access Manager role. 7 (Optional) If you have user conflicts to resolve, apply the conflict manifest to your Directory database. a Connect to the Server Admin of your main server with a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. b In the Directory tab, under the Database group, click Resolve conflicts ( c In the dialog box that appear, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. 8 (Optional) If you have cardholder conflicts to resolve, apply the conflict manifest to your Directory database and your Access Manager database. ).
150
a Select your Access Manager role from the Roles view of the System task. b Click the Resources tab, and click Resolve conflicts ( d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. After conflict resolution, all synchronized entities that are merged with a local entity inherit their local properties, and all merged local entities are deleted. ). c In the dialog box that appears, browse to the Conflict_Manifest.data file.
Modifying imported users

If you have users that are imported from an Active Directory, you can set the users status to inactive. The user becomes desynchronized from the AD until you activate the user again. 1 From the Home page in Config Tool, open the Security task. 2 Select an imported user ( ), and click the Properties tab. 3 Set the User status option to Inactive.
Click Apply.
The user is no longer synchronized with the AD. It will only become synchronized again once you set the users status to Active.
Modifying imported cardholders

If you have cardholders that are imported from an Active Directory, there are a few cardholder properties that you can modify in Security Center, such as the cardholders status or their picture. This section includes the following topics:
"Assign pictures to imported cardholders" on page 151 "Assign temporary cards to imported cardholders" on page 152 "Modify the status of imported cardholders" on page 152
Assign pictures to imported cardholders
You can assign a picture to the imported cardholder from Security Center, and then synchronize the picture with the Active Directory. 1 From the Cardholder management task, assign a picture to the cardholder. For more information, see Assign a picture to the cardholder in the Security Desk User Guide. 2 From the Home page, open the System task. 3 Select the Active Directory role, and then click the Links tab.
151
4 Select the Upload pictures to Active Directory option. 5 Click Apply. 6 Click the Properties tab, and then click Synchronize now.
NOTE If Security Center synchronizes with the AD based on a scheduled task, then the next
time the synchronization occurs, the new cardholder picture is synchronized with the AD.
Assign temporary cards to imported cardholders

If an imported cardholder forgets or loses their card, you can assign them a temporary card in the Cardholder management task. When you assign them a temporary card, their credential becomes greyed out in Config Tool until the card is returned. For more information about assigning or returning temporary cards, see Assign a temporary card to a cardholder in the Security Desk User Guide.
Modify the status of imported cardholders

You can modify the status and expiration date of an imported cardholder in Security Center. The cardholder becomes desynchronized from the AD. 1 From the Home page in Config Tool, open the Access control task. 2 Select an imported cardholder ( ), and click the Properties tab. 3 In the Status section, move the slider from Keep synchronized to Override.
152
4 Set the cardholders status and expiration date:
Status. Set the cardholder status to Active or Inactive. If the cardholder status is inactive, then the credentials assigned to the cardholder do not work, and the cardholder does not have access to any area.
Activation. Displays the current date.
Expiration. Set the cardholder to expire Never, on a specific date, or after a specified number of days after the first use. Click Apply.
The cardholder is no longer synchronized with the AD. It will only become synchronized again once you set the cardholders status to Keep synchronized.
Logging on with an Active Directory user

"Log on with Windows credentials" on page 153 "Log on in an multiple AD integration scenario" on page 153
Log on with Windows credentials
When youre signed on to Windows using an account that happens to be synchronized with Security Center, you can log on to Security Center without having to retype your username and password.
In the Security Center logon dialog box, select the option Use Windows credentials and
click Log on.
Log on in an multiple AD integration scenario

If multiple ADs are integrated into your system, you must to specify the Windows domain name with your username (for example genetec\dtsiang) when you log on to Security Center
153
using the basic authentication method. This is to let Security Center know which AD service to call for the validation of your credentials.
TIP If you are already signed on to Windows using the account that is synchronized to your Security Center user, then use the single logon option instead. For more information, see "Log on with Windows credentials" on page 153.
154
Managing intrusion panels

Intrusion panels (also known as alarm panels) can be integrated to Security Center for centralized monitoring, control, and reporting. This allows you to monitor the status of each zone in real time, generate detailed activity reports and arm/disarm zones (or partitions) defined on those intrusion panels through Security Desk. This section includes the following topics:
"How are intrusion detection panels represented in Security Center?" on page 155 "What does the Intrusion Manager role do?" on page 156 "Enroll an intrusion panel" on page 156 "Edit intrusion detection unit peripherals" on page 158 "Create an intrusion detection area" on page 159
How are intrusion detection panels represented in Security Center?

Intrusion detection panels and other intrusion detection concepts are represented in Security Center by the following entity types:
Intrusion detection unit. Represents an intrusion panel that is monitored and controlled
by Security Center. Each intrusion panel can control multiple zones (or group of sensors). For more information, see "Intrusion detection unit" on page 423.
Intrusion detection area. Corresponds to an area (also known as a partition or zone)

configured on an intrusion panel. Intrusion detection areas are monitored in Security Desk. Users can perform the following actions on these areas:
Master arm. Arming an intrusion detection area so that all sensors attributed to the area set off the alarm if triggered. Some manufacturers call this arming mode Away arming. Perimeter arm. Arming an intrusion detection area so that only sensors attributed to the perimeter of that area set off the alarm. Other sensors such as motion sensors inside that area will be ignored.
Disarm. Tells the intrusion panel to ignore all sensors attributed to this area. If an alarm is set off by this area, disarming it also turns the alarm off. For more information, see "Intrusion detection area" on page 421.
For a list of intrusion detection panels supported in Security Center, see the Security Center Release Notes.
155
What does the Intrusion Manager role do?

The Intrusion Manager role is responsible for the integration of intrusion panels with Security Center. It listens to the events reported by the intrusion panels, provides live reports to Security Desk, and logs the events in a database for future reporting. The Intrusion Manager also relays user commands to intrusion panels such as arm/disarm intrusion detection areas, and triggering panel outputs through event-to-actions.
Creating an Intrusion Manager role

The Intrusion Manager role is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. Best practice: It is recommended to run the intrusion panels and Intrusion Manager role on a secure network to prevent hackers from attempting to control the intrusion panels from outside by sniffing your network.
Limitations of the Intrusion Manager role

For purposes of failover, the Intrusion Manager can be assigned to more than one server. However, if your intrusion panel is directly connected to your server via a serial port, failover is not supported. For more information, see"Configure failover for roles" on page 64.
Enroll an intrusion panel

Before you begin: The Intrusion Manager role responsible for the intrusion panel must be created first. If the intrusion panel is going to be controlled via serial port, it should be connected to the server hosting the Intrusion Manager role. For additional information, see:
"How Bosch intrusion panel integration works" on page 804 "How Galaxy Dimension control panel integration works" on page 806
Enrolling an intrusion panel allows you to monitor and control its areas (or zones, or partitions) from Security Desk. 1 From the Home page in Config Tool, open the Intrusion detection task. 2 In the Contextual commands toolbar, click Add an entity ( ) > Intrusion detection unit. 3 In the intrusion detection unit creation wizard, enter the Basic information for this unit, and click Next. 4 From the Intrusion Manager drop-down list, select the role that will be managing this unit. 5 From the Unit type drop-down list, select the unit manufacturer. 6 From the Interface type drop-down list, select IPv4 or Serial.
If you selected IPv4, type the IP address and port numbers that are configured on the unit. If you selected Serial, type the COM port used to connect the unit to Security Center.
156
NOTE The choice of interface type cannot be changed after the entity has been created. If you choose to use the serial interface, the Intrusion Manager will not support failover.
7 Click Next. 8 Click Create, and click Close. A new intrusion detection unit entity is created. For certain types of intrusion panels (such as Bosch), the Intrusion Manager automatically creates intrusion detection areas (also known as zones or partitions) configured on the panel for you. These entities appear in the Logical view. 9 Click the Properties tab, and configure the unit specific settings. For more information, see "Properties" on page 424. 10 Click the Peripherals tab, and assign logical names, IDs, and descriptions to the input and output devices controlled by the unit. This is also where you define whether the input is an interior or perimeter input and its normal contact state. For more information, see "Edit intrusion detection unit peripherals" on page 158. 11 Configure the intrusion detection areas controlled by this unit. a If the intrusion detection areas are automatically created by the Intrusion Manager, they are found under the root of the Logical view task. For more information, see "Intrusion detection area" on page 421. b If the Intrusion Manager did not create the intrusion detection areas automatically, youll need to create them manually. For more information, see "Create an intrusion detection area" on page 159.
157
Edit intrusion detection unit peripherals

You can assign a meaningful name, a logical ID, and a description to each device connected to the intrusion detection unit, so you can easily identify those devices in Security Center. Depending on the configuration of your physical intrusion unit, you might also need to define the inputs as Perimeter or Interior, as well as the normal contact state (open or closed).
WARNING The configuration of Interior versus Perimeter inputs must be set if the physical intrusion panel itself has been configured to differentiate between interior and perimeter inputs. NOTE The physical name of the device can only be changed on the panel itself.
1 In the Peripherals tab of an intrusion detection unit entity, select a device in the list. 2 Click . 3 In the dialog box that appears, enter the Name, Logical ID, and Description for that device. 4 Set the Input type to either Perimeter or Interior (if the physical intrusion unit is configured as such) 5 Set the Contact type as either Normally open or Normally closed. 6 Click OK
7 Repeat Step 1 to Step 3 as necessary. 8 Click Apply.
158
Create an intrusion detection area

Before you begin: Intrusion detection unit must be enrolled before you can create areas. If the intrusion detection areas werent automatically created after the intrusion detection unit was enrolled, youll have to create the areas manually. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity detection area. > Show all > Intrusion
3 In the intrusion detection area creation wizard, enter the Basic information for this area, and click Next. 4 From the Intrusion detection unit drop-down list, select the unit on which this area is defined. 5 Under Intrusion detection area unique ID, enter the ID or name of the area as it is configured on the intrusion panel. 6 Click Next, Create, then Close. A new intrusion detection area entity is created. For more information, see "Intrusion detection area" on page 421.
159
Managing zones
Managing zones
The concept of a zone is borrowed from the world of alarm panels, in which electric inputs are associated with zones to trigger specific alarms. This section includes the following topics:
"What is IO linking?" on page 160 "What is a zone?" on page 160 "About zone management roles" on page 161 "Creating zones" on page 161 "Which type of zone works best for me?" on page 163
What is IO linking?
IO linking is the control of specific output relays based on the combined result of a specific set of electric inputs. Each input can be connected to a specific monitoring device, such as a motion sensor, a smoke detector, a door or window contact, and so on.
EXAMPLE A standard application is the linking of a glass break sensor on a window connected
to an input pin on a unit that sounds a buzzer (via an output relay) when that window is shattered.
What is a zone?
The concept of IO linking is represented by the zone entity in Security Center. Since everything is controlled by software, a zone entity can do a lot more than just IO linking. The idea of using inputs to trigger output relays is expanded to trigger events. Using the eventto-action mechanism, these events can in turn be used to trigger alarms, send emails, start camera recording, and so on. Therefore, in Security Center, a zone is used to monitor a set of inputs in order to trigger events based on their combined states. These events can be used to trigger output relays or trigger other actions on the system.
TIP You can define custom events to correspond to each of the special input combinations. For more information, see "What is a custom event?" on page 106.
When do I arm and disarm a zone?

The event triggers associated with a zone can be activated all at once by arming the zone, or deactivated all at once, by disarming it. A zone can be armed by software (using an action command or according to a schedule), or via hardware (for units that support this feature).
160
Managing zones
What is a hardware zone?

A hardware zone is a subtype of the zone entity where the IO linking is done by hardware. This entity type called simply zone in Synergis 2.x and in Security Center 3 and 4. A hardware zone is controlled by a single access control unit. Hardware zones cannot be armed or disarmed from Security Desk or via software commands. However, once an access control unit has been configured via Security Center, it can make decisions on its own without being connected to or controlled by Security Center.
What is a virtual zone?

A virtual zone is a subtype of the zone entity where the IO linking is done by software. The input and output devices are linked by software, and can belong to different units of different types, such as video units and intrusion detection units. A virtual zone is controlled by the Zone Manager role and can only work online. This means that the units whose inputs and outputs are linked via the zone must be in constant communication with Security Center for the zone to work. Because virtual zones are solely controlled by software, you can use Security Desk to arm/ disarm a virtual zone, and use the Arm zone and Disarm zone actions in those contexts where those actions are permitted in Security Center.
About zone management roles

Zones are managed by two different types of roles in Security Center. Before creating a zone, you must first ensure that the appropriate role is created and configured.
Hardware zones are managed by the Access Manager role.

The Access Manager is created by default when Synergis is enabled in your software license. For more information, see "Configuring the Access Manager role" on page 260.
Virtual zones are managed by the Zone Manager role.

The Zone Manager is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. For information on its specific settings, see "Zone Manager" on page 608.
Creating zones
The creation procedures for a hardware zone and a virtual zone are different. Once the zone has been created, you cannot change its type.
161
Managing zones
Create a hardware zone

Before you begin: The access control unit used to control the zone must be added to your system and managed by an Access Manager role. A hardware zone allows you to program the IO linking behavior on an access control unit so it can operate on its own even when the unit is not connected to the Access Manager. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity 4 In the Zone information page, click Zone. 5 From the dialog box, select the access control unit for this zone and click OK. 6 Click Create, and click Close. A new hardware zone entity is created. 7 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see "Properties" on page 503. 8 Click the Arming tab, and configure how this zone should be armed. For more information, see "Arming" on page 504. 9 Click the Cameras tab, and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Try out your zone and verify the generated events with the Zone activities report. For more information about the Zone activities report, see the Security Desk User Guide. , and click Zone. 3 In the zone creation wizard, enter the Basic information for this zone, and click Next.
Create a virtual zone

Before you begin: The Zone Manager role responsible for the zone must be created. A virtual zone allows you to turn monitoring on/off the various input devices (sensors, switches, and so on) on your system via Security Desk and to use them to trigger events. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity 4 In the Zone information page, click Virtual zone. If you have multiple Zone Manager roles, you are prompted to select one. 5 Click Create, and click Close. A new virtual zone entity is created. 6 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see"Properties" on page 507. 7 Click the Arming tab, and configure its arming schedule and delays. , and click Zone. 3 In the zone creation wizard, enter the Basic information for this zone and click Next.
162
Managing zones
For more information, see "Arming" on page 508. 8 Click the Cameras tab and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Arm your zone in Security Desk and test your configuration. For more information, see zone-related tasks in Genetec Security Desk User Guide.
Which type of zone works best for me?

Hardware zones are recommended when quick response and offline operations are crucial for your security system. In all other situations, virtual zones offer the same functionality but with greater flexibility. The table below will help you make you decide. Table 6-1: Differences between hardware and virtual zones
Characteristics Hardware zone Virtual zone
Role IO linking (inputs) IO linking (outputs) Operation mode Arm/disarm via Security Desk Arm/disarm via actions Arm/disarm via key switch
Access Manager All inputs must be from the same access control unit All outputs must be from the same unit as the inputs Offline and mixed mode No No Yes (the key switch must be wired to an input pin on the same access control unit) Yes (only one schedule at a time, and cannot be combined with the key switch approach) Yes (only in mixed mode) Yes The unit is sometimes dis connected from the system
Zone Manager Can combine inputs from any unit of any type Can trigger outputs on any unit of any type Online mode only Yes Yes No
Arm/disarm on schedule
Yes (multiple schedules can be specified) Yes Yes Zone arming/disarming needs to be controlled via software
Trigger other actions Zone activity report Recommended when
163
Supporting cross-platform development
Supporting cross-platform development

Security Center supports cross-platform development. This section includes the following topics:
"What does the Web-based SDK role do?" on page 164 "Using the Web-based SDK" on page 164
What does the Web-based SDK role do?

The Web-based SDK role exposes the Security Center SDK methods and objects as Web services so developers on platforms other than Windows (for example Linux) can write custom programs to interact with Security Center. For more information, see "Web-based SDK" on page 605.
Using the Web-based SDK

Genetec Professional Services can help you develop the custom solution you need. To find out more, contact your sales representative, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.
164
Creating tile plugins

You can create a tile plugin that links to a Web site or a map file (a compiled .dll file), that you can view and interact with in Security Desk. This section includes the following topics:
"Create a tile plugin that links to a Web site" on page 165 "Create a tile plugin that links to a map file" on page 165
Create a tile plugin that links to a Web site

You can create a tile plugin that links to a Web site that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. For more information about tile plugins, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Tile plugin. 3 In the Creating a tile plugin wizard, enter the entity name and description. 4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Web site. 6 Click Next > Close. The tile plugin appears in the Logical view with a Web site icon ( 7 Select the tile plugin, and click the Properties tab. 8 In the Web page option, type a Web address.
TIP Select a URL that can be reached from all Security Desk workstations.
).
9 Click Apply.
Create a tile plugin that links to a map file

You can create a tile plugin that links to a .dll or .xaml file that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. Before you begin: The map file must be created and located on your local computer. For more information about how to map files are created, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Tile plugin. 3 In the Creating a tile plugin wizard, enter the entity name and description.
165
4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Tile plugin. 6 In Windows, select the .dll file that the tile plugin will link to, and click Open. 7 Click Next > Close. The tile plugin appears in the Logical view with the default tile plugin icon ( 8 Select the tile plugin, and click the Properties tab. 9 To select another map file, click Modify, and select another .dll file. 10 Click Apply. ).
166
7
Troubleshooting
This part explains how to maintain and troubleshoot your Security Center system, such as verifying your system configurations, monitoring the health of your system, troubleshooting entity states, and so on.
NOTE For specific tasks related to video or access control maintenance and troubleshooting, see Chapter 9, Managing Omnicast on page 223 and Chapter 11, Managing Synergis on page 295.
"Viewing system messages" on page 168 "Viewing system health events" on page 170 "Monitoring the status of your system" on page 177 "System status task" on page 172 "Monitoring the status of your system" on page 177 "Troubleshooting entity states" on page 179 "Diagnosing entities" on page 180 "Finding out who made changes on the system" on page 181 "Investigating user related activity on the system" on page 182 "Viewing properties of units in your system" on page 184
167
Viewing system messages

If you receive messages from the system, you can review them from the notification tray, and diagnose the trouble entities. You can receive three types of messages from the system:
Health issues Warnings Messages
NOTE System messages are not the same as health events related to entities. Health events can be health issues, but health issues are not necessarily health events. For more information about health events, see "Viewing system health events" on page 170.
For more information about diagnosing trouble entities, see "Diagnose role problems" on page 51. To view system messages: 1 In the notification tray, double-click the System messages (
) icon.
2 In the Health issues tab of the Notifications dialog box, do one of the following: From the Sort by drop-down list, select how to display the health issues. You can sort them alphabetically by health event type, event timestamp, machine (computer name), or source (entity name). Click an entity to open its configuration pages, to diagnose the entity. Click in a row to launch a Health history task (see "Viewing system health events" on page 170). Click Refresh to update the content displayed in the Health issues tab.
168
3 In the Warnings (
) tab, do one of the following:
Click an entity to open its configuration pages in Config Tool. Click Details ( ) to open the diagnostic window, which provides additional details about the warning. From this window you can save the warning as a text file, or click Refresh to rerun the diagnostic tests.
4 In the Messages (

) tab, select a message, and do one of the following:
Click Copy to clipboard to copy the selected message to the clipboard. Click clear to delete the selected messages. Click Clear all to clear all messages. to close the Notification dialog box.
5 Click
169
Viewing system health events
Viewing system health events

You can view system health events related to selected entities within a specified time range, using the Health history report. What you should know There are three severity levels of health events:
Health errors Warnings Information
Almost every entity in your system can generate health events. You can choose which health events to monitor by configuring the Health monitor role in Config Tool. For information, see "Configure health events to monitor" on page 79.
NOTE Health events also appear in the notification tray as system messages ( in real time (see "Viewing system messages" on page 168).
) as they occur
To view system health events related to an entity: 1 From the Home page, open the Health history task. 2 Set up the query filters for your report (see "Query filters" on page 712). 3 To include current health events in the report, click the Show current health events heading. When the heading is enabled, it appears as On 4 Click Generate report. The health events of the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
EXAMPLE If an entity is experiencing issues, you can search for past health events that have
occurred in relation to that entity. If you want to search if there were critical errors that happened in the system during the last week, you can filter you search only for errors, and set a time range.
170
Viewing the health status and availability of entities
Viewing the health status and availability of entities

You can monitor the overall health of your system, using the Health statistics report. What you should know By monitoring the health and availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and even prevent critical system failures. One of the important fields in the Health statistics report is the Availability of a given entity. Availability is expressed as a percentage. To view the health status and availability of an entity: 1 From the Home page, open the Health statistics task. 2 Generate your report (see "Generate a report" on page 30). The health statistics for the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. If health statistics could not be calculated for a given role or entity, the reason is shown in the Calculation status column of the report pane:
One or more events used to calculate availability are currently disabled. The system administrator needs to select which health events to monitor in the Config Tool. For more information, see Health monitor - "Properties" on page 561. One or more servers from the system are offline. The server hosting the selected role is offline, therefore, the health statistics cannot be calculated for the role.
EXAMPLE A door controller called Gym was down four times over the last week, producing
90.72% availability. From the report results, you can see that this door controller is a potential concern, and have a maintenance crew come and look at the door.
171
System status task
System status task

Use the System status task to monitor the current status of different types of entities and investigate health issues they might have. The following figure shows the System status task. For information about monitoring the system status, see "Monitoring the status of your system" on page 177.
A B
C D
E A B C D E Entity types you can monitor. Type of issues that you can monitor. The entity statuses are listed in the report pane. Print the report, export the report, or select which columns to display. For more information, see "Working with reports" on page 29, and "Report pane columns" on page 723. Entity-specific commands.
172
System status task
System status task columns

In the System status task, you can monitor the current status of different types of entities and investigate the health issues that they might have. The following table lists the columns that are displayed for each entity type in the Monitor dropdown list.
Entity Columns Description
Access control units
Entity Health IP address Sync AC fail Battery fail Firmware Tampered
Unit name Online, Offline, or Warning IP address of the unit Synchronization status Yes () or No (blank) Yes () or No (blank) Firmware version of the unit Indicates whether the unit has been tampered with Yes () or No (blank) Analog monitor name List of all parent areas, starting from the system entity. If the analog monitor has multiple parent areas, *\ is shown as the path. Online, Offline, or Warning Name of the cameras currently displayed in the analog monitor Type of application (Config Tool or Security Desk) Machine it is running on Name of the user who is connected Software version of the client application
Analog monitors
Entity Logical path
Health Connected entity Applications Entity Source Username Version
173
System status task
Entity
Columns
Description
Areas
Entity Logical path Health Threat level
Area name List of all parent areas, starting from the system entity Online, Offline, or Warning Indicates if a threat level is currently activated on the selected area, along with the threat level name. If no threat level is set, the column is blank. (Only visible to administrative users) Indicates the minimum security clearance level required from cardholders to access this area, on top of the restrictions imposed by the access rules Working () or Not working (blank) Hard, Soft, or None (no antipassback) Working () or Not working (blank) Interlock input priority: Lockdown or Override Indicates whether a unit in the area has been tampered with. Yes () or No (blank) Camera name List of all parent areas, starting from the system entity. If a camera has multiple parent areas, *\ is shown as the path. Online, Offline, or Warning Recording state Lost, Available, or Unknown (IP cameras) Indicates if the camera is currently blocked from some users. Blocked (), or not blocked (blank) Door name List of all parent areas, starting from the system entity Online, Offline, or Warning Open ( Locked ( ) or closed ( ) )
Security clearance
People count Antipassback Interlock Priority Tampered Cameras Entity Logical path
Health Recording Analog signal Blocked Doors Entity Logical path Health Open Lock
) or unlocked (
174
System status task
Entity
Columns
Description
Elevators
Entity Logical path Health
Elevator name List of all parent areas, starting from the system entity Online, Offline, or Warning Icon representing the entity type Entity name For a local entity, shows the server it is running on. For a federated entity, shows the federation role name List of all parent areas, starting from the system entity Online, Offline, or Warning Intrusion detection area name List of all parent areas, starting from the system entity Online, Offline, or Warning Master arm, Perimeter arm, Ready to arm, Arming, Disarmed, Disarmed (input trouble), or Armed (Alarm active) Active/inactive (represented by an icon) Active/inactive (represented by an icon) Intrusion detection unit name Online, Offline, or Warning Yes () or No (blank) Yes () or No (blank) Yes () or No (blank) Macro name Time the macro was started Name of the user who started the macro
Health issues
Entity type Entity Source Logical path Health
Intrusion detection areas
Entity Logical path Health Arming state
Bypass Alarm active Intrusion detection units Entity Health AC fail Battery fail Tamper Macros Entity Start time Instigator
175
System status task
Entity
Columns
Description
Roles
Entity Health Current server Servers Version Status
Role name Online, Offline, or Warning Name of server currently hosting the role List of servers assigned to host this role Software version of role Activated ( ) or Deactivated ( )
Routes
Route Current configuration Detected capabilities Status
Route name, showing the two networks it joins Unicast TCP, Unicast UDP, or Multicast Unicast TCP, Unicast UDP, or Multicast OK, or warning message stating the reason of the problem Server name Online, Offline, or Warning Roles assigned to this server Zone name List of all parent areas, starting from the system entity Online, Offline, or Warning Normal, Active, or Trouble Indicates if the zone is armed or not
Servers
Entity Health Roles
Zones
Entity Logical path Health State Armed
176
Monitoring the status of your system

You can monitor the current status of different types of entities, and investigate health issues they might have, using the System status report. To monitor the status of your system: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select one of the following:
Access control units Analog monitors Applications (only administrators) Areas Cameras Cash registers Doors Elevators Health issues Intrusion detection area Intrusion detection units (only administrators) Macros (only administrators) Roles (only administrators) Routes (only administrators) Servers (only administrators) Zones
3 If required, select an area in the Selector. 4 To search for entities within nested areas, select the Search member entities option. The related entities, roles, applications, and items are listed in the report pane. For information about the status columns that are available for each entity, see "System status task" on page 172. 5 (Optional) Do one of the following:
To launch a Health history report, click health events" on page 170. To diagnose the selected entity, click on page 180.
. For more information, see "Viewing system . For more information, see "Diagnosing entities"
177
To print the report, click To save the report, click .
EXAMPLE If you have a camera that is not working, you can select the camera entity to
investigate why it is offline. If an entity has a health issue, you can launch the Health history task and generate a report to investigate further, or diagnose the entity from the System status task.
178
Troubleshooting entity states
Troubleshooting entity states

Entity icons and labels can appear in several different colors in the Logical view:
Color Entity state
White Red Yellow
The entity is online, and the server can connect to it. The entity is offline, and the server cannot connect to it. The entity is in the warning state. The server can connect, there are problems.
Entity warnings usually appear because of invalid configurations.When it comes to cameras, there are two specific conditions that can cause the camera to fall into a yellow warning state:
Multiple recording schedules (that are in conflict) have been applied to the same camera. A transmission lost event has occurred. This means that the Archiver is still connected to the
camera, but it has not received any video packets for more than 5 seconds. To fix these issues, try the following:
Change the conflicting schedules, see "Resolving schedule conflicts" on page 105. Diagnose the Archiver role (see "Diagnosing entities" on page 180).
179
Diagnosing entities
Diagnosing entities
You can diagnose entities, roles, and applications using the diagnostic tool. What you should know An entity or role that is not properly configured is displayed in yellow. An entity that is offline is displayed in red. The diagnostic tool can help you troubleshoot your problem. For more information about troubleshooting entity states, see "Troubleshooting entity states" on page 179. To diagnose an entity: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select the entity type you want to diagnose. 3 If required, select an area in the Selector. 4 To include entities within nested areas, select the Search member entities option. The related entities are listed in the report pane. 5 Select a trouble entity, and click Diagnose ( ). A troubleshooting window opens, showing the results from the diagnostic test performed on the selected entity. 6 To rerun the test, click Refresh. 7 To save the results of the test, click Save. 8 Click Close.
180
Finding out who made changes on the system
Finding out who made changes on the system

You can find out who made configuration changes on the system, and for which entities, using the Audit trails report. To find out who made configuration changes on the system: 1 From the Home page, open the Audit trails task. 2 Generate your report (see "Generate a report" on page 30). The description of the changes to the selected entities, and who made those modifications, are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
EXAMPLE If you see that the properties of an entity have changed, and you must find out who
made those changes, you can select that entity. If you requested an update for an entity (for example, the privileges for a user), you can check to see if you the changes have been made from Config Tool.
181
Investigating user related activity on the system

You can view all user activity related to video, access control, and LPR, using the Activity trails report. To investigate user related activity on the system: 1 From the Home page, open the Activity trails task. 2 In the Query tab, select the activities you want to investigate. The activities you can investigate are:
Analog monitor connection/disconnection. Who connected to or disconnected from an analog monitor. Application update. Who updated a client application, such as Patroller, Web Client, Security Desk, and so on, or a Sharp unit. Badge printing. Who printed a credential badge. Connect to remote Security Desk. Who connected to a remote Security Desk workstation. Credential request. Who requested a credential badge to be printed, and why. Credential request cancelled/completed. Who completed or cancelled a credential badge print request. Disconnect from remote Security Desk. Who connected to a remote Security Desk workstation. Enable/disable visual tracking. Who enabled or disabled visual tracking in a tile. Export/generate report. Who exported/generated which reports. Hotlist editor. Who loaded a hotlist or permit list, or added, deleted, or edited entries within the list. Hotlist filtering. The LPR Manager role which has hotlist filtering enabled. Live streaming started/stopped. Which camera was displayed. Playback. Which recording was played. Playback bookmark deleted/modified. Who deleted/modified which bookmarks. Print hit report - photo evidence. Who printed evidence. Print report. Who printed a report. PTZ command. What did the user do with the PTZ. Snapshot printed/saved. Who printed or saved a snapshot. Threat level set/reset. Who activated/deactivated a threat level, and on which area or system. User logon/logoff. Who logged on or off of which Security Center client application. Video export. What did the user export and where did they save it. Video unit identified/rebooted. Who tried to identified/rebooted a unit.
182
3 Set up the other query filters for the report (see "Query filters" on page 712). 4 Click Generate report. The activity results are listed in the report pane.
EXAMPLE You can find out who played back which video recordings, who blocked a camera,
who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.
183
Viewing properties of units in your system
Viewing properties of units in your system

You can view the properties of video, access control, intrusion detection, and LPR units in your system, using the Hardware inventory report. What you should know At a glance, you have a list of all the units that are part of your system, and can see their information, such as their unit type, manufacturer, model, IP address, and so on. For example, this is helpful to see what firmware version a unit has, and determine if it needs to be upgraded. To view the properties of units in your system: 1 From the Home page, open the Hardware inventory task. 2 Generate your report (see "Generate a report" on page 30). The unit properties are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
184
Part III
Omnicast IP video surveillance
Learn how to set up, configure, and manage your Omnicast system in Security Center. This part includes the following chapters: Chapter 8, Deploying Omnicast on page 186 Chapter 9, Managing Omnicast on page 223
8
Deploying Omnicast
This section explains how to set up your video surveillance system for the first time. This section includes the following topics:
"What is Omnicast?" on page 187 "What are the Omnicast entities?" on page 188 "Omnicast deployment process" on page 190 "Configuring the Archiver role" on page 193 "Configuring the Media Router role" on page 202 "Configuring the Auxiliary Archiver role" on page 204 "Configuring cameras" on page 209 "Configuring analog monitors" on page 220
186
What is Omnicast?
What is Omnicast?
Omnicast is the IP video surveillance component of Security Center. Omnicast provides seamless management of digital video, audio, and metadata across IP networks. Omnicast main features are as follows:
View live and playback video from all cameras View up to 64 video streams side-by-side on a single workstation View all cameras on independent timelines or on synchronized timelines Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse Digital zoom on all cameras Motion detection on all cameras Visual tracking: follow individuals or moving objects across different cameras Search video by bookmark, motion, or date and time Export video in proprietary G64 format or public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks
Omnicast also provides video support for events tracked by other systems unified under Security Center.
Enhance all event reporting with playback video Enhance alarm monitoring (core feature) with live video Enhance intrusion detection (core feature) with live video Enhance access control system (Synergis) with live video
Video verification: compare cardholder picture with live video
Consolidate all access events with video Enhance LPR system with live video
187
What are the Omnicast entities?

The Omnicast video surveillance system uses the following entity types.
Icon Entity Description
Archiver (role) Auxiliary Archiver (role) Media Router (role) Network
Role that controls the video units and manages the video archive. See "Archiver" on page 521. Role that supplements the video archive produced by the Archiver. It is capable of archiving any camera on the system. See "Auxiliary Archiver" on page 543. Role that takes care of the routing of all audio and video streams on the network. See "Media Router" on page 585. Network (with specific streaming capabilities) that the Media Router takes into account while making routing decisions. See "Network" on page 434. Server on your network. Used to host the roles needed on your system. See "Server" on page 471. Logical grouping of cameras and camera sequences. See "Area" on page 360. Represent a physical analog monitor connected to a video decoder. See "Analog monitor" on page 357. A single video source on the system. Might support audio. See "Camera (video encoder)" on page 368. PTZ camera or dome camera. See "Camera (video encoder)" on page 368. A pre-arranged order for the display of video sequences in a rotating fashion within a single tile in Security Desk. See "Camera sequence" on page 393. Group of analog monitors sharing common characteristics. See "Monitor group" on page 432. Date and time range. Might support daytime and nighttime. See "Schedule" on page 463. IP unit incorporating one or more video encoders. See "Video unit" on page 494. Group of entities on the system visible only to a group of users. See "Partition" on page 447.
Server Area Analog monitor
Camera Camera (PTZ enabled) Camera sequence
Monitor group Schedule Video unit Partition
188
Icon
Entity
Description
User User group
Individual who uses Security Center applications. See "User" on page 482. Group of users sharing common characteristics. See "User group" on page 489.
189
Omnicast deployment process

"Omnicast deployment prerequisites" on page 190 "Omnicast deployment procedure" on page 191
Omnicast deployment prerequisites

Before you deploy Omnicast, you must have the following ready:
A network diagram showing all public and private networks used within your organization,
their IP address range, their video transmission capabilities (Multicast, Unicast UDP, and Unicast TCP). For public networks, you also need the name and public IP address of their proxy servers.
TIP Ask your IT department for this information.
All ports used by Security Center for communication and video streaming must be open
and redirected for firewall and NAT purposes. For more information, see "Default Security Center ports" on page 776.
All video equipment (video units, fixed and PTZ cameras) must be installed and connected
on your companys IP network, with the following information:
Manufacturer, model, and IP address of each video unit Login credentials (username and password) if applicable Communication protocol used (HTTP or HTTPS)
TIP A site map (floor plans) showing where the cameras are located would be helpful.
If you have cameras connected to a conventional CCTV matrix (hardware matrix in

Omnicast), you need the following:
An Omnicast 4.x system to manage the video encoders connected to the CCTV matrix outputs. For information on how to integrate hardware matrices with Omnicast, see Hardware Matrix in the Omnicast Administrator Guide.
To federate Omnicast 4.x system in Security Center. For more information, see "Federating Omnicast systems" on page 131. Security Center software components installed:

Security Center Server software installed on your main server. The main server is the computer hosting the Directory role. Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
190
Security Center Client software installed on at least one workstation.
For software installation, see Security Center Installation and Upgrade Guide.
(Optional) A list of user groups operating independently of each other.

Identify user groups that will work independently on different parts of the system.
A list of all known users with their names and responsibilities.

To save configuration time, identify users who have the same roles and responsibilities.
Omnicast deployment procedure

The table below summarizes a typical Omnicast deployment.
Phase Description See
1 2 3 4
Read the things you need to know and do before deploying your Omnicast system. Use the Admin account on Config Tool to connect to your system. Change the Admin accounts password to protect your system. Create a partition for each independent user group. By first defining the partitions, you wont have to move entities around after youve created them. Configure the Logical view (the tree structure). The Logical view lets you organize the entities from an end-users perspective. Set up the default Archiver role. (Optional) Configure your networking environment. (Optional) Set up additional Archiver roles if necessary. (Optional) Configure the Media Router role. (Optional) Configure Auxiliary Archiver roles. (Optional) Define custom fields for your system entities as needed. Create the users and user groups.
"Omnicast deployment prerequisites" on page 190. "Connecting to Security Center" on page 9. "Change your password" on page 10. "Defining partitions" on page 90.
"Managing the Logical view" on page 85. "Configuring the Archiver role" on page 193. "Managing the Network view" on page 82. "Configuring the Archiver role" on page 193. "Configuring the Media Router role" on page 202. "Configuring the Auxiliary Archiver role" on page 204. "Custom fields" on page 619. "Defining user groups" on page 96 and "Defining users" on page 93.
191
6 7 8 9 10 11 12
Phase
Description
See
13 14
(Optional) Federate remote Omnicast systems if necessary. (Optional) Configure the alarms.
"Federating remote systems" on page 128. "Managing alarms" on page 111.
192
Configuring the Archiver role

"What is the Archiver?" on page 193 "Configure the Archiver" on page 193 "Adding video units to your system" on page 194 "Configuring video units for trickling" on page 197
What is the Archiver?

The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive and performs motion detection on video units that do not support this feature.
Configure the Archiver

When Omnicast is enabled in your license, an Archiver role is created by default and assigned to the main server. You must complete its configuration before it can be fully operational. 1 From the Home page in Config Tool, open the Video task. 2 Select the Archiver role entity to configure. 3 Click the Resources tab, and configure the server, database, and disk storage required to run this Archiver. For more information, see Archiver "Resources" on page 533. 4 Click the Camera recording tab, and configure the default recording settings for all cameras controlled by this Archiver. For more information, see Archiver "Camera recording" on page 522.
TIP If you are using multiple disk groups, you might want to temporarily set the recording mode to off, then re-enable it at the end of the process to avoid creating the video files on the wrong disk group. For more information, see "Archive storage settings" on page 536.
5 Add the video units that you want this Archiver to control. For more information, see "Adding video units to your system" on page 194. 6 Click the Extensions tab, and complete the configuration of the extensions created in the previous step if necessary. For more information, see Archiver "Extensions" on page 528. 7 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226. 8 Configure the cameras associated with the video units you just added.
For more information, see "Configuring cameras" on page 209. 9 If recording is performed on the edge units, see "Configuring video units for trickling" on page 197. After you are done: If you have a large system, you can distribute the load by adding more Archiver roles and hosting them on separate on separate servers. To add more Archivers, see "Create a role entity" on page 50.
Adding video units to your system

"Add video units manually" on page 194 "What is automatic discovery?" on page 196 "Add video units using the Unit discovery tool" on page 196
Add video units manually
Before you begin: You must know the manufacturer, the product type (model or series), the IP address, and the login credentials (username and password) for the units you plan to add. 1 From the Home page in Config Tool, open the Video task. 2 Click the Role view, and select the Archiver role.
194
3 In the Contextual commands toolbar, click Add an entity(
) > video unit.
The Manual add dialog box appears (the following screenshot is just a sample).
4 If you have multiple Archiver roles, select the Archiver role from the Archiver drop-down list. 5 Select the units manufacturer and product type. 6 Enter the IP address and HTTP port of the unit. Use a range of IP addresses to add multiple units in a single operation.
TIP If you do not know your units IP address, use the Unit discovery tool instead. For more
information, see "Add video units using the Unit discovery tool" on page 196. 7 Select which credentials the Archiver should use to connect to the unit.
Default login . Use the default login credentials defined in the manufacturers extension for this Archiver. If the extension has not yet been defined, blank credentials are used. Specific. Enter the specific login credentials used by this unit. This can be changed to Use default login later during video unit configuration.
8 Complete all other settings as-necessary, and click Add. If the manufacturers extension does not exist, it will be created for you. For more information, see Archiver "Extensions" on page 528.
195
NOTE If the manufacturer supports automatic discovery, all other units present on your system that share the same discovery port will automatically be added to the same Archiver in addition to those being added manually. For more information, see "What is automatic discovery?" on page 196.
9 Refresh the Role view. The newly added video units appear under the selected Archiver entity. 10 (Optional) Select the video units, and change their default settings if necessary. For more information, see Entity configuration "Video unit" on page 494. If you are having trouble adding the video unit, see "Troubleshooting video units that cannot be added" on page 244.
What is automatic discovery?

Automatic discovery is the process by which video units on a network are automatically discovered by an Archiver role. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a package that contains connection information about the unit. The Archiver uses this information to automatically configure the connection to the unit and enable communication.
NOTE Only a few unit manufacturers, such as ACTi, Bosch, and Verint, support this feature.
Add video units using the Unit discovery tool

The Unit discovery tool helps you find video units on your network when you do not know their IP addresses. For a complete description of this tool, see "Unit discovery tool" on page 653. To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 Click the Manufacturers button. The Configure manufacturers extensions dialog box appears. 3 In the Video tab, click Add an item ( ). 4 In the Add manufacturers dialog box, select the manufacturers you need, and click Add. The Add manufacturers dialog box closes. 5 One by one, configure the discovery settings for each of the manufacturers found in the left pane (be as specific as you can), then click Save. The Configure manufacturers extensions dialog box closes.
196
6 Click Start discovery. The tool starts to list all units discovered on your network, using the discovery parameters you set for each manufacturer. You can stop the discovery process at any time.
NOTE If the discovery is based on the Axis extension, units from other manufacturers might
also be discovered because UPnP and Zero config are also used as well in the discovery process. 7 Select a unit in the list to display its information in the right-hand pane.
If you provided the correct login credentials, you will be able to add the unit to your system by clicking the Add unit ( ) button found below the unit information. If the login credentials are incorrect, you can still try to add the unit using the Manual add dialog box and providing the correct credentials:
Click Manual add (
), and select Video unit.
Configuring video units for trickling

"What is trickling?" on page 198 "Trickling limitations" on page 198 "Enable edge recording on a camera" on page 198 "Configure cameras for trickling" on page 200 "Start and stop trickling manually" on page 201
197
What is trickling?
Trickling is the process of transferring data in small amounts. Applied to the video world, it refers to situations where the video is recorded on the unit itself (edge recording), and that the recordings are only transferred to the Archiver at a specific or pre-determined time. There are many scenarios where video trickling is used:
Remote site connected to a central site with limited bandwidth.

Typically, a server would be deployed at the remote site to host the recording. But with video trickling, it is possible to go server-less and download the video on demand.
Systems with large camera deployments but limited network bandwidth.

Recording is entirely done on the edge units. No video, or only low quality video is streamed live on the network. Security Center records specific events (analytics, motion, bookmarks, alarms). Video is downloaded to the Archiver only outside of peak hours, and for the periods corresponding to the recorded events.
City wide surveillance using edge recording cameras.

Cameras are always recording. Client can view live video when requested. Recordings are only downloaded on demand for investigation purposes, or outside of peak hours. A successful trickling setup must include the following:
Cameras configured for edge recording. The recording can be continuous or triggered by
specific events (inputs, motion, analytics, etc.).
Security Center must be configured to download video from these cameras, either
periodically, when a connection is established between the Archiver and the unit, or when a user explicitly requests it.
Trickling limitations
The following limitations apply when using the trickling feature:
It is not possible to trickle video sequences that occurred on a unit prior to the last video
time frame stored on the Archiver for that unit. For example, If the last frame trickled for a unit is 9/30/2011 3:44:40', and you try to trickle video between 3:40:00 and 3:50:00, only video between 3:44:40 and 3:50:00 will be trickled and stored in the Archiver.
Enable edge recording on a camera

Before you begin: Only cameras/video units capable of edge recording can be configured for trickling. However, not all units capable of edge recording are supported for trickling. To find out which edge devices are currently supported, contact Genetec Technical Assistance at http:// gtap.genetec.com. Edge recording can only be enabled from the units Web page. 1 From the Home page in Config Tool, open the Video task.
2 From the entity browser, select the video unit you wish to configure. 3 Click Units Web page ( ) in the contextual command bar. 4 In the Web browser window that appears, follow the instructions from the units manufacturer to enable recording on that unit. 5 Close the Web browser window when youre done.
NOTE Some unit manufacturers support edge recording on a separate device from the video units, such as an iSCSI drive managed by Bosch VRM (Video Recording Manager). In this case, the VRM settings must be configured in the Archivers extension for the manufacturer that supports it.
To configure a Bosch VRM: 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the Bosch cameras. 3 Select the Extensions tab, and select the installed Bosch extension.
4 Under the VRM section, click Add an item (
).
For more information, see Archiver Extensions "Bosch VRM settings" on page 531. 5 In the dialog box that appears, enter the IP address of the VRM, and the logon credentials, then click Save.
6 Click the Playback mode drop-down list and select one of the following:
iSCSI
199
TCP redirection via VRM UPD redirection via VRM
Select the data transport method according to the configuration of your Bosch VRM. 7 Click Apply.
Configure cameras for trickling

Before you begin: All cameras selected for trickling must have edge recording enabled. See "Enable edge recording on a camera" on page 198. 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the camera. 3 Select the Trickling tab. For more information, see "Trickling" on page 524. 4 Click Add an item ( ), select the camera and click Add.
IMPORTANT Only cameras with edge recording capability are listed. Once a camera is
selected for trickling, recording on the Archiver is stopped. This however does not affect the recording on Auxiliary Archivers. 5 For each camera selected for trickling, select
On connection. To configure the camera to start trickling upon connection to the network. This option is recommended for cameras connected to mobile units that regularly move in and out of Wi-Fi coverage. On schedule. To configure the camera to start trickling on schedule. This option is recommended for fixed cameras with poor network bandwidth. Trickling can then be scheduled for a time when the network demand is the lowest.
6 (Optional) If trickling on schedule is selected, define when it should happen. 7 Configure the type of video data you want to be trickled.
NOTE If you do not set any filter, all available video stored on the unit will be trickled.
Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes). Playback requests. Select this filter to trickle video segments that were played back from the camera. Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only. Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event. Video analytics. Select this filter to trickle video segments that contain video analytics events. Alarms. Select this filter to trickle video segments that contain alarm events.
200
Input triggers. Select this filter to trickle video segments that contain input events.
8 Configure the general trickling behavior. The behavior settings are:
Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event. Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping. Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
9 Click Apply.
Start and stop trickling manually

Trickling can be started and stopped manually from the Trickling status dialog box. For more information, see "Trickling status" on page 525. 1 Click Trickling status ( ) found at the bottom of the camera list. 2 In the dialog box that appears, select one or more cameras and click:
to start trickling for the selected cameras to stop trickling for the selected cameras to start trickling for all cameras to stop trickling for all cameras ) once.
NOTE A camera that has just been added to the trickled camera list does not appear in this
dialog box until you have clicked Start trickling for all cameras ( 3 Click Close when you have finished.
201
Configuring the Media Router role

"What is the Media Router?" on page 202 "Configure the Media Router" on page 202 "Beware of RTSP port conflict" on page 203
What is the Media Router?

The Media Router is the central role that handles all stream requests (audio and video) on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).
Configure the Media Router

When Omnicast is enabled by your license, the Media Router role is created by default and hosted on the main server. The default setup is usually all you need, unless you have a complex system involving multiple private networks. 1 From the Home page in Config Tool, open the Video task. 2 From the Logical view, select the Media Router role. 3 Click the Resources tab, and change the roles primary server or add a standby server if necessary. For more information, see "Move a role to a different server" on page 50. 4 Click the Properties tab. 5 Change the start multicast address and port settings if necessary. Youll need to change the default settings only if they conflict with other applications on your system. For more information, see Media Router "Properties" on page 586. 6 Add or change the redirector configurations. Redirectors are servers assigned to host redirector agents. A redirector agent is a software module created by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks. To avoid overloading a redirector server or the network bandwidth between the two endpoints, you can limit the number of live and playback streams that the server can redirect. For more information, see Media Router "Redirectors" on page 586. 7 Click Apply.
202
Beware of RTSP port conflict

The Media Router role has a default RTSP port of 554, its redirectors have a default RTSP port of 560, and an Archiver role has a default RTSP port of 555. These ports must be unique on the same server. If multiple Archiver roles are created on the same server, they must all have a different RTSP port. Otherwise, the role entity will turn yellow and an Entity warning event will be generated.
203
Configuring the Auxiliary Archiver role

"What is the Auxiliary Archiver?" on page 204 "Configure the Auxiliary Archiver" on page 206 "Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208 "Move the Auxiliary Archiver to a different server" on page 208
What is the Auxiliary Archiver?

"Purpose of the Auxiliary Archiver" on page 204 "When do I need Auxiliary Archivers?" on page 204 "Auxiliary Archiver limitations" on page 205 "Differences between the Archiver and the Auxiliary Archiver" on page 205
Purpose of the Auxiliary Archiver

The purpose of the Auxiliary Archiver roles is to supplement the video archive produced by the Archiver roles. Unlike the Archiver, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including cameras federated from other Security Center systems. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If the Archiver isnt running, the Auxiliary Archiver will not be able to archive the cameras it controls.
When do I need Auxiliary Archivers?

The Auxiliary Archiver offers you the flexibility to create a different set of archives than the one created by the Archiver. The auxiliary archives can use different video quality settings and different recording schedules. The following are some sample scenarios where you would need Auxiliary Archivers.
You need to create a high resolution off-site (outside your corporate LAN) copy of your
video archive for selected cameras. In this scenario, you would run the Auxiliary Archiver from a secured location, probably on a server located in a separate building with large storage capabilities. The Auxiliary Archiver would record high quality video streams from specific cameras using different recording settings (mode, schedules, etc.) than the Archiver.
You need to create a lower quality copy of your video archive to keep for a longer period of
time. In this scenario, you would record the low quality video stream with the Auxiliary Archiver and set a longer retention period. You need to record more cameras (offering different viewing angles) during off-hours when there are no guards on duty. In this scenario, you would configure an Auxiliary Archiver to continuously archive during off hours those cameras that are not archived by the regular Archiver, while the regular Archiver continues to archive
Auxiliary Archiver limitations

The Auxiliary Archiver cannot archive cameras federated from Omnicast 4.x systems, whether directly via an Omnicast Federation role or indirectly via the federation of a remote Security Center system that federates an Omnicast 4.x system. The archiving of federated Security Center native cameras is supported.
Differences between the Archiver and the Auxiliary Archiver

The following table highlights the differences between these two roles.
Characteristics Archiver role Auxiliary Archiver role
Automatic unit discovery Command and control of cameras/video units Command encryption via secure protocols (such as HTTPS and SSL) Recorded cameras
Yes (on units that support it). Yes. Yes (on units that support it).
No. No (relies on the Archiver role). Not applicable.
A camera can only be associated to one Archiver role. Can only record cameras with which it has a direct connection (usually on the same LAN).
A given camera can be associated to multiple Auxiliary Archivers. Can record any camera on the system, including federated cameras (but only from Security Center systems). Each camera has the option to follow the default role settings or its own custom settings. Can record any video stream of your choice. No (although Manual recording schedules can be configured). Yes. The events can be searched and viewed with the Archiver events video maintenance task.
205
Recording settings
Each camera has the option to follow the default role settings or its own custom settings. Can only record the stream designated for Recording. Yes, when Manual recording schedules are in effect. Yes. The events can be searched and viewed with the Archiver events video maintenance task.
Recorded video stream Manual recording Event logging in database
Characteristics
Archiver role
Auxiliary Archiver role
Event logging to a flat file Database backup and restore Failover support Multiple copies of the video archive
Yes. Found in ArchiverLogs folder. Yes (video files are not included). Yes. One secondary server can be added to the Archiver role. Yes, via redundant archiving, but the master and redundant copies are identical, because they use the same recording settings. Yes. Yes.
No. Yes (video files are not included). Not applicable. Yes. Each Auxiliary Archiver produces a different set of video archive that follows its unique recording settings. Yes. Yes.
Video file protection Video watermarking
Configure the Auxiliary Archiver

The Auxiliary Archiver role is not created by default. You need to create it manually. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and then click Add an entity ( 3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted b Enter the Data server name for the video archive database. A default data server, called (local)\SQLEXPRESS, is installed on every computer where Genetec Server is installed. You can use it or use another data server on your network. c Enter the Database name of the video archive database.
CAUTION The default name is AuxiliaryArchiver. If the selected server is already hosting
) > Auxiliary Archiver.
another instance of Auxiliary Archiver, you must choose a different name. Otherwise, the new role will corrupt the existing database!
TIP As a way to prevent unfortunate accidents, Genetec recommends you use a different database name for every instance of Auxiliary Archiver, regardless of whether there is a conflict or not.
d Click Next. 4 In the Basic information page, enter the name, description, and partition where the Auxiliary Archiver role will be created. For more information, see "Common entity attributes" on page 38.
206
5 Click Next, Create, and Close. A new Auxiliary Archiver role ( ) is created. Wait a few seconds for the role to create the database on the selected data server. 6 Select the Resources tab, and configure the server, database, and disk storage required to run this Auxiliary Archiver.
NOTE Every newly created Auxiliary Archiver is assigned the default value of 558 for its RTSP port. This port value must be unique for all archiving roles hosted on the same machine. For more information, see Auxiliary Archiver "Resources" on page 547.
7 Select the Camera recording tab, and configure the default recording settings for all cameras recorded by this Auxiliary Archiver. For more information, see Auxiliary Archiver "Camera recording" on page 544.
TIP If you are using multiple disk groups, you can temporarily set the recording mode to off, then re-enable it at the end of the process to avoid having video files created on the wrong disk group.
8 Select the Cameras tab, and configure the cameras you want to archive. For more information, see "Associate cameras to the Auxiliary Archiver" on page 207. 9 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226.
Associate cameras to the Auxiliary Archiver

Before you begin: You can add any camera visible in your system to an Auxiliary Archiver, except the ones federated from Omnicast 4.x systems. 1 From the Auxiliary Archivers Cameras tab, click Add an item ( ). 2 In the dialog box that appears, select the cameras you want and click OK.
NOTE It takes a few seconds for the selected cameras to be added. If the role is unable to add
a camera in the given time, a failed status will be indicated for a few seconds, and the camera will be removed. 3 Click Apply. 4 To override the default recording settings on a camera: a Select the camera from the list and click Jump to ( The camera configuration page is selected. b From the Recording tab of the camera, select the tab that corresponds to the current Auxiliary Archiver. For more information, see Camera "Recording" on page 378. c Select Custom settings under Recording settings, and make the necessary changes. d Click Apply. ).
207
Remove a camera from the Auxiliary Archiver

Before you begin: Removing a camera from the Auxiliary Archiver instantly deletes the associated video archive from the Auxiliary Archivers database. 1 From the Cameras tab, select a camera and click Delete the item (
CAUTION There is no undo if you proceed through the next step!
).
2 In the confirmation dialog box that appears, click Delete. All records of this cameras video archive are deleted from the roles database. 3 In the second confirmation dialog box, do one of the following:
Click No if you want to keep the video files on disk. This allows you to play the video files with the Video file player in Security Desk, but you will no longer be able to query the video archive with the Archives task.
Click Yes if you do not want to keep the video files.
Move the Auxiliary Archiver to a different server

Before you begin: You should not move your Auxiliary Archiver to a different server unless both the database and the video storage are configured on a separate machine.
208
Configuring cameras
Configuring cameras
Camera (or video encoder) entities are automatically created when the video units they are part of are added to your system. Although Security Center provides workable default settings, we recommend that you carefully go through the configuration of each entity in order to achieve optimal performance.
TIP You can save a significant amount of time by copying the settings of one camera to all similar cameras. For more information, see "Copy configuration tool" on page 668.
"Recommended camera configuration process" on page 209 "Configuring video streams" on page 210 "Configure visual tracking" on page 212 "Test the video quality of your camera" on page 213 "Configure PTZ motors" on page 214 "Creating camera sequences" on page 218
Recommended camera configuration process

1 From the Home page in Config Tool, open the Video task. 2 In the Logical view, select a camera. 3 Click the Video tab and configure the video streams that the encoder should generate. For more information, see "Configuring video streams" on page 210. 4 Configure specific recording settings for this camera for each archiving role it is assigned to. If you do not configure specific settings for the camera, it follows the recording settings for the archiving roles (Archiver and Auxiliary Archivers). For more information, see Camera "Recording" on page 378.
NOTE If a camera has been added to an Archivers trickling list, its recording can only be
configured using its web page. For more information, see "Trickling" on page 524. 5 (Optional) Motion detection can be performed by the Archiver or by the unit, on the entire video image (default) or only on certain areas (motion zones). For more information, see Camera "Motion detection" on page 379. 6 (Optional) The cameras video attributes (brightness, contrast, hue, saturation) can be adjusted to account for different times of the day. For more information, see Camera "Color" on page 387. 7 (Optional) Visual tracking, the ability for Security Desk users to switch to an adjacent cameras view by clicking on certain areas of the video image in the tile, can be configured for all fixed cameras.
209
Configuring cameras
For more information, see Camera "Visual tracking" on page 388, and "Configure visual tracking" on page 212. 8 (Optional) Hardware devices such as PTZ motors, microphones and speakers can be manually associated with the current camera if they are not built-in on the same unit. For more information, see Camera "Hardware" on page 389. 9 Test the settings you have configured so far: video quality, color and brightness, PTZ controls, etc. For more information, see "Test the video quality of your camera" on page 213. 10 (Optional) Configure any necessary event-to-action behaviors for this camera. For more information, see "Using event-to-actions" on page 106. 11 (Optional) Copy the settings you just configured from this camera to other similar cameras on your system if applicable. For more information, see "Copy configuration tool" on page 668. 12 Repeat the same process for all other cameras on your system.
Configuring video streams

Most video encoders can generate multiple video streams from the same video source. You must carefully evaluate how you plan to use each of them (for live viewing or for recording) and what are the optimum video quality settings for each. This section includes the following topics:
"How video stream settings are organized" on page 210 "Automatic stream selection" on page 211 "Boosting recording quality on special events" on page 212
How video stream settings are organized
Video stream settings for a video encoder are nested in the following way:
Each video encoder can generate one or more video streams. Each video stream is described by the following settings:
Video quality. Video quality is defined by a host of parameters such as image resolution, bit rate, frame rate, and so on, that can vary depending on the manufacturer. The video quality can have multiple configurations based on different schedules. For example, lower resolution might be required for regular hours when there is a lot of activity in the office, while higher resolution might be used after closing time when less human surveillance is available.
Stream usage. The stream usage defines the purpose of the stream. You can select from the following options:
Live Default stream used for viewing live video in Security Desk.
210
Configuring cameras
Recording Stream recorded by the Archiver for future investigation. The quality of the recording stream can be temporarily boosted when the recording is triggered by certain types of events. For more information, see "Boosting recording quality on special events" on page 212.
Remote Stream used for live viewing when the bandwidth is limited. Low resolution Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. High resolution Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large.
A stream can be assigned all, some, or none of the usage options. A stream that has no usage is not generated by the video encoder.
Network settings. Specific connection type and multicast address can be configured for each stream based on its usage and your network configuration.
For more information on stream configuration, see Camera "Video" on page 369.
Automatic stream selection

Displaying high resolution video requires a lot of CPU power. In order to display the maximum number of live video streams simultaneously in Security Desk, CPU use should be optimized. Security Desk can be configured to base its decisions on which video stream to display on the size of the selected viewing tile. A higher resolution stream is used when the selected tile is large enough to show the difference. Security Desk can also dynamically change the displayed video stream when the user resizes the application window or changes the tile pattern. In order to make these stream selection decisions, Security Desk has to rely on what the administrator assigned to the following stream usage options:
Low resolution Live High resolution

Security Desk chooses the most suitable video stream for display based on the current size of the viewing tile. The best choice would be the stream with an image resolution equal to, or lower than, the display area of the tile. The video stream selection also changes dynamically when the user resizes the application window, or changes the tile pattern. When Automatic mode is selected as the default viewing stream in Security Desk, the High resolution stream is always used when a tile is maximized, or when the digital zoom is in use. Security Desk uses a higher resolution stream only if it would make a visual difference to the human user. For this reason, when configuring the video quality of the individual streams, make sure the Live stream has a better resolution than the Low resolution stream, and that the High resolution stream has a better resolution than the Live stream.
Configuring cameras
For more information on how the default live stream is configured in Security Desk, see Default live stream in Genetec Security Desk User Guide.
Boosting recording quality on special events

On a typical system, the video stream used for recording is often of a lesser quality (lower frame rate or lower image resolution) than the stream used for live viewing. The purpose is to save storage space. However, when important events occur, a higher quality recording is often required to provide adequate support for future investigations. To address this need, Security Center offers the following video encoder options:
Boost quality on manual recording. Temporarily boosts video quality when the recording
is started manually by a user. The actions that trigger manual recording are as follows:
The Record button (
) is clicked by a Security Desk user
The Add a bookmark button ( ) is clicked by a Security Desk user Boost quality on event recording. Temporarily boosts video quality when the recording is triggered by a system event.
The events that qualify as event recording are as follows:
The Start recording action was executed The recording was triggered by an alarm The recording was triggered by motion
For more about how to configure these options, see:
"Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376
Configure visual tracking

To configure visual tracking is to define on-video controls (colored shapes) for a camera. 1 From the Home page in Config Tool, open the Logical view task. 2 Select a camera from the entity tree and click the Visual tracking tab. 3 Select one of the drawing tools, Rectangle or Ellipse, and draw a shape over the live video displayed to the right. You can resize, position, and rotate the shape with the mouse, or use the Size and Position parameters. 4 Select the fill color and opacity for the shape. Setting the opacity at 60 percent is usually a good tradeoff between transparency and visibility. You can also set a border color and a border thickness.
212
Configuring cameras
5 From the camera tree located under the drawing tools, drag and drop the camera you want to switch to onto the colored shape. The camera name appears in the Entities box. You can associate multiple cameras to the same shape. If more than one camera is to be associated with the same on-video control, the operator must explicitly select a camera before making the switch instead of just clicking on the colored shape. 6 Add as many on-video controls as necessary. 7 Click Apply.
Test the video quality of your camera

After configuring your cameras, you should always test the video quality to make sure it works properly. 1 From the Home page in Config Tool, open the Video task. 2 Do one of the following:
Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
The Live video dialog box appears and shows you live statistics about the video stream that is coming from the video encoder. For a PTZ camera, see "Configure PTZ motors" on page 214.
3 If you have configured multiple video streams, click the Stream drop-down list to select a different stream to view. For more information, see "Configuring video streams" on page 210.
Configuring cameras
4 If you have configured separate High resolution and Low resolution streams, select Automatic as your stream option, and resize the Live video dialog box to test the automatic stream selection. For more information, see "Automatic stream selection" on page 211. 5 If you are experiencing streaming problems, click Show diagnostic information to display diagnostic information as a transparent overlay on the video.
Click Copy to clipboard to capture that information to send it to "Technical support" on page 869. Click Close to hide the diagnostic information.
Configure PTZ motors

If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. Some PTZ motors support additional commands:
Zoom-box. Zoom in on an area by drawing a box on the video image using your mouse.
This works like the digital zoom for fixed cameras.
Center-on-click. Center the camera on a point of the video image with a single click.
When these two commands are enabled, they replace the normal pan, tilt, and zoom commands when controlling the PTZ in Security Desk. To configure PTZ motors: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab.
Configuring cameras
3 Switch the PTZ option to ON. 4 From the Protocol drop-down list, select the protocol used by the PTZ motor. 5 Beside the Protocol field, click options. to set the Idle delay, Idle command, and Lock delay
For more information about these options, see "Hardware" on page 389. 6 From the Serial port drop-down list, select the serial port used to control the PTZ motor. 7 In the PTZ address box, select the number that identifies the PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware. 8 To enable the enhanced PTZ commands (zoom-box and center-on-click), switch the Enhanced PTZ option to ON, and calibrate the PTZ coordinates. For information about how to calibrate the PTZ, see "Calibrate the PTZ coordinates" on page 215.
NOTE Not all cameras require PTZ calibration. For example, Axis cameras do not require
calibration. 9 Click Apply. After you are done: To test the PTZ controls, do the following: a From the Logical view, do one of the following:
Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
b In the Live video dialog box, test the PTZ controls in the video image. c Use the PTZ widget to control the camera. For a list of commands in the PTZ widget, see "PTZ widget" on page 217.
Calibrate the PTZ coordinates

For most cameras, you need to calibrate the limits of the PTZ movement in order to use the zoom-box and center-on-click commands properly in Security Desk. To calibrate the PTZ coordinates for zoom-box and center-on-click: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab. 3 Next to the Enhanced PTZ option, click Calibrate. 4 To set the PTZ coordinates automatically, click Calibration assistant, and follow the onscreen instructions. 5 To set the PTZ coordinates manually, move the PTZ motor around in the live video image, and enter the corresponding values on the right:
Configuring cameras
Max zoom factor. Zoom in to the maximum level you want Security Desk users to reach, and enter the Zoom value from the Coordinates section. Horizontal field of view. Enter the horizontal field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the horizontal field of view from the image you see on screen. Vertical field of view. Enter the vertical field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the vertical field of view from the image you see on screen. Minimum pan angle. Turn the camera to the left-most position of the area under surveillance, and enter the Pan value from the Coordinates section. Maximum pan angle. Turn the camera to the right-most position of the area under surveillance, and enter the Pan value read from the Coordinates section. Minimum tilt angle. Turn the camera to the bottommost position of the area under surveillance, and enter the Tilt value read from the Coordinates section. Maximum tilt angle. Turn the camera to the topmost position of the area under surveillance, and enter the Tilt value read from the Coordinates section.
6 If you want to flip the camera image at any point, select one of the following from the Flip camera drop-down list:
Minimum tilt. Flips the camera image when the PTZ motor reaches the minimum tilt coordinate. Maximum tilt. Flips the camera image when the PTZ motor reaches the maximum tilt coordinate.
7 If you see that the Minimum pan angle value is higher than the Maximum pan angle value, select the Invert pan axis option. 8 If you see that the Minimum tilt angle value is higher than the Maximum tilt angle value, select the Invert tilt axis option. After you are done: Test the zoom-box and center-on-click commands from a Security Desk tile. If needed, adjust the calibration, and test the PTZ camera again.
NOTE Every time you change a parameter, you must remove the camera from the tile and drag
it back to the tile for your changes to take effect.
216
Configuring cameras
PTZ widget
The PTZ widget is used to perform pan, tilt, and zoom operations on the displayed PTZ-enabled camera ( ).
IMPORTANT Not all PTZ cameras support all PTZ commands. If one or more of the PTZ buttons are greyed out, it means that the PTZ camera you are working with does not support that command.
A B C D
E F G
A B C D E F G
Eight direction arrows for PTZ motor control Adjust speed of the PTZ motor Zoom in and zoom out commands (+ and -) Quick access buttons for the first eight presets Choice of preset slot (drop-down menu) Choice of pattern/tour slot (drop-down menu) Choice of auxiliary command slot (drop-down menu) Lock control of the PTZ motor Toggle the PTZ Advanced mode menu Manual focus control (focus near) Manual focus control (focus far) Manual iris control (open iris)
217
Configuring cameras
Manual iris control (close iris) Go to PTZ home (default) position Flip PTZ motor 180 degrees Open PTZs menu (analog domes only) Use specific commands (specific to that model camera) Go to preset position Save preset position Rename a preset, pattern, or auxiliary Start PTZ pattern (tour). Click any preset or PTZ button to stop the pattern. Record PTZ pattern (tour) Start PTZ auxiliary command (e.g. wiper blade) Stop PTZ auxiliary command
Creating camera sequences

You can group fixed, PTZ-enabled, and federated cameras into a camera sequence, so they are displayed one after another in a rotating fashion in Security Desk tiles. For more information about camera sequences, see "Camera sequence" on page 393. To create a camera sequence: 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity ( A new camera sequence entity ( 3 Type a name for the camera sequence, and press ENTER. 4 Click the Cameras tab, and click Add an item ( ). 5 From the Camera drop-down list, select a camera to be part of the sequence. 6 In the Dwell time box, set the amount the time the camera is displayed when cycling through the sequence. 7 From the PTZ command drop-down list, choose what action the PTZ camera will perform when it is displayed in the sequence. This option is only for PTZ-enabled cameras.
) > Camera sequence.
) appears in the Logical view.
Preset. Move the PTZ camera to a preset position. Position. Start a PTZ pattern.
218
Configuring cameras
8 From the PTZ auxiliary drop-down list, configure the switch number and the state to set it to. This option is only for PTZ-enabled cameras that support auxiliary switches. 9 Click Save > Apply. 10 To add another camera to the sequence, repeat steps Step 4 to Step 9. 11 To change the order of the cameras in the sequence, use the 13 Click Apply. and buttons. ). 12 To remove a camera from the sequence, select the camera, and click Remove the item (
219
Configuring analog monitors

Analog monitor entities are automatically created when the video decoding units they are connected to are added to your system. Although Security Center provides workable default settings, we recommend that you configure each analog monitor in order to achieve optimal performance. This section includes the following topics:
"Configure analog monitors" on page 220 "Testing your analog monitor configuration" on page 222
Configure analog monitors

This is the recommended process for configuring analog monitors on your system. 1 Add a video decoding unit to your system. For information about adding units to your system, see "Adding video units to your system" on page 194. Analog monitors that are connected to the video decoding unit are automatically created as analog monitor entities. 2 Configure the analog monitor properties. a In the Video task, select an analog monitor to configure. b Click the Properties tab. c Configure the video settings, network settings, and the hardware connected to the analog monitor. For information about analog monitor properties, see "Analog monitor" on page 357.
220
d Repeat Step a to Step c for each analog monitor connected to the decoder. 3 To receive alarms on your physical analog monitors, do the following: a In the Alarms task, click the Monitor groups view. b Click Monitor group. c Type a name for your monitor group. d Select the monitor group, and click the Monitors tab. e At the bottom of the page, click group, and then click OK. , select the analog monitors to be part of the monitor
You can select multiple analog monitors by holding the SHIFT or CTRL keys.
IMPORTANT The order of analog monitors in the list is important. If you add more than
one analog monitor to a monitor group, the first analog monitor in the list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in the monitor group list will receive all the other alarms. f Click Apply. g In the Alarms task, click the Alarms view. h Select an alarm, and then click the Properties tab. i In the Recipients section, click alarm, and then click OK. , select the monitor groups to be recipients of the
221
j Click Apply. Analog monitors that are part of the monitor group are now recipients of the alarm. When the alarm is triggered, the video associated with the alarm is shown on the physical analog monitor.
NOTE High priority alarms do not replace lower priority alarms that are displayed on the
analog monitor. For more information about viewing video or receiving alarms in analog monitors in Security Desk, see Viewing video in an analog monitor in the Security Desk User Guide.
Testing your analog monitor configuration

After configuring your analog monitors, you should always test to make sure you can view video on the analog monitors. To test your configuration:
Display an analog monitor in a canvas tile in Security Desk, and then add a supported
camera to the tile. Supported cameras must be from the same manufacturer as the decoder, and use the same video format. For more information about using analog monitors in Security Desk, see Viewing video in an analog monitor in the Security Desk User Guide.
222
9
Managing Omnicast
This section explains advanced configuration techniques, and describes how to keep your video surveillance system reliable, protected, and running smoothly. This section includes the following topics:
"Managing video archives" on page 224 "Protecting your video archives" on page 227 "Protecting video files" on page 231 "Viewing properties of video files" on page 233 "Replace video units" on page 234 "Diagnosing video streams" on page 235 "Troubleshooting video units that are offline" on page 236 "Diagnosing Waiting for signal errors" on page 237 "Diagnosing Impossible to establish video session with the server errors" on page 239 "Troubleshooting no playback video available" on page 240 "Troubleshooting cameras that are not recording" on page 241 "Troubleshooting video units that cannot be added" on page 244 "Troubleshooting video units that cannot be deleted" on page 247 "Solving H.264 video stream issues" on page 248 "Investigating Archiver events" on page 249
223
Managing video archives

The video archives managed by the Archiver roles are the most important assets produced by your video surveillance system. They incorporate all the video (and audio) information recorded by your system. This section includes the following topics:
"What constitutes a video archive?" on page 224 "Managing the archive storage" on page 225
What constitutes a video archive?

Each Archiver is responsible for its own video archive for the cameras it controls. The video archive is divided into two parts:
The archive database The archive storage

The archive database
Each Archiver role maintains an archive database. It keeps four types of information:
Catalog of the recorded video footage. Events associated with the recorded video footage, such as motion detected, bookmarks,
and occasionally metadata (in the future).
Events describing the recording activities, such as when recording started and stopped, and
what triggered the event. Events related to the archiving process, such as Disk load is over 80%, and Cannot write to any drive.
The archive storage

The Archiver role does not keep the actual video footage in the database. Instead, it is kept on disk, in small files with a G64 extension, called video files. Each video file contains one or many discrete short sequences of video. The location of these files and the description of the video sequences they contain (camera, beginning and end of sequence) are kept in the catalog managed by the Archiver. For information on how to configure the archive database and storage for an Archiver role, see Archiver "Resources" on page 533.
224
Managing the archive storage

Managing the archive storage involves the following tasks:
Estimating how much storage you need Configuring automatic disk cleanup Optimizing access to your storage devices Monitoring the storage usage
Estimating how much storage you need

The storage requirements must be evaluated for each Archiver role, since they can control different numbers of cameras. The storage requirement is affected by the following factors:
The number of cameras that need archiving. The number of days you need to keep the archive online.
See "Configuring automatic disk cleanup" on page 225.
The percentage of recording time.

The percentage of recording time depends on the selected archiving mode. Recording can be configured for different times during the day as continuous, triggered by motion and user request, only upon user request, or off. For information on how to configure the recording mode, see Archiver "Recording modes" on page 522.
Frame rate.
The higher the frame rate, the more storage space the recording will require. For information on configuring the recording frame rate, see Camera "Video" on page 369.
Image resolution.
The higher the image resolution, the more storage space the recording will require. The image resolution is determined by the video data format in effect. For a description of the available video data format, see Camera "Video" on page 369.
The expected percentage of movement.

Instead of the whole image for every single frame, most video encoding schemes compress data by storing only the image changes between consecutive frames. Therefore, recording a scene that is in constant movement requires a lot more storage than recording a quiet scene.
TIP Checking the disk usage statistics regularly is the best way to estimate future disk space requirements, and allows you to make adjustments in a timely manner. See Archiver "Archiver statistics" on page 538.
Configuring automatic disk cleanup

The Archiver uses two methods to free up storage space for new video files:
The first method is to delete the oldest video files when running out of disk space. This is
the simplest method if the video footage from all cameras is of equal importance, and if you
wish to keep as much footage as possible. This method maximizes disk usage. For information on how to configure this option, see Archiver "Advanced settings" on page 532. The second method is to specify for each camera the number of days the recorded footage needs to be kept online. When the that timer period expires, the video is automatically deleted, even if disk space has not run out. This method allows you to keep more important video footage for a longer period of time. For information on how to set this option, see Camera "Recording" on page 378.
The Archiver can also be instructed not to delete any video files. In this case, archiving stops when disk space runs out.
Optimizing access to your storage devices

The main bottleneck on the Archiver is disk throughput. The Archiver has a way to alleviate this problem by simultaneously writing to multiple disks. This optimization is achieved by spreading the video archive over several disk groups. Each disk group must correspond to a separate disk controller. By splitting the video archive from different cameras over different disk groups, you can effectively attain the maximum throughput in terms of disk access. To distribute the archiving cameras over multiple disk groups: 1 From the Role view in Config Tool, select the Archiver entity. 2 Select the Resources tab. 3 Create a new disk group. See Archiver "Archive storage settings" on page 536. 4 Click Camera distribution ( ). 5 Using the dialog box that appears, distribute the cameras between the disk groups by selecting them one at a time and moving them with the arrow buttons. 6 Click Close > Apply.
Monitoring the storage usage

Given the importance of your video archive, you should monitor disk usage so archiving does not get interrupted inadvertently. There are many ways to monitor disk usage:
Program event-to-action behaviors to alert you when the Archiver is running out of disk
space or has stopped archiving. For more information, see "Using event-to-actions" on page 106. Regularly check the Archiver statistics. See Archiver "Archiver statistics" on page 538.
226
Protecting your video archives

This section discusses how to enhance the security of your video archives. This section includes the following topics:
"Protecting your video archive against storage failure" on page 227 "Protecting your video archive against hardware failure" on page 227 "Protecting video archive against routine cleanup" on page 229 "Protecting video archive against tampering" on page 229
Protecting your video archive against storage failure

The best protection for your video archive is regular backups.
Backing up your video archive

You need to back up both the archive database and the video files at the same time. The video files must be backed up manually, and in their entirety (by default, everything under the VideoArchives folder), and must correspond to the catalog stored in the archive database. For information on how to backup the database, see "Back up your role database" on page 57.
Restoring your video archive

You need to restore the video files to the VCDexact same location where they were originally stored. If you are restoring the files to a different server, the relative path to the video files root folder (by default VideoArchives) from the new server must be the same as the path from the old server. Otherwise, the Archiver role will not be able to find them. For information on how to restore the database, see "Restore your role database" on page 58.
Protecting your video archive against hardware failure

When the server hosting the Archiver role fails, two main functions of your video system are disabled. First, you lose control over the live video (viewing cameras, controlling the PTZ camera, archiving, etc.), because it is the Archiver that controls the video units. Second, you lose access to your archived video, because it can only be accessed through the Archiver that created it. This is true even if your database server is not the same computer as the one that failed.
About Archiver failover

Failover can counter the first problem posed by hardware failure. Adding a secondary server to your Archiver role effectively minimizes the down time over the live video. For Archiver failover, the following conditions apply:
Only one primary server and one secondary server can be assigned to an Archiver role. The primary and secondary servers must each have their own database, hosted locally, or on
another computer.
To make sure that the video archived by the primary server is still available if it fails to the
secondary server, you must turn on redundant archiving. This ensures that the primary and secondary servers can archive video at the same time, and that they each manage their own copy of the video archive.
NOTE You can set up redundant archiving on all cameras managed by the Archiver role, or protect just a few important cameras. For more information, see Archiver "Camera recording" on page 522.
An alternative solution to protecting your video archives is to use Auxiliary Archivers. For more information, see "Configuring the Auxiliary Archiver role" on page 204.
Careful load planning for failover

Depending on the archiving load of the Archiver role (meaning the number of cameras it is archiving and the video quality for each), the additional load it places on its secondary server as a result of a failover can affect that servers ability to perform. This happens when the failover archiving load added to the existing archiving load of the secondary server exceeds the archiving capability of that server. Additional roles hosted on the secondary server can also affect its archiving capability. When selecting a server as a secondary server for an Archiver role, consider the following:
How much spare power does the secondary server have?

If the secondary server has other functions, it is unlikely be able to absorb the full load of another server.
NOTE Based on recent benchmarks, a high-end server dedicated to video archiving cannot handle more than 300 Mbps of data or 300 cameras, whichever comes first. TIP To alleviate the failover load on a server, Genetec recommends defining multiple Archiver roles with fewer video units each. They can all share the same primary server, but should all fail over to different secondary servers.
How long is a typical failover expected to last?

The longer a failover lasts, the more additional disk space you need to reserve for archiving. For more information, see "Estimating how much storage you need" on page 225.
Is some video less important?

The command and control of the video units uses much less resources compared to video archiving. Any server can handle a lot more video units if it is only required to take care of the command and control function over them. If video archiving is not equally important on all cameras, you can entrust all important cameras to one Archiver role and give it a higher archiving priority than the rest. That way, if multiple Archiver roles happen to fail over to the same server at the same time, archiving
will be maintained for the important cameras. For more information, see "Configure standby archiving priorities" on page 535.
Archiver failover limitation

The failover process might take 15 to 30 seconds. During that time, no video will be recorded. Live video viewing will not be affected by the Archiver failover. However, if a user adds a bookmark during that small time window, no bookmark will be added, because the Archiver role is not ready to accept the command, and no operation failure will be reported in Security Desk.
Protecting video archive against routine cleanup

By default, video files are not kept indefinitely. Old video files can be deleted by the Archiver to make space for new video, or they can be deleted simply because their time has expired. See "Configuring automatic disk cleanup" on page 225. If important video footage needs to be kept beyond its normal retention period, you can protect it temporarily, or indefinitely. See "Protecting video files" on page 231.
CAUTION Too many protected video files on a disk can waste valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk (see Archiver "Protected video file statistics" on page 539). TIP An alternative to protecting video files is to export the desired video sequence to a different location. See Exporting video in the Security Desk User Guide.
Protecting video archive against tampering

When video evidence is to be used in court, its integrity is of paramount importance. Watermarking is the Security Center way of proving that video has not been altered. Video watermarking is the process of adding a digital signature to every recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete, or modify a frame or a section of the video), the signatures will no longer match, proving that the video has been tampered with. In other words, if a video sequence passes the watermark test, it is faithful to the original. To enable video watermarking on an Archiver: 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the Archiver entity. 3 Click the Resources tab, and click Advanced settings. See Archiver "Advanced settings" on page 532. 4 Switch the Video watermarking option to ON, and click OK. 5 Click Apply.
229
Set up a custom encryption key

You can generate your own encryption key and ask the Archiver to use it. 1 Run the program called EncryptionKeyGenerator.exe found in the Security CenterSecurity Center Server installation folder. The program will generate two 1 kB files named fingerprint.bin and private.bin. The first file contains a random 20 Byte initial fingerprint used for the encryption. The second file contains an RSA 248-bit encryption key. These two files will be different every time the program is executed. 2 Keep a copy of these files in a safe place. 3 Place another copy of these files in the Security Center Server installation folder. 4 From the Home page in Config Tool, open the System task. 5 Click the Role view, and select the Archiver entity. 6 To restart the role, click Deactivate, and then Activate in the Contextual commands toolbar.. The next time the Archiver records video to disk, the video files will be watermarked, and the fingerprint will be encrypted using the new encryption key.
IMPORTANT If you assign a second server to the Archiver role, it must use the same custom encryption files. This means you must place a copy of the encryption files in the Security Center Server installation folder of the second server.
230
Protecting video files

You can protect video files from being automatically deleted by the system when the Archivers disk space becomes full. What you should know You might protect a larger segment than what you select because the Archiver cannot protect partial files. "Protecting your video archives" on page 227. To protect a video file: 1 From the Home page, open the Archive storage details task 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 From the report pane, select the video file to protect, and then click Protect (
NOTE To select multiple video files, hold the CTRL or SHIFT keys. ).
4 In the Start and End columns in the Protect archives dialog box, set the time range of the video file to protect.
231
5 Select how long to protect the video file for, from one of the following options:
Indefinitely. No end date. You must remove the protection status manually by selecting the video file in the report pane, and then clicking Unprotect ( ).
NOTE When you unprotect a video file, it is not immediately deleted. You have 24 hours to change your mind (see "Archive storage settings" on page 548).
For x days. The video file is protected for the number of days that you select. Until. The video file is protected until the date that you select.
6 Click Protect. The video file is protected.
232
Viewing properties of video files
Viewing properties of video files

You can find the of video files used to store video archives from cameras, and view the properties of the video files (file name, start and end time, file size, protection status, and so on), using the Archive storage details report. You can also change the protection status of the video files. To view the properties of a video file: 1 From the Home page, open the Archive storage details task. 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane, along with their file properties. For information about the report columns available, see "Report pane columns" on page 723. 3 To view a video sequence in a tile, double-click or drag a video file from the report pane to the canvas. The selected sequence immediately starts playing. After you finish
To export an important video archive, select the item in the report pane, and then click
Export video ( ). For more information, see Exporting video in the Security Desk User Guide. To remove a video file from the database, select the item in the report pane, and then click Delete ( ). To protect an important video archive from automatic deletion, select the item in the report pane, and then click Protect ( page 231. ). For more information, see "Protecting video files" on
EXAMPLE If you protected an important video file, you can search for that camera, see when
the protection status is going to end, and extend the amount of time, if needed. Also, if the video file is not yet protected, you can protect it.
233
Replace video units
Replace video units

If a video unit fails and is offline in Security Center (red in the Logical view), you can replace the unit with a compatible one. This process copies the video archives and event logs associated with the old unit to the new one, so that the video archives are not lost.
IMPORTANT You need to copy over the configuration settings to the new video unit and all the cameras it controls before replacing the unit using the Unit replacement tool.
Before you begin: The new video unit must be the same brand and model as the old one, or you will receive the following error message: Units extension does not match. 1 Add a new video unit to the Archiver controlling the old unit. For information about adding a video unit, see "Adding video units to your system" on page 194. 2 Copy the configuration settings of the old video unit to the new video unit, using the Copy configuration tool. See "Copy configuration tool" on page 668. 3 Copy the configuration settings of the cameras controlled by the old video unit to the new cameras, using the Copy configuration tool. See "Copy configuration tool" on page 668. 4 Click the Home tab, and then click Tools > Unit replacement tool. 5 In the Unit type option, select Cameras. 6 Select the Old and the New cameras. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 7 Click Swap. The video archives and event logs of the old video unit are copied to the new one. 8 Verify that the video archives are now associated with the new video unit. a Open Security Desk. b From the Home page, open the Archives task. c Select a camera that is controlled by the new video unit. All days that include video archives for the selected camera are listed in the All available tab. d Click Generate report. 9 Once everything is verified, return to the Config Tool Video task. 10 In the Logical view, right-click the old unit, and click Delete ( 11 In the confirmation dialog box that opens, click Continue. ).
234
Diagnosing video streams
Diagnosing video streams

In Security Desk, you can diagnose the status of video streams displayed in the canvas. What you should know This can help you determine if there is a potential problem with the video stream, the Archiver, the redirection to Security Desk, and so on. To diagnose a video stream: 1 In Security Desk, display a camera in a tile. 2 Press CTRL+SHIFT+D. Diagnostic information about the video stream is overlaid in the tile. Click OK to view additional information. 3 Review the video stream connections.
Archiver. The connection status from the camera to the Archiver role. Redirector. The connection status from Archiver role to the redirector. Media player. The connection status from the redirector to your Security Desk workstation.
4 Click Close.
235
Troubleshooting video units that are offline
Troubleshooting video units that are offline

When the camera is red in the Logical view, it means that it is offline, or the communication with the Archiver role has been lost. What you should know When a unit is offline in Security Center, it usually coincides with a Unit lost event in Security Desk. This could be caused by an unstable network connection, or issues with the unit itself. To troubleshoot why a unit is offline: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the units Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot ( ). 4 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 5 Restart the Archiver role controlling the unit. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Deactivate role ( The Archiver turns red. d At the bottom of the Video task, click Activate role ( 6 If the video unit is still offline, contact technical support. See "Technical support" on page 869. ). ). c In the confirmation dialog box that opens, click Continue.
236
Diagnosing Waiting for signal errors

When you see a Waiting for signal message in a tile, it means that Security Desk is trying to connect to the Archiver. What you should know Some of the reasons you could get the waiting signal are the following:
The network is slow. There is some sort of block due to your port connections. The video stream was dropped while it was being redirected to Security Desk.
Wait to see if the camera connects. If the Waiting for signal message persists, you can try to diagnose the connection. To diagnose a Waiting for signal error: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
2 Open the units Web page by typing its IP address in a Web browser. 3 Change the video units connection type to the Archiver. a In Video task in Config Tool, select the red camera. b Click the Video tab. c From the Connection type drop-down list in the Network settings section, select a different connection type. d Click Apply. 4 Try viewing playback video from the camera. a In the Archives task in Security Desk, select the camera. b Select the most recent video archive available, and then click Generate report. c Once the report is generated, try to view the video from the archive.
If you can view the video, continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 If you have an expansion server on your system running the Archiver role, try to view video from the expansion server. a Open Security Desk on the expansion server. b In the Monitoring task, drag the camera from the Logical view to a tile in the canvas.
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 6. If you cannot view any video, contact technical support (see "Technical support" on page 869).
6 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see Default Security Center ports in the Security Center Administrator Guide. 7 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a and Step b for all the networks on your system. For more information about configuring network settings, see Network view in the Security Center Administrator Guide. 8 Force Security Desk to use a different connection type. a In the Home page in Security Desk, click Options. The Options dialog box opens. b Click the General page. c In the Network options section, next to the Network option, select Specific. d From the drop-down list, select a different network, and then click Save. e Restart Security Desk. f If changing the network connection does not work, repeat Step a to Step e to test using other networks. 9 If you still cannot view video, or the tile displaying the camera still says Waiting for signal, contact technical support (see "Technical support" on page 869).
238
Diagnosing Impossible to establish video session with the server errors
Diagnosing Impossible to establish video session with the server errors

If you receive an Error: Impossible to establish the video session with the server message, you can try to determine the cause. What you should know The Error: Impossible to establish video session with the server message could show up for multiple reasons. There could be a problem with your server, the Media Router role, the Federation role, the Archiver role, or the video unit itself. To diagnose an Impossible to establish video session with the server error: 1 Make sure your server is running. 2 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose ( c If there are issues, try to fix them. 3 If you are trying to view a federated camera, make sure the Security Center Federation role or the Omnicast Federation role is online. a In the System task in Config Tool, click the Roles view. b Select the Federation role, and at the bottom of the task, click Diagnose ( c If there are issues, try to fix them. 4 If you are trying to view a federated camera, make sure the server of the federated Security Center system is online. 5 It might be a connection problem with the Media router. Make sure the Media Router role is online. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Diagnose ( c If there are issues, try to fix them. 6 Restart the Media Router role. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Deactivate role ( c In the confirmation dialog box that opens, click Continue. The Media Router turns red. d At the bottom of the System task, click Activate role ( ). 7 Check if the video unit is offline (see "Troubleshooting video units that are offline" on page 236). ). ). ). ).
239
Troubleshooting no playback video available
Troubleshooting no playback video available

If you cannot view playback video or video archives in Security Desk, you can try to troubleshoot the issue. To troubleshoot why you cannot view playback video: 1 Try viewing live video from the camera. a In the Monitoring task in Security Desk, drag the camera from the Logical view to a tile in the canvas.
If you can view live video, continue with Step 2. If you cannot view any video, see the following troubleshooting section: "Troubleshooting video units that are offline" on page 236.
2 Try viewing playback video from the Archives task. a In the Archives task in Security Desk, select a camera. b Search for video archives at different dates and times, and then click Generate report. c Once the report is generated, try to view video from the archives. d Repeat Step a to Step c with other cameras.
If you can view the video from some of the video archives, go to Step 3. If you cannot view any video, go to Step 4.
3 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 4 Try viewing playback video from the Archives task on another Security Desk, and on the server where the Archiver role is running (follow the substeps in Step 2).
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see "Default Security Center ports" on page 776. 6 If you still cannot view playback video, contact technical support (see "Technical support" on page 869).
240
Troubleshooting cameras that are not recording

If you cannot record video, you can try to determine the cause of the issue. What you should know If you can view live video from a camera but cannot record video, it might be due to the recording mode of the camera, the Archiving schedule, the Archiver role database, or even your CPU usage. Some of the ways you can tell if the camera is not recording are the following:
If you are viewing live video, the recording status of the camera is indicated in the lowerright corner of the tile. If the status indicates you selected, and you know that there should be. To troubleshoot why a camera is not recording: 1 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 2 Verify the camera recording type. a In the Video task in Config Tool, select the red camera. b Click the Recording tab.
, the camera is currently not recording.
You are trying to view playback video, but there is no video available for the date and time
If the Recording settings option is set to Custom settings, check that all the recording settings are correct, and then click Apply. If the Recording settings option is set to Inherit from Archiver, continue with Step c.
c In the Video task, select the Archiver. d Click the Camera recording tab. e In the Recording modes section, make sure the Archiver is set to record on the right Schedule, and that the recording Mode is not set to Off. 3 If the camera recording mode is set to On motion/manual, make sure the motion detection settings are configured properly. a In the Video task in Config Tool, select the red camera. b Click the Motion detection tab. c Verify the motion detection settings. Fore more information, see Motion detection in the Security Center Administrator Guide. 4 Check the status of the Archiver role database. a In the Video task in Config Tool, select the Archiver.
b Click the Resources tab.
If the Archiver database status is Connected, go to Step 5. If the Archiver database status is Disconnected, or Unavailable, continue with Step c. ).
c Click Create a database (
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
If the camera can record using the new Archiver database, you can continue to use the new database. If the camera is still not recording, revert back to the original database, and continue with Step 5.
5 Check how much disk space is available for archiving. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab. c In the disk information table, make sure the Min. free space value is at least 0.2% of the Total size value. The Min. free space is the minimum amount of free space that the Archiver must leave untouched on the disk. d If the Min. free space value is less than 0.2% of the Total size, click on the value, and then increase it. 6 Check for Archiving stopped and Recording stopped events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs. If there are Archiving stopped or Recording stopped events in the Entry type column, restart the Genetec Server service. a Open your Windows Control Panel. b Click Administrative Tools > Services. c Click the Genetec Server service, and then click Restart. 7 Check for Transmission lost and RTP packet lost events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs.
If there are many Transmission lost and RTP packet lost events in the Entry type column, then it might be a CPU usage or network issue. Continue with Step 8. If there are not many Transmission lost and RTP packet lost events, go to Step 9.
8 Check your CPU usage. a Right-click in the Windows taskbar.
242
The Windows Task Manager opens. b Click the Performance tab, and make sure the CPU Usage is not over 60%. If the CPU usage is over 60%, restart the server, and consider adding more CPU to the server. c Click the Networking tab, and make sure the network Link speed is not over 300 Mbps. 9 If you are only experiencing recording problems with one video unit, try the following: a In the Video task in Config Tool, right-click on the red video unit, and then click Delete. b In the confirmation dialog box that opens, choose if you want to keep the video archives from the unit. The video unit is removed from the Archiver. c Add the video unit. For more information about adding units in Security Center, see the Security Center Administrator Guide. 10 If you still cannot record video on the camera, contact technical support (see "Technical support" on page 869).
243
Troubleshooting video units that cannot be added

If you are having trouble adding a video unit to an Archiver, you can try to determine the cause of the issue. What you should know When you cannot add a video unit, it might be due to network issues, user credential issues, and so on. Best practice: Log on to Config Tool as an administrator. To troubleshoot why a video unit cannot be added: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
2 Open the units Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot ( 4 Try adding the unit again. 5 Make sure that you have a free camera connection in your Security Center license. a From the Home page in Config Tool, click the About page, and click the Omnicast tab. b In the Number of cameras license option, make sure there is a camera connection still available. 6 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 7 Make sure you are using the correct credentials when trying to add the unit. For some manufacturers, you have to set the default credentials from the Archiver Extensions tab. a From the Video task in Config Tool, select the Archiver to which you are trying to add the video unit. b Click the Extensions tab. c To add the extension for the video unit, click Add an item ( type, and click Add.
).
), select the extension
244
d Select the extension. e In the Default logon section, enter the username and password for the unit. 8 Make sure the Archiver is connected to the correct database. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab.
If the Archiver database status is Connected, go to Step 9. If the Archiver database status is Disconnected, or Unavailable, continue with Step c. ).
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
9 Make sure the Media Router is connected to the correct database.

NOTE If the camera was previously added in Security Center and the IP address or name was
changed, you can also re-create the Media Router database. a In the Video task in Config Tool, select the Media Router. b Click the Resources tab.
If the Media Router database status is Connected, go to Step 10. If the Media Router status is Disconnected, or Unavailable, continue with Step c. ).
10 Try adding the unit with the firewall turned off. For information about how to disable Windows firewall, see KBA00596: Recommended Windows Firewall Settings on GTAP, at https://gtap.genetec.com/Library/ KnowledgeBaseArticle.aspx?kbid=596.
IMPORTANT Do not turn off the firewall permanently. Reactivate it after your tests are
complete. 11 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a to Step c for all the networks on your system. For more information about configuring network settings, see Network view in the Security Center Administrator Guide. 12 Make sure the Archiver, Media Router, and all redirectors are using the correct NICs (network interface cards). a From the System task in Config Tool, click the Roles view.
b Select the Archiver role, and click the Resources tab. c From the Network card drop-down list, select the appropriate NIC. d In the Logical view, select the Media Router role, and click the Resources tab. e Under the Servers section, click Advanced ( g Click the Properties tab. h Select a Redirector, and click Edit the item ( j Repeat Step h and Step i for each redirector. 13 Try adding the unit. 14 Verify the NICs priority in Windows. a In Windows, click Start > Run, and type ncpa.cpl. The Network Connections window opens. b Click the Advanced menu above and select Advanced Settings. c Note which NIC on your server is configured as network priority one (at the top of the Connections list), and which is configured as priority two. d If needed, use the arrow buttons on the right side to move the different connections up and down in the list. 15 Try adding the unit. 16 Make sure the Media Router role is online. a In the System task in Config Tool, select the Media Router role. b At the bottom of the System task, click Diagnose ( c If there are issues, try to fix them. 17 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose ( c If there are issues, try to fix them. 18 If you still cannot add the video unit, contact technical support (see "Technical support" on page 869). ). ). ). i From the Multicast interface drop-down list, select the appropriate NIC. ). f Select the appropriate Network card for each server, and click Apply.
246
Troubleshooting video units that cannot be deleted
Troubleshooting video units that cannot be deleted

If you cannot delete a video unit from Security Center, you can temporarily deactivate the Archiver. To delete a video unit: 1 In the Video task in Config Tool, select the Archiver. 2 At the bottom of the Video task, click Deactivate role ( ). 3 In the confirmation dialog box that opens, click Continue. The Archiver and all video units controlled by the role turn red. 4 Select the video unit, and at the bottom of the Video task, click Delete ( ). ). 5 Select the Archiver, and at the bottom of the Video task, click Activate role (
247
Solving H.264 video stream issues
Solving H.264 video stream issues

If you are having problems viewing H.264 video streams, you can disable the AVCodec_ErrorRecognition advanced Archiver role setting. To solve H.264 video stream issues: 1 From the Video task in Config Tool, select the Archiver to configure. 2 Click the Resources tab. 3 At the bottom of the Resources tab, click Advanced settings. 4 Click Additional settings. 5 In the Additional settings dialog box, click Add an item ( ).
6 In the Name column, type AVCodec_ErrorRecognition. 7 In the Value column, type 0. 8 Click Close. 9 In the Advanced settings dialog box, click OK. 10 In the Resources tab, click Apply. 11 When you are asked to restart the Archiver, click Yes.
248
Investigating Archiver events
Investigating Archiver events

You can search for events related to Archiver roles, using the Archiver events report. What you should know You can check the status of an Archiver by selecting it, setting a time range of a week, and making sure there are no critical events in the report. You can also troubleshoot an Archiver by searching for important events, such as Disk load is over 80% or Cannot write to any drive, and see when those events occurred. To investigate Archiver events: 1 From the Home page, open the Archiver events task. 2 Generate your report (see "Generate a report" on page 30). The Archiver events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
249
Part IV
Synergis IP access control
Learn how to set up, configure, and manage your Synergis system in Security Center. This part includes the following chapters: Chapter 10, Deploying Synergis on page 251 Chapter 11, Managing Synergis on page 295
10
Deploying Synergis
This section explains how to set up your access control system for the first time. This section includes the following topics:
"What is Synergis?" on page 252 "Synergis deployment process" on page 256 "Configuring the Access Manager role" on page 260 "Configuring access control units" on page 267 "Configuring doors" on page 268 "Using the Walkthrough wizard" on page 271 "Configuring elevators" on page 274 "Configuring secured areas" on page 278 "Configuring access rules" on page 281 "Configuring cardholders and cardholder groups" on page 283 "Configuring credentials" on page 285 "Defining badge templates" on page 289 "Testing your configuration" on page 294
251
What is Synergis?
What is Synergis?
Synergis is Security Centers IP access control system. From access control reader to client workstation, Synergis provides end-to-end IP connectivity. Synergis integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more. Synergis was designed with an open and distributed architecture. Build your system with new IP readers or use what you already have. Integrate your access control system with other thirdparty systems, like intrusion or building management, and distribute Synergis server components on many different network computers to optimize bandwidth and workload. Synergis Enterprise supports an unrestricted number of doors, controllers and client workstations. You can grow your system one door at a time or scale your system across multiple buildings using the Federation feature.
How does Synergis work?

Synergis architecture is based on the server role known as the Access Manager, which controls the physical door controllers.
252
What is Synergis?
The following provides a general description of how Synergis architecture works:
System configurations are saved by the Directory role. The Directory pushes configurations to the Access Manager. Access Manager communicates directly with the physical door controllers (called access
control units) over TCP/IP.
Access Manager pushes schedules, cardholder information, and access rules to the door
controllers. When a cardholder presents their credential to a reader, the controller refers to the access rule to determine whether the user should be granted or denied access. Once controllers have synchronized with the Access Manager, they can operate autonomously, even if they lose the network connection to the Access Manager.
With additional configuration, a cardholder can belong to a cardholder group, a door can be part of an area, and there can be multiple schedules and rules pushed to a unit.
What are Synergis entities?

The Synergis access control system uses the following entity types:
Icon Entity Description
Access Manager (role) Access control unit Access rule
Role that manages the door controllers on the system. See "Access Manager" on page 511. Door controller (to which a reader is attached). See "Access control unit" on page 337. Logic used to determine whether to grant access or not. See "Uniqueness of the Synergis model" on page 254 and "Access rule" on page 349. Simple grouping of doors and elevator floors or secured area with full access control behavior, including antipassback and interlock. See "Area" on page 360. Custom-designed printing template for user credentials. See "Badge template" on page 365. Individual who possesses a credential. See "Cardholder" on page 395. Group of cardholders sharing common characteristics. See "Cardholder group" on page 398. Claim of identity (card, PIN, biometric scan, etc). See "Credential" on page 401.
Area
Badge template Cardholder Cardholder group Credential
253
What is Synergis?
Icon
Entity
Description
Door Elevator Schedule Partition User User group
Physical barrier controlled by an access control unit. See "Door" on page 404. A single elevator cabin. See "Elevator" on page 410. Date and time range. See "Schedule" on page 463. Group of entities on the system visible only to a group of users. See "Partition" on page 447. Individual who uses Security Center applications. See "User" on page 482. Group of users sharing common characteristics. See "User group" on page 489.
Uniqueness of the Synergis model

Synergis is different from other solutions. Unlike other products, Synergis does not use Clearance codes or Access levels to grant or deny access. Instead, the basic logic used by Synergis to grant or deny access is defined by the access rule. The biggest difference between an access rule approach and an access level approach is that access rules are applied to doors, while access levels are applied to persons. Access rules tell a door who can pass through, and when, while an access level defines where and when someone can gain access. An access rule is a simple entity that contains the three Ws:
Who? (cardholder or cardholder group) What? (grant or deny access) When? (schedule)
Notice that Synergis does not grant access to a card/credential. Rather, access is granted, or denied based on the cardholders themselves.
254
What is Synergis?
This subtle, but fundamental shift in the applied logic has a significant benefit in managing lost and stolen cards. The access rules that have been pushed to the door controllers do not have to be modified. If you associate a new credential with a cardholder, the old rule is still valid.
A B
A B C
When? (Schedule) What? (Grant or deny access) Who? (Cardholders and/or cardholder groups)
255
Synergis deployment process

"Synergis deployment prerequisites" on page 256 "Synergis deployment procedure" on page 257
Synergis deployment prerequisites

Before you begin: Before you deploy Synergis, you must have the following ready:
A network diagram showing all public and private networks used within your organization,
and their IP address ranges. For public networks, you also need the name and public IP address of their proxy servers.
TIP Ask your IT department for this information.
Security Center software installed.
Security Center Server software installed on your main server. The main server is the computer hosting the Directory role. Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
At least one Access Manager role created on your system. Security Center Client software installed on at least one workstation.
For instructions on software installation, see the Security Center Installation and Upgrade Guide.
A list of partitions (if any). Partitions are used to segregate the system into more manageable
subsystems. This is especially important in a multi-tenant environment. If, for example, you are installing one large system in a shopping center or, office tower, you might want to give local administration privileges to the tenants. By using partitions, you can group the tenants so that they can only see and manage the contents of their store or office, but not the others. All access control units (IP door controllers and/or IP readers) installed and connected together on your companys IP network, with the following information:
Manufacturer, model, and IP address of each door controller. Login credentials (username and password). Which door/gate/elevator is each controller connected to. Are the doors card-in/card-out or, card-in/REX-out? Which inputs and outputs are connected to the door monitor/REX/lock/other?
TIP A site map or floor plan showing door, controller and reader locations would be very helpful.
A list of door groupings to create areas for purposes of people-counting. A list of all known cardholders (and cardholder groups where applicable).
TIP For a large installation, cardholders can be imported from a text file or from a Windows Active Directory. For more information, see "Import cardholders from a flat file" on page 284, and "Importing cardholders from an Active Directory" on page 284.
A list of available credentials. A list (and details) of all required access rules (who is allowed where and when). A list of all known users with their names and responsibilities.
TIP To save configuration time, identify users who have the same roles and responsibilities. NOTE Users are not cardholders. Users are persons who access the software. Cardholders are
Facility codes and card numbers. A list (and details) of all required schedules (office hours, holidays, etc.).
persons who have physical access to the monitored site.
(Optional) Identify user groups that will work independently on different parts of the
system (partitions).
NOTE If Omnicast video will be integrated, you will also need:
A cross-reference list indicating which cameras should be associated with which doors.
Synergis deployment procedure

A Security Center system can be deployed with access control only (Synergis alone), or access control with video integration (Synergis with Omnicast). This section describes both options.
NOTE The system can be setup and deployed in almost any order you want.
257
Deploying Synergis alone

The table below summarizes a typical Synergis deployment.
Phase Description See
1 2 3 4
Make sure you have everything listed in the prerequisites section. Connect to your system with Config Tool using the Admin account. Change the Admin accounts password to protect your system. Create a partition for each independent user group. By first defining the partitions, you wont have to move entities around after youve created them. Configure the Logical view (the tree structure). The Logical view lets you organize the entities: areas, doors, elevators, and zones, from an endusers perspective. Configure your Access Manager roles. (Optional) Define custom fields for your system entities as needed. Discover and enroll the access control units in the system. The Access Manager role needs to see the door controllers over the IP network. Configure the newly enrolled access control units and the interface modules attached to them. Create doors and configure the wiring of the readers, sensors, locks, and son on, to the access control units. (Optional) Create elevators and configure the wiring of the cabin reader and floor buttons to their access control units. Configure the secured areas (antipassback or interlock) and their perimeter doors. Create schedules (open/closed hours and holidays). Create access rules. Link rules to doors and schedules.
"Synergis deployment prerequisites" on page 256. "Connecting to Security Center" on page 9. "Change your password" on page 10. "Defining partitions" on page 90.
"Managing the Logical view" on page 85.
6 7 8
"Configuring the Access Manager role" on page 260. "Custom fields" on page 619. "Adding access control units to your system" on page 261. "Configuring access control units" on page 267. "Configuring doors" on page 268.
9 10
11
"Configuring elevators" on page 274.
12 13 14
"Configuring secured areas" on page 278. "Using schedules" on page 103. "Configuring access rules" on page 281.
258
Phase
Description
See
15 16 17 18 19 20 21
Create cardholders and (optional) cardholder groups. Link to access rules. Create credentials. (Optional) Create badge templates.
"Configuring cardholders and cardholder groups" on page 283. "Configuring credentials" on page 285. "Defining badge templates" on page 289. "Testing your configuration" on page 294. "Defining users" on page 93 and "Defining user groups" on page 96. "Managing alarms" on page 111. "Managing threat levels" on page 117.
Test your configuration.

Create the users and user groups. (Optional) Create alarms. (Optional) Create threat levels.
Deploying Synergis with Omnicast

If no Omnicast system is available, please refer to "Omnicast deployment process" on page 190. Once an Omnicast system is available, integrating Omnicasts video functionality into Synergis is relatively straightforward. It does not matter whether the Omnicast or Synergis system is set up first. Cameras can be linked to doors at any time. If both Omnicast Archiver and Synergis Access Manager are found on the same Security Center system:
Associate Synergis doors to Omnicast cameras.

See "Associate cameras to doors" on page 270. If the Omnicast Archiver and the Synergis Access Manager are found on different Security Center systems:
Federate the Omnicast cameras with the Synergis system.

See "Federating remote systems" on page 128.
Associate Synergis doors with the federated Omnicast cameras.

See "Associate cameras to doors" on page 270.
259
Configuring the Access Manager role

The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. All events generated by the units (access granted, access denied, door open, etc.) are forwarded by the Access Manager, through the Directory, to the concerned parties on the system. This section includes the following topics:
"Configure the Access Manager role" on page 260 "Add the unit manufacturer extensions" on page 261 "Adding access control units to your system" on page 261
Configure the Access Manager role

When Synergis is enabled by your license, an Access Manager role is created by default and hosted on the main server. You must configure it before it can be fully operational. 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, and select the Access Manager role. 3 Click the Resources tab, and configure the database required to run this Access Manager. For more information, see "Resources" on page 514. 4 Click the Properties tab, and configure the default retention period for door activity. The retention period defines how long (in days) a door event like access granted, or access denied remains in the SQL database.
NOTE If youre using the SQL Express 2008 R2 database engine (included with the Security
Center installation files), the database size limitation is 10 GB. A door event uses (on average) 200 Bytes in the database. If you configure the Access Manager to retain door events indefinitely, it will eventually hit the 10 GB limitation and the database engine will stop. 5 Add the manufacturer extensions for the unit types this Access Manager is to manage. For more information, see "Add the unit manufacturer extensions" on page 261. 6 Add the access control units you want this Access Manager to manage. For more information, see "Adding access control units to your system" on page 261. After you are done: If you need more than one Access Manager role on your system, now is the time to add more Access Manager roles and host them on separate servers. To add a new Access Manager role, see "Add an expansion server to your system" on page 47 and "Create a role entity" on page 50.
260
Add the unit manufacturer extensions

The manufacturer extensions are manufacturer specific settings that enable the Access Manager to communicate with the access control units. You need to add these extensions manually. Security Center supports the following unit types:
Synergis Master Controller. Synergis Master Controller (SMC) is Genetecs access control
unit that supports a variety of interface modules from third-party manufactures, such as HID, Mercury Security, STid, DDS, and more.
HID controllers. The HID controllers include the legacy VertX controllers (V1000 and
V2000), the VertX EVO controllers, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see Supported HID units in the Security Center Release Notes. To add a manufacturer extension to the Access Manager: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, select the Access Manager, and click the Extensions tab. For more information, see "Extensions" on page 513. 3 At the bottom of the extensions list (empty at the beginning), click Add an item ( If you only selected HID VertX, the procedure ends here. 5 Click the SMC extension you just added. 6 At the bottom of the Discovery Ports list, click Add an item ( ). 7 In the Discovery port dialog box, enter the port number configured for your SMC units and click Create. The port number must match the discovery port configured on your SMC units. The default value is 2000. Do not change the default value unless it is reserved by your IT department for a different purpose. 8 Click Apply ( ) to save your changes. ). 4 In the Add extensions dialog box, select the extension types you need and click Add.
Adding access control units to your system

Before you begin: "Add the unit manufacturer extensions" on page 261. This section only covers adding HID units. For adding SMC units, see Enrolling the SMC unit in Security Center the Synergis Master Controller Configuration Guide. This section includes the following topics:
"Add an HID unit manually" on page 262 "Add access control units using the Unit discovery tool" on page 265.
261
Add an HID unit manually

Before you begin: You must know the IP address, and the login credentials (username and password) of the HID units you plan to add. This is often achieved by using the HID discovery utility known as the Discovery GUI. The Discovery GUI can be downloaded from HIDglobal.com, or found in the Security Center 5.2 installation package, at: \Tools\Access\HID VertX\Discovery Tool\. The Discovery GUI is used for the initial network discovery and IP configuration of HID VertX controllers.
This utility will scan a local network and report which HID units were found. You can then apply the units IP configuration, password, etc. Once the access control units are online and you have their IP addresses and passwords, you can then add the units manually in the Config Tool. To add an HID unit manually in Security Center: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view. 3 Click Add an entity ( ) > Access control unit.
262
From the Network endpoint drop-down list in the Unit information tab, select the Access Manager that will manage the unit.
4 Click Unit type and select HID VertX. 5 Enter the IP address of the HID unit.
NOTE If the server hosting the Access Manager is behind a NAT, and the access control unit is not, you must click on the More button and specify the servers IP address.
6 Enter the Username and Password.

NOTE The default username/password is root/pass.
7 Click Next. 8 Select a Partition where the access control unit should be added.
If no partitions were created, select the default Public partition. If there are partitions in your system, select the partition that will include the door(s), schedule(s), rule(s) cardholder(s) linked to this specific door controller.
For more information, see "Partition" on page 447, and "How is software security configured?" on page 89. 9 Click Next.
263
10 Review the Creation summary, and click Create. The Access Manager attempts to connect to the unit, and enrolls it in your system. Once the process has been successfully completed, a confirmation message appears.
11 Click close. Your newly created access control unit appears under the Access Manager it was assigned to in the Roles and units view.
NOTE It might take another minute or two before the unit can be used. It will undergo (automatic) synchronization. This process involves the Access Manager sending schedules, access rules, and cardholder information to the unit. The unit will save the information locally so that it can operate even if the Access Manager is unavailable.
For more information, see "Synchronization" on page 347. After you are done: To confirm whether the unit has successfully synchronized with Access Manager: 1 From the Roles and units view, select the access control unit that was just added. 2 Click the Synchronization tab, and check the date/time stamp of the Last update.
264
Add access control units using the Unit discovery tool

The Unit discovery tool helps you find access control units on your network when you do not know their IP addresses.
NOTE For a complete description of this tool, see "Unit discovery tool" on page 653.
To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 In the Unit discovery dialog box, click the Manufacturers button. 3 In the Configure manufacturers extensions dialog box, click the Access control tab, and click Add an item ( ). 4 Select the manufacturers you need, and click Add. 5 Click Save. 6 Click Start discovery ( ). The units discovered on your network are listed. Newly discovered entities are displayed with a yellow star. You can stop the discovery process at any time.
NOTE UPnP and Zero config protocols are also used for the discovery process. This means
that IP cameras supporting UPnP and Zero config might also be discovered during the scan.
7 To filter out the entities already enrolled in your system, click Investigation ( bottom of the dialog box, and click Show only new units. 8 Select a unit from the list, and do one of the following:
) at the
To add the unit to your system, click Add unit (
) below the unit information.

265
This only works if you provided the correct login credentials.
To change the discovery port of the unit, click Change discovery port (
).
If the login credentials are incorrect, click Manual add ( ) > Access control unit to add the unit manually, and provide the correct login credentials. See "Add an HID unit manually" on page 262.
266
Configuring access control units
Configuring access control units

Once you have successfully enrolled your access control units in the system, you will find them in the Access control task under the Access Manager that manages them. Each access control unit starts with a default configuration. For a description of all the configurable properties, see "Access control unit" on page 337.
TIP If your access control units share many settings in common, you can configure a first one and copy the common part of its configuration to all the rest to save time. For more information, see "Copy configuration tool" on page 668.
"Understanding unit synchronization" on page 267 "Synergis Master Controllers unique characteristics" on page 267
Understanding unit synchronization

The logic used to decide whether a door should be locked or unlocked is processed by the access control unit. This means that units must synchronize with the Access Manager to receive the latest access rules, schedules, credentials, and so on. The units synchronization mode can be configured or modified under the access control units Synchronization tab in Config Tool (see "Synchronization" on page 347). Three different synchronization modes are supported by Security Center:
Automatically. This is the recommended setting.

Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.
On schedule. The unit is synchronized according to a schedule.

For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.
Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.
Synergis Master Controllers unique characteristics

Some noteworthy characteristics of the SMC unit is that its synchronized data never expire because it understands the scheduling scheme used in Security Center. For a complete list of SMC supported features and limitations, see the Synergis Master Controller Configuration Guide.
267
Configuring doors
Configuring doors
In Security Center, a door entity refers to any physical barrier that can be controlled by an access control unit. Often, a door will represent a physical door, but it can also represent a gate or a turnstile. This section includes the following topics:
"Wiring doors to access control units" on page 268 "Create and configure your doors" on page 268 "Configuring a buzzer" on page 269 "Configuring readerless doors using Input/Output modules" on page 269 "Associate cameras to doors" on page 270
Wiring doors to access control units

For information on wiring doors to SMC units, refer to the Synergis Master Controller Hardware Installation Guide. For information on wiring doors to HID VertX units, refer to the wiring diagrams found in the appendix of this guide. See "Wiring diagrams" on page 800. The diagrams are also available in PDF format in the Security Center 5.2 installation package, located at: \Documentation\Controllers\HID VertX\Wiring and Installation Guidelines\. Best practice: It is best practice to have an electrician verify the functionality between all door sensors and actuators.
Create and configure your doors

Once the physical wiring between the access control unit and the door is complete, you need to create and configure the door in the Config Tool. There are three basic door configurations:
Card in/Card Out - 2 readers are required Card In/REX Out - 1 reader is required Readerless doors - No readers are required
To create a door in Security Center: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Door. 3 In the Creating a door wizard, enter the door name and description. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next.
Configuring doors
5 In the Door information page, assign names to the door sides (Inside/Outside, Secure/ Non-secure, Entrance/Exit, East/West). 6 To associate the door with the access control unit it is wired to, select a unit from the Access control unit drop-down list. 7 Review the Creation summary to make sure the configuration page matches the physical wiring done at the door. 8 Click Create and Close. For more information, see "Door" on page 404. After you are done:
To link an access rule to your door, see "Access rules" on page 409 To attach cameras to your door, see "Associate cameras to doors" on page 270 To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 408.
Configuring a buzzer
You can assign an access control unit output to sound a buzzer. This output is governed by the action Sound buzzer and Silence buzzer. Use the event-to-action mechanism for this. For example, the buzzer output can be used to prompt someone to shut a door when it is being held open. With an event-to-action, you associate the event Door open too long to trigger the action Sound buzzer. Then associate the event Door closed to trigger the action Silence buzzer.
NOTE Buzzer does not refer to the readers beeper, but an external buzzer that is wired to an output relay on the access control unit.
For more information, see "Using event-to-actions" on page 106.
Configuring readerless doors using Input/Output modules

If a reader is not required for a door configuration, HID input and output modules (V200 and V300) can be used to control the REX, door sensor, and lock. Some examples of where readerless doors might be used could include:
Fire exits - Locked from the outside, with a push-bar to open the door from the inside using
a REX.
Stadiums/Theatres/Arenas - Everyone must enter through the ticket booth but once the
event is finished, many exits become available to decrease congestion at the main entrance.
NOTES
No access rules need to be linked to the readerless door. For more information, see "Access
rules" on page 409. An unlock schedule can be assigned to the readerless door. For more information, see "Unlock schedules" on page 406.
269
Configuring doors
Associate cameras to doors

If a door entity is linked to a camera in Security Center, an access control event triggered at that door (door forced, access denied) will cause the cameras video feed to be displayed in a Security Desk tile. If there are multiple cameras associated with that door, by default the cameras linked to the outside of that door will be displayed in a Security Desk monitoring tile. Multiple cameras associated with a single door (composite entities) can be cycled or unpacked in the Security Desk. For more information, see Unpacking/packing tiles in the Security Desk User Guide. To monitor doors with cameras, your Security Center must have one of the following configurations:
An Archiver role with available cameras.

For more information, see "Archiver" on page 521.
An Omnicast Federation role to connect to an external Omnicast system.

For more information, see "Omnicast Federation" on page 590.
A Security Center Federation role to connect to an external Security Center system with
cameras. For more information, see "Security Center Federation" on page 601. To link cameras to your doors: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the door entity to configure, and click the Hardware tab. 3 Below door side (A), click Associate a camera ( 4 From the Camera drop-down list, select a camera. If the camera has a PTZ motor, you can also include the PTZ preset number to ensure that the camera points towards the door. 5 To add another camera to the door side, click Associate a camera ( 6 Repeat Step 3 and Step 4 for door side (B). 7 Click Apply. ) again. ).
270
Using the Walkthrough wizard

The Walkthrough wizard tool simplifies the configuration of newly installed access control units by associating them with doors. You to simply walk through the newly installed doors, presenting your credential to each reader along the way. These access requests are recorded in real-time and stored. Once all the access points are recorded, you use the wizard to associate each access point with a door. Only units that are not yet associated with a door can be configured with this wizard. This section includes the following topics:
"Why use the Walkthrough wizard?" on page 271 "Assigning doors to access control units using the Walkthrough Wizard" on page 272
Why use the Walkthrough wizard?

Imagine that you have just installed 10 new access control units.
You discover them with the HID Discovery GUI and configure their IP addresses. You wire them to the doors. You then enroll them with the Config Tool and they become part of your Security Center/Synergis system. You begin creating doors in the Config Tools Logical view.
And now, the challenge is to remember which controller is physically wired to which door.
271
Assigning doors to access control units using the Walkthrough Wizard

Assign door names to access points by using the Walkthrough wizard and presenting your card to different readers around your site.
TIP This task is accomplished faster with two people. One walking through the doors and presenting a credential while the other monitors which reader just picked up the card. A pair of walkie-talkies or cell phones can be helpful.
To launch the walkthrough wizard: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and select the cardholder that corresponds to the credential youll be using for the wizard. 3 In the contextual commands toolbar, click Walkthrough wizard (
).
4 In the Door walkthrough wizard, select a walkthrough mode, and click Next. Real time. Credential reads are shown in real-time. If the building is large, this mode is best used with two installers. One installer runs the Config Tool, while the other walks around swiping the credential on the readers for the newly installed units. Reporting. Installation is done in two steps with one person. First you walk through the building in a pre-defined circuit, swiping the credential on readers for newly installed units. Security Center records these credential reads. Then you associate the list of discovered units to newly created doors. For this mode you set a time period during which the mode is active. Mixed mode. A combination of both real time and reporting mode.
5 Begin your walkthrough by presenting your card at each reader. As you present your card at each reader, the Walkthrough wizard notes which controller picked up the card read. In the Device discovery tab, all the access points that read your card are listed.
272
6 Select a reading, assign a Door name, and click Next.
7 Review the Creation summary. 8 If the configuration looks correct, click Create. Your newly configured doors can now be found in the Config Tools Logical view. After you are done:
To link an access rule to your door, see "Access rules" on page 409 To attach cameras to your door, see "Associate cameras to doors" on page 270 To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 408.
273
Configuring elevators
The elevator entity controls access to the floors of a building. When a cardholder uses a credential, the floor buttons to access those floors for which that cardholder is authorized, are enabled. This is achieved by controlling an output relay to enable the floor button. Floor tacking records the floor buttons pressed. It is achieved by monitoring inputs. This permits tracking reports for elevator usage in the Security Desk. For information about a units limitations with this feature, see the Security Center Release Notes. This section includes the following topics:
"Hardware for elevator control and floor tracking" on page 274 "Configuring elevator floors" on page 275
Hardware for elevator control and floor tracking

To control access, this entity relies on a single access control unit that must be associated with an elevator.
IMPORTANT To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit assigned to elevator control cannot be used for any other purpose.
You will require the following:
A reader in the elevator cab. Outputs that close relay contacts to enable the floor buttons. Inputs that record the floor buttons that have been selected (only necessary when the floor tracking is required).
The following hardware supports elevator control and floor tracking.

Access control unit Number of outputs for elevator control Number of inputs for floor tracking
HID VertX V2000 reader interface/ network gateway HID iCLASS Edge device HID VertX V1000 network gateway (in addition to a V100, up to 31 modules (V200 and V300) can be connected): HID VertX V100 reader interface module HID VertX V200 input module
4 2 Not supported
6 (including AC Fail and Bat Fail inputs) 2 Not supported
4 2
4 (including AC Fail and Bat Fail inputs) 18 (including AC Fail and Bat Fail inputs)
274
Access control unit
Number of outputs for elevator control
Number of inputs for floor tracking
HID VertX V300 output module (latching outputs)
12
4 (including AC Fail and Bat Fail inputs)
Configuring elevator floors

To configure elevator floors: 1 Install the reader in the elevator cab and wire it to the access control unit. 2 Wire the outputs for elevator control. The output relay state can be inverted according to your regulatory requirements. This setting will affect how you wire the units. For more information, see "Configure the elevator relay settings" on page 276. For an HID unit see "HID VertX elevator control" on page 794 After you are done: Once wired, the input for each floor must be configured.
Create an elevator
To create an elevator in the Config Tool: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Elevator. 3 In the elevator creation wizard, enter the elevator name and description. 4 If there are partitions in your system, select the partition where the elevator will be created, and click Next. 5 Enter the number of elevator floors, and click Create. The default floor entities are created. 6 To change a floor name, select the floor. 7 Make adjustments if necessary, and click Next. 8 Review the creation summary, and click Create and Close. The new elevator appears in the Logical views entity tree with its floors. It initially appears in red until it is fully configured.
9 From the Logical view, select the elevator, and click the Advanced tab. 10 Configure the elevator relay settings. See "Configure the elevator relay settings" on page 276.
275
11 Click the Floors tab, and assign the access control unit to be used for the elevator, the reader, the outputs that enable the selection for a floor, and the cameras monitoring the elevator. For more information, see "Configure the elevator floors" on page 276. 12 Click the Access tab, and configure the access rules applied to the elevator floors, and scheduled periods when the elevator floors should be configured for free access (no credentials required). After you are done: You can configure event-to-actions based on events regarding this elevator. See "Using event-to-actions" on page 106.
Configure the elevator relay settings

The elevator Advanced tab can be used to configure the elevator control unit relay settings. The following settings change the relay behavior for elevator control:
Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
Free access when the output relay is:
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
NOTE The access control unit relay output wiring must be made according to these settings (use the appropriate NO or NC relay contacts on the units).
Configure the elevator floors

The elevator Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk. To configure the elevator floors: 1 Select the Floors tab of the elevator entity. 2 From Preferred unit drop-down list, select a unit to filter the inputs and outputs displayed on this screen. This greatly simplifies the selection of inputs and outputs since there are so many of them in the system. 3 From the Elevator cab reader drop-down list, assign the reader input. 4 To change the elevator cabs reader settings, then click
The configuration dialog box is displayed to allow you to change the following: Type of reader (Wiegand vs. Clock & Data; Card only vs. Card and PIN) Set card and PIN mode with the schedule and access timeout.
276
5 Under Floors, use the following buttons to add elevator floors or change their configuration:
To add an elevator floor, click
. . . .
To delete the selected elevator floor, click To move the selected elevator floor up, click
To move the selected elevator floor down, click To modify the selected elevator floor, click .
6 From the Push button relay drop-down list, assign elevator floors to outputs. 7 From the Floor tracking drop-down list, assign elevator floors to floor tracking inputs.
NOTE On an access control unit dedicated to elevator control, all inputs can be used for floor
tracking except for the door monitor inputs. 8 Click Apply.
Associate rules, unlock schedules, and cameras to elevators

Just like a door, elevator control requires access rules to determine who will be granted access, where and when. And, you can assign an unlock schedule to permit free access based on a schedule, as well as assigning cameras to monitor the elevator events.
In the elevators Access tab, assign access rules to your elevator to determine which
cardholders can access which floors, and assign schedules to allow free access during certain times of the day. For more information, see "Access" on page 412.
In the Floors tab, link cameras to your elevator for monitoring.

For more information, see "Floors" on page 411.
277
Configuring secured areas

An area represents a group of entities. In the context of access control, this would typically be a group of doors, and perhaps alarm inputs. An secure area consists of perimeter entities (doors) and, optionally, captive entities. Areas are required for:
Antipassback Interlock People counting

NOTE A secured area can be configured with either antipassback or interlock functionality, but never both.
"Create an area" on page 278 "Add members to an area" on page 279 "Configure doors for an area" on page 279 "Configure antipassback" on page 280 "Configure interlock" on page 280
Create an area
To create a secured area: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Area. A new area appears in the Logical view. 3 Type a name for the area, and press ENTER. For more information, see "Area" on page 360.
278
Add members to an area

Entities such as cameras, zones, sub-areas, elevators, and tile plugins can be added as members of an area. You can also add doors as area members. See "Configure doors for an area" on page 279. To add members to an area, do one of the following:
Click
at the bottom of the Members tab of the area entity, and use the Search tool that appears. For more information, see "Search for entities using the Search tool" on page 43. Use drag-and-drop to move or copy entities in the Logical view. For more information, see "Configuring the Logical view" on page 86.
Configure doors for an area

A door can be configured as Captive or Perimeter for an area. Perimeter doors are used to enter and exit an area, and help to control access. By correctly setting the door sides, people counting and antipassback are properly tracked. A doors Entrance and Exit sides are relative to the area being configured.
NOTE Access rules configured for an area only apply to perimeter doors.
1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Members tab. 3 Click Add an item ( ) at the bottom of the page.
279
4 Select the doors you want as members, and click Select. 5 In the Doors section of the Members tab, set the doors as perimeter or captive doors.
For doors that represent entry or exit from the area, set the slider to Perimeter. For doors that are found within the area, set the slider to Captive.
6 To swap the door sides, beside the door, click the Swap door side button. 7 Click Apply.
Configure antipassback
Once your area has been created, and it contains at least 1 perimeter door, antipassback can be applied to your area. Please note that for areas made up of multiple doors, the antipassback logic will be applied to the perimeter doors but not the captive doors. To configure antipassback for your area: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Antipassback properties to ON, and Interlock properties to OFF. 4 Set the Type, Timeout, and Strict fields as required by your installation. For more information about these fields, see "Antipassback properties" on page 361.
IMPORTANT All doors participating in an antipassback area must be controlled by the same
unit. 5 Click Apply.
Configure interlock
An interlock (also known as mantrap or airlock) is the logic applied to a group of doors stipulating that only one door can be open at any given time. This would typically be used in a passageway with at least two doors. The cardholder unlocks the first door, enters the passageway, but cannot unlock the second door until the first door has closed. To configure your area with interlock functionality: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Interlock properties to ON, and the Antipassback properties to OFF. 4 Assign an access control units input to activate either Override mode or Lockdown mode. 5 Click Apply. For more information about these fields, see "Properties" on page 361.
280
Configuring access rules

An access rule is the access control logic that grants or denies access to a cardholder. This section includes the following topics:
"Create and configure access rules" on page 281
Create and configure access rules

To create and configure an access rule: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Access rules view, and click Access rule ( 3 Assign a name and description to the access rule.
TIP It is best practice to assign descriptive names to your rules so that when your system accumulates many rules, it is clear from their names what they do.
).
Eg. Rule_Area or Door name_Schedule name. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. For more information, see "Partition" on page 447. 5 Select a schedule of when you want your rule to be active. The default is Always. For more information, see "Schedule" on page 463. 6 Click Next. 7 Review the Creation summary and click Create. 8 Select the access rule, and click the Properties tab. 9 Select a schedule, and grant access or deny access depending on your needs.
TIP Usually schedules are used to grant access through a door.
10 At the bottom of the page, click the add cardholders ( cardholders, or cardholder groups to your rule.
) button to add individual
281
TIP It is recommended to add cardholder groups rather than cardholders, as this becomes much more manageable in large systems as new people arrive, and former people leave.
11 Click Apply. After you are done: Now that your access rule has been configured, you need to assign it to specific doors, or areas for the rule to be applied and to control physical access. Related topics:
"Access rules" on page 364, for areas "Access rules" on page 409, for doors
282
Configuring cardholders and cardholder groups

Cardholders and cardholder groups are the Who in an access rule. While both individual cardholders and cardholder groups are supported, cardholders and access rules are much easier to manage when cardholders are members of cardholder groups. This section includes the following topics:
"Create a cardholder in Config Tool" on page 283 "Create a cardholder group in Config Tool" on page 284 "About the maximum cardholder picture file size" on page 284 "Import cardholders from a flat file" on page 284 "Importing cardholders from an Active Directory" on page 284 "Managing cardholders in Security Desk" on page 284
Create a cardholder in Config Tool

Cardholders can be created either through the Cardholder creation wizard (explained here) or with the Cardholder management task. For more information on the latter, see Cardholders in the Security Desk User Guide. To create a new cardholder: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and click Cardholder ( ). 3 Assign a first name and last name to your cardholder, then click Next. 4 In the Basic information page, assign a name, and a description to the cardholder entity. 5 If there are partitions in your system, select the partition in which the cardholder will be recognized, and click Next. For more information, see "Partition" on page 447. 6 If custom fields have been created for cardholders, fill in the custom fields, and click Next For more information, see "Custom fields" on page 335. 7 Choose to create the cardholders credential now, or later on, and click Next.
If you selected Create the credential for this cardholder now, continue with Step 8. If you selected Delay the creation of the credential for this cardholder, go to Step 9.
8 Choose whether to create the credential manually, or automatically and create their credential, and click Next. For more information, see "Create a credential in Config Tool" on page 285. 9 Review the Creation summary and click Create and Close. For more information, see "Cardholder" on page 395.
Create a cardholder group in Config Tool

To create a new cardholder group: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholder groups view, and click Cardholder group ( A new cardholder group appears in the Logical view. 3 Type a name for the group, and press ENTER. 4 Click the Properties tab of the cardholder group, and click at the bottom of the page to add individual cardholders or cardholder groups to your new group. For more information, see "Cardholder group" on page 398. ).
About the maximum cardholder picture file size

If cardholders pictures are used, they are also stored in the configuration database. Imported cardholder pictures will be reduced to the maximum cardholder picture size. For more information, see Access control General settings "Maximum picture file size" on page 635.
Import cardholders from a flat file

Cardholders can be created by importing a text file containing all cardholder information, using the Import tool. It is often useful in large organizations where many cardholders or cards need to be created automatically. The Import tool can be found in the Config Tools Tools menu. For more information, see "Import tool" on page 657.
Importing cardholders from an Active Directory

Cardholders and cardholder groups can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder profile can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.
Managing cardholders in Security Desk

You can create, delete, and modify cardholders (such as change their group membership, partition access, credential, employee photo, and so on), using the Cardholder management task. For more information, see Cardholders in the Security Desk User Guide.
NOTE The cardholder management task does not offer cardholder group management.
284
Configuring credentials
Credentials are used by Security Center to identify who is requesting access through a secured access point. For access control to be operational, every cardholder must possess at least one credential. These are typically (but not exclusively) access control cards. For more information, see "Credential" on page 401. This section includes the following topics:
"Create a credential in Config Tool" on page 285 "Import credentials from a flat file" on page 287 "Importing credentials from an Active Directory" on page 287 "Enrolling credentials from Security Desk" on page 287 "Using custom card formats" on page 287
Create a credential in Config Tool

Before assigning a credential to a cardholder, the credential must first be created and enrolled in the system.
NOTE Credentials can be enrolled either through the Credential creation wizard (explained here)
or with the Credential management task. For more information on the latter, see Credentials in the Security Desk User Guide. To create a new credential: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Credentials view, and click Credential ( ). 3 In the credential creation wizard, select manual or automatic credential creation. and click Next.
Manual credential creation. Involves entering the access control card number and facility code manually with your PC keyboard. Automatic credential creation. Involves presenting the card to a reader upon which it will be recognized by the system.
4 Assign a name, and a description to the credential.

TIP Typically, a credential will be named CardholderNames credential (eg. Mike Walkers
credential). The alternative is to assign the card number (printed on the face of the card) as the credential name. If a lost card is found, it can then be searched for quickly with this number. 5 If there are partitions in your system, select the partition in which the credential will be recognized, and click Next.
285
For more information, see "Partition" on page 447. 6 In the Credential assignment page, assign the credential to a cardholder immediately, or create the credential but delay assigning it to a cardholder until later on.
If you selected Assign credential later on, click Next. If you selected Assign credential now, choose a cardholder from the Cardholder dropdown list, and click Next. If you initially chose Manual credential creation, select the credential type, and go to Step 12.
7 Do one of the following:
Card: Set the Card format, the Facility code and the Card number. PIN: Set the Code for the PIN.
If you initially chose Automatic credential creation, present the cards at a reader, and continue with Step 8.
8 In the Enrollment device section, select whether you will present the cards to a USB reader connected to your local workstation, or to a door reader from the drop-down list. 9 If you selected Door as the enrollment device, select an Access point. 10 Present the cards at the reader and you should see the cards value appear. 11 To enroll the card, select a card and click Next.
286
TIP You can select multiple cards and enroll them at once by holding the CTRL key.
If the card has already been enrolled in the system, instead of seeing the cards value, you will see a message appear stating that The last discovered credential was discarded because it already exists. 12 If any custom fields have been created for credential properties, you are prompted to enter the custom field information. For more information, see "Custom fields" on page 335. 13 Review the Creation summary, and click Create and Close.
Import credentials from a flat file

Credentials can be created by importing a text file containing all credential information, using the Import tool. It is often useful in large organizations where many cardholder cards need to be created automatically. The Import tool can be found in the Config Tools Tools menu. For more information, see "Import tool" on page 657.
Importing credentials from an Active Directory

Cardholder credentials can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder credential can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.
Enrolling credentials from Security Desk

Credentials can also be enrolled using the Credential management task. For more information, see Credentials in the Security Desk User Guide.
Using custom card formats

Security Center allows you to define custom card formats. Custom card formats allow you to add new formats to Synergis with specific card data fields, in addition to the standard formats supported by default. (Eg. the standard 26-bit Wiegand format).
Benefits of custom card formats

Creating custom card formats has the following benefits:
Ability to manually enroll a new card using a standard workstation keyboard, whereas a
card with an unknown format can only be enrolled using a card reader. Ability to view the card number in the Config Tool and the Security Desk, whereas data for unknown card formats cannot be displayed.
287
Ability to import cards using custom formats with the Import tool. For more information,
see "Import tool" on page 657. Ability to enroll cards manually in bulk, without a card reader, using the Credential management task. For more information, see Credential management in the Genetec Security Desk User Guide.
Custom card formats are defined in Config Tool under the System entity. For more information, see Access control General settings "Custom card formats" on page 635.
288
Defining badge templates

Badge templates are Synergis entities used to design customized printing templates for access control cards. You might, for example, want a company logo, a background image, employee photo, or a custom color printed on the access control cards. A badge template can include fields from the configuration database so that the correct name, cardholder photo, and so on, will appear on each card. To create a new badge template: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Badge template view, and click Badge template ( A new badge template appears in the Logical view. 3 Type a name to your badge template, and press ENTER. 4 In the Identity tab, type a description for the badge template. 5 In the Relationships section, select the partition where you want the badge template to be placed (if applicable). For more information about partitions, see "Partition" on page 447. 6 Click Apply. 7 Click the Badge designer tab. 8 To select the size of the access control cards you want to print, click Properties ( 9 In the Format dialog box, select a card size and orientation:
).
).
CR70 CR80 CR90 CR100 To create custom card size, click click OK. , enter the card name, width, and length, and then
Orientation. Select Landscape or Portrait orientation type.
289
10 Click OK.
Once the card size/format has been chosen, you can design the actual printing template. 11 In the Tools section, select a tool, and then click on the template to use it. There are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template. Rectangle tool. Use to draw a square/rectangle on the template. Ellipsis tool. Use to draw circles/ovals on the template. Text tool. Use to insert text on to the template. Image tool. Use to insert a picture on to the template. You can insert cardholder pictures, a background image for the card, and so on. Barcode tool. Use to insert barcodes on to the template.
12 If you added an image to the template, select the image to edit it using the options in the Image and Color and border sections. In the Image section, choose whether the image displayed on the badge uses a cardholder picture or an image from a file, and whether the image should be stretched or not.
Display the cardholders picture. Dynamic cardholder picture that changes, depending on which cardholder credential you are printing. This image field links to the value Cardholder picture in the configuration database.
290
TIP If a cardholders picture was taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you are creating a badge template that has an image in the background.
Select a picture from disk. Static image selected from a file. Fill. Use to modify the fill color of an inserted object like a square or oval. Border. Use to modify the border color of an inserted object. Opacity. Use to modify the opacity of an inserted object. Border thickness. Use to modify the thickness of the inserted objects border
In the Color and border section, you can use the following tools:

13 If you added text to the template, select the text to edit it using the options in the Text section. You can add dynamic cardholder fields, the date and/or time, or type specific text that will be static on the template. You can also edit the text, the text color, and the text alignment. 14 If you added a barcode to the template, right-click the barcode, and then click Properties to edit it. The data on the barcode can be static, or use dynamic credential properties.
15 In the Size and position section, select where the text, image, or barcode is located on the badge, and its width and height. 16 Click Apply. There are also other buttons available to help you edit the template:
Import ( Export ( Cut ( Copy (
). Import a badge template to use. ). Save your badge template. ). Copy the selected item on the badge template.
291
). Delete the selected item on the badge template.
Paste ( ) . Paste the copied item onto the badge template. Send to back ( ). Send the selected item to the background of the badge template.
This is option is helpful if you want to have a background image on the badge.
Bring to front (
). Bring the selected item to the foreground of the badge template.
Here is a sample badge template with objects already inserted:
Two different images have been inserted. One is dynamic, and the other is static:
The dynamic cardholder picture appears on the front of the card.
The static image appears on the back of the card. It is the company logo that is displayed on every card. Three dynamic text fields have been inserted:

{Firstname} {lastname} appears on the front of the card. The text printed will be taken from the configuration database and we will see first name, (space), last name. {Firstname} {lastname} appears on the back of the card. This is the same as the name field on the front except with a smaller font size. {Cardholder.Department} Custom field that was created for the cardholder entity.
A barcode has been inserted, containing dynamic data. It displays the credential name,
using the barcode type Code 39.
292
To see a print preview of what the printed cards will look like using this template: 1 In the Access control task, click the Credentials view. 2 Select the credential that you want to preview with a badge template, and then click the Badge template tab.
293
Testing your configuration
Testing your configuration

One of the more useful tools available to test you configurations, or to use as a troubleshooting tool is the Access troubleshooter. It can be found in the Tools menu of both the Config Tool and Security Desk. The basic access control logic defined by a rule is quite simple: Who can pass through this door, and when? If only one rule and one schedule exists, it is a very simple notion to understand. The challenge is that in a large system, you will start to accumulate multiple schedules (Office hours/ Office closed/Holidays/Weekends/Special events). You might also accumulate multiple areas, and an area can contain multiple sub-areas. Cardholders can belong to multiple cardholder groups. As we accumulate entities and configurations, the basic logic applied at a door can become more difficult to predict. The Access troubleshooter is a tool that allows you to identify a door, a cardholder, and a date/ time. It then runs through the logic determined by the access rule(s), and displays the result. For more information, see "Access troubleshooter" on page 652.
294
11
Managing Synergis
This section explains advanced configuration techniques, and describes how to keep your access control system reliable, protected, and running smoothly. This section includes the following topics:
"Managing global cardholders" on page 296 "Viewing access control health events" on page 308 "Investigating access control unit events" on page 309 "Viewing IO configuration of access control units" on page 310 "Replace access control units" on page 311 "Replacing HID VertX 1000 units with SMC units" on page 312 "Troubleshoot HID discovery and enrollment" on page 314 "Finding out which entities are affected by access rules" on page 317 "Viewing properties of cardholder group members" on page 318 "Viewing credential properties of cardholders" on page 319 "How the Access troubleshooter tool works" on page 320 "Troubleshooting access points" on page 321 "Troubleshooting cardholder access rights" on page 322 "Diagnosing cardholder access rights based on credentials" on page 323 "Finding out who is granted access to doors and elevators" on page 324 "Finding out who is granted/denied access at access points" on page 325 "Troubleshoot door issues" on page 326
295
Managing global cardholders

"What is global cardholder management?" on page 296 "How does global cardholder management work?" on page 296 "Rules and restrictions regarding GCM" on page 301 "Configuring global cardholder management" on page 303 "Operating on global entities" on page 305
What is global cardholder management?

Global cardholder management (GCM) is used to synchronize cardholders between independent Security Center installations. It allows you to have a central repository of cardholder information for your entire organization, whether this information is managed from a central office or by individual regional offices. With global cardholder management, you can:
Create global cardholders from a central location (for example your head office) and
synchronize them at remote Security Center systems that operate independently of the central system and of each other. Allow local Security Center administrators to decide what global cardholders can or cannot access at their local facilities. Allow local Security Center administrators make changes to global cardholders and their related entities, and propagate these changes to other sharing parties. Allow local system administrators keep exclusive ownership of their local cardholders and related entities, while sharing global cardholders with other systems.
Practically speaking, an organization that has multiple Security Center systems deployed at different locations can have these independent installations share information with a centralized human resource management system. Each local office continues to manage the employees working at their local office, such as maintaining the employee profile, photo ID, credentials, etc. For employees that need to travel from site to site, that same information can be shared among all sites within the organization.
How does global cardholder management work?

"Architecture overview" on page 297 "What is the sharing host?" on page 297 "What is the sharing guest?" on page 298
"What is the Global Cardholder Synchronizer?" on page 298 "Differences between Federation and GCM" on page 299 "Differences between Active Directory integration and GCM" on page 300
In order to share cardholders across multiple independent Security Center systems, one of the system must act as the sharing host, while the others act as sharing guests.
What is the sharing host?

The sharing host is the Security Center system you choose to initiate the sharing process. You do this by creating a global partition on that system. All cardholders, cardholder groups, credentials, and badge templates which are members of the global partition automatically become available for sharing. Other types of entities can be part of the global partition, but will not be visible to the sharing guests.
297
The sharing host owns the master copy of the global partition and the entities that are in it. All changes made by the sharing guests to the content of the global partition must first be validated by the sharing host before they are propagated to other sharing parties. The global partition is like a central database, the sharing host is like the database server, while the sharing guests are like the database clients. There is no limit to the number of global partitions a host system can share.
What is the sharing guest?

The sharing guest is a Security Center system that participates in the sharing process. This is achieved by creating a Global Cardholder Synchronizer (GCS) role on that system, and using it to connect the sharing guest to the sharing host. As the sharing guest administrator, you can decide which partitions shared by the host are of interest to your system. The GCS role then creates a copy of the selected shared partitions and entities on your local system. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. The shared entities are visually identified with a green icon ( ) superimposed over the regular entity icon. You can assign local access rules and credentials to global cardholders to grant them access to your local areas, doors, and elevators. You can add, modify, and delete entities from the global partition. However, what you can actually do is dependent on the rights of the user representing the GCS role on the sharing host. All changes made to global entities on the guest system must be validated on the host system. All modifications rejected on the host system are also rejected on your local system.
What is the Global Cardholder Synchronizer?

The Global Cardholder Synchronizer (GCS) is the role running on the sharing guest (the remote system) that ensures the two-way synchronization of the shared cardholders and their related entities between the sharing guest and the sharing host. The host-to-guest synchronization can be performed in three different ways:
In real time. The guest system is updated immediately when changes are made on the host
system.
On demand. The guest system is synchronized only when it is requested by a user. On schedule. The guest system is synchronized on schedule via a scheduled task. For more
information, see "Using scheduled tasks" on page 109. The guest-to-host synchronization is always performed immediately by the GCS role because all changes to the shared partitions must be validated by the host system before they can be accepted by the guest system. The host system processes the change requests on a first come first served basis.
298
Differences between Federation and GCM

The following table highlights the differences between Federation and global cardholder management in their attempts to share cardholders and other information.
Federation (applied to access control) Global Cardholder Management (GCM)
Purpose: Central activity/event monitoring Allows an organization to monitor from a central location (federation host), the access control events and activities at independent remote locations (federated sites). The federation host uses the Security Center Federation role to connect to the remote sites. Entities created at remote sites are federated at the central system. The federation host can observe, but cannot change anything on the remote sites. A federated site has no visibility on what is going on at the federation host or other federated sites. Almost all entities that generate events can be federated (monitored). Custom fields are not federated. A federated cardholder can be granted access to the facility managed by the federation host, but not the reverse.
Purpose: Sharing of a central configuration Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests). The remote sites use the Global Cardholder Synchronizer role to connect to the sharing host. Entities created at the central system are shared at the remote sites. The remote site can add, modify, and delete the entities that are shared by the host with all other remote sites (two-way synchronization). All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of the local entities. Only cardholders, cardholder groups, credentials, and badge templates can be shared. All custom fields and data types are shared. A global cardholder can be granted access to all facilities participating in the sharing.
Best practice: Federation and GCM are best used together on the same system to complement each other. For more information, see "Rules concerning federation and global entities" on page 302.
299
Differences between Active Directory integration and GCM

The following table highlights the differences between Active Directory integration and global cardholder management in their attempts to centralize cardholder information management.
Active Directory integration Global Cardholder Management (GCM)
Purpose: Centralized employee (users and cardholders) security management Allows an organization to manage the employee information from a central location, and share it with a single Security Center system (users and cardholders). The corporate directory service is the information source. Security Center gets the employee information from the corporate directory service. The Security Center system connects to the information source (directory service) via the Active Directory role. Custom fields defined on the Active Directory can be linked to Security Center custom fields. The shared employee information can only be modified on the Active Directory. Only the cardholder picture can be loaded in Security Center and updated on the Active Directory. The source information can only be shared with one Security Center system. If multiple Security Center systems need to share the same information, they need to connect individually to the corporate directory service.
Purpose: Centralized employee (cardholders) security management Allows an organization to manage the cardholder information from a central location, and share it with all Security Center systems within the organization. One Security Center system acts as the information source (sharing host), and shares it with all other Security Center systems within the organization (sharing guests). The sharing guests connect to the information source (sharing host) via the Global Cardholder Synchronizer role. All custom fields and data types are shared. The shared information can be modified by all sharing parties. The sharing host validates and propagates the changes to all sharing parties. The central Security Center system can share the cardholder information with as many satellite Security Center systems as necessary.
Best practice: Active Directory integration and GCM are best used in tandem. The sharing host should be the only system that integrates with the Active Directory. This solution keeps the Active Directory protected on the corporate LAN, while the sharing host only pushes the employee information that need to be shared to the satellite systems.
300
Rules and restrictions regarding GCM

Global cardholder management is governed by the following sets of rules:
"Rules concerning local and global partitions" on page 301 "Rules concerning local and global entities" on page 301 "Rules concerning global custom fields and data types" on page 302 "Rules concerning federation and global entities" on page 302 "Rules concerning Active Directory and global entities" on page 303
Rules concerning local and global partitions
A sharing guest cannot have more than one host.

Only one instance of the GCS role is allowed per system.
A global partition cannot be modified on a sharing guest, but its members can.
What the sharing guest is actually allowed to modify is subject to the privileges of user assigned to the GCS role.
No system is allowed to share what it does not own. Two-tier sharing is not permitted.
A corollary to this rule is that a local partition cannot be converted into a global partition if it contains global entities, unless it is performed on the host system.
Adding a local entity to a global partition transfers the ownership of that entity from its
local owner (sharing guest) to the partition owner (sharing host). Deleting a global entity on a sharing guest also deletes it on the sharing host, unless that entity also belongs to another global partition, in which case, only its membership is removed from the first partition.
Rules concerning local and global entities
An entity is global by virtue of its membership to a global partition.

This means that a cardholder does not automatically become global simply because its parent cardholder group is global.
Local access rules can apply to local and global cardholders alike.
Access rules are never shared. This ensures that local administrators always have full control over the security of their local facilities.
Global cardholders/groups can become members of local cardholder groups. Local cardholders/groups cannot become members of global cardholder groups.
An exception to this rule is when both entities belong to the same system. In this case, the local cardholder would not be shared, although the cardholder group is.
Both global and local credentials can be assigned to global cardholders. Global credentials cannot be assigned to local cardholders.
Global credentials using custom card formats can be used and edited on the sharing guest.
However, the credential data would only be visible if the corresponding custom card format (XML file) is also defined on the sharing guest. For more information, see "Custom card format editor" on page 670. Best practice: It is always recommended to apply access rules to cardholder groups rather than individual cardholders. For this reason, it is recommended to share the cardholders along with their parent cardholder groups. If this is not feasible for any reason, then we recommend that you create a local cardholder group for the global cardholders.
Rules concerning global custom fields and data types
Custom fields and data types defined for global entities are automatically shared when the Global and local custom fields remain separate even when they use the same name. They
are differentiated by their owner, which is the system that defines them. Global data types cannot be used to define local custom fields. Global entities custom field values can be modified on sharing guests. Global custom fields also apply to local entities, but their values stay local. Local custom fields also apply to global entities, but their values stay local. When a guest system stops sharing a global partition, all local copies of the shared global entities, and the local entities global custom field values are deleted. global entities are shared. Global custom field and data type definitions cannot be modified on the sharing guest.
Best practice: If you are to implement GCM within your organization, we recommended that you define all custom fields and data types for global entities on the sharing host.
Rules concerning federation and global entities
If a sharing host also federates its sharing guest, only the local entities belonging to the
sharing guest are federated. The entities that are shared will not be federated on the sharing host. The sharing host which also happens to be a federation host should not share the entities it federates by adding them to a global partition because it does not own the federated entities. An entity can only be shared by its rightful owner. For the federated entities to become shared, the federated system has to become a sharing guest of the federation host. This will give the federation host the rights to share any of the federated entities.
A sharing guest which happens to federate a third system cannot share its federated entities
with the sharing host because it is not the owner of the federated entities. If a sharing guest is federated by another system, both its local and global entities will appear as federated entities on the federation host. For more information, see "Identification of federated entities" on page 128.
Rules concerning Active Directory and global entities
Cardholders and cardholder groups imported from an Active Directory can be added to a
global partition on the sharing host.
Cardholders and cardholder groups imported from an Active Directory that is local to the
sharing guest cannot be added to a global partition because the Active Directory and the sharing host cannot both be owners of the shared cardholders. Global cardholders and cardholder groups imported from an Active Directory must only be modified via the directory service that owns them.
CAUTION Although it is possible to modify global cardholders and cardholder groups imported from an Active Directory on the sharing guest, these changes are temporary. You will lose the changes you made when the sharing host synchronizes with the Active Directory.
Best practice: If all cardholder data entry must be centralized, the system that imports cardholders from your corporate Active Directory should act as the sharing host, and all modifications must be made using the directory service. For more information, see "Importing cardholders from an Active Directory" on page 284.
Configuring global cardholder management

"Global cardholder management setup prerequisites" on page 303 "Global cardholder management setup procedure" on page 304 "Configure a partition for sharing" on page 304 "Configure the Global Cardholder Synchronizer" on page 304
Global cardholder management setup prerequisites
Decide which Security Center system is going to be your sharing host.

It is typically the system running at your head office or the system that is synchronized with your corporate Active Directory. For more information, see "Differences between Active Directory integration and GCM" on page 300.
If the sharing host is protected behind a firewall, you need to open a port to allow the GCS
role to connect to the host system. For more information, see "Common communication ports" on page 777. Decide what types of updates the users on the guest systems are allowed to perform on the shared global partitions. You can limit their range of actions by restricting the privileges of the user representing the GCS roles on the host system.
303
Global cardholder management setup procedure

Before you begin: Read "Rules and restrictions regarding GCM" on page 301, and "Global cardholder management setup prerequisites" on page 303. 1 On the sharing host, create a global partition or change the status of a local partition to global. Create as many global partitions as necessary. For more information, see "Configure a partition for sharing" on page 304. 2 Create a user with the proper level of administrative privileges over the shared entities to be used to connect the GCS roles to the host system. You might have to create more than one user accounts if the sharing guests have different update requirements. For more information, see "Defining users" on page 93. 3 On the sharing guest: a Create a GSC role and synchronize the sharing guest with the sharing host. For more information, see "Configure the Global Cardholder Synchronizer" on page 304. b Assign local users and partition managers to shared partitions ( c Apply local access rules to shared cardholders ( ). ).
) and cardholder groups (
d (Optional) Custom card formats are not shared. If you have shared credentials that use custom card formats, the credentials will work on your local system, but you will not be able to view the card data fields unless the custom card format in use is also defined on your local system. For more information, see "Custom card format editor" on page 670. e (Optional) Create a scheduled task to synchronize periodically your local system to the host. For more information, see "Using scheduled tasks" on page 109. 4 Repeat Step 3 for every sharing guest you have.
Configure a partition for sharing

Entity sharing is initiated on the sharing host by setting a partition as global. Before you begin: You cannot share the Public partition. 1 From the Home page in Config Tool, open the Security task. 2 CLick the Partitions view, and select the partition you want to share. 3 CLick the Properties tab, and switch the Global partition option to ON. The partition is now visible to all GCS roles connected to this system. Only cardholders, cardholder groups, credentials, and badge templates are shared.
Configure the Global Cardholder Synchronizer

You must create and configure the Global Cardholder Synchronizer (GCS) role to connect your local system to the sharing host. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and click Add an entity (
) > Global Cardholder Synchronizer.

304
3 In the Specific info page, enter the following parameters, and click Next.
Server. Server where this role will be hosted. Directory. Sharing hosts main server name. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888. Username and Password. Credentials used to connect to the sharing host. The extent of what the sharing guest can do on the global partition will be limited by what this user can see and do on the sharing host. The user must have the Global Cardholder Synchronizer privilege on the sharing host in order to connect.
Synchronize automatically. Select this option to have the GCS to update the guest system immediately, every time a change is made on the host. We recommend to leave this option cleared (default) if you plan to make massive updates on the host.
4 In the Basic information page, enter the name, description, and partition where the GCS role should be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Global Cardholder Synchronizer ( to connect to the sharing host. 6 Click the Properties tab. The partitions shared by the host are listed under Global partitions. For more information, see "Properties" on page 558. 7 Select the partitions you want your local system to share and click Apply. 8 Click Synchronize now ( ). The GCS role will create a local copy of all shared entities on your system. This might take a while depending on how many entities you are sharing. After you are done: Configure the global entities you shared so they can be used on your local system. Also, consider setting the GCS role to synchronize automatically or to synchronize on a schedule. For more information, see "Using scheduled tasks" on page 109. ) role is created. Wait a few seconds for the role
Operating on global entities

A global entity is an entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. This section includes the following topics:
"Start sharing an entity" on page 306 "Stop sharing an entity" on page 306 "Override the cardholder synchronization" on page 307
Start sharing an entity

You share an entity by adding it to a global partition. This can be done from both the sharing host or the sharing guest. You can also create a new entity directly in a global partition. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab, and under the Members section, click Add ( ). 4 In the Search dialog box that appears, pick the entity you want to share, and click Select. On the sharing guest, only cardholders, cardholder groups, credentials, and badge templates can be added to a global partition. 5 In the confirmation dialog box that appears, click Continue. On the sharing host, the effect of this action is immediately visible. On a sharing guest, the newly shared entity will not appear until after a synchronization is performed, unless the GCS role is configured for automatic synchronization.
Stop sharing an entity

You stop sharing an entity by removing it from its global partition. This can be done from both the sharing host or the sharing guest.
CAUTION Removing a shared entity from a global partition deletes it from all other systems that
might be sharing it, even from the sharing host. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab. 4 In the Members section, select the entity you want to stop sharing, and click Remove ( 5 To confirm the action, click Remove. If this action is performed on a sharing guest, the entity is converted from a global to local entity. After you are done: Move the local entity to a local partition if it does not belong to any, so non administrative users can have access to it. ).
306
Override the cardholder synchronization

When the connection between the GCS role and the sharing host is lost, all global entities at the sharing guest become inactive (red). This means that you can no longer make any changes to them because they cannot be validated by the sharing host. If for any reason, you urgently need to deactivate a cardholder, for instance, an employee has just been fired, you can temporarily override the synchronization. 1 From the Home page Config Tool, open the Access control task. 2 Click the Cardholders view, and select the global cardholder you need to deactivate. 3 Click the Properties tab, and switch the Status option to Override. The cardholder icon changes to properties. . You are now free to change the cardholders status
4 Make the necessary changes and click Apply. After you are done: Remember to turn the synchronization back on when the connection with the sharing host is re-established.
307
Viewing access control health events
Viewing access control health events

You can view health events related to access control entities, using the Access control health history report. What you should know This report is similar to the Health history report, but the query only includes access control entities. The access control entities that can produce health events include access control units, doors, areas, and elevators. To search for access control health events: 1 From the Home page, open the Access control health history task. 2 Generate your report (see "Generate a report" on page 30). The access control health events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
308
Investigating access control unit events
Investigating access control unit events

You can investigate events related to access control units, using the Access control unit events report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To investigate access control unit events: 1 From the Home page, open the Access control unit events task. 2 Generate your report (see "Generate a report" on page 30). The access control unit events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
EXAMPLE If you want to see if any critical events happened relating to access control units in
the last week (for example, Hardware tamper), you can search for that event, and set a time range.
309
Viewing IO configuration of access control units
Viewing IO configuration of access control units

You can view the IO configurations (controlled access points, doors, and elevators) of access control units, using the IO configuration report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To view the IO configuration of an access control unit: 1 From the Home page, open the IO configuration task. 2 Generate your report (see "Generate a report" on page 30). The input and output configurations of the selected access control units are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
EXAMPLE You can search a for a specific door, and see how the access through each door side
is configured (REX, readers, IO modules, and so on).
310
Replace access control units
Replace access control units

If an access control unit fails and is offline in Security Center ( ), you can replace the unit with a compatible one. This process copies the configuration settings, associations to doors, elevators, and zones, and event logs from the old unit, so you do not have to configure the new one. Before you begin: The new access control unit must be the same brand and model as the old one, or you will receive the following error message: Units extension does not match. 1 Add a new access control unit to the Access Manager controlling the old unit. For information about adding an access control unit, see "Adding access control units to your system" on page 261. 2 Temporarily deactivate the Access Manager. a In the Access control task, select the Access Manager. b In the Contextual commands toolbar, click Deactivate role ( c In the confirmation dialog box that opens, click Continue. The Access Manager and all the access control units controlled by the role turn red. 3 Click the Home tab, and then click Tools > Unit replacement tool. 4 In the Unit type option, select Access control units. 5 Select the Old and the New access control units. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 6 Click Swap. The configuration settings of the old access control unit are copied to the new one. 7 Click the Access control task, and select the new unit. 8 Verify that the configuration settings are all correct. 9 In the Logical view, right-click the old unit, and click Delete ( 10 In the confirmation dialog box that opens, click Continue. 11 Right-click the Access Manager, and click Activate role ( ). ). ).
311
Replacing HID VertX 1000 units with SMC units

You can replace an HID VertX 1000 access control unit with a Synergis Master Controller (SMC) unit. What you should know This procedure copies the configuration settings and associations to doors and zones from the V1000 to the SMC unit, so you do not have to configure the SMC unit.
NOTES
The access control unit events logged in the Access Manager from the V1000 are not copied.
The events remain in the database, but you cannot search for them using the SMC unit. The following V1000 inputs and outputs are not cpoied to the SMC unit: V1000 - AC Fail, V1000 - Bat Fail, V1000 - Input 1, V1000 - Input 2, V1000 - Relay 1, and V1000 - Relay 2.
Before you begin Do the following: 1 Backup the Directory database from the Server Admin (see "Back up your role database" on page 57). 2 Physically disconnect the V1000 unit, and make sure it is offline in Security Center ( 3 Assemble and install the SMC and its hardware components. For information, see the Synergis Master Controller Hardware Installation Guide.
IMPORTANT You must set up the SMC with same interface modules that you disconnected from the V1000, or you will not be able to replace the V1000 with that SMC unit in Security Center.
).
4 Configure the SMC unit, and add it in Security Center. For more information, see the Synergis Master Controller Configuration Guide. To replace a VertX 1000 unit with an SMC unit: 1 From the Home page in Config Tool, click Tools > V1000 - SMC. 2 In the Connection dialog box, type your Security Center Username and Password, and then click Connect. 3 From the Offline V1000 units drop-down list in the Mapping tool, select the offline V1000 unit. 4 From the Available SMC units drop-down list, select the SMC unit to replace the old unit with.
NOTE The SMC unit is only available in the list if it is configured with the same number of interface modules as the V1000.
The ports used by the V1000 and SMC unit are listed in the Channel section, and the interface modules connected to those ports are listed below.
312
5 If the interface modules are not pointing to the correct SMC ports, you must manually map the ports in the Channel section as follows: a For the interface modules that were previously connected to port A on the V1000, type the SMC port they are physically connected to (A-D). b Repeat Step a for the interface modules that were previously connected to port B on the V1000. 6 Click Apply. The V1000 configuration settings are copied to the SMC unit. 7 Click Close. 8 Remove the V1000 unit from Security Center as follows: a From the Home page open the Access control task. b Click the Roles and units tab, and then select the offline V1000 unit. c From the bottom of the Config Tool window, click Delete ( ).
313
Troubleshoot HID discovery and enrollment

The following section discusses the troubleshooting tips for HID units. This section includes the following topics:
"Common discovery and enrollment issues" on page 314 "HID unit cannot be found with the discovery tool" on page 315 "HID unit enrollment issues" on page 315
Common discovery and enrollment issues

Best practice: Use the following best practices to resolve HID unit issues common to discovery and enrollment.
Are the computers on which the Config Tool and Access Manager are running, behind a
firewall? Ports 4050 TCP and 4070 UDP must be unblocked. Has the HID VertX device extension been added to the Access Manager in the Server Admin? For more information, see "Extensions" on page 513. Has the HID extension properly loaded in the Access Manager? To validate: a Open console session to the Access Manager. Open a web browser and go to the URL http://(server name or IP)/Genetec/console
NOTE If you cannot connect to the console ensure that console access is enabled in the Server Admin, under the Genetec Server tab.
b Click the Commands tab at the top of the page. c Under the column User Commands on the left, expand Access Manager and click Status. d A status query will be sent to the Access Manager and the response will contain the extensions that are loaded. e Ensure that the following line is shown in the status results: HID VertX:4070 = X units.
Is the unit set to a static IP address? If so, then the DNS must also be set, otherwise the unit
might have issues enrolling or connecting. In the HID Configuration GUI, set the primary and secondary DNS to the appropriate values. If you do not know your networks DNS, set the units own IP address as the primary and secondary DNS server. To access the HID Configuration GUI, point a browser to the units IP address. Ensure no other application is blocking port 4070, 4050, and 20. Stop the Access Manager, and at the Microsoft Windows command prompt, run netstat -na.
To open Command Prompt:
Click Start, click Run, type cmd, and then click OK.
314
HID unit cannot be found with the discovery tool

Best practice: Use the following best practices to resolve HID unit discovery issues.
Is the Host Name in the Advanced Setup of HID VertX web page not set or has more than
15 characters? If so, the unit cannot be discovered. Is the unit on the same network subnet as the PC on which the Config Tool is running? Discovery will only work within the same broadcast domain. Ensure no other application is already listening on ports 4070 and 4050. At the Microsoft Windows command prompt, run netstat -na. To open Command Prompt, click Start, click Run, type cmd, and then click OK. Ensure the firmware of the unit is up to date.
HID unit enrollment issues

Symptoms of enrollment issues include:
Unit cannot be enrolled. Unit is enrolled but its icon remains red. Unit connects and disconnects continuously. Unit begins enrolling and fails at 67%
Best practice: Use the following best practices to resolve HID unit enrollment issues.
Can you ping (check connectivity) and telnet (check credential) the unit from the machine
running the Access Manager? Proceed as follows: a Ping the unit. At the Microsoft Windows command prompt, run ping w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type ping w.x.y.z, and then click OK. A report is generated. It should show that no packets were lost. b Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z. Login to the unit. If the login is successful, there is connectivity to the unit. Is the unit on the same network subnet as the PC on which the Access Manager is running? If not, you can enroll this unit manually as long as you know its IP address. (The unit must be set to use a static IP address.) For more information, see "Add an HID unit manually" on page 262. Is the unit firmware up to date? Is the interface board firmware up to date? The required firmware version is shown in the Security Center Release Notes. Verify the network card binding and database configuration for the Access Manager is correctly set. For more information, see "Configuring the Access Manager role" on page 260 and "Access Manager" on page 511. Is the Access Manager behind a NAT? If so you must specify the translated host address for the Access Manager. For more information, see "Add an HID unit manually" on page 262.
315
Verify that no other Access Manager is currently connected to the HID unit.
i Stop your Access Manager. (Config Tool > Role View > Deactivate) ii Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type telnet w.x.y.z, and then click OK. iii Login to the unit. (Default: user=root / password =pass) iv At the prompt, type netstat -na. A list of network connections is shown. There should be no one connected to port 4050.
Verify that any HID units (and connected interfaces) are wired to not generate tamper or
door held open alarms, access granted or access denied events. Tamper and door held open alarms will trigger repeatedly. Upon connection, any such alarms and events have to be downloaded from the unit which can slow-down the enrollment process. Symptoms of this is the unit is difficult to enroll, the unit connects and disconnects, or the unit beeps. The last solution is to upgrade the units firmware. Refer to the Security Center Release notes for a list of supported firmware versions or, contact Genetec Technical Assistance. For more information, see "Technical support" on page 869.
316
Finding out which entities are affected by access rules
Finding out which entities are affected by access rules

You can find out which entities and access points are affected by a given access rule, using the Access rule configuration report. What you should know In the report results, you can see the members of the access rule, such as the cardholders, doors, and the associated schedule. This helps you determine if you must add or remove entities, or adjust the schedule. For more information about modifying the members of an access rule, see "Configuring access rules" on page 281. To find out which entities are affected by an access rule: 1 From the Home page, open the Access rule configuration task. 2 In the Query tab, select the access rule to investigate. For more information, see "Searching for tasks and entities" on page 42. 3 In the Expand cardholder groups option, select Enable to list the members of the affected cardholder groups in the report instead of the cardholder groups themselves. 4 In the Include perimeter entities option, select Enable to include the perimeter entities of the affected areas in the report. 5 Click Generate report. The entities and access points affected by this access rule are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
317
Viewing properties of cardholder group members
Viewing properties of cardholder group members

You can find out the members of a cardholder group, and view any associated cardholder properties (first name, last name, picture, status, custom properties, and so on) of the cardholders, using the Cardholder configuration task. What you should know You can search for a specific cardholder group to see which cardholders are members of that group. You also can search for expired or inactive cardholders so see if there are any in your system. To view the properties of cardholder group members: 1 From the Home page, open the Cardholder configuration task. 2 Generate your report (see "Generate a report" on page 30). The cardholders that are members of the selected cardholder groups are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click .
318
Viewing credential properties of cardholders
Viewing credential properties of cardholders

You can view credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on) of cardholders, using the Credential configuration report. To view the credential properties of a cardholder: 1 From the Home page, open the Credential configuration task. 2 Generate your report (see "Generate a report" on page 30). The credential properties the selected cardholder are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click .
EXAMPLE If you requested a credential for a cardholder, and want to see if it was activated, you can search for that cardholder. The Credential status column indicates if the credential is in the Requested or Active state. You can also see if there are any credentials currently listed as lost or stolen.
319
How the Access troubleshooter tool works
How the Access troubleshooter tool works

You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:
Find out who has the right to pass through an access point at a given date and time. Find out which access points a cardholder is allowed to use at a given date and time. Find out why a given cardholder can, or cannot use an access point at a given date and time.
The Access troubleshooter is most accurate when examining an event that just occurred. When using the troubleshooter to investigate a past event (denied access, for example), keep in mind that the configurations might have changed since the event occurred. The troubleshooter does not take past settings into consideration. It only evaluates a situation based on the current settings.
320
Troubleshooting access points
Troubleshooting access points

You can find out who has the right to pass through a door side (or elevator floor) at a given date and time, using the Door troubleshooter tab in the Access troubleshooter tool. What you should know The door troubleshooter does not examine each cardholders credentials. You can further diagnose the cardholders access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot an access point: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Door troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the access point that you want the troubleshooter to examine:
If you select a door, specify a door side. If you select an elevator, specify a floor.
5 Click Go. The active cardholders who have the rights to use the selected access point at the specified time, based on the current access rules, are listed.
321
Troubleshooting cardholder access rights
Troubleshooting cardholder access rights

You can find out which access points a cardholder is allowed to use at a given date and time, using the Cardholder troubleshooter tab in the Access troubleshooter tool. What you should know The cardholder troubleshooter does not examine each cardholders credentials. You can further diagnose the cardholders access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot a cardholders access rights: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Cardholder troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the cardholder that you want the troubleshooter to examine. Instead of a cardholder, you can also select a credential or a visitor.
NOTE The entities that are currently inactive are greyed out.
5 Click Go. The access points that the selected cardholder (or visitor) has the right to use at the specified time, based on the current access rules, are listed.
322
Diagnosing cardholder access rights based on credentials
Diagnosing cardholder access rights based on credentials

You can diagnose why a cardholder with a given credential can, or cannot access a given door or elevator, at a given date and time, using the Access diagnosis tab in the Access troubleshooter tool. To diagnose a cardholders access rights based on their credential: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Access diagnosis tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. 4 Select the cardholder you want to examine. Instead of a cardholder, you can also select a credential or a visitor. 5 If the selected cardholder has more than one credential, specify the one you want to examine. 6 Select an access point to examine.
If you select a door, specify a door side. If you select an elevator, specify a floor.
7 Click Go. The troubleshooter produces a diagnosis based on the current system configuration, taking into consideration the access rules, and both the cardholders and the credentials activation and expiration dates.
323
Finding out who is granted access to doors and elevators
Finding out who is granted access to doors and elevators

You can verify which cardholders are granted access to a particular door side or elevator floor at a specific date and time, using the Door troubleshooter report. What you should know This report is helpful, because it allows you to see what the configuration of a door or elevator is, and determine if their properties must be adjusted. For more information about troubleshooting your access control configurations, see "Troubleshooting access points" on page 321. For more information about modifying the properties of a door or elevator, see "Configuring doors" on page 268 and "Configuring elevators" on page 274. To find out who is granted access to a door or elevator: 1 From the Home page, open the Door troubleshooter task. 2 In the Query tab, select a date and time range for the report. 3 Select a door or elevator you want to investigate. For more information, see "Searching for tasks and entities" on page 42. 4 From the Access point drop-down list, select the access point (door side or elevator floor) you want to verify. 5 Click Generate report. All cardholders who can go through the selected access point at the specified time are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
324
Finding out who is granted/denied access at access points
Finding out who is granted/denied access at access points

You can find out which cardholders are currently granted or denied access to selected areas, doors, and elevators, using the Cardholder access rights report. What you should know This report is helpful, because it allows you to see where a cardholder can go, and when, and determine if their access rule properties must be adjusted. For information about modifying a cardholders access rights, see Assigning access rules to cardholders in the Security Desk User Guide.
TIP Perform your query on one access point at a time, so your report is more specific.
To find out who is granted/denied access at an access point: 1 From the Home page, open the Cardholder access rights task. 2 Generate your report (see "Generate a report" on page 30). The cardholders associated with the selected access point through an access rule are listed in the report pane. The results indicate if the cardholder is granted or denied access, and by which access rule. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click .
325
Troubleshoot door issues

The following section discusses the troubleshooting tips for doors. This section includes the following topics:
"Request to exit events" on page 326 "Credential issues" on page 326 "Resolution of reader issues" on page 327
Request to exit events

Issue: The logs for a door shows far too many request to exit events for the actual amount of door activity. Description: Sometimes a request to exit event is triggered when people are entering an area. This door is equipped with an automatic request to exit device (based on a motion detection sensor). Solution: Depending on the quality of the automatic request to exit device and how it is installed, the device will trigger on any activity near the door. The Security Center has filters in the Door, Properties tab that you can configure to reduce the number of false request to exit events.
For more information, see "Properties" on page 405.
Credential issues
Issue: A credential does not work at a door or elevator, and the reason is unclear. Description: For a credential to be granted access at a given door side or to an elevator floor, a number of conditions have to be met. For example:
The credentials profile must be enabled The credential must be associated to a cardholder The cardholders profile must be enabled
326
There must be at least one access rule that specifically grants access for that cardholder or
the cardholders cardholder group. If these settings are not correct, access will be denied. Solution: The easiest way to determine what is the reason for denied access is to use the Access troubleshooter. For more information, see "Access troubleshooter" on page 652.
Resolution of reader issues

Best practice: Use the following best practices to resolve reader issues.
Ensure you are using the right type of card technology for the reader. For example, some Is the reader installed too close to another one? Readers emit an electromagnetic field that
can interfere with other readers located nearby. Test this by disconnecting the power to one reader and see if the other reader starts to operate correctly. Are you using the proper cable for the reader (see the reader and unit documentation for the maximum cable length and type)? Test this by connecting a spare reader directly to the unit with a short cable. If it works, change the cable. readers are multi-technology (can read 125 kHz and 13.56 MHz cards), other readers can read only one card type. Is the card defective? Try another card.
327
Part V
AutoVu IP license plate recognition
Learn how to set up, configure, and manage your AutoVu system in Security Center. This part includes the following chapters: Chapter 12, Deploying AutoVu on page 329
12
Deploying AutoVu
AutoVu deployment is explained in a separate document, the AutoVu Handbook. Click the link below to open the most recent version of the AutoVu Handbook: http://downloads.genetec.com/SecurityCenter/5.2/SLA/AutoVu/EN.AutoVu Handbook 5.2 LA.pdf
Why have a separate document for AutoVu?

Although you configure many AutoVu settings from Security Center Config Tool, to fully deploy an AutoVu system, youll need to configure settings in multiple applications. For example, if youre deploying a mobile AutoVu system, youll need to configure settings in Security Center Config Tool, Patroller Config Tool, and the Sharp Portal. AutoVu deployment also includes a hardware installation process. For example, to install a SharpX camera on a vehicle, you might be required to drill into the vehicles roof, remove the vehicles headliner, and so on. The purpose of the AutoVu Handbook is to provide you with a complete source of information about how to install and configure an AutoVu system. It explains everything from installing the hardware, to installing the Patroller application, to configuring the Sharp unit software. Youll still need to refer to the Security Center Administrator Guide from time to time, because the AutoVu Handbook does not explain how to administer your Security Center system. For example, for information on how to manage partitions, databases, users and user groups, and so on, youll need to refer to the Security Center Administrator Guide.
329
Part VI
Config Tool reference
Learn about the entities, role types, tools, and utilities used in Config Tool. This part includes the following chapters: Chapter 13, Entity types on page 331 Chapter 14, Role types on page 510 Chapter 15, Administration tasks on page 611 Chapter 16, Tools and utilities on page 650 Chapter 17, User privileges on page 694 Chapter 18, Reporting task reference on page 711 Chapter 19, Events and actions in Security Center on page 744 Chapter 19, Keyboard shortcuts in Config Tool on page 764
13
Entity types
This section lists all Security Center entity types in alphabetical order. Each entity type is covered with a general description of its purpose and usage. The sub-sections describe each entity types configuration tabs and the settings they contain. This section includes the following topics:
"Common configuration tabs" on page 332 "Access control unit" on page 337 "Access rule" on page 349 "Alarm" on page 351 "Analog monitor" on page 357 "Area" on page 360 "Badge template" on page 365 "Camera (video encoder)" on page 368 "Camera sequence" on page 393 "Cardholder" on page 395 "Cardholder group" on page 398 "Cash register" on page 400 "Credential" on page 401 "Door" on page 404 "Elevator" on page 410 "Hotlist" on page 414 "Intrusion detection area" on page 421 "Intrusion detection unit" on page 423 "LPR unit" on page 426 "Macro" on page 429
"Monitor group" on page 432 "Network" on page 434 "Output behavior" on page 437 "Overtime rule" on page 439 "Parking facility" on page 444 "Partition" on page 447 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457 "Public task" on page 461 "Role" on page 462 "Schedule" on page 463 "Scheduled task" on page 469 "Server" on page 471 "Tile plugin" on page 480 "User" on page 482 "User group" on page 489 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
331
Common configuration tabs

Some of the configuration tabs are commonly used by the majority of Security Center entities. The following tabs are covered in this section:
Identity Cameras Custom fields Location Name, description, logical ID, and relationships of the selected entity with other entities in the system. Cameras associated to the selected entity. Custom fields for the selected entity. Time zone and geographical location for the selected entity.
Identity
The Identity tab provides descriptive information on the entity and lets you jump to the configuration page of related entities. The sample screen shot below is that of a camera entity.
332
Standard information
All entity types share the following standard attributes:
Type. Entity type. Name. Entitys given name. The entity name is editable, except in the following cases:
Server entities. The entity name corresponds to the machine name and cannot be changed.
Logical ID. Logical IDs are unique numbers assigned to entities for ease of reference in the
system (mainly for CCTV keyboard operations).
Federated entities. The entity name belongs to the original system and cannot be changed on the federation. Description. Optional descriptive text.
NOTE A logical ID must be unique across all entities of the same group. Entity types that are likely to be referenced within the same context are put in the same group. For example, cameras and public tasks belong to the same functional group, therefore, a camera and a public task may not have the same logical ID, but a camera and a camera sequence may. TIP You can view and edit the logical IDs of all entities in the system from one place. For more information, see System General settings "Logical ID" on page 625 in the Security Center Administrator Guide.
Relationships. List of relationships between this entity and other entities on the system.
You can use the command buttons found at the bottom of the relationship list to manage the relationships of this entity with other entities in the system.
Select a relationship group, and click Select a related entity, and click Select a related entity, and click
to add a new relationship.
to remove the relationship. to jump to its configuration page.
Specific information
Certain entity types may show additional information in this tab. For example, see Video unit "Identity" on page 495.
333
Cameras
The Cameras tab allows you to associate cameras to the entity so that when it is viewed in Security Desk, the cameras are displayed instead of the entity icon. The sample screen shot below is that of a virtual zone entity.
From this tab you can perform the following actions:
To add a camera, click . To remove the selected camera, click
334
Custom fields
The Custom fields tab lets you view and modify the custom fields defined for this entity. The sample screen shot below is that of a cardholder entity.
In the above example, five custom fields have been defined for the cardholder entity, separated in two groups:
Employee information
Hire date Department Office extension Gender Home number Cellphone number (flagged as mandatory)
Personal information

For information on defining custom fields, see System General settings "Custom fields" on page 619.
335
Location
The Location tab provides information regarding the time zone and the geographical location of the entity. The sample screen shot below is that of a video unit entity.
Time zone
The time zone is used to display the entity events in the entitys local time zone. In Security Center, all times are stored in UTC in the databases, but are displayed according to the local time zone of the entities. The local time of the entity is displayed below the time zone selection.
Location
The geographical location (latitude, longitude) of the entity has several different uses:
For video units, it is used for the automatic calculation of the time the sun rises and sets on
a given date. A typical application is for the system to record video only during daytime (for cameras placed outside), or to adjust the brightness of the camera based on daytime and nighttime. For more information, see "Schedule" on page 463. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated to the LPR unit on the map in Security Desk. For more information, see Hits and Reads investigation tasks in the Genetec Security Desk User Guide.
For more information, see "Using geographical locations" on page 40.
336
Access control unit
Access control unit

The access control unit entity represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. For SMC, the interface modules can come from various manufacturers. For more information, see the documentation on Synergis Master Controller that is available from the GTAP Documents page. System: Synergis IP access control Task: Access control Roles and units
Identity Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties (SMC) Connection settings and other parameters that cannot be configured using the SMC portal. Properties (HID) Portal (SMC) Network (HID) Peripherals Health Synchronization Custom fields Location Specific information about the HID unit and configuration of its subpanels. Connection to the web configuration interface (Controller Portal) of the SMC unit. Connection parameters used by the Access Manager to communicate with the HID unit. Configuration of the IO pins according to the features supported by the hardware. Applies to both SMC and HID units. Units health status. Applies to both SMC and HID units. Synchronization mode and command button allowing you to synchronize this unit with its Access Manager. Applies to both SMC and HID units. Custom field values for this unit. Time zone and geographical location of this unit.
Related topics:
"Access Manager" on page 511 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
337
Access control unit
Properties (SMC)
The SMC units Properties tab allows you to update the connection parameters after the unit has been discovered, such as the logon credentials.
Connection settings
The connection settings are correctly initialized at the time the SMC unit is enrolled in your system. Do not change these settings unless you changed them on the SMC using Controller Portal after the unit has been enrolled, or a Genetec representative instructs you to do so.
Web address. Web address for contacting Controller Portal. Username/Password. Logon username and password. Using DHCP. Do not change this parameter unless asked by a Genetec Technical Support
representative. This parameter is reset every time the Access Manager reconnects to the SMC unit.
Ignore web proxy. Select this option to instruct the Access Manager to ignore the Proxy
Server settings on the server currently hosting the role. Clear this option to instruct the Access Manager to follow the Proxy Server settings. (Default=cleared).
NOTE For an HID unit, the equivalent settings are found in the Network tab (see "Network
(HID)" on page 344).
338
Access control unit
Discovered properties
Current settings returned by the SMC units. Click Upgrade to upgrade the SMC firmware. It is equivalent to the Firmware upgrade function found in the SMC Portal. See "Check and upgrade the SMC firmware" in the Synergis Master Controller Configuration Guide.
General settings
The following settings cannot be set through the SMC Portal. The settings here are pushed from Security Center to SMC during unit synchronization.
Mixed mode. Clear this option to set the SMC to operate in online mode (Default=mixed
mode).
NOTE If the connection to Access Manager is lost while in online mode, SMC will revert back to mixed mode.
339
Access control unit
Properties (HID)
The Properties tab for HID shows specific information about the HID unit and allows you to configure its inputs, outputs, and subpanels (V100, V200, V300 if connected).
Unit information
This section shows the firmware version, model name, and serial number of the unit.
General settings
Mixed mode. HID units always operate in mixed mode. Monitor AC Fail. The AC fail input is being used to monitor AC failures or some other
general purpose.
Monitor battery fail. The Battery fail input is being used to monitor the backup battery or
some other general purpose.
Additional settings
In this section, you configure the units inputs and outputs according to how they are used.
Program version. The interface firmware revision number. EEPROM version. The interface EEPROM revision number.
Access control unit
Door behavior. This must be set to match the doors configuration:
Set Card-in / Card-out if the door has two readers; Wire the door lock to the Strike Relay (Out 1) output and wire all door hardware to the Reader 1 side of the unit. The Strike Relay (Out 3) is available for any other use (for example, for a zone). Set Card-in / REX-out if the door has one reader on one side, and a REX on the other side. In this case, the unit can control two such doors:
Wire the first door with Reader 1 side of the unit and use Strike Relay (Out 1) to control the door lock. Wire the second door with Reader 2 side of the unit and use Strike Relay (Out 3) to control the door lock.
With an Edge device unit, this option is unavailable (it is Card-in / REX-out).
NOTE This configuration must correspond to the hardware assignments you make for the
door configuration. For more information, see "Hardware" on page 408.
Debounce. The amount of time an input can be in a changed state (for example, from active
to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).
Contact type / Supervision mode. Sets the normal state of the input contact and its
supervision mode. There are four preset configurations, and a custom one:
Preset: Normally closed / Not supervised. Preset: Normally open / Not supervised. Preset: Normally closed / 4-state supervised. Preset: Normally open / 4-state supervised. Custom. Allows you to set your custom range of values for Active and Normal input states.
341
Access control unit
Minimum time (Action). Applies when the relay is being used as part of a zone (either
hardware or virtual). It establishes the minimum number of seconds the relay stays close when triggered by an event (for example Request to exit).
Minimum time (Access grant). Applies when the relay is actually being used to control a
locking device. The normal configuration is to open the lock when access is granted and to close the lock immediately after the door opens (Minimum time = 0). There are certain situations where the normal configuration would cause the door to be locked too soon (absence of a door sensor, or double doors). In those situations, a Minimum time must be set on the strike relay to keep the door unlocked after the system detects that the door has been opened (typically for the same duration as the Access grant time set on the door).
342
Access control unit
Portal (SMC)
The SMC units Portal tab allows you to connect to the SMCs web-based interface (Controller Portal) for its configuration and maintenance.
Controller Portal allows you to perform the following tasks:
Change the security password required to log on to the SMC unit. Configure the network settings on the SMC unit so it works on your system. Configure SMC to accept connections from specific Access Manager servers. Configure the properties of the interface modules attached to the SMC unit. Configure the access control behavior for SMC, in both online and offline modes. View the activity logs stored on the SMC unit. Test and diagnose the interface module connections to the SMC unit. View and export the SMC status and configuration. Upgrade the SMC firmware. Restart the SMC hardware or software. Update security clearance levels assigned to Security Center areas manually on the SMC unit when the connection to the Access Manager is lost.
For more information on what you can do through the Controller Portal, see the Synergis Master Controller Configuration Guide.
Access control unit
Network (HID)
The HID units Network tab allows you to configure the connection parameters for the Access Manager to communicate with the unit. These settings are correctly initialized at the time the HID unit is added to your system. Do not change these settings unless you changed them on the unit using the HID Discovery GUI after the unit has been enrolled, or a Genetec representative instructs you to do so.
Connection parameters
Username/password. Username and password used to log on to the HID unit. Use translated host address. Must be selected when there is a NAT router between the unit
and its Access Manager. The NAT routers IP address that is visible from the unit would be set here.
Obtain network settings dynamically (DHCP). Select this option if the HID unit will be
assigned its IP configuration by a DHCP server.
Use these static settings. Select this option and configure the IP address, Gateway and
Subnet mask manually if the access control unit will use a fixed IP address (recommended).
NOTE The equivalent settings for an SMC unit are configured through the SMC portal (see
"Portal (SMC)" on page 343).
344
Access control unit
Peripherals
The Peripherals tab allows you to give meaningful names to IO devices controlled by the unit so they are easier to identify. Additionally, you can assign a logical ID for each IO device.
Rename a device
To edit a units logical name, select a devices logical name (eg. V200 [02] Relay 1) and type over its existing name to something more meaningful (eg. V200 [02] - Door Bell). The (abc) button and (id) button at the bottom of the page can also be used to apply a logical name or logical ID number to one of the device peripherals.
345
Access control unit
Health
The Health tab displays the memory usage on the unit.
Usage
You can monitor a units health and status:
Number of credentials. Indicates the number of credentials stored on the unit versus the
total number of credentials the unit can store, based on the available memory and the average number of bytes per credential.
Main memory. Available memory on the unit. This information is only available to HID
VertX units. For SMC units, a different set of information is available through the System status page in Controller Portal (see Viewing and exporting system information in the Synergis Master Controller Configuration Guide).
Secondary memory. Available secondary memory on the unit. This information is only
available to HID VertX units.
346
Access control unit
Synchronization
The Synchronization tab allows you to configure the type of synchronization you want between the unit and its Access Manager.
A unit must be synchronized with the Access Manager database to allow it to work in offline or mixed mode. For synchronization, the Access Manager knows a units capacity, and fills it with as much information as possible so that the unit is optimized to run when it is offline, or in mixed mode. Synchronization management handles credential and IO linking rules. This can be set according to your needs. See "About unit synchronization modes" on page 348. This tab shows you the following information about this process:
Last update. Indicates the day and time of the last successful synchronization with the unit. Expiration date. Indicates the day and time when the unit will no longer be capable of fully
functioning in offline or mixed mode. This is due to the limited scheduling capability of the access control unit. You will need to synchronize before the expiration date to ensure that the unit will work in offline or mixed mode. The scheduling limit varies depending on the unit type:
HID VertX units expire after one year. Past the expiration date, the unit stops working. SMC units never expire because they fully support the scheduling schemes used in Security Center.
347
Access control unit
IMPORTANT Any synchronization errors are displayed in yellow. Pay attention to these errors to avoid any disruption in the operation. For example, HID VertX units are limited to 65,000 credentials. Exceeding this limit causes the synchronization to fail and the unit to be reset.
About unit synchronization modes

Security Center supports the following unit synchronization modes for credentials:
Automatically. This is the recommended setting.

Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.
On schedule. The unit is synchronized according to a schedule.

For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.
Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.
348
Access rule
Access rule
The access rule entity defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.
System: Synergis IP access control Task: Access control Access rules

Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Type of rule and to who and when this rule applies. Custom field values for this rule.
Related topics:
Area "Access rules" on page 364 "Access Manager" on page 511
349
Access rule
Properties
The Properties page of an access rule links the 3 Ws: The Who, When and What. For example, All Employees, Office Hours, and Access Granted.
Schedule. Choose when this access rule is active. When the schedule is active . Select whether to grant or deny access from cardholders. Cardholders affected by this rule. Select the cardholders affected by this rule.
NOTE An access rule is not operational until it is associated to a door, elevator, or area.
Related topics:
For information about creating access rules for areas, see "Access rules" on page 364. For information about creating access rules for doors, see "Access rules" on page 409.
350
Alarm
Alarm
The alarm entity describes a particular trouble situation that requires immediate attention, and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on. System: General Task: Alarms Alarms
Identity Properties Advanced Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Essential alarm priorities: priority, recipients, broadcast mode, and attached entities. Optional alarm properties: reactivation threshold, alarm procedure, schedule, automatic acknowledgement, and video display and recording options. Custom field values for this alarm.
Related topics:
"Managing alarms" on page 111 "Testing alarms" on page 112
351
Alarm
Properties
The Properties tab allows you to define the essential alarm properties.
Priority
In Security Desk, alarms are displayed in the Alarm monitoring task by order of priority (this is evaluated every time a new alarm is received). The highest priority alarm is displayed in tile #1, followed by the second highest in tile #2, and so on. When two alarms have the same priority value, priority is given to the newest one. When a new alarm is received in Security Desk with a priority level identical or higher than the current alarms displayed, it pushes the other alarms down the tile list. When an alarm is acknowledged in Security Desk, it frees a tile for lower priority alarms to move up.
352
Alarm
Recipients
An alarm recipient is either a user, user group, or analog monitor group. They receive the alarms in Security Desk.
IMPORTANT Make sure all the alarm recipients have the privilege to acknowledge alarms.
Broadcast mode
There are two ways alarm recipients can be notified:
All at once. (Default) All recipients are notified at the same time, immediately after the
alarm is triggered.
Sequential. The recipients are notified individually, each after a specified delay (in seconds)
calculated from the time the alarm is triggered. If the recipient is a user group, all members of the user group are notified at the same time.
Attached entities
The attached entities are what visually describe the alarm situation. The alarm entity has the characteristics of a composite entity. When displayed in Security Desk, you can cycle through all displayable entities (cameras, tile plugins, and so on) within the display tile, or unpack the alarm to display them all at once. For more information, see Unpack/pack tile content in the Security Desk User Guide. When a composite entity is attached to an alarm, the entities that compose it are also attached to the alarm. For example, if a door entity is attached to the alarm, the cameras associated to the door are also attached to the alarm.
Entity cycling
Entity cycling is a Security Desk feature that automatically rotates the display of a composite entity through its components within a display tile, displaying each entity for an equal amount of time. For more information, see Entity cycling in the Security Desk User Guide.
353
Alarm
When entity cycling is turned on in Security Desk, the order of the attached entities in the list is the order they will be displayed in Security Desk.
NOTE When the alarm is triggered by an event, the entity that caused the event is also attached to the alarm. That entity will be displayed first when the alarm is displayed.
Advanced
The Advanced settings tab allows you to configure the optional alarm properties.
Reactivation threshold
The minimum time Security Center needs to wait after triggering this alarm once, before it can trigger it again. This option serves to prevent the system from repeatedly triggering the same alarm while it is awaiting to be resolved.
354
Alarm
Alarm procedure (URL)

Use this option to set the URL or the Web page address corresponding to the alarm procedure. This feature is used to provide alarm handling instructions to the operators. The Web page is displayed when the user clicks Show alarm procedure ( ) in the alarm widget in Security Desk.
NOTE The alarm procedure is also displayed as part of the entities attached to the alarm in Security Desk when entity cycling is turned on.
Schedule
The schedule defines when this alarm is in operation. This means that outside the periods defined by this schedule, triggering this alarm would have no effect.
Automatic acknowledgment
Turn this option on (default=off) to let the system automatically acknowledge this alarm if no one acknowledges it before the specified time (in seconds). This option is recommended for lowpriority alarms that serve to alert the security operator, but do not require any action.
Create an incident on acknowledgement

Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they acknowledge an alarm.
NOTE Turning this option on turns the automatic acknowledgement off.
Video display option

If cameras are attached to an alarm, you can choose to display live video (default) or playback video when the alarm is triggered. If you choose to display playback video, you must specify the playback pre-trigger time, which is the number of seconds to go back in time before starting the playback, from the time the alarm is triggered.
NOTE Make sure that the recording buffer is equal to, or longer than the pre-trigger time you need for your alarm display. For more information, see "Time to record before an event" on page 523.
Alarm
Automatic video recording

When cameras are attached to the alarm, the Archiver automatically records the video for a minimum duration specified in seconds. The recording buffer configured for each camera ensures that whatever happened a few seconds before the alarm was triggered will also be recorded (see "Time to record before an event" on page 523). The recording buffer plus the alarm recording duration is called the guaranteed recording span. This behavior ensures that video recordings will be available for future alarm investigations whenever cameras are attached to this alarm. Turn this option off (default=on) if recording video for the alarm is not necessary.
NOTE If the alarm is triggered from a camera event (for example Object removed), the camera that caused the event is automatically attached to the alarm, and therefore, will also be recorded if this option is turned on. IMPORTANT All recordings are ultimately subject to the archiving schedules in place. If recording is disabled at the time the alarm is triggered, no video is recorded. For more information, see "Recording modes" on page 522.
Protect recorded video

Turn this option on (default=off) to protect the video recordings associated to this alarm (see "Automatic video recording" on page 356) for the specified number of days. For more information on video protection, see "Protecting video archive against routine cleanup" on page 229. Related topics:
"Testing alarms" on page 112
356
Analog monitor
Analog monitor
The analog monitor entity represents a physical monitor that displays video from an analog source, such as a video decoder or an analog camera. A video decoder is a device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. A video decoding unit can have multiple video decoders, each connected to an analog monitor. Each video decoder found on a video decoding unit is represented by an analog monitor entity in Security Center. System: Omnicast IP video surveillance Task: Video - Analog monitor
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. General behavior of the analog monitor.
Related topics:
"Monitor group" on page 432 "Video unit" on page 494
357
Analog monitor
Properties
The Properties tab lets you configure the video stream usage (or function) and specific network settings for the analog monitor.
Video
The video section contains various settings that affect the quality the video.
Stream usage. Select the video stream to use for cameras displayed in the analog monitor.
This option is only available for decoders capable of generating multiple video streams. The stream usage options are the following:
Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.
High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. Analog format. Select NTSC (National Television System Committee) or PAL (Phase Alternating Line) analog format for the video signal. PAL format generally streams video at a lower frame rate, but at a higher resolution.
358
Analog monitor
Display camera name. Turn this option ON if you want the camera name to be shown
when it is displayed in the analog monitor in a tile.
Network settings
The Network settings section allows you to configure the desired connection type used by the video decoder.
UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, and TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Multicast. Communication between a single sender and multiple receivers on a network. This is the preferred connection type. In this mode, multiple users in multiple locations can receive the same video transmission simultaneously from a same source, using the bandwidth only once. Most video units are capable of multicast transmissions. UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
Hardware
The Hardware section allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this analog monitor. When the decoder is added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate the analog monitor to other devices, according to how they are physically connected.
359
Area
Area
The area entity, in its most generic use, represents a concept or a physical location (room, floor, building, site, and so on) used for the logical grouping of entities in the system. When Synergis is enabled in your license, an area entity can also be used to configure a secured area with access rules and access control behavior. System: General, Synergis (if secured areas are to be created) Task: Logical view
Identity Properties Members Access rules Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Antipassback and interlock properties for this area (Synergis only). Child entities of this area. Access rules applied to this area (Synergis only). Custom field values for this area.
Related topics:
"Managing threat levels" on page 117 "Managing the Logical view" on page 85 "Configuring secured areas" on page 278 "Configuring access rules" on page 281
360
Area
Properties
The Properties tab allows you define the optional area properties. Some these properties might not be visible depending on your license option settings.
Antipassback properties
Antipassback is the access restriction placed on a secured area that prevents the same cardholder from entering an area they have not yet exited, and vice-versa.
Status. Set the antipassback feature to ON or OFF. Type.

Area
Soft. Soft antipassback only logs the passback events in the database. It does not restrict the door from being unlocked due to a passback event.
Strict. When turned ON, antipassback logic is applied in both directions on the area.
Hard. Hard antipassback logs an entry in the database and prevents the door from being unlocked due to a passback event. Timeout. Set how many minutes until the passback event is automatically forgiven.
Cardholders that never left an area cannot enter, and cardholders that never entered cannot leave. Otherwise, the default is OFF and antipassback logic is only applied in one direction. Cardholders who never left an area cannot enter. When a hard antipassback event is triggered, it must be forgiven for the cardholder to unlock the door. It might be forgiven automatically due to a timeout value having been configured. Otherwise, the passback event can be forgiven by an authorized user with the Security Desk Monitoring task. For more information, see Monitoring access events About antipassback in the Security Desk User Guide.
CAUTION HID units support antipassback or interlock, but not both simultaneously.
Interlock properties
Security Center supports the interlocking of the perimeter doors for an area by allowing only one perimeter door to be open at one time. It is important that the door sensors detect when a door can be opened.
Status. Set the interlock properties feature to ON or OFF. When its status is set to ON, only
one member door of the area can be open at any given time. To open a door, all others must be closed.
Priority. An interlock override or lockdown button can be associated to this interlock. Override / Lockdown. Select an input to be used as a trigger for override or lockdown
mode.
CAUTION HID units support antipassback or interlock but not both simultaneously.
Threat levels
This section is only visible to administrative users, and if the Threat level license option is enabled. You can configure specific actions to be executed by the system when a threat level is activated or deactivated for this area. For more information, see "Managing threat levels" on page 117.
362
Area
Members
The Members tab shows the child entities of the area, grouped by entity type.
Areas are used as entity groupings in the Logical view. The area represented in the above sample screen shot would appear as the following in an entity tree.
For more information about adding members to an area, see "Add members to an area" on page 279.
363
Area
Access rules
The Access rules tab is only necessary if you are configuring a secured area. This tab is only visible when Synergis is enabled in your license.
You assign one or more existing access rules that allow authorized cardholders to gain access to the area. For more information, see "Configuring access rules" on page 281.
364
Badge template
Badge template
The badge template entity is used to configure a printing template for badges.
System: Synergis IP access control Task: Access control Badge templates

Identity Badge designer Name, description, logical ID, and relationships of this entity with other entities in the system. Tools allowing you to design new badge templates.
Related topics:
"Cardholder" on page 395 "Credential" on page 401 "Defining badge templates" on page 289
365
Badge template
Badge designer
The Badge designer is a tool that allows you to design and modify badge templates.
In the Badge designer, there are different tools you can use to edit a template:
In the Tools section, there are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template. Rectangle tool. Use to draw a square/rectangle on the template. Ellipsis tool. Use to draw circles/ovals on the template. Text tool. Use to insert text on to the template. Image tool. Use to insert a picture on to the template. Barcode tool. Use to insert barcodes on to the template.
Select a tool, and click on the template to use it.
In the Image section, you can choose whether the image displayed on the badge uses a
cardholder picture or an image from a file, and whether the image should be stretched or not. In the Text section, you can add cardholder fields, as well as edit the text, the text color, and the text alignment. In the Color and border section, the following options are available:
366
Badge template
Fill. Use to modify the fill color of an inserted object like a square or oval. Border. Use to modify the border color of an inserted object. Opacity. Use to modify the opacity of an inserted object.
Border thickness. Use to modify the thickness of the inserted objects border In the Size and position section, you can choose where the text or image is located on the badge, and its width and height.
Properties (
). Opens the Format dialog box, where you can select from the following card sizes and orientation: CR70 CR80 CR90 CR100 Custom card size Orientation. You can choose Landscape or Portrait orientation. ). Import a badge template to use. ). Save your badge template. ). Copy the selected item on the badge template. ) . Paste the copied item onto the badge template.
Import ( Export ( Cut ( Copy ( Paste (
). Delete the selected item on the badge template.
Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge. ). Bring the selected item to the foreground of the badge template.
Bring to front (
For more information about creating badge templates, see "Defining badge templates" on page 289.
367

The camera entity represents a single video source on your system. The video source can be an IP camera or an analog camera connected to a video encoder. A video encoder is the device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG4, or M-JPEG). The video encoder is one of the many devices found on a video unit. Each video encoder can generate one or multiple video streams using different compression schemes and formats for different usages. In the case of an IP camera, the camera and the video encoder form an inseparable unit. Because of the intimate relationship between the camera and the video encoder, the two terms are often used interchangeably. System: Omnicast IP video surveillance Views: Video Units (under Archiver)
Identity Video Recording Motion detection Color Visual tracking Name, description, logical ID, and relationships of this entity with other entities in the system. Video stream configuration (usage and quality) based on schedules. Not available for federated cameras. Video recording settings. Can be inherited from the archiving roles or customized for each camera. Not available for federated cameras. Motion detection configuration based on schedules. Can be performed on the video unit (certain models only) or on the Archiver. Not available for federated cameras. Video attribute (brightness, contrast, hue, and saturation) adjustments based on schedules. Not available for federated cameras. Visual tracking is a feature in Security Desk that allows you to follow an individual or moving object across different cameras all within the same display tile. This tab is only available for fixed cameras. Hardware configuration such as PTZ protocol, links to audio devices, and unit specific video settings. Not available for federated cameras. Custom field values for this camera.
Hardware Custom fields
Related topics:
"Configuring cameras" on page 209 "Camera sequence" on page 393 "Video unit" on page 494
"Archiver" on page 521 "Media Router" on page 585
Video
The Video tab allows you to define multiple video quality (resolution, frame rate, and so on) configurations for each video stream generated by your video encoder. For each stream, you can also specify its usage (or function) and specific network settings.
"Video quality" on page 370 "Stream usage" on page 373 "Network settings" on page 374 "Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376
369
Video quality
Video quality refers to the various settings (image resolution, bit rate, frame rate, and so on) that affect the quality the video. Multiple video quality configurations can be defined for the same stream on different schedules. The list below describes all possible settings pertaining to video quality. These settings vary from one manufacturer to another. No single manufacturer supports them all.
NOTE For any setting not covered in this section, refer to the manufacturers documentation.
Resolution. Data format and image resolution. The available choices depend on the type of
video unit you have.
NOTE On certain models of video units that support a large number of video feeds (4 to 12), some high resolution formats might be disabled when you enable all the video streams, because the unit cannot handle all the streams at high resolutions.
Quality. Video quality depends on a combination of settings. Config Tool proposes a list of
predefined configurations for you to choose from. To adjust each of them individually, select Custom from the Quality drop-down list.
Bit rate. Sets the maximum bandwidth (kbps) allowed for this encoder. See also "Advanced
bit rate settings" on page 372.
Frame rate. This slider sets the number of frames per second (fps). A high frame rate (10
fps or more) produces fluid video and is essential for accurate motion detection. However, increasing the frame rate also sends more information over the network, and therefore, requires more bandwidth.
Image quality. This slider affects the image quality (the higher the value, the better the
quality). Higher image quality requires more bandwidth, which might compromise the frame rate. When bandwidth is limited, you should consider the following:
To retain very good image quality, restrict the number of images per second (lower frame rate).
To transmit more images per second at a high frame rate, lower the image quality. The encoder will always try to maintain each quality setting. However, if bandwidth is limited, the encoder might reduce the frame rate in favor of the image quality.
Automatic settings. Certain models of encoders (such as Bosch) let you select this option
instead of setting your own value for image quality. To set the image quality manually, you have to select Custom in the Quality drop-down list.
Key frame interval. A key frame is a frame that contains a complete image by itself as
opposed to a usual frame that only holds information that changed compared to the previous frame. You would need a higher key frame rate to recover more rapidly from cumulative errors in the video when the network is less reliable. Frequent key frames require a higher bandwidth. You can specify the key frame interval in seconds (1 to 20) or by frames (based on the frame rate).
Recording frame rate. The purpose of this setting is to save storage space by recording the
video at a frame rate lower than the one used for viewing. This setting only reduces the storage usage, not the bandwidth usage. Setting the Recording frame rate to anything other than All frames locks the Key frame interval.
Profile and level. Used only for MPEG-4 streams, the profile determines the tools available
when generating the stream (for example, interlace, or B frames), and the level limits the resource usage (for example, max bit rate).
Video object type. The Video Object Type (VOT) to use for the MPEG-4 streams. The
available choices are governed by the choice of Profile and Level.
GOP structure. Stands for Group Of Picture structure. It is possible to configure up to four
types of GOP structures:
I. Stands for Intra frame structure. Meaning only Intra (key frame) frames are sent. This is primarily for using an external multiplexer. IP. Stands for Intra and Predicted frame structure. This setting results in the lowest possible video delay. IPB. Stands for Intra and Predicted and Bidirectional frame structure. This setting enables the user to have a higher quality and a higher delay.
IPBB. Stands for Intra and Predicted and Bidirectional and Bidirectional frame structure. This setting enables the highest quality and a highest delay. GOP length. Stands for Group Of Picture length. With this value, it is possible to change the distance (number of frames) between the intra-frames in the MPEG-2 video stream.
Streaming type. Select between VES (video elementary stream), which sends only video
information, or PRG (program stream), which sends both video and audio information.
Input filter mode. This drop-down list lets you select a noise filter to apply to the video
signal before it is encoded. It has four settings: None, Low, Medium, and High.
NOTE Removing noise from the video signal also reduces the sharpness of the image. If the
video signal is relatively clean, do not apply any filter (None). The higher the filter level, the more blurry the video image becomes. Keeping a sharp image creates more pixels to encode, which uses more bandwidth. This is why on some video units the default is set to Medium.
Bit rate control. This option lets the encoder automatically lower the bit rate when one of
the decoders is reporting transmission errors (dropped packets). This usually happens when there is a lot of motion on the camera. The encoder drops the bit rate as low as necessary to let all decoders receive an error free transmission. When the motion subsides, the encoder gradually increases the bit rate until it reaches the configured maximum limit. The trade-off between low bit rate and transmission errors is that with a low bit rate, the image stays crisp but the video might appear jerky, while with transmission errors, the image contains noises, but the video stays fluid.
Compression mode. Select between SM4, Verint's proprietary version of MPEG-4

compression, or ISO, the standard MPEG-4 compression.
371
Advanced bit rate settings

Certain types of video units (such as Axis) allow you to set the maximum bit rate at the unit level (see Video unit "Properties" on page 496). In this case, there is an additional drop-down list (bit rate mode) for your bit rate setting.
You have two values to choose from for the bit rate mode:
Variable. Variable bit rate (VBR) adjusts the bit rate according to the complexity of the
images in the video. This uses a lot of bandwidth when there is a lot of activity in the image and less bandwidth when the monitored area is quiet.
Constant. Constant bit rate (CBR) allows you to set a fixed target bit rate that will consume
a predictable amount of bandwidth, which will not change, whatever happens in the image. This requires you to set another parameter, the Bit rate priority.
Bit rate priority

If you choose to maintain a constant bit rate, the encoder might not be able to keep both the frame rate and the image quality at their set values when the activity in the image increases.
The Bit rate priority lets you configure which aspect of video quality you wish to favor when you are forced to make a compromise.
Frame rate. Maintains the frame rate at the expense of the image quality. Image quality. Maintains the image quality at the expense of the frame rate. None. Lowers both the frame rate and the image quality to maintain the bit rate.
372
Stream usage
The Stream usage options are only available for encoders capable of generating multiple video streams. It allows you to specify the usage (or function) of each stream.
The stream usage options are the following:
Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211. stream in Security Desk is large. See "Automatic stream selection" on page 211.
High resolution. Stream used instead of the Live stream when the tile used to view the
NOTE Every stream usage must be covered by a stream, but not every stream needs to be assigned a usage. The streams that have no usage assigned are simply not generated, which conserves CPU on the unit.
373
Network settings
The Network settings options allow you to configure the desired connection type used by the video encoder.
The network settings are the following:
UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, TCP, RTSP over HTTP, and RTSP over TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Unicast UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. Unicast TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is
374
sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
RTSP stream over HTTP. This is a special case of TCP connection. The Archiver uses the RTSP protocol to request the stream through an HTTP tunnel. The stream is sent back through this tunnel using the RTP protocol. This connection type is used to minimize the number of ports needed to communicate with a unit. It is usually the best way to request the stream when the unit is behind a NAT or firewall, because requests sent to HTTP ports are easily redirected through them. RTSP stream over TCP. This is another special case of TCP connection. The Archiver uses the RTSP protocol to request the stream in TCP. The request is sent to the RTSP port of the unit.
Same as unit. Special case for Panasonic units. The connection type is the same for all streams of the unit. When present, it is the only connection type supported. The real connection type must be set in the specific configuration page of the unit. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each video encoder is assigned a different multicast address with a fixed port number. If the encoder is capable of generating multiple video streams, then a multicast address should be assigned to each stream. This is the most efficient configuration.
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder, because it will cause more traffic than is necessary on the network.
NOTE All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
375
Boost quality on manual recording

The Boost quality on manual recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is started manually by a user.
The actions that trigger manual recording are as follows:
The Record button ( ) is clicked by a Security Desk user. The Add a bookmark button ( ) is clicked by a Security Desk user.
See also "Common boost quality settings" on page 376.
Boost quality on event recording

The Boost quality on event recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is triggered by a system event. The events that qualify as event recording are as follows:
The Start recording action was executed. The recording was triggered by an alarm. The recording was triggered by motion.
See also "Common boost quality settings" on page 376.
Common boost quality settings

This section describes the common behavior of the two Boost quality options.
376
The boosted quality settings you can configure are the same as the ones described in the section "Video quality" on page 370. When both sets of events are triggered, the event recording settings have priority over the manual recording settings. The duration of the quality boost depends on the type of event and the duration configured in the Recording tab of the camera. For more information, see Camera "Recording" on page 378. The ON/OFF switch tells the system whether the video quality should be boosted every time the triggering events occur (ON), or only on demand (OFF). When boost on demand is selected (switch=OFF):
You can demand the boost quality settings to be applied explicitly by executing one of the
following actions:
Override with manual recording quality. Override with event recording quality.
Once the boost quality settings are applied through an action, they have precedence over
any other settings currently in effect. To return to the normal settings, you must execute the following action:
Recording quality as standard configuration.
For more information about executing actions, see "Using event-to-actions" on page 106.
377
Recording
The Recording tab allows you to customize the recording settings on each individual camera instead of following the archiving role settings.
If the camera is associated to additional Auxiliary Archiver roles, roles, youll find one group of settings for each archiving role the camera is associated to. For each recording configuration, the camera can follow the settings inherited from the role or use its own custom settings. For more information on the rest of the recording settings related to:
An Archiver, see "Camera recording" on page 522. An Auxiliary Archiver, see "Camera recording" on page 544.
378
Motion detection
The Motion detection tab allows you to define multiple motion detection configurations for your camera. Each configuration is based on a different schedule.
What is a motion detection configuration?

A motion detection configuration is a group of settings that specify how motion is detected on a camera, and when these settings are applied (based on a schedule). Every camera has a default motion detection configuration based on the Always schedule. The default motion detection configuration can be modified but not deleted. The motion detection settings are as follows:
Motion detection. Turns motion detection ON or OFF for the time periods covered by the
schedule.
379
Detection is done on. Specifies whether motion detection is performed on the Archiver
(always available), or on the video unit (not all units support this feature). See also "Limitations with motion detection on unit" on page 385.
Sensitivity. Controls how much difference must be detected in a block between two
consecutive frames before it is highlighted as a motion block (see "Motion block" on page 380). With the sensibility set to the maximum (100%), the slightest variation in an image block is detected as motion. Lowering the sensitivity reduces the number of motion blocks detected in the video. Only set the sensitivity lower than 100% if your equipment is prone to generate noise.
TIP A plain image, such as viewing an empty wall, is more prone to generate noise than an image containing a lot of detail.
You can also set the sensitivity value automatically (see "Automatically set motion detection sensitivity" on page 381). See also "Advanced H.264 motion detection" on page 382.
Consecutive frame hits. A frame where the number of motion blocks reaches the Motion on
threshold is called a hit. Setting this parameter higher than 1 helps avoid false motion detection hits, such as from video noise in a single frame. This setting ensures that positive motion detection is only reported when a hit is observed over a certain number of consecutive frames. When enough consecutive hits have been observed, the first hit in the series is marked as the beginning of motion.
Motion zones. Defines where on the video image motion should be detected. Up to six
different motion zones can be defined per configuration. For the purpose of motion detection, the video image is divided into a large number of blocks (1,320 for NTSC encoding standard and 1,584 for PAL). Each of these blocks can be individually turned on/off for motion detection. A block where motion detection is turned on is represented by a semi-transparent blue square overlay on the video image. See "Drawing tools for motion zones" on page 383.
Motion block
A block is called a motion block when motion is detected in it. There is positive motion in a video image when the area covered by the block detects motion in two consecutive video frames. The number of motion blocks detected represents the amount of motion. A motion block is represented by a semi-transparent green square overlay on the video image.
What constitutes a positive motion detection?

Simply seeing motion blocks on the video does not necessarily mean that the system will generate a motion related event. It could simply be noise. To determine when motion actually started (Motion on event) and when it stopped (Motion off event), two more parameters must be configured on top of the Sensitivity and Consecutive frame hits:
380
Motion on threshold. Indicates the minimum number of motion blocks that must be
detected before the motion is significant enough to be reported. Together with the Consecutive frame hits, a positive motion detection is made.
Motion off threshold. In the same way the Motion on threshold detects the beginning of
motion, the Motion off threshold detects the end of motion. Motion is considered stopped when the number of motion blocks drops below the Motion off threshold for at least 5 seconds.
CAUTION Light reflections on windows, switching lights on/off, and light level changes caused by cloud movement can cause undesirable responses from the motion detection algorithm, and thereby generate false alarms. Carry out a number of tests for different day and night conditions to ensure correct interpretation of the video images. For surveillance of indoor areas, ensure there is a consistent lighting of the areas during the day and at night. Uniform surfaces without contrast can trigger false alarms even with uniform lighting.
Automatically set motion detection sensitivity

You can determine what constitutes positive motion detection by automatically setting the sensitivity value. Before you begin: Make sure there is no motion in the cameras field of view (0 motion blocks).
NOTE If your camera is located outdoors, the accuracy of this test might be affected due to wind, moving trees, and so on.
To automatically set the motion detection sensitivity:
In the cameras Motion detection tab, select one of the following options from the Auto
calibrate drop-down list:
Current zone. Calibrate the sensitivity for motion detected in the currently selected motion zone on the video image. All zones. Calibrate the sensitivity for motion detected in all the motion zones on the video image. All motion. Calibrate the sensitivity for motion detected on the whole video image.
Different sensitivity values are tested to find the highest value without detecting motion in the image. This test accounts for any unwanted background noise that your camera may pick up and consider as motion.
381
Advanced H.264 motion detection

When an H.264 stream is selected as the recording stream, the Advanced settings button is available after the Sensitivity slider. Click this button to open the H.264 advanced motion detection settings dialog box where you can refine your motion detection settings for an H.264 stream.
Choose a Preset from the drop-down menu:
Custom. Allows you to customize your settings using the available sliders. Vector emphasis. Sets motion detection based on the difference in motion vector values
(movement) between consecutive frames.
Luma emphasis. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames. Depending on your unit, the Vector and Luma emphasis presets might not provide desirable results. If you find you are getting too many, or too few motion events, choose Custom from the Preset list and adjust the following slider values until you achieve desirable results. Values range between 0 and 100. The higher the value, the more motion is detected.
Luma weight. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames.
Chroma weight. Sets motion detection based on the difference in chroma (color) values
Vectors weight. Sets motion detection based on the difference in vector values (movement)
Macroblocks weight. Sets motion detection based on the presence of intra-macroblocks in

your frame. This setting is useful when you notice motion detection indicators on still frames. For example, some units generate frames completely comprised of intramacroblocks as a new reference point. When this happens, you will see motion detection blocks covering your whole image. Setting the Macroblocks weight to 0 helps prevent this from happening.
TIP Test your new settings with the View all motion mode.
Drawing tools for motion zones

You draw the motion zone using the following drawing tools:
Icon Tool name Description
Pen Eraser Rectangle Fill Clear Invert
Draws motion detection blocks one at a time. Erases the motion detection blocks one at a time. Draws a group of motion detection blocks. Covers the entire image with motion detection blocks. Clears all motion detection blocks. Interchanges the area with motion detection blocks with the area without. Lets the computer analyze what is typical motion in the image. When typical motion occurs, the motion detection blocks in the affected areas are turned off, so it can be ignored.
Learning mode
383
Testing motion detection settings

After modifying the motion detection settings for a camera, always test your new settings to make sure that you get the expected results. You can always test your settings in Config Tool whether the motion detection is performed on the Archiver or on the unit. However, the test might not be completely accurate when the motion detection is performed on the unit. See "Limitations with motion detection on unit" on page 385. You have three motion test modes to choose from:
Test zone. The motion zone is displayed as blue overlays. The motion blocks are displayed as
green overlays. The number of motion blocks is updated in real time. When the number of motion blocks reaches the Motion threshold, it is displayed in red.
384
Test all zones. In this mode, all motion zones are displayed at once, with the number of
motion blocks in each displayed separately.
View all motion. In this mode, the entire video image is tested for motion. All motion
anywhere on the image is displayed as motion blocks (green overlays). The total number of motion blocks is updated in real time. Use this mode to test the sensitivity setting for this camera.
Limitations with motion detection on unit

When motion detection is performed on the unit, not all motion detection settings are taken into consideration. The following list some of the known limitations:
Not all units support multiple motion detection zones. When switching motion detection
from Archiver to Unit, the existing zone configurations not supported by the unit will be lost. The unit might not interpret the Sensitivity parameter the same way as the Archiver. Therefore, when testing your motion zones, the results might not be accurately reflected in Config Tool. The Motion search task in Security Desk is not supported. playback.
NOTE Axis cameras however are exceptions. They do show the motion indicators in the
In most cases, the motion indicators (green bars) are not shown in the timeline during
timeline during playback when motion detection is performed on the unit.
385
Motion related events

The default events related to motion detection generated by the system are as follows:
Motion on. At the beginning of the motion period. Motion off. At the end of the motion period.
You can silence these events or replace them with the custom events of your choice using the Motion events dialog box (click the Events button to open it).
TIP One reason why you would want to use custom events is when you are using multiple motion zones. Each zone can be configured to detect motion in a different area of the cameras field of view and generate different events. Having different events allows you to program different actions to respond to different situations.
386
Color
The Color tab allows you to adjust the video attributes such as brightness, contrast, hue, and saturation, based on different schedules.
Click the Add schedule button to add an new color configuration. Click the Load default button to reset all parameters to their default values.
TIP A typical use of this feature is to automatically control the brightness and contrast based on ambient light. For more information, see "What is a twilight schedule?" on page 104.
387
Visual tracking
Visual tracking is a Security Desk feature that allows you to follow an individual or moving object across different cameras and all within the same display tile. For more information, see Using visual tracking in Genetec Security Desk User Guide. The Visual tracking tab is where you configure this feature.
How visual tracking works

When visual tracking is turned on, semi-transparent overlays (colored shapes drawn over the video) appear in the tile showing that camera. Each overlay corresponds to one or more adjacent cameras. Simply click the overlay to switch to an adjacent camera. Video from the camera you switched to is displayed within the same tile. For more information, see "Configure visual tracking" on page 212.
388
Hardware
The Hardware tab allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this camera and configure specific hardware settings.
When the unit is initially added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate your camera to other devices, according to how they are physically connected.
389
PTZ configuration
If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. When you turn the PTZ switch on, additional settings appear.
Protocol. Protocol used by the PTZ motor. Serial port. Serial port used to control the PTZ motor.
Click to set the Idle delay, Idle command, and Lock delay parameters.
Enhanced PTZ. Turn this option on to enable the zoom-box and center-on-click PTZ
commands. For more information, see "Configure PTZ motors" on page 214.
Calibrate. Click to calibrate the PTZ. See "Calibrate the PTZ coordinates" on page 215.
NOTE Not all cameras require PTZ calibration.
PTZ address. Number identifying the selected PTZ motor on the serial port. This number
is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware.
Idle delay
The idle delay is used in two ways:
The idle delay defines the period of inactivity after which the PTZ is considered idle. When
a user starts moving the PTZ when it is idle, the PTZ activated event is generated. When the idle delay expires, the PTZ stopped event is generated. As long as there are users who continue to move the PTZ, the countdown timer continuously restarts.
The same idle delay value is also used specifically for the zoom operation on a PTZ.
Whenever a user starts to zoom the PTZ, the PTZ zoom by user event is generated. After the last zoom operation, when the idle delay expires, the PTZ zoom by user stopped event is generated. For a particular user, idle delay delineates a single zoom activity. A user who zooms several times, with each zoom activity taking place less than 120 seconds after the previous one, will generate only one PTZ zoom by user event, assuming the idle delay is 120 seconds. Then, if another user performs a zoom on the same PTZ before the idle delay has expired, the PTZ zoom by user event is again generated, logged to the second user, and the countdown timer
390
is restarted. Note that in this case, the PTZ zoom by user stopped event is only generated after the Idle delay has expired, and logged to the second user.
NOTE The PTZ activated and PTZ stopped events cannot be triggered by a programmed PTZ
action. The PTZ zoom by user and PTZ zoom by user stopped events cannot be generated due to automated PTZ functions such as presets or patterns, or by a programmed PTZ action.
Idle command
When the PTZ becomes idle (after the idle delay expires and the PTZ stopped or PTZ zoom by user stopped event is generated), this option determines the next action of the PTZ.
None. The PTZ remains idle until a user starts controlling it. Preset. The PTZ moves to a preset position when it becomes idle. Pattern. The PTZ motor starts a PTZ pattern when it becomes idle.
Lock delay
When a user controls an idle PTZ, the PTZ becomes implicitly locked for that user. The implicit PTZ lock prevents two users from fighting for the control of the same PTZ. The implicit lock lasts Idle delay + Lock delay seconds after the user has stopped using the PTZ. After this period, the PTZ automatically unlocks.
Speaker and microphone

Even if the unit your camera belongs to does not support audio, you can still link your camera with audio devices (speaker and microphone) found on other units.
Camera tampering
Select this option to let Security Center process Camera tampering events issued by the unit. This setting is only available if the video unit is capable of detecting camera tampering. Typically, any dysfunction that prevents the original scene from being viewed properly can by treated as an attempt to tamper with the camera. This can be a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. You can control the sensitivity of the units alarm notification mechanism by specifying the Minimum duration that a dysfunction must last before the unit issues a Camera tampering event. Select the Alarm for dark images option if total obstructions are to be considered as dysfunctions.
Audio alarm
Select this option to let Security Center process audio alarms issued by the unit as Audio alarm events. This setting is only available if the video unit is capable of raising audio alarms.
391
NOTE The Alarm level sets the value used to trigger audio alarms on the unit. A unit can be configured to issue audio alarms when the sound level rises above or falls below the set value. The alarm level can be set in the range 0-100%, where 0% is the most sensitive and 100% the least sensitive.
Image rotation
Use this setting to correct the orientation of the image when the camera is mounted upside down or at a 90 degree angle. The rotation options might vary depending on the model of the camera.
Lens type
Use this setting to select the lens type for cameras with interchangeable lenses. Depending on the selected lens type, you might have additional settings to configure, such as dewarping a fish-eye lens. For more information, see the Security Center Video Unit Configuration Guide.
392
Camera sequence
Camera sequence
The camera sequence entity defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. When displayed in a Security Desk, the camera sequence can be paused (stop cycling) and unpacked (showing all cameras at the same time). The cameras composing the sequence can be fixed, PTZ enabled, or federated. Each camera is given a preset amount of display time. Dome cameras can be configured to point to a preset position, to run a pattern, or to turn on/off an auxiliary switch. System: Omnicast IP video surveillance Views: Logical view
Identity Cameras Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Configuration of the cameras composing the sequence. Custom field values for this camera sequence.
Related topics:
"Camera (video encoder)" on page 368 "Creating camera sequences" on page 218 Viewing a camera sequence in the Security Desk User Guide
393
Camera sequence
Cameras
The Cameras tab allows you to configure the cameras composing the camera sequence. The order of the cameras in the list is the order they will be displayed in Security Desk. For information about creating camera sequences, see "Creating camera sequences" on page 218.
394
Cardholder
Cardholder
The cardholder entity represents a person who can enter and exit secured areas using their credentials (typically access cards), and whose activities can be tracked.
System: Synergis IP access control Task: Access control Cardholders

Identity Properties Picture Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Cardholders personal information and status. Cardholders picture. Custom field values for this cardholder.
Related topics:
"Badge template" on page 365 "Cardholder group" on page 398 "Credential" on page 401
395
Cardholder
Properties
The Properties tab shows the cardholders personal information and status. Additional information might be found in the Custom fields tab. For information about configuring cardholders, see Cardholder management in the Security Desk User Guide.
396
Cardholder
Picture
The Picture tab allows you to assign a picture to the cardholder. For information about editing cardholder pictures, see Assign a picture to the cardholder in the Security Desk User Guide.
397
Cardholder group
Cardholder group
The cardholder group entity is used to configure the common access rights and properties of a group of cardholders.
System: Synergis IP access control Task: Access control Cardholder groups

Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Cardholder group properties and members. Custom field values for this cardholder group.
Related topics:
"Cardholder" on page 395
398
Cardholder group
Properties
The Properties tab lets you view and configure the members of this cardholder group, and configure their common properties. Additional information might be found in the Custom fields tab.
Group available for visitors. Set this to ON if this group will be used for visitors Email address. Set an email address here for automated actions associated to the group Security clearance. (Only visible to administrative users) Set the security clearance level for
the cardholder group. A cardholder groups security clearance level determines their access to areas when a minimum security clearance level is required on areas by setting a threat level in Security Center. For more information, see "Set minimum security clearance" on page 122. Level 0 is the highest clearance level, with the most privileges.
Inherited from parent cardholder groups. The cardholder groups security clearance level is inherited from their parent cardholder group. When multiple parent cardholder groups exist, the highest clearance level is inherited.
Specific. Set a specific security clearance level for the cardholder group. Cardholders. Define the cardholder group members using the and buttons. Both individual cardholders and other cardholder groups can be members.
399
Cash register
Cash register
The cash register entity represents a single cash register (or terminal) in a point of sale (POS) system. Cash register entities are created by the Point of Sale role. They identify the transaction data imported by the Point of Sale role from an external POS system. Security Center can link Omnicast cameras to cash registers to provide video support to help security officers in their investigations. For more information, see Transactions in the Security Desk User Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see Enable Point-of-Sale plugin in the Security Center Installation and Upgrade Guide.
System: General Task: Logical view

Identity Cameras Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Cameras used to monitor this cash register in Security Desk. Custom field values for this cash register. Time zone and geographical location for this cash register.
Related topics:
"Point of Sale" on page 595 Transactions in the Security Desk User Guide
400
Credential
Credential
The credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Credentials are really claims of identity. A credential distinguishes one cardholder from another.
System: Synergis IP access control Task: Access control Credentials

Identity Properties Badge template Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Credential information and status. Default badge template associated to this credential. Custom field values for this credential.
Related topics:
"Badge template" on page 365 "Cardholder" on page 395
401
Credential
Properties
The Properties tab lets you configure the credential information and status. Additional information might be found in the Custom fields tab.
Credential information
This section identifies the details of the credential itself. If the credential is an access control card, the format, facility code and card number will be shown.
Cardholder. Displays the cardholder this credential is associated with. The cardholder can
be changed if required.
State
This section shows whether the credential status is active or Inactive/Lost/Stolen/Expired. It also displays the date and time when the credential was attributed to this state. Expiration - An expiration date/time can be set here so the credential expires automatically on a certain date and time.
402
Credential
Badge template
The Badge template tab defines the default badge template associated to this credential.
The badge template tab allows you to preview what the credential will look like when printed using any specific badge template. You can also print the card credential.
403
Door
Door
The door entity represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default A and B. Each side is an access point (entrance or exit) to a secured area.
System: Synergis IP access control Task: Logical view

Identity Properties Unlock schedules Hardware Access rules Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. General behavior of the door. Scheduled periods when the door should not be used for secured access. Physical wiring configuration of the door to access control units and associations to monitoring cameras. Access rules applied to this door. Custom field values for this door.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Elevator" on page 410
404
Door
Properties
The Properties tab allows you to configure the general behavior of the door.
Standard grant time. Amount of time the door is unlocked after an access granted event is
generated.
Access time. Amount of time the cardholder has to cross the entry sensor, in addition to the
Standard grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor.
EXAMPLE If the Standard grant time is 5 seconds, and the Access time is 5 seconds, the
cardholder has a total of 10 seconds to cross the entry sensor of the door.
Extended grant time. For cardholders with the property extended grant time turned on,
the amount of time the door is unlocked after access is granted.
Extended access time. For cardholders with the property extended grant time turned on,
the amount of time the cardholder has to cross the entry sensor, in addition to the Extended grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor.
EXAMPLE If the Extended grant time is 10 seconds, and the Extended Access time is 10
seconds, the cardholder has a total of 20 seconds to cross the entry sensor of the door.
Trigger a door open too long event. The event door open too long will be generated after
this duration.
Door
Ignore door forced open events. Ignore door forced open events. Unlocked for maintenance. Door is unlocked, and possibly pinned open for maintenance
purposes. Do not generate the normal events when in maintenance-mode. The values in the Request to exit section are generally used to decrease the number of false Request to exit events at a door.
Time to ignore Request to exit after granted access. Ignore any requests to exits for this
long after access has been granted.
Unlock on request to exit. Set to ON if a REX is being used, and you want to automatically
grant the request to exit.
Ignore Request to exit events while door is open. Do not generate REX when door is
open.
Time to ignore Request to exit after door closure. Once the door has closed, wait this
long before generating any more Request to exit events.
Unlock schedules
Unlock schedules represent scheduled periods when the door should not be used for secured access. It is unlocked, and no access rules are in effect.
A typical use of an unlock schedule might be:
406
Door
The main door of the office should be unlocked from 9:00 AM-12:00 PM, locked from 12:00 PM - 1:00 PM, and unlocked again from 1:00 PM - 6:00 PM.
Click the add button below Unlock schedules to apply free access periods. Click the add button below Exceptions to unlock schedules to apply controlled access
periods.
407
Door
Hardware
The Hardware tab allows you to configure the physical wiring relationships between the access control unit and the door, and associate cameras to door sides.
Match each one of these functions to correspond with the physical wiring done on the controller and door.
EXAMPLE The physical door has the following installed:
Door
A reader wired on door side A A REX wired on door side B A strike relay on the door lock A door sensor An auxiliary relay wired to a buzzer
In Config Tool, the door entity must have Card-In/REX out configuration. Door side A can be named Entry, and door-side B can be named Exit.
Access rules
The Access rules tab displays the access rules applied to this door.
In the example above, we can see that an access rule called Employees only is applied to the Entry side of the door but no rule is applied to the Exit side because of a Request to exit device.
409
Elevator
Elevator
The elevator entity provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.
CAUTION To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit used for elevator control cannot be shared for any other purpose.
System: Synergis IP access control Task: Logical view

Identity Floors Access Advanced Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Physical wiring relationships between the access control unit and the elevator floors, and cameras used to monitor this elevator in Security Desk. Access rules applied to the elevator floors, and scheduled periods when the elevator floors should not be used for secured access. Advanced behavior of the elevator. Custom field values for this elevator.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Door" on page 404
410
Elevator
Floors
The Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk.
Preferred unit. Assign an access control unit to manage this elevator cabs panel. Elevator cab reader. Assign a reader interface to be used inside the elevator cab. Camera. Select a camera to monitor this elevator in Security Desk. Floors. Assign push button relays and inputs to the elevator floor buttons.
Push button relay. Assign output relays to the different elevator floor buttons. Access granted events cause an output relay to close, which enables the button-push to request a certain floor. Floor tracking. (Optional) Assign inputs to elevator floor buttons. When you assign inputs, Security Center can take note of which floor button was pushed. , delete , and
The floor configurations can be added, deleted, or modified with the add buttons at the bottom of the page.
411
Elevator
Access
The Access tab lets you configure the access rules applied to each of the elevator floor, and determine when access to floors is controlled and when free access to elevator floors is available.
Access rules. Select access rules to determine which floor buttons are enabled, when, and
for which cardholders. Different access rules can be applied to different floors, or applied to all floors. In the example above, the access rule Weekdays applies to all floors.
Exceptions. Determine if there are any exceptions to the access rule you set.
Schedule. Select a schedule when the exception applies. Floor. Select which floors the exception applies to.
Mode. Select whether access to the elevator floor is free or controlled during the exception schedule. In the example above, controlled access is used when the office is closed.
412
Elevator
Advanced
The Advanced tab lets you configure the advanced behavior of this elevator.
Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
Free access when the output relay is:
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
413
Hotlist
Hotlist
The hotlist entity defines a list of wanted vehicles. Each vehicle in the list is identified by a license plate number, the license plate issuing state (or province, or country), and the reason why the vehicle is wanted (for example, Stolen, Wanted felon, Amber alert, VIP, and so on). Additional vehicle information can include the model, the color, and the vehicle identification number (VIN). Hotlists are used by both the AutoVu Patroller and the AutoVu LPR Manager role to check against license plates captured by LPR units to identify vehicles of interest. The hotlist entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include overtime, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a plate read matches a plate on a hotlist, it is called a hotlist hit. System: AutoVu IP license plate recognition Task: LPR Hotlists
Identity Properties Advanced Name, description, logical ID, and relationships of this entity with other entities in the system. Configure the basic parameters of the hotlist, including: assigning priority to a hotlist, and the location and attributes of the hotlist data file. Configure the advanced parameters of the hotlist, including: assigning color, sound, email address for notifications, and enabling hotlist and permit editor support. Custom field values for this hotlist.
Custom fields
Related topics:
"LPR Manager" on page 567 "LPR unit" on page 426
414
Hotlist
Properties
The Properties tab is where you configure the basic properties of the hotlist (hotlist priority, hotlist path, attributes, and so on). These settings tell Security Center how to parse the hotlist file into the format required by the Patroller and the LPR Manager to identify plates read by Sharp units. For more information on how to configure hotlists, see Configuring hotlists in the AutoVu Handbook.
Priority. Choose a hotlist priority. Zero (0) is the highest priority setting and 100 is the
lowest priority setting. This setting is used to resolve conflicts when a plate read matches more than one hotlist, in which case the hotlist with the highest priority is displayed first in the list of hotlist matches.
Hotlist path. Type the path or browse to the hotlist text file. Every hotlist entity in Security
Center must be associated with a text file containing the actual hotlist data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computers local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and youll need to type the username and password to access the network drive.
415
Hotlist
Use delimiters. Tells Security Center that the fields in the hotlist file are of variable length
and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your hotlist file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
Colon (:) Comma (,) Semi-colon (;) Tab (Tab)
If your hotlist file uses Tab as a delimiter (i.e. the Tab key on your keyboard), type the word TAB as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your hotlist file or Security Center may not be able to parse the hotlist.
Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor. Only the first 100,000 rows of a hotlist are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields in the source text file. From the Attributes area, you can add, delete, or edit the data fields (attributes). Security Center includes the following default attributes:

Category. (Mandatory field) Reason why a license plate number is wanted. For example: Scofflaw, Stolen, Amber alert, Wanted felon, and so on. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. Patroller uses the PlateNumber to match against a plate read. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional. If there is no start or end date for the hotlist, you can delete these fields, or simply leave them blank.
EffectiveDate. Date at which the hotlist starts to be effective. ExpiryDate. Date after which the hotlist is no longer valid.
IMPORTANT Please note the following about hotlist attributes.
416
Hotlist
The hotlist text file must include Category, PlateState, and PlateNumber fields. For this reason, these fields already appear in the attribute list and cannot be deleted from the list. There cannot be any spaces within an attribute name.
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Add ( ) or Edit ( ) a hotlist attribute. Configure the following:

Name. Name of the field. It may contain spaces. Only the three compulsory fields, Category, PlateState and PlateNumber cannot be renamed. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimeters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimeters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is yyyy-MM-dd. Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, CarMake, and CarColor. AMBER;QC;DEF228;TOYOTA COROLLA;GREEN STOLEN;QC;345ABG;HONDA CIVIC;BLUE STOLEN;QC;067MMK;FORD MUSTANG;YELLOW STOLEN;QC;244KVF;LEXUS IS350;SILVER
417
Hotlist
Advanced
The Advanced tab is where you configure the advanced properties of the hotlist (the color, sound, download frequency, and so on). These properties are not required for all hotlists, but allow you to customize certain hotlists for specific scenarios. For more information on how to configure hotlists, see Configuring hotlists in the AutoVu Handbook.
Color. Assigns a color to a hotlist. When you choose a color, the map symbol that marks
the location of the hotlist hit in Security Desk and Patroller, as well of the Hotlist Hit and Review Hits screen in Patroller, appears in that color.
Use wildcards. Indicates that the hotlist contains wildcards (partial license plate numbers).
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Wildcard hotlists are used in situations where witnesses did not see, or cannot remember a complete license plate number. This allows the officer to potentially intercept vehicles associated with a crime, which otherwise would not have been detected using standard hotlists. Best practice: If using a wildcard hotlist, use the following best practices:
Do not use more than one wildcard hotlist per Patroller. By default, hotlists are applied at the LPR Manager level. Use only one wildcard hotlist per LPR manager role.
418
Hotlist
Limit the number of entries to 100 plates. An asterisk (*) in the data file indicates a wildcard. Only the PlateNumber field accepts wildcard characters. If the asterisk is found in any other field, it is considered as a normal character. The PlateNumber field is limited to two wildcard characters. If you select Use wildcards, Patroller ignores all hotlist entries that do not contain a wildcard, or that contain more than two wildcard characters. It is the number of wildcards in the PlateNumber field, and not the location of the wildcard, that determines how many mismatched characters are allowed before a match can occur. The position of the wildcards cannot be enforced because, typically, when witnesses report a partial plate number, they do not remember the position of the characters they missed. The sequence of the normal characters in the PlateNumber is respected, such that the three patterns S*K3*7, **SK37, and SK37** are equivalent.
EXAMPLE If a wildcard hotlist contains the PlateNumber entry S*K3*7:
NOTE If using wildcard hotlists, please note the following:
Plate reads NSK357 and ASDK37 will generate a hit because both reads have no more than two mismatched characters (in red) and the sequence SK37 is respected. Plate read SUKA357, will not generate a hit because it contains three mismatched characters (in red).
Plate read SKU573 read will not generate a hit because the sequence of characters SK37 is not found in the read. Covert. Set the hotlist to a covert hotlist. When you choose this setting, Patroller users are not alerted when a hit occurs. Only users with sufficient privileges can view covert hits in Security Desk.
Email address. Set hotlist email notifications. When the hotlist youre configuring
generates a hit, Security Center sends an email to the address you specify.
IMPORTANT For this feature to work, the SMTP configuration must be set up in the Server
Admin and the Email notification option must switched to ON in the Config Tools LPR Manager Properties tab.
Sound file. This indicates which sound Patroller should play when a hotlist hit occurs. If
you leave this field blank, Patroller plays its default sounds. The path (you must include the filename) indicates the files location on the Patroller in-vehicle computer. You can copy sound files to the in-vehicle computer manually, or use the Security Center updater service to push new sound files to Patroller as you would a hotfix. Only .wav files are supported.
Override privacy for emails. Bypasses any privacy settings you applied at the Directory
level (see "Applications" on page 640), and sends an email with real LPR data to the Email address you specified for this particular hotlist.
419
Hotlist
Disable periodic transfer. Turns off periodic transfer of hotlist modifications to the
Patroller computer. When this setting is off, hotlist changes are only downloaded to Patroller when the user logs on to the application. This option requires a wireless connection between Patroller and Security Center.
Enable transfer on modification. Transfer hotlist modifications to Patroller as soon as they

occur. For example, you can use this option on a hotlist to force Patroller to query for changes more frequently than the periodic transfer period (which applies to all hotlists). This can be useful for Amber alerts because they can be added to a specific hotlist and sent to a Patroller almost immediately. This option requires a continuous wireless connection between Patroller and Security Center.
420

An intrusion detection area entity corresponds to an area (also known as zone or partition, depending on the manufacturer) that is configured on an intrusion panel (also known as alarm panel). Intrusion detection areas might be automatically created by the Intrusion Manager when the intrusion panels on which they are configured are enrolled to your system. Intrusion detection areas are not configurable for the most part, except for the cameras assigned to them for monitoring purposes in Security Desk and the event-toactions. They are automatically updated when the zones they correspond to are updated on the intrusion panels. System: General Intrusion management Task: Logical view
Identity Properties Cameras Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Shows the properties of the intrusion detection area as it is configured on the intrusion detection unit. Cameras used to monitor this intrusion detection area in Security Desk. Custom field values for this intrusion detection area.
Related topics:
"Enroll an intrusion panel" on page 156 "Create an intrusion detection area" on page 159 "Intrusion Manager" on page 563 "Intrusion detection unit" on page 423
421
Properties
The Properties tab shows the properties of the intrusion detection area as configured on the intrusion detection unit.
NOTE This page is read-only for zones configured on Bosch units.
Property description
Physical name. Name of the intrusion detection area (sometimes called zone or partition)
as it is configured on the physical intrusion panel. Changing the entity name of the intrusion detection area will not change its physical name.
Intrusion detection unit. Entity name of the intrusion detection unit (intrusion panel)
where this area is configured.
Devices. Name and description of the inputs defining this intrusion detection area.
TIP You can assign meaningful names to input and output devices of the intrusion detection unit from the units Peripherals tab. For more information, see "Edit intrusion detection unit peripherals" on page 158.
422
Intrusion detection unit

The intrusion detection unit entity represents a physical intrusion panel that is monitored and controlled by Security Center. An intrusion panel (also known as alarm panel) is a wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. System: General Intrusion management Task: Intrusion detection Units
Identity Properties Peripherals Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Hardware specific settings for this unit. List of all peripheral devices connected to the unit. Custom field values for this intrusion detection unit. Time zone and geographical location of this unit.
NOTE Security Center currently supports both Bosch GV2/GV3 series and Honeywell Galaxy Dimension intrusion panels. Only the configuration of Bosch intrusion panels is described in this manual. For the configuration of Honeywell intrusion units in Security Center, see the Honeywell Galaxy Control Panel Integration User Guide, found in the Documentation\Controllers folder of your Security Center installation package.
Related topics:
"Enroll an intrusion panel" on page 156 "Intrusion Manager" on page 563 "Intrusion detection area" on page 421
423
Properties
The Properties tab allows you to configure the hardware-specific options for this unit.
Clear logs after download is completed. Select this option to erase the log from the
intrusion panel once it is downloaded to Security Center.
NOTE You might not want Security Center to erase the logs on the intrusion panel if the panel
is also monitored by a central monitoring station.
Interface type. The interface type cannot be changed after the entity is created. If you need
to change the interface type, you need to delete the entity and re-create it. For more information, see "Enroll an intrusion panel" on page 156. For the serial interface, you can change the port number. For the IPv4 interface, you can change the IP address of the intrusion panel and its connection port.
Clock synchronization. Select Automatic synchronization if you want the clock on the
intrusion panel to be synchronized with Security Center.
424
Peripherals
The Peripherals tab lists all peripherals (inputs pins and output relays) connected to the intrusion detection unit. For more information about editing intrusion detection unit peripherals, see "Edit intrusion detection unit peripherals" on page 158.
425
LPR unit
LPR unit
An LPR unit is an IP-based license plate recognition (LPR) device. An LPR device converts license plate numbers cropped from camera images into a database searchable format. Typically, an LPR unit includes two cameras: an LPR camera that produces high resolution close-up images of license plates; and a context camera that produces a wide-angle color image of the license plate and the vehicle. AutoVu Sharp is the LPR unit used in Security Center AutoVu solutions. The Sharp includes license plate capturing and processing components, as well as digital video processing functions, enclosed in a ruggedized casing. Sharps can be deployed in mobile and fixed installations. A mobile installation is where the Sharp is mounted on a vehicle and is integrated into AutoVu Patroller (the in-vehicle software of the AutoVu LPR system), which in turn is integrated into Security Center. A fixed installation is where the Sharp is mounted in a fixed location, such as on a pole, and integrated directly into Security Center. The LPR Manager automatically detects Sharps on the network and adds them to the Security Center system. It detects mobile Sharps through the AutoVu Patroller system they are connected to. It detects fixed Sharps directly through the Security Center discovery port. System: AutoVu IP license plate recognition Task: Role view (under the LPR Manager roles and Patrollers)
Identity Properties Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Unit properties such as manufacturer, model, firmware version, network settings, and authentication password. Custom field values for this LPR unit. Time zone and geographical location of this unit.
Related topics:
"LPR Manager" on page 567 "Patroller" on page 450
426
LPR unit
Properties
The Properties tab displays hardware and software information about the Sharp unit, such as the IP address and port being using. You can also associate a specific hotlist to the Sharp, or link the LPR camera in the Sharp to an Omnicast camera, or the Sharp's own context camera.
Properties. Displays hardware and software information about the Sharp unit:
IP address. IP address of the Sharp unit. Port. Port used by the LPR Manager to communicate with the Sharp unit. Version. AutoVu PlateReaderServer software version running on the unit. Type. Unit hardware version. Serial number. Unit factory installed serial number.
427
LPR unit
Applications. Displays which Updater service and Firmware versions are running on the
Sharp.
Devices. Link the LPR camera to an Omnicast camera. File association. Select how the Sharp behaves with hotlists:
Inherit from LPR Manager role. The Sharp uses the hotlists associated with its parent LPR Manager. This is the default setting. Specific. Associate specific hotlists with the Sharp unit. This allows you to create Eventto-actions in Security Desk that trigger on that specific hotlist. For example, if youre using the Sharp to allow access to a parking lot, you would put the vehicle plates on a hotlist, and then associate that hotlist to the Sharp.
NOTE To reboot a fixed Sharp, click the Reboot button found on the Contextual command toolbar at the bottom of the Config Tool window. If the Reboot button is not visible, log on to the <Admin Tool>s Configuration page, and then select Accept remote reboot requests.
428
Macro
Macro
The macro entity encapsulates a C# program that adds custom functionalities to Security Center. Macros can be executed either manually or automatically. When automated, it is loaded as a background process and executes when a set of conditions are met.
System: General Task: System Macros

Identity Properties Default execution context Name, description, logical ID, and relationships of this entity with other entities in the system. Features a basic text editor allows you to view and edit your C# code. Default values for the context variables declared in the macro body. The default execution context is used when the macro is run from the Common tasks area.
Related topics:
"Using macros" on page 110 "Tile plugin" on page 480 "Monitoring the status of your system" on page 177
429
Macro
Properties
The Properties tab provides a basic text editor for you to write your C# code.
Import from file

Click this button to import the source code from a file.
Checking syntax
Click this button to validate the C# code. If errors are found in the code, they are listed in a dialog box with the line and column numbers where they are found.
NOTE Security Center prevents a macro that has errors from being saved. If a macro has errors,
and you change tabs, it is rolled back to its last error free version.
430
Macro
Default execution context

The Default execution context tab shows the context variables defined in your macro.
About the execution context

You can provide input parameters to your macro by declaring mutators. Such mutators must be public. Their type must be one of the following:
System.Boolean System.String System.Int32 System.Guid
By declaring mutators, your macro will have an execution context that can be configured in the Default execution context tab. If a macro is run without specifying an execution context, the default execution context is used. This is always the case when a macro is launched from the Contextual commands toolbar in Config Tool. The default execution context can be overridden by specifying your own context.
431
Monitor group
Monitor group
The monitor group entity is used to configure the properties of a group of analog monitors.
System: General Task: Alarms - Monitor groups

Identity Monitors Name, description, logical ID, and relationships of this entity with other entities in the system. General behavior of the analog monitor.
Related topics:
"Analog monitor" on page 357 "Managing alarms" on page 111
432
Monitor group
Monitors
The Monitors tab lets you add multiple analog monitors to the monitor group. Later, when you create alarms, you can add a monitor group and its members as a recipient of the alarm. See "Configuring analog monitors" on page 220.
IMPORTANT The order of analog monitors in the monitor group list is important. If you add more than one analog monitor to the monitor group, the first analog monitor in this list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in this list will receive all the other alarms.
433
Network
Network
Network entities are used to capture the characteristics of the networks used by your system so that proper stream routing decisions can be made. Unless your entire system runs from a single private network without communicating with the outside world, you must configure at least one network entity other than the Default network to describe your networking environment. System: General, and more specifically for Omnicast Task: Network view
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Network characteristics and routing information.
Related topics:
"Managing the Network view" on page 82 "Server" on page 471 "Media Router" on page 585
434
Network
Properties
The Properties tab defines the network characteristics and routing information.
Capabilities
Data transmission capabilities. This setting is only used by Omnicast for streaming live video on the network. Always select the largest set of capabilities if your network supports them.
Unicast TCP. Unicast (one-to-one) communication using TCP protocol is the most
common mode of communication. It is supported by all IP networks, but it is also the least efficient method for transmitting video.
Unicast UDP. Unicast (one-to-one) communication using UDP protocol. Because UDP is a
connectionless protocol, it works better for live video transmission. When the network traffic is busy, UDP is much less likely to cause choppy video then TCP. A network that supports unicast UDP necessarily supports unicast TCP.
Multicast. Multicast is the most efficient transmission method for live video. It allows a
video stream to be transmitted once over the network to be received by as many destinations as necessary. The gain could be very significant if there are many destinations. A network supporting multicast necessarily supports unicast UDP and unicast TCP.
NOTE Multicast requires specialized routers and switches. Make sure you confirm this with
your IT department before setting the capabilities to multicast.
435
Network
IPv4 address
IPv4 has two display modes.
Subnet display. This mode displays the IPv4 subnet mask as four bytes.
CIDR block display. The Classless Inter-Domain Routing (CDIR) mode displays the IPv4
subnet mask as a number of bits.
Click
to select the preferred display mode.
IPv6 address
Version 6 IP address prefix for your network.
Your network must support IPv6 and you must enable the option Use IPv6 on all your servers. For more information, see "Network" on page 476.
Proxy server
You only need to specify the proxy server when Network Address Translation (NAT) is used between your configured networks. The proxy server must be a server known to your system and must have a public port and address configured on your firewall. For more information, see Server "Properties" on page 472.
Routes
Routes are defined by default between every two networks on your system. The route capabilities are limited by the smallest capability set of the two end points. For example, if one end is capable of multicast and the other end is only capable of unicast UDP, the capabilities of the route between these two end points cannot be more than unicast UDP. If the connection between the two end points (for example VPN) only supports unicast TCP, you might have to limit the capabilities of a route even further. You need to delete a route if no direct connection exists between two networks.
436
Output behavior
Output behavior
The output behavior entity defines a custom output signal format such as a pulse with a delay and duration. Output behaviors are used to control output relays that are not being used to control door locks.
System: Synergis IP access control Task: System Output behaviors

Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Output signal pattern.
Related topics:
"Access control unit" on page 337 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
437
Output behavior
Properties
The Properties tab lets your configure the output signal pattern.
Some examples of output behaviors can include controlling a parking gate, flashing a light in the warehouse, and so on. In the image above, the behavior for an output relay is configured to open and close the circuit 10 times over a 10 second period.
Output type. Choose state, pulse or periodic.

State sets the circuits state to open or closed, Pulse sets a pulse to be generated, and Periodic sets a cyclic output to be generated.
Delay. The delay before the pulse or periodic output is generated. Duration. The duration (in milliseconds) of the pulse. Infinite. Select this checkbox if the periodic behavior should continue until it is told to stop
by another output behavior.
Duty cycle. The ratio of the output signal pattern pulse width divided by the period. Period. The time for one complete cycle of the output signal pattern.
Output behaviors can be triggered by automatic event-to-action relationships, manually through hot actions in Security Desk, or through IO linking.
438
Overtime rule
Overtime rule
The overtime rule entity specifies time limits of parking within a restricted area (a single parking space, a city district, or both sides of a city block). It also specifies the maximum number of overtime violations enforceable within a single day. The overtime entity is downloaded to Patroller. In Patroller, an overtime hit occurs when the time between two plate reads of the same plate is beyond the time limit specified in the overtime rule. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator then does a second pass through the district at 1:05 P.M. If a plate was read during the first and second pass, Patroller will generate an overtime hit. The overtime rule is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a pair of plate reads (same plate read at two different times) violates an overtime rule, it is called an overtime hit. System: AutoVu IP license plate recognition Task: LPR Overtime rules
Identity Properties Parking lot Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. The parking regulations enforced by this entity. The parking zone where this entity is enforced. Custom field values for this overtime rule.
Related topics:
"Hotlist" on page 414 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
439
Overtime rule
Properties
The Properties tab is used to configure the parking regulations enforced by this overtime rule. For more information on how to configure overtime rules, see Configuring overtime rules in Security Center in the AutoVu Handbook.
Color. Assign a color to the overtime rule. When you select the overtime rule in Patroller,
the plate reads on the map, and the hit screen, are displayed in this color.
Vehicle parking position. Each Patroller has two sets of calibrated parameters for the
optimal reading of wheel images, based on the parking position of the vehicles: Parallel or Angled (45-degree). This setting tells the Patroller which set of parameters to use.
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with wheel imaging applications.
Long term overtime. Use this option for long term parking; that is, where vehicles can park
in the same spot for over 24 hours. When Long term overtime is selected, the parking time limit is specified in days (2 to 5 days).
IMPORTANT You can only have one long term overtime rule per Directory.
This option automatically sets the parking regulation to same position, meaning the vehicle has parked overtime when it stays in the same parking space beyond the parking time limit set for such parking space.
440
Overtime rule
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with or without
wheel imaging. Wheel imaging is recommended if you plan to use this rule to detect vehicles parked long term so that you can distinguish between someone who parks in the same position and a vehicle which has been abandoned.
Parking enforcement. Select the type of restricted parking area that applies to the time
limit: a single parking spot, a district within a city, or both sides of a city block.
Same position. A vehicle is parked overtime if it parks in the same spot beyond the time limit specified. For example, your overtime rule specifies a one hour parking limit for a single parking space. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass at 10:05 A.M. If Patroller reads the same plate in the same spot both times, it results in an overtime hit.
IMPORTANT For this feature to work, Patroller needs GPS capability.
District. A vehicle is parked overtime if it is parked anywhere within a city district (a geographical area) beyond the specified time limit. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller user does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass through the district at 1:05 P.M. If Patroller reads the same plate in the same district both times, it results in an overtime hit.
Block face (2 sides). A vehicle is parked overtime if it is parked on both sides of a road between two intersections beyond the specified time limit. For example, your overtime rule specifies a 1hour parking limit within a city block face.The Patroller operator does a first pass through the block face at 9:00 A.M. collecting license plate reads. The operator does a second pass down the block at 10:05 A.M. If Patroller reads the same plate in the same block face both times, it results in an overtime hit. Regulation. Defines the parking time limit, when it is to be enforced, the grace period to be granted, and how many times it can be enforced within a single day. You can add, delete, and modify a parking regulation. To add a regulation, click , and do the following.
441
Overtime rule
Time limit. The parking time limit in hours and minutes. Grace period. Time beyond the parking time limit during which overtime violation is waived. For example, Patroller will generate an overtime hit on a plate when time between the capture of the same plate exceeds the Time limit plus the Grace period. Applicable days. Days of the week when the time limit is enforced. You can select a weekly time frame from the drop-down list: Always (7 days), Weekdays (Monday to Friday), Weekends (Saturday and Sunday), and Custom. To create a custom time frame, click on the days. Applicable hours. Select when the time limit is enforced. You can choose All day or Time range. To define a time range, click in the date picker field, and use the text field or the graphical clock to specify the time.
About multiple overtime violations

You can add multiple parking regulations to an Overtime rule to specify the maximum number of citations that can be issued to the same vehicle for the same offence. For example, lets say your overtime rule has two separate parking regulations defined (of differing time limits if required). If a vehicle exceeds the first parking time limit an overtime hit occurs. If the same vehicle remains parked and subsequently exceeds the second parking time limit, a second overtime hit occurs. If the same vehicle still remains parked a third overtime hit will not occur. By default, Patroller keeps reads associated to an overtime rule for 12 hours. Therefore, if the next day the vehicle is still in the same spot, and exceeds the parking time limit, an overtime hit will occur. To change the reset time of overtime rules, see the Patroller Config Tool setting LinkReadPersistenceDuration.
Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see Zone occupancy report in Genetec Security Desk User Guide.
442
Overtime rule
NOTE This applies only to AutoVu Patroller University Parking applications.
You can add multiple lots to a map.
443
Parking facility
Parking facility
The Parking facility entity defines a large open parking area or a parking garage as a number of sectors and rows for the purpose of tracking the location of vehicles inside that parking facility. It is used in the AutoVu Mobile License Plate Inventory (MLPI) application. The license plate inventory is the list of vehicles present in a parking facility within a given time period. Before AutoVu MLPI units (mobile Patrollers and handheld devices) can collect license plates for the inventory, you must define their collection route as a sequence of sectors and rows configured in the parking facility. The sector and row where a license plate is read represents the location of the vehicle inside the parking facility. Security Center collects license plate reads from the MLPI units and creates an inventory for the current date. Using Security Desk, you can find where a vehicle is parked (sector and row) and how long it has been parked there in the current inventory. You can also compare two inventories on different dates to view the vehicle movements (vehicles that were arrived, moved, or left). System: AutoVu IP license plate recognition Task: LPR Parking facilities
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Assigns an LPR Manager to this entity and configures its sectors and rows. Custom field values for this parking facility.
Related topics:
"Patroller" on page 450
444
Parking facility
Properties
The Properties tab is used to assign an LPR Manager to the parking facility and configure its sectors and rows for the license plate collection route. For more information on how to configure parking facilities, see Configuring parking facilities in the AutoVu Handbook.
AutoVu LPR Manager. Select the LPR Manager responsible for creating and managing the
license plate inventory for this parking facility. Only offloads from MLPI Patrollers managed by the same LPR Manager are used to build the inventory for this parking facility. An MLPI Patroller offload can include the vehicle inventory for multiple parking facilities, but only the reads tagged for this parking facility are used to build the inventory.
IMPORTANT Make sure to set a Read retention period for the LPR Manager (see "General settings" on page 569) that is long enough for the period of time you want to keep your inventories.
Configuration. List of sectors, rows, and space count of the parking facility. The parking
space of a parking facility is divided into sectors (or levels in the case of a parking garage) for ease of reference. Each sector contains x number of rows, and each row contains x number of spaces. You can configure Patroller to trigger an alarm (sound or warning message) if the reads collected during your sweep of a row exceed the space count for that row.
Parking facility
Route. License plate collection route to be followed by the MLPI units responsible for
collecting the license plates for the inventory. The route is downloaded by the Patrollers and handheld devices assigned to this parking facility. Only one route may be defined per parking facility, but each MLPI device can start its sweeping round at a different point in the route. The route forms a closed circuit. New sectors and rows are added to the end of the route by default. You can change the order of sector-rows in the route using the and buttons.
446
Partition
Partition
The partition entity defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. Partitions eliminate the tedious task of creating one-to-one relationships between users and the entities they are allowed to see in the system. If a user has no rights to a partition, that partition and everything it contains are invisible to that user. System: General Task: Security Partitions
Identity Properties Accepted users Name, description, logical ID, and relationships of this entity with other entities in the system. Defines the members (content) of the partition. Defines the users who can see the content of the partition.
Related topics:
"Managing software security" on page 89 "Defining partitions" on page 90 "User" on page 482 "User group" on page 489
447
Partition
Properties
The Properties tab allows you to view and manage partition content.
From this tab, you can do the following:
To share this partition with other independent Security Center systems, switch Global
partition to ON. For more information, see "Configure a partition for sharing" on page 304. To search for an entity in the members list, use the name filter or the custom filter. For more information, see "Searching for tasks and entities" on page 42. . For more information, see "Add members to a partition" on page 92. To remove the selected entities from the partition membership, click .
To add members to the partition, click
To jump to the configuration page of the selected entity, click . To filter the members by entity type, use the Show drop-down list.
Related topics:
"Managing global cardholders" on page 296
448
Partition
Accepted users
The Accepted users tab allows you to view and configure who can access the content of the partition, and designate some of them as partition managers.
From this tab, you can do the following:
To show only users, only user groups, or both, use the Entity type scroll-down list. To add accepted users to the partition, click . For more information, see "Add accepted
users to a partition" on page 92. To promote the selected user or user group to the status of partition manager, click the Partition manager checkbox
NOTE All administrators are by default managers of all partitions. This is shown by the
checkbox selected but greyed out. For more information, see "Who is a partition manager?" on page 91.
To remove all access rights over the partition from the selected users and user groups, Click
.
To jump to the configuration page of the selected entity, click
449
Patroller
Patroller
A Patroller entity represents the in-vehicle software that runs on board a mobile data computer (MDC). It verifies license plates captured by LPR units mounted on the vehicle against lists of vehicles of interest and vehicles with permits. It also collects data for time-limited parking enforcement. The Patroller interface alerts users of license plates matching the above rules so that immediate action can be taken.
System: AutoVu IP license plate recognition Task: Logical view, or LPR Units (under LPR Manager)
Identity Properties Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Assigns an LPR Manager to this entity and configures its sectors and rows. Custom field values for this Patroller. Time zone and geographical location of this unit.
Related topics:
"LPR unit" on page 426
450
Patroller
Properties
The Properties tab displays information about the computer hosting the Patroller entity (you cannot edit the Patroller properties). You can also configure sound management, acknowledgment buffer settings, and a hit delay for the Patroller unit.
TIP Use the Copy configuration tool to copy these settings to another Patroller entity.
451
Patroller
Properties. Lists the properties of the Patroller in-vehicle computer.
IP address. IP address of the Patroller computer. Version. Version number of the Patroller application. Type. Patroller installation type(s). Serial number. Serial number of the Patroller. Machine name. Name of the Patroller computer. Inherit from LPR Manager role. Patroller uses the hotlists and permit lists associated with its parent LPR Manager. This is the default setting.
File association. Select how the Patroller behaves with hotlists and/or permit lists:
Specific. Associate specific hotlists or permit lists with the Patroller unit rather than the LPR Manager. If you later want to move the Patroller entity to another LPR Manager on your system, the hotlist or permit list will follow. Sound management. Configure Patroller to play a sound when reading a plate and/or generating a hit, and choose whether sounds should be played even when Patroller is minimized.

Play sound on hit. Plays a sound when Patroller generates a hit. Play sound on read. Plays a sound when Patroller reads a plate.
Play sounds even when minimized. Play sounds even if the Patroller window is minimized. Acknowledgment buffer. Specify a buffer restriction that limits how many hits can remain unacknowledged (not accepted or rejected) before Patroller starts automatically rejecting all subsequent hits. You can also choose (by priority) which hotlists should comply with this restriction.

Reject count. How many unacknowledged hits are allowed.
Reject priority. When you create a hotlist entity, you can specify a priority for that hotlist. This setting tells Patroller which hotlist(s) should comply with the buffer restriction. Hotlist. Specify the Duplicate hotlist hit delay that tells Patroller to disregard multiple hits on the same plate for the duration of the delay. For example, if you set a delay of 10 minutes, no matter how many times Patroller reads the same plate during those 10 minutes, it will generate only one hit (assuming the plate is on a hotlist).
452
Permit
Permit
The Permit entity defines a single parking permit holder list. Each permit holder is characterized by a Category (whose value is the same as the name of the Permit entity), a license plate number, a license issuing state (or province, or country), an optional permit validity range (effective date and expiry date), and an optional Permit ID. Permits are used by AutoVu Patrollers configured for either city or university parking enforcement. The permit entity belongs to a family of methods used by AutoVu to identify vehicles of interest, called hit rules. Other types of hit rules include hotlist, overtime, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a read fails to match any permit loaded in the Patroller, it generates a permit hit. System: AutoVu IP license plate recognition Task: LPR Permits
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Configuring the parsing of the source permit data file for this entity. Custom field values for this permit.
Related topics:
"Hotlist" on page 414 "Patroller" on page 450 "Overtime rule" on page 439 "Permit restriction" on page 457
453
Permit
Properties
The permit Properties tab is used to configure the parsing of the source permit data file. For more information on how to configure permits, see Configuring permits and permit restrictions in Security Center in the AutoVu Handbook.
Path. Type the path or browse to the permit text file. Every permit entity in Security Center
must be associated with a text file containing the actual permit data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computers local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and youll need to type the username and password to access the network drive.
Use delimiters. Tells Security Center that the fields in the permit list file are of variable
length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your permit list file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
Colon (:) Comma (,)
454
Permit
Semi-colon (;) Tab (Tab)
If your permit list file uses Tab as a delimiter (i.e. the Tab key on your keyboard), type the word Tab as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your file or Security Center may not be able to parse the permit list.
Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor. Only the first 100,000 rows of a list are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields (attributes) in the source text file. You can add, delete, or edit the fields.
IMPORTANT There cannot be any spaces within an attribute name.
Category. (Mandatory field) The name of the parking permit. This field in the permit lists source text file must match the permit entity name for the entry to be downloaded to Patroller. This field allows you to use one permit list for several permit entities on your system, provided you create permit entities for each permit category in your permit list.
EXAMPLE Here is a simple permit list with three different permit categories (Students,
Faculty, and Maintenance). Students;QC;DEF228;2012-01-31;2012-05-31;PermitID_1

Category field
Faculty;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 Maintenance;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
You can use this same permit list for three different permit entities. Create a Students permit entity, a Faculty permit entity, and a Maintenance permit entity, and then point all of them to the same source text file. Security Center will extract the license plates (and related information) whose category is the same as the name of the permit entity.
IMPORTANT The permit entity name must match the category name exactly.
PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional.

Permit
EffectiveDate. Date from which the particular permit on the list starts to be effective. ExpiryDate. Date after which the particular permit on the list is no longer valid.
PermitID. (University Parking Enforcement only) Used when multiple entries in a permit list share the same permit (e.g. car pool permits). Can be used to identify the number of the permit issued to the vehicle whose license plate is identified in PlateNumber. In the case of shared permits, normally up to four separate vehicles would all have the same permit number. Add ( ) or Edit ( ) a permit attribute. Configure the following:

Name. Only the three compulsory fields, Category, PlateState, and PlateNumber cannot be renamed. Names may contain spaces. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimiters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimiters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is yyyy-MM-dd. For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, EffectiveDate, ExpiryDate, and PermitID. MyPermit;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 MyPermit;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 MyPermit;QC;067MMK;2012-03-31;2012-09-11;PermitID_1 MyPermit;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
456
Permit restriction
Permit restriction
The permit restriction entity defines where and when permit holders can park. Different time restrictions can be applied to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. Permit restrictions are used by AutoVu Patrollers configured for University Parking Enforcement. The permit restriction entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, overtime, and permit. When a plate read matches a hit rule, it is called a hit. When a plate read matches a permit restriction, it generates a permit hit. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. System: AutoVu IP license plate recognition Task: LPR Permit restrictions
Identity Properties Parking lot Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. The parking restrictions applied to this entity. The parking zone where this entity is enforced. Custom field values for this permit restriction.
Related topics:
"Overtime rule" on page 439 "Patroller" on page 450 "Permit" on page 453
457
Permit restriction
Properties
The Properties tab is used to configure the restrictions for the individual permits that apply to the parking zone represented by the rule. For more information on how to configure permit restrictions, see Configuring permits and permit restrictions in Security Center in the AutoVu Handbook.
Color. Color used to represent the permit restriction in Security Desk. In Patroller, permit
restrictions are always green for regular permit hits, or blue for shared permit hits. A read is displayed as a triangular-shaped icon in the selected color on the map, when an permit restriction is in effect. When a read violates one of the restrictions, the icon is encircled with a red ring. It indicates a permit hit.
List of restrictions. Define the time restrictions for the different permits associated to a
parking zone. Each time restriction is described by the following attributes:
Permits. Select the permits the time restriction applies to:
Everyone. Parking is available to everyone, regardless of whether they have a permit or not. No restriction is enforced during the specified time period. No permit. Only vehicles without permits can park. For example, you can use this type of restriction to reserve a zone for visitors parking. A plate read that matches any of the permits downloaded to the Patroller raises a hit.
458
Permit restriction
All permits. Only vehicles with a permit can park. A plate read that does not match any of the permits downloaded to the Patroller raises a hit. Specific permits. Only vehicles having one or more of the specified permits can park. A plate read that does not match any of the specified permits raises a hit.
When multiple time restrictions apply at a given time, conflicts are resolved by evaluating the restrictions in the following order: 1. Everyone, 2. No permit, 3. All permits, 4. Specific permits. Moreover, a hit is raised when a matched permit is not valid (either not yet effective or already expired).
Days. Days of the week when parking is allowed. Hours. Time during the day when parking is allowed. Validity. Dates when parking is allowed. Choose All year or select a specific time span using the date picker.
NOTE The date span must be longer than one day.
459
Permit restriction
Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see Zone occupancy report in Genetec Security Desk User Guide.
NOTE This applies only to AutoVu Patroller University Parking applications.
You can add multiple lots to a map.
460
Public task
Public task
The public task entity represents a saved Security Desk task that can be shared among multiple Security Desk users. Public tasks can only be created from Security Desk.
System: All systems Task: Role view

Identity Name and description of this public task. Use the relationships list to manage the visibility of this public task through partitions.
Related topics:
Getting started Save a task in Security Desk User Guide.
461
Role
Role
The role entity corresponds to a set of functions within Security Center, such as archiving video or managing access control units, and defines the parameters within which these functions must be carried out. Roles must be hosted by servers. Multiple roles can be hosted on a single server, and multiple servers can be assigned to perform the same role, either as a standby, or for load balancing purposes. System: All systems Task: System Roles Every role type has its particular configuration tabs. The following are the most common ones found in roles.
Identity Properties Resources Extensions Name, description, and relationships of this role with other entities in the system. Specific properties of the role. See "Role types" on page 510. Servers and database assigned to this role. Roles are often required to control hardware devices (units).
NOTE The Directory role is an exception. The Directory role can only be configured using Server Admin. For more information, see "Server Admin" on page 473.
Related topics:
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Server" on page 471 "Role types" on page 510
462
Schedule
Schedule
The schedule entity defines a set of time constraints that can be applied to many situations, such as when a user is allowed to log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). There are two subtypes of schedules:
Standard schedule (
). This type of schedule can be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. coverages, but cannot be used in all situations. Its primary function is to control video related behaviors. Twilight schedules are not visible in contexts where they are not applicable.
Twilight schedule ( ). This type of schedule supports both daytime and nighttime
System: General Task: System Schedules

Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Time constraints defining this schedule. Custom field values for this schedule.
Related topics:
"Using schedules" on page 103 "Resolving schedule conflicts" on page 105
463
Schedule
Properties
The Properties tab lets you configure the time constraints that define the schedule.
Date coverage
The date coverage defines a date pattern or specific dates to be covered by the schedule.
Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different
time coverage. This option is not available for twilight schedules. For more information, see "Weekly time range" on page 466.
Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date
pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year. For more information, see "Using the ordinal pattern" on page 468.
Specific. Defines a list of specific dates in the future. Each date can have a different time
coverage. This option is ideal for special events that occur only once.
Time coverage
The time coverage defines which time periods apply during a 24-hour day.
All day. Covers the entire day. This option is not available for twilight schedules. Range. Covers one or multiple discrete time periods within the day. For example, from
9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. This option is not available for twilight schedules. For more information, see "Setting the time range" on page 465.
Daytime. Covers from sunrise to sunset. This option is only available for twilight schedules.
For more information, see "Twilight coverage" on page 467.
Nighttime. Covers from sunset to sunrise. This option is only available for twilight
schedules. For more information, see "Twilight coverage" on page 467.
464
Schedule
Setting the time range

Time ranges are shown as colored blocks on a time grid. Each block represents either 15 minutes or one minute, depending on the selected time resolution. Left-click the mouse to select, and the right-click the mouse to remove a selection. To select or remove a contiguous block of time, click and drag.
Daily time range

The following example shows a daily schedule covering the period from 6 p.m. to 6 a.m. every day. The time grid shows a 24-hour day in blocks of 15 minutes.
To switch to high resolution mode (each block represents 1 minute), click the
Eye button.
While you are in this mode, use the arrow buttons to scroll in the 24 hour time line. To switch back, click the Eye button again.
465
Schedule
Weekly time range

The following example shows a weekly schedule covering a period from 9 a.m. to 5 p.m., from Monday to Friday, with a half-hour break between 12:15 p.m. and 12:45 p.m.
The Weekly date pattern is not available for twilight schedules.

TIP You can configure something equivalent to the Weekly pattern using the Ordinal pattern. The following example shows a schedule that covers the daytime of every Monday of the year.
466
Schedule
Time range for specific dates

When you use the Ordinal or Specific date pattern, the time range covers up to three days: the day before, the current day, and the day after. The following example shows a specific schedule covering July 1st 2011 from 9 p.m. the day before to 3 a.m. the day after.
While configuring multiple dates in the schedule (Ordinal or Specific), you can use a different time coverage for each day covered by the schedule.
Twilight coverage
The Daytime and Nighttime options are only available for twilight schedules. The following example shows a daily schedule using a Daytime coverage. The time coverage starts 10 minutes after the sun rises and ends 10 minutes before the sun sets.
NOTE You can offset the sunrise and sunset times by up to 3 hours, in both directions.
467
Schedule
Using the ordinal pattern

The Ordinal date pattern allows you to configure time coverages that repeat on specific days of a month or a year. You can define as many dates as necessary within a single schedule entity.
468
Scheduled task
Scheduled task
The scheduled task entity defines a command (or action) in Security Center that must be executed automatically, at a specific time, or repetitively on a recurring schedule.
System: General Task: System Scheduled tasks

Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Details about the scheduled task, recurrence pattern and action to be executed.
Related topics:
"Using scheduled tasks" on page 109 "Using event-to-actions" on page 106
469
Scheduled task
Properties
The Properties tab is where you configure the scheduled tasks behavior.
The schedule task properties are:
Status. Allows you to turn the scheduled task on or off. Recurrence.
Once. Executed once at a specific date and time. Every minute. Executed every minute. Hourly. Executed at a specific minute of every hour. Daily. Executed at a specific time every day. Weekly. Executed at a specific time on selected days of the week. On startup. Executed on system startup.
Interval. Executed at regular intervals that can be days, hours, minutes, or seconds. Action. Action to be executed on schedule. For more information, see "Action types" on page 758.
470
Server
Server
The server entity represents a generic computing resource capable of taking on any role (group of functions) you assign it. Server entities are not created manually on the system. Instead, Security Center automatically creates a server entity when the Security Center Server software (Genetec Server service) is installed on a machine, and that machine is connected to the main server of your system (the server hosting the Directory role). System: General Task: Network view
Identity Properties Server Admin Name, description, logical ID, and relationships of this entity with other entities in the system. Public address and port of the server. Embedded browser to access to the Web Server Admin page.
Related topics:
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Managing the Network view" on page 82 "Network" on page 434 "Role" on page 462
471
Server
Properties
The Properties tab shows the servers private IP addresses, and allows you to specify a public address and a port number. These last two settings are necessary only if the server acts as the proxy server for a private network.
Servers with multiple network interface cards

If your server is equipped with more than one network interface card (NIC), all private IP addresses corresponding to the NICs are listed.
IMPORTANT Make sure the first address found in the servers private address list matches the IPv4 properties of the network entity the server belongs to.
For more information, see Network "Properties" on page 435.

Server
Server Admin
The Server Admin tab lets you log on to the Server Admin Web page of the server. It also allows you to view and change the configuration of the server. For more information, see "Managing servers" on page 48.
The Server Admin page contains one or two tabs:
Directory. Settings pertaining to the configuration of the Directory role. This tab is only
present on the main server. For more information, see "Directory tab" on page 473.
Genetec Server. Local settings pertaining to configuration of the Genetec Server service.
For more information, see "Genetec Server tab" on page 476.
NOTE Depending on whether you are viewing Server Admin from the Config Tool or from a Web browser, the options are not exactly the same, because Config Tool needs to stay connected to the Directory. For all purposes, the Web browser (Internet Explorer) is a better way to connect to Server Admin.
Directory tab
The Directory tab is only available on the main server hosting the Directory role.
Server
Directory status
Shows the status of the Directory role. Allows you to start, stop, and restart the Directory.
Database
Configuration of the Directory database. The Directory database contains all system and entity configurations, the incident reports, and the alarm history.
The management of the Directory database is similar to the management of any role database. For more information, see "Managing databases" on page 52.
NOTE If you are accessing Server Admin from Config Tool, you wont have access to the database commands such as create and delete database, resolve conflicts, and restore database, because you cannot change the Directory database while being connected to it. IMPORTANT When database failover is enabled, you must manually perform a full backup every time you make a change to the Directory database from Server Admin. For more information, see "Configure database failover through backup and restore" on page 72. NOTE The Show actions progress ( ) button does the same thing the Database actions monitoring dialog box found in the Config Tools Home page, Tools view.
474
Server
License
Security Center license status and information.
Click License information to display your license options or to modify your license. For more information, see "License options" on page 768.
General properties
General properties of the Directory.
Secure communication. Select this option to encrypt all communications between the
Directory role and all client applications (Config Tool and Security Desk) on the system.
Incoming connection port. Port used by client applications such as Security Desk and
Config Tool to log on to your system. If you decide to change its default value (5500), the next time a user tries to log on to your system, they will have to add the port number to Directory name in the Logon dialog box, separated by a colon :.
Keep incidents. Specify how long the incident reports are kept in the Directory database. Keep audit trails. Specify how long the entity configuration history is kept in the Directory
database.
475
Server
Keep alarms. Specify how long the alarm history is kept in the Directory database.
Genetec Server tab

The Genetec Server tab is available on all servers, with only minor differences between the main server and the expansion servers.
Authentication
Use this section to change the password and HTTP port used to log on to the Server Admin on this server. These parameters correspond respectively to the Server password and the Web server port specified during Genetec Security Center Server installation.
If you decide to change the HTTP port from its default value (80), the next time someone needs to log on to this Server Admin from a Web browser, they will have to specify the port number in the URL as follows: http://machine:port/Genetec instead of http://machine/Genetec. Select the Local machine only option to accept logon requests only when they come from the local machine.
Network
Use this section to configure the network card and the TPC listening port used by Genetec Server.
Select Use IPv6 if your network supports it. IPv6 is only supported for video streaming. The Listening TCP port is used by Genetec Server to listen to commands received from the main server.
476
Server
Main server connection

This section is only found on the Genetec Server tab of expansion servers. Use this section to configure the connection parameters to the main server.
Enter the DNS name or the IP address of the main server, and the password required to connect to the main server. The password must match the password configured in the Authentication section of the main server.
Console
Use this section to enable/disable the debug console used by technical support engineers.
Specify a password to prevent anyone from accessing the console if necessary.
SMTP
Use this section to configure the SMTP server responsible to handle email messages in Security Center.
Mail server. DNS name or IP address of your SMTP mail server. SMTP server port. The server port is usually 25, though your mail server might use a
different port.
From email address. Email address shown as the sender of the email.
477
Server
Watchdog
Use this section to configure the Genetec Watchdog service. The role of the Watchdog is to ensure that the Genetec Server service is always running.
The Watchdog can be configured to send email notifications to a list of recipients for the following types of events: Error, Warning, and Information.
Activate Directory button

The Activate Directory button is only found on expansion servers. It allows you to convert the expansion server to the main server (the one hosting the Directory role).
WARNING This operation restarts Genetec Server. The next time you log on to Server Admin, youll have to use a Web Browser by entering http://machine/Genetec in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work.
You will also have to activate the software license on this newly converted main server. For more information, see the Security Center Installation and Upgrade Guide. If you have other expansion servers on the system, you will need to reconfigure them to connect to this one. See also "Deactivate Directory button" on page 479.
478
Server
Deactivate Directory button

This button is only found on the main server (the one hosting the Directory role). It allows you to convert the main server to an expansion server.
NOTE You cannot deactivate the Directory from the Config Tool.
WARNING This operation restarts Genetec Server. You will have to log on again to Server Admin, and connect this expansion server to a main server. Youll have to use a Web Browser, by entering http://machine/Genetec in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work. See also "Activate Directory button" on page 478.
Related topics:
"Convert a main server to an expansion server" on page 49
479
Tile plugin
Tile plugin
The tile plugin entity represents either a Web site ( ) or an interactive .dll or .xaml file ( ) that contains a map or floor plan. There are no default map files included with Security Center for tile plugins. Map files must be created using Genetec Plan Manager, or provided through an SDK developed by Genetecs Custom Development Solutions team or a third party. For information about Plan Manager, see the Plan Manager User Guide, available from the GTAP Documents page. For information about Genetecc Custom Development Solutions team, contact your sales representative. When a tile plugin is displayed in Security Desk, you can view and interact with the Web site or map file, such as viewing live video from cameras, changing the lock state of doors, and so on. When a tile plugin is attached to (is a member of) an area entity, it is automatically displayed in Security Desk instead of the area icon when the area is dragged to a tile. System: General Task: Logical view
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Links the tile plugin to a Web page or a .dll file. Custom field values for this tile plugin.
Related topics:
"Area" on page 360 "Macro" on page 429
480
Tile plugin
Properties
The Properties tab lets you link the tile plugin entity to a Web site or a .dll file. For more information, see "Create a tile plugin that links to a Web site" on page 165 or "Create a tile plugin that links to a map file" on page 165.
481
User
User
The user entity identifies a person who can use Security Center applications and defines the rights and privileges that person has on the system. Each user is assigned a username and a password, which are that persons credentials to log on to the system. While the user privileges limit the range of activities a user can perform on the system, the partitions limit the range of entities the user can exercise his/her privileges on. A user can be a member of one or more user groups. Users can inherit the privileges and the access rights from their parent user groups. System: General Task: Security Users
Identity Properties Workspace Security Privileges Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Users general profile. Users default Security Desk workspace configuration. Users security profile. Users privileges. Custom field values for this user.
Related topics:
"Defining users" on page 93 "Importing users from an Active Directory" on page 102 "Partition" on page 447 "User group" on page 489 "User privileges" on page 694
482
User
Properties
The Properties tab lets you configure the users general profile.
First name, last name, email address

The personal information of the user can be imported from your companys directory service.
TIP The email address can be used to send emails or to email reports to the user via Send an email and Email a report actions.
User status
Use this switch to activate or deactivate the user profile. A user cannot log on when their profile is deactivated. Deactivating a users profile while the user is logged on will immediately log off the user.
Password
Administrators and users that have the Change own password user privilege can change their password.
483
User
Password expiration
You can configure a users password to expire after a certain number of days. The system automatically warns users whose password is expiring soon, and gives them a chance to set a new password immediately. You can set the password expiry notification period to between 0 and 30 days. If you see that your password is going to expire soon, but do not have the Change own password user privilege, contact your administrator so they can change your password.
Password change required

You can configure Patroller and/or Security Desk to require a password change the next time the user tries to log on. Users must have the proper privilege to change their own passwords.
Limit concurrent logons

You can limit the number of different workstations a user can log on at the same time. This limit only applies to Security Desk. Config Tool is not restricted by this setting.
User logon schedule

You can restrict the user logon according to schedules. A schedule can either be used to allow user logon or to block user logon. When multiple schedules are being used, the schedule conflict rules apply. When two schedules with the same priority level overlap, the blocking schedule has priority over the allowing schedule. Related topics:
"Resolving schedule conflicts" on page 105 "Using event-to-actions" on page 106
484
User
Workspace
The Workspace tab lets you configure the users Security Desk workspace.
List of active tasks

This list shows the tasks found in the users active task list. Users can save their task list using the Save workspace (Ctrl+Shift+S) command found in the Security Desk command menu.
Hot actions
This list shows the hot actions mapped to the PC keyboard function keys (Ctrl+F1 through Ctrl+F12) when this user is logged on to Security Center via Security Desk. The user configures his hot actions via the Monitoring task. For more information, see Working with hot actions and alarms in the Security Desk User Guide.
Additional settings
Turn on the switch Automatically start task cycling on logon so the next time the user logs on via Security Desk, task cycling will start automatically.
TIP To prevent users from stopping the task cycling once the Security Desk is open, deny them
the Start/stop task cycling privilege. There are many more privileges that are designed to help the users focus on their tasks.
User
Security
The Security tab lets you configure the users security profile.
User level
User levels affect three things in Security Center:
They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117. They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream.
486
User
For more information about blocking cameras, see Blocking/unblocking cameras in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user has multiple parents, the highest user level will be inherited. If the user has no parent, the lowest user level (254) will be inherited.
Archive viewing limitation

This parameter serves to restrict the user's ability to view archived video to the last n days. This limitation can be inherited from a parent user group. If the user has multiple parents, the most restrictive limitation will be inherited. If the user has no parent, no restriction will be imposed.
Remotely control
This section lists the Security Desk workstations that this user is allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely

controlled, regardless of who is logged on. For more information, see Remote monitoring and Connecting to remote Security Desks in the Security Desk User Guide.
Logon supervisor of
This section lists the users whose logons are supervised by this current user. This means that when a user in this list needs to log on to the system, the current user must also provide his/her username and password in order to complete the logon. A user can have more than one logon supervisor. For more information, see Connecting to Security Center Log on with supervision in the Genetec Security Desk User Guide.
487
User
Privileges
The Privileges tab lets you view and configure the users privileges.
Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user can have many sets of privileges. Each user has the Basic privileges set, plus one for every partition he/she is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
488
User group
User group
The user group entity describes a group of Security Center users who share common properties and privileges. By becoming a member of a user group, a user automatically inherits all the properties of that group. This approach simplifies the configuration of users on large systems. A user can be a member of multiple user groups. User groups can also be nested. System: General Task: Security User groups
Identity Properties Security Privileges Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. User groups common email address and members. User groups security attributes than can be inherited by its members. Privileges that can be inherited by the group members. Custom field values for this user group.
Related topics:
"Defining user groups" on page 96 "Partition" on page 447 "User" on page 482 "User privileges" on page 694
489
User group
Properties
The Properties tab lets you view and configure the members of the user group.
Email address
The email address you set for a user group should be a group address that is used by all members of the group. This information can be imported from your companys directory service.
Members
List of user group members. The members inherit by default the rights to partitions and the privileges of the user group. The email address can be used to send emails or to email reports to users via Send an email and Email a report actions. Related topics:
"Importing users from an Active Directory" on page 102
490
User group
Security
The Security tab lets you configure common security attributes for the group members.
Security attributes can be inherited by the members of the user group, and can themselves be inherited from other user groups.
User level
User levels affect three things in Security Center:
They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117.
491
User group
They determine which users can continue viewing a video stream when a camera is blocked
in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream. For more information about blocking cameras, see Blocking/unblocking cameras in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user group has multiple parents, the highest user level will be inherited. If the user group has no parent, the lowest user level (254) will be inherited.
Archive viewing limitation

This parameter serves to restrict this user group members ability to view archived video to the last n days.
Remotely control
This section lists the Security Desk workstations that the members of this user group are allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely

controlled, regardless of who is logged on. For more information, see Remote monitoring and Connecting to remote Security Desks in the Security Desk User Guide.
Logon supervisor of
This section lists the users whose logons are supervised by the members of this user group. This means that when users from this list need to log on to the system, any member of this user group can help them complete their logon.
492
User group
Privileges
The Privileges tab lets you view and configure the user groups privileges.
The privileges of a user group are inherited by its members, and can themselves be inherited from other user groups.
Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user group might have many sets of privileges. Every one has the Basic privileges set, plus one for every partition the group is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
493
Video unit
Video unit
The video unit entity represents a video encoding or decoding device capable of communicating over an IP network, and incorporating either video encoders or video decoders. They come in a wide variety of brands and models. Some support audio, and others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. Video units are created manually or automatically by the Archiver if the unit supports automatic discovery. System: Omnicast IP video surveillance Task: Video Units
Identity Properties Peripherals Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Information required by the Archiver to connect to this video unit and other data transmission properties. List of all peripheral devices found on the unit that you can configure. Custom field values for this video unit. Time zone and geographical location of this video unit.
Related topics:
"Adding video units to your system" on page 194 "Camera (video encoder)" on page 368 "Archiver" on page 521
494
Video unit
Identity
The Identity tab of a video unit entity includes an additional section on hardware-specific information.
a
Standard information
The top section of the video units Identity tab is the same as that of all entities. For more information, see "Identity" on page 332.
Specific information
The bottom section of the Identity tab displays hardware specific information, such as the manufacturer, model, firmware version, and whether audio or SSL (Secure Socket Layer protocol) are supported.
495
Video unit
Upgrade the unit firmware

You can upgrade the firmware on your video unit directly from Config Tool.
Click
Upgrade, and from the file browser, select the firmware file (bin) to apply.
Properties
The Properties tab lets you configure the information required by the Archiver to connect to this unit and other data transmission properties. These settings vary from one manufacturer to another. Additional options might be available, depending on the unit type. The sample screen shot below is that of an Axis 210A unit.
IP address
Obtain network settings dynamically (DHCP). Select this option to have the IP address
assigned dynamically by your DHCP (Dynamic Host Configuration Protocol) server.
NOTE Do not use this option unless your DHCP server is configured to always assign the
same IP address to the same device.

Video unit
Specific settings. Select this option to enter a fixed address. This is the IP address you
entered when you initially created the video unit entity. You need to enter the following fields:
Local IP. Fixed IP address. Subnet mask. The subnet mask tells the unit which peripherals it can communicate with directly. Anything that does not belong to the same subnet must go through the Gateway. Gateway. IP address of the gateway. It must be on the same subnet as the unit.
Command port
The command port is the port used by the Archiver to connect to the video unit. The command port is sometimes called the HTTP port by some manufacturers.
Discovery port
The discovery port is used for automatic discovery (see "What is automatic discovery?" on page 196). Not all manufacturers supports this feature. On Verint units, both the command port and discovery port are replaced by a single port called the VSIP port.
Authentication
Credentials used by the Archiver to connect to the video unit.
Default login. Select this option for the Archiver to use the credentials defined in the unit
manufacturers extension.
Specific. Select this option for the Archiver to use specific credentials to connect to this
unit. The fields you need to fill in depend on the units manufacturer.
Use secure communication

Enable this option to use HTTPS communication instead of HTTP (default).
Bit rate
Use this option to limit the maximum bit rate allowed for this unit. Setting a limit to the bit rate helps prevent one unit from using up all the bandwidth available on the network.
Enable UPnP
Enable this option to use the UPnP (Universal Plug and Play) protocol. Disable UPnP if you do not want the unit to be discovered by other Windows applications. This option is disabled by default.
497
Video unit
Peripherals
The Peripherals tab lists all peripherals devices (input/output pins, audio encoder/decoder) found on the unit that are not explicitly shown as entities, such as the either video encoders or video decoders.
Logical ID and Description

To every peripheral device found on a video unit, you can assign:
Name. Logical name. It is the same as the Physical name by default. Logical ID. Logical identifier. Description. Description of the device.
To change the settings of a peripheral device:
Select a peripheral from the list and click Edit the item (
Output pin settings
For the output pin, you can also configure the default mode.
).
Normally open Normally closed
498
Video unit
Speaker properties
You can change the default settings of the speaker (audio decoder device).
The speaker settings are as follows:
Volume. Desired volume level (0 to mute, 100 equals maximum volume). UPD port. Port number used when the connection type is unicast UDP. Connection type. Connection type that should be used between the unit and the Archiver
for this audio decoder.
499
Video unit
Microphone properties
You can change the default settings of the microphone (audio encoder device).
The microphone settings are as follows:
Data format. Audio compression format. Input type. Type of input source.
Line in. Used for pre-amplified source. Mic in. Use this if the microphone is directly connected to the unit. In this case, the signal is amplified by the hardware.
Internal. Use microphones integrated to the unit. Sensitivity. Desired amplification level (default=68). The lower the level, the less sensitive the microphone is to ambient noise, but the recording level will also be lower.
UPD port. Port number used when the connection type is unicast UDP. Connection type. Connection type that should be used between the unit and the Archiver
for this audio encoder. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each audio encoder is assigned a different multicast address with a fixed port number. This is the most efficient configuration.
500
Video unit
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder because it will cause more traffic than necessary on the network. All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
501
Zone (hardware)
Zone (hardware)
The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A hardware zone (called zone in Synergis 2 and Security Center 3 and 4) is a subtype of the zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and only works in mixed and offline mode. A hardware zone cannot be armed or disarmed from Security Desk. System: Synergis IP access control Task: Logical view
Identity Properties Arming Cameras Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Input pins defining this zone and how they are evaluated. For a hardware zone, all input pins must be from the same access control unit. Arming source used for this zone and arming behavior configuration. A hardware zone can only be armed via a key switch or on schedule. Cameras used to monitor this zone in Security Desk. Custom field values for this zone.
Related topics:
"Managing zones" on page 160 "Access control unit" on page 337 "Access Manager" on page 511 "Zone (virtual)" on page 506
502
Zone (hardware)
Properties
The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
Access control unit

A hardware zone must be controlled by a single access control unit. All input pins and output relays configured for this zone must belong to the same unit.
Combining the inputs to evaluate the zone state

The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The possible input states are as follows:
Normal (interpreted as 0) Active (interpreted as 1) Trouble

You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.
503
Zone (hardware)
CAUTION Certain types of input, such as Door Monitor on an HID VertX unit, can only be used for their designated purpose. Other inputs, such as AC Fail and Bat Fail, must be configured for general purpose before they can be used for IO linking. If you use a specific purpose input as general purpose, your configuration will not work. For more information, see "Properties (HID)" on page 340.
Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Set the time period during which the same event should not be re-triggered.
Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.
504
Zone (hardware)
Arming source
A hardware zone can only be armed using a key switch or on a schedule.
NOTE You cannot arm or disarm a hardware zone in Security Desk, or by using a software command (event-to-action).
To configure arming via a key switch: Before you begin: The input pin must belong to the access control unit selected in the Properties tab for this to work.
Slide the Arming source to the Input pin position and select the input that is wired to the
key switch. To configure arming on schedule: Before you begin: A schedule corresponding to the period when the zone should be armed must be defined in your system.
Slide the Arming source to the Schedule position and select the desired schedule.
Delays
You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.
Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.
Countdown buzzer
You can optionally assign an output relay to activate a countdown buzzer to match the arming delay. This option is not available when the arming is done on schedule.
NOTE For this feature to work, the output relay must belong to the access control unit selected in the Properties tab.
505
Zone (virtual)
Zone (virtual)
The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A virtual zone is a subtype of the zone entity where the IO linking is done by software. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. System: General Task: Logical view
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Input pins defining this zone and how they are evaluated. For a virtual zone, the inputs and outputs from different units of different types can be used for IO linking. Automatic arming schedules. A virtual zone can be armed and disarmed via Security Desk or via event-to-action. An explicit arm or disarm command always takes precedence over the arming schedule. Cameras used to monitor this zone in Security Desk. Custom field values for this zone.
Arming
Cameras Custom fields
Related topics:
"Managing zones" on page 160 "Zone (hardware)" on page 502 "Zone Manager" on page 608
506
Zone (virtual)
Properties
The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
Zone Manager
A virtual zone must be controlled by a Zone Manager role. Because a virtual zone is software controlled, it works only in online mode. For more information, see "Zone Manager" on page 608.
Combining the inputs to evaluate the zone state

The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The input pins can belong to different units of different types. The possible input states are as follows:
Normal (interpreted as 0) Active (interpreted as 1) Trouble (only if the selected unit models support this feature)
You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.
507
Zone (virtual)
Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Set the time period during which the same event should not be re-triggered.
Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.
Arming source
A virtual zone can be armed at any time by a Security Desk operator, or by the Arm zone action. Arming schedules are optional and are only necessary if you want the zone to be armed automatically at a certain time. An armed virtual zone can be disarmed at any time by a Security Desk user, or by the Disarm zone action triggered by an event.
Delays
You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.
Zone (virtual)
Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.
509
14
Role types
This section lists all Security Center role types in alphabetical order. Each role type is covered with a general description of its purpose and usage. The sub-sections describe each role types configuration tabs and the settings they contain. This section includes the following topics:
"Access Manager" on page 511 "Active Directory" on page 516 "Archiver" on page 521 "Auxiliary Archiver" on page 543 "Directory" on page 551 "Directory Manager" on page 552 "Global Cardholder Synchronizer" on page 557 "Health Monitor" on page 560 "Intrusion Manager" on page 563 "LPR Manager" on page 567 "Media Router" on page 585 "Omnicast Federation" on page 590 "Plugin" on page 594 "Point of Sale" on page 595 "Report Manager" on page 599 "Security Center Federation" on page 601 "Web-based SDK" on page 605 "Zone Manager" on page 608
510
Access Manager
Access Manager
The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. Multiple instances of this role can be created on the system. System: Synergis IP access control Task: Access control Roles and units, or System Roles
Identity Properties Extensions Resources Name, description, and relationships of this role with other entities in the system. Database retention period for access control events. Manufacturer specific settings for connecting to access control units that this Access Manager should communicate with. Servers and database configuration for this role.
Related topics:
"Configuring the Access Manager role" on page 260 "Access control unit" on page 337 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
511
Access Manager
Properties
The Properties tab lets you configure the retention period of the access control events in the database.
Keep events
Access control events are logged by the Access Manager for access control related activity and maintenance reports. You can decide for how long you want to keep them before they are purged from the Access Manager database. Related topics:
"Finding out who is granted access to doors and elevators" on page 324
512
Access Manager
Extensions
The Extensions tab allows you to configure the manufacturer-specific settings for connecting to access control units that this role should communicate with.
Security Center supports two types of access control units:
Genetec SMC. For Synergis Master Controller (SMC) units. You also need to add at least
one discovery port (default=2000) to the extension. The discovery port configured for the extension must match the value configured on the SMC units. For more information, see the Synergis Master Controller Configuration Guide.
HID VertX. For all HID controllers, including the legacy VertX models (V1000 and
V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see Supported HID units in the Security Center Release Notes.
Advanced settings
The advanced settings are reserved for use by Genetecs Technical Assistance Center. Please do not be concerned with these settings.
513
Access Manager
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Access Manager role as with any other role. For more information, see "Managing servers and roles" on page 47.
IMPORTANT The Access Manager failover works only when the role is exclusively connected to SMC units. Additional configurations are required on the SMC units for the failover to work. For more information, see Configure the SMC unit for Access Manager failover in the Synergis Master Controller Configuration Guide. The Access Manager failover does not work with HID VertX units because these units cannot handle the change of server IP address, should the Access Manager role fail over to a different server.
Database
All database management principles are the same for the Access Manager role as with any other role. For more information, see "Managing databases" on page 52.
514
Access Manager
Resolve conflicts for Access Manager roles

If you generated a conflict resolution file (Conflict_Manifest.data) after importing cardholders and cardholder groups from an Active Directory, you need to apply these conflict resolution decisions to your Access Manager database. 1 Click Resolve conflicts ( ) found in the Database section. The following dialog box appears.
2 Enter the path to the conflict resolution file using the browse button. 3 Click Resolve conflicts. Youll be prompted to create a safety backup before updating your database. 4 Click Backup. 5 The backup and the conflict resolution updates will be performed in a single step.
6 Click Close.
515
Active Directory
Active Directory
The Active Directory role imports users, user groups, cardholders, and cardholder groups from your corporate directory service (Windows Active Directory), and keeps them synchronized. Multiple instances of this role can be created on the system.
System: General, Synergis (if cardholder groups are to be imported) Task: System Roles
Identity Properties Links Resources Name, description, and relationships of this role with other entities in the system. Connection parameters to the Windows Active Directory and list of security groups to be imported as Security Center entities. Mapping between AD fields and Security Center custom fields. Servers and failover configuration for this role.
Related topics:
"Integrating with Windows Active Directory" on page 140 "Cardholder" on page 395 "Cardholder group" on page 398 "User" on page 482 "User group" on page 489
516
Active Directory
Properties
Defines all the parameters within which this Active Directory role is supposed to operate. For more information, see "Import security groups from an Active Directory" on page 143.
Connection status. Connection status between the role and the corporate AD. Status. Shows what the role is doing. Idle is the normal status. If there is a problem, an error
message is displayed.
Active Directory. Hostname or IP address of the corporate AD server.
Use Windows credentials. You can use the Windows credentials used for running the Genetec Server service, or specify a different set of Windows usernames and passwords. In both cases, the credentials you specify must give you read and write access to the specified corporate AD. Use SSL connection. Select this option to encrypt LDAP (Lightweight Directory Access Protocol) network traffic. LDAP is the protocol used for communication between the Active Directory role and the AD. The default port used for encrypted communication is 636. If you use a different port, you need to specify it explicitly by appending the port number after the AD server name, separated by a colon (:).
517
Active Directory
Partition. Default partition where the entities synchronized with the corporate AD will be
created if the partition is not mapped to an AD attribute.
Synchronized groups. List of all AD security groups imported as user groups, cardholder
groups, or both. For information on how to add to this list, see "Import security groups from an Active Directory" on page 143.
No scheduled task exists to synchronize this role. This warning message appears if you
have not configured a scheduled task to automatically handle synchronization with the corporate AD. For more information, see "Create a scheduled task" on page 109.
Synchronize now. Click this button to perform an instant synchronization. You should
always re-synchronize after making changes to the synchronized groups.
Links
The Links tab allows you to map AD attributes to Security Center fields.
518
Active Directory
Cardholder. Map AD attributes to Security Center cardholder fields. See "Select which
cardholder fields to synchronize with the AD" on page 146.
Maximum picture file size. If you are importing cardholder pictures from the AD, specify
the maximum size of the imported picture.
Upload pictures to Active Directory. Select this option if you want the pictures you assign
to imported cardholders from Security Center to be synchronized to the AD.
Card format. Select the default card format to use for the imported cardholder credentials
when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147.
Badge template. Select a default badge template to use for the imported cardholder
credentials.
Custom fields. Map additional AD to Security Center custom fields. See "Map custom
fields to synchronize with the AD" on page 148. Related topics:
"Defining custom fields and data types" on page 136
519
Active Directory
Resources
The Resources tab allows you to configure the servers. The Active Directory role does not require a database.
Servers
All server management principles are the same for the Active Directory role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
520
Archiver
Archiver
The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and the video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive, and performs motion detection on units that do not support this feature. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Camera recording Trickling Extensions Resources Name, description, and relationships of this role with other entities in the system. Default recording settings for all cameras controlled by this role. Data transfer configuration for edge recording units. Manufacturer specific settings for connecting to video units that this Archiver should communicate with. Servers, databases, disk storage, and failover configuration for this role.
Related topics:
"Configuring the Archiver role" on page 193 "Managing video archives" on page 224 "Video unit" on page 494 "Auxiliary Archiver" on page 543 "Media Router" on page 585
521
Archiver
Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras controlled by this Archiver role. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera "Recording" on page 378.
Recording modes
The Archiver can apply different recording modes at different times.
Recording mode Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered. Records continuously. Recording cannot be stopped by the user ( ).
Continuous On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), via motion detection, or manually by a user. In this mode, the Record button in Security Desk appears grey ( ) when the Archiver is not recording, red when it is recording but can be stopped by the user ( ), or red with lock ( ) when it is recording but cannot be stopped by the user (on motion or alarm recording).
522
Archiver
Recording mode
Description
Manual
Same as On motion/Manual. The only difference is that motion will not trigger any recording.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Archiver and the video units are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Other recording options

Option Description
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera "Hardware" on page 389. Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Archiver "Advanced settings" on page 541. Turn this option on to allow both primary and secondary servers to archive video at the same time. This setting is effective only if failover is configured. For more information, see Archiver "Server configurations" on page 534. Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video. Recording duration when recording is triggered by motion detection. For more information, see Camera "Motion detection" on page 379. During this period, the recording cannot be stopped by the user. Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
Automatic cleanup
Redundant archiving Time to record before an event Time to record after a motion Default manual recording length
523
Archiver
Trickling
The Trickling tab allows you to configure the transfer of video that was recorded on a video unit to the Archiver. You can define when and what type of data is transferred.
IMPORTANT To be able to trickle with a camera/video unit, you must first configure your unit to record video using the units Web page. For more information, see "Enable edge recording on a camera" on page 198.
Camera list
The camera list shows all the cameras that are set to record on the edge and perform trickling. It allows you to specify whether or not you want the units to trickle on connection or on a schedule, and supplies information about the trickling process. You can configure the same trickling settings for all cameras in the list, or configure settings for specific cameras. To add cameras to the camera list: 1 (Optional) To add a camera group, click Add group.
524
Archiver
If you have a large system, it is a good idea to create groups of cameras, so you can configure the trickling download settings for each group separately. 2 To add cameras, click Add an item. 3 From the drop-down list, select a camera group to add the cameras to. 4 Select the cameras, and then click OK. Hole CTRL or SHIFT to select multiple cameras. 5 For each camera group, or for each specific camera, specify whether or not you want the units to trickle on connection or on a schedule:
On connection. Select this option for the camera to start to trickle upon connection to the network. On schedule. Select this option for the camera to trickle based on the schedule defined in the Trickling schedule section.
Trickling status
The Trickling status dialog box allows you to start and stop trickling manually, and shows you the latest trickling status. Click at the bottom of the camera list to open it.
NOTE A camera that has just been added to the trickled camera list does not appear in this dialog
box until you have clicked Start trickling for all cameras (
) once.
Camera. Edge recording camera selected for trickling.

Archiver
Last trickling request. Date and time of the last trickling request for the camera. Last recorded frame. Date and time of the last video frame recorded by the Archiver. Status. Lists the trickling status for the camera. The status can be one of the following:
No video. There is no video recorded on the camera that is available to trickle for the filters specified in the Trickling filter section. For example, if you specify an alarm filter, the camera might have generated an alarm event, however it did not record any video for it. No events. There are no events recorded on the camera that correspond to the filters specified in the Trickling filter section. For example, if you specify a motion filter, but there were no motion events generated by the camera, there are no events to trickle. Started. Trickling has started. Completed. Trickling was successfully completed. Pending. Trickling will start as soon as a spot opens in the download queue. The spots available depend on what is specified in the Simultaneous downloads setting. Incomplete. Something occurred during the trickling process that prevented the transfer from being completed.
Trickling schedule
Use the Trickle every setting to define a schedule for when you want video to be trickled. You can specify the amount of days, hours, and the time. If youve set all cameras to always trickle on connection, ignore this setting.
Trickling filter
Use these settings to specify what type of video data you want to be trickled. Multiple filters can be selected at the same time and all video that corresponds to the filters will be trickled.
NOTE If you do not set any filter, all available video stored on the unit will be trickled.
Time interval. Select this filter to trickle video segments recorded during a specific period
of time. You can specify a specific time range or a relative time range (last n days, hours, minutes).
Playback requests. Select this filter to trickle video segments that were played back from
the camera.
Motions. Select this option to trickle video segments that span between a Motion on and
Motion off event. This option applies to unit motion detection only.
Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a
Unit discovered event.
526
Archiver
Video analytics. Select this filter to trickle video segments that contain video analytics
events.
Alarms. Select this filter to trickle video segments that contain alarm events. Input triggers. Select this filter to trickle video segments that contain input events.
Trickling behavior
Use these settings to specify how trickling is to be done.
Time buffer when downloading events. The time buffers apply to event-based trickling.
Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event.
Delay after connection. Use this setting to specify how long (in seconds) the Archiver will
wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping.
Simultaneous downloads. Use this setting to specify how many cameras can trickle at the
same time. If you created camera groups, you can specify how many cameras can trickle at the same time per camera group. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
527
Archiver
Extensions
The Extensions tab lets you configure the common connection parameters shared by the video units controlled by this Archiver. The manufacturer extensions are created automatically when you add a unit to the Archiver (see "Add video units manually" on page 194).
"General settings" on page 528 "Discovery settings" on page 529 "Default logon" on page 530 "Notification settings" on page 530 "Bosch VRM settings" on page 531 "Verint specific settings" on page 531 "Advanced settings" on page 532 "NTP settings" on page 532
General settings
Transaction timeout. Time to wait for a response before resending a command to the unit.
A unit is considered lost after three failed attempts.
Archiver
Command port. Port used by the Archiver to send commands to the Bosch units. This field
cannot be changed.
RSTP port. RTSP (Real Time Streaming Protocol) port used by the Archiver to request
video from the units that support this protocol.
CAUTION If you have multiple Archiver roles on the system controlling different groups of video units, then each Archiver must use a different RTSP port.
VSIP port. (Verint only) Port used for automatic discovery. All units that should be
controlled through the same Verint extension must be configured with the same VSIP port. The Verint extensions configured for the same Archiver must all have different discovery ports. For more information, see "What is automatic discovery?" on page 196.
Discovery settings
The following sample screenshot shows the discovery settings of a Bosch unit.
Discovery port. Automatic discovery port. If multiple instances of the same type of
extension are configured for the same Archiver, they must all use a different discovery port. (ACTi) Corresponds to the Search server port 1 in the ACTi video server settings. (Bosch) All units that should be controlled through the same Bosch extension must be configured with the same discovery port.
NOTE If you decide to change the Discovery port after the units are discovered, youll need to create a new extension with the new discovery port and delete the old one. If the units are not automatically discovered, youll have to add them manually. For more information, see "Add video units manually" on page 194.
Discovery reply port. (ACTi and Interlogix) Corresponds to the Search server port 2 in the
ACTi video server settings.
Unicast period. Period whereby the extension repeats its connection tests using unicast to
determine whether each unit is still active in the system.
Multicast period. Period whereby the extension attempts to discover new units using
multicast. This option can be disabled. The IP address that follows is the standard multicast IP address used by Omnicast. Change it only if it is already used for something else.
529
Archiver
Broadcast period. Period whereby the extension attempts to discover new units using
broadcast. This option can be disabled.
Default logon
Certain types of units can be protected against fraudulent access by a username and a password. The logon credentials can be defined individually for each unit or for all units using the same manufacturer extension. The following sample screenshot shows the default logon settings of an Axis unit.
Username. Certain types of units (such as Axis) require a username. Password. Certain types of units (such as Bosch) only requires a password. Use HTTPS. Select this option to use Hypertext Transfer Protocol Secure for added
security.
Notification settings
The following sample screenshot shows the notification settings of an Interlogix unit.
TCP notification port. (Panasonic and Interlogix) Port used by the Archiver role to receive
notification messages from the units. When an event occurs, such as Signal lost or Signal recovered, the unit will initiate a TCP connection with the Archiver and send the notification through this port.
Notification channel. (Interlogix only) When multiple Archiver roles are configured to
listen to the same units, such as in a failover list, each archiver must be identified with a different notification channel (1 to 8). This parameter can be ignored when you are only using one archiver. For multiple Archiver roles, the following rules must be followed:
All Archiver roles that can potentially control the same units must be configured with the same TCP notification port.
530
Archiver
All Archiver roles must use a different notification channel.
Bosch VRM settings

The VRM settings are exclusive to Bosch VRM (Video Recording Manager). The latter allows you to query and play back video from Bosch cameras that are managed by a Bosch VRM. Multiple Bosch extensions can use the same VRM.
If you add more than one VRM to the list, you can use the move up ( ) and move down ( ) buttons to move a VRM up or down in the list. By default, the Archiver will use the first VRM in the list for queries and archived video. If the first VRM is not available, the Archiver will use the next VRM in the list.
Verint specific settings

The following settings are only found on Verint units.
Show all available video streams as separate cameras. (Verint only) Omnicast supports
encoders that generate multiple video streams from the same video source. When such a unit is discovered, the Archiver creates a video encoder with multiple streaming alternatives. For more information, see Camera "Stream usage" on page 373. With Verint units, you have the choice to represent every video stream as a separate camera. If this is the desired behavior, select this option.
NOTE This option requires a camera connection license for each stream.
Archiver
SSL settings. SSL (Secure Sockets Layer) is a protocol used to secure applications that need
to communicate over a network. Security Center supports SSL on all message transmissions between the Archiver and the units, with the exception of the video streams, because the data volume would be prohibitive. The purpose for using SSL in Security Center is to prevent malicious attacks, not to stop eavesdropping. Select Enforce SSL only if SSL must be enforced on all units controlled by this Archiver. If this option is cleared, the Archiver will only use SSL to communicate with the units on which SSL is enabled.
Advanced settings
The advanced settings are reserved for use by Genetecs Technical Assistance Center. Please do not be concerned with these settings.
NTP settings
Use the NTP settings to synchronize the time between the units that support NTP (Network Time Protocol) and the NTP server. Keeping the units time synchronized is particularly important for units that handle video archiving themselves. The following parameters must be set:
NTP server. Specify the NTP server name. NTP port. Specify the NTP server port number Poll timeout. Specify in minutes how often you want the time on the units to be checked to
ensure that they are properly synched with the NTP server. For example, if 60 seconds is entered, the time will be verified every 60 seconds.
532
Archiver
Resources
The Resources tab lets you assign servers, databases, and disk storage to this Archiver role.
"Server configurations" on page 534 "Configure standby archiving priorities" on page 535 "Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538 "Archiver statistics" on page 538 "Protected video file statistics" on page 539 "Archiving camera details" on page 540
533
Archiver
"Advanced settings" on page 541

Server configurations
The Archiver role supports up to two servers for failover. The two servers assigned to the Archiver must be configured separately from each other, and must have their own database and storage system for keeping the video archive. For more information, see "Protecting your video archive against hardware failure" on page 227. To add the secondary server: Before you begin: You cannot add a secondary server if the Archiver role has already two servers assigned. See also "Careful load planning for failover" on page 228. 1 Click the tab labelled Add server ( ).
2 From the dialog box that appears, select the desired server and click Add. The Add server tab becomes the secondary server tab.
3 From the secondary server tab, configure the following:
"Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538
4 If the secondary server is also on standby for other Archiver roles, then you might have to adjust their standby archiving priorities. See "Configure standby archiving priorities" on page 535. 5 Click Apply. To switch the primary and secondary servers around: Before you begin: You must have two servers assigned to the Archiver role. It is best to choose a time when the Archiver is not archiving to perform this operation. 1 Click Failover ( ) at the bottom of the Resources tab. or to move it up or down the list. A dialog box appears, showing both servers assigned to this Archiver role. 2 Select one of the server in the list and click 3 Click OK to close the Failover dialog box. The two server tabs switch places.
534
Archiver
4 (Optional) If the primary server that became the secondary server also hosts other Archiver roles, then you might have to adjust their standby archiving priorities. For more information, see "Configure standby archiving priorities" on page 535. 5 Click Apply.
CAUTION If the Archiver was archiving video, you will lose a few seconds of recording while the switch is taking place.
Configure standby archiving priorities

A same server can be designated as the standby server of multiple Archiver roles. Should all Archiver roles fail over to the same server at the same time, their combined load might be too much for the server to handle. One way to avoid overloading a server is to assign a lower archiving priority to the roles of lesser importance in case a competition occurs. 1 Click Failover ( ) at the bottom of the Archivers Resources tab. 2 In the Failover dialog box that appears, click Standby archiving priorities. 3 From the dialog box that appears, select a server from the Server drop-down list.
All Archiver roles that rely on this server as their primary or secondary server are listed. The archiving priority can only be set when the server is used as a standby. For roles that rely on the server as their primary server, the archiving priority is implicitly locked at 1 (the highest). 4 Set the priority of the roles as you see fit, and click Save.
NOTE The archiving priority is a setting specific to each Archiver role on each server. When
the archiving priority has never been set, its default value is 1. 5 Repeat Step 3 and Step 4 as necessary to configure all servers hosting Archiver roles on your system.
535
Archiver
NOTE At any point in time on a given server, only the Archiver roles with the highest archiving
priority will be able to archive, be it 1 or 100. The archiving priority only affects archiving. Having a lower archiving priority does not stop a failed over Archiver role from performing its command and control functions.
Archive database settings

The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is Archiver.
IMPORTANT A separate database must be configured for each server assigned to the role. Because of this requirement, the archive database is often hosted locally on each server. When two or more Archiver roles are hosted on the same server, be sure to assign to each of them a different database instead of using the default one. For more information, see "Server configurations" on page 534.
The configuration of the Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.
Archive storage settings

The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 541. Just like the archive database, the archive file storage is also specific to each server. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.
Disk space cannot be allocated in advance for archiving purpose. Instead, the Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
536
Archiver
Disk base path. Root folder on the disk where all video files are located. The default value is
VideoArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Archiver role has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Archiver.
Min. free space. Minimum free space that the Archiver must leave untouched on the disk.
Click on this value to change it.
Free space. Actual free space remaining on disk. Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple Archivers share the same server, use a separate disk for each.
Total size. Total capacity of the disk.

The archive storage configuration commands are as follows:
Button Command Description
Add network location
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Archiver by clearing the checkbox in front of each disk. A disk group is a logical storage unit used by the Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another. Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it. This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226. Refreshes the drive information.
Add disk group
Delete Camera distribution
Refresh the drive information
537
Archiver
Network card settings

For every server assigned to this Archiver role, you must specify:
Network card. Network card used to communicate with all video units. RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests.
When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555. Additionally the value configured must not duplicate any of those used for the Media Router role, its redirector agent, or any Auxiliary Archiver hosted on the same server.
Telnet port. Port used to listen to the Telnet Console connection requests for debugging
purposes. When you change this value, you need to deactivate and reactivate the Archiver role for the change to take effect.
Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It provides all sorts of useful information regarding the archive storage, and the rate at which it is being filled up. If nothing is displayed, click .
538
Archiver
The available statistics are as follows:
List of assigned disks. Snapshot of the disk statistics the last time a refresh was made.
TIP Click to view the percentage of protected video files on the selected disk. For more information, see "Protected video file statistics" on page 539.
Average disk usage. Average space used per day (first line) and average space used per
camera per day (second line).
Estimated remaining recording time. Number of days, hours, and minutes of recording
time left based on the average disk usage and the current load.
Active cameras. Number of cameras that are currently active. Archiving cameras. Number of cameras for which archiving is enabled.
TIP Click See details to view the recording state of each individual camera. For more information, see "Archiving camera details" on page 540.
Archiving span. Time bracket within which video archives can be found. Worst case bandwidth. This number gives you the worst-case scenario on the total
bandwidth requirement if all the cameras are at the peak of their archiving demands.
Protected video file statistics

Too many protected video files on a disk can take away valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk.
539
Archiver
The orange slice represents the proportion of video files that the user has decided to unprotect. When a user decides to manually remove the protection on a video file, the Archiver waits 24 hours before actually removing the protection, giving the user enough time to change his/her mind if necessary. During this reprieve, the status is said to be Protection ending. Instead of checking the Protected video files statistics, you can also configure an event-to-action to alert you on the event Protection threshold exceeded. For more information, see "Using eventto-actions" on page 106.
Archiving camera details

The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked .
This report lets you verify whether each encoder is currently streaming video (and audio) and whether the Archiver is currently recording these data. The possible Recording states are as follows:
Recording state Description
Recording off
Recording is enabled but the Archiver is currently not recording. If you suspect a problem, the Description column might give you a clue. The possible causes are as follows: Database lost. Disks full. Cannot write to any drive. Recording was started by a user.
Recording on
540
Archiver
Recording state
Description
Recording on (locked by system) Recording off (locked by system) Recording about to stop
Recording is currently controlled by the Archiver (following an On Motion or Continuous schedule). Recording is currently disabled on this camera by a schedule. Recording was started by a user and is about to stop (within the last 30 seconds of recording).
Advanced settings
The advanced settings are independent of the server hosting the Archiver role.
Advanced settings
Description
Video watermarking
Turn this option on to protect your video archive against tampering. For more information, see "Protecting video archive against tampering" on page 229. Turn this option on to recycle the archive storage (the default mode), meaning that the oldest files are deleted to make space for new files when all the disks within a disk group are full. TIP Another way to manage the archiving space is to set individual archive retention periods for each camera (Automatic cleanup option in each cameras Recording tab). This method allows you to keep the more important data for a longer period of time by purging less important video first.
Delete oldest files when disks are full
541
Archiver
Advanced settings
Description
Enable edge playback requests Protected video threshold
Turn this option on only if the Archiver controls units configured for edge recording. This option is turned off by default to prevent sending playback requests to units that are not recording. This is a safety threshold used to limit the amount of space that protected video files are allowed to occupy on disks. Protected video files are files that will not be deleted by normal archive cleanup procedures. When this threshold is exceeded, the Archiver will generate the Protected video threshold exceeded event once every 15 minutes for as long as the condition is true, but will not delete any video file that is already protected. These two settings are used to control the size of the video files created by the Archiver: Maximum length. Limits the length of video sequence contained in each file. The video length is the time span between the first video frame and the last video frame stored in a file. Maximum size. Limits the size of the video file in MB. The Archiver will start saving the video to a new video file when either one of these conditions is met.
Video files
Additional settings
These additional settings are reserved for use by Genetecs Technical Assistance personnel. Please do not be concerned with these settings.
542
Auxiliary Archiver
Auxiliary Archiver
The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including the federated ones. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If an Archiver is not running, the Auxiliary Archiver would not be able to archive the cameras it controls. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Camera recording Cameras Resources Name, description, and relationships of this role with other entities in the system. Default recording settings for all cameras archived by this role. Cameras recorded by this Auxiliary Archiver. Server, database, and disk storage configuration for this role.
Related topics:
"Configuring the Auxiliary Archiver role" on page 204 "Camera (video encoder)" on page 368 "Managing video archives" on page 224 "Archiver" on page 521
543
Auxiliary Archiver
Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras associated to this Auxiliary Archiver. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera "Recording" on page 378.
Video stream
Use this drop-down list to select the default video stream that the Auxiliary Archiver should record for each camera. The video streams are configured for each individual camera. For more information, see "Configuring video streams" on page 210.
544
Auxiliary Archiver
Recording modes
The Auxiliary Archiver can apply different recording modes at different times.
Recording mode Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered. Records continuously. Recording cannot be stopped by the user ( ).
Continuous On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), or via motion detection. Note: Manual recording is not supported by Auxiliary Archivers.
Manual
Manual recording is not supported by Auxiliary Archivers. This schedule would have no effect.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Auxiliary Archiver and the cameras are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Other recording options

Option Description
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera "Hardware" on page 389. Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Auxiliary Archiver "Advanced settings" on page 550. Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video. Recording duration when recording is triggered by motion detection. For more information, see Camera "Motion detection" on page 379. During this period, the recording cannot be stopped by the user. Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
Automatic cleanup
Time to record before an event Time to record after a motion Default manual recording length
545
Auxiliary Archiver
Cameras
The Cameras tab lets you select the cameras archived by this role. The Auxiliary Archiver can record any camera on your system, except those that are federated from an Omnicast 4.x system.
Related topics:
"Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208
546
Auxiliary Archiver
Resources
The Resources tab lets you configure the server, the database, and the disk storage for this Auxiliary Archiver role.
"Genetec Server" on page 548 "Network settings" on page 548 "Archive database settings" on page 548 "Archive storage settings" on page 548 "Archiver statistics" on page 550 "Protected video file statistics" on page 550 "Archiving camera details" on page 550 "Advanced settings" on page 550
547
Auxiliary Archiver
Genetec Server
Failover is not supported for the Auxiliary Archiver role. You can only select one server at a time. For more information, see "Move the Auxiliary Archiver to a different server" on page 208.
Network settings
Additional network settings can be configured by clicking the button:
Network card. Network card used to communicate with all video units. RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When
multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555 for the Archiver and 558 for the Auxiliary Archiver. Additionally the value configured must not duplicate any of those used for the Media Router role or its redirector agent hosted on the same server.
Archive database settings

The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is AuxiliaryArchiver. The configuration of the Auxiliary Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.
Archive storage settings

The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 550. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.
548
Auxiliary Archiver
Disk space cannot be allocated in advance for archiving purpose. Instead, the Auxiliary Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
Disk base path. Root folder on the disk where all video files are located. The default value is
AuxiliaryArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Auxiliary Archiver role
has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Auxiliary Archiver.
Min. free space. Minimum free space that the Auxiliary Archiver must leave untouched on
the disk. Click on this value to change it.
Free space. Actual free space remaining on disk. Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Auxiliary Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple archivers share the same server, use a separate disk for each.
Total size. Total capacity of the disk.

The archive storage configuration commands are as follows:
Button Command Description
Add network location
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Auxiliary Archiver by clearing the checkbox in front of each disk. A disk group is a logical storage unit used by the Auxiliary Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another. Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it. This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226. Refreshes the drive information.
Add disk group
Delete Camera distribution
Refresh the drive information
549
Auxiliary Archiver
Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It works the same way as for the Archiver role. For more information, see Archiver Resources "Archiver statistics" on page 538.
Protected video file statistics

The Protected video file statistics dialog box of the Auxiliary Archiver works the same way as for the Archiver role. For more information, see Archiver Resources "Protected video file statistics" on page 539.
Archiving camera details

The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked . It works the same way as for the Archiver role. For more information, see Archiver Resources "Archiving camera details" on page 540.
Advanced settings
The Auxiliary Archivers advanced settings work the same way as the Archiver. For more information, see Archiver Resources "Advanced settings" on page 532.
550
Directory
Directory
The Directory is the main role that identifies your Security Center system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server, and must be set up first. All other servers you add in Security Center are called expansion servers, and must connect to the main server to be part of the same system. The main functions of the Directory role are:
Client application connection authentication Software license enforcement Central configuration management Event management and routing Audit trail and activity trail management Alarm management and routing Incident management Scheduled task execution Macro execution
Configuring the Directory role

Because the Directory role is responsible for the authentication of all client connections, it cannot be configured in the Config Tool client application. To configure the Directory role, call Server Admin from a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. Using Server Admin, you can perform the following administrative tasks:
Start/stop the Directory role Manage the Directory database and change the data retention periods View and modify your Security Center license View and modify the main servers password and communication ports Convert the main server into an expansion server
Managing the Directory role

In a multiple Directory server configuration, the Directory failover and load balancing is managed by the Directory Manager role. For more information, see "Configuring Directory failover and load balancing" on page 66.
551
Directory Manager
Directory Manager
The Directory Manager is the role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. Only one instance of this role is permitted per system. This role is created by default when your Security Center license supports multiple Directory servers, and cannot be deleted nor deactivated. System: General Task: System Roles
Identity Directory servers Database failover Name, description, and relationships of this role with other entities in the system. Lets you configure the servers assigned to Directory failover and load balancing. Lets you configure the failover of the Directory database. This feature is turned off by default.
Related topics:
"Configuring Directory failover and load balancing" on page 66 "Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring role failover" on page 61 "Directory" on page 551
552
Directory Manager
Directory servers
The Directory servers tab lets you configure the servers assigned to Directory failover and load balancing.
Directory failover list

The list of servers assigned to Directory failover and load balancing is called the Directory failover list. To show or change the connection port assigned to each server, click Advanced ( ).
The server identified with a different icon ( ) than the rest ( ) is the main server. The main server is the only Directory server that can write to the Directory database. The rest can only read from that database. Related topics:
"Configuring Directory failover and load balancing" on page 66 "How Directory failover and load balancing works" on page 66 "Differences between Directory servers and the main server" on page 66
553
Directory Manager
Database failover
The Database failover tab lets you configure the Directory database failover. When this feature is turned on, you have two options:
"Backup and restore" on page 554 "Mirroring" on page 556

Backup and restore
The Directory Manager protects the Directory database by regularly backing up the master database instance. During a failover, the latest backups are restored to the backup database thats next in line.
The list of databases available for failover is described as follows:
LED ( ). Indicates the database server that is currently active. Server. Security Center server hosting the database instance. The server that manages the
master database instance is flagged as (Master).
Database server. Database server name. The name must be accessible from all computers.
Relative names, such as (local)\SQLSEXPRESS cannot be used. Always write explicitly the servers DNS name (for example TW-WIN7-SC-5) instead of (local).
Directory Manager
IMPORTANT All database servers must be of the same version for database failover to work.
Database name. Database instance name. State. Database state. If there is a problem, an error message is displayed. Last Backup/Restore time. Time of the last backup on the master database, or the last
restore on the backup database.
Folder. Local folder on the specified server where the backup files are copied.
The other parameters are:
Automatically reconnect to master database. Select this option to force all Directory
servers to reconnect to the master database once it is back online after a failover. This will cause a short service disruption, and all changes made to the system configuration while the master database was offline will be lost.
Generate full backup every. Frequency (in days) and time at which the full backup should
be generated.
TIP It is recommended to generate a full backup after youve made lots of changes to the system configuration. You can do this anytime by clicking Generate full backup. IMPORTANT After changing the master database from Server Admin (restoring a previous backup for example), always manually generate a full backup from Config Tool immediately after. Failing to do so will cause your master and backup databases to become out of synch and the database failover mechanism will no longer work.
Generate differential backup every. Frequency (in minutes) at which the differential
backup should be generated. A differential backup contains the database transactions made after the previous backup (full or differential). The differential backups are deleted only after a full backup is made.
NOTE All backup activities are stopped when the active database is not the master database.
555
Directory Manager
Mirroring
Database failover is handled by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover.
NOTE The Principal and the Mirror databases must be of the same version. Should you decide to use a Database server instance name, the two instance names must be different. For more information on database mirroring, please refer to Microsoft SQL Server Database Mirroring documentation.
Related topics:
"How Directory database failover works" on page 71 "Configuring Directory database failover" on page 71
556
Global Cardholder Synchronizer

The Global Cardholder Synchronizer (GCS) role ensures the two-way synchronization of the shared cardholders and their related entities between the local system (sharing guest), where it is hosted, and the central system (sharing host). Only a single instance of this role is permitted on each system.
System: Synergis IP access control Task: Access control Units, or System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Connection parameters to the sharing host, shared global partitions, and synchronization option. Servers and failover configuration for this role.
Related topics:
"Managing global cardholders" on page 296 "What is the Global Cardholder Synchronizer?" on page 298 "Configure the Global Cardholder Synchronizer" on page 304
557
Properties
The Properties tab lets you configure the connection parameters to the sharing host, the global partitions you want to share, and your synchronization option.
The Global Cardholder Synchronizer (GCS) role must stay connected to the sharing host in order to keep the local copies of the global entities synchronized with the host.
Connection status. Indicates the current connection status. The second line shows the
connection activities or when the last synchronization was performed.
Directory. Name of a Directory server on the sharing host. If anything else than the default
connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888.
Username and password. Credentials used by the GCS role to connect to the sharing host.
The rights and privileges of this user determine what your local system will be able to see and share with the host system.
558
Global partitions
List of global partitions found on the sharing host. Select the ones you wish to share.
Synchronize automatically
Select this option to have the GCS role perform synchronization in real time. This means that whenever a change is made on the sharing host, either by the host itself or by another sharing guest, the change will immediately be reflected on your local system. Leaving this option unchecked allows you to synchronize manually. You must also leave the role in manual synchronization mode if you want the GCS role to synchronize periodically via a scheduled task. For more information, see "Using scheduled tasks" on page 109.
Resources
The Resources tab lets you configure the servers for hosting this role. The GCS role does not require a database.
Servers
All server management principles are the same for the Global Cardholder Synchronizer role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
Health Monitor
Health Monitor
The Health Monitor is the central role that monitors system entities such as servers, roles, units, and client applications for health issues. Health events are recorded in a database for the purpose of reporting and statistical analysis. Current system errors are reported in real time in your applications notification tray. Only one instance of this role is permitted per system. This role is created at system installation and cannot be deleted. System: General Task: System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Health events to be monitored. Servers, database, and failover configuration for this role.
Related topics:
"Monitoring your systems health" on page 75 "Configuring the Health Monitor" on page 76 "Viewing system health events" on page 170 "Viewing the health status and availability of entities" on page 171
560
Health Monitor
Properties
The Properties tab lets you configure the health events to be monitored.
Client app. maintenance mode. Turn this switch on to set the client applications in
maintenance mode. Setting any entity in maintenance mode means that the down time will be considered Expected-down time and will not be used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities can be set in maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, it must be set here.
NOTE Setting something in maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only.
Events to monitor. Select which events you want the Health Monitor role to watch.
IMPORTANT Clearing a health event in this list does not remove it from the Health history query filter. But, it could make some of the Health statistics calculations impossible.
Some of the events allow you to adjust the thresholds used to fire the event. For more information, see "Change the firing threshold of a health event" on page 80.
561
Health Monitor
Resources
Servers
All server management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database
All database management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing databases" on page 52.
562
Intrusion Manager
Intrusion Manager
The Intrusion Manager role is responsible for the integration of intrusion panels (or alarm panels) to Security Center. It listens to the events reported by the intrusion panels, reports them live in Security Desk, and logs them in a database for future reporting. The Intrusion Manager is also responsible to relay user commands such as arming and disarming the areas (or zones) to the controlling panel and triggering the outputs connected to the latter via event-to-actions. Multiple instances of this role can be created on the system. System: General Intrusion detection Task: Intrusion detection Units, or System Roles
Identity Properties Extensions Resources Name, description, and relationships of this role with other entities in the system. Database retention period for intrusion events. Manufacturer specific settings for connecting to intrusion detection units that this role should communicate with. Servers, database, and failover configuration for this role.
Related topics:
"Managing intrusion panels" on page 155 "Intrusion detection unit" on page 423 "Intrusion detection area" on page 421
563
Intrusion Manager
Properties
The Properties tab lets you configure the retention period of the intrusion events in the database.
Keep events
Intrusion events are logged by the Intrusion Manager for intrusion activity reports. You can decide for how long you want to keep them before they are purged from the Intrusion Manager database. Related topics:
Intrusion detection investigation tasks in Genetec Security Desk User Guide.
564
Intrusion Manager
Extensions
The intrusion unit models controlled by this Intrusion Manager role.
All supported manufacturer extensions are created by default when the role is created.
565
Intrusion Manager
Resources
Servers
All server management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing servers and roles" on page 47.
IMPORTANT The Intrusion Manager role supports failover only when the intrusion panels are connected via IP. Failover is not supported if the intrusion panels are connected via serial port. For more information, see "Configuring role failover" on page 61.
Database
All database management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing databases" on page 52.
566
LPR Manager
LPR Manager
The LPR Manager stores all LPR data (reads, hits, images, vehicle status, GPS data, and so on) collected from the LPR units (fixed Sharps) and Patrollers that it manages into a central database for data mining and reporting. The LPR Manager is also responsible for updating fixed Sharps and Patrollers in the field with hotfixes, hotlist updates, and so on. Multiple instances of this role can be created on the system to provide scalability and partitioning. For example, different fleets of Patrollers can be managed by different LPR Managers, fixed Sharp units can be managed by different LPR Managers, and so on. System: AutoVu IP license plate recognition Tasks: LPR Units, or System Roles
Identity Properties Resources Name, description, logical ID, and relationships of this entity with other entities in the system. General parameters within which this role should operate. Server and database configuration for this role.
Related topics:
"Hotlist" on page 414 "LPR unit" on page 426 "Overtime rule" on page 439 "Parking facility" on page 444 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
567
LPR Manager
Properties
The Properties tab is used to configure the general LPR Manager settings and optional AutoVu features. The availability of certain features depends on your Security Center license. This section includes the following topics:
"General settings" on page 569 "Live" on page 571 "File association" on page 572 "Matching" on page 573 "Reverse geocoding" on page 574 "Plate filtering" on page 574 "Email notification" on page 576 "XML import" on page 578 "XML export" on page 579 "Update provider" on page 582 "Data import" on page 583
568
LPR Manager
General settings
Use the General settings to configure the Root folder for the LPR Manager, the user group for the Patrollers, and how long the data from the LPR Manager is kept in the database.
IMPORTANT Please read the following before you configure the LPR Manager General settings.
If you are using SQL Server Express Edition, the database might be full before the retention
period ends. Contact GTAP to help you evaluate whether SQL Server Express meets the requirements of your AutoVu system. If your computer is hosting more than one LPR Manager, each LPR Manager must have a different root folder.
Root folder. The main folder on the computer hosting the LPR Manager. This is where all
the configuration files are created, saved, and exchanged between the LPR Manager and the Patroller units it manages. Whenever you create a new LPR Manager role, the root folder is created automatically on your computer at the location C:\Genetec\AutoVu\RootFolder. If you create multiple LPR Managers, new folders will be created for you at the same location. For example, if you have three LPR Managers created, the folders RootFolder1, RootFolder2, and RootFolder3 will be created under the folder C:\Genetec\AutoVu. The LPR Manager root folder includes the following subfolders:
ManualTransfer. Contains the configuration and data files to transfer to Patroller manually using a USB key or similar device.
569
LPR Manager
Offload. Contains the LPR data offloaded by Patroller. Rules. Contains the delta files used by Security Center to transfer hotlist and permit list changes. Do not copy or move anything in this folder.
Updates. This folder appears when you first turn on the Update provider (see "Update provider" on page 582). It contains Security Center and Patroller hotfixes, as well as Sharp service and firmware updates. Patroller hotfixes are automatically downloaded to Patroller whenever Patroller is connected to Security Center. Mobile Sharp units are updated through Patroller, and fixed Sharp units are updated through the network. Optimize Root folder disk space. (Windows Vista or later only) Enables the use of symbolic links to reduce disk utilization when the same file is replicated in multiple folders, such as when you have large hotlists and/or permit lists associated to individual Patroller units. This reduces the Root folders overall disk space, and optimizes file transfer performance to the Patroller in-vehicle computer. To use this feature, the server machine must be running Windows Vista or later, otherwise hotlists and permits will be copied as usual (duplicate copies on disk). The client machine must also be running Windows Vista or later, otherwise the client wont be able to access the files inside the root folder. After enabling this option in Security Center, you also must enable it in Windows on your server and client machines (youll need administrator rights). On both the server and client machines, open Windows Command Prompt, and then type the following:

To enable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:1
To disable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:0. User group for Patrollers. List of users (and their passwords) who are allowed to log on to the Patrollers managed by the LPR Manager. This list is downloaded to the Patrollers.
In Patroller Config Tool, if the Patroller Logon type is Secure name or Secure name and password, the Patroller user will be required to enter the username and password configured in Security Center. If secure logon names are in use, when a read or a hit occurs, in Security Desk you can view who was driving the vehicle.
Database retention periods. Specify how many days of LPR-related data Security Center
can query. The default is 90 days, and the maximum is 2000 days. LPR data that is older than the value(s) you specify will not appear in Security Center queries and reports (Hit reports, Read reports, and so on).
Patroller route retention period. Number of days Patroller route data (GPS positions) can be queried. Hit retention period. Number of days hit data can be queried. Read retention period. Number of days license plate reads can be queried. Event retention period. Number of days the LPR events License plate read and License plate hit can be queried.
570
LPR Manager
Live
The Live settings are used to configure how data is transferred between Security Center and Patroller.
Listening port. Port used to listen for connection requests coming from fixed Sharps and
Patrollers. After the connection is established, the LPR Manager can receive live updates from the LPR units it manages.
Sharp discovery port. Port used by the LPR Manager to find fixed Sharp units on the
network. The same port number must be used in the Discovery port setting on the Sharp.
IMPORTANT Each LPR Manager must use a unique discovery port.
Send on read (fixed Sharp only). For each plate read, choose which Sharp images are sent
to Security Center. These images are displayed in Security Desk when monitoring LPR events.
License plate image. Include the high resolution close-up image of the license plate along with the plate read data.
Context image. Include the wide angle context image of the vehicle along with the plate read data. Channel security. Encrypt communication between Security Center and Patroller.
IMPORTANT Encryption must be enabled both in the Security Center Config Tool and in
Patroller Config Tool.

LPR Manager
Encrypt communication channel. Encrypt communication between Patroller and Security Center. Accept non encrypted messages. Security Center will accept incoming connections from Patrollers that do not have the encryption option enabled.
File association
The File association settings specify which hotlists and permits are active and managed by the LPR Manager.
Hotlists. A list of all the hotlists in Security Center. Choose which hotlists you want the
LPR Manager to manage. The LPR Manager then sends the hotlists to the Patrollers it manages, or matches the hotlists against the reads collected from fixed Sharp units to produce hits. When you create a new hotlist, it is automatically added to this list and enabled for all the LPR Managers on your system.
Permits. A list of all the permits in Security Center. Choose which permits the LPR
Manager manages. The LPR Manager sends these permit lists to Patrollers. Only Patrollers configured for parking enforcement require permits. When you create a new permit, it is automatically added to this list and enabled for all the LPR Managers on your system.
NOTE You can also associate permits to individual Patrollers, and hotlists to individual Patrollers
or Sharp units. For more information, see "Patroller" on page 450, and "LPR unit" on page 426.
572
LPR Manager
Matching
The Matching settings are used to enable matching between hotlists and fixed Sharp units. You use these settings when you want to configure event-to-actions in Security Desk that trigger on match or no match events.
Matching. Enables matching between fixed Sharp units and hotlists. When matching is
enabled, you can configure event-to-actions in Security Desk that trigger when the Sharp reads a plate that is on a hotlist youve activated in File association.
Generate No match events. Security Center generates no match events when a plate is
not found on a specific hotlist. You can then configure event-to-actions in Security Desk based on No match events. You would typically use No match events as part of an access control scenario. For example, you can associate a hotlist to a specific Sharp unit that is monitoring access to a parking lot or similar location. In this scenario, a Security Center event-to-action for a License plate hit grants the vehicle access (opens a gate, raises a barrier, and so on), and an event-to-action for a No match could trigger an alarm, or send an email to security personnel.
573
LPR Manager
Reverse geocoding
The Reverse geocoding feature converts the raw GPS data (longitude, latitude) from Patrollers into street addresses. The street addresses are then saved along with the reads in the LPR Manager database.
NOTE You need geocoding if your Patrollers are equipped with GPS but no maps.
Map type. Displays the map type set in the Security Center license. (If you choose Mapinfo) MapInfo workspace. Folder where the MapInfo files (Maps.mws
and associated files) are found. This folder must be on the same computer where the LPR Manager is installed.
(If you choose Mapinfo) MapInfo version. If using MapInfo version 6 and later, you must
select New.
Plate filtering
The Plate filtering settings determine what to do when a hotlist or permit list is modified. The LPR Manager can detect if the new or modified lists include entries that contain invalid (nonalphanumeric) characters. You can configure the LPR Manager to either delete the invalid entries completely, or to delete only the invalid characters within the entries. You can also save logs of the filtering process to view detailed information about how many invalid entries were deleted or modified.
574
LPR Manager
Plate number valid characters. Select the types of characters to filter on (Latin, Arabic, or
Japanese).
Invalid plate number. Configure how the LPR Manager handles invalid records:
Modify record. (Default setting). Removes any non-alphanumeric characters from the plate number. For example, the plate number ABC#%3 becomes ABC3. Remove record. Deletes the entry from the list entirely.
Logging. Select Log filtering in, and then specify where you want the log file to be saved.
The destination folder you choose must be accessible to the computer hosting the LPR Manager role.
575
LPR Manager
Email notification
The Email notification setting turns on email notifications for hotlist hits, and lets you customize the look and contents of the email message. You can configure email notification at the hotlist level (any hit from a hotlist), or at the individual license plate level (a hit from a specific plate). For more information, see Configuring email notifications for hotlist hits in the AutoVu Handbook.
576
LPR Manager
Annotation email address. Used for email notification at the individual license plate level.
Type the name of the hotlist attribute related to email notification. For example, if you added an Email attribute on the hotlist entitys Properties page, type the exact same name here. The names must match exactly.
Email components. Choose the LPR data you want to attach to the notification email, and
whether to hide the license plate numbers in the message body.
License plate image. High resolution close-up images of the license plate. Context image. A wider angle color image of the vehicle.
License plate. Replaces the read plate number, and the matched plate number in the email with asterisks (*). Log emails in. Select the check box to log hotlist hit notification emails. Type the full path to the log file.

Template. Customize the email. Do any of the following:

Edit the emails subject line or message body. Switch between plain text and HTML. Add formatting (bold, italics, and so on). Right-click in the message body for a menu of quick tags that you can use to add more information to the email. Restore the default email template at any time.
577
LPR Manager
XML import
The XML import settings are used to import data from third-party applications into the LPR Manager database. When you turn this setting on, Security Center creates an XML import entity, and then associates the imported data with this entity. In Security Desk, you can then filter on the XML import entity when running hit or read reports.
XML template file. Specify where the XML template file is located. Youll find a default
template in the Security Center installation package in Tools\LPR\XMLTemplatesSamples.
XML data folder. Specify the folder that contains the XML data files for Security Center to
import.
578
LPR Manager
XML export
The XML export settings are used to send LPR Manager reads and hits to third-party applications. Reads and hits are sent live as they occur.
XML templates folder. Specify where the XML templates folder is located. Youll find
default templates in the Security Center installation package in Tools\LPR\XMLTemplatesSamples. There are XML templates for each type of LPR event (plate reads, hotlist hits, overtime hits, permit hits, and shared permit hits).
XML export folder. Specify the folder that contains the XML files exported by the LPR
Manager.
Time format. Enter the time format used in the exported files. As you set the time format
the information field displays what the time format will look like in the XML file. To identify the units of time, use the following notation:
Notation Description
h m
Hour Minute
579
LPR Manager
s : hh,mm,ss h,m,s tt
Second Must use a colon (:) between the hour, minute, and second units. Display time with leading zero. For example: 03:06:03 represents 3 hours 6 minutes 3 seconds. Display without leading zero. For example: 3:6:3 represents 3 hours 6 minutes 3 seconds. Include A.M. or P.M. If using a 12-hour clock, you might want to use A.M. or P.M. notation. Unit can be preceded with or without a space. For example, HH:mm:ss tt displays 17:38:42 PM. 12-hour clock. 24-hour clock.
Lowercase h Uppercase H
Date format. Enter the date format used in the export files.
To identify the units of a date, use the following notation:
Notation Description
M MM MMM y yyy d dd ddd dddd Delimiters Example
Month in numerals Month in numerals with leading zero. Month abbreviation. For example Apr for April. Year without century. For example, yy displays 11 for 2011. Year with century. For example, yyyy displays 2011 Date Date with leading zero. Day of week three letter abbreviation. For example, ddd displays Wed for Wednesday. Day of week. For example, dddd displays Wednesday. Can use space or dash (-) between units in the date. dddd MM dd, yyy displays Wednesday April 06, 2011.
Supported XML hashtags. The following XML hashtags are supported. Each hashtag must
have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE# you must write <ContextImage>#CONTEXT_IMAGE#</ContextImage> in the XML).
#ATTRIBUTES#. Generate all Read and Hit attributes. #CONTEXT_IMAGE#. Context image (Base64-encoded JPEG).
580
LPR Manager
#DATE_LOCAL#. Local date of the LPR event. #ELAPSED_TIME#. For an overtime hit, this tag indicates the time difference between the two plate reads (displaying the number of days is optional). #FIRST_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the first vehicle seen. #FIRST_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the first plate read. #FIRST_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the first plate read. #HOTLIST_CATEGORY#. Category field of the hotlist that generated the hit. #GUID#. Unique identifier of the LPR event. #INVENTORY_LOCATION#. For MLPI installations, the location of the vehicle inventory. #ISHIT#. This tag indicates if the LPR event is a hit. #LATITUDE_DEGREE#. Latitude of the LPR event (in degrees). #LATITUDE_DMS#. Latitude of the LPR event (in degrees, minutes, and seconds). #LATITUDE_MINUTE#. Latitude of the LPR event (in minutes). #LATITUDE_SECOND#. Latitude of the LPR event (in seconds). #LONGITUDE_DEGREE#. Longitude of the LPR event (in degrees). #LONGITUDE_DMS#. Longitude of the LPR event (in degrees, minutes, and seconds). #LONGITUDE_MINUTE#. Longitude of the LPR event (in minutes). #LONGITUDE_SECOND#. Longitude of the LPR event (in seconds). #MATCHED_PLATE#. License plate against which the hit was generated. #ORIGINAL#. For an overtime hit, this tag generates the content specified in ReadTemplate.xml for the first read of a given plate. #OVERVIEW_IMAGE#. Overview image (Base64-encoded JPEG). #PERMIT_NAME#. Name of the permit that generated the LPR event. #PLATE_READ#. License plate as read by the Sharp. #PLATE_IMAGE#. License plate image (Base64-encoded JPEG). #READ#. Embed the contents of the ReadTemplate.xml inside another XML template (useful for hits). #SECOND_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the second vehicle seen. #SECOND_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the second plate read. #SECOND_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the second plate read. #SHARP_NAME#. Name of the Sharp that read the plate.
581
LPR Manager
#STATE#. License plate's issuing state or province, if read. #TIME_LOCAL#. Local time. #USER_ACTION#. User action related to the LPR event. #VEHICLE#. Same as #READ#. #ZONE_COLOR#. Color of the zone associated to the LPR event. #ZONE_NAME#. Name of the zone associated to the LPR event.
Update provider
Turn on the Update provider to create the required sub-folder in the LPR Root folder that will receive the update files. Also, you need to specify the Listening port used for Patroller and Sharp updates. The LPR Manager will use this port to update Patrollers and Sharps with new hot fixes, hit alert sounds, hotlists, firmware and so on.
Listening port. This is the port Security Center uses to send updates to Patrollers and
connected Sharp units, as well as to fixed Sharps on the network. Make sure to use the same port number in Patroller Config Tool, and in the <Admin Tool>.
582
LPR Manager
Data import
The Data import settings are used to import data from AutoVu 4.3 systems. The LPR Manager connects to the AutoVu Gateway 4.3 database and imports all mobile data into the LPR Manager database so that the data can be viewed with Security Desk.
IMPORTANT Before you turn on Data import, configure the AutoVu Gateway database server and database name. NOTE Please note the following about importing the AutoVu Gateway 4.3 database into Security
Center:
The first time you run the migration, the LPR Manager will import everything that is in the existing Back Office database up until the retention period specified in the General settings. It takes approximately one hour for every 2.5 GB of data to transfer. For example, if you have 100 GB of data, the data import process will take approximately 40 hours. After the first batch of data is imported, the import process will resume every 12 hours. In the mean time, the old system can operate as usual. As data from the legacy system is imported into Security Center, you'll see the Patroller and LPR units appear under the LPR Manager.
Database. Name of the legacy AutoVu Gateway database.
For information on how to migrate to Security Center 5.0 from AutoVu 4.3, see the Security Center Installation and Upgrade Guide. Data server. Name of the data server used by the legacy AutoVu Gateway.
583
LPR Manager
Resources
Servers
All server management principles are the same for the LPR Manager role as with any other Security Center role.
Database
All database management principles are the same for the LPR Manager role as with any other Security Center role.
NOTE When backing up (or restoring) the database to a network drive, you must manually enter the network path (for example, \\<MyNetworkDrive>\<Backup DB folder>\.
584
Media Router
Media Router
The Media Router role handles all stream (audio or video) requests on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks and servers).
It ensures all video streams use the best route to get to their destinations, while performing any necessary transformation (for example, from unicast to multicast, or from IPv4 to IPv6). Only a single instance of this role is permitted per system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Stream redirectors, start multicast endpoint, and RTSP port. Servers, databases, and failover configuration for this role.
Related topics:
"Configure the Media Router" on page 202 "Network" on page 434 "Server" on page 471 "Archiver" on page 521
585
Media Router
Properties
The Properties tab allows you to configure the stream redirectors, the start multicast endpoint, and the RTSP port for the Media Router.
Redirectors
Redirectors are servers assigned to host redirector agents. A redirector agent is a software module launched by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks or to balance the redirection workload between multiple servers. Click Add an item ( ) to add new redirectors or Edit an item ( ) to modify an existing one.
586
Media Router
Both commands open the Redirector configuration dialog box.
The redirector settings are as follows:
Server. Server selected to host the redirector agent. Multicast interface. Network adaptor to use for streaming data in multicast mode. Incoming UDP port range. Range of ports used by the redirector agent to send video using
UDP. If the redirector agent is running behind a firewall, make sure that these ports are unlocked for inbound packets for UDP connections.
RTSP port. Port used by the redirector agent to receive TCP commands. The same port is
used to stream data using TCP.
NOTE If you are configuring the redirector agent on the same server that is hosting the Media Router, the RTSP port cannot be the same as the one used by the Media Router.
Live capacity. Use this option to limit the maximum number of live streams that this server
(redirector) can redirect. This feature serves two purposes:
Avoid overloading the server with too many users trying to view video (that needs redirection) at the same time.
Avoid overloading the network with too many video streams coming from a remote site that has limited bandwidth. When the limit is reached, an error message is displayed on the client application requesting the live video that the live stream capacity is exceeded.
Playback capacity. Same idea as Live capacity for playback streams.
587
Media Router
Start multicast endpoint

Start multicast address and port number. In multicast, all audio and video sources are streamed to different multicast addresses while using the same port number. This is because multicast switches and routers use the destination IP address to make their routing decisions. To follow the same approach, the Media Router assigns that same port number to all streaming devices (microphones and cameras), starting with the specified IP address, and incrementing it by 1 for every new devices it encounters.
RTSP port
Incoming TCP command port used by the Media Router.
Resources
Servers
All server management principles are the same for the Media Router role as with any other role. For more information, see "Managing servers and roles" on page 47.
588
Media Router
Database
All database management principles are the same for the Media Router role as with any other role. For more information, see "Managing databases" on page 52.
NOTE The Media Router role supports failover and accepts multiple secondary servers. The exception to the rule is that its database can be local to each server. For more information, see "Configuring role failover" on page 61.
589
Omnicast Federation
Omnicast Federation
The Omnicast Federation role imports entities from an remote Omnicast 4.x system so that its cameras and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Task: System Roles
Identity Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment. Connection parameters to the remote Omnicast system, and default video stream and of events to receive from it. Servers and failover configuration for this role.
Properties Resources
Related topics:
"Federating remote systems" on page 128 "Federating Omnicast systems" on page 131 "Security Center Federation" on page 601
590
Omnicast Federation
Identity
The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than 40 Omnicast Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear:
Click inside the Name field and type Ctrl+Shift+A.
591
Omnicast Federation
Properties
The Properties tab allows you to configure the connection parameters to the remote Omnicast system, and the default video stream and events you wish to receive from it.
The top section identifies the remote Omnicast system and its connection status.
Connection status. Shows the connection status of the federation role to the remote system.
Click Reset connection at the bottom of the tab to force a reconnection.
Directory. Name of the Omnicast Gateway connecting you to the remote Omnicast system. Username and password. Credentials used by the federation role to log on to the remote
Omnicast system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
Version. Version of the federated Omnicast system. This drop-down list only shows the
Omnicast versions for which a compatibility pack has been installed.
Received information
The bottom section describes the default video stream and events you wish to receive from the federated system.
592
Omnicast Federation
Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers
All server management principles are the same for the Omnicast Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
593
Plugin
Plugin
The Plugin role hosts a specific plugin. Each Plugin role instance hosts exactly one plugin of the type you select.
IMPORTANT You need to install the plugin package on your client and server computers before you can create the corresponding Plugin role, and you must make sure your Security Center license has a valid certificate for the plugin you want to use.
System: General Task: Plugins Plugins, or System Roles

Identity Properties Name, description, and relationships of this role with other entities in the system. Depends on the type of plugin the role is hosting. Other tabs might appear depending on the type of plugin you have. For more information, see the corresponding Plugin User Guide. Servers and database assigned to this role. The Plugin role supports failover. For more information, see "Configuring role failover" on page 61.
Resources
Related topics:
"Role" on page 462 RF Code Asset Management Plugin User Guide OnGuard and Video Translator Plugin User Guide
594
Point of Sale
Point of Sale
The Point of Sale role imports transaction data from an external point of sale (POS) system so that transaction reports can be generated from Security Desk for investigation purpose. The transactions are tied to the cash registers that were used to capture these transactions. Security Center can link Omnicast cameras to these cash registers, allowing users to search video sequences based on the transaction details. For more information, see Transactions in the Security Desk User Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see Enable Point-of-Sale plugin in the Security Center Installation and Upgrade Guide.
System: General Task: System Roles

Identity Properties Cash registers Resources Name, description, and relationships of this role with other entities in the system. Description of the external (third party) POS system database. Cash registers corresponding to the transactions imported by this role. Servers, database, and failover configuration for this role.
Related topics:
"Cash register" on page 400
595
Point of Sale
Properties
The Properties tab lets you configure how this role is to get the transaction data from the external POS system, and how long these data should be kept in Security Center.
Parameters for getting the transaction data

The Point of Sale role gets its data from the external POS system by polling its database at regular intervals. The first set of parameters tells the role how to get these data.
Database server. Database server used by the external POS system. Database. Database name used by the external POS system. Transaction header table. Table name used for transaction headers. Transaction details table. Table name used for transaction details (or transaction line items). data.
Fetch transaction every. Frequency at which the role should poll the POS database for new
Housekeeping parameters for the saved transaction data
Data fetched from the external POS database are saved to a database in Security Center. The local database where the transaction data is stored is configured in the Resources tab.
596
Point of Sale
Retention period. Number of days the transaction data should be kept locally. Cleanup period. Frequency of the local database cleanup. Cleanup time. Scheduled database cleanup start time.
Cash registers
The Cash registers tab lets you configure the cash registers (or terminals) whose associated transactions ought to be downloaded from the external POS database (see Properties tab).
Add a cash register

Add cash registers to have the Point of Sale role import their associated transactions from the external POS system. 1 Select the Point of Sale role from the System Roles. 2 Select the Cash registers tab and click
at the bottom of the list.
3 In the Cash register properties dialog box, enter the following: Name. Name of the cash register entity. Description. Description of the cash register entity. ID. External identifier (or primary key) used to identify the cash register in the external POS database.
597
Point of Sale
Partition. Partition the created cash register entity should belong to. Click different partition from your system.
to select
4 Click Save. 5 Click Apply. The new cash register entities are created and appear in the Logical view. You can associate cameras to the cash register entities. For more information, see "Cash register" on page 400.
Resources
Servers
All server management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database
All database management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing databases" on page 52.
598
Report Manager
Report Manager
The Report Manager role automates report emailing and printing based on schedules. Only one instance of this role is permitted per system. This role is created by default at system installation and hosted on your main server.
System: General Task: System Roles

Identity Properties Resources Name, description, and relationships of this role with other entities in the system. General parameters within which this role should operate. Servers and failover configuration for this role.
Properties
The Properties tab lets you configure the default behavior of this role.
599
Report Manager
Maximum number of results

Sets the maximum number of results that can be returned by any report. This limit helps prevent a broadly defined query from freezing your computer when too many results are returned. When the query reaches the specified limit, it stops automatically with a warning message.
NOTE The maximum value you can set is 10,000.
Resources
The Resources tab lets you configure the servers for hosting this role. The Report Manager role does not require a database.
Servers
All server management principles are the same for the Report Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
600
Security Center Federation

The Security Center Federation role imports entities from an remote Security Center system so that its entities and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. Multiple instances of this role can be created on the system. System: General Task: System Roles
Identity Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment. Connection parameters to the remote Security Center system, and default video stream and of events to receive from it. Servers and failover configuration for this role.
Properties Resources
Related topics:
"Federating remote systems" on page 128 "Federating Security Center systems" on page 133 "Omnicast Federation" on page 590
601
Identity
The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than 100 Security Center Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear: Click inside the Name field and type Ctrl+Shift+A.
602
Properties
The Properties tab allows you to configure the connection parameters to the remote Security Center system, and the default video stream and events you wish to receive from it.
The top section identifies the remote Omnicast system and its connection status.
Connection status. Shows the connection status of the federation role to the remote system. Server. Name of the main server (Directory) for the remote Security Center system. Username and password. Credentials used by the federation role to log on to the remote
Security Center system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
Received information
The bottom section describes the default video stream and events you wish to receive from the federated system. Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
603
Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers
All server management principles are the same for the Security Center Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
604
Web-based SDK
Web-based SDK
The Web-based SDK role exposes the Security Center SDK methods and objects as Web services to support cross-platform development. For example, this role allows an application developed on Linux to interoperate with your Security Center system. This role mainly exist for clients who need custom development. If you have such needs, please contact Genetec Professional Services for a quote through your sales representative or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com. System: General Task: System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. General parameters within which this role should operate. Servers and failover configuration for this role.
Related topics:
"Supporting cross-platform development" on page 164 "Macro" on page 429 "Tile plugin" on page 480
605
Web-based SDK
Properties
The Properties tab lets you configure what the external developers need to know to use the Web services.
Port + Base URI

These two parameters are used to determine the address of the Web service. For example, with Port=4590 and Base URI=WebSdk, the Web service address would be http:/ /<computer>:4590/WebSdk/, where <computer> is the DNS name or public IP address of the server hosting the Web-based SDK role.
Streaming port
Port where events will be streamed. The user can configure the events he wants to listen to.
Use SSL connection

Turn this option on (default=off) to use SSL encryption for communications with the Web service. Once this option is turned on:
The Web service address will use https instead of http. You need to configure the SSL settings:
Web-based SDK
Certificate. Name of the certificate to use. Use the form: CN=NameOfTheCertificate. The certificate must be registered in Windows. You can find procedures on the Web on how to do just that. Bind certificate to port. Turn this option on (default=off) to bind the certificate to the port. This operation does the same thing as you would normally do under Windows.
Resources
The Resources tab lets you configure the servers for hosting this role. The Web-based SDK does not require a database.
Servers
All server management principles are the same for the Web-based SDK role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
607
Zone Manager
Zone Manager
The Zone Manager role manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Multiple instances of this role can be created on the system.
System: General Zone management Task: System Roles

Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Database retention period for zone events. Servers, database, and failover configuration for this role.
Related topics:
"Managing zones" on page 160 "Zone (virtual)" on page 506
608
Zone Manager
Properties
The Properties tab lets you configure the retention period of the zone events in the database.
Keep events
Zone events are logged by the Zone Manager for zone activity reports. You can decide for how long you want to keep them before they are purged from the Zone Manager database. Related topics:
Zone activities task description in Genetec Security Desk User Guide.
609
Zone Manager
Resources
Servers
All server management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
Database
All database management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing databases" on page 52.
610
15
Administration tasks
This section lists all Security Center administration tasks in the order they appear in the Home page. Each task is covered with a short description, and when applicable, a short description for each of its configuration groupings. This section includes the following topics:
"Alarms" on page 612 "Logical view" on page 613 "Network view" on page 615 "Security" on page 617 "System" on page 618 "Video" on page 630 "Access control" on page 632 "Intrusion detection" on page 636 "LPR" on page 638 "Plugins" on page 649
611
Alarms
Alarms
The Alarms task allows you to configure alarms and analog monitor groups. System: General License option: Alarms Category: Administration The Alarms task includes the following views:
Alarms Monitor groups Lists all alarms in alphabetical order. For more information, see "Alarm" on page 351. Lists all monitor groups in alphabetical order. For more information, see "Monitor group" on page 432.
Related topics:
"Administration task workspace overview" on page 16 "Managing alarms" on page 111
612
Logical view
Logical view
The Logical view task allows you to configure the entities visible in the Security Desk (such as areas, cameras, doors, elevators, tile plugins, intrusion detection areas, zones, and so on) and organize them according to their logical relationships. Areas are used as logical groupings for other types of entities. Each area can represent a concept or a physical location. System: General Category: Administration
C D A B C D Currently selected entity (Suite 400). Click an entity to view its configuration. Jump to the configuration page of the selected entity in the Relationships group. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16

Logical view
"Managing the Logical view" on page 85
614
Network view
Network view
The Network view task allows you to configure the networks and servers in your system, and organize them according to your network topology. System: General Category: Administration
D A B C D Currently selected entity (Montreal network entity). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Managing the Network view" on page 82
Network view
"Network" on page 434 "Server" on page 471
616
Security
Security
The Security task allows you to configure the entities that pertain to the software security of your system, such as users, user groups, and partitions. System: General License option: None required Category: Administration The Security task includes the following views:
Users User groups Partitions Lists all users in alphabetical order. For more information, see "User" on page 482. Lists all user groups in alphabetical order. For more information, see "User group" on page 489. Lists all partitions in alphabetical order. For more information, see "Partition" on page 447.
Related topics:
"Administration task workspace overview" on page 16 "Managing software security" on page 89
617
System
System
The System task allows you to configure the system level settings as well as all system entities that are not visible in the Logical view, such as alarms, macros, schedules, and so on. System: General License option: None required Category: Administration The System task includes the following views:
General settings Roles Schedules Scheduled tasks Macros Output behaviors Lets you configure the system level settings. List all roles in alphabetical order. For more information, see "Role" on page 462. Lists all schedules in alphabetical order. For more information, see "Schedule" on page 463. Lists all scheduled tasks in alphabetical order. For more information, see "Scheduled task" on page 469. Lists all macros in alphabetical order. For more information, see "Macro" on page 429. Lists all output behaviors in alphabetical order. For more information, see "Output behavior" on page 437.
General settings
The General settings view includes the following settings pages:
"Custom fields" on page 619 "Events" on page 622 "Actions" on page 624 "Logical ID" on page 625 "User password settings" on page 626 "Activity trails" on page 627 "Audio" on page 628 "Threat levels" on page 629
618
System
Custom fields
(Only visible to administrative users) The Custom fields page is where you define custom fields and custom data types for your system entities. It contains two individual tabs:
"Custom fields" on page 619 "Custom data types" on page 621

Custom fields
The Custom fields tab lists all custom fields defined in your system and allows you to add new ones.
Each custom field is characterized by the following properties:
Entity icon/Field name. Custom field name and the entity type using it. Data type. Custom field data type. The default data types are:
Text. Alphanumeric text. Numeric. Integers in the range -2147483648 to 2147483647. Decimal. Real numbers from -1E28 to 1E28. Date. Gregorian calendar date. Date/Time. Gregorian calendar date and time.
619
System
Boolean. Boolean data, represented by a check box. Image. Image file. The supported formats are: bmp, jpg, gif, and png.
Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of fields. For more information, see "Search for entities using the Search tool" on page 43. Data types can also be user defined. For more information, see "Add a custom data type" on page 138.
Default value. (Optional) Preset default values are provided for certain data types. This
column displays the default value that was selected when defining the custom field. The selected value will appear when the field is displayed in the specific entity.
Mandatory. (Optional) A value must be provided with this type of fields otherwise the
system will not accept your changes.
Value must be unique. (Optional) Indicates a key field. This option does not apply to fields
using custom data types.
Group name/Priority. (Optional) Name the custom field is grouped under, and the fields
order of appearance within the group. For an example, see "Custom fields" on page 335. No group (1) is the default value. Custom fields that belong to no group appear first in the entitys custom field page.
Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom
field is part of is part of a shared global entity definition. Related topics:
"Add a custom field" on page 136 "Managing global cardholders" on page 296
620
System
Custom data types

The Custom data types tab lists all custom data types defined in your system and allows you to add new ones.
Each custom data type is characterized by the following properties:
Custom data type. Name of the custom data type. Description. Optional data type description. Values. Enumeration of acceptable values (text strings) for this data type. Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom data type is part of a shared global entity definition.
Related topics:
"Add a custom data type" on page 138 "Modify a custom data type" on page 139 "Managing global cardholders" on page 296
621
System
Events
(Only visible to administrative users) The Events page allows you to define the following:
"Event colors" on page 622 "Custom events" on page 623

Event colors
The Event colors tab allows you to assign different colors to different system events.
Event colors are used as visual cues in the Security Desk Monitoring task (event list and display tiles). For example, you can use red to indicate a critical event (someone attempted to use a stolen credential), and blue to indicate a less critical event (access granted). For more information, see Monitoring in the Genetec Security Desk User Guide.
622
System
Custom events
The Custom events tab allows you to view and add custom events to your system.
Custom events are names and identifiers given to input events. They are used to configure custom event-to-actions. For example, for a zone entity, you can associate the state of an input (normal, active, trouble) to a custom event such as Illegal entry. This custom event can then be used in an event-to-action sequence. For more information, see "Managing zones" on page 160.
623
System
Actions
The Actions page allows you to create event-to-actions for your system, and search for the ones that have already been defined, by source entity (name and type), event type, and action type.
Event-to-action list
Each row in this page corresponds to one event-to-action.
Entity. Source entity, or the entity to which the event is attached. Event. Name of the event that would trigger the action. Action. Name of the action triggered by the event. Arguments. Information required for the action. For example, if the action is Trigger alarm, the argument is the alarm type that is triggered. Or, if the action is Send a message, the argument is the email recipient.
Details. Additional details about the action. Schedule. Schedule that regulates this event-to-action. Event occurring outside the time
range covered by the schedule would not trigger any action. Related topics:
"Using event-to-actions" on page 106
624
System
Logical ID
The Logical ID page allows you to view and assign logical IDs to all entities defined in your system.
Show logical ID for

Logical IDs must be unique across all entities of a same group. The different groups of entity types are listed in this drop-down list.
NOTE Not all entity types can be selected by group. To view all entities, select All types.
Scroll through the pages using the
and
buttons.
To assign or change a logical ID, type in the box in the ID column.

TIP You can also change the logical ID from the Identity tab of each entitys configuration page.
For more information, see "Identity" on page 332.
Hide unassigned logical IDs

Select this option to show only entities with a logical ID assigned.
625
System
Alarm monitoring
Assign a logical ID to the Alarm monitoring task in Security Desk. This allows the Security Desk user to call up the Alarm monitoring task with the keyboard. For more information, see Alarm monitoring in the Security Desk User Guide.
User password settings

(Only visible to administrative users) The User password settings page is where you can enforce a minimum complexity on all user passwords created on your system, and to configure the advanced password expiry notification period (0 to 30 days).
NOTE The password complexity is not enforced on existing passwords.
626
System
Activity trails
(Only visible to administrative users) The Activity trails page allows you to select the types of activity (or events) to be logged for Activity trails task in Security Desk.
For more information, see "Investigating user related activity on the system" on page 182.
627
System
Audio
(Only visible to administrative users) The Audio page shows all the sound bites (.wav files) available to your system. Sound bites can be used to alert you on certain events, such as when you receive a new alarm, or to be used with the Play a sound action.
Security Center is installed with a default selection of sound bites (.wav files). You can add, delete, or rename any sound bite in the list. To add a new sound bite: 1 Click , select a .wav file from the dialog box that appears, and click Open. to change its name. A new sound bite bearing the name of selected .wav file is added to the list. 2 (Optional) Select the new sound bite, and click 3 To listen to the new sound bite, click .
628
System
Threat levels
(Only visible to administrative users) The Threat levels page lists all threat levels configured in your system and allows you to add new ones, and to modify and delete existing ones.
Threat level list

Each row in this page corresponds to one threat level.
Threat level. Threat level name. Description. Threat level description . Color. Color identifying this threat level. The Security Desk background turns to this color
when the threat level is set at the system level.
Activation actions. Number of actions in the threat level activation list. These actions are
executed by the system when the threat level is set.
Deactivation actions. Number of actions in the threat level deactivation list. These actions
are executed by the system when the threat level is cleared. For more information, see "Managing threat levels" on page 117.
629
Video
Video
The Video task allows you to configure the video management specific roles and the video units they control. System: Omnicast IP video surveillance License option: Omnicast Category: Administration
A B
D A B C D Selected entity (Axis PTZ). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "What are the Omnicast entities?" on page 188
Video
"Archiver" on page 521 "Auxiliary Archiver" on page 543 "Media Router" on page 585 "Video unit" on page 494 "Camera (video encoder)" on page 368
631
Access control
Access control
The Access control task allows you to configure the general settings for access control and the related entities such as Access Manager roles, access control units, access rules, cardholders, credentials, badge templates, and so on, that are not found in the Logical view. System: Synergis IP access control License option: Synergis Category: Administration The Access control task includes the following views:
Roles and units Shows the access control specific roles and the units they control in a hierarchy. For more information, see "Access Manager" on page 511 and "Access control unit" on page 337. Lists all cardholders in alphabetical order. For more information, see "Cardholder" on page 395. Lists all cardholder groups in alphabetical order. For more information, see "Cardholder group" on page 398. Lists all credentials in alphabetical order. For more information, see "Credential" on page 401. Lists all access rules in alphabetical order. For more information, see "Access rule" on page 349. Lists all badge templates in alphabetical order. For more information, see "Badge template" on page 365. Lets you configure the general settings pertaining to access control and to install and configure custom card formats.
Cardholders Cardholder groups Credentials Access rules Badge templates General settings
Related topics:
"How does Synergis work?" on page 252 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337 "Access rule" on page 349 "Badge template" on page 365 "Cardholder" on page 395 "Cardholder group" on page 398 "Credential" on page 401
632
Access control
Roles and units

The Access control Roles and units view shows the access control roles and the units they control in a hierarchy.
D A B C D Selected view (Roles and units). Select an entity to configure. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337
633
Access control
General settings
The Access control General settings view lets you configure the general settings pertaining to access control, and to install and configure custom card formats.
D A B C D Selected view (General settings). List of card request reasons. See "Card request reasons" on page 635. List of installed custom card formats. Click "Custom card formats" on page 635. See "Contextual command toolbar" on page 17. to open the Custom card format editor. See
Trigger event Entity is expiring soon

Cardholders and credentials can be set to expire on a certain date. Turn this option on (default=off) to have Security Center generate the Entity is expiring soon event n days before a cardholder or a credential expires. The purpose of this event is so that you can use it to trigger an action (such as Send a message) to warn someone of the upcoming expiry.
NOTE Credentials associated to an expired cardholder will inherit the status of the latter (though this does not show in the configuration of any credential).
634
Access control
Create incident before door state override

Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they lock or unlock a door manually, or override the unlock schedule assigned to the door. For more information, see Manually controlling door access and Reporting an incident in the Security Desk User Guide.
Card request reasons

If a user does not have a printer on site, or close by when they are creating a cardholder from the Cardholder management task, they can request a credential card to be printed by another user on the system. In the Card request reasons section, you can create reasons for users to choose from to explain why they are requesting a card. For example, a common reason could be no printer on site.
To add a card request reason, click . To modify a card request reason, click . To delete a request reason, click .
For more information about requesting credentials, see Request a credential card in the Security Desk User Guide.
Maximum picture file size

Set the maximum size of a picture file (such as a cardholder picture) saved in the Directory database. Large picture files (like the ones produced by digital cameras) can quickly use up the space in the Directory database and impact performance. When loading image files, Security Center automatically reduces the image size so their file size falls under the set limit. The default value is 20 KB. You can set this limit anywhere between 20 and 500 KB.
NOTE This value is also used and modified by the Import tool. For more information, see "Import tool" on page 657.
Custom card formats

Security Center allows you to define custom card formats. The custom card formats defined in your system are listed here. For more information, see "Using custom card formats" on page 287. You can add, delete, and modify custom card formats using the Custom card format editor. For more information, see Tools "Custom card format editor" on page 670.
635
Intrusion detection
Intrusion detection
The Intrusion detection task allows you to configure the Intrusion Manager roles and the intrusion detection units they control System: Intrusion detection License option: Number of intrusion detection units > 0. Category: Administration
A B
D A B C D Selected entity (Bosh GV3). Select an entity to configure. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Managing intrusion panels" on page 155
Intrusion detection
"Intrusion Manager" on page 563 "Intrusion detection unit" on page 423
637
LPR
LPR
The LPR task allows you to configure the general settings for LPR (license plate recognition) and the related entities such as LPR Manager roles, LPR units, hotlists, permits, overtime rules, and so on, that are not found in the Logical view. System: AutoVu IP license plate recognition License option: AutoVu Category: Administration The LPR task includes the following views:
Roles and units Shows the LPR Manager roles and the LPR and Patroller units they control as a hierarchy. For more information, see: "LPR Manager" on page 567. "LPR unit" on page 426. "Patroller" on page 450. Lists all hotlists in alphabetical order. For more information, see "Hotlist" on page 414. Lists all overtime rules in alphabetical order. For more information, see "Overtime rule" on page 439.
Hotlists Overtime rules
Parking facilities Lists all parking facilities in alphabetical order. For more information, see "Parking facility" on page 444. Permit restrictions Permits General settings Lists all permit restrictions alphabetical order. For more information, see "Permit restriction" on page 457. Lists all permits in alphabetical order. For more information, see "Permit" on page 453. Lets your configure the general settings pertaining to license plate recognition and the generation of LPR hits.
Related topics:
About AutoVu in the AutoVu Handbook.
638
LPR
Roles and units

The LPR Roles and units view shows the LPR Manager roles and the units they control in a hierarchy.
A B C D
Selected view (Roles and units). Select an entity to configure. Configuration pane of the selected entity. See Contextual command toolbar in the Security Center Administrator Guide.
639
LPR
General settings
The General settings view includes the following settings pages:
"Applications" on page 640 "Hotlist" on page 642 "Overtime rule" on page 644 "Permit" on page 645 "Annotation fields" on page 646 "Updates" on page 647
Applications
The Applications tab lets you configure how Security Desk displays maps in the Monitoring and Route playback tasks. You can also limit the number of logon attempts in Patroller, enforce Patroller privacy settings, and set the attributes a Patroller user must enter when enforcing a hit.
640
LPR
Map type. Display-only field showing the type of map system supported by your Security
Center license. The choices are Bing, MapInfo, and None.
Color for reads. Click to select the color used to show license plate reads on maps. Initial longitude/latitude. Set the default starting location for map view in Security Desk.
You can type the coordinates in the fields or click Select and zoom in on a location and click Select. A red pushpin appears to indicate the selected position.
Logon attempts before lockdown. You can specify the number of unsuccessful logon
attempts a Patroller can make before the account is locked out. For example, if the limit is set to 3, Patroller users have three attempts to log on to Patroller with their username and password. On the fourth attempt, their accounts will be locked and they wont be able to logon. Users with locked accounts must contact their administrators in order to have the password reset. Patroller must be connected to the Security Center server for the password to be reset.
Privacy. You can configure Patroller to obscure plate numbers, or exclude plate, context, or
wheel images from reads and hits so that the information is not stored in the LPR Manager database. These settings allow you to comply with privacy laws in your region:
License plate, context, or wheel images. When switched to On, images are not sent to Security Center or included in offloaded data.
License plate. When switched to On, the plate number text string is replaced by asterisks (*) when sent to Security Center or in the offloaded data. At the hotlist level, you have the option of overriding these privacy settings for the purpose of sending an email with real data to a specific recipient (see "Advanced" on page 418).
Enforced hit attributes. Create text entry fields that Patroller users must enter text in when
they enforce a hit. The information from the enforced hit text fields can be queried in the Security Desk hits report.
641
LPR
Hotlist
The Hotlist tab allows you to define the customized attributes, reasons, and categories that will appear in Patroller when the user adds a New wanted entry, or rejects or accepts a hit. The settings are downloaded to Patroller along with the selected hotlists when Patroller connects to Security Center. These settings are also available as filter options for hit reports in Security Desk.
New wanted attributes. A new wanted is a hotlist item that is manually entered by the
Patroller user. The new wanted attributes are attributes other than the standard ones (plate number, plate issuing state, category) that the Patroller user is asked to specify when entering a new wanted item in the Patroller. One category is pre-configured for you when you install Security Center. For more information, see Configuring New wanted attributes and categories in the AutoVu Handbook.
New wanted categories. List of hotlist categories that a Patroller user can pick from when
entering a new wanted item. The category is the attribute that says why a license plate number is wanted in a hotlist. Several categories are pre-configured for you when you install Security Center.
642
LPR
For more information, see Configuring New wanted attributes and categories in the AutoVu Handbook.
NOTE BOLO is an acronym for be on the lookout, sometimes referred to as an all-points
bulletin (APB).
Hit reject reasons. List of reasons for rejecting hotlist hits. These values also become
available as Reject reason filter options for generating hit reports in Security Desk. Several categories are pre-configured for you when you install Security Center. For more information, see Configure hit accept and hit reject reasons in the AutoVu Handbook.
Hit accept reasons. Create a survey that contains information Patroller users must provide
when they accept a hit. The information from the hit survey can be queried in the Security Desk Hit report. There are no pre-configured categories for this option. The category you see above is an example only. For more information, see Configure hit accept and hit reject reasons in the AutoVu Handbook.
Enable No infraction button. Select this option to enable the No infraction button in the
Patroller hit survey. This button allows the Patroller user to skip the hit survey after enforcing a hit.
643
LPR
Overtime rule
The Overtime rule tab allows you to define the custom reject reasons for overtime hits. The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
644
LPR
Permit
The Permit tab allows you to define the custom reject reasons for permit hits, and to select the minimum elapsed time for shared permit violations (University Parking Enforcement only). The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
Hit reject reasons. List of reasons for rejecting permit hits or shared permit hits. These
values also become available as Reject reason filter options for generating hits reports in Security Desk.
Maximum elapsed time for shared permit violation. This parameter defines the time
period used by University Parking Enforcement Patrollers to generate shared permit hits. A shared permit hit is generated when two vehicles sharing the same permit ID are parked in the same parking zone within the specified time period. For example, lets say youre using the default 120 minutes (two hours), and license plates ABC123 and XYZ456 are sharing the same parking permit. If Patroller reads plate ABC123
645
LPR
at 9:00 A.M., and then reads plate XYZ456 at 11:01 A.M., Patroller does not raise a hit because the time exceeds the 120 minutes.
Annotation fields
The Annotation fields tab allows you to define additional selectors to appear in Security Desk Reads or Hits report. To be valid, the selector must relate exactly to the information contained in the actual read or hit.
EXAMPLE If you configure CarModel and CarColor as an Enforced hit attribute (see
"Applications" on page 640), the Patroller user will be asked to enter the cars model and color when enforcing a hit, and the information will be stored with the hit. Specifying CarColor as an Annotation field will allow the values entered by the user to be displayed in a Hits report.
You can also add user custom fields to annotation fields in order to associate a users metadata with individual reads and hits. This allows you to query and filter for the user custom fields in Security Desk Reads and Hits reports. Associate user custom fields with reads and hits in the AutoVu Handbook
646
LPR
Updates
The Updates tab allows you to update Patrollers and Sharp units with hotfixes or new sound files for hit alerts. You can also update services on Sharp units, and upgrade Sharp firmware. Before you can send updates, you need to receive the updates from Genetec and place them in the Updates folder under the LPR Root folder. For more information, see Updating Patroller and Sharp units from Security Center in the AutoVu Handbook.
Collapse all. Collapses all items in the Entity field. Expand all. Expands all items in the Entity field. Update all. Update all units that are controlled by the currently-selected LPR Manager. This
button updates only the units on the current tab. For example, if youre on the Patroller and Sharp units tab, youll update all Patrollers and Sharp units on the list.
Status. Shows the status of the update. The possible statuses are:
Not available. Updater service is not supported (for example, Sharp versions 1.5 and 2.0 with less than 512 MB RAM). Entitled. The client machine can receive the update.
647
LPR
Synchronizing. The client machine has started synchronizing with the server. Synchronized. All update files have been successfully downloaded to the client machine. The client machine is waiting for the update to be applied. Installing. Client machine has accepted the update, and has started replacing outdated files with new files. Installed. The new updates have successfully been applied to the client machine. Uninstalling. The update is being removed from the client machine. Uninstalled. The update has been successfully removed from the client machine.
Error. An error occurred in the update process. Drop folder. Opens the required folder for you to copy the update file. For example, clicking the drop folder icon for a Patroller entity opens C:\Genetec\AutoVu\RootFolder\Updates\Patroller (default location).
NOTE If Security Center is running on a computer that doesnt have access to the server
computer, clicking the drop folder opens the My Documents folder on the local machine.
Patrollers and Sharp units. Displays the Patrollers and Sharp units (fixed and mobile) that
are eligible for an update.
Update services. Displays the Sharp services that are eligible for an update. Firmware upgrade. Displays the Sharp units that are eligible for a firmware upgrade.
648
Plugins
Plugins
The Plugins task allows you to configure plugin management roles and their related entities. Category: Administration
A B
D A B C D Currently selected entity (RF Code Asset Management Plugin). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16
649
16
Tools and utilities
This section describes all tools and utilities available in Config Tool. They are presented in the same order as they appear in the Home pages Tools page.
NOTE The last three topics are not from the Tools page.
"Security Desk" on page 651 "Access troubleshooter" on page 652 "Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655 "Import tool" on page 657 "Copy configuration tool" on page 668 "Custom card format editor" on page 670 "Options dialog box" on page 678 "Adding shortcuts to external tools" on page 692
650
Security Desk
Security Desk
The Security Desk is the unified user interface for your Security Center system. Its user interface is designed to provide consistent operator workflow across all of the Security Center's main systems, Omnicast, Synergis, and AutoVu. Clicking on the Security Desk icon opens this application with the same credentials you are currently logged on with in Config Tool.
Security Desk tasks are organized into four main categories:
Operation. Tasks related to the day-to-day Security Center operations. Investigation. Tasks allowing you to query the Security Center databases, and those of
federated systems, for critical information.
Maintenance. Tasks pertaining to maintenance and troubleshooting. These tasks are also
available from Config Tool. Related topics:
Genetec Security Desk User Guide.
651
Access troubleshooter
You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:
Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting access points" on page 321.
Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting cardholder access rights" on page 322. Find out why a given cardholder can, or cannot use an access point at a given date and time. See "Diagnosing cardholder access rights based on credentials" on page 323.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Cardholder" on page 395 "Cardholder group" on page 398 "Door" on page 404 "Elevator" on page 410
652
Unit discovery tool
Unit discovery tool

The unit discovery tool is a generic tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system.
For information about discovering access control units when you do not know their IP address, see "Add access control units using the Unit discovery tool" on page 265. For information about discovering video units:
"What is automatic discovery?" on page 196 "Add video units using the Unit discovery tool" on page 196
653
Unit replacement
Unit replacement
The unit replacement tool is used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one.
You can replace access control units and video units using the Unit replacement tool.
For information about replacing access control units, see "Replace access control units" on
page 311.
For information about replacing video units, see "Replace video units" on page 234.
654
Move unit
Move unit
Move unit is a generic tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.
Related topics:
"Unit replacement" on page 654
Moving units
Before you begin: Please note the following:
Video unit. The Archiver role must be on the same LAN as the video unit it controls. Unit
manufacturer extensions are automatically created for the type of unit the Archiver needs to control. However, if you are using custom settings, such as custom logon credentials, you need to configure them manually on the new Archiver role. For more information, see "Archiver" on page 521.
Intrusion detection units. The Intrusion Manager role must be on the same LAN as the
intrusion detection unit it controls. Certain unit manufacturer extensions must be created and configured manually. If the intrusion panel is physically connected to a serial port on the server hosting the original role, make sure you do the same with the server hosting the new role. For more information, see "Intrusion Manager" on page 563.
Access control units. The Access Manager role must be on the same LAN as the access
control unit it controls. You must also create the unit manufacturer extension manually. For more information, see "Access Manager" on page 511.
LPR units. The LPR Manager role must be on the same LAN as the LPR unit it controls.
Also make sure that the discovery port configured on the LPR unit matches that of the new LPR Manager. For more information, see "LPR Manager" on page 567.
Patroller units. The LPR Manager role must be able to connect through a wireless network
by the Patroller it manages. The new LPR Manager must use the same settings (hotlists, permits, Patroller user groups, etc.) as the previous LPR Manager. For more information, see "LPR Manager" on page 567. You also need to reconfigure the Patroller so it will connect to the new LPR Manager (IP address and port for live connection, and update provider port). For more information, see Patroller Config Tool reference in the AutoVu Handbook. Once youre done, restart the Patroller. It should be discovered by the new LPR Manager and update its hotlists and permits (if applicable).
655
Move unit
To move units: 1 From the Home page, click Tools > Move unit. 2 From the drop-down list, select the Unit type you want to move. 3 Select the units you want to move. 4 Select the new manager role from the second drop-down list (Archiver role, Access Manager role, LPR Manager role, and so on). The new role must be different from the current role.
5 Click Move to start the process. When the operation is complete, if you made a mistake or need to move the units again, repeat Step 3 to Step 5. 6 Click Close.
656
Import tool
Import tool
The Import tool is a Synergis specific tool that allows you to import cardholders, cardholder groups, and credentials from a CSV file. The CSV file must be plain text with delimiters (commas, spaces, periods, and so on) to separate the fields. The delimited fields in the text files would represent values like first name, last name, cardholder group, path and filename of employee photo, and so on.
NOTE The use of this tool is limited to administrative users.
Four import scenarios are offered by this tool:
Import credentials alone (credential name, card format, facility code and card number,
status, and the partition the credential belongs to).
Import cardholders alone (cardholder name, description, picture, email, status, custom
fields, and the group and partition the cardholder belongs to). Import cardholders and credentials together (in this case, the cardholder and the credential are specified on the same line and automatically linked together). Replace old credentials with new ones (see "Replacing old credentials" on page 666).
NOTE The Import tool can also be called from a scheduled task via the Import from file action.
For more information, see "Scheduled task" on page 469. Related topics:
"Custom fields" on page 619 "Custom card format editor" on page 670
Sample import scenario

Lets import a file containing 3 new cardholders. The sample file we will import is called EmployeeData.csv and contains the following lines: #First name,Last name,Cardholder description,Cardholder email,Picture,Cardholder group,Cardholder status,Credential name,Facility code,Card number,Credential status Abdoulai,Koffi,Market Analyst,akoffi@genetec.com,C:\Data\Cardholder\Pictures\Abdoulai Koffi.png,Marketing,Yes,82968378,102,8,active Andrew,Smith,Sales Representative,asmith@genetec.com,C:\Data\Cardholder\Pictures\Andrew Smith.png,Sales,Yes,82748590,101,12,active
657
Import tool
Audrey,Williams,Technical Writer,awilliams@genetec.com,C:\Data\Cardholder\Pictures\Audrey Williams.png,TechWriters,Yes,83748952,104,18,active This plain text file, EmployeeData.csv contains 4 rows of text. The first row is a comment line, listing the cardholder and credential fields that are included in the CSV file as a reference. The following three rows contain the fields that will be imported. You also can add additional custom fields if they have been created for cardholder or credentials in Security Center. For more information, see "Fields that can be imported from a CSV file" on page 662.
Going through the import steps

1 In the Config Tool, click Tools and select the Import tool. The Import tool window opens. 2 Enter the path to the CSV file you want to import, and click Next. The Settings page appears.
3 Set the Encoding type. This is the character encoding used by the selected CSV file. The default selection is the default encoding used on your PC. If you open the CSV file on your PC and see all the characters displayed correctly, you do not need to change the default settings. 4 Set the CSV field delimiters (Column, Decimal, Thousand).
Import tool
On first use, the tool takes the delimiter settings from Windows Regional Options (Control Panel > Region and Language > Additional settings). After the first use, the tool will remember the last delimiter settings you used. By default, Microsoft Excel also uses the field delimiters from Windows Regional Options when saving a CSV file. This can be overridden in Excel. It is recommended that you open the CSV file in WordPad to confirm the formatting delimiters obtained. When using a space as the Thousands separator, you can specify whether the space is nonbreaking or not. 5 Set where the import is to start. The first line in a CSV file is 1. You can choose to start the import at any line you want. For example, you can skip the first line and use it as column headings or a comment line. A comment line is a line with the hash character (#) in column 1. 6 (Optional) Set the maximum size for picture files. Large picture files (like the ones produced by digital cameras) can very quickly use up the configuration database and impact performance. To minimize the impact of large picture files, the Import tool automatically reduces their sizes before loading them. It does this by reducing the resolution of the image until its file size falls below the Maximum picture file size limit. The default value is taken from your access control system settings. Changing its value in the Import tool also changes your system settings. For more information, see Access control General settings "Maximum picture file size" on page 635. 7 Add the credential as part of the cardholder key. By default, the Import tool uses the combination of the first and last name to identify cardholders. If a cardholder already exists in the database, it is updated with the information read from the CSV file. If it does not, it is added. Using just the first and last names to differentiate cardholders might not be enough. One solution is to combine the credential information to the cardholder key. This is done by selecting the option Add credential to cardholder key. With this option, two lines from the CSV file refer to the same cardholder only if they contain the same cardholder first name, last name and credential data.
NOTE This option is only applicable when both cardholders and credentials are imported
from the same CSV file. When this solution is not applicable, other cardholder information can be used to strengthen the cardholder identification. We will come to this solution in Step 14. 8 (Optional) Set the default Card format. The default card format is only used when no credential card format is specified in the CSV file or when the field identified as Card format in the CSV file is blank. 9 Select the desired Credential operation. You have two choices:
Add. This is the default option.

659
Import tool
All credentials read from the CSV file are added as entities to your system. If a credential already exists in your database, it will be updated.
Replace. This option allows you to replace old credentials with new ones. In the Bindings page that comes next, you will find additional field options to specify the old (previous) and new credential values. For more information, see "Replacing old credentials" on page 666.
10 (Optional) Set the background transparency of the imported cardholder pictures. If the cardholder pictures you are importing were taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you created a badge template that has an image in the background. a Set the Transparency color option to ON. b Select the color of the chroma key screen the cardholder pictures were taken in front of (usually green or blue). c Set transparency percentage. 11 (Optional) Set a default Badge template for the imported cardholders. The badge templates available are ones you have already created in Config Tool. See "Defining badge templates" on page 289. 12 Click Next. The Bindings page appears.
660
Import tool
The bindings windows displays sample data from the first row to be imported from your file. The first row to be imported is the Start line (see Step 5). 13 Bind each sample value to the database field that it should be imported to. For more information, see "Fields that can be imported from a CSV file" on page 662. If you need to skip a column in your CSV file, just leave the Binding column blank.
NOTE The information read from the CSV file is used to create new entities in your system.
For entities like cardholders and credentials, a minimum amount of information is required. If the information is incomplete, you will not be able to move to the next step. For more information, see "About minimum required information" on page 664. 14 (Optional) Add more fields to the cardholder key. When you need more than the first and last name to differentiate cardholders, you can supplement the cardholder key with additional information. This is done by selecting the Key check box next to each field you want to add to the cardholder key. Not all fields can be part of the cardholder key. The check box is disabled if a field is not eligible.
TIP The other method to strengthen the cardholder identification is to add the credential data to the cardholder key, as described in Step 7.
15 Click Next. The Import tool imports the contents of your CSV file into the database. A summary window will appear confirming the number of entities imported and the number of errors encountered. 16 Click to copy and paste the contents of the report. 17 Click Close.
661
Import tool
Fields that can be imported from a CSV file

The following table describes all database fields that can be imported from a CSV file.
Field name Field type Description
Card format
Unsigned integer or string
Credential card format.You can use one of the following values: 0 = Standard 26 bits 1 = HID H10306 34 Bits 2 = HID H10302 37 Bits 3 = HID H10304 37 Bits 4 = HID Corporate 1000 (35 Bits) To specify a custom card format, you must spell it in exactly the same way as you created it. If no card format is specified in a CSV line, the default format specified on the import settings page is used. You can specify a field in a specific card format, including custom card formats. For more information, see "Custom card format editor" on page 670. Field of an old credential to replace. These (previous value) choices appear only if you selected Replace as Credential operation. For more information, see "Replacing old credentials" on page 666. Cardholder custom field. For more information, see "Custom field limitations" on page 665. Name of the cardholder group the cardholder should belong to. If the cardholder group does not exist, it will be created in the same partition as the cardholder. Credential custom field. For more information, see "Custom field limitations" on page 665.
{Format} - Field name
See "About card facility code and numbers" on page 665 See "About card facility code and numbers" on page 665 As defined by the custom field String
{Format} - Field name (previous value)
Cardholder <Field name>
Cardholder group
Credential <Field name>
As defined by the custom field
662
Import tool
Field name
Field type
Description
Credential card data
String
The card data field allows the user to fill in the data for both standard and custom card formats. When this field is specified, the facility code and the card number fields are ignored. For all standard card formats, the string must contain the facility code followed by the card number. The accepted separators are the / and | characters. For example 35/20508 corresponds to Facility code= 35 and Card number = 20508. For a custom card format, the data should be arranged according to the custom card format definition. Cardholder entity description. Cardholder email address. Cardholder first name. This field is part of the default cardholder key. Cardholder last name. This field is part of the default cardholder key. Credential entity name. If no name is specified, the default value Imported credential or Unassigned imported credential is used. Name of the partition the cardholder should belong to. If the partition does not exist, it will be created. If it is not specified, the cardholder is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91. Name of the partition the credential should belong to. If the partition does not exist, it will be created. If it is not specified, the credential is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91. Path to a cardholder picture file (bmp, jpg, gif, or png). The path must reference a file located on the local machine or on the network. Credential corresponding to a PIN. Valid range is between 0 and 65535.
Description Email First name Last name Name
String String String String String
Partition
String
Partition
String
Picture
String
PIN
Unsigned integer
663
Import tool
Field name
Field type
Description
Status
Boolean
Cardholder status. The following values are accepted (not case sensitive): 1, True, Yes = Profile enabled 0, False, No = Profile disabled Credential status. The following values are accepted (not case sensitive): Active Inactive Lost Stolen Expired
Status
String
About minimum required information

The information found in the CSV file must be coherent or it will not be accepted by the Import tool. When required information is missing, the Next button in the Bindings page is disabled. Each type of imported entity requires a minimum amount of information. The following table describes what is required for each type of entity.
Entity type Minimum information required
Credential
You have the choice of two credential keys: Supply all fields required by a given card format. Supply the Credential card data. If you choose a custom card format, all fields required by your card format must be bound to a column in the CSV file. Otherwise, the CSV file will be rejected. When credential are being imported, either one of these two keys must be present. If both keys are missing values, the line will be discarded. If both keys are present, only the card data is imported.
Cardholder
The default cardholder key is the combination of the cardholders first and last name. One of these two fields must be bound to a CSV column if cardholders are to be imported. When cardholders are being imported, all CSV lines must have a value in at least one of these two fields. If not, the line would be discarded.
Cardholder group Partition
Only the cardholder group name is required. Missing the cardholder group will not cause a line to be discarded. Only the partition name is required. Missing the partition name will not cause a line to be discarded.
664
Import tool
Custom field limitations

You can import cardholder and credential custom field values from CSV files with the following limitations:
You cannot import custom fields using the Entity data type. Custom fields using the Date data type must be imported with the format YYYY-MM-DD. The Import tool performance decreases as the number of custom fields per imported record
increases.
When you have a large number of custom fields per record, the number of records you can
import at once might also be limited. For example, if your records contain 100 custom fields each, including a 25 KB image data field, you can only import 1000 records at a time. For more information, see "Custom fields" on page 619.
About card facility code and numbers

Depending on the card format, the facility code might not be necessary. The card number is always required. The valid number range for the facility code and card number is shown in the table below. This table describes the standard card formats supported by Security Center. Additional card formats can be added with the Custom card format editor. For more information, see "Custom card format editor" on page 670.
Card format Facility code range Card number range
Standard 26 bits HID H10306 34 Bits HID H10302 37 Bits HID H10304 37 Bits HID Corporate 1000 (35 bits)
0 to 255 0 to 65 535 Not requireda 0 to 65 535 0 to 4095 (also known as Company ID Code
0 to 65 535 0 to 65 535 (also known as Card ID Numbers) 0 to 34 359 738 367 0 to 524 287 0 to 1 048 575 (also known as Card ID Numbers)
a. If HID H10302 37 Bits is the only card format referenced in your CSV file, it is preferable to bind the card number to the Security Center Card data field instead of the Card number field since the facility code is not required. Because a single value is stored in the Credential card data field, no separator character is needed.
665
Import tool
About entity creations and updates

Security Center supports multiple entities with the same name. If a cardholder already exists in Security Center with the same first and last name combination as one being imported, only the first matching cardholder found in the Security Center will be updated (for example, with a new description from the imported CSV file). If there are two cardholder groups with the same name (for example, created in two different partitions) and an imported cardholder is assigned to one of these cardholder groups, the cardholder will be assigned to the first cardholder group found. The same logic also applies to partitions. If the same cardholder is imported twice, each time with a different cardholder group, in the end, the cardholder will belong to both cardholder groups. Again, the same logic applies to partitions. However, the association between cardholders and credentials might be treated differently, depending on whether the credential is part of the cardholder key or not. For more information, see "Add the credential as part of the cardholder key." on page 659.
EXAMPLE Suppose that the cardholder key is only composed of the cardholders first and last
names. The result of importing the following CSV file is the creation of a new cardholder: First name = Joe, Last name = Dalton, Email =JDalton@genetec.com, and with two card credentials (12/555 and 12/556).
First name Last name Facility code Card number Email
Joe Joe
Dalton Dalton
12 12
555 556
jdalton@acme.com jdalton@acme.com
However, if the credential is also part of the cardholder key, the same CSV file will generate two separate cardholders with the same first name, last name and email address.
Replacing old credentials

Using the Import tool, you can replace old credentials (for example, if you company wishes to replace the ID cards of all its employees with new ones). Before you begin: Create a CSV file with both old and new credential values. Each line must contain both the old credential and the new credential to replace it with. 1 Start the Import tool as usual. For more information, see "Going through the import steps" on page 658. 2 In the Settings page, select Replace as Credentials operation, and click Next. 3 In the Bindings page, bind the old credential values with the fields labelled as (previous value), the new credential values with the fields not labelled as (previous value).
666
Import tool
NOTE The old and new credential must use the same card format. If the new credentials are to be assigned to the same cardholders, they must also be specified in the CSV file, and cannot be different than the current cardholder of the old credentials.
4 Click Next. The Import tool will change the status of the old credential to Inactive, while creating the new credential as Active. If the cardholders are also imported in the same file, the new credentials will be associated to the cardholders. The result of the operation will be displayed in a summary window. 5 Click to copy and paste the contents of the report. 6 Click Close.
667
Copy configuration tool

The copy configuration tool helps you save configuration time by copying the settings of one entity to many others that partially share the same settings.
NOTE The use of this tool is limited to administrative users.
Using the copy configuration tool

When you have many similar entities to configure, you can save time by copying the settings of one entity to others of the same type using the Copy configuration tool. 1 Select the Home page overview and select Tools from the Home menu. 2 Select the Copy configuration tool. The Copy configuration tool wizard window opens.
3 Select an entity type and click Next. 4 Select the source entity you want to copy the settings from, and click Next. 5 Select the options (groups of settings) you want to copy, and click Next.
668
6 Select the destination: entities you want to copy the settings to, and click Next. The copying process starts. 7 Click Close when the copying process is completed.
669
Custom card format editor

The custom card format editor is a Synergis-specific tool that allows you to define your own card formats. It is available from the Access control task, General settings view.
NOTE This tool is only available to administrative users.
Related topics:
"Using custom card formats" on page 287
Defining custom card formats

The Custom card format editor allows you to define custom card formats manually or to import them from XML files.
A
C D
F G
A B C
Fixed value field (indicated by the padlock
icon).
Card format name and description listed in the Access control task, General settings view. Format used to display Credential code in reports.
670
D E F G
Select the card format type and length before defining the fields. Field designated as the sequence generator (indicated by the plus Validate the format with pre-enrolled credentials. Import/export card format from XML file. icon).
To define a new custom card format: 1 From the Home page in Config Tool, open the Access control task. 2 Select the General settings view. 3 Below Custom card formats, click ( ) to open the Custom card format editor. 4 Enter the Name and Description of the custom card format. 5 Specify the Card format type and Format length.
Wiegand (8 to 128 bits) ABA (2 to 32 characters)
6 Define the data fields that constitute the custom card format. The total length of the fields cannot exceed the format length.
For more information, see "Defining Wiegand fields" on page 672. For more information, see "Defining ABA fields" on page 674.
7 (Optional) For Wiegand, you might have to add parity check bits to the format. For more information, see "Adding parity checks" on page 673. 8 (Optional) For Wiegand, you can designate one field as the sequence generator. The sequence generator is used in to let you enroll a range of credentials in bulk.
The field designated as the sequence generator allows you to define a range of values for bulk credential enrollment in Security Desk
For more information regarding the credential enrollment task, see Credential enrollment in the Security Desk User Guide. 1 (Optional) Enter the format string for printing the credential code.
671
The credential code is the printed form of the credential data. It is an optional column that is available in most access control related reports. The Code format string tells the system how to print the credential data. To include a field in the credential code, the field name must be specified in the code format string as it is spelled in the card format field definition, between curly brackets { }. The field names are case-sensitive. Any other characters in the format string that are not found between curly brackets are printed as is. For example, with the format string {Facility}/{Card Number}, a credential with the respective field values 230 and 7455 will be printed as 230/7455. 2 (Optional) Validate the new custom card format with a pre-enrolled credential. Click Validate with credential, select a pre-enrolled credential from the Search tool, and click OK. 3 (Optional) Click Export to save the custom card format to an XML file. Exporting the custom card format to an XML file allows you to import that same card format definition to other Synergis systems. 4 Click OK to close the Custom card format editor dialog box. 5 Click Apply.
Defining Wiegand fields

A Wiegand field is composed of a series of bits. The maximum field length is 63 bits. To add a new Wiegand field, click in the Wiegand fields section of the Custom card format editor dialog box. The following dialog appears.
The mask specifies the bits that are part of the field. The bits are named according to their respective position in the card format, starting from 0. You can enter the mask as a list of comma-separated bit positions or as a range of bit positions. For example, the mask 1,2,3,4,5,6,7,8 can also be written as 1-8 or 1-4,5-8. Note that the order of the bits within the field is important. Therefore, 1,2,3,4 is not the same as 4,3,2,1.
As you define each field, it appears graphically in the Wiegand fields section.
NOTE The order of the fields within the format is important. It corresponds to the order that field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
Adding parity checks

If you are defining a Wiegand card format, you can add parity checks to strengthen the validation of your credentials.
673
To add a parity check: 1 Click in the Parity checks section. The Parity check dialog box opens.
2 Select the type of parity check (Even or Odd), the position of the Parity bit in the card format (starts at 0), and the bits that should be evaluated (Mask). The syntax of the parity check mask is the same as the data field mask, except that in this case, the order of the bits is not important. 3 Click OK. As parity checks are defined, they appear in the Parity checks list.
NOTE The order of the parity checks in the list is important. It corresponds to the order in
which the parity checks are evaluated. The mask of a subsequent parity check can include the parity bit of a previous parity check and their masks can overlap.
Defining ABA fields

ABA field length is measured in characters (4 bits each). The maximum ABA field length is 18 characters, or up to the card format length, whichever comes first. The maximum ABA card format length is 32 characters or 128 bits.
674
To add a new ABA field, click dialog box.
in the ABA fields section of the Custom card format editor
There are three types of ABA fields:
Delimiter. This type of field specifies a delimiter character, typically used at the beginning
or the end of the card format.
Sized. This is a fixed-length field. The length is specified in characters (4 bits each). The
field can contain a fixed value. The field length must be long enough to hold the fixed value.
675
Delimited. This is a variable length field. You must specify a maximum length (as 4-bit
characters) and a delimiter character.
As you define each field, it appears graphically in the ABA fields section.
676
NOTE The order of the fields within the format is important for two reasons:
It defines the card format. It corresponds to the order the field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
Deleting a custom card format

If a custom card format is deleted from Security Center, all credentials using that format appears as Unknown, but the credentials are still granted access at the doors.
677
Options dialog box
Options dialog box

The Options dialog box lets you configure the Config Tool options on your local workstation. The settings are saved one of the following ways:
Saved as local settings for your Windows user profile Saved as local settings for the workstation (applies to Config Tool and
Security Desk, for all users) Saved in the Directory database for your Security Center user profile Related topics:
"Config Tool interface tour" on page 13

The Options dialog box contains the following option tabs:
Tab Description
See "General options" on page 679.
See "Keyboard shortcuts" on page 681.
See "Visual options" on page 683.
See "User interaction options" on page 685.
See "Video options" on page 688.
See "Performance options" on page 689.
See "Date and time options" on page 690.
See "External devices" on page 691.
678
Options dialog box
General options
The General tab allows you to configure the general behavior of Config Tool.
User logon options

This group of settings controls the behavior of the Logon dialog box. The settings apply to the local workstation, and affect Security Desk and Config Tool for all users. Changes you make will only take effect the next time a user starts Security Desk or Config Tool.
Force Windows credentials. (Active Directory required). Select this option to force the use
of Windows credentials for logon. For this option to work, the users who are expected to log on via this machine must be imported from an Active Directory. For more information, see "Importing users from an Active Directory" on page 102.
Force Directory to. Restrict the access of all users to a specified Directory. Prevent connection redirection to different Directory servers. This option is meaningful
only if you are using Directory load balancing. Select this option if you want to bypass the default load balancing behavior, and only connect to the Directory specified by the user in the connection dialog box.
679
Options dialog box
CAUTION If you use the Force Directory to option, and a mistake has been made (for example
a typo in the Directory name), the next time the user tries to log on, they might be stuck in an endless loop, unable to connect to the wrong server. The logon attempts can be stopped by clicking Cancel, but no Directory field appears to correct the misspelled Directory name.
The solution is to cancel the logon attempts, and the hold the CTRL key and SHIFT key
while clicking Log on. This will force the Directory field to be displayed.
NOTE The same keyboard and mouse-click shortcut can be used to override the Force Windows credentials option if it has been applied.
680
Options dialog box
Network options
The network settings apply to the local workstation, and affect Security Desk and Config Tool for all users.
Network card. If your computer is equipped with more than one network card, select the
one used to communicate with Security Center applications.
Network. Config Tool can automatically detect the network your workstation is connected
to. If you have trouble getting your video feeds, set this option to Specific, and manually select the network you are on.
Incoming UDP port range. Port range used for transmitting video to your workstation
using multicast or unicast UDP.
Keyboard shortcuts
The Keyboard shortcuts tab allows you to define or change the keyboard shortcuts mapped to frequently used commands in Config Tool. The keyboard shortcut configuration is saved as part of your user profile and applies to Security Desk and Config Tool.
681
Options dialog box
Assign or change a keyboard shortcut

A keyboard shortcut can only be assigned to a single command. Assigning an existing keyboard shortcut to a new command removes it from the previous command. 1 In the Command column, select the command you want to assign a keyboard shortcut to. If a keyboard shortcut is already assigned to this command, you must remove it before you can assign a new one. 2 Click Add an item (
) and press the desired key combination.
If the shortcut is already assigned to another command, you will get a popup message. Click Cancel to choose another shortcut. Click Assign to assign the shortcut to the selected command.
3 Change another shortcut, or click Save to apply your changes.
Export your keyboard shortcut configuration

You can export your keyboard shortcut configuration to an XML file and import it to another workstation. 1 At the bottom of the Keyboard shortcuts tab, click Export. 2 Select a file name in the dialog box that appears. 3 Click Save to close the file browser dialog box.
Import your keyboard shortcut configuration

You can import the keyboard shortcut configuration exported from another workstation. 1 Click Import at the bottom of the Keyboard shortcuts tab. 2 Select a file name in the dialog box that appears. 3 Click Open. The file browser dialog box closes. 4 Click Save to save your changes, and close the Options dialog box.
Restore the default keyboard shortcut configuration

1 At the bottom of the Keyboard shortcuts tab, click the Restore default button. 2 Click Save to save your changes, and close the Options dialog box. For more information, see "Default keyboard shortcuts" on page 765.
682
Options dialog box
Visual options
The Visual tab allows you to configure the position of the taskbar inside the Config Tool window, and the icons displayed in the notification tray. The visual options are saved as part of your user profile and apply to Security Desk and Config Tool.
Taskbar
Taskbar position. Select the edge (Top, Bottom, Right, Left) of the application window
where you want the taskbar to be displayed. See "Home page overview" on page 14.
Auto-hide the taskbar. Select this option to show the taskbar only when the mouse cursor
hovers over the edge of the application window where the taskbar is set to appear.
NOTE This option hides both the taskbar and the Notification tray.
683
Options dialog box
Notification tray
You can use the Tray options to control what to display in the notification tray.
From the drop-down list beside the icons in the Visual page of the Options dialog box, choose to Show, Hide, or Show notifications only for that item. The following table lists the notification tray icons, and what you can use them for:
Icon Name Description
Clock
Shows the local time. Hover your mouse pointer over that area to see the current date in a tooltip. To customize the time display, see "Date and time options" on page 690. Shows the CPU usage on your computer. Hover your mouse pointer over the icon to view the CPU usage percentage. Shows the current username and Security Center Directory name. Click to toggle between the long and short display. Shows the volume setting (0 to 100) of Config Tool. Click to adjust the volume using a slider, or to mute the volume. Shows the number of messages (errors, warnings, and messages), and health events on your system. Double-click to open the Notifications dialog box to read and review the messages. For more information, see "Viewing system messages" on page 168. If there are health errors, the icon turns red ( ). If there are warnings, the icon turns yellow. If there are only messages, the icon turns blue. Appears only when there are unit firmware upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details. Appears only when there are database upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details. Appears only when there are newly added units in the system. The unit count is displayed over the icon. Double-click the icon to view the details. Shows the number of pending requests for credential cards to be printed ( ). Double-click to open the Card requests dialog box and respond to the request. For more information, see Respond to a card request in the Security Desk User Guide.
CPU meter Session info Volume Warning
Firmware upgrade Database action
Add unit status
Card requests
684
Options dialog box
Icon
Name
Description
Video file conversion
Shows the number of G64 files currently being converted to ASF format ( ). Double-click to open the Conversion to ASF dialog box and view the status of the conversion. When the icon changes to , the file conversion is complete. For more information, see Convert video files to ASF in the Security Desk User Guide.
Video export
Shows the number of video sequences currently being exported ( ). Double-click to open the Export dialog box and view the status of the export. When the icon changes to , the export is complete. For more information, see Export video in the Security Desk User Guide.
User interaction options

The User interaction tab allows you to configure the user interaction behavior in Config Tool.
685
Options dialog box
System messages
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Display warning if query may take a long time to execute. Select this option if you want
Config Tool to display a warning message every time you are about to execute a query that might take a long time. See the sample message below.
Ask for a name when creating a task. Select this option if you want Config Tool to ask you
for a name every time you create a task that accepts multiple instances.
Ask for confirmation before closing a task. Select this option if you want Config Tool to
ask for confirmation every time you remove a task from the interface.
UI enhancement
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Show logical ID. Select this option if you want the logical ID to be displayed in brackets
after an entity name in the Logical view.
Show Active Directory domain name where it is applicable. Displays username and
domain name when Active Directory integration is used.
When an active task is updated

When someone updates a public task you have in your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.
Ask user. Ask you before loading the updated task definition. Yes. Reload without asking. No. Never reload.
Administrative tasks
When you rename an entity that represents a hardware unit, such as an access control unit or a video unit, Config Tool can behave one of three ways. This settings is saved as part of your administrator user profile.
Options dialog box
Ask user. Ask you before renaming all related devices. Yes. Rename all related devices without asking you. No. Never rename the related devices.
On application exit
When you exit Config Tool, if you have unsaved changes to your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.
Ask user. Ask you before saving your task list. Yes. Save without asking. No. Never save.
Advanced
When you create new entities, they can automatically be added as members of a partition. This setting is saved as part of your user profile.
From the drop-down list, select a default partition, and then click Save.
687
Options dialog box
Video options
The Video tab allows you to configure the options related to how video is handled in Config Tool.
Advanced settings
The following video settings apply to the local workstation, and affect Security Desk and Config Tool for all users. However, they mainly apply to Security Desk.
NOTE After changing those settings, you need to restart Security Desk.
Out of process media components. Select whether the video signals are decoded by an inprocess or out-of-process component.
An in-process component is an application (implemented as a .dll) that runs in the same processing space as the client application (Security Desk). The advantage of this option is that the video signals are decoded quickly. An out-of-process component is a stand-alone executable program (.exe) which resides on the local computer or a remote computer, and can be accessed by Security Desk. Since the processing is done outside of Security Desks memory, the advantage of this option is the increased stability and performance of the decoding.
688
Options dialog box
All in the same process. Selecting this option when the Out of process media components
is turned ON means that regardless of the number of cameras being viewed, their video decoding are all handled by one decoding process.
Components per process. This setting can be adjusted between 1 and 16. It refers to how
many cameras can be decoded by a single decoding process. Setting this value to 1 means that each camera being displayed uses its own decoding process.
Enable deinterlacing. Select this option to help reduce the jagged effect around straight
lines during movement in interlaced video streams.
Performance options
The Performance tab allows you to configure the options related to how queries are handled in Config Tool. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Reports
Maximum number of results. Whenever you generate a report using one of the reporting
tasks, the maximum number of results that can be returned by the query is limited by the parameter you set here. This limit ensures stable performance when too many results are
Options dialog box
returned. When the query reaches the specified limit, it automatically stops with a warning message. The maximum value you can set is 2,000.
TIP There is a way to bypass the limit of 2,000 results. You need to save your reporting task as a public task, and manually launch the action E-mail a report using the task you just saved as a parameter. This can be done from a scheduled task. In this case, the report is not displayed in Config Tool, and the number of results is limited to 10,000. For more information, see "Using scheduled tasks" on page 109.
Date and time options

The Date and time tab allows you to configure the time display behavior on this workstation. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Time zone abbreviations
Display time zone abbreviations. Select this option to add the time zone abbreviation to all
time displays.
690
Options dialog box
External devices
The External devices tab allows you to enable or disable access control devices, such as USB readers, signature pads, card scanners, and so on. For example, if you disable the option to use USB readers, then when you want to present a card credential, you can only use a door, not a USB reader on someones desk. These settings are saved locally for your Windows user profile. Next to each external device, set the option ON or OFF, and then click Save.
691
Adding shortcuts to external tools

You can add shortcuts to frequently used external tools and applications in the Tools page in Config Tool, by modifying the ToolsMenuExtensions.xml file. This file is located in C:\Program files (x86)\Genetec Security Center 5.2\ on a 64 bit computer, and in C:\Program files\Genetec Security Center 5.2\ on a 32 bit computer.
The original content of this file looks as follows: <?xml version="1.0" encoding="utf-8"?> <ArrayOfToolsMenuExtension xmlns:xsi="http://www.w3.org/2001/XMLSchema-...> <ToolsMenuExtension> <Name></Name> <FileName></FileName> </ToolsMenuExtension> </ArrayOfToolsMenuExtension>
692
Each shortcut is defined by an XML tag named <ToolsMenuExtension>. Each XML tag can contain four XML elements:
<Name> Command name displayed in the Tools page. <FileName> Command to execute (executable file). <Icon> (Optional) Alternate icon file (.ico). Use this element to override the default icon
extracted from the executable file.
<Arguments> (Optional) Command line arguments when applicable.

NOTES
All XML tag names are case sensitive. You can edit this XML file with any text editor.
Changes to this file are applied the next time you launch your application. If a full path is not provided in the <FileName> tag, the application will not be able to extract the icon associated with the executable. In this case, explicitly supply an icon with the <Icon> tag.
The following sample file adds the three shortcuts (Notepad, Calculator, and Paint) to the Tools page. The Notepad shortcut is configured to open the file C:\SafetyProcedures.txt when you click on it. <?xml version="1.0" encoding="utf-8"?> <ArrayOfToolsMenuExtension xmlns:xsi="http://www.w3.org/2001/XMLSchema-...> <ToolsMenuExtension> <Name>Notepad</Name> <FileName>c:\windows\notepad.exe</FileName> <Arguments>c:\SafetyProcedures.txt</Arguments> </ToolsMenuExtension> <ToolsMenuExtension> <Name>Calculator</Name> <FileName>c:\windows\system32\calc.exe</FileName> </ToolsMenuExtension> <ToolsMenuExtension> <Name>Paint</Name> <FileName>c:\windows\system32\mspaint.exe</FileName> </ToolsMenuExtension> </ArrayOfToolsMenuExtension>
693
17
User privileges
This section describes all privilege hierarchies in Security Center by category. This section includes the following topics:
"Application privileges" on page 695 "General privileges" on page 696 "Administrative privileges" on page 697 "Task privileges" on page 704 "Action privileges" on page 708
694
Application privileges
Application privileges
Application privileges grant access to the Security Center applications.
Config Tool. Allows the user to run Config Tool. Security Desk. Allows the user to run Security Desk. Change client views. Allows the user to change the Security Desk window size and position. Without this privilege, the user cannot log off or close Security Desk, and Security Desk stays locked in full screen mode. The Restore Down commands and the F11 key (used to switch between full screen and windowed mode) are also disabled. See also "Force Security Desk to run in full screen mode" on page 95. Change Security Desk options. Allows the user to change the Security Desk options through the Options dialog box (CTRL+O). Change tile content. Allows the user to change what is displayed in each tile. Change tile pattern. Allows the user to change the tile pattern. Change workspace. Allows the user to add and remove tasks from their active task list. The only exception to the rule is the Video file player task that does not need the user to be connected to the Directory to open. Start/Stop task cycling. Allows the user to start and stop task cycling, and to change the task dwell time. Web Client. Allows the user to use the Web Client. Global Cardholder Synchronizer. Allows a sharing guest to log on via the Global Cardholder Synchronizer role to the local system. The local system is the sharing host. Log on using the SDK. Allows the user to run SDK applications. Mobile application. Allows a Mobile application to connect to the local system. Federation. Allows a federation role (Omnicast Federation or Security Center Federation) from the host system to connect to the local system. The local system is the one being federated.
695
General privileges
General privileges
General privileges grant access to the generic Security Center features.
View Web pages. Allows the user to view the URL associated to tile plugins in Security Desk. Change own password. Allows the user to change their own password. Print/export reports. Allows the user to print and save reports to files. Remove entries from a report. Allows the user to remove selected entries from reports in Security Desk. Report incidents. Allows the user to report the incidents in the Security Desk.
Modify reported incidents. Allows the user to modify incident reports in the Security Desk
696
Administrative privileges
Administrative privileges Config Tool. grant access to the configuration of Security Center entities via
"Logical entities" on page 697 "Physical entities" on page 697 "Schedule Management" on page 700 "Access control management" on page 701 "Alarm management" on page 703 "LPR management" on page 703
Logical entities
View areas View tile plugins
View areas
Allows the user to view area configurations.
Modify areas. Allows the user to modify area configurations. Add/delete areas. Allows the user to add or delete area entities.
View tile plugins

Allows the user to view tile plugin configurations.
Modify tile plugins. Allows the user to modify tile plugin configurations.
Add/delete tile plugins. Allows the user to add or delete tile plugin entities.
Physical entities

View access control units View analog monitors View assets View cameras View cash registers View doors View elevators View LPR units View output behaviors
697
View Patrollers View zones View camera sequence View video units View intrusion areas View intrusion detection units
View access control units

Allows the user to view access control unit configurations.
Initiate access control unit firmware upgrade. Allows the user to initiate access control unit firmware upgrade. Modify access control units. Allows the user to modify access control unit configurations and to swap units. For more information, see Unit swap utility on page 163.
Add/delete access control units. Allows the user to add or delete access control units. This includes unit discovery and enrollment. For more information, see Unit discovery on page 142. Reset access control units. Allows the user to reset access control units.
View analog monitors

Allows the user to view analog monitor configurations.
Modify analog monitors. Allows the user to modify analog monitor configurations.
View assets
Allows the user to view asset configurations.
Modify assets. Allows the user to modify asset configurations. Add/delete assets. Allows the user to add or delete asset entities.
View cameras
Allows the user to view camera configurations.
Modify Cameras. Allows the user to modify camera configurations. Analytic. Allows the user to modify edge video analytics rules and settings.
View cash registers

Allows the user to view cash register configurations.
Modify cash registers. Allows the user to modify cash register configurations.
698
Add/delete cash registers. Allows the user to add or delete cash register entities.
View doors
Allows the user to view door configurations.
Modify doors. Allows the user to modify door configurations. Add/delete doors. Allows the user to add or delete door entities.
View elevators
Allows the user to view elevator configurations.
Modify elevators. Allows the user to modify elevator configurations. Add/delete elevators. Allows the user to add or delete elevator entities.
View LPR units

Allows the user to view LPR unit configurations.
Modify LPR units. Allows the user to modify LPR unit configurations. Add/delete elevators. Allows the user to add or delete LPR units. Reset LPR units. Allows the user to reset LPR units.
View output behaviors

Allows the user to view output behavior configurations.
Modify output behaviors. Allows the user to modify output behavior configurations. Add/delete output behaviors. Allows the user to add or delete output behaviors.
View Patrollers
Allows the user to view Patroller configurations.
Modify Patrollers. Allows the user to modify Patroller configurations. Add/delete Patrollers. Allows the user to add or delete Patrollers.
View zones
Allows the user to view zone configurations.
Modify zones. Allows the user to modify zone configurations. Add/delete zones. Allows the user to add or delete zone entities.
699
View camera sequence

Allows the user to view camera sequence configurations.
Modify camera sequence. Allows the user to modify camera sequence configurations. Add/delete camera sequence. Allows the user to add or delete camera sequence entities.
View video units

Allows the user to view video unit configurations.
Initiate video units firmware upgrade. Allows the user to initiate video unit firmware upgrade. Modify video units. Allows the user to modify video unit configurations.
Add/delete video units. Allows the user to add or delete video units.
View intrusion areas

Allows the user to view intrusion detection area configurations.
Modify intrusion areas. Allows the user to modify intrusion detection area configurations.
Add/delete intrusion areas. Allows the user to add or delete intrusion detection areas.
View intrusion detection units

Allows the user to view intrusion detection unit configurations.
Modify intrusion detection units. Allows the user to modify intrusion detection unit configurations.
Add/delete intrusion detection units. Allows the user to add or delete intrusion detection units.
Schedule Management
View scheduled tasks View schedules
View scheduled tasks
Allows the user to view scheduled task configurations.
Modify scheduled tasks. Allows the user to modify scheduled task configurations. Add/delete scheduled tasks. Allows the user to add or delete scheduled tasks.
700
View schedules
Allows the user to view schedule configurations.
Modify schedules. Allows the user to modify schedule configurations. Add/delete schedules Allows the user to add or delete schedules.
Access control management

Convert shared entities to local entities View access rules View badge templates View cardholder groups View cardholders View credentials View visitors
Convert shared entities to local entities

Allows the user to convert shared global entities to local entities.
View access rules

Allows the user to view access rule configurations.
Modify access rules. Allows the user to modify access rule configurations. Add/delete access rules. Allows the user to add or delete access rules.
View badge templates

Allows the user to view badge template configurations.
Modify badge templates. Allows the user to modify badge template configurations. Add/delete badge templates. Allows the user to add or delete badge templates.
View cardholder groups

Allows the user to view cardholder group configurations.
Modify cardholder groups. Allows the user to modify cardholder group configurations. Add/delete cardholder groups. Allows the user to add or delete cardholder groups. Modify custom fields. Allows the user to modify the cardholder group custom fields.
View cardholders
Allows the user to view cardholder configurations.
Modify cardholders. Allows the user to modify cardholder configurations. Add/delete cardholders. Allows the user to add or delete cardholders. Change cardholder options. Allows the user to change the cardholder options, namely, Use extended grant time and Bypass antipassback rules. Change status. Allows the user to change the cardholder status, and activation and expiration dates. Modify credential information. Allows the user to modify the card format, facility code, card number and cardholder PIN. Modify custom fields. Allows the user to modify the cardholder custom fields. Modify name. Allows the user to change the cardholder name. Take/edit picture. Allows the user to take or edit the cardholder picture.
View credentials
Allows the user to view credential configurations.
Modify credentials. Allows the user to modify credential configurations. Add/delete credentials. Allows the user to add or delete credentials. Change status. Allows the user to change the credential status, and activation and expiration dates. Modify cardholder/credential association. Allows the user to assign and remove credentials from a cardholder. Modify custom fields. Allows the user to modify the credential custom fields. Modify name. Allows the user to change the credential name. Print badges. Allows the user to print badges. View advanced credential info. Allows the user to view the credential information such as the Wiegand fields (facility code and card number) and PINs.
View visitors
Allows the user to view visitor configurations.
Modify visitors. Allows the user to modify visitor configurations. Check-in/check-out visitors. Allows the user to check-in and check-out visitors. Modify custom fields. Allows the user to change the visitor custom fields. Take/edit picture. Allows the user to take or edit the visitor picture.
702
Alarm management
View alarms View monitor groups
View alarms
Allows the user to view alarm configurations.
Modify alarms. Allows the user to modify alarm configurations. Add/delete alarms. Allows the user to add or delete alarm entities.
View monitor groups

Allows the user to view monitor group configurations.
Modify monitor groups. Allows the user to modify monitor group configurations. Add/delete monitor groups. Allows the user to add or delete monitor group entities.
LPR management
View LPR rules
View LPR rules
Allows the user to view LPR rule configurations. These include hotlists, overtime rules, permits, permit restrictions, and parking facilities.
Modify LPR rules. Allows the user to modify LPR rule configurations. Add/delete LPR rules. Allows the user to add or delete LPR rules.
703
Task privileges
Task privileges
Task privileges control the accessibility of the Security Desk tasks.
Manage private tasks

Allows the user to manage private task configurations.
View public tasks

Allows the user to view public task configurations.
Modify public tasks. Allows the user to modify public task configurations. Add/delete public tasks. Allows the user to add or delete public tasks.
Administration
Logical view. Allows the user to run the Logical view task. System. Allows the user to run the System task. Video management. Allows the user to run the Video task. Access control. Allows the user to run the Access control task. Intrusion detection. Allows the user to run the Intrusion detection task. LPR. Allows the user to run the LPR task. Plugins. Allows the user to run the Plugins task.
Operation
Monitoring. Allows the user to create/run monitoring tasks. Cardholder management. Allows the user to create/run cardholder management tasks. Visitor management. Allows the user to create/run visitor management tasks. People counting. Allows the user to create/run people counting tasks. Credential enrollment. Allows the user to create/run credential enrollment tasks. Inventory management. Allows the user to create/run the inventory management task. This privilege allows the user to create inventories, but not to modify or delete the offloaded reads. See Modify/delete LPR reads that are not part of an inventory under "Action privileges" on page 708. Hotlist and permit editor. Allows the user to create/run hotlist and permit editor tasks. Remote. Allows the user to monitor and control other Security Desk workstations and monitors using the Remote task.
704
Task privileges
Investigation
Access control Area activities. Allows the user to create/run area activity reports. Door activities. Allows the user to create/run door activity reports. Cardholder activities. Allows the user to create/run cardholder activity reports. Visitor activities. Allows the user to create/run visitor activity reports. Area presence. Allows the user to create/run area presence reports. Time and attendance. Allows the user to create/run time and attendance reports. Credential activities. Allows the user to create/run credential activity reports. Credential request history. Allows the user to create/run credential request history reports. Elevator activities. Allows the user to create/run elevator activity reports. Visit details. Allows the user to create/run visitor detail reports. Asset management
Asset activities. Allows the user to create/run asset activity reports. Asset inventory. Allows the user to create/run asset inventory reports. Intrusion detection Intrusion detection area activities. Allows the user to create/run intrusion detection area activity reports. Intrusion detection unit events. Allows the user to create/run intrusion detection unit event reports. LPR Hits. Allows the user to create/run hit reports. Reads. Allows the user to create/run read reports. Route playback. Allows the user to create/run route playback tasks. Inventory report. Allows the user to create/run parking facility inventory reports. Daily usage per Patroller. Allows the user to create/run daily usage per Patroller reports. Logons per Patroller. Allows the user to create/run logons per Patroller report. Reads/hits per day. Allows the user to create/run reads/hits per day reports. Reads/hits per zone. Allows the user to create/run reads/hits per zone reports. Zone occupancy. Allows the user to create/run zone occupancy reports. Video
705
Task privileges
Archives. Allows the user to create/run archive reports. Bookmarks. Allows the user to create/run bookmark reports. Motion search. Allows the user to create/run motion search reports. Camera events. Allows the user to create/run camera event reports. Forensic search. Allows the user to create/run forensic search reports. Transactions. Allows the user to create/run point of sale reports. Incidents. Allows the user to create/run incident reports. Zone activities. Allows the user to create/run zone activity reports.
Maintenance
Access control Access control health history. Allows the user to create/run access control health history reports. Access control unit events. Allows the user to create/run access control unit event reports. Cardholder access rights. Allows the user to create/run cardholder access rights reports. Door troubleshooter. Allows the user to create/run Access troubleshooter reports. Access rule configuration. Allows the user to create/run access rule configuration reports. Cardholder configuration. Allows the user to create/run cardholder configuration reports. Credential configuration. Allows the user to create/run credential configuration reports. IO configuration. Allows the user to create/run IO configuration reports. Video
Archiver events. Allows the user to create/run archiver event reports. Archive storage details. Allows the user to create/run archive storage detail reports. System status. Allows the user to create/run system status reports. Audit trails. Allows the user to create/run audit trail reports. Hardware inventory. Allows the user to create/run hardware inventory reports. Health history. Allows the user to create/run health history reports. Activity trails. Allows the user to create/run activity trail reports.
706
Task privileges
Alarm Management
Alarm monitoring. Allows the user to create/run the alarm monitoring task. Alarm report. Allows the user to create/run alarm reports.
707
Action privileges
Action privileges
Action privileges control the actions that can be performed on the Security Center entities.
Set threat level

Allows the user to manage threat level configurations.
Cameras
Audio (talk/listen). Allows the user to use the talk and listen commands. Block and Unblock video. Allows the user to block and unblock video streams from other users. Protect video from deletion. Allows the user to protect video against automatic deletion.
Remove video protection. Allows the user to remove video protection. View live video. Allows the user to view live video from cameras. Digital zoom. Allows the user to use the digital zoom function. Override video quality. Allows the user to override the video quality settings. Record manually. Allows the user to start/stop recordings manually. Add bookmarks. Allows the user to add bookmarks.
Edit bookmark. Allows the user to edit bookmarks.
Delete bookmark. Allows the user to delete bookmarks. Save/print snapshots. Allows the user to save/print snapshots. PTZ motor privileges
Lock PTZ. Allows the user to lock the PTZ.
Override PTZ locks. Allows the user to override PTZ locks. Use auxiliaries. Allows the user to use the auxiliary controls.
Set auxiliaries. Allows the use to rename the auxiliaries. Use patterns. Allows the user to use the camera patterns.
Edit patterns. Allows the user to edit or rename the camera patterns.
Use specific commands. Allows the user to use the PTZ specific commands and the menu mode. Perform basic operations. Allows the user to perform basic PTZ operations. Change focus and iris settings. Allows the user to change the focus and iris settings.
708
Action privileges
Use presets. Allows the user to use the camera presets.
Edit presets. Allows the user to edit or rename the camera presets. View playback. Allows the user to view playback video.
Export video. Allows the user to export recorded video.
Use ASF format. Allows the user to export to ASF format.
Access Control
Doors Explicitly unlock doors. Allows the user to explicitly unlock doors. Override unlock schedules. Allows the user to override unlock schedules.
Maintenance mode. Allows the user to put the door in maintenance mode. Forgive antipassback violation. Allows the user to forgive antipassback violations. Silence\Sound buzzer. Allows the user to silence or sound a door buzzer.
Alarms
Acknowledge alarms. Allows the user to acknowledge alarms. Forward alarms. Allows the user to forward alarms. Snooze alarms. Allows the user to snooze alarms. Trigger alarms. Allows the user to trigger alarms.
Users
Display entity in SD. Allows the user to display an entity in Security Desk. Email a report. Allows the user to email reports to other users. Play a sound. Allows the user to send and play sound files to other users. Send a message. Allows the user to send text messages to other users. Send an email. Allows the user to send emails to other users. Send/clear task. Allows the user to use the Send task/Clear tasks actions. Start/Stop camera sequence. Allows the use to start/stop a camera sequence. Trigger output. Allows the user to trigger output.
Macros
Execute Macros. Allows the user to execute macros.
709
Action privileges
LPR reads/hits
View live covert hits. Allows the user to view live covert hits in Security Desk. Protect/unprotect LPR reads. Allows the user to protect/unprotect LPR reads and hits against automatic deletion. Modify/delete reads that are not part of an inventory. Allows the user to modify/ delete LPR reads that are not yet committed to a parking facility inventory.
Zones
Arm/Disarm zones. Allows the user to arm/disarm zones.
Areas
Reset people count. Allows the user to reset the people count.
Intrusion detection
Arm/Disarm intrusion detection areas. Allows the user to arm/disarm intrusion detection areas. Trigger intrusion alarm. Allows the user to trigger alarms on intrusion panels.
710
18
Reporting task reference
This section lists the query filters and report pane columns available in Config Tool maintenance tasks. This section includes the following topics:
"Query filters" on page 712 "Report pane columns" on page 723
711
Query filters
Query filters
Before generating a report, you must filter your query. This section lists the query filters available for each reporting task. This list is organized alphabetically by query filter.
Query filter Associated reports Associated application Description
Accept reasons
Hits
Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Security Desk Web Client Security Desk Web Client Security Desk Web Client
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool. Select the access control units to investigate.
Access control units
Access control unit events IO configuration Access rule configuration Alarm report
Access rule
Select the access rule to investigate.
Acknowledged by
Users who acknowledged the alarm.
Acknowledged on
Alarm report
Alarm acknowledgement time range. For more information, see. Patroller hit actions (Accepted, Rejected, Not enforced) selected by the Patroller user. For fixed Sharps, a hit raised by the Hit Matcher module is always automatically Accepted and Enforced. Check one of the following acknowledgement type options: Alternate. Alarm was acknowledged by a user using the alternate mode. Default. Alarm was acknowledged by a user, or auto-acknowledged by the system. Forcibly. An administrator forced the alarm to be acknowledged. Time the visitors profile was activated.
Action taken
Hits
Acknowledgement type
Alarm report
Security Desk Web Client
Activation date
Visit details
712
Query filters
Query filter
Associated reports
Associated application
Description
Activities
Activity trails
Config Tool Security Desk Web Client Security Desk
Select the activities to investigate.
Credential request history
Select which badge printing activities to investigate. Credential request. When a user requests a badge printing job. Credential request cancelled. When a user cancels a badge printing job. Credential request completed. When a user prints a badge from the queue. By default, LPR images are not displayed in the Inventory report. To view images, click Get images. NOTE To prevent performance issues, plate images are not displayed if a report includes more than a thousand rows. Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool. Select the types of alarms you want to investigate. Alarms can be locally defined ( or imported from federated systems ( ).
Advanced search
Inventory report
Security Desk
Alarm priority
Alarm report
Security Desk
Alarms
Alarm report
),
Annotation fields
Hits
Patroller hit annotations used by the Patroller user. For information about creating and configuring annotation fields, see the AutoVu Handbook. Which client application was used for the activity.
Application
Activity trails Audit trails
Config Tool Security Desk Web Client Config Tool Security Desk Security Desk Web Client
Archiver
Archiver events
Select the Archivers to investigate.
Areas
Area activities Area presence Time and attendance
Select the areas to investigate. NOTE For the Time and attendance and Area presence tasks, select a fully secured area.
713
Query filters
Query filter
Associated reports
Description
Cameras
Archives Archive storage details Bookmarks Camera events Forensic search Area activities Cardholder activities Credential configuration Credential request history Door activities Elevator activities Time and attendance Cardholder configuration
Config Tool Security Desk
Select the camera to investigate.
Cardholders
Config Tool Security Desk Web Client
Restrict the search to certain cardholders.

NOTE If you only select the All cardholders
cardholder group in the Cardholder activities task, federated cardholders are not included. This is because All cardholders is a local cardholder group that only covers local cardholders.
Cardholder groups
Config Tool Security Desk Web Client Security Desk Security Desk Security Desk Web Client
Select the cardholder groups to investigate.
Compare with Creation time Credentials
Inventory report Incidents Cardholder activities Credential activities Credential request history Door activities Elevator activities Most reports
Compare entities with a source entity (see "Source (entity)" on page 720). Incidents created/reported within the specified time range. Restrict the search to certain credentials.
Custom fields
If custom fields are defined for the entity you are investigating, they can be included in this report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field. Restrict the search to entries that contain this text string.
Description
Activity trails
714
Query filters
Query filter
Associated reports
Description
Devices
IO configuration
Config Tool Security Desk Security Desk Web Client Config Tool Security Desk Web Client
Select the devices to investigate.
Doors
Door activities
Select the doors to investigate.
Doors - Areas Elevators
Cardholder access rights Cardholder activities Credential activities Visitor activities Door activities
Restrict the search to activities that took place at certain doors, areas, and elevators.
Door side
Security Desk
Door sides are named A and B by default, but your administrator could have given them different names. This filter allows you to search by door side. Select the elevators to investigate. Select the entities you want to investigate. You can filter the entities by name and by type.
Elevators Entities
Elevator activities Audit trails
Security Desk Config Tool Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
Expiration date
Visit details
Time the visitors profile expired.
Events
Access control unit events Activity trails Archiver events Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities
Select the events of interest. The event types available depend on the task you are using.
715
Query filters
Query filter
Associated reports
Description
Event timestamp
Access control health history Access control unit events Activity trails Archiver events Archive storage details Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Health history Health statistics Hits Intrusion detection area activities Intrusion detection unit events Zone activities Visit details
Define the time range for the query. For more information, see.
First name
Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client
Visitors first name.
Health event
Health history
Name of the health event.
Health severity
Health history
Severity level of the health event: Information Warning Error Select the hit rules to include in the report.
Hit rules
Hits Reads Reads/hits per day Reads/hits per zone Zone occupancy
716
Query filters
Query filter
Associated reports
Description
Hit type
Hits Reads/hits per day Reads/hits per zone Activity trails
Security Desk
Select the type of hits to include in the report: Permit, Shared permit, Overtime, and Hotlist.
Impacted
The entities that were impacted by this activity.
Incident time
Incidents
Incidents reported within the specified time range. The incident time corresponds to the event or alarm timestamp the incident refers to. If the incident does not refer to any event or alarm, then the incident time corresponds to the creation time. User responsible for the activity.
Initiator
Activity trails
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Security Desk Security Desk Security Desk Web Client
Intrusion detection areas Intrusion detection units Investigated by Investigated on Last name
Intrusion detection area activities Intrusion detection unit events Alarm report Alarm report Visit details
Select the intrusion detection areas to investigate. Select the intrusion detection units to investigate. Which user put the alarm into the under investigation state. Specify a time range when the alarm was put into the under investigation state. Visitors last name.
717
Query filters
Query filter
Associated reports
Description
License plate
Hits Inventory report Reads
Enter a Full or Partial license plate number. If you choose Partial, a search for AB returns plates that have AB anywhere in the license plate number. If you choose Full, you can enter the full license plate number, or you can use the following wildcard characters: Asterisk (*). Represents any number of unknown characters. Use it when searching for documents or files for which you have only partial names. For example, if you enter ABC* as your search term, the search might return ABC123, ABC5, ABC002, and so on. If you enter *XYZ, the search might return 1XYZ, 245XYZ, 00XYZ, and so on. Question mark (?). Represents only one unknown character. Use it when you have a list of files with very similar names, or when you are unsure of a few characters. For example, if you enter ABC12? as your search term, the search might return ABC123, ABC127, ABC12P, and so on. The question mark only covers one character, but you can enter as many question marks in a search string as you want. You can use the asterisk and the question mark anywhere in a search, and you can also use them together. NOTE License plate search does not support fuzzy matching. For example, if you are searching for a plate with ABC characters, Security Center only finds plates with the ABC characters. It does not find plates numbers with the characters A8C, ABO, or 4BC. In the Inventory report task: Specify the location in the parking facility you want to view. You can select the entire facility, or specify the sectors and rows within the facility. In the IO configuration task: Specify the areas where the devices are located.
Location
Inventory report IO configuration
718
Query filters
Query filter
Associated reports
Description
LPR units Patrollers
Hits Reads Reads/hits per day Reads/hits per zone
Restrict the search to Patroller units (including all their fitted LPR units) and/or LPR units representing fixed Sharp cameras on the Patroller unit. Select a computer that was having health issues to investigate.
Machine
Health history
Message
Bookmarks
Enter any text you want to find in the bookmark. A blank string finds all the bookmarks. User responsible for the entity modification.
Modified by
Audit trails
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Security Desk Web Client Security Desk
Modification time
Audit trails Incidents
In the Audit trails task: Entities modified within the specified time range. In the Incidents task: Incidents modified within the specified time range. Enter text to find incidents with a description starting or containing the specified text. The date and time that the Patroller offloaded the reads/hits to Security Center. For more information, see. (For University Parking Enforcement only) For University Parking Enforcement, both rules have parking lots configured and each parking lot can be defined in terms of a number of parking spaces. This allows the occupancy to be estimated. Restrict the search to Patroller units (including all their fitted LPR units).
Notes Offload timestamp
Incidents Hits Reads Zone occupancy
Overtime and permit restriction
Patrollers
Daily usage per Patroller Logons per Patroller Zone occupancy Credential request history Incidents
Printing users References
Security Desk Security Desk
Restrict the search to specific users that printed a badge. Incidents referencing all the selected entities.
719
Query filters
Query filter
Associated reports
Description
Region
Hits Reads Hits Reads/hits per day Reads/hits per zone
Security Desk
Specify one or more geographic regions on the map. Reason selected by the Patroller user when rejecting a hit. Reject reasons are created and customized in Config Tool. NOTE This filter only affects the value in the Rejected hits column. Restrict the search to specific users that requested to print a badge. Hit rule that matched the plate read.
Reject reason
Requesting users Rule
Credential request history Reads
Security Desk Security Desk Web Client Config Tool Security Desk Web Client
Source (entity)
Access control health history Alarm report Health history Health statistics Inventory report Hardware inventory Health history Health statistics Alarm report
Source entity of the event. In the Alarm report task, this filter represents the source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
Source group
Config Tool Security Desk Web Client Security Desk Web Client
Source entity type of the event.
State
Current state of the alarm. Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. Acknowledged. Alarm was acknowledged by a user, or auto-acknowledged by the system. Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
720
Query filters
Query filter
Associated reports
Description
Status
Cardholder configuration Credential configuration Visit details
The status of the cardholder or visitors profile: Active Expired Inactive In the Credential configuration task, the following statuses are also available: Lost Stolen Select the video file status you want to investigate: Unprotected. Video files that are not protected against the Archivers routine cleanup. These files can be deleted once their retention period expires, or when the Archiver runs out of disk space, depending on your Archiver role settings. Protection ending. Video files that you unprotected less than 24 hours ago. Protected. Video files that are protected. They are not be deleted even when the disk is full. For these files, you can also specify a protection end date. The time range for the report. For more information, see.
Archive storage details
Time range
Bookmarks Daily usage per Patroller Forensic search Logons per Patroller Reads/hits per day Reads/hits per zone Time and attendance Zone occupancy Alarm report
Security Desk
Triggered on
Security Desk Web Client Security Desk Web Client Config Tool Security Desk
Alarm trigger time range.
Triggering event
Alarm report
Events used to trigger the alarm.
Units
Hardware inventory
Select the access control, video, intrusion detection, and LPR units to investigate.
721
Query filters
Query filter
Associated reports
Description
Users
Hits Logons per Patroller Reads Reads/hits per day Reads/hits per zone
Select the Patroller user name, or the Patrollers parent user groups.
Visitor
Visitor activities
Security Desk Web Client Security Desk Web Client
Select the visitors to investigate.
Zones
Zone activities
Select the zones to investigate.
722
Report pane columns
Report pane columns

The results of your investigation or maintenance query are listed in the report pane. You can choose what information to view by showing or hiding columns in the report pane. This section lists the columns available for each reporting task. This list is organized alphabetically by column.
Column Associated reports Associated application Description
Accept reasons
Hits
Security Desk
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool. Access point involved (only applicable to areas, doors, and elevators).
Access point
Access rule configuration Cardholder activities Credential activities IO configuration Visitor activities IO configuration
Access Manager
Config Tool Security Desk Config Tool Security Desk Security Desk Web Client Security Desk Web Client Security Desk Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client
Access Manager controlling the unit.
Access rules
Access rule configuration Alarm report
Name of the access rule.
Acknowledged by
User who acknowledged the alarm. When the alarm is acknowledge automatically by the system, Service is indicated. Time the alarm was acknowledged.
Acknowledged on
Alarm report
Action Activation date
Inventory report Visit details
The change in the vehicle state: added, removed, or no change. Time the visitors profile was activated.
Activity name
Activity trails Credential request history Hits Reads
Type of activity.
Address
Location of the LPR read.
723
Report pane columns
Column
Associated reports
Description
Alarm
Alarm monitoring Alarm report Forensic search Hits
Security Desk Web Client Security Desk Security Desk Web Client
Alarm entity name.
Algorithm ID Annotation fields
Bosch forensic value. For more information, see the manufacturer documentation. Any annotation field defined in System > LPR Settings in the Config Tool. Shown in brackets. For information about creating and configuring annotation fields, see the AutoVu Handbook. Archiver role name. Area name.
Archiver Area
Camera events Area activities Area presence Time and attendance Inventory report
Security Desk Security Desk Web Client
Arrival
Security Desk
The first time the vehicle was read. This is used to calculate the elapsed time if a vehicle is read a second time, for example the next day. The percentage of time available for a given entity.
Availability
Health statistics
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk
Calculation status
Health statistics
If health statistics area unavailable, the reason is shown here.
Camera
Archives Archive storage details Bookmarks Camera events Forensic search Motion search
Camera name.
724
Report pane columns
Column
Associated reports
Description
Card format
Area activities Cardholder activities Credential activities Credential configuration Door activities Elevator activities Visitor activities Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Door troubleshooter Elevator activities Visitor activities Cardholder configuration
Credential card format.
Cardholder
Cardholder entity name.

NOTE Format is First name + Last name for
European languages, and Last name + First name for Asian languages.
Cardholder activation date
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client
Time the cardholders profile was activated.
Cardholder expiration date
Cardholder configuration
Time the cardholders profile expired.
Cardholder status
Cardholder configuration Credential configuration Visit details
The cardholders profile status.
Check-in date
Time the visitor was checked in (can correspond to the arrival time). Time the visitor was checked out (can correspond to the departure time).
Check-out date
Visit details
725
Report pane columns
Column
Associated reports
Description
Context image
Hits Reads Inventory report IO configuration
Wide angle color image of the vehicle captured by the context camera.
Controlling
Config Tool Security Desk Security Desk Security Desk Config Tool Security Desk Web Client
Door controlled by the device.
Created by Creation time Credential
Incidents Incidents Area activities Cardholder activities Credential activities Credential configuration Credential request history Door activities Elevator activities Credential configuration Area activities Cardholder activities Credential activities Credential configuration Door activities Elevator activities Visitor activities Credential configuration Credential configuration Most reports
User who originally reported the incident. Time the incident was reported. Credential name used by the cardholder.
Credential activation date Credential code
Config Tool Security Desk Config Tool Security Desk Web Client
Time the cardholders credential was activated.
Facility code and card number.
Credential expiration date Credential status
Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
Time the cardholders credential expired.
The status of the credential.
Custom fields
If custom fields are defined for the entity you are investigating, they can be included in the report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.
726
Report pane columns
Column
Associated reports
Description
Date
Time and attendance Daily usage per Patroller Logons per Patroller Reads/hits per day Credential request history Cardholder access rights Camera events Activity trails Archiver events Audit trails Health history
The date. For Daily usage per Patroller and Logons per Patroller tasks, this column represents the day of the Patroller shift.
Date/time queued Denied access by
Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
The date and time that the badge printing job was requested. Access rules denying access to at least one of the selected entities to the cardholder. Event description. In the Activity trails task, this column represents the activity description. In the Audit trails task, this column represents the description of the entity modification. Device involved on the unit (reader, REX input, IO module, Strike relay, etc.). NOTE In the Intrusion detection activities task, this column is empty if the event is an input bypass.
Description
Device
Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hits Intrusion detection area activities Intrusion detection unit events IO configuration Reads Visitor activities Door activities
Door
Security Desk Web Client Config Tool Security Desk Security Desk
Door name.
Drive
Archive storage details Inventory report
The drive on the server where the Archiver role is running. Vehicle license plate and state were edited by a user in Security Desk.
Edited
727
Report pane columns
Column
Associated reports
Description
Elapsed time Elevator Email address
Inventory report Elevator activities Area activities Area presence Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Elevator activities Visitor activities
Security Desk Security Desk Config Tool Security Desk Web Client
The difference between the Arrival time and the Event timestamp. Elevator name. Cardholders email address.
End time
Archives Archive storage details Forensic search Motion search Reads/hits per day Reads/hits per zone Audit trails
End of the time range, playback sequence, or video sequence.
Enforced hits
Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Web Client
Number of enforced hits.
Entity
Name of the entity affected by the modification.
Entity type
Audit trails
Type of entity affected by the modification.
Error number
Health history
Identification number of the health error.
Expected downtime
Health statistics
How many days/hours/minutes the entity has been offline or unavailable through user intent or Maintenance mode. For example, deactivating a server role, or disconnecting a client application causes expected down-time. Expected down-time is never used in the Availability percentage calculation.
728
Report pane columns
Column
Associated reports
Description
Expiration date
Visit details
Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
Time the cardholder or visitors profile expired.
External instance ID Event
Alarm report
Only for federated alarms. The original alarm instance ID on the federated system. Event name.
Access control health history Access control unit events Archiver events Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Forensic search Incidents Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities
729
Report pane columns
Column
Associated reports
Description
Event timestamp
Access control health history Access control unit events Activity trails Archiver events Area activities Bookmarks Camera events Cardholder activities Credential activities Door activities Elevator activities Health history Hits Intrusion detection area activities Intrusion detection unit events Inventory report Reads Visitor activities Zone activities Forensic search Health statistics
Date and time that the event occurred.
Event type Failures
Security Desk Config Tool Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk
Bosch forensic value. For more information, see the manufacturer documentation. How many failures have occurred.
File name
Archive storage details Archive storage details Access control health history Hardware inventory
Name of the video file.
File size
Size of the video file.
Firmware version
Firmware version installed on the unit that generated the event.
730
Report pane columns
Column
Associated reports
Description
First name
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Elevator activities Zone occupancy Cardholder access rights Health history
Cardholder or visitors first name.
Floor From/to Granted access by
Security Desk Security Desk Config Tool Security Desk Config Tool Security Desk Web Client Security Desk Web Client
Elevator floor name. Date and timestamp of read vehicles within the zone. Access rules granting the cardholder access to at least one of the selected entities (area, door, etc.). Name of the health event.
Health event
Hits
Reads/hits per day Reads/hits per zone
Number of hits.
NOTE If the Hit rules and Hit type query filters
are used, this value might not be the total number of hits in the day. Icon Access rule configuration Alarm monitoring Alarm report Config Tool Security Desk Security Desk Web Client Graphical representation of the affected entity type. Alarm instance number. Uniquely identifies each alarm instance.
ID
731
Report pane columns
Column
Associated reports
Description
Impacted entity
Activity trails
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk
Which entities were impacted by this activity.
Impacted entity type
Activity trails
The type of entity impacted by this activity.
Incident time
Incidents
The timestamp of the referenced alarm or event. If no event is referenced, it corresponds to the incident creation time. In the Activity trails task: Who performed the activity. In the Audit trails task: Who made entity modification. In the Activity trails task: The application used for this activity. In the Audit trails task: The application used to make the change. The version number of the application. This field is empty if the activity is initiated by a role entity. In the Activity trails task: Which computer the activity was performed on. In the Audit trails task: The computer used to make the change. NOTE If the entity change was initiated from a Mobile app, this column represents the phone identification number (for example, a serial number). In the Activity trails task: The type of entity that initiated the activity. In the Audit trails task: The type of entity initiating the entity modifications. Total number of times the Patroller application is opened during the day. Intrusion detection area name.
Initiator
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client
Initiator application
Initiator application version Initiator machine
Initiator type
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client
Instances
Daily usage per Patroller Intrusion detection area activities
732
Report pane columns
Column
Associated reports
Description
Intrusion detection area activities Intrusion detection unit events Alarm report Alarm report Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Health history IO configuration Visitor activities Area presence
Intrusion detection unit involved.
Investigated by Investigated on IP address
Security Desk Security Desk Config Tool Security Desk Web Client
Which user put the alarm into the under investigation state. The timestamp when the alarm was put into the under investigation state. IP address of the unit or computer that generated the event.
Last access
Time the cardholder entered the area.
733
Report pane columns
Column
Associated reports
Description
Last name
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Hits Reads Archive storage details Cardholder activities Credential activities Visitor activities Logons per Patroller
Cardholder or visitors last name.
Latitude
Security Desk
The coordinates of where the LPR event occurred. Length of the video sequence contained in the video file, in hours, minutes, and seconds. Location (area) where the activity took place.
Length
Config Tool Security Desk Security Desk Web Client
Location
Log on/Log off
Security Desk Web Client Security Desk Web Client Security Desk Web Client Security Desk Web Client Security Desk Web Client
Log on and log off timestamp.
Longest shutdown (%) Longest shutdown (min.) Longest stop (%)
Daily usage per Patroller Daily usage per Patroller Daily usage per Patroller Daily usage per Patroller
Percentage of Longest shutdown over the total number of minutes in a day. Single longest number of minutes in a day that the Patroller application is closed. Percentage of longest stop time over operating time. Single longest number of minutes in operating time when the vehicle is stationary.
Longest stop (min.)
734
Report pane columns
Column
Associated reports
Description
Longitude
Hits Reads Reads Zone occupancy Health history
Security Desk
The coordinates of where the LPR event occurred. Parking zone where a given parking regulation is in force. Computer where the health event occurred.
Lot
Security Desk
Machine
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk
Manual capture
Reads Inventory report Inventory report Access control health history Hardware inventory IO configuration Access rule configuration Cardholder access rights Cardholder configuration Bookmarks Hardware inventory
Displays the plate number entered manually by the Patroller user. Vehicle was removed manually (towed) from the parking facility. Manufacturer of the unit.
Manually removed Manufacturer
Member
Config Tool Security Desk Config Tool Security Desk
Name of the affected entity.
Member of
All groups the cardholder belongs to.
Message Model
Security Desk Config Tool Security Desk Config Tool Security Desk Web Client Security Desk Config Tool Security Desk Web Client
Bookmark message (might be blank if no message was written). Model of the unit involved.
Modification time
Audit trails Incidents
In the Audit trails task: Time the entity was last modified. In the Incidents task: Time the incident was last modified. User who last modified the incident. Mean time between failures (in hours).
Modified by MTBF
Incidents Health statistics
735
Report pane columns
Column
Associated reports
Description
MTTR
Health statistics
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Web Client Security Desk Web Client
Mean time to recovery (in hours).
Not enforced hits
Reads/hits per day Reads/hits per zone Incidents Health history
Number of hits that were not enforced.
Notes Occurrence count
Incident description. Point to this field to see the formatted text in a tooltip. Number of times this health event occurred on the selected entity.
Occurrence period
Access control unit events Alarm monitoring Alarm report Area activities Cardholder activities Credential activities Door activities Elevator activities Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities Hits Reads Daily usage per Patroller Inventory report Hardware inventory
Period when the event occurred.
Offload timestamp
Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk
The date and time that the Patroller offloaded the reads/hits to Security Center. Total number of minutes in a day that the Patroller application is open. Parking facility name. Strength of the password on the unit.
Operating time
Parking Password
736
Report pane columns
Column
Associated reports
Description
Patroller
Hits Reads Inventory report
Patroller entity name. The Patroller entity name field is not populated for fixed Sharp cameras. In the Inventory report task, this column represents the Patroller entity that read the plate. If a handheld device was used, XML import is shown instead. Percentage of occupied places within the parking zone. Name of the permit list under the permit restriction. The MAC address of the equipment's network interface. Device name.
Percentage occupancy Permit name Physical address
Zone occupancy Reads Hardware inventory Health history IO configuration
Security Desk Security Desk Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
Physical name
Picture
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Credential configuration Hits Reads Inventory report
Cardholder or visitors picture.
PIN
Config Tool Security Desk Security Desk Web Client
Credential PIN.
Plate image
License plate image captured by the LPR camera.
737
Report pane columns
Column
Associated reports
Description
Plate origin
Hits Reads Inventory report Hits Reads Inventory report Archives Credential request history Alarm monitoring Alarm report
State that issued the license plate.
Plate read
The license plate read generated by the Sharp unit.
Preview Print reason Priority
Security Desk Security Desk Security Desk Web Client
Timeline showing where video is available during the selected time range. Reason why the badge printing job was requested. Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool. Record is not purged from the database of its parent AutoVu LPR Manager ES when the Hit Retention period (for this record) expires. Protection status of the video file.
Protected
Hits Reads Archive storage details Reads/hits per day Reads/hits per zone Incidents Hits
Security Desk Web Client Config Tool Security Desk Security Desk Web Client Security Desk Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Security Desk
Protection status
Reads
Number of license plate reads.
References Reject reason
List of entities referenced by the incident. Reason selected by the Patroller user when rejecting a hit. Number of hits that were rejected.
Rejected hits
Reads/hits per day Reads/hits per zone Credential request history Hardware inventory
Requester email Role
Email address of the user who requested the badge printing job. Role type that manages the selected unit.
Row
Inventory report
Row name.
738
Report pane columns
Column
Associated reports
Description
RTP packet lost high
Health statistics
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
The number of Real-time Transport Protocol packets lost.
Rule
Hits Reads Inventory report Health history
Hit rule that matched the plate read.
Sector Severity
Sector name. Severity level of the health event: Information Warning Error Door side name.
Side
Door activities
Side-Direction
Area activities
Entrance or exit.
Source (entity)
Access control health history Alarm monitoring Alarm report Archiver events Archive storage details Bookmarks Health history Health statistics Incidents Motion search Alarm monitoring Alarm report
Source entity associated to the alarm or event. In the Alarm monitoring and Alarm report tasks, this column represents the source entity that triggered the alarm, when the alarm is triggered by an event-to-action. It shows a username when the alarm is triggered manually. In the video investigation tasks, this column represents the name of the system the camera belongs to. In the Incidents task, this column is empty if the incident is not based on an alarm or event. Time of the alarm triggering event. The only time Source time and Triggering time are different is when the event occurred while the access control unit was offline. Number of spaces in the parking lot. Beginning of the time range, playback sequence, or video sequence.
Source time
Spaces Start time
Zone occupancy Archives Archive storage details Forensic search Motion search
Security Desk Config Tool Security Desk
739
Report pane columns
Column
Associated reports
Description
State
Alarm monitoring Alarm report
Current state of the alarm. Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. Acknowledged (Default). Alarm was acknowledged using the default mode. Acknowledged (Alternate). Alarm was acknowledged using the alternate mode. Acknowledged (Forcibly). Alarm was forced to be acknowledged by an administrator. Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged. A second credential is sometimes necessary. For example, when both a card and a PIN are required to access a door or elevator.
Supplemental credential
Area activities Cardholder activities Credential activities Door activities Elevator activities Visitor activities
Thumbnails
Archives Bookmarks Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Visitor activities Zone occupancy Daily usage per Patroller
Security Desk
Thumbnail images of the recorded video during the selected time range. Time zone of the unit.
Time zone
To/from Total shutdown (%)
Security Desk Security Desk Web Client
Date and timestamp of read vehicles within the zone. Percentage of Total shutdown over the number of minutes in a day.
740
Report pane columns
Column
Associated reports
Description
Total shutdown (min.)
Daily usage per Patroller
Total number of minutes in a day that the Patroller application is closed. The total shutdown value plus the operating time value equals 1440 minutes. Percentage of total stop time over operating time. Total number of minutes in operating time when the vehicle is stationary. Total time spent in that area on that date by the cardholder. Bosch forensic value. For more information, see the manufacturer documentation. Event that triggered the alarm (if triggered through an event-to-action). Manual action is indicated when the alarm was manually triggered by a user. Time the alarm was triggered in Security Center Affected entity type.
Total stop (%)
Daily usage per Patroller Daily usage per Patroller Time and attendance Forensic search Alarm monitoring Alarm report
Security Desk Web Client Security Desk Web Client Security Desk Security Desk Security Desk Web Client
Total stop (min.)
Total time Track ID Triggering event
Trigger time
Alarm monitoring Alarm report Access rule configuration Health statistics
Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Web Client
Type
Unexpected downtime
How many days/hours/minutes the entity has been offline or unavailable after not having been set in Maintenance mode. Unexpected down-time is not caused by user intent.
741
Report pane columns
Column
Associated reports
Description
Unit
Access control health history Access control unit events Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Hits IO configuration Reads Visitor activities Access control health history Access control unit events Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory IO configuration Visitor activities Health statistics
Access control, video, intrusion detection, or LPR unit involved. NOTE In the Hits and Reads tasks, this query filter represents the LPR unit that read the plate and populated for a Patroller (for example, Patroller - Left, Patroller - Right, etc.), and for a fixed Sharp.
Unit type
Type or model of unit involved.
Up-time
How many days/hours/minutes the entity has been online and available.
742
Report pane columns
Column
Associated reports
Description
User
Credential request history Hits Intrusion detection area activities Intrusion detection unit events Logons per Patroller Hardware inventory report
Name of the user who triggered the event. The user name is empty if the event was not triggered from Security Desk. NOTE For the Hits and Logons per Patroller tasks, this query filter represents the Patroller user name.
Config Tool Security Desk Security Desk Security Desk Security Desk
The user name used to connect to the unit.
Vehicles Weekday Wheel image
Zone occupancy Time and attendance Hits Reads Reads/hits per zone Zone activities Zone occupancy
Number of vehicles that were read within the zone. Weekday corresponding to the date (see Date). Image of the vehicle wheels. Used for virtual tire-chalking. Zone name. In the Reads/hits per zone task, this column represents the parking zone where the LPR event occurred. In the Zone occupancy task, this column represents the name of the Overtime or Permit restriction.
Zone
743
19
Events and actions in Security Center
This section lists all Security Center events and actions in alphabetical order. Each event and action is covered with a general description of its purpose and usage, and describes the entity it is associated with. This section includes the following topics:
"Event types" on page 745 "Action types" on page 758
744
Event types
Event types
All events in Security Center are associated with a source entity, which is the main focus of the event. For more information, see "What is an event?" on page 106. Security Center supports the following event types:
Event Source entity Description
A door of an interlock has an unlock schedule configured A door of an interlock is in maintenance mode Ability to write on a drive has been restored AC fail Access denied: Antipassback violation Access denied: Denied by access rule Access denied: Expired credential Access denied: Inactive cardholder Access denied: Inactive credential Access denied: Insufficient privileges Access denied: Invalid PIN Access denied: Lost credential Access denied: No access rule assigned Access denied: Out of schedule
door
A door that is part of an interlock configuration has an unlock schedule configured. This invalidates the interlock. A door that is part of an interlock configuration is in maintenance mode. This disables the interlock. Ability to write on a drive has been restored. AC has failed. A cardholder requested access to an area that they have already entered, or requested access to leave an area that they were never in. The cardholder is denied access according to the access rule. An expired credential has been used. A cardholder with an inactive profile has attempted to access a door or area. A credential with an inactive profile has been used. The cardholder is denied access because they do not have the required user level. This event only applies to the Synergis Master Controller. A card and PIN are required to enter an area, and the cardholder entered an invalid PIN. A credential that has been declared as lost has been used. The cardholder is denied access because they are not assigned any access rights. The access rule associated with this cardholder does not apply during this date/time in the schedule.
door Archiver role access control unit cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area
745
Event types
Event
Source entity
Description
Access denied: Stolen credential Access denied: Unassigned credential Access denied: Unknown credential Access granted
cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area
A credential that has been declared as stolen has been used. A credential has been used that has not been assigned to a cardholder. A credential has been used that is unknown in the Security Center system. Access has been granted through a door to a cardholder according to the access rules governing the door or area. For a perimeter door of an interlock: When an authorized cardholder accesses a door of an interlock, Security Center might generate an Access granted event for the door even though the door does not unlock (due to another perimeter door already being open). An alarm has been acknowledged by a user, or autoacknowledged by the system. An alarm has been acknowledged by a user using the alternate mode. An alarm with a acknowledgement condition that is still active has been put into the under investigation state. The acknowledgement condition of an alarm has been cleared. An administrative user has forced an alarm to be acknowledged. An alarm has been triggered. An interlock cannot be in hard antipassback mode. This is an illegal configuration. An interlock cannot have perimeter floors, because elevator floors always allow free exit. An elevator floor has been added to the perimeter of an area. Antipassback disabled: Invalid settings.
Alarm acknowledged Alarm acknowledged (alternate) Alarm being investigated
alarm or system-wide alarm or system-wide alarm or system-wide
Alarm condition cleared Alarm forcibly acknowledged Alarm triggered An interlock cannot be in hard antipassback mode An interlock cannot have perimeter floors Antipassback disabled: Elevator on area perimeter Antipassback disabled: Invalid settings
alarm or system-wide alarm or system-wide alarm or system-wide area area area area
746
Event types
Event
Source entity
Description
Antipassback disabled: Not supported when unit is in mixed mode Antipassback disabled: Unit is offline
area
Units have been set to mixed mode. Antipassback is available according to the units operating mode. For more information about unit limitations, see the Security Center Release Notes. At least one unit is in offline mode, disabling antipassback. Antipassback is available according to the units operating mode. Refer to the Security Center Release Notes for more information about unit limitations. An access request was made to enter an area with a credential that is already inside the area, or to exit an area with a credential that was never in the area. A security operator has granted access to an individual responsible for a passback violation. Directory or Access Manager has connected to the Security Center. Directory or Access Manager service has been lost. The Allotted space on one of the disks assigned for archive storage for this Archiver has been used up, and the Archiver has switched to the next disk in line. The names of the previous disk and current disk are indicated in the Description field. The Archiver is unable to write the video stream (packets) to disk as fast as the encoder sends it, or there is not enough CPU to process the video stream received from a camera. A problem with the Archiver database also triggers this event. The name of the camera whose packets are lost is indicated in the Description field. Archiving has stopped because the disks allocated for archiving are full. This event always accompanies a Disks full event. A noise has been detected by the camera. The unit battery has failed. A user has blocked a video stream from other users in the system. A user has unblocked a video stream from other users in the system.
area
Antipassback violation
area
Antipassback violation forgiven Application connected Application lost Archiving disk changed
area application or external system application or external system Archiver role
Archiving queue full
Archiver role
Archiving stopped
Archiver role
Audio alarm Battery fail Block camera started Block camera stopped
camera access control unit camera camera
747
Event types
Event
Source entity
Description
Camera not archiving Camera tampering
camera camera (video analytics)
The camera is on an active archiving schedule but the Archiver is not receiving the video stream. A dysfunction has occurred, potentially due to camera tampering, resulting in a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. The Archiver cannot write to a specific drive. The path to the drive is indicated in the Description field. The Archiver is unable to write to any of the disk drives. This situation can arise for the following reasons: When write accesses to shared drives are revoked. When shared drives are inaccessible. When shared drives no longer exist. When this happens, archiving is stopped. The Archiver re-evaluates the drive status every 30 seconds. Client application rollback failed. Client application rollback succeeded. Client application update failed. Client application update succeeded. See System General settings "Custom events" on page 623. The connection to the role database was lost. If this event is related to a role database, it might be because the data server is down or cannot be reached by the role server. If the event is related to the Directory database, the only action you can use is Send an email, because all other actions require a working connection the Directory database. The connection to the role database has been recovered. The deadbolt on a door has been locked. The deadbolt on a door has been unlocked.
Cannot write on the specified location Cannot write to any drive
Archiver role Archiver role
Client application rollback failed Client application rollback succeeded Client application update failed Client application update succeeded Custom event Database lost
application application application application system-wide Any role
Database recovered Deadbolt locked Deadbolt unlocked
Any role door, zone door, zone
748
Event types
Event
Source entity
Description
Disk load is over 80%
Archiver role
More than 80% of the disk space allocated for archiving has been used, caused by under-evaluating the disk space required, or by another application that is taking more disk space than it should. If 100% of the allotted disk space is used, the Archiver starts to delete old archive files prematurely in order to free disk space for new archive files, starting with the oldest files. All disks allotted for archiving are full and the Archiver is unable to free disk space by deleting existing video files. This event can occur when another application has used up all the disk space reserved for Omnicast, or when the Delete oldest files when disks full option is not selected in the Server Admin. When this happens, archiving is stopped. The Archiver re-evaluates the disk space every 30 seconds. The door has closed. The door has been forced open. This event is unavailable with a readerless door. The door has locked. The door has been taken out of maintenance mode. For more information, see Door - "Properties" on page 405. In Security Desk, a user has manually unlocked a door. The door has been held open for too long. To enable this event, you must set the property Trigger a Door open too long event in the Properties tab of a Door entity in Config Tool. The door has opened. The door has been unlocked. The door has been put into maintenance mode. For more information, see Door - "Properties" on page 405. The unit associated to this door has gone offline. The doorknob is in place and the door is closed. The doorknob has rotated. Event related to a camera that is recording directly on the unit.
Disks full
Archiver role
Door closed Door forced open Door locked Door locked: Maintenance completed Door manually unlocked Door open too long
door door door door door door
Door opened Door unlocked Door unlocked: Maintenance started Door warning: Unit is offline Doorknob in place Doorknob rotated Edge storage medium failure Elevator warning: Unit is offline
door door door door door door
elevator
The unit associated to this elevator has gone offline.
749
Event types
Event
Source entity
Description
Entity has expired Entity is expiring soon
credential credential
A credential or its associated cardholder has expired (its status is now Expired). The Security Center generates this event to warn you that the expiry date of an entity is approaching. The number of days of advance warning provided by this event must be set. A health warning has been issued for this entity. A cardholder was granted access to a door, elevator, or area, and it is assumed that they entered. A cardholder was granted access to a door, elevator, or area, and their entry is detected. A video file associated to a camera has been deleted because the retention period has ended, or the archive storage disk was full. A cardholder has entered an empty area. An elevator floor button has been pressed. Glass has broken. The tamper input on a unit has been triggered. A health event has occurred. Interlock is not supported by the unit. Interlock lockdown has been turned off. Interlock lockdown has been turned on. Interlock override is off. Interlock override is on. Intrusion detection area alarm activated. Intrusion detection area arming. Intrusion detection area arming postponed. Intrusion detection area canceled alarm.
Entity warning Entry assumed Entry detected File deleted
system-wide cardholder, door, or area cardholder, door, or area camera
First person in Floor accessed Glass break Hardware tamper Health event Interlock is not supported by the unit Interlock lockdown off Interlock lockdown on Interlock override off Interlock override on Intrusion detection area alarm activated Intrusion detection area arming Intrusion detection area arming postponed Intrusion detection area canceled alarm
area elevator or area input/zone elevator or door Health monitor role access control unit access control unit access control unit access control unit access control unit intrusion detection area intrusion detection area intrusion detection area intrusion detection area
750
Event types
Event
Source entity
Description
Intrusion detection area cancelled postponed request Intrusion detection area custom event Intrusion detection area disarm request Intrusion detection area disarmed Intrusion detection area duress Intrusion detection area entry delay activated Intrusion detection area forced arming Intrusion detection area input bypass activated Intrusion detection area input bypass deactivated Intrusion detection area input trouble Intrusion detection area master arm request Intrusion detection area master armed Intrusion detection area perimeter arm request Intrusion detection area perimeter armed Intrusion detection area postponed arming request Intrusion detection unit input bypass activated Intrusion detection unit input bypass deactivated
intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection unit intrusion detection unit
Intrusion detection area cancelled postponed request. Intrusion detection area custom event. Intrusion detection area disarm request. Intrusion detection area disarmed. Intrusion detection area duress. Intrusion detection area entry delay activated. Intrusion detection area forced arming. Intrusion detection area input bypass activated. Intrusion detection area input bypass deactivated. Intrusion detection area input trouble. Intrusion detection area master arm request. Intrusion detection area master armed. Intrusion detection area perimeter arm request. Intrusion detection area perimeter armed. Intrusion detection area postponed arming request. Intrusion detection unit input bypass activated. Intrusion detection unit input bypass deactivated.
751
Event types
Event
Source entity
Description
Intrusion detection unit input trouble Invalid custom encryption values
intrusion detection unit Archiver role
Intrusion detection unit input trouble. This warning is issued by the Archiver on startup and every 5 minutes if one of the custom encryption values (initial fingerprint or encryption key) specified in the Server Admin is invalid. The last cardholder has exited an area. A complete license plate has been sighted in the camera. A license plate read has been matched to a hotlist, an overtime rule, or a permit restriction. A license plate previously sighted in the camera has moved out of sight. A license plate has been read. A clearer or more reliable reading of a sighted license plate is available. A user has added a bookmark to a live video. For more information about adding bookmarks, see the Genetec Security Desk User Guide. Event related to a zone entity. Event related to a zone entity. Loitering activity has been detected in the camera. Execution of a macro has failed. Execution of a macro has been completed normally. Execution of a macro has begun. Someone has pulled the door emergency release (manual pull station). The door emergency release (manual pull station) has been restored to it normal operating position. There is motion detected. This event is issued following a Motion on event when motion (measured in terms of number of motion blocks) has dropped below the motion off threshold for at least 5 seconds.
Last person out License plate in sight License plate hit License plate out of sight License plate read License plate reading Live bookmark added
area LPR unit or Patroller restriction, LPR unit, or Patroller LPR unit or Patroller LPR unit or Patroller LPR unit or Patroller camera
Lock released Lock secured Loitering Macro aborted Marco completed Macro started Manual station activated Manual station reverted to normal state Motion Motion off
access control unit access control unit camera (video analytics) macro macro macro door door camera camera
752
Event types
Event
Source entity
Description
Motion on Multiple units are configured for the interlock No entry detected No match No RTP packet lost in the last minute Object condition changed Object crossed line Object detected Object entered Object exited Object following route Object left Object merged Object removed Object separated Object stopped Offload failed Offload successful People count reset
camera area cardholder, door, elevator, or area hotlist camera camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) Patroller Patroller area
This event is issued when positive motion detection has been made. All doors that are part of an interlock configuration must be controlled by the same unit. A cardholder was granted access to a door, elevator, or area, but no entry is detected. A vehicle has not been matched to the hotlist associated to the Sharp unit. The Archiver has received all the RTP packets in the last minute. An object has suddenly changed direction or speed, such as when a person starts running or slips. An object has crossed a predefined tripwire. An object is in the camera field of view. An object has entered the camera field of view. An object has exited the camera field of view. An object is following a predetermined route, in a specific direction. An object has entered and exited the camera field of view. Two separate objects in the camera field of view have merged. An object has been removed from the camera field of view. An object within the camera field of view has separated into two objects. A moving object has stopped. An offload from Patroller to Security Center has failed. An offload from Patroller to Security Center was successful. The number of people counted in an area has been reset to 0.
753
Event types
Event
Source entity
Description
People counting disabled: Unit is offline Person falling Person running Person sliding Playback bookmark added
area camera (video analytics) camera (video analytics) camera (video analytics) camera
A unit has gone offline, thus disabling people counting. A person falling has been detected in the camera. A person running has been detected in the camera. A person sliding has been detected in the camera. A user has added a bookmark to a recorded video. For more information about adding bookmarks, see the Genetec Security Desk User Guide. The Protected video threshold configured in the Server Admin is been exceeded. The percentage of disk space occupied by protected video files can be monitored from the Config Tool. A user started using the PTZ after it has been idle. The Description field indicates the user who activated the PTZ. This event is regenerated every time a different user takes control of the PTZ, even when the PTZ is still active. A user has tried to move the PTZ while it is being locked by another user with a higher PTZ priority. The Description field indicates the machine, application type, and user who currently holds the lock. The PTZ has not been manipulated by any user after a predetermined period of time. The Description field indicates the user who last used the PTZ. A user started zooming the PTZ. The Description field indicates the user who performed the zoom. Subsequent PTZ zoom by user events are generated if another user zooms the PTZ, or if the original user zooms the PTZ after the Idle delay has expired. The PTZ has not been zoomed by any user after a predetermined period of time. The Description field indicates the user who last zoomed the PTZ.
Protection threshold exceeded
Archiver role
PTZ activated
camera (PTZ)
PTZ locked
camera (PTZ)
PTZ stopped
camera (PTZ)
PTZ zoom by user
camera (PTZ)
PTZ zoom by user stopped
camera (PTZ)
754
Event types
Event
Source entity
Description
Receiving RTP packets from multiple sources
camera
The Archiver is receiving more than one video stream for the same camera. IMPORTANT When this rare situation arises, the Archiver cannot tell which stream is the correct one simply by looking at the source IP address because of the NAT (Network Address Translation), so an arbitrary choice is made. This can result in the wrong video stream being archived. However, the source IP address and port number of both streams are indicated in the Description field, and the two sources are labeled Archived and Rejected. You can find the faulty unit that is causing this conflict. The recording on a camera has been started as the result of an alarm being triggered. The recording on a camera has been started by a continuous archiving schedule. The recording on a camera has been started by the Start recording action. This action could have been triggered by another event or executed from a macro. The recording on a camera has been started through motion detection. The recording on a camera has been started manually by a user. The recording on a camera has stopped because the alarm recording time has elapsed. The recording on a camera has stopped because it is no longer covered by a continuous archiving schedule. The recording on a camera has been stopped by the Stop recording action. This action could have been triggered by another event or executed from a macro. The recording on a camera has stopped because the motion has ceased. The recording on a camera has been stopped manually by a user. Someone has pressed the door release button or has triggered a request to exit motion detector. The request to exit event has special filtering to make this feature compatible with motion detection request to exit hardware. Set these properties in the Config Tool > Door > Properties tab.
755
Recording started (alarm) Recording started (continuous) Recording started (external)
camera camera camera
Recording started (motion) Recording started (user) Recording stopped (alarm) Recording stopped (continuous) Recording stopped (external)
camera camera camera camera camera
Recording stopped (motion) Recording stopped (user) Request to exit
camera camera door
Event types
Event
Source entity
Description
Request to exit normal RTP packets lost
door camera
No request to exit is being made. There are RTP packets that the Archiver never received. This could happen if the packets have been lost on the network, or if the Archiver does not have enough CPU to process all the packets received on the network card. The Description field indicates the number of packets lost since the last time this event was issued (no more than once every minute). The schedule for controlled access to elevator floors now applies. The schedule for free access to elevator floors now applies. The door unlock schedule has expired, the lock is now re-asserted (door is locked). The door lock is unlocked due to a programmed unlock schedule. The unit signal has been lost. The unit signal has been recovered. The synchronization of an external system has completed. The synchronization of an external system has resulted in an error. The synchronization of an external system has started. Two people have entered a secured area following each other very closely. A threat level has been cleared on your system or on specific areas. A threat level has been set on your system or on specific areas. The Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds. A video analytics event has been issued, but it is not yet mapped to a Security Center event.
Scheduled controlled access Scheduled free access Scheduled lock Scheduled unlock Signal lost Signal recovered Synchronization completed: External system Synchronization error: External system Synchronization started: External system Tailgating Threat level cleared Threat level set Transmission lost
elevator elevator door door camera camera external system external system external system camera (video analytics) System, area System, area camera
Undefined video analytics event
camera (video analytics)
756
Event types
Event
Source entity
Description
Unit connected Unit failed to respond to edge video request Unit lost Update failed
unit
The connection to a unit has been established or restored. Event related to a camera that is recording directly on the unit.
unit Patroller, Mobile Sharp
The connection to a unit has been lost. An update on Patroller or a Mobile Sharp unit has failed, or a file could not be synchronized on a Patroller computer. An update has completed on Patroller or a Mobile Sharp unit, and no reboot is required. A user has started an updated on Patroller by clicking the Update icon. An update has been processed, and is ready to be deployed to Patroller. A rollback on Patroller or a Mobile Sharp unit has completed. A user has started a rollback on Patroller by clicking the Rollback icon. A user has logged off of a Security Center application. A user has logged on to a Security Center application. The Archiver has attempted to connect to a VRM unit. The Archiver has failed to connect to a VRM unit.
Update installation completed Update installation started Updated published Update uninstallation completed Update uninstallation started User logged off User logged on VRM connection attempt VRM connection failure Window closed Window opened Zone armed Zone disarmed
Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp user user
input/zone input/zone zone zone
A physical window has closed. A physical window has opened. A zone has been armed. A zone has been disarmed.
757
Action types
Action types
All actions in Security Center are associated with a target entity, which is the main entity affected by the action. Additional parameters are indicated in the Description column. All parameters must be configured for an action to be valid. For more information, see "Create an event-to-action" on page 107. Security Center supports the following actions:
Action Target entity Description
Add bookmark
camera
Adds a bookmark to a camera recording. Additional parameter: Message. Bookmark text. Arms an intrusion detection area. Additional parameters: Mode: Either Master arm or Perimeter arm. When. Either immediately or with a delay. Arms a virtual zone. Blocks or unblocks a camera from other users in the system. Additional parameters: Block/Unblock. Select whether the action will block or unblock the camera. End. Select how long to block the video for: For. The video is blocked from users for the selected amount of time. Indefinitely. The video is blocked from users until you manually unblock it. User level. Select a minimum user level. All users with a level lower than the one you select are blocked from viewing video. Cancels the postponed arming of an intrusion detection area.
Arm intrusion detection area
intrusion detection area
Arm zone Block and unblock video
virtual zone camera
Cancel postpone intrusion detection area arming Clear tasks
intrusion detection area Security Desk (Destination)
Clears the task list in the specified Security Desk monitors. Additional parameter: Destination. Online Security Desk application. User. All monitors of all Security Desk applications connected with the specified username. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.
758
Action types
Action
Target entity
Description
Disarm intrusion detection area Disarm zone Display a camera on an analog monitor
intrusion detection area virtual zone analog monitor
Disarms an intrusion detection area. Disarms a virtual zone. Displays a camera in an analog monitor in a canvas tile. Additional parameters: Camera. Select which camera to display in the analog monitor. The camera must be supported by the analog monitor, and use the same video format. Analog monitor. Select an analog monitor to display the camera in. Displays a list of entities in the Security Desk canvas of selected users, in terms of one entity per tile. This action is ignored if a user does not have a Monitoring task open in Security Desk. Additional parameters: Entities. List of entities to display. Each entity is displayed in a separate tile. Display option View in a free tile. Only use free tiles. Force display in tiles. Display in free tiles first. When there are no more free tiles, use the busy tiles following the tile ID sequence. Sends a report (based on a saved reporting task) as an email attachment to a list of users. Additional parameters: Report. Public reporting task used as report template. Format. Report format, either PDF or Excel. Forgives an antipassback violation for a cardholder, or cardholder group. Commands the selected dome camera to go to its home position. Not all dome cameras support this feature. Commands the dome camera to go to the specified preset position. Additional parameter: Preset. Preset position (number) to go to. Imports a file and sends the import results to a user. Additional parameter: File name. Opens the Import tool window, where you can select the file that is used to import the data. For more information, see "Import tool" on page 657.
Display an entity in the Security Desk
users (Recipients)
Email a report
users (Recipients)
Forgive antipassback violation Go home Go to preset
cardholder or cardholder group dome camera dome camera
Import from file
user (Recipient)
759
Action types
Action
Target entity
Description
Override with event recording quality
camera
Sets the Boost quality on event recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts. Sets the Boost quality on manual recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts. Plays a sound bite in a user or user groups Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: Sound to play. Sound file (.wav) to play. For the user to hear the sound bite, the same sound file must be installed on the PC where Security Desk is running. The standard alert sound files that come with the installation are located in C:\Program files\Genetec Security Center 5.2\Audio. Postpones the intrusion detection area arming. Additional parameters: Arming mode: Either Master arm or Perimeter arm. Postpone for. Set how long to postpone the arming for, in seconds. Arming delay. Set the arming delay in seconds. Cancels the effect of the Override with manual/event recording quality actions and restores the standard recording configuration. Resets the people counter in an area. Forces the Omnicast Federation role to reconnect to the remote Omnicast system. Starts the execution of a macro. Additional parameter: Context: Specific value settings for the context variables. Commands the dome camera to run the specified pattern. Additional parameter: Pattern. Pattern number to run.
Override with manual recording quality
camera
Play a sound
user or user group
Postpone intrusion detection area arming
Recording quality as standard configuration Reset area people count Reset external system Run a macro
camera
area Omnicast Federation role macro
Run a pattern
dome camera
760
Action types
Action
Target entity
Description
Send a message
user or user group (Recipient)
Sends a pop-up message to a users Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: Message. Text to be to displayed in the pop-up message. Sends an email to users or cardholders. The selected user must have an email address configured, and the mail server must be properly configured for Security Center, or the action is ignored. Additional parameter: Message. The email text to be sent to the recipient. Sends and adds a public task to a Security Desk application. Additional parameters: Task. Public task to send. Destination. Online Security Desk application. User. All Security Desk connected with that user. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID. (Only available when creating threat levels) Sets a reader mode for accessing doors when a threat level is set. Additional parameters: Location. The areas where this reader mode applies when a threat level is set. Reader mode. Select whether access is granted using a card and PIN, or card or PIN, for the selected areas. Sets the Unlocked for maintenance status of a door to on or off. Additional parameter: Maintenance. Desired maintenance mode (On or Off). Sets a threat level on your Security Center system, or on specific areas. Additional parameters: Area. Select which areas to set the threat level on. Can be your entire system, or specific areas. Threat level. Select which threat level to set. Resets the Buzzer output defined for a door. This action sets the Buzzer option to None in the Hardware tab of a door in Config Tool. Sets the Buzzer output defined for a door. The buzzer sound is specified under the Buzzer option in the Hardware tab of a door in Config Tool.
Send an email
user, user group, cardholder, cardholder group (Recipient) Security Desk (Destination)
Send task
Set reader mode
cardholder, credential
Set the door maintenance mode
door
Set threat level
system, area
Silence buzzer
door
Sound buzzer
door
761
Action types
Action
Target entity
Description
Start applying video protection
camera
Starts protecting upcoming video recordings against deletion. The protection is applied on all video files needed to store the protected video sequence. Since no video file can be partially protected, the actual length of the protected video sequence depends on the granularity of the video files. When multiple Start applying video protection actions are applied on the same video file, the longest protection period is kept. Additional parameters: Keep protected for. Duration of the video protection. Specific. Sets the protection period in number of days. Infinite. The protection can only be removed manually from the Archive storage details task. Protect video for next. Duration of the video to protect. Specific. Sets the duration in minutes and hours. Infinite. All future recordings are protected until the action Stop applying video protection is executed. Starts recording on the specified camera. This action is ignored if the camera is not on an active recording schedule. Recordings started by this action cannot be stopped manually by a user. Additional parameter: Recording duration. Sets the duration of the video recording. Default. Sets the duration to follow the value defined in Default manual recording length configured for the camera. Infinite. The recording can only be stopped by the Stop recording action. Specific. Sets the recording duration in seconds, minutes, and hours. Stops protecting upcoming video recordings against deletion. This action does not affect the video archives that are already protected. Additional parameter: Stop in. Sets the video protection to stop Now or in a Specific amount of time in minutes and hours. Stops recording on the specified camera. This action only works if the recording was started by the Start recording action. Additional parameter: Stop in. Sets the recording to stop Now or in a Specific amount of time in seconds, minutes and hours.
Start recording
camera
Stop applying video protection
camera
Stop recording
camera
762
Action types
Action
Target entity
Description
Temporarily override unlock schedules
door
Temporarily locks or unlocks a door for a given period of time. Additional parameters: Lock mode. Select Unlocked or Locked. For. Amount of time in minutes or hours. From/To. Date and time range to unlock the door. Triggers an alarm. NOTE Triggering an alarm might generate additional events, depending on the alarm configuration. Additional parameters: Acknowledgement condition. Event type that must be triggered before the alarm can be acknowledged. User acknowledgement required. Select whether the alarm must be manually acknowledged, or if it is automatically acknowledged by the system after the acknowledgement condition is cleared. Triggers a physical alarm on an intrusion detection area. Additional parameter: Recipient type. Type of alarm trigger, either the intrusion detection area or a specific alarm input. Triggers an output behavior on an output pin of a unit. For example, an action can be configured to trigger the output pin of a unit (controller or input/output module). Additional parameter: Output behavior. Select the output behavior to trigger. Starts a synchronization process on the specified role (Active Directory or Global Cardholder Synchronizer). Temporarily unlocks a door for five seconds, or the Standard grant time configured for that door.
Trigger alarm
alarm
Trigger intrusion alarm
Trigger output
output pin (unit)
Trigger synchronization Unlock door explicitly
role (that needs synchronization) door
763
20
Keyboard shortcuts in Config Tool
Learn about the default keyboard shortcuts available in Config Tool. This section includes the following topics:
"Default keyboard shortcuts" on page 765
764
Default keyboard shortcuts

This table lists the default keyboard shortcuts you can use in Config Tool. This list is categorized alphabetically by command.
NOTE You can change the keyboard shortcuts in the Keyboard shortcuts tab of the Options dialog
box. See "Keyboard shortcuts" on page 681.

Command Description Shortcut
General commands Apply changes Exit application Full screen Go to next page Go to previous page Help Home page Options Select columns Camera commands Add a bookmark Copy statistics of the currently selected video tile Show statistics overlay on the video tile Show status overlay on the video tile PTZ commands Go to preset Pan left Jump to a PTZ preset you select. Pan the PTZ camera image to the left. SHIFT+<PTZ preset> LEFT ARROW Add a bookmark to video in the selected tile (for live video only). Copy the statistics of the selected tile. B CTRL+SHIFT+X Apply the changes made to your current configuration tab. Close Config Tool. Toggle between displaying Config Tool in full screen and windows mode. Switch to the next Config Tool task tab. Switch to the previous Config Tool task tab. Open the online help. Go to the Home page. For more information, see "Home page overview" on page 14. Open the Options dialog box. Select which columns to show/hide in the report pane. CTRL+S ALT+F4 F11 CTRL+TAB CTRL+SHIFT+TAB F1 CTRL+GRAVE ACCENT () CTRL+O CTRL+SHIFT+C
Show/hide the statistics summary of the video in the selected tile. Show/hide the status summary of the video in the selected tile.
CTRL + SHIFT + A CTRL+SHIFT+D
765
Command
Description
Shortcut
Pan right Tilt down Tilt up Zoom in Zoom out Task commands Rename task Save as Save workspace Saved tasks
Pan the PTZ camera image to the right. Tilt the PTZ camera image down. Tilt the PTZ camera image up. Zoom in the PTZ camera image. Zoom out the PTZ camera image.
RIGHT ARROW DOWN ARROW UP ARROW Hold the PLUS SIGN (+) Hold the HYPHEN (-) key
Rename the selected task. Save a task under a different name and scope (private or public). Save the task list so that it is automatically restored the next time you log on to the system with the same user name. Open the Public tasks page from the Home page. For more information, see "Home page overview" on page 14.
F2 CTRL+T CTRL+SHIFT+S CTRL+N
766
Part VII
Appendices
Learn about the user privileges, event and action types, license options, and HID access control units available in Security Center. This part includes the following appendices: Appendix A, License options on page 768 Appendix B, Default Security Center ports on page 776 Appendix C, HID reference on page 781 Appendix D, Bosch reference on page 803 Appendix E, Honeywell reference on page 805
A
License options
This section describes all Security Center software license options, and how to view your license information. This section includes the following topics:
"Viewing license information from Config Tool" on page 769 "Viewing license information from Server Admin" on page 770 "License option descriptions" on page 771
768
Viewing license information from Config Tool
Viewing license information from Config Tool

From the Home page in Config Tool, click About.
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
License. This tab tells you when your software license expires, and gives you the
information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.
IMPORTANT Seven days before your license expires, you receive a warning message.
Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count. For the latter, the Support column shows the current use vs. the maximum allowed.
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates. Purchase order. This tab reproduces your order.
769
Viewing license information from Server Admin
Viewing license information from Server Admin

1 Log on to your main server using Server Admin. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 Select the Directory tab, scroll to the License section, and click License information.
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
Overview. This tab tells you when your software license expires and gives you the
information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.
Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count.
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile devices. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates.
770
License option descriptions

This section describes the meaning of all Security Center license options. A feature is either supported or limited by a maximum use count. For the latter, only the Config Tool shows the current use vs. the maximum allowed.
TIP Some options feature an On/Off switch. If you do not use that option in your system, turn the switch OFF to simplify the user interface.
"Security Center license options" on page 771 "Synergis license options" on page 772 "Omnicast license options" on page 773 "AutoVu license options" on page 774 "Mobile license options" on page 774 "Certificate license options" on page 775
Security Center license options

This section describes the generic Security Center license options.
Macros. Allows you to create macros in your system. For more information, see "Using
macros" on page 110.
Threat level. Allows you to create threat levels in Config Tool, as well as set threat levels in
Security Desk.
Remote Security Desk. Allows you to remotely monitor and control other Security Desk
workstations and monitors, using the Remote task on your local Security Desk.
Alarms. Allows you to create and manage alarms in Config Tool, and use the Alarm
monitoring and Alarm report tasks in Security Desk.
Hot actions. Allows you to trigger hot actions in Security Desk. Audio. Allows you to configure sounds bites on your system in Config Tool, and use them
in event-to-actions.
Partitions. Allows you to configure and use partitions in Security Center. Intrusion detection. Allows you to configure intrusion detection entities in Config Tool, as
well as monitor intrusion detection entities in Security Desk.
Time zone. Allows you to configure the unit time zone when a Location property tab is
displayed, as in video unit configuration for example.
Automatic email notifications. Allows you to set up an email server for email
notifications, including:
Receiving email notifications from the Watchdog.

771
Using Send an email and Email a report actions.
Web SDK. Allows you to create Web-based SDK roles. For more information, see
"Supporting cross-platform development" on page 164.
Plan Manager Basic. Allows you to use Plan Manager in Basic mode. For more information
about Plan Manager, see the Plan Manager User Guide.
Plan Manager Standard. Allows you to use Plan Manager in Standard mode. For more
information about Plan Manager, see the Plan Manager User Guide.
Plan Manager Advanced. Allows you to use the Advanced configuration of Plan Manager
in Advanced mode. For more information about Plan Manager, see the Plan Manager User Guide.
Number of custom fields. Maximum number of custom fields that you are allowed to
define. For more information, see System General settings "Custom fields" on page 619.
Number of federated systems. Maximum number of federated systems allowed, counting

both Omnicast 4.x and Security Center systems. For more information, see "Federating remote systems" on page 128.
Number of Security Desk connections. Maximum number of simultaneous Security Desk

connections allowed on your system.
Number of Active Directories. Maximum number of Active Directory domains that can be
synchronized with your system. For more information, see "Importing users from an Active Directory" on page 102.
Number of additional Directory servers. Maximum number of Directory servers you can
have in addition to your main server to set up a high availability system. For more information, see "Configuring Directory failover and load balancing" on page 66.
Number of intrusion detection units. Maximum number of intrusion panels supported on

your system. For more information, see "Managing intrusion panels" on page 155.
Number of input pins. Maximum number of input pins that can be configured for doors,
elevators, and zones.
Number of output pins. Maximum number of input pins that can be configured can be
configured for doors, elevators, and zones.
Number of cash registers. Maximum number of cash registers that you can import from an
external point of sale system. For more information, see "Point of Sale" on page 595.
Synergis license options

This section describes the Synergis access control license options.
Card requests. Allows users to request card credentials to be printed by other users on the
system. Also allows you to create request reasons in Config Tool.
Import Tool. Allows you to import cardholders and credentials from a flat file. For more
information, see "Import tool" on page 657.
772
Antipassback. Allows you to configure areas with antipassback restrictions. For more
information, see "Configure antipassback" on page 280.
People counting. Allows you to use the People counting task in Security Desk. Badge template. Allows you to define badge templates in your system. USB enrollment reader. Allows you to detect and use USB readers on your system. Visitors. Allows you to use the Visitor management task in Security Desk. Number of cardholders and visitors. Maximum number of cardholders and visitors allowed on your system, including those imported from Active Directories. For more information, see "Configuring cardholders and cardholder groups" on page 283. elevators on your system.
Number of readers. Maximum number of readers that can be configured for doors and Number of Access Managers. Maximum number of Access Manager roles that can be
created on your system. For more information, see "Configuring the Access Manager role" on page 260.
Number of Global Cardholder Synchronizers. Number of Global Cardholder

Synchronizer roles allowed on your system. For more information, see "Managing global cardholders" on page 296.
Omnicast license options

This section describes the Omnicast video surveillance license options.
Number of cameras. Maximum number of cameras allowed on your system. Both cameras
managed locally by your system and those federated from remote systems are counted.
Number of OVReady cameras. Maximum number of OVReady cameras (with video

analytics capabilities) allowed on your system.
Number of panoramic cameras. Number of panoramic cameras allowed on your system. Number of DVR inputs. Number of video inputs from DVRs (digital video recorders)
allowed on your system.
Number of analog monitors. Maximum number of analog monitors allowed on your

system.
Number of Auxiliary Archivers. Number of Auxiliary Archiver roles allowed on your

system. For more information, see "Configuring the Auxiliary Archiver role" on page 204.
Audio. Allows your system to stream audio and enables all audio features on your system. Forensic search. Enables the Forensic search task in Security Desk. Trickling. Enables data to be transferred in small amounts at specific or pre-determined
time from the edge-recording units to the Archiver. For more information, see "Configuring video units for trickling" on page 197.
Camera blocking. Allows you to block video from other users on the system.
AutoVu license options

This section describes the AutoVu LPR license options.
Security Desk map. Type of map engine supported in Security Desk: Bing or MapInfo. Geocoder. Type of map engine used by the LPR Manager for geocoding: Bing or MapInfo. Microsoft Bing license expiration date. Bing license expiration date. Data import. Allows data to be imported from AutoVu 4.3 systems. For more information, see "Data import" on page 583. information, see "XML import" on page 578.
XML import. Allows you to import data from third-party applications. For more Number of LPR Managers. Maximum number of LPRManager roles allowed on your
system.
Number of fixed Sharp units. Maximum number of fixed Sharp units allowed on your
system.
Number of Patrollers - Law Enforcement. Maximum number of Patrollers configured for

Law Enforcement allowed on your system.
Number of Patrollers - City Parking Enforcement. Maximum number of Patrollers

configured for City Parking Enforcement allowed on your system.
Number of Patrollers - University Parking Enforcement. Maximum number of Patrollers

configured for University Parking Enforcement allowed on your system.
Number of Patrollers - MLPI. Maximum number of Patrollers configured for Mobile

License Plate Inventory allowed on your system.
Number of Patrollers equipped with maps. Maximum number of Patrollers equipped

with maps allowed on your system.
Mobile license options

This section describes the Genetec Security Center Mobile license options.
Number of mobile device servers. Maximum number of Mobile Servers allowed on your
system.
Number of mobile devices. Maximum number of simultaneous Mobile app connections

allowed on your system.
Number of Web Clients. Maximum number of Web Client connections allowed on your
system.
774
Certificate license options

This section describes the certificate license options. Each certificate is identified by an application/plugin name and the publisher name. The option specifies the maximum number of simultaneous connections from each type of application on your system.
775
B
Default Security Center ports
This section describes all default ports used by Security Center. Make sure these ports are open and redirected for firewall and network address translation purposes. This section includes the following topics:
"Common communication ports" on page 777 "AutoVu-specific ports" on page 778 "Synergis-specific ports" on page 779 "Omnicast-specific ports" on page 780
776
Common communication ports
Common communication ports

The following table lists the default network ports used by Security Center applications.
Computer Inbound Outbound Port usage
Main server Expansion servers Client workstations All servers (hosting any role) Intrusion Manager
TCP 5500 TCP 5500 TCP 5500 TCP 4502 HTTP 80 TCP 3001 TCP 3001 TCP 4502
Directory connection requests Directory connection requests Directory connection requests Communication between servers Connection via Server Admin Bosch intrusion panels
777
AutoVu-specific ports
AutoVu-specific ports
The following table lists the default network ports used by Security Center/AutoVu applications.
LPR Manager TCP 8731 TCP 8832
UDP 5000
Fixed Sharp unit discovery Fixed Sharp units and Patrollers Patroller hotfix requests
778
Synergis-specific ports
Synergis-specific ports
The following table lists the default network ports used by Security Center/Synergis applications.
Access Manager
UDP/TCP 4070 TCP 20
UDP/TCP 4070 TCP 21, 23 TCP 4050
HID VertX controllers HID VertX controllers HID VertX controllers
For information about HID hardware setup, see "Refer to HIDs documentation for initial hardware setup" on page 782.
779
Omnicast-specific ports
Omnicast-specific ports
The following table lists the default network ports used by Security Center/Omnicast applications.
Archiver
TCP 555 UDP 1500016000 TCP & UDP UDP 47806 UDP 47806 TCP 554 or HTTP 80 Telnet 5602 UDP 1500016000
Live and playback stream requests Live unicast streams (audio & video) Vendor specific ports for events and unit discovery Live audio & video multicast streams Typical port used to request video from a unit Telnet Console connection requests Playback stream requests Live and playback stream requests Live and playback stream requests Live audio & video unicast streams UDP 47806 TCP 555 Live audio & video multicast streams Communication with Archiver Live audio & video unicast streams Live multicast video streams Live multicast audio streams TCP 554560 Live and playback audio/video requests
Auxiliary Archiver Media Router Redirector
TCP 558 TCP 554 TCP 560 UDP 800012000 UDP 47806
Security Desk & Config Tool
UDP 60006500 UDP 47806 UDP 47807
780
C
HID reference
This section describes additional information concerning the setup and configuration of HID access control units. This section includes the following topics:
"Network configuration" on page 782 "Using the HID Discovery GUI utility" on page 783 "HID initial configurations" on page 784 "Special considerations when configuring HID units" on page 785 "Interpreting the Power and Comm LEDs on an HID unit" on page 787 "Supported features and models" on page 788 "Access control unit modes of operation" on page 791 "Access control unit configuration" on page 799 "Wiring diagrams" on page 800
781
Network configuration
Network configuration
HID VertX (V1000, V2000), and Edge devices are IP devices that can acquire their network address automatically when your network has a DHCP server (the default). They can also be configured with static addresses (recommended).
Refer to HIDs documentation for initial hardware setup

HID device documentation can be found in the Documentation\Controllers folder of your Security Center installation package:
HID VertX
HID VertX OEM Quick Installation Guide V100, V200, V300, V1000, and V2000 for configuration information.
HID VertX Install Wiring Diagram Example for wiring examples. HID Edge device

HID EdgeReader Wiring Instructions for wiring examples.
HID documentation can also be downloaded from www.HIDglobal.com. The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the following table to control it.
Access Manager
UDP/TCP 4070 TCP 20
UDP/TCP 4070 TCP 21, 23 TCP 4050
HID VertX controllers HID VertX controllers HID VertX controllers
The initial discovery can be performed with either the Security Centers Unit Discovery Tool (see "Unit discovery tool" on page 653), or with the HID Discovery GUI.
NOTE The Security Centers Unit Discovery Tool does not let you assign or modify the IP configuration of an HID unit. If you do not have a DHCP server on your network, or if you want to modify the initial IP configuration of the HID unit, this should be done with the HID Discovery GUI. It can be downloaded from http://www.hidglobal.com/downloads/ DiscoveryClient.zip.
782
Using the HID Discovery GUI utility
Using the HID Discovery GUI utility

The HID Discovery GUI utility is a Windows application designed to scan a local network and report what HID devices are found. Typically, is used to perform the initial discovery and apply IP configurations to your HID hardware before enrolling them into your Security Center system. To use the HID Discovery GUI: 1 Launch the utility. The HID Discovery GUI can be found in your Windows Start menu > All Programs > VertX Toolbox > Discovery GUI. 2 When the application launches, it immediately scans the local network.
The following columns are displayed:
Type. HID device model. MAC Address. MAC address of the devices network interface (also used as serial number). Host Name. Name assigned to the device (by default, same as Type).
3 To cause the units LED to blink so it can be identified, click the Blink ON button. 4 To go to the units configuration Web page, click the Configure Unit hyperlink. 5 To re-scan the network to find HID devices, click the Refresh button.
783
HID initial configurations
HID initial configurations

If no DHCP server is present, you need to assign a static IP configuration to the unit. As long as an HID unit has a valid IP configuration, it can be seen by the Security Centers Access Manager, and you know the username and password to connect to the unit, everything else can be done once it has been enrolled into Security Center. To prepare your unit for enrollment into Security Center: 1 Launch the HID Discovery GUI and scan for devices on your network. 2 If you do not find the desired results, disconnect your workstations network cable from the wall (or switch) and plug it directly into the HID unit.
The address 169.254.242.121 is the factory-assigned default address for every HID device. Even if the unit has been configured with an IP configuration, it still listens on this address for (possible) troubleshooting needs. 3 If a change in IP configuration is required, this is performed from the devices configuration Web page. You can open the devices Web page one of the following ways:
In the HID Discovery GUI, click the Configure Unit hyperlink. Type http://169.254.242.121 in your Web browser. User Name: root Password: pass
4 Authentication is required to connect to an HID units web page. By default:

5 The first page displayed from the HID unit will be its Basic Setup page. It is on this page that you can assign the devices IP configuration.
CAUTION If no DNS server is present on your network, you must use the units own IP address for the Primary DNS Server value. Furthermore, the Basic Central Stations IP address should be set to the IP address of your Security Center server running the Access Manager role.
6 Scroll down, and click the link to Change Login Password. (NB: This refers to the user admin not the user root) 7 Scroll to the bottom of the page, and click Submit. The unit applies the new IP configuration, and reboot. The unit is now ready to be enrolled in Security Center.
Special considerations when configuring HID units

Some special considerations should be taken into account when working with HID inputs and outputs. This section includes the following topics:
"For HID V1000 units" on page 785 "Other HID hardware" on page 785 "HID factory default input settings" on page 785 "Modify input configurations" on page 786
For HID V1000 units

It is not recommended to use an HID VertX V1000 inputs and outputs for special purpose requirements such as:
A door: REX, door sensor, door lock Interlock override or lockdown Elevator control floor tracking Door buzzer IO linking (Hardware zone)
Instead, you should use the inputs and outputs from the V1000s sub-panels (V200s, V300s) for these purposes.
Other HID hardware

Any unused inputs (including AC Fail, Battery Fail and REX) can be used for other purposes except the Tamper and Door Monitor inputs. These two types of inputs can only be used for their specified purpose.
HID factory default input settings

HID units have the following configurations applied to the inputs:
The door monitor input is configured by default as normally closed (NC), and not
supervised (no EOL resistors). This means that if nothing is connected to the door monitor input, the unit will emit beeps to signal that the door is open. To correct this, connect the door monitor input to an actual door monitor, or reconfigure the input to normally open (NO). See illustration below. All other inputs are configured as normally open (NO), not supervised (no EOL resistors).
785
Modify input configurations

1 Select the unit from the Config Tools Roles view task, and click the Properties tab. 2 In the Additional settings section, modify the Contact type / Supervision mode of the inputs and outputs attached to the unit.
786
Interpreting the Power and Comm LEDs on an HID unit
Interpreting the Power and Comm LEDs on an HID unit

HID units are equipped with 2 status LEDS; One is labelled Power, and the other is labelled Comm. You can find these LEDs on top of the face plate for V1000s and V2000s. For Edge and Edge Plus devices, the LEDs are found on the bottom of the unit. Table 22-2: V1000, V2000 and Edge Reader power & Comm LEDs
LED indicator State Description
Off Power Solid red Blinking (Red/Off) Solid green Solid red Comm Blinking (Red/Green) Blinking (Amber/Green)
Check input voltage to the unit No network activity Network activity All interfaces found (eg. V100, V200, V300) No interfaces found Some interfaces were found (the duty cycle changes according to the number of interfaces found). The unit is in Locate me mode (somebody clicked the Identify button).
For VertX V1000 units: If the Comm LED indicator is off, update the firmware for the interface (V100) part of the unit. Table 22-3: VertX interface boards (sub-panels) V100, V200, V300
LED indicator State Description
Solid red Power Anything other than solid red Blinking (Red/Green) Comm Amber
OK Check input voltage RS-485 bus activity Firmware download in progress
If the Comm LED indicator for an interface board is off, verify the wiring for the RS-485 bus. Then try updating the firmware.
787
Supported features and models

Please refer to the tables below to confirm which Security Center features are supported by which models of HID access control units.
Supported access control software and hardware

This section describes the supported HID access control features in Security Center.
Supported HID keypad reader options

Card and PIN operation depends on the type of unit and the keypad reader installed. For both HID iCLASS and Prox readers, the Keypad configuration setting option is selected at the time of purchase. Supported options include the following:
Option 00: Keypad configuration setting option of 00 = Buffer one key, no parity, 4-bit
message. Option 14: Keypad configuration setting option of 14 = Buffer one to five keys (Standard 26-bit output). This reader option is also known as Galaxy Mode.
HID keypad reader option Online mode Mixed mode Offline mode Observation
Unit type
HID: V1000 with V100 V2000 EdgePlus E400
Keypad configuration setting option of 14 Keypad configuration setting option of 00
Not applicable.
Card or PIN.
Card or PIN.
The keypad readers can be used to enroll PINs. An unknown PIN will not generate the Access denied: Unknown credential event in Security Center. The reader cannot be used to enroll PINs for credential creation.
Not applicable.
Card or PIN. Card and PIN on schedule. When offschedule, operation reverts to card only.
HID: EdgeReaderER40 EdgeReader ERP40 EdgeReader ERW400
These units cannot be ordered with a keypad.
Not applicable.
Card only.
Card only.
For HID SmartID keypad readers (SK10), the following option is required to support card and PIN functionality:
Option 02PIN-0000: Pincode Wiegand 4 bit per key no parity.

PIN length
Currently, PINs cannot have more than fivedigits.
Supported HID hardware

For firmware version requirements, see the Security Center release notes.
iCLASS EdgeReader (POE) ER40, ERP40, ERW400 integrated reader and controller EdgePlus (POE) E400 controller VertX V2000 reader interface/network gateway VertX V1000 network gateway
VertX V100 reader interface VertX V200 input interface VertX V300 output interface
Card readers:
HID units support most industry standard card readers that output card data using the HID SmartID readers (MIFARE and DESFire) are also supported.
Supported RF Ideas USB enrollment readers
The RFIdeas readers only support card data formats up to 64 bits. The following USB enrollment readers are supported: Wiegand protocol (up to 128-bit card formats). For card and keypad readers, see "Access control unit configuration" on page 799.
pcProx HID USB reader for enrolling proximity cards AIR ID Enroll iCLASS ID# USB reader for enrolling HID iCLASS cards AIR ID Enroll 14443/15693 CSN USB reader for enrolling a MIFARE card using the CSN
(card serial number)
Support for Power over Ethernet (PoE)

The following units support PoE (15.4W):
Unit type Support
HID V1000, V100, V200, V300 HID V2000 HID EdgeReader / EdgePlus
Not supported Not supported Supported
789
Unit cardholder and reader capacity

The number of cardholders (or credentials) that a unit can support offline is as follows:
Unit type Supported number of cardholders
HID V1000 / V100 HID V2000 HID EdgeReader / EdgePlus
22,000, up to 125,000 cardholders with full memory upgrade. 22,000, up to 125,000 cardholders with full memory upgrade. 22,000 cardholders (maximum). No memory upgrades are possible.
The number of readers that a unit can support is as follows:

Unit type Supported number of readers
HID V1000 / V100
64 readers with 32 V100 reader interface modules 32 doors configured as card in/card out 64 doors configured as card in/REX out 2 readers 1 door configured as card in/card out 2 doors configured as card in/REX out 1 reader 1 door configured as card in/REX out
HID V2000
HID EdgeReader / EdgePlus
790
Access control unit modes of operation

This section describes the supported HID access control unit modes of operation in Security Center. This section includes the following topics:
"About offline, mixed, and online modes of operation" on page 791 "Supported modes of operation per unit type" on page 791
About offline, mixed, and online modes of operation

When the Security Centers Access Manager role and an HID unit can communicate over an IP network, the HID unit will be, by definition, in Mixed mode. If the network connection is disrupted, the unit will fall into offline mode. Online mode is not supported for HID units.
Unit operating mode Description
Mixed mode
The unit makes access control decisions locally based on information downloaded from Security Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-time. Communication with Security Center/Synergis has been lost. The unit makes access control decisions locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis when the network connection is re-established. The unit is under the direct real-time control of Security Center/Synergis. Security Center/Synergis makes all access control decisions. This mode is not available with HID VertX and Edge units.
Offline
Online
Supported modes of operation per unit type

The following table summarizes which modes of operation are supported by unit type:
Unit Online Mode Mixed Mode Offline Mode
HID V1000/V100 HID V2000 HID EdgeReader/ EdgePlus
Not supported Not supported Not supported
Supported Supported Supported
Supported Supported Supported
791
The features available for the HID mixed and HID offline modes of operation are as follows:
Action: Silence buzzer or Sound buzzer (event-to-action) Antipassback Card and PIN Elevator control Elevator floor tracking Event-to-action with Trigger output action Extended grant time Hard antipassback (passback violation event generated and access is denied) Interlock IO Linking Lockdown Override People Counting Readerless Door (use an IO module for a REX, door state, and door lock only) Soft Antipassback (passback violation event generated and access is granted) Strict Antipassback Timed antipassback
Action: Silence buzzer or Sound buzzer (event-to-action)

Operating mode Feature availability
HID mixed mode HID offline mode
Supported Supported
For operation, the mixed and offline modes require the following:
All inputs and outputs must belong to the same HID controller (one VertX V1000, one
V2000, or one Edge).
NOTE The Action feature is not available with a readerless door.
Antipassback
Depends on the antipassback settings enabled with the Config Tool. Depends on the antipassback settings enabled with the Config Tool.
All units used for this feature must be assigned to the same Access Manager. The interlock feature must be disabled. Interlock (including the lockdown and override
functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time.
HID VertX antipassback

The antipassback feature works best once the access control system has been configured and the system is operational and relatively static. It is recommended to enable antipassback once the following entities have been properly configured in Security Center and are not expected to change on a daily basis:
Unit time zones Doors and associated readers Areas (groups of doors) Elevators and associated floors (including unlocking schedules) Cardholder groups Schedules (including card and PIN schedules) Access rules
The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):
You must use either the V1000 or V2000 for antipassback.
V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.
V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit readers. Limitation in the number of doors is based on the number of V100 modules installed. Antipassback is not recommended with the Edge product line for the following reasons:

Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both entry and exit readers. Peer-to-peer communication between Edge devices is not supported by Security Center.
An area with antipassback must be configured for readers wired to, and doors managed by,
the same unit (V1000 or V2000) because
Antipassback functions are handled by the unit (V1000 or V2000).
The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices. Antipassback can be reset using the following methods:

A unit synchronization operation
An action (manually or with an event-to-action) The following system behavior will reset a units antipassback state:
793
Initial unit synchronization when the Security Center services are started or restarted. Unit synchronization following the loss and recovery of a connection with the unit (V1000 or V2000).
Unit synchronization following certain configuration changes (see below for more details). Manual synchronization of the unit through the Config Tool page.
Card and PIN

HID mixed mode
Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details. Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.
HID offline mode
All reader interfaces/inputs/outputs for a door should belong to the same HID controller
(HID Edge, VertX V2000, or Vertx V100 interface module).
Elevator control
Supported Supported
All interface modules used for elevator control (HID VertX V100, V200, and V300) must be The reader interface, inputs, and outputs must be connected to the same HID controller
assigned to the same VertX V1000. Reader, inputs and outputs must be assigned to the same V2000 (max. of 4 floors) or Edge (max. of 2 floors). All units used for this feature must be assigned to the same Access Manager. (VertX V1000, V2000, or Edge). A maximum of 1 elevator cab reader can be assigned per HID controller (VertX V1000, V2000, or Edge).
HID VertX elevator control

The use of HID VertX controllers (V1000 and V2000) for elevator control is subject to the following:
A VertX controller should be dedicated to the control of a single elevator cab.

Once a VertX controller has been assigned to perform elevator control, it should only be
used for that purpose. Door and zone control should not be mixed with elevator control, even when the unit has unused readers, inputs and outputs. When elevator floors are operating under controlled access mode, schedules from different access rules applied to different floors are merged when the rules are granted to a same cardholder.
EXAMPLE Suppose that the configuration set in Config Tool is such that Bob should be granted
access to floor1 from 9 a.m. to 10 a.m. through access rule 1, and to floor2 from 10 a.m. to 11 a.m. through access rule2. When Bob presents his card in the elevator, the VertX controller will actually grant access to Robert from 9 a.m. to 11 a.m. on both floors.
Elevator floor tracking

Supported Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
For operation, the mixed mode requires the following:
All units used for this feature must be assigned to the same Access Manager.
Event-to-action with Trigger output action
Supported Partially Supported
Extended grant time
Supported Supported
795
Hard antipassback (passback violation event generated and access is denied)

Supported Supported
NOTE Antipassback using the HID units is available with the VertX V2000 (area with a single
door) and the VertX V1000 (multiple areas and multiple doors per area). Antipassback with the HID Edge products is not supported.
Interlock
Supported Supported
The antipassback feature must be disabled. Interlock (including the lockdown and override All perimeter doors of an interlocked area must be assigned to the same HID controller
(one VertX V1000 or one V2000).
NOTE If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, an Access Granted event for the second door might be generated, even through the second door does not unlock.
functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time. The inputs of an HID VertX V1000 must be not used for this feature.
IO Linking
Supported Supported
The inputs of an HID VertX V1000 must be not used for this feature. All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
796
Lockdown
Supported Supported
NOTE The Lockdown feature is only supported for areas where the Interlock feature is enabled.
Override
Supported Supported
NOTE The Override feature is only supported for areas where the Interlock feature is enabled.
People Counting
Supported Not Supported. If a unit assigned to one of the perimeter doors of an area is in this mode of operation, the feature is disabled for the entire area.
For operation, the mixed mode requires the following:
Readerless Door (use an IO module for a REX, door state, and door lock only)
Supported Supported NOTE There are no door activity reports during the time period when the unit is in this mode of operation.
The inputs of an HID VertX V1000 must be not used for this feature. All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
797
NOTE A readerless door does not generate a Door forced open event. A readerless door also does not support the buzzer feature.
Soft Antipassback (passback violation event generated and access is granted)

Supported Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
Strict Antipassback
With HID units, Hard and Strict antipassback are one in the same, as there is no distinction between the two. See "Hard antipassback (passback violation event generated and access is denied)" on page 796.
Timed antipassback
Not Supported. All perimeter doors of an area must be in online mode. Not Supported. All perimeter doors of an area must be in online mode.
798
Access control unit configuration
Access control unit configuration

This section describes the supported HID access control unit configurations in Security Center.
General versus dedicated inputs

When a unit is used to control a door, some inputs must be used only for their intended purpose (dedicated inputs). For example, if a door has a REX sensor or a door sensor, the units inputs intended for these sensors must be used. If the door does not have a REX sensor or a door sensor, sometimes the unit input channels intended for these inputs can be used as general-purpose inputs. This is shown in the table below.
Unit Input When used as Required configuration
HID units (V100, V2000, and Edge devices)
REX
A REX input signal
When any unit REX input is used for a REX, you must also set: Automatically grant request to exit in the door Properties tab, which generates Request to exit events when the input is triggered. Events are logged, and can be used for event-to-actions. The input configuration in the Door, Unit tab to program the unit to react to a REX input by releasing the lock. Deselect Automatically grant request to exit in the Door, Properties tab. Configure the input for a zone, interlock, etc. Set this in the input configuration in the Door, Unit tab. NOTE This input cannot be used as a
Another purpose (a general purpose input) HID units (V100, V2000, and Edge devices) Door Monitor A door position sensor input (door open or door closed).
general purpose input.
Configuring a door with reader

A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for example door contact, REX) and outputs (for example door lock) associated to that same device. Inputs and outputs must not be distributed across several devices.
Configuring a door with two door sensors

It is not recommended to configure a door with two door sensors (or door contacts) without physically wiring the sensors in series. In the Security Center, only a single door sensor should be configured per door.
799
Wiring diagrams
Wiring diagrams
The following wiring diagrams can also be found at http://www.hidglobal.com/.
HID Edge reader & Edge Plus
800
Wiring diagrams
HID VertX V1000
801
Wiring diagrams
HID VertX V2000
802
D
Bosch reference
This section describes additional information concerning the setup and configuration of Bosch GV2, GV3, and GV4 series intrusion panels. This section includes the following topics:
"How Bosch intrusion panel integration works" on page 804
803
How Bosch intrusion panel integration works
How Bosch intrusion panel integration works

Bosch intrusion panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the intrusion panel over an IP network or serial connection, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the intrusion panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-toactions (for example, an Intrusion area master armed event in Security Center can trigger an output on the intrusion panel). For more information about setting up your Bosch intrusion panel in Security Center, see the Bosch Intrusion Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.
804
E
Honeywell reference
This section describes additional information concerning the setup and configuration of Honeywell Galaxy Dimension series control panels. This section includes the following topics:
"How Galaxy Dimension control panel integration works" on page 806
805
How Galaxy Dimension control panel integration works
How Galaxy Dimension control panel integration works

Honeywell Galaxy Dimension series control panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the control panel over an IP network, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the control panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-to-actions (for example, an Intrusion detection area master armed event in Security Center can trigger an output on the panel). For more information about setting up your Galaxy Dimension control panel in Security Center, see the Honeywell Galaxy Control Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.
806
Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Security Center is the unified platform for all Genetecs IP security solutions, which include AutoVu, Omnicast, and Synergis modules. The definitions in this glossary pertain to all three modules.
A
accepted user A user who has read access over all entities contained in a partition. This allows the user to view them in all entity browsers. Additional access rights may be granted through user privileges. Type of maintenance task that reports on access control unit malfunction events. See also Health history. access control unit Type of entity that represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. See also Access Manager, interface module and Synergis Master Controller. Access control unit events Type of maintenance task that reports on events pertaining to selected access control units. Access Manager access point Type of role that manages and monitors access control units on the system. Any monitored point that can be used to enter or exit a secured area, usually a door side or an elevator floor. Note that an elevator floor can only be used as an entry point. Type of entity that defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule. Type of maintenance task that reports on entities and access points affected by a given access rule.
Access control health history
access rule Access rule configuration
807
Glossary
Tool that helps you detect and diagnose access configuration problems. It allows you to find out about the following: Who are allowed to use an access point at a given time Which access points a cardholder is allowed to use at a given time Why a given cardholder can or cannot use an access point at a given time. access right. (1) Type of rights a user has over entities in the system (view, add, modify, delete), which are defined by a combination of partitions and user privileges. (2) The right a cardholder has to pass through an access point at a given date and time.
access right
action
User-programmable function that can be triggered as an automatic response to an event (door held open for too long, object left unattended) or executed according to a specific time table. See also event and event-to-action.
active alarm
An alarm that has not yet been acknowledged. See also alarm.
Active Directory
Active Directory (AD). (1) A directory service created by Microsoft. (2) Type of role that imports users and cardholders from an Active Directory and keeps them synchronized.
Activity trails
Type of maintenance task that reports on the user activity related to video and LPR functionality. This task can provide information such as who played back which video recordings, who used the Hotlist and permit editor, who enabled hotlist filtering, and much more.
Advanced Systems Format Advanced Systems Format or ASF (formerly Advanced Streaming Format) is a Microsoft streaming format associated with Windows Media Player. agent Subprocess created by a Security Center role to run simultaneously on multiple servers for the purpose of sharing its load. See also redirector agent. alarm Type of entity that describes a particular trouble situation that requires immediate attention and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on.
808
Glossary
alarm acknowledgement
User response to an alarm. There are two variants of alarm acknowledgement in Security Center: Default acknowledgement Alternate acknowledgement Each variant is associated to a different event so that specific actions can be programmed based on the alarm response selected by the user. See also action and event.
Alarm monitoring
Type of operation task that allows you to monitor and respond to alarms (acknowledge, forward, snooze, among other things) in real time, as well as review past alarms. See also monitor group.
alarm panel
Another name for intrusion panel. See also intrusion panel.
Alarm report analog monitor
Type of investigation task that allows you to search and view current and past alarms. Type of entity that represents a monitor that displays video from an analog source, such as a video decoder or an analog camera. This term is used in Security Center to refer to monitors not controlled by a computer. See also monitor group and video decoder.
antipassback Archive storage details
Access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice-versa. Type of maintenance task that reports on the video files (file name, start and end time, file size, protection status, and so on) used to store video archive, and which allows you to change the protection status of those files, among other things. Type of role that is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive, and performs motion detection when it is not done on the unit itself. See also Auxiliary Archiver and video unit.
Archiver
Archiver events Archives
Type of maintenance task that reports on events pertaining to selected Archiver roles. Type of investigation task that allows you to find and view available video archives by camera and time range.
809
Glossary
area
Type of entity that represents a concept or a physical location (room, floor, building, and so on) used for the logical grouping of entities in the system. See also Logical view. When Synergis is enabled, the area entity can also be used to configure a secured area with access rules and access control behavior. See also antipassback and interlock.
Area activities
Type of investigation task that reports on area related activities (access granted, access denied, first person in, last person out, antipassback violation, and so on). Type of investigation task that provides a snapshot of all cardholders and visitors currently present in a selected area. See Advanced Systems Format. Type of entity that represents any valuable object with an RFID tag attached, allowing it to be tracked by an asset management software. See also RFID tag.
Area presence ASF asset
asynchronous video audio decoder audio encoder Audit trails automatic discovery
Simultaneous playback video from more than one camera that are not synchronized in time. Device or software that decodes compressed audio streams for playback. Synonym of "speaker". Device or software that encodes audio streams using a compression algorithm. Synonym of "microphone". Type of maintenance task that reports on the configuration changes who made them, on selected entities in the system. The process by which IP units on a network are automatically discovered by Security Center. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a packet that contains connection information about itself. Security Center uses the information to automatically configure the connection to the unit, thus enabling communication. Not all units support this feature. See also unit.
810
Glossary
AutoVu
AutoVu is the IP license plate recognition (LPR) system of Security Center that automates the reading and verification of vehicle license plates. AutoVu Sharp cameras capture license plate images, and send the data to Patroller or Security Center to verify against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). You can install AutoVu in a fixed configuration (e.g. on a pole in a parking lot), or in a mobile configuration (e.g. on a police car). You can use AutoVu for scofflaw and wanted vehicle identification, city-wide surveillance, parking enforcement, parking permit control, vehicle inventory, security, and access control. Processing component of the SharpX system. The LPR Processing Unit is available with two or four camera ports, with one dedicated processor per camera (if using SharpX) or per two cameras (if using SharpX VGA). This ensures maximum, per-camera, processing performance. The LPR Processing Unit is sometimes referred to as the "trunk unit" because it is typically installed in a vehicle's trunk. See also LPR camera and SharpX.
AutoVu LPR Processing Unit
Auxiliary Archiver
Type of role that supplements the video archive produced by the Archiver. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it can archive any camera in the system, including the federated ones (Security Center 5.x systems only). The Auxiliary Archiver depends on the Archiver to communicate with the video units. It cannot operate on its own. See also Archiver and discovery port.
B
Badge designer Badge printer badge template bit rate block face (2sides) Tool that allows you to design and modify badge templates. Tool that allows you to print badges in bulk, based on a badge template and a list of cardholders or credentials. Entity type used to configure a printing template for badges. Data transfer rate expressed in kilobits per second (Kbps). Type of parking regulation characterizing an overtime rule. A block face is the length of a street between two intersections. A vehicle is in violation if it is seen parked within the same block over a specified period of time. Moving the vehicle from one side of the street to the other does not make a difference. Short text used to mark a specific position in a recorded video sequence that can be used to search for that video sequence at a later stage.
bookmark
811
Glossary
Bookmarks Breakout box
Type of investigation task that searches for bookmarks related to selected cameras within a specified time range. Genetec's proprietary connector box for AutoVu mobile solutions that use Sharp version 2.0 cameras. The breakout box provides power and network connectivity to the Sharp units and the in-vehicle computer. Currently, the AutoVu SharpX system is the preferred solution for a mobile AutoVu installation. Communication between a single sender and all receivers on a network
broadcast
C
camera Type of entity that represents a single video source on the system. The video source can be an IP camera or an analog camera connected to the video encoder of a video unit. Multiple video streams can be generated from the same video source. See also video encoder. camera blocking Omnicast feature that lets you restrict the viewing of video (live or playback) from certain cameras to users with a minimum user level. See also user level. Camera events camera sequence canvas Type of investigation task that reports on events pertaining to selected cameras within a specified time range. Type of entity that defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. One of the panes found in the Security Desk's task workspace. The canvas is used to display multimedia information, such as videos, maps, and pictures. It is further divided into three panels: the tiles, the dashboard, and the properties. See also tile. card and pin cardholder An access point mode that requires a cardholder to present their card and then enter a personal identification number (PIN). Type of entity that represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked. Type of maintenance task that reports on which cardholders and cardholder groups are granted or denied access to selected areas, doors, and elevators. Type of investigation task that reports on cardholder activities (access denied, first person in, last person out, antipassback violation, and so on).
812
Cardholder access rights Cardholder activities
Glossary
Cardholder configuration Type of maintenance task that reports on cardholder properties (first name, last name, picture, status, custom properties, and so on). cardholder group Cardholder management Type of entity that configures the common access rights of a group of cardholders. Type of operation task that allows you to create, modify, and delete cardholders, as well as manage their credentials, including temporary replacement cards. Type of entity that represents a single cash register (or terminal) in a point of sale system. See also point of sale system. certificate Additional license information that is required to run plugins or SDK-based applications.
cash register
City Parking Enforcement Patroller software installation that is configured for city parking enforcement: the enforcement of parking permit and/or overtime restrictions. See also overtime rule and permit. City Parking Enforcement A "City Parking Enforcement" installation of a Patroller application that also with Wheel Imaging includes wheel imaging. The use of maps and of the Navigator is mandatory. See also City Parking Enforcement. compatibility pack Config Tool See Omnicast compatibility pack. Security Center administrative application used to manage all Security Center users, and configure all Security Center entities such as areas, cameras, doors, schedules, cardholders, Patroller/LPR units, and hardware devices.
Conflict resolution utility Tool that helps you resolve conflicts caused by importing users and cardholders from an Active Directory. context camera A camera connected to an LPR unit that produces a wider angle color image of the vehicle whose license plate was read by the LPR camera. See also LPR camera and LPR unit. controlled exit controller module Credentials are necessary to leave a secured area. Processing component of Synergis Master Controller with IP capability, preloaded with the controller firmware and the web-based administration tool, Controller Portal. See also Controller Portal, four-port RS-485 module, and Synergis Master Controller.
Glossary
Controller Portal
Web-based administration tool hosted on every Synergis Master Controller unit, used to configure, administer, and upgrade the controller firmware. See also controller module and Synergis Master Controller.
Copy configuration tool covert hit
Tool that copies the configuration of one entity to many other entities. Read (captured license plate) that is matched to a covert hotlist. Covert hits are not displayed on the Patroller screen, but can be displayed in the Security Desk by a user with proper privileges. Hotlist hidden from the AutoVu Patroller users. Reads matching a covert hotlist generate covert hits. Type of entity that represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Type of investigation task that reports on credential related activities (access denied due to expired, inactive, lost, or stolen credential, and so on). A textual representation of the credential showing the credential data (typically the Facility code and the Card number). For credentials using custom card formats, the user can choose what to include in the credential code. Type of maintenance task that reports on credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on). Type of operation task that allows you to create, modify, and delete credentials, and print badges. It also allows you to enroll large numbers of card credentials into the system, either by scanning them at a designated card reader, or by entering a range of values. An event added after the initial system installation. Events defined at system installation are called system events. Custom events can be user-defined or automatically added through plugin installations. Unlike system events, custom events may be renamed and deleted. User defined property associated to an entity type to store additional information that is useful to your particular organization.
covert hotlist credential
Credential activities credential code
Credential configuration
Credential management
custom event
custom field
D
Daily usage per patroller Type of investigation task that reports on the daily usage statistics of a selected Patroller (operating time, longest stop, total number of stops, longest shutdown, and so on) for a given date range.
814
Glossary
dashboard
One of the three panels that belong to the canvas in Security Desk. It contains the graphical commands (or widgets) pertaining to the entity displayed in the current tile. See also widget.
database database server
Collection of data that is organized so that its contents can easily be accessed, managed, and updated. An application that manages databases and handles data requests made by client applications. Security Center uses Microsoft SQL Server as its database server. The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds). Transformation used to straighten a digital image taken with a fish-eye lens. A DHCP (Dynamic Host Configuration Protocol) server provides configuration parameters necessary for a unit to automatically connect to an IP network. DHCP automatically supplies the unit with an IP address, the network mask, a gateway IP address, and a DNS server IP address. The main role that identifies your system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server. All other servers in Security Center must connect to the main server and are called expansion servers. See also expansion server, main server, and server.
debounce
dewarping DHCP server
Directory
Directory Manager
The role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. See also Directory server and high availability.
Directory server
Any one of the multiple servers simultaneously running the Directory role in a high availability configuration. See also Directory, high availability, and server.
815
Glossary
discovery port
Port used by certain Security Center roles (Access Manager, Archiver, LPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system. See also automatic discovery.
district
Type of parking regulation characterizing an overtime rule. A district is a geographical area within a city. A vehicle is in violation if it is seen within the boundaries of the district over a specified period of time. Type of entity that represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default A and B. Each side is an access point (entrance or exit) to a secured area. Type of investigation task that reports on door related activities (access denied, door forced open, door open too long, hardware tamper, and so on). A door contact monitors the state of a door, whether it is open or closed. It can also be used to detect improper state (door open too long). See access control unit. Every door has two sides, named by default "A" and "B". Each side is an access point to an area. For example, passing through side A leads into an area, and passing through side B leads out of that area. For the purposes of access management, the credentials necessary to pass through a door in one direction are not necessarily the same to pass through in the opposite direction. Type of maintenance task that lists all the cardholders who have access to a particular door side or elevator floor at a specific date and time. Driver Development Kit (DDK). An SDK for creating device drivers. A special code used to disarm an alarm system that quietly alerts the monitoring station that the alarm system was disarmed under threat.
door
Door activities door contact door controller door side
Door troubleshooter Driver Development kit duress
E
edge recording Video is recorded on the unit itself, eliminating the need to constantly stream video to a centralized server. See also Archiver. electric door strike elevator An electric device that releases the door latch when current is applied. Type of entity that provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.
816
Glossary
Elevator activities enforce
Type of investigation task that reports on elevator related activities (access denied, floor accessed, unit is offline, hardware tamper, and so on). To take action following a confirmed hit. For example, a parking officer can enforce a scofflaw (unpaid parking tickets) violation by placing a wheel boot on the vehicle. Entities are the basic building blocks of Security Center. Everything that requires configuration is represented by an entity. An entity may represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module. The graphical representation of Security Center entities in a tree structure illustrating the hierarchical nature of their relationships. See also Logical view.
entity
entity tree
event
Indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center, and can be programmed to trigger actions, conferring intelligent behavior to the system. Every event mainly focuses on one entity, called the event source. See also event-to-action.
event-to-action expansion server
The coupling of an action to an event to confer automatic and intelligent behavior to the system. Any server machine in a Security Center system that does not host the Directory role. The purpose of the expansion server is to add to the processing power of the system. See also main server and server.
F
failover A backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby when the primary server becomes unavailable, either through failure or through scheduled downtime. See also high availability and load balancing. federated entity Any entity that is imported from an independent system via a federation role.
817
Glossary
federated system
A independent system (Omnicast or Security Center) that is unified under your local Security Center via a federation role, so that the local users can view and manipulate its entities as if they belong to the local system. See also Omnicast Federation and Security Center Federation.
Federation
The Federation is a virtual system formed by joining multiple remote independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system (the Federation host) to access the entities belonging to independent systems as if they were on your local system. RS-485 communication component of Synergis Master Controller with four ports (or channels) named A, B, C, and D. The number of interface modules you can connect to each channel depends on the type of hardware you have. See also controller module, interface module, and Synergis Master Controller.
four-port RS-485 module
frame free access
A single video image. Access point state where no credentials are necessary to enter a secured area. The door is unlocked. This is typically used during normal business hours, as a temporary measure during maintenance, or when the access control system is first powered up and is yet to be configured. Access point state where no credentials are necessary to leave a secured area. The person releases the door by turning the doorknob, or by pressing the REX button, and walks out. An automatic door closer shuts the door so it can be locked after being opened.
free exit
G
G64 G64 is the native data format used by all archiving roles (Archiver and Auxiliary Archiver) to store video files. This data format incorporates all information related to the video data, including audio, bookmarks, timestamps, motion and event markers, and supports watermarking. See also ASF, video file, and video watermarking. Genetec Plan Manager Server Genetec Server Windows service that runs Plan Manager Server modules. See also Plan Manager Server. Windows service at the core of Security Center architecture that must be installed on every computer that is part of the Security Center's pool of servers. Every such server is a generic computing resource capable of taking on any role (set of functions) you assign to it. See also server.
Glossary
geocoding
The process of finding associated geographic coordinates (latitude and longitude) from a street address. See also reverse geocoding.
ghost camera
Entity used as a stand in camera that is automatically created by the Archiver when video archives are detected for a camera whose definition has been deleted from the Directory, either accidentally or because the physical device no longer exists. Ghost cameras cannot be configured. They only exist so users can reference the video archive that would otherwise not be associated to any camera. See also camera.
ghost Patroller
Entity automatically created by the LPR Manager when the AutoVu license includes the XML Import module. In Security Center, all LPR data must be associated to a Patroller entity or an LPR unit corresponding to a fixed Sharp camera. When you import LPR data from an external source via a specific LPR Manager using the XML Import module, the system uses the ghost entity to represent the LPR data source. You can formulate queries using the ghost entity as you would with a normal entity. See also Patroller.
GIS
Geographic information system (GIS) is a third party map provider that Plan Manager can connect to, to bring maps and all types of geographically referenced data to Security Center. See also KML, OGC, and WMS.
Type of role that ensures the two-way synchronization of shared cardholders and their related entities between the local system (sharing participant) and the central system (sharing host). See also sharing guest and sharing host.
global entity
Entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. See also global partition.
global partition
Partition that is shared across multiple independent Security Center systems by the partition owner, called the sharing host. See also global entity, partition, and sharing guest.
GUID
A globally unique identifier, or GUID, is a special type of identifier used in software applications to provide a unique reference number.
819
Glossary
H
H.264 Hardware inventory H.264/MPEG-4 AVC (Advanced Video Coding) is a standard for video compression. Type of maintenance task that reports on the characteristics (unit model, firmware version, IP address, time zone, and so on) of access control, video, intrusion detection, and LPR units in your system. A subtype of zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and works only in mixed and offline mode. Hardware zones cannot be armed or disarmed from Security Desk. See also virtual zone and zone. Health history Type of maintenance task that reports on health issues. See also Health statistics and Health Monitor. Health Monitor The central role that monitors system entities such as servers, roles, units, and client applications for health issues. See also Health history and Health statistics. Health statistics Type of maintenance task that gives you an overall picture of the health of your system. See also Health history and Health Monitor. high availability Design approach used to enable a system to perform at a higher than normal operational level. This often involves failover and load balancing. See also failover and load balancing. HIP A hardware integration package, or HIP, is an update that can be applied to Security Center. It enables the management of new functionalities (for example, new video unit types), without requiring an upgrade to the next Security Center release. License plate read that matches a hit rule (hotlist, overtime rule, permit, or permit restriction). A Patroller user can choose to reject or accept a hit. An accepted hit can subsequently be enforced. See also enforce. hit rule Type of LPR rule used to identify vehicles of interest (called "hits") using license plate reads. The hit rules include the following types: hotlist, overtime rule, permit, and permit restriction. hit, hotlist, overtime rile, permit, and permit restriction.
hardware zone
hit
Glossary
Hits
Type of investigation task that reports on hits reported within a selected time range and geographic area. See also hit and hotlist.
hot action hotlist
An action mapped to a PC keyboard function key (Ctrl+F1 through Ctrl+F12) in Security Desk for quick access. Type of entity that defines a list of wanted vehicles, where each vehicle is identified by a license plate number, the issuing state, and the reason why the vehicle is wanted (stolen, wanted felon, Amber alert, VIP, and so on). Optional vehicle information might include the model, the color, and the vehicle identification number (VIN). See also hit rule.
Hotlist and permit editor
Type of operation task used to edit an existing hotlist or permit list. A new list cannot be created with this task, but after an existing list has been added to Security Center, users can edit, add, or delete items from the list, and the original text file is updated with the changes. See also hotlist and permit.
hotspot
Type of map object that represents an area on the map that requires special attention. Clicking on a hotspot displays associated fixed and PTZ cameras. See also map object.
HTTPS
Secure Hypertext Transfer Protocol for the World Wide Web that provides safe data transmission by encrypting and decrypting information sent over the Internet.
I
I-frame Synonym of intra-frame and key frame. See also key frame. illuminator A light in the Sharp unit that illuminates the plate, thereby improving the accuracy of the images produced by the LPR camera. See also LPR camera. Immersive view Import tool Plan Manager feature that lets you 'walk' inside a building or a city in a first person view. Tool that allows you to import cardholders, cardholder groups, and credentials from a CSV (Comma Separated Values) file.
821
Glossary
inactive entity
An entity that is shaded in red in the entity browser. It signals that the real world entity it represents is either not working, offline, or incorrectly configured. See also entity.
incident
Any incident reported by a Security Desk user. Incident reports can use formatted text and include events and entities as support material. See also Incidents.
Incidents interface module
Type of investigation task that allows you to search, review, and modify incident reports. A third-party device that communicates with Synergis Master Controller over IP, USB, or RS-485, and provides input, output, and reader connections to the controller module. See also controller module, four-port RS-485 module, and Synergis Master Controller.
interlock
Access restriction placed on a secured area that permits only one door to be open at any given time. When one perimeter door is open, all other perimeter doors are locked. Synonym of I-frame and key frame. See also key frame.
intra-frame
Type of entity that corresponds to a zone or a partition (group of sensors) on an intrusion panel. See also intrusion detection unit.
Intrusion detection area activities intrusion detection unit
Type of investigation task that reports on activities (master arm, perimeter arm, duress, input trouble, and so on) in selected intrusion detection areas. Type of entity that represents an intrusion panel (or alarm panel) that is monitored and controlled by Security Center. See also Intrusion Manager.
Intrusion detection unit events Intrusion Manager
Type of investigation task that reports on events (AC fail, battery fail, unit lost, input trouble, and so on) pertaining to selected intrusion detection units. Type of role that monitors and controls intrusion panels. It also logs the intrusion events in a database for intrusion activity reports. See also intrusion detection unit.
822
Glossary
intrusion panel
A wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. See also intrusion detection unit.
Inventory management Inventory report
Type of operation task that allows you to add and reconcile license plate reads to a parking facility inventory. Type of investigation task that allows you to view a specific inventory (vehicle location, vehicle length of stay, and so on) or compare two inventories of a selected parking facility (vehicles added, vehicles removed, and so on). Type of maintenance task that reports on the IO configurations (controlled access points, doors, and elevators) of access control units. IO (input/output) linking is controlling an output relay based on the combined state (normal, active, or trouble) of a group of monitored inputs. A standard application would be to sound a buzzer (via an output relay) when any window on the ground floor of a building is shattered (assuming that each window is monitored by a "glass break" sensor connected to an input). See also zone.
IO configuration IO linking
IP IP address
The protocol that routes data packets through a local area network (LAN) and the Internet. An IP Address is a unique numeric address for a specific computer or computing device connected to the Internet, or to a LAN. See also IPv4 and IPv6.
IP camera
A video unit incorporating a camera. See also video unit.
IPv4 IPv6
First generation IP protocol using a 32-bit address space. New generation IP protocol extending the address space from 32 to 128 bits.
J K
key frame A key frame (or I-frame, or intra-frame) is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. It is used as reference in video image compression.
823
Glossary
KML
Keyhole Markup Language (KML) is a file format used to display geographic data in an Earth browser such as Google Earth and Google Maps. See also GIS.
L
Law Enforcement Patroller software installation that is configured for law enforcement: the matching of license plate reads against lists of wanted license plates (hotlists). The use of maps is optional. See also hotlist. license key Software key used to unlock the Security Center software. The license key is specifically generated for each computer where the Directory role is installed. You need the System ID (which identifies your system) and the Validation key (which identifies your computer) in order to obtain your license key. List of license plate numbers of vehicles found in a parking facility within a given time period, showing where each vehicle is parked (sector and row). See also Inventory report. license plate read License plate number captured from a video image using LPR technology. See also hit and License Plate Recognition. License Plate Recognition Image processing technology used to read license plate numbers. License Plate Recognition (LPR) converts license plate numbers cropped from camera images into a database searchable format. See also LPR camera and OCR equivalence. live hit live read load balancing A hit matched by the Patroller and immediately sent to the Security Center over a wireless network. A license plate captured by the Patroller and immediately sent to the Security Center over a wireless network. Distribution of workload across multiple computers. See also failover and high availability. logical ID Unique IDs assigned to each entity in the system for ease of reference. Logical IDs are only unique within a particular entity type.
license plate inventory
824
Glossary
Logical view
Browser view that organizes all viewable entities in Security Desk (such as areas, cameras, doors, elevators, maps, and so on) according to their logical relationships. Areas are used as logical groupings for other entities. Each area may represent a concept or a physical location. See also Security Desk.
Logons per Patroller long term
Type of investigation task that reports on the logon records of a selected Patroller. Type of parking regulation characterizing an overtime rule. The "long term" regulation uses the same principle as the "same position" regulation, but the parking period is over 24 hours. No more than one overtime rule may use the long term regulation in the entire system. See License Plate Recognition. A camera connected to an LPR unit that produces high resolution close-up images of license plates. See also context camera and SharpX.
LPR LPR camera
LPR Manager
Type of role that manages and controls Patrollers and fixed Sharp units. The LPR Manager manages the data (reads and hits) collected by the LPR units it controls and updates the configuration of the mobile units (Patrollers) every time they begin a new shift. Method used by Security Center/AutoVu for processing a license plate read. An LPR rule can be a "hit rule" or a "parking facility". See also hit rule and parking facility.
LPR rule
LPR unit
Type of entity that represents a hardware device dedicated to the capture of license plate numbers. An LPR unit is typically connected to an LPR camera and a context camera. These cameras can be incorporated to the unit or external to the unit. See also AutoVu LPR Processing Unit, License Plate Recognition, LPR Manager, and Sharp unit.
M
macro Type of entity that encapsulates a C# program that adds custom functionalities to Security Center.
825
Glossary
main server
The only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server in order to be part of the same system. In an high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database. See also Directory server, expansion server, and server.
manual capture manufacturer extension Map Data Server
When license plate information is entered into the system by the user, and not by the LPR. Manufacturer specific settings for access control units, video units, and intrusion detection units. Plan Manager server module that manages the Plan Manager database. It must run on the Plan Managers main server. See also Plan Manager Server.
Map Generator
Plan Manager server module that imports raster and vector maps to Plan Manager database. See also Plan Manager configuration.
map link
Type of map object that lets you jump to either another map or another area of the same map. See also map object.
Map mode map object
Security Desk canvas operating mode where the main area of the canvas is used to display a geographical map. A graphical object displayed on a Plan Manager map, such as a camera, a door, or a hyperlink, that allows you to monitor and control your Security Center system, or to navigate through your maps. See also hotspot, map link, and Plan Manager Client.
Map Tile Server
Plan Manager server module that sends map files to Security Desk. See also Plan Manager Client and Plan Manager Server.
master arm
Arming an intrusion detection area in such a way that all sensors attributed to the area would set the alarm off if one of them is triggered. Some manufacturers call this arming mode Away arming.
826
Glossary
Media Router
The central role that handles all stream (audio and video) requests in Security Center. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (client applications). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers). Metadata is data about data. Any data that describes or enriches the raw data. Tool used to migrate Omnicast 4.x systems to Security Center 5. This tool must be executed on every server computer where Omnicast 4.x components are installed. Access control unit operation mode where all access control decisions are made by the unit locally based on information downloaded from the Access Manager during unit synchronization. Access events are reported to the Access Manager in real-time. See also offline mode, online mode.
metadata Migration tool
mixed mode
M-JPEG
Motion JPEG (M-JPEG) is an informal name for a class of video formats where each video frame of a digital video sequence is separately compressed as a JPEG image. See Mobile License Plate Inventory. Web-based administration tool used to configure the Mobile Server. See also Mobile Server.
MLPI Mobile Admin
Mobile app
The client component of Security Center Mobile installed on mobile devices. Mobile app users connect to Mobile Server to receive alarms, view live video streams, view the status of doors, and more, from Security Center. See also mobile device, Mobile Server, and Web Client.
Mobile Data Computer
Mobile Data Computer (MDC). Tablet computer or ruggedized laptop used in patrol vehicles to run the AutoVu Patroller application. The MDC is typically equipped with a touch-screen with a minimum resolution of 800 x 600 pixels and wireless networking capability. Any handheld device that can connect to Wi-Fi or wireless carrier networks, such as a smartphone, tablet, and so on, on which the Mobile app is installed. See also Mobile app.
mobile device
Mobile License Plate Inventory
Patroller software installation that is configured for collecting license plates and other vehicle information for creating and maintaining a license plate inventory for a large parking area or parking garage. See also license plate inventory and parking facility.
827
Glossary
Mobile Server
The server component of Security Center Mobile that connects Mobile apps and Web Clients to Security Center. The Mobile Server connects to Security Center, and synchronizes the data and video between Security Center and supported Mobile client components. See also Mobile Admin, Mobile app, and Web Client.
monitor group
Type of entity used to designate analog monitors for alarm display. Besides the monitor groups, the only other way to display alarms in real time is to use the Alarm monitoring task in Security Desk. See also Alarm monitoring and analog monitor.
monitor ID Monitoring motion detection
ID used to uniquely identify a workstation screen controlled by Security Desk. Type of operation task that allows you to monitor and respond to real time events pertaining to selected entities of interest. The software component that watches for changes in a series of video images. The definition of what constitutes motion in a video can be based on highly sophisticated criteria. Type of investigation task that searches for motion detected in specific areas of a camera's field of view. User defined areas within a video image where motion should be detected. Tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move. A patented collection of methods defining compression of audio and visual (AV) digital data. Communication between a single sender and multiple receivers on a network.
Motion search motion zone Move unit
MPEG-4 multicast
N
NAT Navigator See network address translation. Genetec's proprietary in-vehicle device that provides GPS coordinates and odometer readings to Patroller. The Patroller uses this information to provide precise reverse geocoding to vehicles and reads. See also reverse geocoding. network Entity type used to capture the characteristics of a network for stream routing purposes.
828
Glossary
network address translation Network view new wanted
The process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device, for the purpose of remapping one IP address space into another. Browser view that illustrates your network environment by showing each server under the network they belong to. In Patroller, a manually entered hotlist item. When you are looking for a plate that does not appear in the hotlists loaded in the Patroller, you can enter the plate in order to raise a hit if the plate is captured.
O
OCR equivalence The interpretation of OCR equivalent characters performed during license plate recognition. OCR equivalent characters are visually similar, depending on the plates font. For example, the letter O and the number 0, or the number 5 and the letter S. There are several pre-defined OCR equivalent characters for different languages. See also Optical Character Recognition. offline mode Access control unit operation mode when the communication with the Access Manager has been lost. The unit makes access control decisions locally, based on information downloaded from the Access Manager during unit synchronization. Access events are logged in the unit and are uploaded to the Access Manager when the network connection is re-established. See also mixed mode and online mode. OGC Open Geospacial Consortium (OGC) is a standards organization for geographic information systems. See also GIS and WMS. Omnicast Omnicast is the IP video surveillance system of Security Center that provides seamless management of digital video. Omnicast allows for multiple vendors and CODEC (coder/decoder) to be used within the same installation, providing the maximum flexibility when selecting the appropriate hardware for each application. Software component that you need to install to make Security Center compatible with an Omnicast 4.x system. Type of role that imports entities from an independent Omnicast 4.x system so that its cameras and events can be used by your local Security Center users.
Omnicast compatibility pack Omnicast Federation
829
Glossary
online mode
Access control unit operation mode where the unit is under the direct real-time control of the Access Manager. The Access Manager makes all access control decisions. This mode is not available with HID VertX and Edge units. See also mixed mode and offline mode.
Optical Character Recognition
Optical Character Recognition (OCR) is the technology used to translate the characters found in images into machine editable text. See also OCR equivalence.
output behavior overtime rule
Type of entity that defines a custom output signal format such as a pulse with a delay and duration. Type of entity that defines a parking time limit and the maximum number of violations enforceable within a single day. Overtime rules are used in city and university parking enforcement. For university parking, an overtime rule also defines the parking zone where these restrictions apply. See also hit rule and parking zone.
P
parking facility Type of entity that defines a large parking area as a number of sectors and rows for the purpose of inventory tracking. See also Mobile License Plate Inventory. parking lot A polygon that defines the location and shape of a parking area on a map. By defining the number of parking spaces inside the parking lot, Security Center can calculate its percentage of occupancy during a given time period. See also parking zone. parking zone General concept used to designate the area where a given parking regulation (overtime rule, permit, or permit restriction) is enforced. When used in the context of university parking enforcement, the parking zone must be explicitly defined as a list of parking lots. See also parking lot. partition Type of entity that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. See also accepted user and partition manager. partition manager An accepted user of a partition who has full administrative rights over the partition and its members. A partition manager can add, modify, and delete all entities within the partition, including users and user groups.
830
Glossary
Patroller
Patroller. (1) Type of entity that represents a patrol vehicle equipped with the Patroller software. (2) AutoVu software application installed on an in-vehicle computer. Patroller connects to Security Center and is controlled by the LPR Manager. Patroller verifies license plates read from LPR cameras against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). It also collects data for time-limited parking enforcement. Patroller alerts you of hotlist or permit hits so that you can take immediate action. See also LPR camera and LPR Manager.
Patroller Config Tool
Patroller administrative application used to configure Patroller-specific settings such as: adding Sharp cameras to the in-vehicle LAN; enabling features such as Manual Capture or New Wanted; and specifying that a username and password are needed to log on to Patroller. Type of operation task that keeps count in real time of the number of cardholders in all secured areas of your system. Arming an intrusion detection area in such a way that only sensors attributed to the area perimeter would set the alarm off if triggered. Other sensors such as motion sensors inside the area will be ignored. Type of entity that defines a single parking permit holder list. Each permit holder is characterized by a permit ID, a license plate number, a license issuing state, and optionally, a permit validity range (effective date and expiry date). Permits are used in both city and university parking enforcement. See also City Parking Enforcement and University Parking Enforcement.
People counting perimeter arm
permit
permit hit
A hit that is generated when a read (license plate number) does not match any entry in a permit or when it matches an invalid permit.
831
Glossary
permit restriction
Type of entity that applies time restrictions to a series of parking permits for a given parking zone. Permit restrictions are only used in university parking enforcement. Different time restrictions can be associated to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. A plate read generates a permit hit in the following instances: Does not match any entry in the list Matches one or more permit in the list that are not valid in the parking zone Matches an invalid permit Matches a valid permit, but the permit is not valid at that time Matches a valid permit number, but the permit is temporarily not allowed to park. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. See also parking zone, permit, and permit hit.
Plan Manager
Security Center feature that lets you create and integrate interactive maps into your system, for access control, video streaming and intrusion detection. It uses digital maps to represent the physical locations of monitored inputs such as cameras, doors, areas and zones. See also Plan Manager Client and Plan Manager Server.
Plan Manager Client
Plan Manager client component that runs as a plugin for Security Desk. It enables operators to use maps to monitor and control cameras, doors, and other security devices, and administrators to create map objects. See also map object, Map Tile Server, and tile plugin.
Plan Manager configuration
Administrative task used to set up Plan Manager Server and configure the map hierarchy. See also Plan Manager Server.
Plan Manager Server
Plan Manager server component that includes three modules: Map Data Server, Map Generator, and Map Tile Server. See also Map Data Server, Map Generator, Map Tile Server, and Plan Manager configuration.
832
Glossary
Plate Reader
Software component of the Sharp unit that processes the images captured by the LPR camera to produce license plate reads, and associates each license plate read with a context image captured by the context camera. The Plate Reader also handles the communications with the Patroller and the LPR Manager. If an external wheel imaging camera is connected to the Sharp unit, the Plate Reader also captures wheel images from this camera. See also LPR Manager, Patroller, and Sharp unit.
Plugin
Plugin. There are two definitions: (1) Proper noun Type of role that hosts a specific plugin. (2) Common noun A software module that adds a specific feature or service to a larger system.
Point of Sale
Type of role that imports transaction data from an external point of sale system so that transaction reports can be generated from Security Desk for investigation purposes. See also point of sale system.
point of sale system
Point of sale (POS) typically refers to the hardware and software used for checkouts - the equivalent of an electronic cash register. Point of sale systems are used in supermarkets, restaurants, hotels, stadiums, and casinos, as well as almost any type of retail establishment. Today's POS systems handle a vast array of features, including, but not limited to, detailed transaction capture, payment authorization, inventory tracking, loss prevention, sales audit and employee management.
Portable Archive Player
Self-contained video player that can play exported Security Center video files on computers that do not have Security Center installed. See also video file.
primary server
The default server chosen to perform a specific function (or role) in the system. To increase the system's fault-tolerance, the primary server can be protected by a secondary server on standby. When the primary server becomes unavailable, the secondary server automatically takes over. See also failover.
private IP address
An IP address chosen from a range of addresses that are only valid for use on a LAN. The ranges for a private IP address are: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.16.255.255, and 192.168.0.0 to 192.168.255.255. Routers on the Internet are normally configured to discard any traffic using private IP addresses.
833
Glossary
private task
Entity that represents a saved type of task that is visible only to the user who created it. See also public task and task.
properties panel Public partition
One of the three panels found in the Security Desk canvas. It is used to show the metadata associated to the entity displayed in the current tile. A special partition created at system installation that has the unique characteristic that all its members are visible to all users on the system, regardless whether they are accepted users or not. Entity that represents a saved task that can be shared among multiple Security Center users. See also private task and task.
public task
Q R
read reader Reads Reads/hits per day Reads/hits per zone recording mode See license plate read. A sensor that reads the credential for an access control system. For example, this can be a card reader, or a biometrics scanner. Type of investigation task that reports on license plate reads performed within a selected time range and geographic area. Type of investigation task that reports on license plate reads performed within a selected time range and geographic area. Type of investigation task that reports on the number of reads and hits per day for a selected date range. The criteria by which the Archiver schedules the recording of video streams. There are four possible recording modes: Off (no recording allowed) Manual (record only on user requests) Continuous (always record) On motion/manual (record according to motion detection settings or on user request).
834
Glossary
recording state
Current recording status of a given camera. There are four possible recording states: Enabled

redirector redirector agent redundant archiving Remote
Disabled Currently recording (unlocked) Currently recording (locked).
Server assigned to host a redirector agent created by the Media Router role. Agent created by the Media Router role to redirect data streams from one IP endpoint to another. Option that allows a copy of all the video streams of an Archiver role to be archived simultaneously on the standby server as a protection against data loss. Type of operation task that allows you to remotely monitor and control other Security Desks that are part of your system, using the Monitoring task and the Alarm monitoring task. See also Monitoring and Alarm monitoring.
Report Manager report pane
Type of role that automates report emailing and printing based on schedules. A section in the Security Desk's task workspace used to display information in a tabular form. The rows may correspond to query results or real-time events. See also task workspace.
request to exit
Request to exit (REX). (1) Door release button normally located on the inside of a secured area that when pressed, allows a person to exit the secured area without having to show any credential. This can also be the signal from a motion detector. (2) The signal received by the controller for a request to exit.
reverse geocoding
AutoVu feature that translates a pair of latitude and longitude into a readable street address. See also geocoding and Navigator.
RFID tag role
Radio Frequency Identification tag. A device that communicates location data, and other data related to the location, of an object to which it is attached. A software module that performs a specific function (or job) within Security Center. Roles must be assigned to one or more servers for their execution. See also server.
835
Glossary
Role view route Route playback
Browser view that lists all roles on your system with the devices they control as child entities. Entity used to configure the transmission capabilities between two end points in a network for the purpose of routing media streams. Type of investigation task that replays the route followed by a Patroller on a given date on a map.
S
same position Type of parking regulation characterizing an overtime rule. A vehicle is in violation if it is seen parked at the exact same spot over a specified period of time. The Patroller must be equipped with GPS capability in order to enforce this type of regulation. Type of entity that defines a set of time constraints that can be applied to a multitude of situations in the system. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). See also standard schedule and twilight schedule. scheduled task secondary server Type of entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule. Any alternate server on standby intended to replace the primary server in the case the latter becomes unavailable. See also failover and primary server. Security Center Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance system, Synergis IP access control system, and AutoVu IP license plate recognition (LPR) system. See also Security Desk. Security Center Federation Type of role that imports entities from an independent Security Center system so that its entities can be used by your local Security Center users. Security Center Mobile Security Center Mobile is a feature of Genetecs unified platform that lets you remotely connect to your Security Center system over a wireless IP network. Supported Mobile client components include a platform-independent, unified Web Client, as well as various Mobile apps for smartphones and tablets. See also Mobile Admin, Mobile app, Mobile Server, and Web Client.
schedule
836
Glossary
security clearance
Numerical value used to further restrict the access to an area when a threat level is in effect. Cardholders can only access (enter or exit) an area if their security clearance is equal or higher than the minimum security clearance set on the area. See also threat level.
Security Desk
Security Desk is the unified user interface of Security Center. It provides consistent operator flow across all of the Security Centers main systems, Omnicast, Synergis, and AutoVu. Security Desks unique task-based design lets operators efficiently control and monitor multiple security and public safety applications. See also Security Center.
selector
One of the panes found in the Security Desk's task workspace. The selector contains different sets of tools, grouped in tabs, to help you find and select the information you need to work on. See also task workspace.
server
Type of entity that represents a server machine on which Genetec Server is installed. See also expansion server, Genetec Server, and main server.
Server Admin
Web application running on every server machine in Security Center that allows you to configure the settings of Genetec Server. Server Admin also allows you to configure the Directory role on the main server. Security Center system that is given the rights to view and modify entities shared by another system, called the sharing host. See also Global Cardholder Synchronizer and global partition.
sharing guest
sharing host
Security Center system that owns partitions that are shared with other Security Center systems, called sharing guests. See also global partition.
Sharp EX
Sharp unit that includes an integrated image processor and supports two standard definition NTSC or PAL inputs for external cameras (LPR and context cameras). See also context camera, LPR camera, and Sharp unit.
837
Glossary
Sharp Portal
Web-based administration tool used to configure Sharp cameras for fixed or mobile AutoVu systems. From a Web browser, you log on to a specific IP address (or the Sharp name in certain cases) that corresponds to the Sharp you want to configure. When you log on, you can configure options such as selecting the LPR context (e.g. Alabama, Oregon, Quebec, etc), selecting the read strategy (e.g. fast moving or slow moving vehicles), viewing the Sharps live video feed, and more. See also Sharp unit.
Sharp unit
Genetec's proprietary LPR unit that integrates license plate capturing and processing components, as well as digital video processing functions, inside a ruggedized casing. See also context camera, PlateReaderServer, LPR camera, Sharp EX, Sharp VGA, Sharp XGA, SharpX, and.
Sharp VGA
Sharp unit that integrates the following components: an infrared illuminator; a standard definition (640 x 480) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities. See also context camera, LPR camera, and Sharp unit.
Sharp XGA
Sharp unit that integrates the following components: an infrared illuminator; a high-definition (1024 x 768) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities and optional internal GPS. See also context camera, LPR camera, and Sharp unit.
SharpX
Camera component of the SharpX system. The SharpX camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SharpX VGA
Camera component of the SharpX system. The SharpX VGA camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (640 x 480 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX VGA camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SMC
See Synergis Master Controller.

838
Glossary
Software Development Kit Software Development Kit (SDK). Allows end-users to develop custom applications or custom application extensions for Security Center. SSL standard schedule Secure Sockets Layer is a protocol used to secure applications that need to communicate over a network. A subtype of schedule entity that may be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. See also twilight schedule. standby server stream See secondary server. stream. (1) Video stream. (2) Entity representing a specific video quality configuration on a camera. strict antipassback Antipassback option. When enabled, a passback event is generated when a cardholder attempts to leave an area that they were never granted access to. When disabled, Security Center only generates passback events for cardholders entering an area that they never exited. See also timed antipassback. synchronous video Synergis Simultaneous live video or playback video from more than one camera that are synchronized in time. Synergis is the IP access control system of the Security Center designed to offer end-to-end IP connectivity, from access control reader to client workstation. Synergis seamlessly integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more.
Synergis Master Controller Genetec's access control unit that supports a variety of third party readers and (SMC) interface modules over IP, USB, and RS-485. SMC is seamlessly integrated to Security Center, and is capable of making the access control decisions independently of the Access Manager. See also access control unit, controller module, and four-port RS-485 module. system event A system event is a standard Security Center event defined at system installation. Unlike custom events, system events cannot be renamed or deleted. See also custom event. System status Type of maintenance task that monitors the status of all entities of a given type in real time, and allows you to interact with them.
839
Glossary
T
tailgating task A person who enters a secure area without presenting a credential, by following behind another person who has presented their credential. The central concept on which the entire Security Center user interface is built. Each task corresponds to one aspect of your work as a security professional. For example, use a monitoring task to monitor system events in real-time, use an investigation task to discover suspicious activity patterns, or use an administration task to configure your system. All tasks can be customized and multiple tasks can be carried out simultaneously. See also private task and public task. task cycling task workspace Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time. Area in the Security Center client application window reserved for the current task. The workspace is typically divided into three panes: canvas selector report pane See also canvas, report pane, and selector. taskbar User interface element of the Security Center client application window, composed of the Home button and the task list. The taskbar can be configured to appear on either edge of the application window. Emergency handling procedure that a Security Desk operator can enact on one area or the entire system to deal promptly with a potentially dangerous situation, such as a fire or a shooting. An individual window within the tile panel, used to display a single entity. The entity displayed is typically the video from a camera, a map, or anything of a graphical nature. The look and feel of the tile depends on the displayed entity. See also tile panel. tile ID The number displayed at the upper left corner of the tile. This number uniquely identifies each tile within the tile panel. See also tile and tile panel. Tile mode Security Desk canvas operating mode where the main area of the canvas is used to display the tile panel and the dashboard.
threat level
tile
840
Glossary
tile panel
Panel within the canvas used to display multimedia information, such as videos, maps and pictures. The tile panel is composed of individual display windows called tiles. See also canvas and tile.
tile pattern
Predefined tile arrangements within the tile panel. See also tile panel.
tile plugin
Type of entity that represents an application that runs inside a Security Desk tile. Examples of tile plugins include a web browser (available as standard Security Center feature) and Plan Manager Client. See also Plan Manager and plugin.
Time and attendance timed antipassback
Type of investigation task that reports on who has been inside a selected area and the total duration of their stay within a given time range. Antipassback option. When Security Center considers a cardholder to be already in an area, a passback event is generated when the cardholder attempts to access the same area again during the time delay defined by Timeout. When the time delay has expired, the cardholder can once again pass into the area without generating a passback event. See also strict antipassback.
timeline
A graphic illustration of a video sequence, showing where in time, motion, and bookmarks are found. Thumbnails can also be added to the timeline to help the user select the segment of interest. The Transmission Control Protocol (TCP) is a connection-oriented protocol used to send data over an IP network. The TCP/IP protocol defines how data can be transmitted in a secure manner between networks. TCP/IP is the most widely used communications standard and is the basis for the Internet. The process of transferring data in small amounts. A subtype of schedule entity that supports both daytime and nighttime coverages. A twilight schedule may not be used in all situations. Its primary function is to control video related behaviors. See also standard schedule.
Transmission Control Protocol
trickling twilight schedule
U
unicast Communication between a single sender and a single receiver over a network.
841
Glossary
Uniform Resource Locator A URL (Uniform Resource Locator, previously Universal Resource Locator) is the unique address for a file that is accessible on the Internet. The URL contains the name of the protocol (http:, ftp:, file:) to be used to access the file resource, a domain name that identifies a specific computer on the Internet, and a path name, a hierarchical description that specifies the location of a file in that computer. unit A hardware device that communicates over an IP network that can be directly controlled by a Security Center role. We distinguish four types of units in Security Center: Access control units, managed by the Access Manager role
Video units, managed by the Archiver role LPR units, managed by the LPR Manager role Intrusion detection units, managed by the Intrusion Manager role.
See also access control unit, Access Manager, Archiver, Intrusion Manager, LPR Manager, LPR unit, and video unit. Unit discovery tool Tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system. Tool used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one. For an access control unit, the configuration of the old unit is copied to the new unit. For a video unit, the video archive associated to the old unit is now associated to the new unit, but the unit configuration is not copied. Patroller software installation that is configured for university parking enforcement: the enforcement of scheduled parking permits or overtime restrictions. The use of maps is mandatory. Hotlist functionality is also included. See also overtime rule, permit, and permit restriction. unreconciled read MLPI license plate read that has not been committed to an inventory. See also Mobile License Plate Inventory. user Type of entity that identifies a person who uses Security Center applications and defines the rights and privileges that person has on the system. Users can be created manually or imported from an Active Directory. See also Active Directory and user group.
Unit replacement
University Parking Enforcement
842
Glossary
User Datagram Protocol
The User Datagram Protocol (UDP) is a connectionless protocol used to exchange data over an IP network. UDP is more efficient than TCP for video transmission because of lower overhead. Type of entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be member of multiple user groups. User groups can also be nested. See also user.
user group
user level
A numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or to stay logged on when a threat level is set. The smaller the value, the higher the priority. See also threat level, user, and user group.
user privilege
Privileges that control what operations a user is allowed to perform in Security Center, independent of what entities they can access, and within the constraints set by the software license. User privileges can be inherited from user groups. See also access right, partition, user, and user group.
V
validation key Serial number uniquely identifying a computer that must be provided to obtain the license key. See also license key. vehicle identification number All vehicles have a manufacturer assigned vehicle identification number (VIN). This is usually visible from outside the vehicle as a small plate on the dashboard. A VIN can be included as additional information with license plate entries in a hotlist or permit list, to further validate a hit and ensure that it is the correct vehicle. The software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people going through a door, license plate recognition, detection of unattended objects, or the direction of people walking or running. Video archive includes both the recorded audio/video footage and the database that documents those recordings (source camera, timestamps, events, bookmarks, and so on).
video analytics
video archive
843
Glossary
video encoder
Device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG-4, MPEG-2 or M-JPEG). The video encoder is one of the many devices found on a video encoding unit. See also camera and video unit.
video decoder
Device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. See also analog monitor and video unit.
video file
File created by an archiving role (Archiver or Auxiliary Archiver) to store archived video. The file extension is G64. You need the Security Desk or the Portable Archive Player to read video files. See also Archiver, Auxiliary Archiver, and G64.
Video file player
Type of investigation task that browses through your file system for video files (G64) and allows you to play, convert to ASF, and verify the authenticity of these files. Any recorded video stream of a certain duration. Type of entity that represents a video encoding or decoding device capable of communicating over an IP network and incorporating one or more video encoders. They come in a wide variety of brands and models. Some support audio, others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. See also Archiver, video decoder, and video encoder.
video sequence video unit
video watermarking
Process by which a digital signature (watermark) is added to each recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete or modify a frame), the signatures will no longer match, thus, showing that the video has been tampered with. A subtype of zone entity where the IO linking is done by software. The input and output devices may belong to different units of different types. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. See also hardware zone and zone.
virtual zone
Visit details Visitor activities
Type of investigation task that reports on the stay (check-in and check-out time) of current and past visitors. Type of investigation task that reports on visitor activities (access denied, first person in, last person out, antipassback violation, and so on).
844
Visitor management
Type of operation task that allows you to check in, check out, and modify visitors, as well as manage their credentials, including temporary replacement cards. Visual tracking is a feature in Security Desk that allows you to follow an individual across different areas of your company without ever loosing sight of that individual, as long as the places this person goes through are monitored by cameras. This feature displays transparent overlays on the video to show you where you can click to switch to adjacent cameras. The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports. See also discovery port.
visual tracking
VSIP port
W
watchdog Security Center service installed alongside the Genetec Server service on every server computer, whose sole purpose is to monitor the operation of Genetec Server, and to restart it if abnormal conditions are detected. Type of role that exposes the Security Center SDK methods and objects as Web services to support cross-platform development. The client component of Security Center Mobile that provides access to Security Center features from a Web browser. Web Client users connect to Mobile Server to configure and monitor various aspects of your Security Center system. See also Mobile Server. wheel imaging widget Wiegand Virtual tire-chalking technology that takes images of the wheels of vehicles to prove whether they have moved between two license plate reads. A component of the graphical user interface (GUI) with which the user interacts. An electrical interface standard and format used between a reader and controller (from the original Wiegand card reader).
Web-based SDK Web Client
Windows Communication Windows Communication Foundation (WCF) is a communication Foundation architecture used to enable applications, in one machine or across multiple machines connected by a network, to communicate. AutoVu Patroller uses WCF to communicate wirelessly with Security Center.
845
WMS
Web Map Service (WMS) is a standard protocol for serving over the Internet, georeferenced map images that are generated by a map server using data from a GIS database. See also GIS and OGC.
X Y Z
zone Type of entity that monitors a set of inputs and triggers events based on their combined states. These events can be used to control output relays. See also hardware zone, IO linking, and virtual zone. Zone activities Zone Manager Type of investigation task that reports on zone related activities (zone armed, zone disarmed, lock released, lock secured, and so on). Type of role that manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Type of investigation task that reports on the number of vehicles parked in a selected parking zone, and the percentage of occupancy (for university parking only). See also University Parking Enforcement.
Zone occupancy
846
Index
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
ABA field, defining, 674 about entity tree, 85 Logical view, 85 System entity, 85 accepted user, partitions, 92, 449 access control setting entity expiration, 634 troubleshooting configurations, 320 Access control health history, about, 308 access control unit about, 337 adding using Unit discovery tool, 265 configuring, 267 connection parameters, 344 renaming, 345 SMC, 267 synchronizing about, 267 modes, 348 viewing events, 309 viewing health events, 308 viewing IO configurations, 310 viewing properties, 184 wiring doors, 268 Access control unit events, about, 309 access denied events, investigating, 325 Access diagnosis, using, 323 access granted events, investigating, 325 Access Manager about, 260, 511 adding, 260 configuring, 260 keeping events, 512 resolving conflicts, 515 access rights
troubleshooting, 323 viewing, 325 access rule about, 349 applying, 277 configuring, 281 creating, 281 viewing configurations, 317 Access rule configuration about, 317 generating report, 317 Access troubleshooter about, 294, 320, 652 limitations, 320 troubleshooting access requirements, 323 cardholder access rights, 322 doors, 321 accessing storage devices, 226 action about, 106 action privileges, users, 708 actions action types, 758763 reference list, 758 task-related, 24 activating Genetec Server Directory, 478 roles, 51 user profiles, 483 Active Directory about, 516 encrypted communication, 144 importing cardholders, 284 importing ccredentials, 287 importing users, 102 synchronizing entities, 142 active tasks, list, 485 active tasks, updating, 686
847
Index
Activity trails about, 182 generating report, 182 adding accepted partition users, 92 access control units, 261 Access Mangers, 260 Archivers, 193 area members, 279 cameras to camera sequences, 218 cameras to doors, 270 cash registers, 597 expansion servers, 47 parition members, 448 parity checks, 673 partition members, 92 secondary servers, 64, 534 tasks, 22 tasks to favorites, 24 video units, 194, 244 administrative privileges, users, 697 Administrators user group, about, 97 advanced settings Archiver, 541 video units, 532 alarm about, 351 attached entities, 353 automatic acknowledgement, 355 automatic video recording, 356 broadcast mode, 353 configuring, 112 creating incidents on acknowlegement, 355 entities, 111 managing, 111 procedure, 355 protecting recorded video, 356 reactivation threshold, 354 recipients, 353 responding, 115 schedules, 355 setting priority, 352 testing, 112 triggering, 113 troubleshooting, 112 video display options, 355 Alarm Monitoring, assigning Logical IDs, 626 analyzing report results, 30
antipassback about, 361 configuring, 280 application privileges, users, 695 applying access rules for elevators, 277 custom filters, 43 custom filters using search tool, 43 name filters, 43 architecture Security Center system, 6 Synergis system, 252 archive database, about, 224 archive storage about, 224 accessing, 226 estimating requirements, 225 managing, 225 monitoring, 226 Archive storage details about, 233 protecting video files, 231 archive viewing, user limitations, 487, 492 Archiver about, 521 adding, 193 Bosch VRM settings, 531 camera details, 540 configuring, 193 servers, 534 standby archiving, 535 discovering video units, 529 failover, 227 limitation, 229 protected video file statistics, 539 recording modes, 522 recording options, 523, 545 settings advanced, 541 database, 536 network card, 538 storage, 536 video units, 528 statistics, 538 what is, 193 Archiver events, about, 249 Archiver role, searching for events, 249 archives
848
Index
viewing storage details, 233 area about, 360 adding members, 279 antipassback properties, 361 associating doors, 279 configuring, 278 creating, 278 interlock properties, 362 viewing cardholder access rights, 325 arming delaying arming, 505 hardware zones, 505 virtual zones, 508 zones, 160 assigning Keyboard shortcuts, 682 associating access control units to hardware zones, 503 doors to areas, 279 hardware zone states to events, 504 virtual zone states to events, 508 virtual zones to Zone Managers, 507 audio alarm, about, 391 Audit trails, about, 181 automatic stream selection, video units, 211 automating alarm acknowledgement, 355 database backup, 58 disk cleanup, 225 system behavior, 103 video recording on alarms, 356 AutoVu ports used (default), 778 Auxiliary Archiver about, 543 recording modes, 545 settings database, 548 network, 548 storage, 548
Badge designer, about, 366 badge template about, 365 Badge designer tool, 366 creating, 289 preview, 293 best practices configuring cameras, 209, 220 configuring system administrators, 97 deploying Omnicast, 190 deploying Synergis, 256 resolving reader issues, 327 solving HID unit issues, 314 system configuration, 90 wiring doors to access control units, 268 bit rate camera settings, 372 setting priority, 372 video unit settings, 497 boosting recording quality manual recording, 376 settings, 376 special events, 212 system events, 376 broadcast mode, about, 353 buzzer, configuring, 269
C
camera about, 209, 220, 368 audio alarm events, 391 boost quality settings, 376 boosting quality on event recording, 376 on manual recording, 376 configuring, 209, 220 motion detection, 379 lens type, 392 linking speakers/microphones, 391 not recording, 241 rotating images, 392 setting bit rate, 372 bit rate priority, 372 connection type, 374
B
backing up databases, 57 video archives, 227
849
Index
video quality, 370 stream usage, 373 tampering, 391 visual tracking, 388 camera details, Archiver, 540 camera recording, troubleshooting, 241 camera sequence about, 393 adding cameras, 218 configuring cameras, 218 creating, 218 removing cameras, 218 camera tampering, about, 391 cannot add video units, troubleshooting, 244 cannot delete video units, troubleshooting, 247 cardholder about, 395 configuring, 283 creating, 283 importing from Active Directory, 284 from flat file, 284 managing, 284 setting picture size, 284, 635 troubleshooting access rights, 322 viewing access rights, 325 viewing properties, 318 Cardholder access rights, about, 325 Cardholder configuration, about, 318 cardholder group about, 398 configuring, 283 creating, 284 viewing access rights, 325 viewing member properties, 318 Cardholder troubleshooter about, 322 using, 322 cash register about, 400 adding, 597 CCTV matrix integration, 190 using, 129 changing role servers, 50 taskbar position, 27 user password, 10, 483
video file protection status, 231 checking macro syntax, 430 choosing zone type, 163 closing Security Center, 10 closing Security Desk options, 687 columns reference list, 723 reordering, 33 resizing, 32 selecting, 32 showing/hiding, 32 Comm LED, about, 787 command port, about, 497 common configuration tabs about, 332 Cameras tab, 334 Custom fields tab, 335 Identity tab, 332 Location tab, 336 concurrent logons, limiting, 484 Config Tool interface, 13 configuration changes, investigating, 181 configuring Access Manager, 260 access rules, 281 alarms, 112 antipassback, 280 Archiver, 193 Archiver servers, 534 areas, 278 automatic disk cleanup, 225 camera sequences, 218 cameras, 209, 220 cardholder groups, 283 cardholders, 283 credentials, 285 database notifications, 57 Directory, 473 door buzzers, 269 doors, 268 elevator floors, 275 elevator relays, 276 elevators, 274 entities, 85 entity tree, 86 federated entities, 129
850
Index
full screen mode, 95 Genetec Server, 476 hardware zones, 162 HID units, 799 inputs, 503 interlock, 280 Media Router, 202 motion detection, 379 output pins, 498 partitions, 90 PTZ, 390 readerless doors, 269 role groups, 135 roles, 49 Saved tasks page, 23 Security Center/Patroller communication, 571 servers, 48 standby archiving, 535 user groups, 96 user password expiration, 484 user privileges, 99 users, 93 video streams, 210 virtual zones, 162 visual tracking, 212 conflict resolution utility, using, 149 connecting Security Center, 9 connection parameters access control units, 344 federated Omnicast systems, 592 federated Security Center systems, 603 contacting technical support, 869 contextual command toolbar, 17 converting expansion servers to main servers, 478 main servers to expansion servers, 49, 479 primary servers to expansion servers, 534 Copy configuration tool about, 668 using, 668 countdown buzzer, about, 505 create event-to-actions, 107 creating access rules, 281 areas, 278 badge templates, 289
camera sequences, 218 cardholder groups, 284 cardholders, 283 credentials, 285 databases, 55 doors, 268 entities, manually, 37 incidents for door state overrides, 635 on alarm alcknowledgement, 355 intrusion detection areas, 159 Intrusion Managers, 156 macros, 110 network entities, 83 parent user groups, 98 partitions, 91 roles, 50 tasks, 22 user groups, 97 users, 94 credential about, 401 configuring, 285 creating, 285 enrolling, 287 importing from Active Directory, 287 from flat file, 287 information, 402 state, 402 viewing properties, 319 Credential configuration, about, 319 cross-platform development about, 164 Web-based SDK, 164 CSV file importing, 658 fields, 662 custom card format benefits, 287 using, 287, 635 Custom card format editor about, 670 adding parity checks, 673 defining ABA fields, 674 formats, 670 Wiegand fields, 672
851
Index
deleting custom card formats, 677 custom data type add, 138 configuration tab, 621 modify, 139 properties, 621 what is, 138 custom field add, 136 configuration tab, 619 properties, 619 purpose, 136 standard data types, 619 custom fields importing limitations, 665 custom filter, applying, 43 cycling tasks, 24
D
database backing up automatic, 58 manual, 57 configuring notifications, 57 creating, 55 deleting, 59 finding version, 56 managing, 52 relocating, 53 restoring, 58 settings, 52 archiving, 536, 548 database failover backup and restore, 72 automatically reconnect to master database, 73 contingency backup, 72 configuring, 72 database server, about, 53 date and time options configuring, 690 displaying time zone abbreviations, 690 date coverage, setting, 464 deactivating Genetec Server Directory, 479 roles, 51 user profiles, 483
default network, 83 schedule, 104 user, 94 defining ABA fields, 674 custom card formats, 670 partitions, 91 schedules, 105 Wiegand fields, 672 delaying hardware zone arming, 505 virtual zone arming, 508 deleting current task, 25 custom card formats, 677 databases, 59 discovered entities, 45 entities, 45, 88 intrusion detection unit logs, 424 partition members, 448 tasks, 24 deleting video units, 247 demo license, acquiring, 869 deploying Omnicast, 190 Synergis, 256 determining Web service address, 606 diagnosing entities, 180 impossible to establish video session error, 239 video streams, 235 waiting for signal error, 237 Directory about, 551 configuring, 473 troubleshooting connection problems, 679 Directory Availability Manager, what is, 66 Directory Manager about, 552 Directory server, what is, 66 disarming zones, 160 discovered entities about, 39 deleting, 45 discovery port, video units, 497 displaying Security Desk in full screen, 24
852
Index
document information, ii documentation. See production documentation door about, 357, 404, 432 adding cameras, 270 behavior, 405 buzzer, 269 configuring, 268 creating, 268 door state override incidents, 635 troubleshooting, 326 troubleshooting access rights, 324 unlock schedules, 406 viewing cardholder access rights, 325 wiring, 268 See also readerless door Door troubleshooter about, 321, 324 generating a report, 324 using, 321 duplicating entities, 87
E
editing keyboard shortcuts, 682 elevator about, 410 access rules, applying, 277 configuring, 274 floors, 275 relays, 276 hardware requirements, 274 viewing cardholder access rights, 325 enabling task cycling, 485 encryption communication Security Center and Active Directory, 144 enrolling credentials, 287 intrusion panels, 156 enryption key, setting up, 230 entities availability, 171 basic information, 38 configuring, 85 creating
network entities, 83 creating manually, 37 deleting, 45 diagnosing, 180 discovering, 39 duplicating, 87 entity types, 331505 renaming, 85, 87 searching, 42 by custom filter, 43 by name, 43 using global search, 42 using search tool, 43 state types, 179 viewing, 85 entity states about, 179 red, 85 troubleshooting, 179 yellow, 85 entity tree configuring, 86 deleting entities, 88 duplicating entities, 87 reorganizing, 87 entity tree, about, 85 entity types access control unit, 337 access rule, 349 alarm, 351 analog monitor, 357, 432 area, 360 badge template, 365 camera, 368 camera sequence, 393 cardholder, 395 cardholder group, 398 cash register, 400 credential, 401 door, 404 elevator, 410 hardware zone, 502 hotlist, 414 intrusion detection area, 421 intrusion detection unit, 423 LPR unit, 426 macro, 429 network, 434
853
Index
output behavior, 437 overtime rule, 439 parking facility, 444 partition, 447 Patroller, 450 permit, 453 permit restriction, 457 public task, 461 role, 462 schedule, 463 scheduled task, 469 server, 471 tile plugin, 480 user, 482 user group, 489 video unit, 494 virtual zone, 506 entity, what is, 36 error impossible to establish video session, 239 waiting for signal, 237 error messages, investigating, 170 estimating archive storage requirements, 225 evaluating zone states, 503 event about, 106 custom events, 106 event types, 745757 event recording, boosting quality, 376 event types, reference list, 745 event-to-action compared to scheduled task, 109 create, 107 search, 108 using, 106 See also event, action exceptions federated alarms, 130 execution context, defining, 431 expanding Security Desk full screen, 24 expansion server adding, 47 what is, 7 exporting keyboard shortcut configurations, 682 report results, 31
F
F11 command, disabling, 95 failover how does it work?, 61 limitation, Archiver, 229 load planning, 228 third-party solutions, 60 favorites adding tasks, 24 removing tasks, 24 features, Omnicast system, 187 federated entity configuring, 129 exceptions, 130 identifying, 128 using, 129 what is, 128 Federating Omnicast systems, 131 Security Center systems, 133 Federation about, 128 advanced settings, 134 Omnicast Federation, 131 types of, 128 Federation host, definition, 128 filtering report queries, 712 finding Archiver role events, 249 database information, 56 who made configuration changes, 181 See also searching firmware upgrade, video units, 496 flat file importing cardholders, 284 importing credentials, 287 floor, elevators, 275 full screen mode configuring as default, 95 full screen, enabling for Security Desk, 24
G
general privileges, users, 696 generating Access rule configuration report, 317 Activity trails report, 182
854
Index
Door troubleshooter report, 324 reports, 30 generating reports maximum results, 30 Genetec Server activating Directory, 478 configuring, 476 deactivating Directory, 479 expansion servers, 7 main server, 7 what is, 7 geocoding, about, 574 global cardholder management, what is, 296 Global Cardholder Synchronizer about, 557 connection parameters, 558 shared partitions, 559 synchronization options, 559 Global Cardholder Synchronizer, what is?, 298 global search, using, 42
H
H.264 issues, solving, 248 Hardware inventory, about, 184 hardware matrix, integration, 190 hardware requirements HID units, 782 hardware requirements, elevators, 274 hardware zone about, 161, 502 arming on a schedule, 505 using a switch key, 505 associating access control units, 503 zone states to events, 504 configuring, 162 countdown buzzer, 505 delaying arming, 505 evaluating zone state, 503 setting reactivation threshold, 504 See also zone Health history, about, 170 health issues, viewing, 168 Health Monitor about, 560
Health Monitor, what is, 75 health monitoring maintenance mode, 80 health monitoring, what is, 75 Health statistics, about, 171 HID Discovery GUI utility about, 783 using, 783 HID Edge plus, wiring, 800 HID Edge reader, wiring, 800 HID unit configuring, 799 door with reader, 799 door with two sensors, 799 inputs, 799 network, 782 discovering, 783 features available, 792 interpreting Comm LED, 787 Power LED, 787 operation modes, 791 setting up, 784 hardware, 782 special considerations default input settings, 785 HID hardware, 785 HID V1000 units, 785 supported software/hardware, 788 troubleshooting, 314 discovery issues, 315 enrollment issues, 315 wiring diagrams, 800 HID VertX units wiring VertX V1000, 801 VertX V2000, 802 hiding columns, 32 dashboard, 24 report pane, 24 selector, 24 taskbar, 27 unassigned logical IDs, 625 high availability how does it work?, 60 what is, 60 Home page, 14
855
Index
hotlist about, 414 HTTPS communication, 497
I
idenfitying federated entities, 128 identifying system instabilities, 171 idle delay, PTZ, 390 image rotation, about, 392 Import tool about, 657 custom field limitations, 665 import scenarios, 657 importing CSV file fields, 662 CSV files, 658 entities, 664 replacing old credentials, 666 importing cardholders from Active Directory, 284 cardholders from flat file, 284 credentials from Active Directory, 287 credentials from flat file, 287 CSV file fields, 662 CSV files, 658 entities, 664 macros from files, 430 users from Active Directory, 102 importing keyboard shortcut configurations, 682 Impossible to establish video session, error, 239 information messages, investigating, 170 inheriting user privileges, 100 inputs, configuring, 503 instabilities, identifying in system, 171 interface, about, 13 interlock about, 362 configuring, 280 intrusion detection area about, 155, 421 creating, 159 properties, 422 intrusion detection unit about, 155, 423 deleting logs, 424 interface types, 424
renaming peripherals, 158 synchronizing clock, 424 intrusion detection, entity types, 155 Intrusion Manager about, 156, 563 creating, 156 keeping events, 564 limitations, 156 intrusion panel enrolling, 156 managing, 155 investigating malfunction events, 170 system configuration changes, 181 user activity, 182 investigation tasks generating reports, 30 IO configuration, about, 310 IO configurations, viewing, 310 IO linking, about, 160 IP address, video unit, 496 IPv4, display modes, 436 IPv6, about, 436
K
keeping events Access Manager, 512 Intrusion Manager, 564 Zone Manager, 609 key switch, zone arming, 505 keyboard shortcuts assigning, 682 configuring, 681 editing, 682 exporting configurations, 682 importing configurations, 682 restoring default configurations, 682
L
launching Walkthrough wizard, 272 lens type, about, 392 level, users, 486, 491 license information viewing from Config Tool, 769 viewing from Server Admin, 770
856
Index
licensing, 869 limitations importing custom fields, 665 Intrusion Manager, 156 motion detection, 385 Omnicast Federation, 131 limiting concurrent user logons, 484 report results, 600 linking map files to maps, 165 microphones to cameras, 391 speakers to cameras, 391 Web pages to maps, 165 Live video, dialog box, 213 PTZ commands, 214 loading saved tasks, 23 location, setting, 40 lock delay, PTZ, 391 log in, video unit credentials, 530 log off, Security Center, 10 log on basic authentication, 9 supervised, 487, 492 user schedules, 484 using Windows credentials, 153 using Windows credentials in a multi-AD environment, 153 logging on options, 679 wrong Directory, 679 logical ID hiding unassigned entities, 625 showing, 625 logical ID, showing, 686 Logical view about, 85 entity tree, 86 managing, 85 logs, deleting, 424 LPR Manager about, 567 configuring Security Center/Patroller communication, 571 enabling hotlist filtering, 574 enabling permit filtering, 574 geocoding, 574 importing data, 583
managed hotlists and permits, 572 matching license plate reads, 573 providing Patroller updates, 582 XML exporting, 579 XML importing, 578 LPR unit about, 426 LPR unit, viewing properties, 184
M
macro about, 429 checking syntax, 430 creating, 110 defining execution contexts, 431 importing from files, 430 using, 110 main server converting to expansion servers, 49 what is, 7 maintenance mode, 80 maintenance tasks generating reports, 30 malfunction events, investigating, 170 managing alarms, 111 archive storage, 225 cardholders, 284 database, 52 intrusion panels, 155 Logical view, 85 Network view, 82 roles, 47 servers, 47 software security, 89 threat levels, 117 video archives, 224 zones, 160 manual recording, boosting quality, 376 map linking map files, 165 Web pages, 165 map file, linking to maps, 165 matching license plate reads, 573 maximum results, Security Desk reports, 30
857
Index
Media Router about, 585 configuring, 202 redirecting video streams, 586 RTSP port, 588 RTSP port conflict, 203 setting multicast port number, 588 what is, 202 microphone linking to cameras, 391 properties, 500 monitoring archive storage usage, 226 resource availability, 171 status of entities, 177 status of system, 177 system health, 171 Monitoring task viewing tiles only, 24 motion block, about, 380 motion detection about, 379 configuring, 379 drawing motion zones, 383 event types, 386 H.264 streams, 382 limitations, 385 motion blocks, 380 positive motion detection, 380 testing, 384 motion zones, drawing, 383 Move unit, about, 655
about, 83 creating, 83, 84 network options, configuring, 681 Network view managing, 82 purpose, 82 what is, 82 Network view, what is, 82 notification settings, video unit, 530 notification tray viewing system messages, 168 NTP settings, video unit, 532
O
offline video units troubleshooting, 236 Omnicast deploying prerequisities, 190 procedure, 191 entities, 188 features, 187 federating, 131 ports used (default), 780 what is, 187 Omnicast Federation about, 131, 590 connection parameters, 592 defining role groups, 591 limitations, 131 receiving information, 592 opening Server Admin, 48 Options dialog box about, 678 date/time display, 690 general options network, 681 user logon, 679 keyboard shortcuts, 681 performance options, 689 user interaction, 685 video options, 688 visual options, 683 ordinal pattern, schedules, 468 organizing video stream settings, 210
N
name filter, applying, 43 nesting partitions, 93 network about, 434 IPv4 display modes, 436 IPv6 address, 436 proxy server, 436 routes, 436 settings, 374 transmission capabilities, 435 network card settings, Archiver, 538 network entities
858
Index
output behavior, about, 437 output pin, settings, 498 overtime rule about, 439 overtime violations, 442 overtime violations, about, 442 overwriting databases, 55
P
parition manager promoting users, 93 parity check, defining, 673 parking facility about, 444 partition about, 89, 447 adding accepted users, 92, 449 members, 92, 448 configuring, 90 creating, 91 defining, 91 deleting members, 448 nesting, 93 promoting users to managers, 93 public partition, 91 purpose, 91 system partition, 91 user privileges, 101 partition manager, about, 91 partition user, promoting, 93 password changing, 10, 483 expiration, 484 Patroller about, 450 performance options configuring, 689 limiting report results, 689 perimeter door, configuring, 279 permanently saving tasks, 26 permit about, 453 permit restriction about, 457
picture size, cardholders, 284, 635 playback video troubleshooting, 240 Plugin about, 594 Point of Sale about, 595 adding cash registers, 597 retrieving database information, 596 saving transaction data, 596 ports AutoVu-specific, 778 common to Security Center, 777 Omnicast-specific, 780 Synergis-specific, 779 positive motion detection, about, 380 Power LED, about, 787 preventing system failures, 171 primary server switching to secondary server, 534 printing report results, 31 private task saving, 24 using, 23 privilege templates about, 101 purpose, 101 usage tips, 101 using, 101 privileges, users, 694710 product documentation, about, 868 promoting partition users to managers, 93 protected video file statistics, 539 protecting alarm video recordings, 356 video archives, 227 protecting video files, 231 proxy server, about, 436 PTZ configuring, 390 using idle delay, 390 lock delay, 391 PTZ commands advanced configuration, 214 Center-on-click, 214 testing, 214
859
Index
Zoom-box, 214 PTZ coordinates, dialog box, 214 public parition, about, 91 public task saving, 24 using, 23 public task, about, 461
Q
query filters reference list, 712 Query tab query filters available, 712
R
reactivation threshold alarms, 354 hardware zone, 504 virtual zone, 508 readerless door, configuring, 269 receiving information Omnicast Federation, 592 Security Center Federation, 603 recipients, alarms, 353 recording modes, Archiver, 522 recording modes, Auxiliary Archiver, 545 recording options, Archiver, 523, 545 red entity state, about, 85 redirecting video streams, 586 redundant archiving, using, 227 reference list action types, 758 event types, 745 query filters, 712 report columns, 723 relay settings, configuring, 276 relocating databases, 53 remote connection, enabling on SQL Server, 54 remote user, controlling, 487, 492 removing tasks from favorites, 24 removing cameras from camera sequences, 218 renaming access control units, 345 entities, 85, 87
intrusion detection unit peripherals, 158 renaming tasks, 24 reordering columns, 33 tasks, 25 reorganzing, entity tree, 87 replacing old credentials, 666 report analyzing results, 30 columns available, 723 exporting, 31 filtering query, 712 printing, 31 saving, 31 saving templates, 30 viewing results, 723 Report Manager about, 599 limiting results, 600 report pane columns available, 723 reordering columns, 33 resizing columns, 32 showing/hiding columns, 32 working with, 29 report results analyzing, 30 report results, limiting, 689 reporting tasks generating reports, 30 resizing columns, 32 resolving conflicts Access Manager, 515 how to, 149 overlapping schedules, 105 resources, monitoring availability, 171 responding, alarms, 115 restoring databases, 58 default keyboard shortcuts, 682 video archives, 227 retrieving Point of Sale system data, 596 role about, 49, 462 activating/deactivating, 51 changing servers, 50 configuring, 49 creating, 50
860
Index
managing, 47 role types, 510610 troubleshooting, 51 what is, 7 role group configuring, 135 defining, 591 setting, 602 what is, 134 role types Access Manager, 511 Active Directory, 516 Archiver, 521 Auxiliary Archiver, 543 Directory, 551 Directory Manager, 552 Global Cardholder Synchronizer, 557 Health Monitor, 560 Intrusion Manager, 563 LPR Manager, 567 Media Router, 585 Omnicast Federation, 590 Plugin, 594 Point of Sale, 595 Report Manager, 599 Security Center Federation, 601 Web-based SDK, 605 Zone Manager, 608 routes, network, 436 RTSP port, about, 203, 588
S
Saved tasks page configuring, 23 saving active task list, 687 open tasks, 24 report results, 31 report templates, 30 tasks, 24 workspace, 24 saving Point of Sale transaction data, 596 schedule about, 463 default schedule, 104 definition, 103
ordinal patterns, 468 resolving conflicts, 105 setting date coverage, 464 time coverage, 464 time range, 465 time zones, 104 twilight schedule, 104 user logon, 484 using, 103 scheduled task about, 469 compared to event-to-action, 109 create, 109 using, 109 what is, 109 schedules defining, 105 scheduling alarms, 355 hardware zone arming, 505 search event-to-actions, 108 search box using, 43 search box, using, 42 search tool, using, 43 searching for Archiver role events, 249 entities, 42 by name, 43 global search, 42 tasks, by name, 42 video files, 233 secondary server switching to primary server, 534 secondary server, adding, 64, 534 secure communication, video units, 497 Security Center about, 3 action types, 758 architecture, 6 changing user password, 10 closing, 10 common ports used, 777 connecting, 9 event types, 745 federating, 133
861
Index
logging off, 10 logging on, 9, 153 ports, default, 776780 system features, 4 Security Center Federation about, 601 connection parameters, 603 receiving information, 603 setting role groups, 602 Security Desk displaying full screen, 24 Security Desk, about, 651 selecting columns, 32 Server Admin open using Config Tool, 48 using Internet Explorer, 48 using, 473 servers about, 471 configuring, 48 Directory, 473 Genetec Server, 476 managing, 47 using Server Admin, 473 setting alarm priorities, 352 bit rate priority, 372 camera bit rate priority, 372 camera bit rates, 372 camera connection type, 374 camera video quality, 370 entity expiration, 634 hardware zone reactivation threshold, 504 location, 40 multicast port number, 588 picture size, 284, 635 schedule date coverage, 464 schedule time coverage, 464 time ranges, 465 user group privileges, 493 user levels, 486, 491 user privileges, 488 video unit bit rates, 497 virtual zone reactivation threshold, 508 setting up HID units, 784 sharing guest, what is?, 298
sharing host, what is?, 297 showing columns, 32 logical IDs, 625 tiles only, 24 SMC units about, 267 software security about, 89 managing, 89 sorting tasks, 24, 25 speaker linking to cameras, 391 properties, 499 SQL Server, remote connection, 54 starting task cycling, 24 state types, entities, 179 status, user profiles, 483 stopping task cycling, 24 storage settings, Archiver, 536 storage settings, Auxiliary Archiver, 548 stream usage, about, 373 supervised log on, about, 487, 492 supporting cross-platform development, 164 synchronization modes, access control units, 348 synchronizing access control units, 267 entities with Active Directory, 142 intrusion detection unit clocks, 424 Synergis about, 252 architecture, 252 deploying alone, 258 prerequisities, 256 procedure, 257 with Omnicast, 259 entities, 253 ports used (default), 779 testing system, 294 unique model, 254 System entity, about, 85 system health monitoring, 171 troubleshooting, 170
862
Index
system messages about, 168 viewing, 168 system messages, display options, 686 system partition, about, 91 System status about, 177 monitoring entity statuses, 177 system, monitoring status, 177
Cardholder access rights, 325 Cardholder configuration, 318 Credential configuration, 319 Door troubleshooter, 324 Hardware inventory, 184 Health history, 170 Health statistics, 171 IO configuration, 310 System status, 177 taskbar changing position, 27 display options, 683 hiding, 27 technical support, contacting, 869 testing alarms, 112 motion detection, 384 threat level managing, 117 purpose, 117 threat, definition, 117 tile plugin about, 480 time coverage, setting, 464 time range daily time, 465 setting, 465 specific dates, 467 twilight, 467 weekly, 466 time zone displaying abbreviations, 690 time zones, warning about, 104 tips privilege templates, 101 tool types Access troubleshooter, 652 Copy configuration tool, 668 Custom card format editor, 670 Import tool, 657 Move unit, 655 Options dialog box, 678 Security Desk, 651 Unit Discovery tool, 653 Unit replacement, 654 Tools Access troubleshooter, 320 Tools menu, 692
863
T
task adding, 22 adding to favorites, 24 administration tasks, 611630 commands, 24 creating, 22 deleting, 24 loading saved tasks, 23 removing from favorites, 24 renaming, 24 reordering, 25 saving, 24 as private task, 24 as public task, 24 layout, 24 tasks permanently, 26 sorting, 25 working with, 24 task cycling starting, 24 stopping, 24 task cycling, enabling, 485 task list saving on exit, 687 sorting, 24 task privileges, users, 704 task types maintenance tasks Access control health history, 308 Access control unit events, 309 Access rule configuration, 317 Activity trails, 182 Archive storage details, 233 Archiver events, 249 Audit trails, 181
Index
transmission capabilities, network, 435 trickling, what is, 198 triggering alarms, 113 troubleshooting access configuration problems, 320 access requirements, 323 access rights to doors, 324 access rule configurations, 317 Access troubleshooter, 294 alarms, 112 cameras not recording, 241 cannot add video units, 244 cannot delete video units, 247 cardholder access rights, 322 doors, 321, 326 credentials, 326 readers, 327 Request to exit, 326 entity states, 179 H.264 video stream, 248 HID units, 314 impossible to establish video session error, 239 malfunction events, 170 offline video units, 236 playback video, 240 roles, 51 system health, 170 unstable entities, 171 video streams, 235 waiting for signal, 237 troushooting user logon, 679 twilight schedule, about, 104
U
UI component Logical view, 85 UI element Home page, 14 Tools menu, 692 task workspace administration, 16 contextual command toolbar, 17 Unit discovery tool about, 653 adding
access control units, 265 video units, 196 Unit replacement, about, 654 unprotecting video files, 231 upgrading video unit firmware, 496 user about, 89, 93, 482 activating, 483 changing password, 10, 483 configuring, 93 controlling remote workstations, 487, 492 creating, 94 deactivating, 483 enabling task cycling, 485 entering personal information, 483 importing from Active Directory, 102 investigating activity, 182 limitations, archive viewing, 487, 492 limiting concurrent logons, 484 logon schedules, 484 password expiration, 484 setting level, 486, 491 setting privileges, 488 supervised log on, 487, 492 user group about, 89, 97, 489 configuring, 96 creating, 97 creating parent user groups, 98 members, 490 setting privileges, 493 user interaction options configuring, 685 displaying system messages, 686 exiting Security Desk, 687 renaming devices, 686 showing logical IDs, 686 updating public tasks, 686 user logon options, 679 troubleshooting, 679 user password changing, 10, 483 configuring expiration, 484 user privileges about, 99, 488 action privileges, 708
864
Index
administrative privileges, 697 application privileges, 695 configuring, 99 general privileges, 696 hierarchy, 99 inheriting, 100 partitions, 101 settings, 99 task privileges, 704 templates, 101 using Access troubleshooter, 323 Archiver failover, 227 Cardholder troubleshooter, 322 Copy configuration tool, 668 custom card formats, 287, 635 Door troubleshooter, 321 event-to-actions, 106 federated entities, 129 global search, 42 HID Discovery GUI utility, 783 macros, 110 ordinal patterns, 468 partitions, 91 redundant archiving, 227 scheduled tasks, 109 schedules, 103 search box, 42, 43 search tool, 43 Server Admin, 473 SSL connection, 606 Web-based SDK, 164
V
video archive about, 224 archive database, 224 Archiver failover, 227 backing up, 227 encryption key, 230 failover load planning, 228 hardware failure protection, 227 managing, 224 protecting, 227 redundant archiving, 227 restoring, 227
routine cleanup protection, 229 storage, 224 storage failure protection, 227 tampering protection, 229 video display options, alarms, 355 video encoder, about, 368 video file changing protection status, 231 protecting, 231 searching, 233 unprotecting, 231 viewing properties, 233 video options configuring, 688 video protection, alarms, 356 video quality testing, 213 video quality, cameras, 370 video recording on alarms, 356 video stream automatic stream selection, 211 boosting recording quality, 212 configuring, 210 diagnosing, 235 organizing settings, 210 video unit about, 494 adding manually, 194 using Unit discovery tool, 196 advanced settings, 532 authenticating, 497 automatic discovery, 196 bit rate settings, 497 cannot add, 244 cannot delete, 247 command port, 497 discovery port, 497 discovery settings, 529 enabling UPnP, 497 IP address, 496 notification settings, 530 NTP settings, 532 peripherals configuring output pins, 498 microphone properties, 500 settings, 498 speaker properties, 499
865
Index
secure communication, 497 setting login credentials, 530 settings, 528 SSL settings, 531 troubleshooting offline units, 236 upgrading firmware, 496 viewing properties, 184 viewing access control unit events, 309 access control unit health events, 308 access rule configurations, 317 active task list, 485 archive storage details, 233 cardholder access rights, 325 cardholder properties, 318 credential properties, 319 entities, 85 health issues, 168 IO configurations, 310 license information from Config Tool, 769 from Server Admin, 770 report results, 723 system messages, 168 unit properties, 184 warnings, 168 virtual zone about, 161, 506 arming, 508 associating zone states to events, 508 configuring, 162 delaying arming, 508 evaluating zone state, 507 setting reactivation threshold, 508 Zone Manager, 507 See also zone visual options configuring, 683 taskbar, 683 visual tracking about, 388 configuring, 212
about, 271 launching, 272 modes, 272 purpose, 271 warning messages investigating, 170 viewing, 168 Watchdog, about, 478 Web page, linking to maps, 165 Web-based SDK about, 164, 605 determining Web service address, 606 using, 164 SSL connection, 606 Wiegand field, defining, 672 wiring diagrams HID Edge plus, 800 HID Edge reader, 800 HID VertX V1000, 801 HID VertX V2000, 802 wiring doors, 268 working with report pane, 29 tasks, 24
X
XML exporting, 579 importing, 578
Y
yellow state, entities, 85
Z
zone about, 160 arming, 160 choosing zone type, 163 disarming, 160 hardware zone about, 161, 502 configuring, 162 IO linking, 160 managing, 160
866
W
Waiting for signal, error, 237 Walkthrough wizard
Index
virtual zone about, 161, 506 configuring, 162 Zone Manager about, 161, 608 associating zones, 507 keeping events, 609
867
Where to find product documentation

You can find our product documentation in the following locations:
Installation package. The documentation is available in the Documentation folder of the

installation package. Some of the documents also have a direct download link to the latest version of the document.
Genetec Technical Assistance Portal (GTAP). The latest version of the documentation is
available from the GTAP Documents page. Note, youll need a username and password to log on to GTAP.
Help. Security Center client and web-based applications include help, which explain how
the product works and provide instructions on how to use the product features. Patroller and the Sharp Portal also include context-sensitive help for each screen. To access the help, click Help, press F1, or tap the ? (question mark) in the different client applications.
868
Technical support
Genetec Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a Genetec customer, you have access to the Genetec Technical Assistance Portal (GTAP), where you can find information and search for answers to your product questions.
Genetec Technical Assistance Portal (GTAP). GTAP is a support website that provides indepth support information, such as FAQs, knowledge base articles, user guides, supported device lists, training videos, product tools, and much more. Prior to contacting GTAC or opening a support case, it is important to look at this website for potential fixes, workarounds, or known issues. You can log in to GTAP or sign up at https://gtap.genetec.com.
Genetec Technical Assistance Center (GTAC). If you cannot find your answers on GTAP, you
can open a support case online at https://gtap.genetec.com. For GTAC's contact information in your region see the Contact page at https://gtap.genetec.com.
NOTE Before contacting GTAC, please have your System ID (available from the About button in your client application) and your SMA contract number (if applicable) ready.
Licensing.
For license activations or resets, please contact GTAC at https://gtap.genetec.com. For issues with license content or part numbers, or concerns about an order, please contact Genetec Customer Service at customerservice@genetec.com, or call 1-866-684-8006 (option #3). If you require a demo license or have questions regarding pricing, please contact Genetec Sales at sales@genetec.com, or call 1-866-684-8006 (option #2).
Additional resources
If you require additional resources other than the Genetec Technical Assistance Center, the following is available to you:
GTAP Forum. The Forum is an easy to use message board that allows clients and Genetec staff
to communicate with each other and discuss a variety of topics, ranging from technical questions to technology tips. You can log in or sign up at https://gtapforum.genetec.com.
Technical training. In a professional classroom environment or from the convenience of your

own office, our qualified trainers can guide you through system design, installation, operation, and troubleshooting. Technical training services are offered for all products and for customers with a varied level of technical experience, and can be customized to meet your specific needs and objectives. For more information, go to http://www.genetec.com/Services.
869

En - Security Center Administrator Guide 5.2

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

En - Security Center Administrator Guide 5.2

Hochgeladen von

Copyright:

Verfügbare Formate

Security Center Administrator Guide 5.

About this guide

Notes and notices

Part I: Introduction to Security Center

Chapter 2: Getting started with Config Tool

Administration task workspace overview Maintenance task workspace overview .

Chapter 3: Working with tasks

Chapter 4: Working with reports

Customize the report pane .

Change the column order

Part II: Security Center administration

Common entity attributes . Using geographical locations

Entities created automatically by the system . Further readings on entity configuration

Search for entities using the Search tool.

Chapter 6: Common administrative tasks

Add an expansion server to your system

Diagnose role problems Managing databases .

Common database settings .

Configuring Directory failover and load balancing

Change the order of the Directory servers .

Manually switch the main server Bypass default load balancing .

. 69 . 70 . 70 . 71 . 71 . 72 . 74 . 75 . 75 . 76 . 81 . 82 . 82 . 82 . 83 . 85 . 85 . 86 . 89 . 89 . 90 . 93 . 96 . 99 101 102 103 103 106 109 110 111 111

Configuring the Logical view

Introduction to software security

Configuring user privileges . Using privilege templates

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

Create an alarm Testing alarms .

Trigger alarms manually Responding to alarms . Managing threat levels .

What are federated entities?

Federating Omnicast systems .

Advanced settings for large federations .

Modify a custom data type .

How does Active Directory integration work? .

Logging on with an Active Directory user

About zone management roles .

Viewing system health events . System status task . . . .

Finding out who made changes on the system .

Part III: Omnicast IP video surveillance

What are the Omnicast entities? . Omnicast deployment process

Associate cameras to the Auxiliary Archiver

Configure analog monitors .

Testing your analog monitor configuration .

Chapter 9: Managing Omnicast

Protecting your video archive against hardware failure .

Part IV: Synergis IP access control

How does Synergis work?

What are Synergis entities? .

Add the unit manufacturer extensions . Configuring access control units . . . . . . . . . . . . . . . . . . . . . . .

Why use the Walkthrough wizard? . Configuring elevators . . . . . . . . . . . . . . . . . . . . . . .

Configure doors for an area

Create and configure access rules . Create a cardholder in Config Tool .

Configuring cardholders and cardholder groups .

Chapter 11: Managing Synergis

HID unit cannot be found with the discovery tool

Resolution of reader issues .

Part V: AutoVu IP license plate recognition

Part VI: Config Tool reference

Badge designer . Video . . . . . . . . . . . . . . . . .

Camera (video encoder) Recording . Color . . . . . .

Cardholder group . Properties . Cash register Credential . . .

Badge template . Properties . Hardware .

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

Access rules Elevator . . . . . Floors . Access . Hotlist. .