Beruflich Dokumente
Kultur Dokumente
Copyright notice
2013 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes an end-user license agreement and is furnished under license and may be used only in accordance with the terms of the license agreement. The contents of this document are protected under copyright law. The contents of this guide are furnished for informational use only and are subject to change without notice. Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any derivative works be created therefrom without Genetec Inc.s prior written consent. Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the state of a product at the time of documents last revision, and may not reflect the product at all times in the future. In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is incidental to or consequential upon the instructions found in this document or the computer software and hardware products described herein. The use of this document is subject to the disclaimer of liability found in the end-user license agreement. "Genetec", "Omnicast", "Synergis", "Synergis Master Controller", "AutoVu", "Federation", "Stratocast", the Genetec stylized "G", and the Omnicast, Synergis, AutoVu and Stratocast logos are trademarks of Genetec Inc., either registered or pending registration in several jurisdictions. "Security Center", "Security Center Mobile", "Plan Manager", "Stratocast" and the Security Center logo are trademarks of Genetec Inc. Other trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products. All specifications are subject to change without notice.
Document information
Document title: Security Center Administrator Guide 5.2 Document number: EN.500.003-V5.2.C1(1) Document update date: April 19, 2013 You can send your comments, corrections, and suggestions about this guide to documentation@genetec.com.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
ii
Microsoft Windows administration Installation, configuration, and use of Microsoft SQL Server 2008 Video surveillance concepts Access control concepts Vehicle law enforcement and parking enforcement concepts Wiring of access control equipment such as door controllers and input/output modules
Tip. Suggests how to apply the information in a topic or step. Note. Explains a special case, or expands on an important point. Important. Points out critical information concerning a topic or step. Caution. Indicates that an action or step can cause loss of data, security problems, or performance issues. hardware.
Warning. Indicates that an action or step can result in physical harm, or cause damage to
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
iii
Contents
About this guide . . . . . . . . . . . . . . . . . iii
Omnicast Video surveillance features . Synergis Access control features . Architecture overview . . . . . . . .
AutoVu License plate recognition (LPR) features . About Security Center components. What is Genetec Server?
. 10 . 10 . 10 . 11 . 13 . 13 . 14 . 16 . 19
Differences between Config Tool 5.1 and 5.2 . Config Tool interface tour Home page overview . How Config Tool is organized .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
iv
Working with your current tasks . Task list commands . Close the current task Reordering tasks Save a task . . . .
Send a task to another workstation . Change the taskbar position . Set the taskbar to auto-hide .
Searching for tasks and entities Search for a task . . . Search for entities by name . Delete an entity . . . .
. . . .
. . . .
. . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. 42 . 42 . 43 . 43 . 45
Where should the database be hosted? . Move a database to a different computer Create a database . . . . . . . . . . . . . .
Connect roles to a remote database server . View information about a roles database Turn on role database notifications . Back up your role database . Restore your role database . Delete a database . . . . . . . . . . . . . . . . . .
Configuring Security Center for high availability . Configuring role failover . How role failover works in Security Center . Which roles support failover Configure failover for roles . Troubleshooting failover .
How Directory failover and load balancing works . Directory failover and load balancing prerequisites . Add a server to the Directory failover list Modify the license for all servers . . . . . . . . . .
. .
. .
. . . .
. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remove a server from the Directory failover list . Configuring Directory database failover . How Directory database failover works .
Configure database failover through backup and restore . Configure database failover through mirroring . Monitoring your systems health . About the Health Monitor role . Configuring the Health Monitor. Managing the Network view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring your systems health using maintenance tasks What is the Network view? . Purpose of the Network view Creating network entities Managing the Logical view . About the Logical view . Managing software security Defining partitions . Defining users . . Defining user groups . . . . . . . . . . .
Importing users from an Active Directory Automating system behavior . Using schedules . . . . . . . . . . . . . Using event-to-actions . Using scheduled tasks Using macros . . . . Managing alarms . What is an alarm?
. .
. .
. . . . .
. . . . . . .
. . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 112 . 112 . 113 . 113 . 115 . 116 . 117 . 117 . 117 . 119 . 121 . 122 . 122 . 123 . 127 . 128 . 128 . 128 . 131 . 133 . 134 . 136 . 136 . 136 . 138 . 139 . 140 . 140 . 140 . 141 . 142 . 142 . 143 . 146 . 147
viii
Trigger alarms automatically using event-to-actions Investigating current and past alarms . What are threat levels for? . Create a threat level . .
Differences between threat levels and alarms Configuring threat level actions Actions exclusive to threat levels Threat level limitations . Threat level scenarios . Threat level related tasks Federating remote systems Types of federations . . . . . . . . . . . .
Federating Security Center systems . Defining custom fields and data types Why use custom fields?. Add a custom field . . Add a custom data type. . . . . . . . . . . .
Integrating with Windows Active Directory . What is Active Directory integration? . What are the benefits of AD integration? How does synchronization work? . .
What information can be synchronized with the AD? . Import security groups from an Active Directory
Select which cardholder fields to synchronize with the AD . Mapping the credential card format to an AD attribute .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Map custom fields to synchronize with the AD . Resolve conflicts due to imported entities Modifying imported users . . . . . . . . Modifying imported cardholders Managing intrusion panels . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . .
148 149 151 151 153 155 155 156 156 158 159 160 160 160 161 161 163 164 164 164 165 165 165
How are intrusion detection panels represented in Security Center? . What does the Intrusion Manager role do? . Enroll an intrusion panel . . . . . . . . . . . . . . . . . . . . . . . . Edit intrusion detection unit peripherals. Create an intrusion detection area . Managing zones . . . . . . . . . . . . . . . . . . . . . What is IO linking? . What is a zone? . Creating zones .
Which type of zone works best for me? . Supporting cross-platform development . What does the Web-based SDK role do? . Using the Web-based SDK . Creating tile plugins . . . . . . . . .
Create a tile plugin that links to a Web site . Create a tile plugin that links to a map file
Chapter 7: Troubleshooting
Viewing system messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 170 171 172 177 179 180 181
ix
Viewing the health status and availability of entities . Monitoring the status of your system . Troubleshooting entity states . Diagnosing entities . . .
Investigating user related activity on the system . Viewing properties of units in your system . .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 182 . 184
Omnicast deployment prerequisites Omnicast deployment procedure . Configuring the Archiver role What is the Archiver? . Configure the Archiver . . . . . . . . .
Adding video units to your system . Configuring video units for trickling Configuring the Media Router role What is the Media Router? . Configure the Media Router Beware of RTSP port conflict . . . . . . . .
Configuring the Auxiliary Archiver role . What is the Auxiliary Archiver? Configure the Auxiliary Archiver .
Remove a camera from the Auxiliary Archiver . Move the Auxiliary Archiver to a different server Configuring cameras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Recommended camera configuration process . Configuring video streams . Configure visual tracking . Configure PTZ motors . .
Test the video quality of your camera . Creating camera sequences . Configuring analog monitors .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
220 222
Protecting your video archive against storage failure . Protecting video archive against routine cleanup. Protecting video archive against tampering . Protecting video files . Replace video units . . . . . . . . . . . . . . . . . . . . . . . Viewing properties of video files . Diagnosing video streams . . . . . . . . . . . . . . . . . . . . . . .
Troubleshooting video units that are offline . Diagnosing Waiting for signal errors
Diagnosing Impossible to establish video session with the server errors. Troubleshooting no playback video available . Troubleshooting cameras that are not recording . Troubleshooting video units that cannot be added Troubleshooting video units that cannot be deleted Solving H.264 video stream issues . Investigating Archiver events . . . . . . . . . .
Uniqueness of the Synergis model . Synergis deployment process . . . . Synergis deployment prerequisites . Synergis deployment procedure Configuring the Access Manager role . Configure the Access Manager role .
. . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 254 . 256 . 256 . 257 . 260 . 260 . 261 . 261 . 267 . 267 . 267 . 268 . 268 . 268 . 269 . 269 . 270 . 271 . 271 . 272 . 274 . 274 . 275 . 275 . 278 . 278 . 279 . 279 . 280 . 280 . 281 . 281 . 283 . 283
xii
Adding access control units to your system . Understanding unit synchronization Configuring doors . . . . . . . . .
Synergis Master Controllers unique characteristics . Wiring doors to access control units Create and configure your doors Configuring a buzzer . . . . .
Configuring readerless doors using Input/Output modules . Associate cameras to doors . Using the Walkthrough wizard
Assigning doors to access control units using the Walkthrough Wizard . Hardware for elevator control and floor tracking Configuring elevator floors . Create an elevator . Create an area . . . . . . . . . . . Configuring secured areas Add members to an area Configure antipassback. Configure interlock . Configuring access rules .
Create a cardholder group in Config Tool Import cardholders from a flat file . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
284 284 284 284 284 285 285 287 287 287 287 289 294
About the maximum cardholder picture file size . Importing cardholders from an Active Directory Managing cardholders in Security Desk . Configuring credentials . . . . . . . . Create a credential in Config Tool . Import credentials from a flat file
Importing credentials from an Active Directory . Enrolling credentials from Security Desk Using custom card formats . Defining badge templates . Testing your configuration . . . . . . . . . . .
What is global cardholder management? Rules and restrictions regarding GCM . Operating on global entities . . . . . . .
How does global cardholder management work? Configuring global cardholder management . Viewing access control health events . Investigating access control unit events Replace access control units . . .
Viewing IO configuration of access control units . Replacing HID VertX 1000 units with SMC units . Troubleshoot HID discovery and enrollment . Common discovery and enrollment issues . HID unit enrollment issues . . . . .
Finding out which entities are affected by access rules . Viewing properties of cardholder group members . Viewing credential properties of cardholders .
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
How the Access troubleshooter tool works Troubleshooting access points . . . Troubleshooting cardholder access rights.
. . .
. . .
. . .
. . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. . . . . . . . . .
. 320 . 321 . 322 . 323 . 324 . 325 . 326 . 326 . 326 . 327
Diagnosing cardholder access rights based on credentials Finding out who is granted access to doors and elevators . Finding out who is granted/denied access at access points Troubleshoot door issues . Request to exit events . Credential issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Custom fields . Access control unit Properties (HID) Portal (SMC) . Network (HID). Peripherals . Health . Access rule . . . . . .
Properties (SMC) .
Synchronization Properties .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xiv
Alarm .
. .
. . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
351 352 354 357 358 360 361 363 364 365 366 368 369 378 379 387 388 389 393 394 395 396 397 398 399 400 401 402 403 404 405 406 408
xv
Properties . Advanced Analog monitor Properties . Area . . . . Properties . Members Access rules . Badge template.
Motion detection Visual tracking . Hardware Cameras Cardholder . Picture . Camera sequence .
Properties .
Properties . Door . . .
Unlock schedules
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 409 . 410 . 411 . 412 . 413 . 414 . 415 . 418 . 421 . 422 . 423 . 424 . 425 . 426 . 427 . 429 . 430 . 431 . 432 . 433 . 434 . 435 . 437 . 438 . 439 . 440 . 442 . 444 . 445 . 447 . 448 . 449 . 450 . 451
xvi
Advanced . Properties . Advanced . Properties . Properties . Peripherals . LPR unit . Macro . . . . Properties . Properties . Monitor group Monitors . Network . . Properties . Properties . Overtime rule . Properties . Parking lot . Parking facility Properties . Partition . . Properties . Patroller . .
Output behavior .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Permit .
. . . . . . . .
. . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
453 454 457 458 460 461 462 463 464 465 468 469 470 471 472 473 473 476 480 481 482 483 485 486 488 489 490 491 493 494 495 496 498
xvii
Permit restriction .
Properties .
Setting the time range Scheduled task . Properties . Server . . . Properties . Server Admin Directory tab Tile plugin . User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Genetec Server tab . Properties . Properties . Workspace . Security . Privileges User group . Security . Privileges Video unit . Identity . . . . . . . .
Properties .
Properties . Peripherals .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
Active Directory .
Configuring the Directory role . Managing the Directory role Directory Manager Directory servers . . . . . . . . . . . .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
560 561 562 563 564 565 566 567 568 584 585 586 588 590 591 592 593 594 595 596 597 598 599 599 600 601 602 603 604 605 606 607
Intrusion Manager . Properties . Extensions . Resources . LPR Manager . Properties . Resources . Media Router . Properties . Resources Identity . Resources Plugin . . Point of Sale . . . . .
Properties . Cash registers Resources . Report Manager Properties . Resources Identity . Resources . . .
xix
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
Network view .
Logical ID .
User password settings . Activity trails . Audio . Video . . . . . . . . Threat levels Access control .
Roles and units . General settings Intrusion detection LPR . . . . Roles and units . General settings Plugins . . .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
. .
. . .
. . .
. . .
. . . .
. . . .
. . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . .
655 655 657 657 662 666 666 668 668 670 670 677 678 679 681 683 685 688 689 690 691 692
Moving units
Fields that can be imported from a CSV file . About entity creations and updates . Replacing old credentials Copy configuration tool Custom card format editor . . . . . . . . . . . . . . . . . . . . . . .
Using the copy configuration tool Defining custom card formats . Deleting a custom card format . Options dialog box . General options . Visual options . Video options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Keyboard shortcuts .
Administrative privileges .
Task privileges
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. 704 . 708
Action privileges .
Omnicast-specific ports .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xxii
HID factory default input settings . Modify input configurations Supported features and models
Interpreting the Power and Comm LEDs on an HID unit Supported access control software and hardware Access control unit modes of operation .
About offline, mixed, and online modes of operation Supported modes of operation per unit type Access control unit configuration . General versus dedicated inputs Configuring a door with reader Wiring diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring a door with two door sensors . HID Edge reader & Edge Plus . HID VertX V1000 . HID VertX V2000 .
Glossary Index .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
. .
.807 .847
xxiii
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Part I
Introduction to Security Center
Take a tour of Security Center and learn the basics of using the user interface. This part includes the following chapters: Chapter 1, Welcome to Security Center on page 2 Chapter 2, Getting started with Config Tool on page 8 Chapter 3, Working with tasks on page 21 Chapter 4, Working with reports on page 29
1
Welcome to Security Center
This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
One platform controlling and managing video/access/LPR edge devices. One user interface for monitoring, reporting, and managing events and alarms for video
surveillance, access control, and LPR - Security Desk. One user interface for configuring video surveillance, access control, and LPR - Config Tool. Unified live video viewing with video searches and video playback.
Common/Core features Omnicast Video surveillance features Synergis Access control features AutoVu License plate recognition (LPR) features
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Common/Core features
Alarm management Zone management Federation Intrusion panel integration Report management Schedule and scheduled task management User and user group management Windows Active Directory integration Programmable automated system behavior
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Architecture overview
Architecture overview
This section provides an overview of the components in a Security Center system. The setup and configuration of these components are explained later in this guide. This section includes the following topics:
NOTE The icons colored in blue represent the computers where Security Center server and client
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Architecture overview
What is a role?
A role is a software module that performs a specific job within Security Center. For example, you can assign roles for archiving video, for controlling a group of units, or for synchronizing Security Center users with your corporate directory service. You create and configure roles using Config Tool. You can assign one or more roles to a single server, or assign multiple servers to the same role to provide load balancing and failover. For more information, see "How role failover works in Security Center" on page 61. For each role you create, you can specify its parameters. After youve configured a role, you can move it to any server on your system (for example, one with a faster processor or more disk space) without having to install any additional software on that server. For a list of role types available in Security Center and what they are used for, see "Role types" on page 510.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
2
Getting started with Config Tool
This section provides you with basic knowledge about Config Tool, the main application an administrator needs to configure Security Center. Once youve learned the basic concepts described in this section, you can refer to the "Config Tool reference" on page 330 for specific information on Config Tool topics. This section includes the following topics:
"Connecting to Security Center" on page 9 "Differences between Config Tool 5.1 and 5.2" on page 11 "Config Tool interface tour" on page 13
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
"Log on" on page 9 "Change your password" on page 10 "Log off " on page 10 "Close the application" on page 10
Log on
Before you begin: You need your username, password, and Directory name. 1 To open Config Tool, click Start > All Programs > Genetec Security Center 5.2 > Config Tool.
2 In the Logon dialog box, enter the required information. If you have just installed Security Center, log on with the default administrative user Admin with a blank password. The Directory name is the name or IP address of your main server. If you are running Config Tool on your main server, you can leave the Directory field blank. 3 Click Log on. The Home page appears. For more information, see "Home page overview" on page 14. After you are done: Change the Admin users password if it hasnt been changed yet.
IMPORTANT If active directory integration has been set up by your system administrator, and you
are connecting over a VPN connection, you must clear the Use Windows credentials check box and type your username in the format DOMAIN\Username.
NOTE More logon options are available when an Active Directory is integrated to Security Center. For more information, see "Logging on with an Active Directory user" on page 153.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
3 Enter your old password, then enter your new password twice. 4 Click OK.
Log off
You can log off from Security Center without closing Config Tool. Logging off disconnects you from the Directory. Use this command when you plan to log on again using a different username and password.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
10
Home page Favorites Recently used Private/public tasks License options Task organization
Access the Home page by clicking the Home button. Favorite items displayed in the Favorites tab in the Home page. Recent items displayed in the Recently used tab in the Home page. Private and public tasks are saved in the Saved tasks tab in the Home page. All license options are displayed in the About page. Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance), and solution type (access control, video, intrusion investigation, and LPR). Can hide some of the notification tray items. Selector contains different tabs, such as Logical view and Query tab. Report commands grouped in the Report tab (export and print report) in Maintenance tasks. Select which columns to display from the Report tab in Maintenance tasks. Alarm entity configuration pages found in the System task Allows you to enroll credentials.
Access the Home page by clicking the Home tab. Favorite items listed in the Tasks tab in the Home page. Recent items listed in the Tasks tab in the Home page. Private and public tasks are saved as separate tabs in the Home page. Some license options displayed in the About page can be turned on or off. Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance). The solution types are indicated by a colored line under the task icons; red for access control, green for video, and yellow for LPR. All notification tray items can be shown or hidden. The Logical view and Query tab are displayed, but the selector is not indicated in the user interface. Report commands found at the top of the report pane (export and print report) in Maintenance tasks. Select which columns to display by right-clicking a column heading in the report pane in Maintenance tasks. Alarm entity configuration pages found in the new Alarms task. Renamed to Credential management task. Allows you to enroll credentials, create and assign credentials, and respond to credential card printing requests. Two tabs for configuring cardholders: Identity and Access rules. Credentials tab is merged into the Identity tab.
Select columns
Cardholder management
Three tabs for configuring cardholders: Identity, Credentials, and Access rules.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
11
Item
Access control maintenance report, where you can view the configuration of access control units in your system.
Renamed to Hardware inventory report. A general maintenance report, where you can view the configuration of access control, video, intrusion detection, and LPR units in your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
12
"How Config Tool is organized" on page 13 "Home page overview" on page 14 "Administration task workspace overview" on page 16 "Maintenance task workspace overview" on page 19
Administration. Administration tasks used to create and configure the entities required to
model your system.
Operation. Tasks related to day-to-day Security Center operations. Maintenance. Tasks related to maintenance and troubleshooting.
Under each major category, the tasks are further divided as follows:
Common tasks. Tasks that are shared by all three Security Center software modules. These
tasks are always available regardless of which modules are supported by your software license.
Access control. Tasks related to access control. Access control tasks are displayed with a red
line under their icons. They are only available if Synergis is supported by your software license.
Intrusion detection. Tasks that let you manage intrusion detection areas and units. LPR. Tasks related to license plate recognition. LPR tasks are displayed with a yellow line
under their icons. They are only available if AutoVu is supported by your software license.
Video. Tasks related to video management. Video tasks are displayed with a green line
under their icons. They are only available if Omnicast is supported by your software license.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
13
E F G H I J K L M
A B
Click to show or hide the Home page.Right-click for a list of commands (for example, save the workspace, close tasks, and so on). Lists the tasks you currently have open and are working on. Click a task tab to switch to that task. Right-click a tab for a list of commands. See "Working with your current tasks" on page 24. Displays important information about your system. Hold your mouse pointer over an icon to view system information, or double-click the icon to perform an action. You can choose which icons to show in the notification bar from the Options dialog box. See "Notification tray" on page 684. Click to view a list of all open tasks. This button only appears if the task tabs take up the width of the taskbar.
Notification tray
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
14
E F G
Type the name of the task, tool, or entity you are looking for. All tasks, tools or entities containing that text in their category, name, or description, are shown. Lists your recent items, favorites, and all the task types that are available to you. Select a task to open from this tab. Click to view the saved tasks that are available to you. Private tasks. Tasks that you saved that are only available to you. Public tasks. Tasks that you or someone else saved that are available to the general public. To save a private or public task, see "Save a task" on page 26. Click to view the tools that you can start directly from your Home page. The Tools page is divided into two sections: Tools. This section shows the standard Security Center tools. External tools. This section shows the shortcuts to external tools and applications. See "Adding shortcuts to external tools" on page 692. Click to configure Config Tool options. See "Options dialog box" on page 678. Click to view information regarding your Security Center software, such as your license, SMA, and software version. From the About page, you can also view the following: Help. Click to open the online help. Change password. Click to change your password. See "Change your password" on page 10. Contact us. Click to visit GTAP or the GTAP forum. You need an Internet connection to visit these Web sites. See "Technical support" on page 869. Installed components. Click to view the name and version of all installed software components (DLLs). Copyright. Click to display software copyright information. For information about your software license, see "License options" on page 768. Click to log off without exiting the application. Right-click any task or tool to add or remove it from your Favorites list. You can also drag a task into your favorites list. Tasks listed in favorites no longer appear in the Recent items list. Lists your recently opened tasks and tools. Click to view all the tasks available to you. Click a task icon to open the task. If it is a single-instance task, it will open. If you can have multiple instances of the task, you are required to type a name for the task. If the task has multiple entity views, you need to select an entity. See also, "Adding a task" on page 22.
Tools
I J
Options About
K L
M N
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
15
A B C D E F
A B
Youll typically find one view for each entity type managed by the task. Enter a string in this field and type Enter to filter the entities in the browser by name. Click Apply a custom filer ( ) to hand pick the entities you want to show in the browser. Use these buttons to browse through recently used entities within this task. Click an entity in the browser to show its settings on the right. The icon and name of the selected entity is displayed here. The entity settings are grouped by tabs. For more information about the configuration tabs for each entity type, see "Entity types" on page 331.
C D E F
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
16
This area displays the entity settings under the selected configuration tab. You must Cancel or Apply any change you make on the current page before you can move to a different page. Commands pertaining to the selected entity are displayed in the toolbar at the bottom of the workspace. See "Contextual command toolbar" on page 17.
Activate role Add a cardholder Add a credential Add an entity Assign to new door Audit trails
All roles Access rules and cardholder groups Cardholders All entities Access control units All entities
Activates the selected role. Creates a cardholder and assigns it to the selected entity. Creates a credential and adds it to the selected cardholder. See "Create an entity manually" on page 37. Creates a door and assigns it to the selected access control unit. Creates an Audit trails task for the selected entity. See "Finding out who made changes on the system" on page 181. Opens the Active Directory conflict resolution dialog box. See "Resolve conflicts due to imported entities" on page 149. See "Copy configuration tool" on page 668. Creates an access rule and assigns it to the selected entity. Deactivates the selected role. Deletes the selected entity from the system. Discovered entities can only be deleted when they are inactive.
Conflict resolution
Active Directory role All entities Areas, doors, elevators All roles All entities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
17
Icon
Command
Applies to
Description
Performs a diagnosis on the selected role or entity. Set a role or a physical device in maintenance mode so its down time will not affect its availability calculation by the Health Monitor. See "Set an entity in maintenance mode" on page 80. Creates a Health statistics task for the selected entity. See "Viewing the health status and availability of entities" on page 171. Flashes an LED on the selected unit to help locate it on a rack. Opens a dialog box showing live video from the selected camera. See "Test the video quality of your camera" on page 213. Opens the Move unit tool, where you can move units from one manager to another. See "Move unit" on page 655. Pings the video unit to check if you can communicate with it. This is helpful for troubleshooting purposes. Allows you to select a badge template and print a badge for the selected cardholder or credential. Restarts the selected unit. Runs the selected macro. See "Using macros" on page 110. Triggers the selected alarm so it can be viewed in Security Desk. See "Testing alarms" on page 112. Opens the Unit discovery tool, where you can find IP units connected to your network. See "Unit discovery tool" on page 653. Opens a browser to configure the unit using the Web page hosted on the unit. A tool that enrolls doors into Synergis in bulk, by having a cardholder present his credential at the doors to be enrolled. See "Using the Walkthrough wizard" on page 271.
Health statistics
Move unit
Ping
Print badge Reboot Run macro Trigger alarm Unit discovery tool
Cardholders and credentials Video and access control units Macros Alarms Access control and video units Video units Cardholders
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
18
F A Number of results Query filters Displays the number of returned results. A warning is issued when your query returns too many rows. If this happens, adjust your query filters to reduce the number of results. Use the filters in the query tab to set up your query. Click on a filter heading to turn it on ( ) or off. Invalid filters display as Warning or Error. Hover your mouse over the filter to view the reason it is invalid. For a list of query filters available in Security Desk, see "Query filters" on page 712. Click to export or print your report once it is generated. See "Generate a report" on page 30.
Export/print report
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
19
Right-click a column heading to select which columns to display. For a list of report columns available in Security Desk, see "Report pane columns" on page 723. View the results of your report. Drag an item from the list to a tile in the canvas, or right-click an item in the list to view more options associated with that item, if applicable. Click to run the report. This button is disabled if you have not selected any query filters, or when you have invalid filters. While the query is running, this button changes to Cancel. Click on Cancel to interrupt the query.
Generate report
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
20
3
Working with tasks
This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
21
Adding a task
There are two ways you can add tasks to your workspace:
Type the task name in the Search box. Click the Tasks tab, and then click Browse all tasks.
2 Click the task. 3 Depending on the task type you select, do one of the following:
If only one instance of the task is allowed, the new task is created. Single-instance tasks cannot be renamed. (Only Administration tasks) If the task contains more than one entity view, select a view to configure. This option is only available for administration tasks. Tasks that allow you to configure more than one entity are indicated with a plus sign on the task icon.
If more than one instance of the task is allowed, you are prompted to provide a task name. Enter the task name, and click Create.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
22
Adding a task
NOTE This behavior can be changed in the User interaction tab in the Options dialog box. For more information, see "User interaction options" on page 685.
Private tasks. Tasks that you saved that are only available to you. Public tasks. Tasks that you or someone else saved that are available to the general public.
1 From the Home page, click the Private tasks or Public tasks page. 2 Click a task. The task you select opens.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
23
"Task list commands" on page 24 "Close the current task" on page 25 "Reordering tasks" on page 25 "Save a task" on page 26 "Send a task to another workstation" on page 27 "Change the taskbar position" on page 27 "Set the taskbar to auto-hide" on page 27
Command
Description
Click to rename the selected task. Only tasks that accept multiple instances can be renamed. You can also select the task tab, and then click F2 to rename the task. Click to save any changes you made to a previously saved task. Click to save the task under a different name and scope (private or public). See "Save a task" on page 26.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
24
Command
Description
Send Close task Close all tasks Close all other tasks Add to Favorites Remove from Favorites Save workspace
Click to send the selected task to another Security Desk user or workstation. See "Send a task to another workstation" on page 27. Click to close the selected task. See also "Close the current task" on page 25. Click to close all tasks in your current task list. Click to close all tasks in your current task list, except the selected task. Click to add the selected task to your Favorites list on the Home page. Click to remove the selected task from your Favorites list on the Home page. Click to save the current task list and workspace. The same tasks and workspace layout loads automatically the next time you log on to Security Desk with the same username. If you make changes to a task and save the workspace again, the previous configuration is lost. See also "Save a task" on page 26. Click to reorder the tasks in alphabetical order from left to right. See "Reordering tasks" on page 25. Click to hide the selector pane, the event pane, and the dashboard. Only the canvas tiles and task list are visible. This option is mainly used for the Monitoring task. Click to display the Security Desk window in full screen mode.
Full screen
Reordering tasks
This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
25
Click and hold a task tab, and drag it to the desired position in the list.
Save a task
You can save your tasks permanently in either the private task list that only you can access, or in the public task list that everyone can access. The benefits for doing so are:
You can delete your task from your active task list and reload it when you need it. Public tasks can be shared with other users. Public tasks can be used as a report template with the Email a report action.
The task characteristics that are saved are:
The filter settings used by the task query. The report layout (choice and order of columns in the report). The canvas layout and the entities displayed in each tile.
NOTE The query results are not saved as part of the task definition. Only the query filters are saved. The results are regenerated every time you run the query.
Right-click the task tab, and click Save as. Use the CTRL+T keyboard shortcut.
NOTE A reporting task can be saved only when the query is fully qualified. You know that
your query is valid when the Generate report button in the Query tab is activated. 2 In the dialog box that appears, select the list you want to save your task to:
Private tasks. The task can only be accessed by you. Enter a name for the saved task, or select an existing one to overwrite it. Public tasks. Anyone can reuse your task. Enter a name for the saved task or select an existing one to overwrite it, and select the Partition that the task should belong to. The partition ensures that only certain users can view or modify this task.
4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
26
entities to be monitored, etc. 3 Right-click the task tab, and then click Send. The Send task dialog box opens. 4 Click . 5 Depending on whether you want to send the task to a user or a workstation, set the UserMonitor toggle switch to the appropriate type of recipient. 6 Select your recipient. 7 (Optional) If you are sending the task to a user, write a message in the Message field. 8 Click Send. The recipient receives a pop up message explaining that someone has sent them a task. They are prompted to accept the task before it loads in their Security Desk.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
27
4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
28
4
Working with reports
This section includes the following topics:
"Generate a report" on page 30 "Export and print your report" on page 31 "Customize the report pane" on page 32
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
29
Generate a report
Generate a report
To generate a report for any task, you need to set the query filters, and then run the query. After you generate the report, you can work with your results. 1 Select an existing reporting task, or create a new one. See "Adding a task" on page 22. 2 Use the filters to create a customized search. 3 Click Generate report to run the query. If there are invalid filters, the Generate report button is unavailable. If your query returned too many results, you receive a warning message. Fine tune your query and run it again. The query results are displayed in the report pane.
NOTE The maximum number of report results you can receive in Config Tool is 10, 000. By
default the maximum number of results is 2000. This value can be changed from the Options dialog box. See "Performance options" on page 689. 4 (Optional) Customize your query results. You can select the columns you want to show in your report, change the width and order of the columns, and sort the rows. See "Customize the report pane" on page 32. 5 Work with the query results. Depending on the items in the query results, you can print the report, or save the report as an Excel or PDF document. See "Export and print your report" on page 31. 6 Save the report as a template. Save the reporting task (query filters and report layout) as a report template that can be used with the Email a report action.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
30
2 Select the file format. You must select CSV, Excel, or PDF file format. If you choose CSV format, you must also specify where the attached files, such as cardholder pictures or license plate images, are to be saved. 3 Select the destination file name. 4 Click Save.
Click Print (
You can also export the report as a Microsoft Excel, Word, or Adobe PDF document.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
31
"Resize columns" on page 32 "Select columns" on page 32 "Change the column order" on page 33
Resize columns
You can change the column width in the report pane in any task.
Click between two column headings and drag the separator to the right or to the left.
Select columns
You can choose which columns to show or hide in the report pane. 1 In the report pane, right-click on a column heading, and then click Select columns ( A dialog box showing all available columns for your report appears. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
32
2 Select the columns you want to show, and clear the columns you want to hide.
and
arrows.
5 (Optional) To save your column selection, right-click in the taskbar, and then click Save workspace.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
33
Part II
Security Center administration
Learn about administration tasks for configuring your system. This part includes the following chapters: Chapter 6, Common administrative tasks on page 46
5
Basic principles about entities
This section includes the following topics:
"Entities as basic building blocks" on page 36 "Configuring entities" on page 37 "Searching for tasks and entities" on page 42 "Delete an entity" on page 45
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
35
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
36
Configuring entities
Configuring entities
As the basic building blocks of Security Center, most entities must be created manually. Other entities, such as those representing hardware devices connected to your system, must be discovered by Security Center. This section includes the following topics:
"Create an entity manually" on page 37 "Common entity attributes" on page 38 "Entities created automatically by the system" on page 39 "Using geographical locations" on page 40 "Further readings on entity configuration" on page 40
If this button has an entity type name, it will immediately open the corresponding entity creation wizard. If not, youll need to click a few more times to find the entity type you want to create. 3 Follow the steps in the entity creation wizard to guide you through the creation process. Most wizards start with a first step called Basic information. For more information, see "Common entity attributes" on page 38. After you are done: Most wizards only help you create the entity. You might need to perform more configuration work before the entity is usable. For more information, see "Further readings on entity configuration" on page 40.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
37
Configuring entities
Entity name. This name identifies the entity everywhere in the Config Tool. You can create
two entities with the same name (except for user entities), but it is not recommended. In some cases, a default entity name is created for you, but you can override it.
Entity description. Optional information regarding the entity. Partition. Partitions are logical groupings used to control the visibility of certain entities by
certain users on the system. Only users with permission to use a partition can see the entities placed in that partition. You have the following choices:
Existing partition. Allows you to select an existing partition from a drop-down list. Selecting Public partition makes the entity visible to everyone on the system. New partition. Allows you to create a partition before placing the new entity in it. System partition. Puts the new entity in the System partition. Only administrators can view and modify entities belonging to the System partition.
TIP If you are not planning to divide your system into partitions, it is better to leave everything in the Public partition rather than the System partition.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 38
Configuring entities
Always. Adding a new server automatically creates a new network. Only for units that support automatic discovery. See "What is automatic discovery?" on page 196. Only for units that support automatic discovery. See "What is automatic discovery?" on page 196. Always. Camera (or video encoder) entities are created when the encoding video units are added to your system. Always. Analog monitor (or video decoder) entities are created when the decoding video units are added to your system. Fixed LPR units are discovered by the LPR Manager roles. Mobile LPR units (mounted on patrol vehicles) are added when the Patroller entities are added. Always. Never. Created by the Intrusion Manager role when the intrusion panel is enrolled.
Not supported. Supported, but generally not required. Supported, but requires a live connection to the unit. Supported, but requires a live connection to the unit. Not supported.
Analog monitor
Not supported.
LPR unit
Not supported. Supported, but requires a live connection to the intrusion panel. Supported only if the Intrusion Manager cannot read the area configurations from the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
39
Configuring entities
"Common administrative tasks" on page 46 "Deploying Omnicast" on page 186 "Deploying Synergis" on page 251 "Deploying AutoVu" on page 329
Regarding the specific settings available for each entity type, please refer to the following chapters under Part V Config Tool reference.
"Copy configuration tool" on page 668 "Going through the import steps" on page 658
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 40
Configuring entities
"Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
41
"Search for a task" on page 42 "Search for entities by name" on page 43 "Search for entities using the Search tool" on page 43
2 Click a task or a tool to open it, or click an entity to jump to that entitys configuration page. 3 Click Clear filter ( ) to stop filtering your tasks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
42
Only entities with names containing the text you entered are listed. 3 Click Clear filter ( ) to stop using the search filter.
).
To turn on a filter, click on the filter heading. Active filters are shown with a green LED ( ). To turn off a filter ( ), click on the filter heading. icon to see why the filter is
NOTE Invalid filters are shown in red. You can point to the
invalid. 3 Click Search ( ). The search results appear on the right. The total number of results is displayed at the bottom of the list. 4 (Optional) Click Select columns ( 5 Select the entities you want. ) to choose which columns to display in the result list.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
43
TIP Hold the CTRL key for multiple selections. Click pages of results.
and
6 Click Select. Only the entities you selected appear in the selector. 7 Click Clear filter ( ) to stop using the search filter.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
44
Delete an entity
Delete an entity
You can delete entities that you have manually created, and those that were discovered automatically by the system. Before you begin: If the entity was automatically discovered, it must be offline or inactive (shown in red) before you can delete it. 1 Select the entity in the Logical view. 2 In the contextual command toolbar, click Delete ( ). 3 In the confirmation dialog box that appears, click Delete.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
45
6
Common administrative tasks
This section explains the basic tasks required to configure Security Center. This section includes the following topics:
"Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring Security Center for high availability" on page 60 "Configuring role failover" on page 61 "Configuring Directory failover and load balancing" on page 66 "Configuring Directory database failover" on page 71 "Monitoring your systems health" on page 75 "Managing the Network view" on page 82 "Managing the Logical view" on page 85 "Managing software security" on page 89 "Automating system behavior" on page 103 "Managing alarms" on page 111 "Managing threat levels" on page 117 "Federating remote systems" on page 128 "Defining custom fields and data types" on page 136 "Integrating with Windows Active Directory" on page 140 "Managing intrusion panels" on page 155 "Managing zones" on page 160 "Supporting cross-platform development" on page 164 "Creating tile plugins" on page 165
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
46
"Add an expansion server to your system" on page 47 "Managing servers" on page 48 "Managing roles" on page 49 "Diagnose role problems" on page 51
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
47
Managing servers
After Genetec Server is installed on a machine, you can change its password and other settings using Server Admin. Server Admin is a Web application running on every machine where the Genetec Server service is installed. It allows you to change the settings of that particular server. For more information, see Server "Server Admin" on page 473.
In the address bar of your Web browser, type http://machine:port/Genetec, where machine is the DNS name or the IP address of your server, and port is the Web server port specified during Security Center Server installation. You can omit the Web server port if you are using the default value (80). If connecting to Server Admin from the local host, then double-click the Genetec Server Admin icon in the Genetec Security Center 5.2 program folder.
A dialog box requesting a password appears. 2 Enter the server password, and click Log on. The Genetec Security Center Server Admin page appears in your browser. After you are done: Configure the server. See "Server Admin" on page 473.
6 Click Apply.
Managing roles
What is a role?
A role is an entity in Security Center that defines the following:
A specific set of functions (role type) that should be performed by the system, such as the
management of video units and associated video archives.
A specific set of parameters (role settings) within which the system should operate, such as
the retention period for the video archives, or the database the system should use.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
49
Some roles can spawn subprocesses (called agents) and execute them simultaneously on multiple servers for greater scalability.
To use a different database than the default, see "Create a database" on page 55. To switch the role to a different server, see "Move a role to a different server" on page 50. To ensure the availability of the role in case of hardware failure, see "Configure failover for roles" on page 64.
9 Configure other role properties if necessary. For more information, see "Role types" on page 510. 10 Click Apply. The new role should be active and running. If not, see "Diagnose role problems" on page 51.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to modify. 3 Click the Resources tab. 4 If the role requires a database, do one of the following:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
50
If the database is empty, you can create it anywhere you want. See "Create a database" on page 55. If the database contains data and is residing on the current server, you need to move the database to the new server or to a third computer. See "Move a database to a different computer" on page 53. ).
A dialog box appears with all available servers on your system. Select the substitute server and click Add. 6 Select the current server in the Servers list, and click Delete ( 7 Click Apply. The role now runs on the new server. ).
Deactivate a role
A role can be deactivated for maintenance purposes. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to deactivate. 3 In the Contextual commands toolbar, click Deactivate role ( The role turns red (inactive) in the browser.
TIP To reactivate the role, click Activate (
).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
51
Managing databases
Managing databases
Most roles require a database to store the data they collect. Managing those databases is an important part of the system administrators responsibilities. This section includes the following topics:
"Common database settings" on page 52 "Where should the database be hosted?" on page 53 "Move a database to a different computer" on page 53 "Connect roles to a remote database server" on page 54 "Create a database" on page 55 "View information about a roles database" on page 56 "Turn on role database notifications" on page 57 "Back up your role database" on page 57 "Restore your role database" on page 58 "Delete a database" on page 59
From this group of settings, you can check the current status of the database, and perform the following maintenance functions:
Button Command For more information
See "Create a database" on page 55. See "Delete a database" on page 59.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
52
Managing databases
Button
Command
See "View information about a roles database" on page 56. See "Turn on role database notifications" on page 57. See "Resolve conflicts for Access Manager roles" on page 515. See "Back up your role database" on page 57.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role whose database you want to relocate. 3 In the Contextual commands toolbar, click Deactivate role ( 4 Click the Resources tab. 5 Back up the current database. See "Back up your role database" on page 57.
TIP Since the backup folder is relative to the current server, it might be a good idea to select a network location that can be reached by any server on your system.
).
6 (Optional) Delete the current database. See "Delete a database" on page 59. 7 Create the database on the new machine. See "Create a database" on page 55. 8 Restore the backed up content to the new database. See "Restore your role database" on page 58. 9 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
53
Managing databases
).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
54
Managing databases
d Close SQL Server Configuration Manager. 5 Restart your SQL Server instance to enable the settings you have changed. a Open Microsoft Management Console Services (services.msc). b Right-click the SQL Server instance service (for example SQL Server (SQLEXPRESS)), and click Restart. 6 On every server that hosts your Security Center roles, change the logon user of the Genetec Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open Microsoft Management Console Services (services.msc). b Right-click the Genetec Server service, and click Properties. c In the Log on tab, select the This account option, and type an administrator Account name and Password. d Click Apply > OK. 7 On every server that might be used to host your Security Center roles, change the logon user of the SQL Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open SQL Server Configuration Manager. b Click SQL Server Services. c Right-click the SQL Server service, and click Properties. d In the Log on tab, select the This account option, and type an administrator Account name and Password. e Click Apply > OK.
Create a database
You might need to create a new database, overwrite the default database assigned to your role by the system, or select a different database prepared by your companys DBA group if you plan on using a dedicated database server. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, select a role, and click the Resources tab 3 From the Database server drop-down list, type or select the name of the database server. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server 2008 Express Edition that was installed by default with Genetec Security Center Server. To specify a database server on a different server than the one hosting the role, enter the name of that remote server. 4 From the Database drop-down list, type or select the name of the database. The same database server can manage multiple database instances. 5 Click the Create a database command. 6 Specify the database creation options.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 55
Managing databases
CAUTION If you select the Overwrite existing database option, all current content of the
selected database is lost. If you need to create a backup first, see "Back up your role database" on page 57. 7 Click OK. The database creation starts. A window appears, showing the progress of this action. You can close this window, and review the history of all database actions later on by selecting Database actions from the View menu. 8 Wait until you see Database status indicating Connected. 9 (Optional) See "Turn on role database notifications" on page 57. 10 Click Apply. The Status of the Database status field should indicate Connected.
).
The following information can be displayed, depending on the role: Database server version. Software version of the database server. Database version. Schema version of the roles database. Approximate number of events. (Also called Approximate number of archived events and Event count) Number of events that are stored in the roles database. Source count (Archiver and Auxiliary Archiver only). Number of video sources (cameras) that have archives. Video file count (Archiver and Auxiliary Archiver only). Number of video files. Size on disk. Size of the Database files.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
56
Managing databases
).
4 In the dialog box that opens, set the following options: Disk space. Sends a notification when the remaining free space falls below a certain threshold (in GB). Database usage. Sends a notification when the used space reaches a certain percentage. This option is only for the Express edition of SQL Server, whose database size is limited to 4 GB for the 2005 version, and 10 GB for 2008 R2. If you are using a full edition of SQL Server, this option has no effect.
5 Click OK.
NOTE The path is relative to the server hosting the role, not to the workstation where you are
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
57
Managing databases
backed up on the same machine. 6 Specify how many backup files you want to keep.
NOTE The backup files you create manually are not counted in that number.
7 Click OK > Apply. The automatic backup starts at the next scheduled date and time.
NOTE The path is relative to the server hosting the role, not to the workstation where you are
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
58
Managing databases
Delete a database
To free up disk space, delete databases you no longer use. 1 From the Database drop-down list in the Resources tab of a role, select the database you want to delete.
NOTE This does not need to be your current database.
).
CAUTION A confirmation dialog box appears. If you continue, the database is permanently deleted. Clicking Cancel in the Config Tool toolbar will not restore it!
3 Click Delete in the confirmation dialog box. The database instance is permanently deleted. 4 Do one of the following:
If a database is already created for your role, click Cancel in the Config Tool toolbar. If there was no database created for your role, create a new database. See "Create a database" on page 55.
5 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
59
Directory failover. Ensure that the Directory role is still available if its primary server fails
(see "Configuring Directory failover and load balancing" on page 66). The Directory role handles failover for all other roles, so it is important that the Directory role is available at all times.
Directory load balancing. A benefit of Directory failover. The Directory can run
simultaneously on up to 5 servers to share the workload of the Directory role. All servers that are set up for Directory failover are automatically used for load balancing.
Database failover (only for Directory role). Protect the Directory database, using one of
the following methods:
Backup and restore. Regularly backup your database, and restore it if a failover occurs. Microsoft SQL Server Database Mirroring. The database instances are kept in synch by Microsoft SQL Server.
For more information, see "Configuring Directory database failover" on page 71.
Archiver failover. Ensure that the Archiver role and the video archives are still available if
the Archivers primary server fails (see "Protecting your video archive against hardware failure" on page 227).
Other role failover. Ensure that other roles in your system are still available if their primary
server fails (see "Configuring role failover" on page 61). If the role database must be protected, you should consider one of the following third party solutions: SQL Server Clustering or Database Mirroring.
NEC ExpressCluster X LAN. Third party solution for roles that do not support failover.
For more information, see Security Center Installation Guide for NEC Cluster. Click here for the most recent version of this document.
Windows 2008 Server failover cluster. Third party solution for roles that do not support
failover. For more information, see Security Center Installation Guide for Windows Cluster. Click here for the most recent version of this document. Other ways you can ensure high availability are to detect problems early, and prevent those problems from reoccurring. For more information, see "Monitoring your systems health" on page 75.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
60
"How role failover works in Security Center" on page 61 "Which roles support failover" on page 62 "Configure failover for roles" on page 64 "Troubleshooting failover" on page 65
Primary server. Server that normally hosts a role for it to work on the system. Secondary server. Standby servers that are assigned to a role to keep it running in case the
primary server becomes unavailable. There is no limit to the number of secondary servers you can assign to most roles. However, the more servers you add, the less cost-effective it might be for you. The secondary server for one role can be the primary server for another role, provided that both servers have enough resources (CPU, memory, disk space, and network bandwidth) to handle the combined load of both roles in case of a failover.
IMPORTANT Security Center does not handle database failover, except for the Directory role. Besides performing regular backups of your database, one solution you might consider to protect your data is to use SQL Server Clustering or Database Mirroring.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
61
Before failover, a role is hosted on the primary server, and connects to a database server hosted on a third computer. When the primary server fails, the role automatically fails over to the secondary server and reconnects to the same database server.
Before failover
Primary server (hosting the role) Secondary server (on standby)
After failover
Primary server (failed) Secondary server (hosting the role)
Database server
Database server
Access Manager
Yes, configured
Only supported with Synergis Master Controller (SMC). For more information, see the Synergis Master Controller Configuration Guide.
Yes Yes Can only have one secondary server. Each server requires a separate database, hosted locally, or on another computer. See "About Archiver failover" on page 227.
Auxiliary Archiver
No. It ensures that video archives are still available if the main Archiver fails. Yes Can run simultaneously on up to five servers. Also supports Directory database failover. See "Configuring Directory failover and load balancing" on page 66.
Directory
Directory Manager
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
62
Role
Supports failover
Exceptions
Yes Yes Yes Only when the intrusion panels are connected using IP. Failover is not supported if the intrusion panels are connected using serial ports. Extra resources must be shared between the primary and secondary servers. The Root folder of the role must point to a UNC location that all servers have access to. File paths of hotlist and permit entities must be entered as a UNC location accessible to all servers. Also, the WatermarkEncryptionParameters.xml file located in the installation folder of the primary server must be copied to the secondary servers. The primary and secondary servers can each have a separate database, hosted locally, or on another computer.
LPR Manager
Yes
Media Router Omnicast Federation Plugin Point of sale Report Manager Security Center Federation Web-based SDK Zone Manager
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
63
6 After a failover occurs, if you want the primary server to take control of the role once it is restored, select the Force execution on highest priority server option. By default, the role remains on the secondary server after a failover occurs to minimize system disruptions. 7 Click Apply. 8 To make the new server the primary server: a Select it in the list, and click to move it to the top of the list. b Select the Force execution on highest priority server option, and click Apply. After a few seconds, the green LED moves to the new server, indicating that it is now the one hosting the role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
64
Troubleshooting failover
If you encounter problems when trying to configure failover for your system. check the following:
Make sure your database connections are configured properly, and that the servers being
used for failover can communicate with the database server. See "Connect roles to a remote database server" on page 54.
Make sure the Genetec Server and SQL Server services are running under a local Windows
administrator user account. See "Connect roles to a remote database server" on page 54.
(Directory database failover using Backup/Restore method only) Make sure that the user
account has access read/write access to the backup folder.
(Directory database failover using Backup/Restore method only) Make sure that the
Genetec server is installed on the remote database server. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
65
"How Directory failover and load balancing works" on page 66 "Directory failover and load balancing prerequisites" on page 67 "Add a server to the Directory failover list" on page 68 "Modify the license for all servers" on page 68 "Change the order of the Directory servers" on page 69 "Manually switch the main server" on page 69 "Remove a server from the Directory failover list" on page 70 "Bypass default load balancing" on page 70
Directory role. Manages your system configuration, and handles failover for all other roles. Directory database. Stores your system configuration.
The Directory Manager role handles Directory failover and load balancing for your system. It manages failover for the Directory role and Directory database independently, allowing you to have separate lists of servers assigned to host the two components. These two lists of servers can overlap or be completely separate.
NOTE There can only be one Directory Manager role in your system. It is created automatically when your software license supports multiple Directory servers.
Directory server. Servers assigned to host the Directory role. The Directory role can run on
five Directory servers simultaneously for load balancing. They distribute the workload for credential authentication, software license enforcement, Directory database report queries, and so on. Users can log on to Security Center through any of the Directory servers. By default, the Directory Manager redirects the connection requests across all Directory servers in a round robin fashion. To change this behavior, see "Bypass default load balancing" on page 70.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
66
). It has full read/write access to the Directory database. If your system is configured for Directory failover and load balancing, the additional Directory servers ( ) only have read access to the database.
When a Directory server fails, only the client applications connected to Security Center through that server must reconnect. If the main server fails, then all clients on the system must reconnect, and the responsibility of being the main server is passed down to the next Directory server in the failover list.
Your Security Center license must support multiple Directory servers. If you need to update
your license, see Activate license in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
Your System ID and Password, found in the Security Center License Information document.
Genetec Technical Assistance sends you this document when you purchase the product. All servers you plan to use as Directory servers must be up and running as expansion servers. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide. For all the expansion servers you plan to use as Directory servers, make sure their general properties configured in Server Admin are the same as those of the main server. This ensure that your data, such as the alarm retention period and so on, is stored for the same amount of time. For information about configuring Directory properties in the Server Admin, see "Server Admin" on page 473.
The Directory database must be hosted on a remote computer from the Directory servers.
See "Move a database to a different computer" on page 53. The database server must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
67
on that expansion server with Server Admin. This action disconnects the server from your current system and transforms it into the main server of a new system. Before you begin: Read "Directory failover and load balancing prerequisites" on page 67. 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 4 Click Add an item ( ). ), and then click the Directory servers tab.
5 In the dialog box that appears, select the server you want to add, its connection port (default=5500), and click Add. The server is added to the failover list. 6 To add more Directory servers, repeat Step 4 and Step 5. You can add up to five Directory servers. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. If the main server fails, the role switches to the next server in the list, and that server becomes the main server. 7 Update your license to include the servers youve just promoted to Directory Servers. For more information, see "Modify the license for all servers" on page 68. 8 Click Apply. The expansion servers are converted into Directory servers and the updated license is applied to all Directory servers in the list. Client applications and roles on expansion servers can connect to Security Center using any of the Directory servers.
Web activation. (Recommended) Activate your license via Internet. In the dialog box that appears, enter your System ID and Password and click Activate. Manual activation. Update and activate Security Center manually using license file. For more information, see "Manual license activation" in the Security Center Installation and Upgrade Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
68
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
69
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 5 Repeat Step 4 if necessary. 6 Update your license to exclude the servers youve just removed. For more information, see "Modify the license for all servers" on page 68. 7 Click Apply. The removed servers are reverted to the status of expansion servers, and the updated license is applied to all remaining Directory servers. Users can no longer connect to the system using the servers that have been removed. Clients connected to Security Center through these servers are disconnected, and reconnected to the remaining Directory servers. ), and then click the Directory servers tab. ). 4 Select the server you want to remove, and click Remove the item (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
70
"How Directory database failover works" on page 71 "Configure database failover through backup and restore" on page 72 "Configure database failover through mirroring" on page 74
Backup and restore. The Directory Manager protects the Directory database by regularly
backing up the master database instance (source copy). During a failover, the latest backups are restored to the backup database thats next in line. Two schedules can be defined: one for full backups, and another for differential backups.
Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to
Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover. The following table compares the differences between the two database failover modes.
Backup and restore (Directory Manager) Mirroring (Microsoft SQL Server)
Multiple backup instances of the Directory database are kept relatively in synch with its master instance via regular backups performed by the Directory Manager role. The failover database can only be as up to date as the most recent backup. Changes made while the Directory is connected to the backup database are lost when the Directory switches back to the master database. Both master and backup databases must be hosted on Security Center servers. Can work with SQL Server Express edition which is free. Recommended when the entity configurations are not frequently updated.
A single copy (the mirror instance) of the Directory database is kept perfectly in synch with the master copy (or principal instance) using SQL Server database mirroring. The failover database is an exact copy of the principal database. Changes can be made to the Directory database at any time without ever losing data. The principal and mirror database instances can be hosted on any computer. Requires SQL Server 2008 Standard Edition or better with the mirroring feature. Recommended when entity configurations are frequently updated, such as for cardholder and visitor management.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
71
Causes a temporary disconnection of all client applications and roles while the database failover is in progress. Database failover is handled by the Directory Manager role.
No client application disconnection during failover. Database failover is executed by a separate Witness server running on SQL Server Express (optional but highly recommended) or it has to be manually detected and executed by the database administrator.
Your Security Center license must support multiple Directory servers. If you need to update
your license, see Activate license in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
The database servers must be running on remote computers from the Directory servers. See
"Move a database to a different computer" on page 53. All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. All database instances must be the same version, and an expansion server must be installed on each database server. For more information about installing expansion servers, see Install an expansion server in the Security Center Installation and Upgrade Guide.
To preserve the changes made to your system configuration while you were operating from
the backup database, you must restore the latest contingency backup (created in the ContingencyBackups subfolder under the restore folder) to your master database before reactivating it. To avoid losing the configuration changes made while you were operating from the backup database, you can transform the backup database into your master database. To do this, select it from the database failover list to move it to the top of the list. However, keep in
72
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
mind that your backup database is only as up to date as the most recent backup before the failover took place. To configure database failover through backup and restore: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( ), then the Database failover tab. 4 Switch the Use database failover option to ON. 5 Select Backup and restore for Failover mode. 6 Click Add an item ( ). 7 In the dialog box that appears, specify the Security Center server, the database server, the database instance, and the folder where the backup files should be copied.
You can assign as many backup databases as you want. However, the more backup databases you have, the longer it takes to back up the Directory database content. 8 Click OK. The new backup database instance is added.
NOTE The server flagged as (Master) is the one currently hosting the database. The green
LED (
) indicates the database that is currently active (not necessarily the master).
9 Repeat Step 6 to Step 8 if necessary. 10 To force all Directory servers to reconnect to the master database once it is back online after a failover, select the Automatically reconnect to master database option.
CAUTION Switching the active database causes a short service disruption, and all changes made to the system configuration while the master database was offline are lost. Use this option only if you are ready to lose the changes made to the system configuration while you were operating from the backup database.
11 Under Master backup, specify the frequency at which the full backup and the differential backup should be generated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
73
A differential backup only contains the database transactions made since the previous backup, so it is much faster to generate than a full backup. Frequent differential backups ensure that your backup database is most up to date when you fail over, but might take longer to restore. 12 Click Apply. After you are done:
IMPORTANT Once the Backup and restore failover mode is enabled, all subsequent changes to the master database from Server Admin (restoring a previous backup for example) must immediately be followed by a full manual backup executed from Config Tool. Failing to do so causes your master and backup databases to become out of synch and the database failover mechanism to no longer work. See "Back up your role database" on page 57.
The Principal database server, the Mirror database server, and the Witness server (optional
but highly recommended) must be configured. For the configuration of SQL Server for mirroring, please refer to Microsoft SQL Server Database Mirroring documentation. Your Security Center license must support multiple Directory servers. If you need to update your license, see Activate license in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
The database servers must be running on remote computers from the Directory servers. All database servers must be accessible from all Directory servers. To configure the remote
database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. To configure database failover through mirroring: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select Directory Manager ( ), then the Database failover tab. 4 Switch the Use database failover option to ON, and select the Mirroring option. The database youre currently connected to is the Principal database. 5 Under Mirror database, enter the database server name of the Mirror database. 6 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
74
"About the Health Monitor role" on page 75 "Configuring the Health Monitor" on page 76 "Monitoring your systems health using maintenance tasks" on page 81
Access control unit Archiver Video unit Media router Patroller Security Desk
Synchronization failed RTP packet loss high Connection to unit lost Role stopped unexpectedly Offload failed Application stopped unexpectedly
Server and access control unit cannot synchronize databases. Packet loss ratio is greater than 10% over 5 seconds. Server cannot connect to video unit. Media router is unavailable and the cause is unknown to the system. Autovu Patroller offload unsuccessful. Security Desk application failed.
You can choose which health events to monitor and keep them in a database which enables you to generate health history and statistics reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
75
"Initial Health Monitor setup" on page 76 "Health event definitions" on page 77 "Configure health events to monitor" on page 79 "Set an entity in maintenance mode" on page 80 "Change the firing threshold of a health event" on page 80
6 When you see confirmation that the database has been deleted, click Clear finished, then click Close. 7 In the Contextual commands toolbar, click Deactivate role (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
76
).
After 15-30 seconds, a new HealthMonitor database should be created in the Health monitor roles Resources tab. The health errors and warnings generated during the setup are deleted. As a result, all health statistics are reset.
The table below lists the health events by their error number and indicates their severity
level, Information (
Error number
), Warning (
), or Error (
).
Severity
Health event
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Archiving started Archiving stopped Application connected Application disconnected by user Application disconnected unexpectedly Application started Application stopped by user Application stopped unexpectedly Connection restored Connection failed Connection to unit restored Connection to unit lost Connection to unit stopped by user Database automatic backup restored Database automatic backup failed Database recovered Database lost CPU usage normal CPU usage high Memory usage normal
Information Error Information Information Warning Information Information Warning Information Error Information Error Information Information Error Information Error Information Warning Information
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
77
Error number
Health event
Severity
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
Memory usage high Database space normal Database space low Patroller offload restored Patroller offload failed Patroller online Patroller offline Point of Sale database recovered Point of Sale database lost Role started Role stopped unexpectedly Role stopped by user RTP packet loss normal RTP packet loss high Server started Server stopped by user Server stopped unexpectedly Synchronization recovered Synchronization failed Video signal recovered Video signal lost Disk access restored Disk access unauthorized Alarm trigger rate normal Alarm trigger rate high Directory started Directory stopped unexpectedly
Warning Information Warning Information Error Information Information Information Error Information Error Information Information Warning Information Information Error Information Warning Information Error Information Warning Information Warning Information Error
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
78
Error number
Health event
Severity
48 49 50 51 52 53 54 55 56
Directory stopped by user Remaining archive disk space normal Remaining archive disk space low Live server monitoring restored Live server monitoring failed Directory failover: Main database recovered Directory failover: Main database lost Database restore succeeded Database restore failed
temporarily ignore an entitys health events because you are performing maintenance work on it, set it to maintenance mode. See "Set an entity in maintenance mode" on page 80. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Properties tab. 4 Under Events to monitor, select or clear the desired events. Expand the list as necessary. Most health events come in pairs, such as Database lost and Database recovered. They can only be selected or ignored together.
IMPORTANT Clearing a health event in the monitoring list does not remove it from the Health history query filter, but it could make some of the health statistics calculations impossible.
Some events allow you to adjust the thresholds used to generate the event. For example, the default configuration is set so that any server whos CPU runs higher than 80% for a period of 10 seconds will generate a CPU usage high health event. See "Change the firing threshold of a health event" on page 80. 5 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
79
Setting something in Maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only. When you set Security Center Federation roles or Omnicast Federation roles in maintenance mode, you might need to press F5 to refresh the roles icons in the Logical view.
2 Click Edit (
The event details window opens. 3 Adjust the values as required. 4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
80
Health history. View system health events (errors, warnings, issues) related to selected
entities. For more information, see "Viewing system health events" on page 170.
Health statistics. Monitor the overall health of your system. By monitoring the health and
availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and possibly prevent critical system failures. For more information, see "Viewing the health status and availability of entities" on page 171.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
81
"What is the Network view?" on page 82 "Purpose of the Network view" on page 82 "Creating network entities" on page 83
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
82
"When do I need to configure the Network view?" on page 83 "How network entities are created" on page 83 "What is the Default network?" on page 83 "Create a network manually" on page 84
Your system spreads across multiple networks. You allow users to connect to your main server over the Internet.
How network entities are created
Network entities are created automatically by the system. After installing Security Center on your main server, youll have two network entities on your system. The Default network is at the root of the network tree, and attached to it is a second network entity that corresponds to your companys network (where your main server is located).
After that, more network entities are added to your system when you add new servers belonging to different networks. You can also add new networks manually, rename them, and change their initial configuration. You can also move networks and servers around in the network tree.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
83
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
84
"About the Logical view" on page 85 "Configuring the Logical view" on page 86
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
85
A B C
Search box System entity Additional commands Area entity Yellow entity Rename entity Arrow icons Red entity Federated entity
Type in the Search box to find the entities containing that text in their category, name, or description. See "Searching for tasks and entities" on page 42. At the root of the hierarchy is the system entity ( hosts the Directory role. ), which is the server that
Right-click an entity in the Logical view to use additional commands, such as adding or deleting entities, diagnosing the selected entity, launching a report on the selected entity, or refreshing the Logical view. Area entities ( grouping. ) can represent a concept or physical location. It is a logical
D E F G H I
Whenever an entity name is displayed in yellow, it means that there is a problem with the settings. Press F2 to rename the selected local entity. NOTE You cannot edit names of federated entities. Click the arrows in the Logical view to show or hide child entities. Indicates that the entity is offline and the server cannot connect to it, or the server is offline. All entities imported from federated systems are shown with a yellow arrow superimposed on the regular entity icon ( ). They are called federated entities.
"Add a new area to the Logical view" on page 86 "Move entities around in the Logical view" on page 87 "Rename entities in the Logical view" on page 87 "Copy entities in the Logical view" on page 87 "Delete an entity from the Logical view" on page 88
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
86
3 In the Contextual commands toolbar, click Add an entity ( The new area is added under the selected entity. 4 Type a name for the area, and press ENTER.
After you are done: Configure the new area. For information about area properties, see "Area" on page 360.
Select an area or another entity, and then drag it to another area. Hold the SHIFT key, select multiple entities, and then drag them to another area.
The selected entities are now a child entities of that area (below that area in the hierarchy).
Select an entity in the Logical view, press F2, rename the entity, and press ENTER.
Copy entities in the Logical view
You can create multiple copies of the same entity under areas in the Logical view.
Hold the CTRL key, click the entity you want to copy, and then drag the entity into another
area. A copy of the entity is created under the area. If you copied an area under another area, all its child entities (entities below that area) are also copied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
87
If it is the only copy of that entity in the tree, click Delete. If more than one copy of the entity exists, make the choice to delete them all or only the selected copy.
If you deleted an area that has child entities, those child entities are also deleted.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
88
"Introduction to software security" on page 89 "Defining partitions" on page 90 "Defining users" on page 93 "Defining user groups" on page 96 "Configuring user privileges" on page 99 "Using privilege templates" on page 101 "Importing users from an Active Directory" on page 102
Who uses the system? What do they use it for? What parts of the system are they allowed to access?
How is software security configured?
The software security of your system is modelled by three entity types:
User. The user entity represents a person who needs to use Security Center applications to
do their job. Each user is identified by a username and a password. What the user is allowed to do on the system is defined by their privileges, and the partitions they have access to.
User group. The user group entity defines the common attributes shared by a group of
users, such as their privileges and other security attributes. A user who is a member of a user group automatically inherits the characteristics of that group. This mechanism simplifies the configuration process because it eliminates the tedious task of configuring users individually.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
89
Defining partitions
This section includes the following topics:
"Why use partitions?" on page 91 "What constitutes a partition?" on page 91 "Who is a partition manager?" on page 91 "Differences between Public and System partitions" on page 91 "Create a partition" on page 91 "Add members to a partition" on page 92 "Add accepted users to a partition" on page 92 "Promote a user to partition manager" on page 93
90
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Reduces the scope of what a user can access for security reasons. In a multi-site system, it
might be undesirable for the security team of one site to be able to see or interfere with the activities of a security team on another site. Reduces the scope of a users work to make it more manageable. If a user is only concerned with one part of the system (one site in a multi-site system), it is better for that person not to be distracted by the entities they have nothing to do with.
List of members. Entities that belong to the partition (areas, doors, cameras, etc.). List of accepted users. Users and user groups that have the right to access the entities
contained in the partition. The type of user access varies according to the user privileges. A new set of privileges that override the user's basic privileges, can be defined on the partition level.
Public partition. This partition has the unique characteristic that all its members are visible
to all users on the system.
NOTE This does not mean that every user is automatically an accepted user of the Public
partition. Only partition managers who have been explicitly configured as accepted users can exercise their administrative privileges over the members of the Public partition.
System partition. This is a hidden partition. This partition has the unique characteristic
that its members are only visible to the administrative users (Admin user and members of the Administrators user group).
Create a partition
1 From the Home page in Config Tool, open the Security task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 91
).
3 In the partition creation wizard, enter the Basic information. See "Common entity attributes" on page 38. All partitions are created by default in the System partition. Selecting an existing partition will create the new partition as its subordinate. For more information, see "Nesting partitions" on page 93. 4 Click Create, and click Close. An empty partition is created. 5 Define the content of the partition. See "Add members to a partition" on page 92.
TIP You can also place the new entities you create directly into the partition.
6 Define who has permission to access the entities contained in the partition. See "Add accepted users to a partition" on page 92.
NOTE You might have to perform this step later if the users have not yet been created.
7 (Optional) Name an accepted user as partition manager. See "Promote a user to partition manager" on page 93.
1 Click the Properties tab of a partition entity. 2 At the bottom of the Properties tab, click Add ( ). 3 Select the entities you want to add, and click Select. The selected entities are added to the Members list. You do not have to click Apply. 4 Repeat the previous steps as needed. For more information about partition properties, see "Properties" on page 448.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
92
Nesting partitions
By default, partitions are created at the top level and can be nested if required.
When using the Config Tool, accepted users of a partition can see all entities that belong to
that partition and its subordinates. When using the Security Desk, accepted users of a partition can monitor all entities that belong to that partition and its subordinates.
Defining users
This section includes the following topics:
"How are users represented?" on page 93 "What are Admin and Service users?" on page 94 "Create a user" on page 94 "Add a user as a member of a user group" on page 95 "Force Security Desk to run in full screen mode" on page 95
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
93
Privileges. Limits the types of activities the user can perform on the system. See
"Configuring user privileges" on page 99.
Partitions. Limits the entities on which the user can exercise their privileges. See "Defining
partitions" on page 90. A user can be a member of one or more user groups, from which it inherits most of its attributes.
Admin. This user has full administrative rights to configure Security Center. A person
logged on as Admin can change, modify, and delete any entity in Security Center.
Service . This is a hidden user account reserved exclusively for the Genetec Server service.
A person cannot use this account to connect to Security Center.
Create a user
1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, and click User ( ). 3 In the user creation wizard, enter the Basic information. See "Common entity attributes" on page 38.
NOTE The entity name is also the username, therefore, it must be unique.
4 Select partition rights for the user. a Select Give this user administrative rights over the partition to make the user a manager of the partition you selected. b Select Give this user access to the partition to make the user an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next. 6 Enter the User information, and click Next. See "Using privilege templates" on page 101. 7 Click Create, and click Close. The new user account is created. 8 (Optional) Configure the users membership in user groups. See "Add a user as a member of a user group" on page 95. 9 Click the Properties tab, type the persons email address, and click Apply. 10 Click the Security tab, configure the security properties, and click Apply. See "Security" on page 486. 11 Click the Privileges tab, define the user privileges, and click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 94
See "Privileges" on page 488 and "Force Security Desk to run in full screen mode" on page 95. 12 Click the Workspace tab, define the users Security Desk workspace, and click Apply. See "Workspace" on page 485.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
95
To force full screen operation on a workstation: 1 On the workstation, open the Security Desk Properties dialog box. 2 Select the Shortcut tab, and add the option /forcefullscreen (or /ff ) to the end of the string found in Target.
3 Click Apply. The next time a user starts Security Desk using this shortcut, the application will start in full screen mode. The Restore Down commands and the F11 key (switch between full screen and windowed mode) are disabled.
NOTE Locking Security Desk in full screen mode does not prevent the user from minimizing the
Security Desk window with ALT+ESC or to switch to another application with ALT+TAB.
"Why do I need to create user groups?" on page 97 "What is the Administrators user group?" on page 97 "Create a user group" on page 97 "Make a user group a subordinate of another user group" on page 98
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
96
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
97
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
98
"What are user privileges?" on page 99 "How are privileges granted to users?" on page 99 "About privilege hierarchy" on page 99 "About privilege inheritance" on page 100 "Differences between Basic and Partition privileges" on page 101 "About privilege templates" on page 101 "What are the privilege templates?" on page 101
Application privileges. Grant access to the Security Center applications. General privileges. Grant access to the generic Security Center features. Administrative privileges. Grant access to system entity configuration in Config Tool. Task privileges. Control accessibility to the various Security Desk tasks. Action privileges. Control the actions that can be performed on the system entities.
For a complete list and definition of all privileges, see "User privileges" on page 694.
Allow. The privilege is granted to the user. Deny. The privilege is denied to the user. Undefined. This privilege must be inherited from a parent user group. If the user is not a
member of any group, or if the privilege is also undefined to the parent user group, then the privilege is denied.
For a child privilege to be allowed, the parent privilege must be allowed. If a parent privilege is denied, all child privileges are denied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 99
A privilege that is undefined at the group level can be allowed or denied at the member A privilege that is denied at the group level is automatically denied at the member level. When a user is a member of multiple user groups, the user inherits the most restrictive
privilege settings from its parents. This means that Deny overrules Allow, and Allow overrules Undefined. There are exceptions to the above rules: level. A privilege that is allowed at the group level can be denied at the member level.
Administrator status. The Admin user, and members of the Administrators user group,
have a special status that grants them full administrative rights. These users can configure the Security Center as they see fit; they can view and modify all entities in all partitions. The Admin user and the Administrators user group are created at installation and cannot be deleted or renamed.
Partition manager status. A user or user group assigned to a partition can be given the
status of Partition manager over that partition. This special status confers full administrative rights over the entities contained in that partition. It supersedes all privileges configured at the partition level for that user. A partition manager can add, modify, and delete all entities within their partition, including the users and user groups. Unlike users with the administrator status, the Application, General, and Task privileges can be denied to a partition manager.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
100
"About privilege templates" on page 101 "What are the privilege templates?" on page 101
About privilege templates
Privilege templates are predefined privilege configurations, based on standard security personnel profiles, that you can apply to users and user groups to simplify the creation process. Once applied, you can fine tune the privileges manually. Privilege templates are only available when creating a user or user group. You cannot rename, modify, or delete the privilege templates. However, you can freely modify the privilege settings after they are applied to a user or user group. The best way to use privilege templates is to create one user group for each template if necessary. After your model user groups are created, users can inherit privileges from them.
Reporting. This template only grants the privileges to run Security Desk and to execute the
most basic reporting tasks, excluding those for AutoVu LPR. A user with this set of privileges alone cannot view any video, control any physical devices, or report incidents.
Operator. This template is for security operators who need to monitor real time events in
the system. It grants them the privileges to use the Monitoring task, view video, manage visitors, credentials, and badge templates, add bookmarks and incidents, save snapshots, unlock doors, and so on.
Investigator. This template is for investigators. It grants the privileges to use the Monitoring
task, view video, control PTZ cameras, record and export video, add bookmarks and incidents, use investigation tasks, manage alarms and visitors, override door unlock schedules, save tasks, and so on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
101
Supervisor. This template is for people who have supervisory responsibilities. It grants the
same privileges as the Investigator template, plus the privileges to use maintenance tasks, manage cardholders and credentials, modify custom fields, set threat levels, block cameras, and perform people counting.
Provisioning. This template is for the system installer. It grants almost all configuration
privileges, with only a few exceptions (managing roles, macros, users, user groups, custom events, activity trails, threat levels, and audio files).
Basic AutoVu Operator. This template is for security operators using AutoVu LPR. It
grants them privileges to use LPR tasks, configure LPR entities, create LPR rules, monitor LPR events, and so on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
102
"Using schedules" on page 103 "Using event-to-actions" on page 106 "Using scheduled tasks" on page 109 "Using macros" on page 110
Using schedules
Schedules are useful in Security Center to dynamically control the behavior and settings of the system based on timetables. This section includes the following topics:
"What is a schedule?" on page 103 "What is the default schedule?" on page 104 "Warning about time zones" on page 104 "What is a twilight schedule?" on page 104 "Create a schedule" on page 105 "Resolving schedule conflicts" on page 105
What is a schedule?
The schedule entity ( ) defines a set of time constraints that can be applied to many situations, such as when a user can log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is characterized by two sets of properties:
Date coverage. Defines a date pattern, or specific dates to be covered by the schedule.
Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year.
Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This setting is ideal for special events that occur only once. Time coverage. Defines which time periods apply during a 24-hour day.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
103
All day. Covers the entire day. Range. Covers one or multiple distinct time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. Daytime. From sunrise to sunset. Only supported by twilight schedules. Nighttime. From sunset to sunrise. Only supported by twilight schedules.
For more information on Daytime and Nighttime settings, see "What is a twilight schedule?" on page 104.
To record video only during daytime. To boost the video encoders sensitivity after sunset. To disable motion detection during twilight.
Twilight schedules have the following restrictions:
Cannot be used in any situation involving access control entities. Requires that the entity it applies to has a geographical location setting, such as video units
and LPR units. See "Using geographical locations" on page 40. The Weekly option for date coverage is not available.
104
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
The All day and Range options for time coverage are not available. Twilight schedules are not visible in contexts where they are not applicable.
For more information, see "Date coverage" on page 103.
Create a schedule
Schedules must be created in advance if you plan to use them in any settings. 1 From the Home page in Config Tool, open the System task. 2 Click the Schedules view, and click Schedule ( ). 3 In the schedule creation wizard, enter the Basic information, and click Next. For more information, see "Common entity attributes" on page 38. 4 In the Schedule information page, select one of the following:
Select Standard schedule if you want to be able to use this schedule in all situations. Select Twilight schedule if you specifically need Daytime or Nighttime coverage.
CAUTION The schedule type cannot be changed after the entity is created. For more information, see "What is a twilight schedule?" on page 104.
5 Click Close. A default daily schedule is created. 6 Click the Properties tab to configure the desired date and time coverage. For more information, see Schedule "Properties" on page 464. 7 Click Apply.
function, you have an unresolved conflict. An Entity warning is raised by the system, and the entity with the faulty configuration is displayed in yellow in the entity browser. For more information, see "Viewing system messages" on page 168.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 105
Using event-to-actions
An event-to-action is the coupling of an action to an event, to confer automatic and intelligent behavior to the system. This section includes the following topics:
"What is an event?" on page 106 "What is a custom event?" on page 106 "What is an action?" on page 106 "Create an event-to-action" on page 107 "Search for event-to-actions" on page 108
What is an event?
Security Center uses events to record activity on the system. The types of events generated by Security Center vary from entity to entity. For instance: Access denied to a cardholder, Signal lost on a camera, License plate matched to a hotlist, and so on. Some of the ways you can make use of system events are the following:
View them in Security Desk in real-time. Have the system record them in event logs for viewing and analysis at a later time. Configure the system to take action automatically by associating actions to various types of
events, such as triggering an alarm, or sending a message. This is called an event-to-action. This is the most powerful and versatile method for handling events. For more information, see "Actions" on page 624. Events can arise from many sources, such as recording started by a user on a camera, a door being left open for too long, or an attempt to use a stolen credential. For a complete list of the predefined event types in Security Center, see "Event types" on page 745.
What is an action?
An action is a user-programmable function that can be triggered as an automatic response to an event (door held open for too long, or object left unattended) or executed according to a specific time table.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
106
For a complete list of the predefined action types in Security Center, see "Action types" on page 758. For other action usages, see "Using scheduled tasks" on page 109.
Create an event-to-action
1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. For more information, see "Actions" on page 624. 3 Click Add an item ( ).
4 In the Entity type page, select the type of the source entity and click Next. The source entity is the entity to which the event is attached. 5 In the Source page, select the source entity and click Next. Enter a search string if necessary. Only entities corresponding to the selected type are listed. 6 In the Event page, select an event type and a schedule, and click Next. Only events pertaining to the selected entity type are listed. The schedule determines when the event should occur in order to trigger the action. For example, you might want to sound an alarm only when a window is opened during the weekend. By default, Always is selected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
107
7 In the Action page, select an action type and configure its parameters.
The Next button becomes enabled only when all the arguments required by the selected action type are properly configured. For a full description of all action types you can choose from, see "Action types" on page 758. 8 Click Next. The Creation summary page appears. 9 Verify that all information is correct, click Create, and click Close. If the information is incorrect, click Back and fix the errors. The new event-to-action is added to the list of system actions. For more information, see "Actions" on page 624.
Entity name. Search for source entity names starting with the search string. Entity type. Select a specific source entity type (default=All).
108
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Event. Select a specific event type (default=All). Action. Select a specific action type (default=All).
4 Use the action buttons at the bottom of the page to fix or delete the unwanted event-toactions. For more information, see "Actions" on page 624.
"What is a scheduled task?" on page 109 "Comparison between scheduled tasks and event-to-actions" on page 109 "Create a scheduled task" on page 109
What is a scheduled task?
A scheduled task is an entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.
Both have access to the same set of actions. Both use recurring schedules.
The differences between the two concepts are:
A scheduled task is saved as an entity, an event-to-action is not. A scheduled task is triggered on schedule, not on event. A scheduled task can be turned on and off. The scheduling options are different:
Once. Executed once at a specific date and time. Every minute. Executed every minute. Hourly. Executed at a specific minute of every hour. Daily. Executed at a specific time every day. Weekly. Executed at a specific time on selected days of the week On startup. Executed on system startup. Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.
2 Click the Scheduled tasks view, and click Scheduled task ( A new scheduled task entity appears in the Logical view. 3 Type a name for the scheduled task, and press ENTER. 4 Click the Properties tab.
).
For more information, see Scheduled task "Properties" on page 470. 5 Set the Status switch to Active. 6 Set the desired Recurrence pattern. a Click on the drop-down list and select Weekly. b Set the desired start time on the scheduled dates. c Select the days of the week when the action is to be executed. 7 Select the type of action to be executed. Additional parameters might be required based on the selected action. For our example, scroll down and click Trigger synchronization, then select the Active Directory role that needs to be synchronized. 8 Click Apply.
Using macros
This section includes the following topics:
Creating macros
You can write your C# programs with an external text editor, or use the text editor found in Config Tool. For more information, see Macro "Properties" on page 430.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
110
Managing alarms
Managing alarms
This section includes the following topics:
"What is an alarm?" on page 111 "Create an alarm" on page 112 "Testing alarms" on page 112 "Trigger alarms manually" on page 113 "Trigger alarms automatically using event-to-actions" on page 113 "Responding to alarms" on page 115
What is an alarm?
An alarm entity describes a particular trouble situation in Security Center (intrusion, broken window, door forced open, and so on) that requires immediate attention. The basic properties of an alarm are:
Name. Alarm name. Priority. Priority of the alarm (1-255), based on the urgency of the situation. Higher
priority alarms are displayed first in Security Desk.
Recipients. Users who are notified when the alarm occurs, and are responsible for
responding to the alarm situation. Recipients can be notified all at once, or one after another in a sequence.
Attached entities. Entities that help describe the alarm situation (for example, cameras,
area, doors, and so on). When the alarm is received in Security Desk, the attached entities can be displayed one after another in a sequence or all at once in the canvas, to help you review the situation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
111
Managing alarms
Create an alarm
You create alarms from the Alarms task in Config Tool. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and click Alarm ( A new alarm entity ( ). ) appears in the Logical view.
3 Type a name for the alarm, and press ENTER. Best practice: Provide a name best describes the situation, so it is easy to determine what happened when the alarm is triggered. 4 Click the Properties tab, configure the essential properties, and click Apply. For more information, see "Properties" on page 352. 5 Click the Advanced tab, configure the advanced settings, and click Apply. For more information, see "Advanced" on page 354. After you are done: Test the alarm you just created. See "Testing alarms" on page 112.
Testing alarms
The simplest way to test an alarm is to trigger it manually from Config Tool, and make sure you receive it in Security Desk. Before you begin: Log on to Security Desk as one of the alarm recipients. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and select the alarm to test. 3 In the Contextual commands toolbar, click Trigger alarm ( ). The triggered alarm should appear in the Security Desk notification tray, and in the alarm list in the Alarm monitoring task. The Alarm monitoring task opens automatically if Security Desk is configured open the task when an alarm is triggered. To set this behavior, see Customizing alarm behavior in the Security Desk User Guide. If the Alarm monitoring task does not open automatically, doubleclick the alarm icon in the Security Desk notification tray to open it.
Troubleshooting alarms
If you do not receive an alarm, check the following:
Is the alarm schedule preventing you from triggering the alarm at this moment? Does the alarm recipient have the correct privileges to receive alarms (Alarm monitoring
and Acknowledge alarms)?
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 112
Managing alarms
In the Alarms task in Config Tool, select an alarm, and then in the Contextual commands toolbar, click Trigger alarm ( ). In the notification tray in Security Desk, click Hot actions ( Trigger alarm ( ), select an alarm, and then click OK. ) > Manual action. Click ), select an
In the Alarm monitoring task in Security Desk, click Trigger alarm ( alarm, and click Trigger alarm.
an entity that is associated with cameras (for example a door), then the associated cameras are displayed in the canvas before the entities attached to the alarm. For more information, see Alarm Properties "Attached entities" on page 353. For more information about creating event-to-actions, see "Using event-to-actions" on page 106. To trigger an alarm automatically: 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view. 3 Click the Actions tab, and click . 4 In the Entity type page, select an entity type, and click Next. The source entity is the entity that the event is attached to. 5 In the Source page, select the source entity and click Next. 6 In the Event page, select an event type Only events related to the selected entity type are listed. For a list of events available in Security Center, see "Event types" on page 745. 7 Select a schedule, and click Next. The schedule determines when the event will trigger the action. For example, you might want to trigger an alarm only when a window is opened during the weekend. By default, Always is selected. 8 In the Action page, select Trigger alarm.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 113
Managing alarms
9 From the Alarm drop-down list, select an alarm to trigger. 10 (Optional) From the Acknowledgement condition drop-down list, select an event that must be triggered before the alarm can be acknowledged. This option is only available when you select some source event types. For a list of event types that could require an acknowledgement condition to be cleared before the alarm can be acknowledged, see "Event types that could require an acknowledgement conditions" on page 114. 11 To require a user to acknowledge the alarm after the acknowledgement condition is cleared, select the User acknowledgement required option. If you clear this option, the alarm is automatically acknowledged when the acknowledgement condition is cleared. 12 Click Next > Create > Close.
AC fail Application lost Asset offline Asset online Battery fail Door forced open Door opened Door opened too long Hardware tamper
Access control unit, Intrusion detection unit Roles Asset Asset Access control unit, Intrusion detection unit Door Door Door Access control unit, Intrusion detection unit, Zone (hardware)
AC fail input normal Application online Asset online Asset offline Battery fail input normal Door closed Door closed Door closed Input normal
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
114
Managing alarms
Entity type
Acknowledgement condition
Disarmed (not ready) Disarmed (ready to arm) Master armed Perimeter armed
Intrusion detection area input bypass activated Manual station activated Signal lost Unit lost Zone armed/ disarmeda
Door Camera Access control unit, Intrusion detection unit, LPR unit, Video unit Zone
Manual station reverted to normal state Signal recovered Unit online Zone state normal Zone state active
a. Events that are associated with the normal, active, and trouble states of a zone can also be configured with an acknowledgement condition. For more information about zone states, see "Properties" on page 503.
Responding to alarms
You respond to active alarms from the Alarm monitoring task in Security Desk. When you receive an alarm, you can snooze the alarm, forward it to a colleague, or acknowledge it. The alarm can also be automatically acknowledged after a period of time, if it is configured that way. For alarms with an acknowledgement condition, the process is a bit different. Before the acknowledgement condition is cleared, you can investigate the alarm to let other users know you have seen it, and are taking care of it. You can only acknowledge the alarm after the acknowledgement condition is cleared. The alarm can also be automatically acknowledged by the system after the acknowledgement condition is cleared, if it is configured that way.
EXAMPLE A Unit lost event occurs, which triggers an alarm with an acknowledgement
condition of Unit online. Before the unit comes back online, the alarm can be snoozed, forwarded, investigated, or an administrator can forcibly acknowledge it. After the event Unit online occurs, the alarm can be acknowledged.
NOTE Administrators can force all local alarms to be acknowledged at any time, even if the acknowledgement condition is not cleared.
For more information on acknowledging alarms, see Acknowledging alarms in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 115
Managing alarms
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
116
"What are threat levels for?" on page 117 "Differences between threat levels and alarms" on page 117 "Create a threat level" on page 119 "Configuring threat level actions" on page 121 "Actions exclusive to threat levels" on page 122 "Threat level limitations" on page 122 "Threat level scenarios" on page 123 "Threat level related tasks" on page 127
Purpose
Deals with localized events, such as a forced entry or an object being left unattended in a public area.
Deals with widespread events affecting an whole area or the entire system, such as a fire or a shooting.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
117
Characteristics
Alarm
Threat level
Configuration privileges
Config Tool Add/delete alarms Modify alarms Typically triggered by an event-toaction. Can also be triggered by a manual action. Recording starts automatically on cameras associated to the alarm. The alarm icon turns red in the Security Desk notification tray. Depending on your Security Desk configuration, the Alarm monitoring task might be brought to the foreground. Security Desk users configured as alarm recipients. Alarms are ranked according to their priority level (1=highest, 255=lowest). Higher priority alarms are displayed first. When the priority level is the same, the most recent is displayed first. A Security Desk user (alarm recipient) must acknowledge the alarm. Alarms can also be automatically acknowledged by the system after a specified delay or when the acknowledgment condition is met. The acknowledged alarm is removed from all active alarm list (Alarm monitoring task in Security Desk). Alarm triggered Alarm being investigated Alarm condition cleared Alarm acknowledged Alarm acknowledged (Alternate) Alarm forcibly acknowledged
Activation
Typically set manually by a Security Desk operator. Can also be set by an event-to-action. The threat level activation action list is automatically executed. The threat level icon turns red in the Security Desk notification tray. When a threat level is set at the system level, the background of Security Desk turns to the color of the threat level. All Security Desk users. Threat levels are independent of each other. Only one threat level can be set on an area at any given time. The last threat level set overrides the previous one. A Security Desk user must manually clear the threat level or set a different threat level. A threat level can also be automatically cleared using an event-toaction (Set threat level to None). The threat level deactivation action list is automatically executed. Threat level set Threat level cleared
Deactivation
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
118
Characteristics
Alarm
Threat level
Operator privileges
Security Desk (Application) Alarm monitoring (Task) Alarm report (Task) Trigger alarms (Action) Snooze alarms (Action) Forward alarms (Action) Acknowledge alarms (Action) NOTE Only administrative users can forcibly acknowledge alarms. None.
Security Desk (Application) Set threat level (Action) The same privilege is used for both setting and clearing threat levels. To clear a threat level is to set it to None. NOTE The threat level activation and deactivation actions are carried out by the system, independently of the operators privileges. Set minimum security clearance Set minimum user level Set reader mode For more information, see "Actions exclusive to threat levels" on page 122.
Exclusive actions
).
7 Click OK to close the configuration dialog box. A new threat level ( 8 Click Apply. After you are done: Do the following: ) appears in the threat level list.
Grant Set threat level privilege to all users who need to set threat levels.
NOTE For users who need to set system threat levels, they must be accepted users of the
Public partition. For more information, see "Action privileges" on page 708.
(Optional) Configure additional threat level activation and deactivation actions for specific
areas. For more information, see "Threat levels" on page 362.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
120
NOTE If you select a specific entity for your action, the action will be applied to the selected entity regardless whether the entity is found under the area where the threat level is set or not.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
121
area (Location)
Sets the minimum security clearance level required from cardholders to access the area on top of the restrictions imposed by the access rules. Additional parameter: Security clearance. The minimum security clearance level required for the selected area. (0=highest level, 99=lowest level or no special clearance required). NOTE The security clearance is only visible to administrative users. This action only works with door controllers that support this feature. The range of supported values might vary, depending on the access control hardware. Logs out users with a lower user level than the one you specify when a threat level is set, and prevents them from logging back on. Additional parameter: User level. The minimum user level (1=highest level, 254=lowest level) required to log on to the system, or to stay logged on to the system. NOTE This action is only executed when the threat level is set of the system level. If the user setting the threat level has a user level below the required minimum, that user will be logged off the system the moment the threat level is set. Sets the reader mode for accessing doors. Additional parameter: Reader mode. Select whether access is granted using Card and PIN, or Card or PIN, for the selected areas. NOTE This action only works with door controllers and readers that support this feature.
N/A
Threat levels work independently of partitions. Therefore, a threat level set at the system
level by the users of one partition might affect the entities belonging to another partition, if the actions have a generic scope (applied to All entities). Threat levels cannot be applied to federated areas.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
122
"Scenario #1: Fire" on page 123 "Scenario #2: Gunman" on page 125
Related topics:
Set threat levels in the Security Desk User Guide Clear threat levels in the Security Desk User Guide
Scenario #1: Fire
In case a fire breaks out, we want the system to respond immediately with the following actions:
Log off all low priority users to free as much resources (especially network bandwidth) as
possible for high priority users to manage the current threat. Record the entire evacuation process at high video quality for as long as it lasts.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
123
When an operator sets this threat level, the following actions are executed by the system:
Trigger output. Sounds the fire alarm by sending the Fire alarm output behavior to the
output pin Building Exit - Output-1, assuming that this is where the alarm bell is connected.
Set the door maintenance mode. Sets all doors within the area where the threat level is set
to maintenance mode, effectively unlocking all of them for an indefinite period of time. This is better than using the Unlock door explicitly action which only unlocks the doors for a few seconds.
Set minimum user level. Immediately logs off all users with a user level lower than 1,
basically every one that is not an administrator, encouraging them to leave their desk at once, as well as stopping all unnecessary activity on the network, so the administrators can have as much bandwidth as possible at their disposal to deal with the situation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
124
NOTE This action is only executed if the threat level is set at the system level. So if the fire is
limited to one area, we do not want to log off everyone from the system.
Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued. When an operator clears this threat level, the following actions are executed by the system:
Trigger output. Stops the fire alarm by sending the Normal output behavior to the output
pin Building Exit - Output-1.
Set the door maintenance mode. Turns off the maintenance mode on all doors within the
area where the threat level is set. This effectively restores all doors to their normal behavior.
Set minimum user level. Resets the minimum user level to 254 (the lowest value), allowing
all users to log back on.
Stop recording. Stops recording on all cameras within the area where the threat level is set.
This action will not stop the recording on cameras that are on a continuous recording schedule.
Block access to where the gunman/shooter is from innocent bystanders. Record the shooting incident in high quality video as evidence in court. Protect the video recordings of the whole event against accidental deletion. Block the sensitive video footage from the public eye in case some of the video streams are shown on public web sites.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
125
When an operator sets this threat level, the following actions are executed by the system:
Set minimum security clearance. Prevents the cardholders who have a security clearance
lower than 5 (between 6-99) from entering the area where the gunman is, and hopefully, preventing the gunman from getting out.
NOTE This configuration assumes that only armed security personnel have a clearance level higher than 5 (between 0-5), and that security operators continue to monitor all exits and can manually unlock doors to let the innocent people out.
Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 126
Start applying video protection. Starts protecting the videos recorded from the cameras
within the area where the threat level is set, from now until the Stop applying video protection command is issued, for an unlimited period of time.
Block and unblock video. Block all users with a user level lower than 5 from viewing the
video from the cameras within the area where the threat level is set, from now until the video blocking is explicitly stopped, for an unlimited period of time.
NOTE This configuration assumes that all security personnel has a user level higher than 5
and can continue to monitor the scene. When an operator clears this threat level, the following actions are executed by the system:
Set minimum security clearance. Restore normal access to the area to all cardholders by
setting the security clearance to 99 (the lowest level).
Stop recording. Stops recording on all cameras within the area where the threat level is set
after 30 seconds. This action will not stop the recording on cameras that are on a continuous recording schedule.
Stop applying video protection. Stops protecting the videos recorded from the cameras
within the area where the threat level is set, after one minute.
Block and unblock video. Unblock all cameras within the area where the threat level is set.
The video recorded during the time when the threat level was active will remain blocked for playback to the users whose user level is lower than 5.
System status. Use this task to monitor the threat level and security clearance set on each
areas. See "Monitoring the status of your system" on page 177.
Activity trails. Use this task to find out when threat levels have been set and cleared, and
who did it. See "Investigating user related activity on the system" on page 182.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
127
"Types of federations" on page 128 "What are federated entities?" on page 128 "Federating Omnicast systems" on page 131 "Federating Security Center systems" on page 133 "Advanced settings for large federations" on page 134
Types of federations
Security Center can join (or federate) Omnicast 4.x systems and other Security Center systems into a large federation. The system that joins other systems together is called the Federation host. Security Center does this by creating a specific federation role for each system it needs to unify. Two types of federation roles are available:
Omnicast Federation. Federates an Omnicast 4.x system so that its cameras and events can
be used in your local system. For more information, see "Federating Omnicast systems" on page 131.
Security Center Federation. Federates an independent Security Center system so that its
entities can be used in your local system. For more information, see "Federating Security Center systems" on page 133.
Federated area entity (they are called sites in Omnicast) Federated alarm entity Federated fixed camera entity
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
128
Federated dome camera entity Federated camera sequence entity Federated virtual camera entity (Omnicast only) Federated cash register entity Federated door entity (Security Center only) Federated elevator entity (Security Center only) Federated cardholder entity (Security Center only) Federated credential entity (Security Center only)
View live or playback video from federated cameras. Add bookmarks, start/stop recording, and export video from federated cameras. Control the PTZ on federated dome cameras (except PTZ locking). Switch cameras on CCTV matrices via virtual cameras federated from Omnicast 4.x. For more information, see "Federating Omnicast systems" on page 131.
View and control federated tile plugins. Lock/unlock federated doors. Arm/disarm federated intrusion detection areas. Arm/disarm federated zones.
You cannot change their name and description. You cannot change any attributes that inherently defines the entity. This includes most
properties defined in the entity configuration tabs, although you can view them. You can assign a logical ID to each federated entity. The logical ID is a local attribute associated with the federated entity to uniquely identify it within the Federation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
129
You can choose what events you want to receive from the federated system. Based on these You can control the visibility of the federated entities to your local users via partitions. You can configure the visual tracking for cameras federated from Omnicast systems. You can use them in the configuration of local entities, such as attaching federated cameras
to local entities, or use them to define local alarms and camera sequences. events, you can define event-to-actions for the federated entities. The actions can either be executed on the Federation host or on the federated system. You can view their activity and audit trail reports in the Reporting tab.
The alarm schedule follows the original configuration of the remote system. Since schedule
entities are not federated, the default schedule Always is shown instead. Alarm priority:
Omnicast: Original value is not federated. You can redefine it (default=1) locally on the Federation host.
Entity cycling is a local property to the Federation host. You can change its setting and it will Create an incident on acknowledgement is a local property to the Federation host. You can
change its setting and it will not affect the federated system. Automatic video recording is an inherent property of the alarm and cannot be modified. not affect the federated system. Automatic acknowledgement is an inherent property of the alarm and cannot be modified.
Security Center: Original value is federated and cannot be modified. Reactivation threshold is an inherent property of the alarm and cannot be modified.
Protect recorded video is an inherent property of the alarm and cannot be modified. Video display is a local property to the Federation host. You can change its setting and it will
not affect the federated system.
Omnicast: Original value is not federated. You can redefine it locally on the Federation host.
Security Center: Original value is federated and cannot be modified. Attached entities are federated as far as they are federated entities. The list is an inherent property of the alarm and cannot be modified. Alarm recipients must always be configured locally for the Federation host.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
130
Related topics:
Alarms are federated, but the alarm priority and the alarm procedure must be configured
locally on the Federation host. For more information, see "Exceptions regarding federated alarms" on page 130. Some playback capabilities are not supported on federated cameras. Smooth reverse playback is not available and the rewind speed is limited to -10x, -20x, -40x, and -100x. Camera sequences are federated, but they behave as a single camera on the Federation host. This means that the users on the Federation host cannot unpack nor stop the camera cycling on camera sequences ( ) federated from Omnicast. ) with a Web page tile
Sites ( ) are federated as areas ( ) in Security Center. Sites with a Map (URL) property ( ) are federated as areas (
plugin attached.
must be pre-installed on that server. 5 In the Directory field, enter the name of the Omnicast Gateway connecting you to the remote Omnicast system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
131
6 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Omnicast system. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 7 From the Version drop-down list, select the version of the remote Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack is installed. 8 In the Federated events section, select the types of event that you want to receive on the your local system, and click Next. Events are necessary if you plan to monitor the federated entities in Security Desk, or to configure event-to-actions for the federated entities. 9 Click Next. 10 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 11 Confirm the information displayed on the Creation summary page. 12 Click Create, and click Close. The new federation role ( ) is created. 13 If you plan to host more than 40 Omnicast Federation roles on the same server, you need to assign a different role group to every 40 roles you create. For more information, see "Advanced settings for large federations" on page 134. 14 Click the Properties tab, and finalize the role configuration. For more information, see "Properties" on page 592. 15 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Omnicast Federation" on page 590.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
132
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
133
Type of federation roles you are hosting. Number of federation roles you are hosting. Type of computer running Genetec Server.
Low capacity: Intel Core 2 Duo 3.0 GHz, 2 GB RAM Medium capacity: Dual Core Intel Xeon 2.66 GHz, 4 GB RAM High capacity: Quad Core Intel Xeon, 2.00 GHz, 4 GB of RAM
Single role group (Any hardware profile) Omnicast Federation Security Center Federation 40 100
Multiple role groups (Low and Medium capacity hardware profiles) Contact Genetec Technical Assistance (see "Technical support" on page 869) Contact Genetec Technical Assistance (see "Technical support" on page 869)
EXAMPLES
A single role group can have up to 40 Omnicast Federation roles. Therefore, a high capacity
computer hosting 100 Omnicast Federation roles requires three separate role groups, divided as follows: 30 roles on the first group, 30 roles on the second group, and 40 roles on the third group. A single role group can have up to 100 Security Center Federation roles. Therefore, a high capacity computer hosting 500 Security Center Federation roles requires five separate role groups.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
134
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
135
"Why use custom fields?" on page 136 "Add a custom field" on page 136 "Add a custom data type" on page 138 "Modify a custom data type" on page 139
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
136
3 Click
4 From the Entity type drop-down list, select the entity type. 5 From the Data type drop-down list, select the data type for this field. Both standard and custom data types are listed. The standard data types are:
Text. Alphanumeric text. Numeric. Integers in the range -2147483648 to 2147483647. Decimal. Real numbers from -1E28 to 1E28. Date. Gregorian calendar date and time. Boolean. Boolean data, represented by a check box. Image. Image file. The supported formats are: bmp, jpg, gif, and png. Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of field. See "Search for entities using the Search tool" on page 43.
137
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
6 In the Name field, type the name for this custom field. 7 (Optional) In Default value field, type or select the default value for this field. 8 Depending on the selected data type, the following additional options appear:
Mandatory. Select it if this custom field cannot be empty. Value must be unique. Select it if the value of this custom field must be unique.
NOTE The unique value option can only be enforced after the field is created. To enforce this
option, you must first make sure that all entities in your system have a distinct value for this custom field, then come back to this tab to apply the unique value option to it. 9 (Optional) Under the Layout section, type the Group name, and select the Priority from the drop-down list. These two attributes are used when displaying the field in the Custom fields tab of associated entity. The group name is used as the group heading, and the priority dictates the display order of the field within the group. 10 (Optional) Under the Security section, click to add users and user groups that will be able to see this custom field. By default, only administrative users can see a custom field. 11 Click Save and close. The new custom field is available in the Custom fields tab of the selected entity type and can be used in reports. For an example, see Common configuration tabs "Custom fields" on page 335.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
138
You can rename a custom data type. You can add new values to the custom data type. You can delete a value as long as it is not used as the default value for a custom field.
If you delete a value that is already being used by an entity, the value of that custom field for that entity is replaced by its default value. But there are restrictions:
You cannot change the standard data type on which the custom data type is based. Modifying a value is equivalent to deleting the old value and adding a new value.
NOTE Suppose you have a custom data type with the possible values of A, B, and C, and a
custom field based on this custom data type with A as its default value. If you change the value C to D in the custom data type, the entities using the value C for this custom field will not see their values change to D, but to A (the default value). To modify a custom data type:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
139
"What is Active Directory integration?" on page 140 "What are the benefits of AD integration?" on page 140 "How does Active Directory integration work?" on page 141 "What information can be synchronized with the AD?" on page 142 "How does synchronization work?" on page 142 "Import security groups from an Active Directory" on page 143 "Select which cardholder fields to synchronize with the AD" on page 146 "Mapping the credential card format to an AD attribute" on page 147 "Map custom fields to synchronize with the AD" on page 148 "Resolve conflicts due to imported entities" on page 149 "Modifying imported users" on page 151 "Modifying imported cardholders" on page 151 "Logging on with an Active Directory user" on page 153
Less data entry means fewer errors and better control during initial Security Center setup,
since users and cardholders can be imported from an existing AD.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
140
Consistency and better security since all shared information is entered only once.
A new user account added to an imported security group automatically adds a new user and/or cardholder in Security Center.
A user account that is disabled in the AD automatically disables the corresponding user and/or cardholder in Security Center. Single logon capability for synchronized Security Center users.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
141
Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:
Manually. Synchronization is performed when you explicitly request it. This is the default
setting. The advantage of this approach is that you have perfect control over when you want the synchronization to be done.
On schedule. The imported groups are synchronized using a scheduled task. For more
information, see "Using scheduled tasks" on page 109.
User group
Name Description
Username Password Description Membership in the imported user group First name Last name Email address Account status: Active or Inactive
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
142
Cardholder group
Name Description
Cardholder name Description Membership in the imported cardholder group First name Last name Email address Partition Cardholder picture Profile status: Active or Inactive Card data Card format Card number Credential name Credential partition Credential status Facility code
Additional attributes are imported from the AD by mapping them to Security Center custom fields. The Active Directory role keeps all imported fields synchronized with the AD. See "Map custom fields to synchronize with the AD" on page 148.
If multiple ADs are to be integrated into Security Center, they must all belong to different
domains. If you have servers in your system that are still running an older version of Security Center, you should upgrade them to the current version before using them to host a new Active Directory role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
143
To import security groups: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, then click Add an entity ( 3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted. b In the Active Directory field, enter the hostname or the IP address of the AD server.
NOTE If encrypted communication is used, the default port is 636. If you selected a different port, you need to append it to the AD server name, separated by a colon (:),
c Specify how you want the role to connect to the AD server. With both choices, you must have read access to the selected AD service.
Use the Windows credentials assigned to the Genetec Server service running on the server hosting the Active Directory role. Specify a different set of Windows credentials (username, password).
4 In the Basic information page, enter the name, description, and partition where the Active Directory role will be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Active Directory role ( the AD server. ) is created. Wait a few seconds for the role to connect to
security groups. Security Center can only synchronize with security groups. a Click Add an item ( ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
144
b Select the security groups to add to your Active Directory role. Use one of these two methods:
If the text you entered matches a single group, it is automatically added to the Selected groups list. If the text you entered matches multiple group names, a second dialog box will appear listing all the group names that match the text you entered. Select the ones you want, and click OK to add them to the Selected groups list.
).
The Active Directory members dialog box appears. Select a security group, and click OK. Only security groups can be synchronized. If you selected an item that is not a security group, the OK button remains disabled.
NOTE The names shown in that dialog box are display names. Security Center only synchronizes the account names because they are guaranteed to be unique. Typically, the display names and the account names are the same. The only way to tell them apart is that the display names contain spaces.
c Repeat the previous step as often as necessary until all security groups you wish to synchronize with the AD are listed in Selected groups, then click OK. The selected groups are listed under Synchronized groups in the Properties tab. For more information about the Properties tab, see Active Directory "Properties" on page 517. 7 For each of the synchronized groups, specify how you want to import them.
As user group. Select this option to import the synchronized group as user group, and the group members as users. Create user on first logon. This is the default option, and it creates an empty user group. User entities will only be created when someone tries to log on with it. It avoids having to create all user entities at once, which can freeze up the system. If you clear this option, all user entities will be created at the same time as a user group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
145
As cardholder group. Select this option to import the synchronized group as cardholder group, and the group members as cardholders. There is no delayed creation for cardholders. All synchronized cardholders are created at once. Import credentials. Select this option to import the credential information of the synchronized cardholders
8 If you are importing the AD security group as cardholder group, select which cardholder fields you want to synchronize with the AD. See "Select which cardholder fields to synchronize with the AD" on page 146. 9 (Optional) "Map custom fields to synchronize with the AD" on page 148. 10 Click Apply, and then click Synchronize now ( ). All synchronized groups and their members are imported as Security Center entities according to your specifications, with a yellow arrow ( ) superimposed on their icon. After you are done: Some additional configuration might be required, depending on what you synchronized with the AD:
If you already had entities configured in your system, you might need to resolve some
conflicts due to the import. See "Resolve conflicts due to imported entities" on page 149. (Optional) Configure the imported user groups with proper privileges and security options so when new user entities are created, they can automatically inherit those properties from their parent user group. For more information, see "Defining user groups" on page 96. (Optional) Configure the imported cardholders and cardholder groups. For more information, see "Configuring cardholders and cardholder groups" on page 283. (Optional) Create a scheduled task to synchronize imported entities with the AD on a regular basis. For more information, see "Create a scheduled task" on page 109. After you create a scheduled task, the warning message No scheduled task exists to synchronize this role disappears from the Properties tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
146
To map AD attributes to cardholder fields: 1 From the Links tab of the Active Directory role, click Add an item ( ).
2 Select a Security Center cardholder field and an AD attribute, and then click OK.
IMPORTANT The data type of the Security Center field must match that of the AD attribute: text with text, decimal with decimal, date with date, and so on. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 If you are importing cardholder credential fields, do the following in the Links tab:
From the Card format drop-down list, select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147. From the Badge template drop-down list, select a default badge template to use for the imported cardholder credentials.
5 Click Apply. The mapped cardholder fields are displayed in the Links tab. When you synchronize with the AD, most of them are read-only.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
147
The following table shows you the numeric value and the text value corresponding to each of the standard card formats supported by Security Center, and their descriptions.
Number Format name (Text) Facility code range Card number range
0 1 2 3 4
Standard 26 bits HID H10306 34 Bits HID H10302 37 Bits HID H10304 37 Bits HID Corporate 1000
0 to 255 0 to 65 535 Not required 0 to 65 535 0 to 4095 (also known as Company ID Code
0 to 65 535 0 to 65 535 (also known as Card ID Numbers) 0 to 34 359 738 367 0 to 524 287 0 to 1 048 575 (also known as Card ID Numbers)
For custom card formats, you must use the exact spelling used to create the custom card format. For more information, see "Custom card format editor" on page 670.
The workstation where Config Tool is running must be on the same network domain as the
AD server. The custom fields that will receive data from the AD must be defined beforehand. For more information, see "Defining custom fields and data types" on page 136. No more than 32 custom fields can be mapped to the AD.
To map custom fields, do the following: 1 From the Links tab of the Active Directory role, click Add an item ( ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
148
2 Select the custom field and the AD attribute, and then click OK.
IMPORTANT The data type of the custom field must match that of the AD attribute: text with text, decimal with decimal, date with date, etc. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 Click Apply. The mapped custom fields are displayed in the Links tab. When you synchronize with the AD, they are read-only.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
149
The Active Directory conflict resolution dialog box appears. All synchronized entities are listed to the left. The ones that conflict with a local entity are flagged in green.
4 Select a conflicting entity from the Synchronized entities list. All local entities that can be merged with the imported entity are listed to the right. Do one of the following:
Select No selection if you do not wish to merge it with a local entity. Select the local entity to be merged with the imported entity.
5 Repeat the previous step for all synchronized entities flagged in green. 6 Click Finish to save the conflict resolution decisions to a file on disk. The default file name is Conflict_Manifest.data. Be sure to save the file to a location that can be accessed from your main server and all servers hosting the Access Manager role. 7 (Optional) If you have user conflicts to resolve, apply the conflict manifest to your Directory database. a Connect to the Server Admin of your main server with a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. b In the Directory tab, under the Database group, click Resolve conflicts ( c In the dialog box that appear, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. 8 (Optional) If you have cardholder conflicts to resolve, apply the conflict manifest to your Directory database and your Access Manager database. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
150
a Select your Access Manager role from the Roles view of the System task. b Click the Resources tab, and click Resolve conflicts ( d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. After conflict resolution, all synchronized entities that are merged with a local entity inherit their local properties, and all merged local entities are deleted. ). c In the dialog box that appears, browse to the Conflict_Manifest.data file.
Click Apply.
The user is no longer synchronized with the AD. It will only become synchronized again once you set the users status to Active.
"Assign pictures to imported cardholders" on page 151 "Assign temporary cards to imported cardholders" on page 152 "Modify the status of imported cardholders" on page 152
Assign pictures to imported cardholders
You can assign a picture to the imported cardholder from Security Center, and then synchronize the picture with the Active Directory. 1 From the Cardholder management task, assign a picture to the cardholder. For more information, see Assign a picture to the cardholder in the Security Desk User Guide. 2 From the Home page, open the System task. 3 Select the Active Directory role, and then click the Links tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
151
4 Select the Upload pictures to Active Directory option. 5 Click Apply. 6 Click the Properties tab, and then click Synchronize now.
NOTE If Security Center synchronizes with the AD based on a scheduled task, then the next
time the synchronization occurs, the new cardholder picture is synchronized with the AD.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
152
Status. Set the cardholder status to Active or Inactive. If the cardholder status is inactive, then the credentials assigned to the cardholder do not work, and the cardholder does not have access to any area.
Expiration. Set the cardholder to expire Never, on a specific date, or after a specified number of days after the first use. Click Apply.
The cardholder is no longer synchronized with the AD. It will only become synchronized again once you set the cardholders status to Keep synchronized.
"Log on with Windows credentials" on page 153 "Log on in an multiple AD integration scenario" on page 153
Log on with Windows credentials
When youre signed on to Windows using an account that happens to be synchronized with Security Center, you can log on to Security Center without having to retype your username and password.
In the Security Center logon dialog box, select the option Use Windows credentials and
click Log on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
153
using the basic authentication method. This is to let Security Center know which AD service to call for the validation of your credentials.
TIP If you are already signed on to Windows using the account that is synchronized to your Security Center user, then use the single logon option instead. For more information, see "Log on with Windows credentials" on page 153.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
154
"How are intrusion detection panels represented in Security Center?" on page 155 "What does the Intrusion Manager role do?" on page 156 "Enroll an intrusion panel" on page 156 "Edit intrusion detection unit peripherals" on page 158 "Create an intrusion detection area" on page 159
Intrusion detection unit. Represents an intrusion panel that is monitored and controlled
by Security Center. Each intrusion panel can control multiple zones (or group of sensors). For more information, see "Intrusion detection unit" on page 423.
Master arm. Arming an intrusion detection area so that all sensors attributed to the area set off the alarm if triggered. Some manufacturers call this arming mode Away arming. Perimeter arm. Arming an intrusion detection area so that only sensors attributed to the perimeter of that area set off the alarm. Other sensors such as motion sensors inside that area will be ignored.
Disarm. Tells the intrusion panel to ignore all sensors attributed to this area. If an alarm is set off by this area, disarming it also turns the alarm off. For more information, see "Intrusion detection area" on page 421.
For a list of intrusion detection panels supported in Security Center, see the Security Center Release Notes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
155
"How Bosch intrusion panel integration works" on page 804 "How Galaxy Dimension control panel integration works" on page 806
Enrolling an intrusion panel allows you to monitor and control its areas (or zones, or partitions) from Security Desk. 1 From the Home page in Config Tool, open the Intrusion detection task. 2 In the Contextual commands toolbar, click Add an entity ( ) > Intrusion detection unit. 3 In the intrusion detection unit creation wizard, enter the Basic information for this unit, and click Next. 4 From the Intrusion Manager drop-down list, select the role that will be managing this unit. 5 From the Unit type drop-down list, select the unit manufacturer. 6 From the Interface type drop-down list, select IPv4 or Serial.
If you selected IPv4, type the IP address and port numbers that are configured on the unit. If you selected Serial, type the COM port used to connect the unit to Security Center.
156
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
NOTE The choice of interface type cannot be changed after the entity has been created. If you choose to use the serial interface, the Intrusion Manager will not support failover.
7 Click Next. 8 Click Create, and click Close. A new intrusion detection unit entity is created. For certain types of intrusion panels (such as Bosch), the Intrusion Manager automatically creates intrusion detection areas (also known as zones or partitions) configured on the panel for you. These entities appear in the Logical view. 9 Click the Properties tab, and configure the unit specific settings. For more information, see "Properties" on page 424. 10 Click the Peripherals tab, and assign logical names, IDs, and descriptions to the input and output devices controlled by the unit. This is also where you define whether the input is an interior or perimeter input and its normal contact state. For more information, see "Edit intrusion detection unit peripherals" on page 158. 11 Configure the intrusion detection areas controlled by this unit. a If the intrusion detection areas are automatically created by the Intrusion Manager, they are found under the root of the Logical view task. For more information, see "Intrusion detection area" on page 421. b If the Intrusion Manager did not create the intrusion detection areas automatically, youll need to create them manually. For more information, see "Create an intrusion detection area" on page 159.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
157
1 In the Peripherals tab of an intrusion detection unit entity, select a device in the list. 2 Click . 3 In the dialog box that appears, enter the Name, Logical ID, and Description for that device. 4 Set the Input type to either Perimeter or Interior (if the physical intrusion unit is configured as such) 5 Set the Contact type as either Normally open or Normally closed. 6 Click OK
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
158
3 In the intrusion detection area creation wizard, enter the Basic information for this area, and click Next. 4 From the Intrusion detection unit drop-down list, select the unit on which this area is defined. 5 Under Intrusion detection area unique ID, enter the ID or name of the area as it is configured on the intrusion panel. 6 Click Next, Create, then Close. A new intrusion detection area entity is created. For more information, see "Intrusion detection area" on page 421.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
159
Managing zones
Managing zones
The concept of a zone is borrowed from the world of alarm panels, in which electric inputs are associated with zones to trigger specific alarms. This section includes the following topics:
"What is IO linking?" on page 160 "What is a zone?" on page 160 "About zone management roles" on page 161 "Creating zones" on page 161 "Which type of zone works best for me?" on page 163
What is IO linking?
IO linking is the control of specific output relays based on the combined result of a specific set of electric inputs. Each input can be connected to a specific monitoring device, such as a motion sensor, a smoke detector, a door or window contact, and so on.
EXAMPLE A standard application is the linking of a glass break sensor on a window connected
to an input pin on a unit that sounds a buzzer (via an output relay) when that window is shattered.
What is a zone?
The concept of IO linking is represented by the zone entity in Security Center. Since everything is controlled by software, a zone entity can do a lot more than just IO linking. The idea of using inputs to trigger output relays is expanded to trigger events. Using the eventto-action mechanism, these events can in turn be used to trigger alarms, send emails, start camera recording, and so on. Therefore, in Security Center, a zone is used to monitor a set of inputs in order to trigger events based on their combined states. These events can be used to trigger output relays or trigger other actions on the system.
TIP You can define custom events to correspond to each of the special input combinations. For more information, see "What is a custom event?" on page 106.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
160
Managing zones
Creating zones
The creation procedures for a hardware zone and a virtual zone are different. Once the zone has been created, you cannot change its type.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
161
Managing zones
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
162
Managing zones
For more information, see "Arming" on page 508. 8 Click the Cameras tab and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Arm your zone in Security Desk and test your configuration. For more information, see zone-related tasks in Genetec Security Desk User Guide.
Role IO linking (inputs) IO linking (outputs) Operation mode Arm/disarm via Security Desk Arm/disarm via actions Arm/disarm via key switch
Access Manager All inputs must be from the same access control unit All outputs must be from the same unit as the inputs Offline and mixed mode No No Yes (the key switch must be wired to an input pin on the same access control unit) Yes (only one schedule at a time, and cannot be combined with the key switch approach) Yes (only in mixed mode) Yes The unit is sometimes dis connected from the system
Zone Manager Can combine inputs from any unit of any type Can trigger outputs on any unit of any type Online mode only Yes Yes No
Arm/disarm on schedule
Yes (multiple schedules can be specified) Yes Yes Zone arming/disarming needs to be controlled via software
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
163
"What does the Web-based SDK role do?" on page 164 "Using the Web-based SDK" on page 164
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
164
"Create a tile plugin that links to a Web site" on page 165 "Create a tile plugin that links to a map file" on page 165
).
9 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
165
4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Tile plugin. 6 In Windows, select the .dll file that the tile plugin will link to, and click Open. 7 Click Next > Close. The tile plugin appears in the Logical view with the default tile plugin icon ( 8 Select the tile plugin, and click the Properties tab. 9 To select another map file, click Modify, and select another .dll file. 10 Click Apply. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
166
7
Troubleshooting
This part explains how to maintain and troubleshoot your Security Center system, such as verifying your system configurations, monitoring the health of your system, troubleshooting entity states, and so on.
NOTE For specific tasks related to video or access control maintenance and troubleshooting, see Chapter 9, Managing Omnicast on page 223 and Chapter 11, Managing Synergis on page 295.
"Viewing system messages" on page 168 "Viewing system health events" on page 170 "Monitoring the status of your system" on page 177 "System status task" on page 172 "Monitoring the status of your system" on page 177 "Troubleshooting entity states" on page 179 "Diagnosing entities" on page 180 "Finding out who made changes on the system" on page 181 "Investigating user related activity on the system" on page 182 "Viewing properties of units in your system" on page 184
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
167
NOTE System messages are not the same as health events related to entities. Health events can be health issues, but health issues are not necessarily health events. For more information about health events, see "Viewing system health events" on page 170.
For more information about diagnosing trouble entities, see "Diagnose role problems" on page 51. To view system messages: 1 In the notification tray, double-click the System messages (
) icon.
2 In the Health issues tab of the Notifications dialog box, do one of the following: From the Sort by drop-down list, select how to display the health issues. You can sort them alphabetically by health event type, event timestamp, machine (computer name), or source (entity name). Click an entity to open its configuration pages, to diagnose the entity. Click in a row to launch a Health history task (see "Viewing system health events" on page 170). Click Refresh to update the content displayed in the Health issues tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
168
3 In the Warnings (
Click an entity to open its configuration pages in Config Tool. Click Details ( ) to open the diagnostic window, which provides additional details about the warning. From this window you can save the warning as a text file, or click Refresh to rerun the diagnostic tests.
4 In the Messages (
Click Copy to clipboard to copy the selected message to the clipboard. Click clear to delete the selected messages. Click Clear all to clear all messages. to close the Notification dialog box.
5 Click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
169
Almost every entity in your system can generate health events. You can choose which health events to monitor by configuring the Health monitor role in Config Tool. For information, see "Configure health events to monitor" on page 79.
NOTE Health events also appear in the notification tray as system messages ( in real time (see "Viewing system messages" on page 168).
) as they occur
To view system health events related to an entity: 1 From the Home page, open the Health history task. 2 Set up the query filters for your report (see "Query filters" on page 712). 3 To include current health events in the report, click the Show current health events heading. When the heading is enabled, it appears as On 4 Click Generate report. The health events of the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
EXAMPLE If an entity is experiencing issues, you can search for past health events that have
occurred in relation to that entity. If you want to search if there were critical errors that happened in the system during the last week, you can filter you search only for errors, and set a time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
170
One or more events used to calculate availability are currently disabled. The system administrator needs to select which health events to monitor in the Config Tool. For more information, see Health monitor - "Properties" on page 561. One or more servers from the system are offline. The server hosting the selected role is offline, therefore, the health statistics cannot be calculated for the role.
EXAMPLE A door controller called Gym was down four times over the last week, producing
90.72% availability. From the report results, you can see that this door controller is a potential concern, and have a maintenance crew come and look at the door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
171
A B
C D
E A B C D E Entity types you can monitor. Type of issues that you can monitor. The entity statuses are listed in the report pane. Print the report, export the report, or select which columns to display. For more information, see "Working with reports" on page 29, and "Report pane columns" on page 723. Entity-specific commands.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
172
Unit name Online, Offline, or Warning IP address of the unit Synchronization status Yes () or No (blank) Yes () or No (blank) Firmware version of the unit Indicates whether the unit has been tampered with Yes () or No (blank) Analog monitor name List of all parent areas, starting from the system entity. If the analog monitor has multiple parent areas, *\ is shown as the path. Online, Offline, or Warning Name of the cameras currently displayed in the analog monitor Type of application (Config Tool or Security Desk) Machine it is running on Name of the user who is connected Software version of the client application
Analog monitors
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
173
Entity
Columns
Description
Areas
Area name List of all parent areas, starting from the system entity Online, Offline, or Warning Indicates if a threat level is currently activated on the selected area, along with the threat level name. If no threat level is set, the column is blank. (Only visible to administrative users) Indicates the minimum security clearance level required from cardholders to access this area, on top of the restrictions imposed by the access rules Working () or Not working (blank) Hard, Soft, or None (no antipassback) Working () or Not working (blank) Interlock input priority: Lockdown or Override Indicates whether a unit in the area has been tampered with. Yes () or No (blank) Camera name List of all parent areas, starting from the system entity. If a camera has multiple parent areas, *\ is shown as the path. Online, Offline, or Warning Recording state Lost, Available, or Unknown (IP cameras) Indicates if the camera is currently blocked from some users. Blocked (), or not blocked (blank) Door name List of all parent areas, starting from the system entity Online, Offline, or Warning Open ( Locked ( ) or closed ( ) )
Security clearance
People count Antipassback Interlock Priority Tampered Cameras Entity Logical path
Health Recording Analog signal Blocked Doors Entity Logical path Health Open Lock
) or unlocked (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
174
Entity
Columns
Description
Elevators
Elevator name List of all parent areas, starting from the system entity Online, Offline, or Warning Icon representing the entity type Entity name For a local entity, shows the server it is running on. For a federated entity, shows the federation role name List of all parent areas, starting from the system entity Online, Offline, or Warning Intrusion detection area name List of all parent areas, starting from the system entity Online, Offline, or Warning Master arm, Perimeter arm, Ready to arm, Arming, Disarmed, Disarmed (input trouble), or Armed (Alarm active) Active/inactive (represented by an icon) Active/inactive (represented by an icon) Intrusion detection unit name Online, Offline, or Warning Yes () or No (blank) Yes () or No (blank) Yes () or No (blank) Macro name Time the macro was started Name of the user who started the macro
Health issues
Bypass Alarm active Intrusion detection units Entity Health AC fail Battery fail Tamper Macros Entity Start time Instigator
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
175
Entity
Columns
Description
Roles
Role name Online, Offline, or Warning Name of server currently hosting the role List of servers assigned to host this role Software version of role Activated ( ) or Deactivated ( )
Routes
Route name, showing the two networks it joins Unicast TCP, Unicast UDP, or Multicast Unicast TCP, Unicast UDP, or Multicast OK, or warning message stating the reason of the problem Server name Online, Offline, or Warning Roles assigned to this server Zone name List of all parent areas, starting from the system entity Online, Offline, or Warning Normal, Active, or Trouble Indicates if the zone is armed or not
Servers
Zones
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
176
Access control units Analog monitors Applications (only administrators) Areas Cameras Cash registers Doors Elevators Health issues Intrusion detection area Intrusion detection units (only administrators) Macros (only administrators) Roles (only administrators) Routes (only administrators) Servers (only administrators) Zones
3 If required, select an area in the Selector. 4 To search for entities within nested areas, select the Search member entities option. The related entities, roles, applications, and items are listed in the report pane. For information about the status columns that are available for each entity, see "System status task" on page 172. 5 (Optional) Do one of the following:
To launch a Health history report, click health events" on page 170. To diagnose the selected entity, click on page 180.
. For more information, see "Viewing system . For more information, see "Diagnosing entities"
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
177
EXAMPLE If you have a camera that is not working, you can select the camera entity to
investigate why it is offline. If an entity has a health issue, you can launch the Health history task and generate a report to investigate further, or diagnose the entity from the System status task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
178
The entity is online, and the server can connect to it. The entity is offline, and the server cannot connect to it. The entity is in the warning state. The server can connect, there are problems.
Entity warnings usually appear because of invalid configurations.When it comes to cameras, there are two specific conditions that can cause the camera to fall into a yellow warning state:
Multiple recording schedules (that are in conflict) have been applied to the same camera. A transmission lost event has occurred. This means that the Archiver is still connected to the
camera, but it has not received any video packets for more than 5 seconds. To fix these issues, try the following:
Change the conflicting schedules, see "Resolving schedule conflicts" on page 105. Diagnose the Archiver role (see "Diagnosing entities" on page 180).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
179
Diagnosing entities
Diagnosing entities
You can diagnose entities, roles, and applications using the diagnostic tool. What you should know An entity or role that is not properly configured is displayed in yellow. An entity that is offline is displayed in red. The diagnostic tool can help you troubleshoot your problem. For more information about troubleshooting entity states, see "Troubleshooting entity states" on page 179. To diagnose an entity: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select the entity type you want to diagnose. 3 If required, select an area in the Selector. 4 To include entities within nested areas, select the Search member entities option. The related entities are listed in the report pane. 5 Select a trouble entity, and click Diagnose ( ). A troubleshooting window opens, showing the results from the diagnostic test performed on the selected entity. 6 To rerun the test, click Refresh. 7 To save the results of the test, click Save. 8 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
180
made those changes, you can select that entity. If you requested an update for an entity (for example, the privileges for a user), you can check to see if you the changes have been made from Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
181
Analog monitor connection/disconnection. Who connected to or disconnected from an analog monitor. Application update. Who updated a client application, such as Patroller, Web Client, Security Desk, and so on, or a Sharp unit. Badge printing. Who printed a credential badge. Connect to remote Security Desk. Who connected to a remote Security Desk workstation. Credential request. Who requested a credential badge to be printed, and why. Credential request cancelled/completed. Who completed or cancelled a credential badge print request. Disconnect from remote Security Desk. Who connected to a remote Security Desk workstation. Enable/disable visual tracking. Who enabled or disabled visual tracking in a tile. Export/generate report. Who exported/generated which reports. Hotlist editor. Who loaded a hotlist or permit list, or added, deleted, or edited entries within the list. Hotlist filtering. The LPR Manager role which has hotlist filtering enabled. Live streaming started/stopped. Which camera was displayed. Playback. Which recording was played. Playback bookmark deleted/modified. Who deleted/modified which bookmarks. Print hit report - photo evidence. Who printed evidence. Print report. Who printed a report. PTZ command. What did the user do with the PTZ. Snapshot printed/saved. Who printed or saved a snapshot. Threat level set/reset. Who activated/deactivated a threat level, and on which area or system. User logon/logoff. Who logged on or off of which Security Center client application. Video export. What did the user export and where did they save it. Video unit identified/rebooted. Who tried to identified/rebooted a unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
182
3 Set up the other query filters for the report (see "Query filters" on page 712). 4 Click Generate report. The activity results are listed in the report pane.
EXAMPLE You can find out who played back which video recordings, who blocked a camera,
who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
183
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
184
Part III
Omnicast IP video surveillance
Learn how to set up, configure, and manage your Omnicast system in Security Center. This part includes the following chapters: Chapter 8, Deploying Omnicast on page 186 Chapter 9, Managing Omnicast on page 223
8
Deploying Omnicast
This section explains how to set up your video surveillance system for the first time. This section includes the following topics:
"What is Omnicast?" on page 187 "What are the Omnicast entities?" on page 188 "Omnicast deployment process" on page 190 "Configuring the Archiver role" on page 193 "Configuring the Media Router role" on page 202 "Configuring the Auxiliary Archiver role" on page 204 "Configuring cameras" on page 209 "Configuring analog monitors" on page 220
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
186
What is Omnicast?
What is Omnicast?
Omnicast is the IP video surveillance component of Security Center. Omnicast provides seamless management of digital video, audio, and metadata across IP networks. Omnicast main features are as follows:
View live and playback video from all cameras View up to 64 video streams side-by-side on a single workstation View all cameras on independent timelines or on synchronized timelines Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse Digital zoom on all cameras Motion detection on all cameras Visual tracking: follow individuals or moving objects across different cameras Search video by bookmark, motion, or date and time Export video in proprietary G64 format or public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks
Omnicast also provides video support for events tracked by other systems unified under Security Center.
Enhance all event reporting with playback video Enhance alarm monitoring (core feature) with live video Enhance intrusion detection (core feature) with live video Enhance access control system (Synergis) with live video
Consolidate all access events with video Enhance LPR system with live video
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
187
Role that controls the video units and manages the video archive. See "Archiver" on page 521. Role that supplements the video archive produced by the Archiver. It is capable of archiving any camera on the system. See "Auxiliary Archiver" on page 543. Role that takes care of the routing of all audio and video streams on the network. See "Media Router" on page 585. Network (with specific streaming capabilities) that the Media Router takes into account while making routing decisions. See "Network" on page 434. Server on your network. Used to host the roles needed on your system. See "Server" on page 471. Logical grouping of cameras and camera sequences. See "Area" on page 360. Represent a physical analog monitor connected to a video decoder. See "Analog monitor" on page 357. A single video source on the system. Might support audio. See "Camera (video encoder)" on page 368. PTZ camera or dome camera. See "Camera (video encoder)" on page 368. A pre-arranged order for the display of video sequences in a rotating fashion within a single tile in Security Desk. See "Camera sequence" on page 393. Group of analog monitors sharing common characteristics. See "Monitor group" on page 432. Date and time range. Might support daytime and nighttime. See "Schedule" on page 463. IP unit incorporating one or more video encoders. See "Video unit" on page 494. Group of entities on the system visible only to a group of users. See "Partition" on page 447.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
188
Icon
Entity
Description
Individual who uses Security Center applications. See "User" on page 482. Group of users sharing common characteristics. See "User group" on page 489.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
189
"Omnicast deployment prerequisites" on page 190 "Omnicast deployment procedure" on page 191
A network diagram showing all public and private networks used within your organization,
their IP address range, their video transmission capabilities (Multicast, Unicast UDP, and Unicast TCP). For public networks, you also need the name and public IP address of their proxy servers.
TIP Ask your IT department for this information.
All ports used by Security Center for communication and video streaming must be open
and redirected for firewall and NAT purposes. For more information, see "Default Security Center ports" on page 776.
All video equipment (video units, fixed and PTZ cameras) must be installed and connected
on your companys IP network, with the following information:
Manufacturer, model, and IP address of each video unit Login credentials (username and password) if applicable Communication protocol used (HTTP or HTTPS)
TIP A site map (floor plans) showing where the cameras are located would be helpful.
An Omnicast 4.x system to manage the video encoders connected to the CCTV matrix outputs. For information on how to integrate hardware matrices with Omnicast, see Hardware Matrix in the Omnicast Administrator Guide.
To federate Omnicast 4.x system in Security Center. For more information, see "Federating Omnicast systems" on page 131. Security Center software components installed:
Security Center Server software installed on your main server. The main server is the computer hosting the Directory role. Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
190
For software installation, see Security Center Installation and Upgrade Guide.
1 2 3 4
Read the things you need to know and do before deploying your Omnicast system. Use the Admin account on Config Tool to connect to your system. Change the Admin accounts password to protect your system. Create a partition for each independent user group. By first defining the partitions, you wont have to move entities around after youve created them. Configure the Logical view (the tree structure). The Logical view lets you organize the entities from an end-users perspective. Set up the default Archiver role. (Optional) Configure your networking environment. (Optional) Set up additional Archiver roles if necessary. (Optional) Configure the Media Router role. (Optional) Configure Auxiliary Archiver roles. (Optional) Define custom fields for your system entities as needed. Create the users and user groups.
"Omnicast deployment prerequisites" on page 190. "Connecting to Security Center" on page 9. "Change your password" on page 10. "Defining partitions" on page 90.
"Managing the Logical view" on page 85. "Configuring the Archiver role" on page 193. "Managing the Network view" on page 82. "Configuring the Archiver role" on page 193. "Configuring the Media Router role" on page 202. "Configuring the Auxiliary Archiver role" on page 204. "Custom fields" on page 619. "Defining user groups" on page 96 and "Defining users" on page 93.
191
6 7 8 9 10 11 12
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Phase
Description
See
13 14
(Optional) Federate remote Omnicast systems if necessary. (Optional) Configure the alarms.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
192
"What is the Archiver?" on page 193 "Configure the Archiver" on page 193 "Adding video units to your system" on page 194 "Configuring video units for trickling" on page 197
5 Add the video units that you want this Archiver to control. For more information, see "Adding video units to your system" on page 194. 6 Click the Extensions tab, and complete the configuration of the extensions created in the previous step if necessary. For more information, see Archiver "Extensions" on page 528. 7 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226. 8 Configure the cameras associated with the video units you just added.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 193
For more information, see "Configuring cameras" on page 209. 9 If recording is performed on the edge units, see "Configuring video units for trickling" on page 197. After you are done: If you have a large system, you can distribute the load by adding more Archiver roles and hosting them on separate on separate servers. To add more Archivers, see "Create a role entity" on page 50.
"Add video units manually" on page 194 "What is automatic discovery?" on page 196 "Add video units using the Unit discovery tool" on page 196
Add video units manually
Before you begin: You must know the manufacturer, the product type (model or series), the IP address, and the login credentials (username and password) for the units you plan to add. 1 From the Home page in Config Tool, open the Video task. 2 Click the Role view, and select the Archiver role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
194
The Manual add dialog box appears (the following screenshot is just a sample).
4 If you have multiple Archiver roles, select the Archiver role from the Archiver drop-down list. 5 Select the units manufacturer and product type. 6 Enter the IP address and HTTP port of the unit. Use a range of IP addresses to add multiple units in a single operation.
TIP If you do not know your units IP address, use the Unit discovery tool instead. For more
information, see "Add video units using the Unit discovery tool" on page 196. 7 Select which credentials the Archiver should use to connect to the unit.
Default login . Use the default login credentials defined in the manufacturers extension for this Archiver. If the extension has not yet been defined, blank credentials are used. Specific. Enter the specific login credentials used by this unit. This can be changed to Use default login later during video unit configuration.
8 Complete all other settings as-necessary, and click Add. If the manufacturers extension does not exist, it will be created for you. For more information, see Archiver "Extensions" on page 528.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
195
NOTE If the manufacturer supports automatic discovery, all other units present on your system that share the same discovery port will automatically be added to the same Archiver in addition to those being added manually. For more information, see "What is automatic discovery?" on page 196.
9 Refresh the Role view. The newly added video units appear under the selected Archiver entity. 10 (Optional) Select the video units, and change their default settings if necessary. For more information, see Entity configuration "Video unit" on page 494. If you are having trouble adding the video unit, see "Troubleshooting video units that cannot be added" on page 244.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
196
6 Click Start discovery. The tool starts to list all units discovered on your network, using the discovery parameters you set for each manufacturer. You can stop the discovery process at any time.
NOTE If the discovery is based on the Axis extension, units from other manufacturers might
also be discovered because UPnP and Zero config are also used as well in the discovery process. 7 Select a unit in the list to display its information in the right-hand pane.
If you provided the correct login credentials, you will be able to add the unit to your system by clicking the Add unit ( ) button found below the unit information. If the login credentials are incorrect, you can still try to add the unit using the Manual add dialog box and providing the correct credentials:
"What is trickling?" on page 198 "Trickling limitations" on page 198 "Enable edge recording on a camera" on page 198 "Configure cameras for trickling" on page 200 "Start and stop trickling manually" on page 201
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
197
What is trickling?
Trickling is the process of transferring data in small amounts. Applied to the video world, it refers to situations where the video is recorded on the unit itself (edge recording), and that the recordings are only transferred to the Archiver at a specific or pre-determined time. There are many scenarios where video trickling is used:
Cameras configured for edge recording. The recording can be continuous or triggered by
specific events (inputs, motion, analytics, etc.).
Security Center must be configured to download video from these cameras, either
periodically, when a connection is established between the Archiver and the unit, or when a user explicitly requests it.
Trickling limitations
The following limitations apply when using the trickling feature:
It is not possible to trickle video sequences that occurred on a unit prior to the last video
time frame stored on the Archiver for that unit. For example, If the last frame trickled for a unit is 9/30/2011 3:44:40', and you try to trickle video between 3:40:00 and 3:50:00, only video between 3:44:40 and 3:50:00 will be trickled and stored in the Archiver.
2 From the entity browser, select the video unit you wish to configure. 3 Click Units Web page ( ) in the contextual command bar. 4 In the Web browser window that appears, follow the instructions from the units manufacturer to enable recording on that unit. 5 Close the Web browser window when youre done.
NOTE Some unit manufacturers support edge recording on a separate device from the video units, such as an iSCSI drive managed by Bosch VRM (Video Recording Manager). In this case, the VRM settings must be configured in the Archivers extension for the manufacturer that supports it.
To configure a Bosch VRM: 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the Bosch cameras. 3 Select the Extensions tab, and select the installed Bosch extension.
).
For more information, see Archiver Extensions "Bosch VRM settings" on page 531. 5 In the dialog box that appears, enter the IP address of the VRM, and the logon credentials, then click Save.
6 Click the Playback mode drop-down list and select one of the following:
iSCSI
199
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Select the data transport method according to the configuration of your Bosch VRM. 7 Click Apply.
selected for trickling, recording on the Archiver is stopped. This however does not affect the recording on Auxiliary Archivers. 5 For each camera selected for trickling, select
On connection. To configure the camera to start trickling upon connection to the network. This option is recommended for cameras connected to mobile units that regularly move in and out of Wi-Fi coverage. On schedule. To configure the camera to start trickling on schedule. This option is recommended for fixed cameras with poor network bandwidth. Trickling can then be scheduled for a time when the network demand is the lowest.
6 (Optional) If trickling on schedule is selected, define when it should happen. 7 Configure the type of video data you want to be trickled.
NOTE If you do not set any filter, all available video stored on the unit will be trickled.
Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes). Playback requests. Select this filter to trickle video segments that were played back from the camera. Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only. Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event. Video analytics. Select this filter to trickle video segments that contain video analytics events. Alarms. Select this filter to trickle video segments that contain alarm events.
200
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Input triggers. Select this filter to trickle video segments that contain input events.
Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event. Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping. Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
9 Click Apply.
to start trickling for the selected cameras to stop trickling for the selected cameras to start trickling for all cameras to stop trickling for all cameras ) once.
NOTE A camera that has just been added to the trickled camera list does not appear in this
dialog box until you have clicked Start trickling for all cameras ( 3 Click Close when you have finished.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
201
"What is the Media Router?" on page 202 "Configure the Media Router" on page 202 "Beware of RTSP port conflict" on page 203
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
202
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
203
"What is the Auxiliary Archiver?" on page 204 "Configure the Auxiliary Archiver" on page 206 "Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208 "Move the Auxiliary Archiver to a different server" on page 208
"Purpose of the Auxiliary Archiver" on page 204 "When do I need Auxiliary Archivers?" on page 204 "Auxiliary Archiver limitations" on page 205 "Differences between the Archiver and the Auxiliary Archiver" on page 205
You need to create a high resolution off-site (outside your corporate LAN) copy of your
video archive for selected cameras. In this scenario, you would run the Auxiliary Archiver from a secured location, probably on a server located in a separate building with large storage capabilities. The Auxiliary Archiver would record high quality video streams from specific cameras using different recording settings (mode, schedules, etc.) than the Archiver.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 204
You need to create a lower quality copy of your video archive to keep for a longer period of
time. In this scenario, you would record the low quality video stream with the Auxiliary Archiver and set a longer retention period. You need to record more cameras (offering different viewing angles) during off-hours when there are no guards on duty. In this scenario, you would configure an Auxiliary Archiver to continuously archive during off hours those cameras that are not archived by the regular Archiver, while the regular Archiver continues to archive
Automatic unit discovery Command and control of cameras/video units Command encryption via secure protocols (such as HTTPS and SSL) Recorded cameras
Yes (on units that support it). Yes. Yes (on units that support it).
A camera can only be associated to one Archiver role. Can only record cameras with which it has a direct connection (usually on the same LAN).
A given camera can be associated to multiple Auxiliary Archivers. Can record any camera on the system, including federated cameras (but only from Security Center systems). Each camera has the option to follow the default role settings or its own custom settings. Can record any video stream of your choice. No (although Manual recording schedules can be configured). Yes. The events can be searched and viewed with the Archiver events video maintenance task.
205
Recording settings
Each camera has the option to follow the default role settings or its own custom settings. Can only record the stream designated for Recording. Yes, when Manual recording schedules are in effect. Yes. The events can be searched and viewed with the Archiver events video maintenance task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Characteristics
Archiver role
Event logging to a flat file Database backup and restore Failover support Multiple copies of the video archive
Yes. Found in ArchiverLogs folder. Yes (video files are not included). Yes. One secondary server can be added to the Archiver role. Yes, via redundant archiving, but the master and redundant copies are identical, because they use the same recording settings. Yes. Yes.
No. Yes (video files are not included). Not applicable. Yes. Each Auxiliary Archiver produces a different set of video archive that follows its unique recording settings. Yes. Yes.
another instance of Auxiliary Archiver, you must choose a different name. Otherwise, the new role will corrupt the existing database!
TIP As a way to prevent unfortunate accidents, Genetec recommends you use a different database name for every instance of Auxiliary Archiver, regardless of whether there is a conflict or not.
d Click Next. 4 In the Basic information page, enter the name, description, and partition where the Auxiliary Archiver role will be created. For more information, see "Common entity attributes" on page 38.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
206
5 Click Next, Create, and Close. A new Auxiliary Archiver role ( ) is created. Wait a few seconds for the role to create the database on the selected data server. 6 Select the Resources tab, and configure the server, database, and disk storage required to run this Auxiliary Archiver.
NOTE Every newly created Auxiliary Archiver is assigned the default value of 558 for its RTSP port. This port value must be unique for all archiving roles hosted on the same machine. For more information, see Auxiliary Archiver "Resources" on page 547.
7 Select the Camera recording tab, and configure the default recording settings for all cameras recorded by this Auxiliary Archiver. For more information, see Auxiliary Archiver "Camera recording" on page 544.
TIP If you are using multiple disk groups, you can temporarily set the recording mode to off, then re-enable it at the end of the process to avoid having video files created on the wrong disk group.
8 Select the Cameras tab, and configure the cameras you want to archive. For more information, see "Associate cameras to the Auxiliary Archiver" on page 207. 9 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226.
a camera in the given time, a failed status will be indicated for a few seconds, and the camera will be removed. 3 Click Apply. 4 To override the default recording settings on a camera: a Select the camera from the list and click Jump to ( The camera configuration page is selected. b From the Recording tab of the camera, select the tab that corresponds to the current Auxiliary Archiver. For more information, see Camera "Recording" on page 378. c Select Custom settings under Recording settings, and make the necessary changes. d Click Apply. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
207
).
2 In the confirmation dialog box that appears, click Delete. All records of this cameras video archive are deleted from the roles database. 3 In the second confirmation dialog box, do one of the following:
Click No if you want to keep the video files on disk. This allows you to play the video files with the Video file player in Security Desk, but you will no longer be able to query the video archive with the Archives task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
208
Configuring cameras
Configuring cameras
Camera (or video encoder) entities are automatically created when the video units they are part of are added to your system. Although Security Center provides workable default settings, we recommend that you carefully go through the configuration of each entity in order to achieve optimal performance.
TIP You can save a significant amount of time by copying the settings of one camera to all similar cameras. For more information, see "Copy configuration tool" on page 668.
"Recommended camera configuration process" on page 209 "Configuring video streams" on page 210 "Configure visual tracking" on page 212 "Test the video quality of your camera" on page 213 "Configure PTZ motors" on page 214 "Creating camera sequences" on page 218
configured using its web page. For more information, see "Trickling" on page 524. 5 (Optional) Motion detection can be performed by the Archiver or by the unit, on the entire video image (default) or only on certain areas (motion zones). For more information, see Camera "Motion detection" on page 379. 6 (Optional) The cameras video attributes (brightness, contrast, hue, saturation) can be adjusted to account for different times of the day. For more information, see Camera "Color" on page 387. 7 (Optional) Visual tracking, the ability for Security Desk users to switch to an adjacent cameras view by clicking on certain areas of the video image in the tile, can be configured for all fixed cameras.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
209
Configuring cameras
For more information, see Camera "Visual tracking" on page 388, and "Configure visual tracking" on page 212. 8 (Optional) Hardware devices such as PTZ motors, microphones and speakers can be manually associated with the current camera if they are not built-in on the same unit. For more information, see Camera "Hardware" on page 389. 9 Test the settings you have configured so far: video quality, color and brightness, PTZ controls, etc. For more information, see "Test the video quality of your camera" on page 213. 10 (Optional) Configure any necessary event-to-action behaviors for this camera. For more information, see "Using event-to-actions" on page 106. 11 (Optional) Copy the settings you just configured from this camera to other similar cameras on your system if applicable. For more information, see "Copy configuration tool" on page 668. 12 Repeat the same process for all other cameras on your system.
"How video stream settings are organized" on page 210 "Automatic stream selection" on page 211 "Boosting recording quality on special events" on page 212
How video stream settings are organized
Video stream settings for a video encoder are nested in the following way:
Each video encoder can generate one or more video streams. Each video stream is described by the following settings:
Video quality. Video quality is defined by a host of parameters such as image resolution, bit rate, frame rate, and so on, that can vary depending on the manufacturer. The video quality can have multiple configurations based on different schedules. For example, lower resolution might be required for regular hours when there is a lot of activity in the office, while higher resolution might be used after closing time when less human surveillance is available.
Stream usage. The stream usage defines the purpose of the stream. You can select from the following options:
Live Default stream used for viewing live video in Security Desk.
210
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Configuring cameras
Recording Stream recorded by the Archiver for future investigation. The quality of the recording stream can be temporarily boosted when the recording is triggered by certain types of events. For more information, see "Boosting recording quality on special events" on page 212.
Remote Stream used for live viewing when the bandwidth is limited. Low resolution Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. High resolution Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large.
A stream can be assigned all, some, or none of the usage options. A stream that has no usage is not generated by the video encoder.
Network settings. Specific connection type and multicast address can be configured for each stream based on its usage and your network configuration.
For more information on stream configuration, see Camera "Video" on page 369.
Configuring cameras
For more information on how the default live stream is configured in Security Desk, see Default live stream in Genetec Security Desk User Guide.
Boost quality on manual recording. Temporarily boosts video quality when the recording
is started manually by a user. The actions that trigger manual recording are as follows:
The Add a bookmark button ( ) is clicked by a Security Desk user Boost quality on event recording. Temporarily boosts video quality when the recording is triggered by a system event.
The Start recording action was executed The recording was triggered by an alarm The recording was triggered by motion
"Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
212
Configuring cameras
5 From the camera tree located under the drawing tools, drag and drop the camera you want to switch to onto the colored shape. The camera name appears in the Entities box. You can associate multiple cameras to the same shape. If more than one camera is to be associated with the same on-video control, the operator must explicitly select a camera before making the switch instead of just clicking on the colored shape. 6 Add as many on-video controls as necessary. 7 Click Apply.
Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
The Live video dialog box appears and shows you live statistics about the video stream that is coming from the video encoder. For a PTZ camera, see "Configure PTZ motors" on page 214.
3 If you have configured multiple video streams, click the Stream drop-down list to select a different stream to view. For more information, see "Configuring video streams" on page 210.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 213
Configuring cameras
4 If you have configured separate High resolution and Low resolution streams, select Automatic as your stream option, and resize the Live video dialog box to test the automatic stream selection. For more information, see "Automatic stream selection" on page 211. 5 If you are experiencing streaming problems, click Show diagnostic information to display diagnostic information as a transparent overlay on the video.
Click Copy to clipboard to capture that information to send it to "Technical support" on page 869. Click Close to hide the diagnostic information.
Zoom-box. Zoom in on an area by drawing a box on the video image using your mouse.
This works like the digital zoom for fixed cameras.
Center-on-click. Center the camera on a point of the video image with a single click.
When these two commands are enabled, they replace the normal pan, tilt, and zoom commands when controlling the PTZ in Security Desk. To configure PTZ motors: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 214
Configuring cameras
3 Switch the PTZ option to ON. 4 From the Protocol drop-down list, select the protocol used by the PTZ motor. 5 Beside the Protocol field, click options. to set the Idle delay, Idle command, and Lock delay
For more information about these options, see "Hardware" on page 389. 6 From the Serial port drop-down list, select the serial port used to control the PTZ motor. 7 In the PTZ address box, select the number that identifies the PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware. 8 To enable the enhanced PTZ commands (zoom-box and center-on-click), switch the Enhanced PTZ option to ON, and calibrate the PTZ coordinates. For information about how to calibrate the PTZ, see "Calibrate the PTZ coordinates" on page 215.
NOTE Not all cameras require PTZ calibration. For example, Axis cameras do not require
calibration. 9 Click Apply. After you are done: To test the PTZ controls, do the following: a From the Logical view, do one of the following:
Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
b In the Live video dialog box, test the PTZ controls in the video image. c Use the PTZ widget to control the camera. For a list of commands in the PTZ widget, see "PTZ widget" on page 217.
Configuring cameras
Max zoom factor. Zoom in to the maximum level you want Security Desk users to reach, and enter the Zoom value from the Coordinates section. Horizontal field of view. Enter the horizontal field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the horizontal field of view from the image you see on screen. Vertical field of view. Enter the vertical field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the vertical field of view from the image you see on screen. Minimum pan angle. Turn the camera to the left-most position of the area under surveillance, and enter the Pan value from the Coordinates section. Maximum pan angle. Turn the camera to the right-most position of the area under surveillance, and enter the Pan value read from the Coordinates section. Minimum tilt angle. Turn the camera to the bottommost position of the area under surveillance, and enter the Tilt value read from the Coordinates section. Maximum tilt angle. Turn the camera to the topmost position of the area under surveillance, and enter the Tilt value read from the Coordinates section.
6 If you want to flip the camera image at any point, select one of the following from the Flip camera drop-down list:
Minimum tilt. Flips the camera image when the PTZ motor reaches the minimum tilt coordinate. Maximum tilt. Flips the camera image when the PTZ motor reaches the maximum tilt coordinate.
7 If you see that the Minimum pan angle value is higher than the Maximum pan angle value, select the Invert pan axis option. 8 If you see that the Minimum tilt angle value is higher than the Maximum tilt angle value, select the Invert tilt axis option. After you are done: Test the zoom-box and center-on-click commands from a Security Desk tile. If needed, adjust the calibration, and test the PTZ camera again.
NOTE Every time you change a parameter, you must remove the camera from the tile and drag
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
216
Configuring cameras
PTZ widget
The PTZ widget is used to perform pan, tilt, and zoom operations on the displayed PTZ-enabled camera ( ).
IMPORTANT Not all PTZ cameras support all PTZ commands. If one or more of the PTZ buttons are greyed out, it means that the PTZ camera you are working with does not support that command.
A B C D
E F G
A B C D E F G
Eight direction arrows for PTZ motor control Adjust speed of the PTZ motor Zoom in and zoom out commands (+ and -) Quick access buttons for the first eight presets Choice of preset slot (drop-down menu) Choice of pattern/tour slot (drop-down menu) Choice of auxiliary command slot (drop-down menu) Lock control of the PTZ motor Toggle the PTZ Advanced mode menu Manual focus control (focus near) Manual focus control (focus far) Manual iris control (open iris)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
217
Configuring cameras
Manual iris control (close iris) Go to PTZ home (default) position Flip PTZ motor 180 degrees Open PTZs menu (analog domes only) Use specific commands (specific to that model camera) Go to preset position Save preset position Rename a preset, pattern, or auxiliary Start PTZ pattern (tour). Click any preset or PTZ button to stop the pattern. Record PTZ pattern (tour) Start PTZ auxiliary command (e.g. wiper blade) Stop PTZ auxiliary command
Preset. Move the PTZ camera to a preset position. Position. Start a PTZ pattern.
218
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Configuring cameras
8 From the PTZ auxiliary drop-down list, configure the switch number and the state to set it to. This option is only for PTZ-enabled cameras that support auxiliary switches. 9 Click Save > Apply. 10 To add another camera to the sequence, repeat steps Step 4 to Step 9. 11 To change the order of the cameras in the sequence, use the 13 Click Apply. and buttons. ). 12 To remove a camera from the sequence, select the camera, and click Remove the item (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
219
"Configure analog monitors" on page 220 "Testing your analog monitor configuration" on page 222
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
220
d Repeat Step a to Step c for each analog monitor connected to the decoder. 3 To receive alarms on your physical analog monitors, do the following: a In the Alarms task, click the Monitor groups view. b Click Monitor group. c Type a name for your monitor group. d Select the monitor group, and click the Monitors tab. e At the bottom of the page, click group, and then click OK. , select the analog monitors to be part of the monitor
You can select multiple analog monitors by holding the SHIFT or CTRL keys.
IMPORTANT The order of analog monitors in the list is important. If you add more than
one analog monitor to a monitor group, the first analog monitor in the list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in the monitor group list will receive all the other alarms. f Click Apply. g In the Alarms task, click the Alarms view. h Select an alarm, and then click the Properties tab. i In the Recipients section, click alarm, and then click OK. , select the monitor groups to be recipients of the
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
221
j Click Apply. Analog monitors that are part of the monitor group are now recipients of the alarm. When the alarm is triggered, the video associated with the alarm is shown on the physical analog monitor.
NOTE High priority alarms do not replace lower priority alarms that are displayed on the
analog monitor. For more information about viewing video or receiving alarms in analog monitors in Security Desk, see Viewing video in an analog monitor in the Security Desk User Guide.
Display an analog monitor in a canvas tile in Security Desk, and then add a supported
camera to the tile. Supported cameras must be from the same manufacturer as the decoder, and use the same video format. For more information about using analog monitors in Security Desk, see Viewing video in an analog monitor in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
222
9
Managing Omnicast
This section explains advanced configuration techniques, and describes how to keep your video surveillance system reliable, protected, and running smoothly. This section includes the following topics:
"Managing video archives" on page 224 "Protecting your video archives" on page 227 "Protecting video files" on page 231 "Viewing properties of video files" on page 233 "Replace video units" on page 234 "Diagnosing video streams" on page 235 "Troubleshooting video units that are offline" on page 236 "Diagnosing Waiting for signal errors" on page 237 "Diagnosing Impossible to establish video session with the server errors" on page 239 "Troubleshooting no playback video available" on page 240 "Troubleshooting cameras that are not recording" on page 241 "Troubleshooting video units that cannot be added" on page 244 "Troubleshooting video units that cannot be deleted" on page 247 "Solving H.264 video stream issues" on page 248 "Investigating Archiver events" on page 249
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
223
"What constitutes a video archive?" on page 224 "Managing the archive storage" on page 225
Catalog of the recorded video footage. Events associated with the recorded video footage, such as motion detected, bookmarks,
and occasionally metadata (in the future).
Events describing the recording activities, such as when recording started and stopped, and
what triggered the event. Events related to the archiving process, such as Disk load is over 80%, and Cannot write to any drive.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
224
Estimating how much storage you need Configuring automatic disk cleanup Optimizing access to your storage devices Monitoring the storage usage
The number of cameras that need archiving. The number of days you need to keep the archive online.
See "Configuring automatic disk cleanup" on page 225.
Frame rate.
The higher the frame rate, the more storage space the recording will require. For information on configuring the recording frame rate, see Camera "Video" on page 369.
Image resolution.
The higher the image resolution, the more storage space the recording will require. The image resolution is determined by the video data format in effect. For a description of the available video data format, see Camera "Video" on page 369.
The first method is to delete the oldest video files when running out of disk space. This is
the simplest method if the video footage from all cameras is of equal importance, and if you
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 225
wish to keep as much footage as possible. This method maximizes disk usage. For information on how to configure this option, see Archiver "Advanced settings" on page 532. The second method is to specify for each camera the number of days the recorded footage needs to be kept online. When the that timer period expires, the video is automatically deleted, even if disk space has not run out. This method allows you to keep more important video footage for a longer period of time. For information on how to set this option, see Camera "Recording" on page 378.
The Archiver can also be instructed not to delete any video files. In this case, archiving stops when disk space runs out.
Program event-to-action behaviors to alert you when the Archiver is running out of disk
space or has stopped archiving. For more information, see "Using event-to-actions" on page 106. Regularly check the Archiver statistics. See Archiver "Archiver statistics" on page 538.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
226
"Protecting your video archive against storage failure" on page 227 "Protecting your video archive against hardware failure" on page 227 "Protecting video archive against routine cleanup" on page 229 "Protecting video archive against tampering" on page 229
Only one primary server and one secondary server can be assigned to an Archiver role. The primary and secondary servers must each have their own database, hosted locally, or on
another computer.
To make sure that the video archived by the primary server is still available if it fails to the
secondary server, you must turn on redundant archiving. This ensures that the primary and secondary servers can archive video at the same time, and that they each manage their own copy of the video archive.
NOTE You can set up redundant archiving on all cameras managed by the Archiver role, or protect just a few important cameras. For more information, see Archiver "Camera recording" on page 522.
An alternative solution to protecting your video archives is to use Auxiliary Archivers. For more information, see "Configuring the Auxiliary Archiver role" on page 204.
will be maintained for the important cameras. For more information, see "Configure standby archiving priorities" on page 535.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
229
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
230
4 In the Start and End columns in the Protect archives dialog box, set the time range of the video file to protect.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
231
5 Select how long to protect the video file for, from one of the following options:
Indefinitely. No end date. You must remove the protection status manually by selecting the video file in the report pane, and then clicking Unprotect ( ).
NOTE When you unprotect a video file, it is not immediately deleted. You have 24 hours to change your mind (see "Archive storage settings" on page 548).
For x days. The video file is protected for the number of days that you select. Until. The video file is protected until the date that you select.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
232
To export an important video archive, select the item in the report pane, and then click
Export video ( ). For more information, see Exporting video in the Security Desk User Guide. To remove a video file from the database, select the item in the report pane, and then click Delete ( ). To protect an important video archive from automatic deletion, select the item in the report pane, and then click Protect ( page 231. ). For more information, see "Protecting video files" on
EXAMPLE If you protected an important video file, you can search for that camera, see when
the protection status is going to end, and extend the amount of time, if needed. Also, if the video file is not yet protected, you can protect it.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
233
Before you begin: The new video unit must be the same brand and model as the old one, or you will receive the following error message: Units extension does not match. 1 Add a new video unit to the Archiver controlling the old unit. For information about adding a video unit, see "Adding video units to your system" on page 194. 2 Copy the configuration settings of the old video unit to the new video unit, using the Copy configuration tool. See "Copy configuration tool" on page 668. 3 Copy the configuration settings of the cameras controlled by the old video unit to the new cameras, using the Copy configuration tool. See "Copy configuration tool" on page 668. 4 Click the Home tab, and then click Tools > Unit replacement tool. 5 In the Unit type option, select Cameras. 6 Select the Old and the New cameras. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 7 Click Swap. The video archives and event logs of the old video unit are copied to the new one. 8 Verify that the video archives are now associated with the new video unit. a Open Security Desk. b From the Home page, open the Archives task. c Select a camera that is controlled by the new video unit. All days that include video archives for the selected camera are listed in the All available tab. d Click Generate report. 9 Once everything is verified, return to the Config Tool Video task. 10 In the Logical view, right-click the old unit, and click Delete ( 11 In the confirmation dialog box that opens, click Continue. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
234
Archiver. The connection status from the camera to the Archiver role. Redirector. The connection status from Archiver role to the redirector. Media player. The connection status from the redirector to your Security Desk workstation.
4 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
235
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the units Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot ( ). 4 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 5 Restart the Archiver role controlling the unit. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Deactivate role ( The Archiver turns red. d At the bottom of the Video task, click Activate role ( 6 If the video unit is still offline, contact technical support. See "Technical support" on page 869. ). ). c In the confirmation dialog box that opens, click Continue.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
236
The network is slow. There is some sort of block due to your port connections. The video stream was dropped while it was being redirected to Security Desk.
Wait to see if the camera connects. If the Waiting for signal message persists, you can try to diagnose the connection. To diagnose a Waiting for signal error: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the units Web page by typing its IP address in a Web browser. 3 Change the video units connection type to the Archiver. a In Video task in Config Tool, select the red camera. b Click the Video tab. c From the Connection type drop-down list in the Network settings section, select a different connection type. d Click Apply. 4 Try viewing playback video from the camera. a In the Archives task in Security Desk, select the camera. b Select the most recent video archive available, and then click Generate report. c Once the report is generated, try to view the video from the archive.
If you can view the video, continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 If you have an expansion server on your system running the Archiver role, try to view video from the expansion server. a Open Security Desk on the expansion server. b In the Monitoring task, drag the camera from the Logical view to a tile in the canvas.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 237
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 6. If you cannot view any video, contact technical support (see "Technical support" on page 869).
6 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see Default Security Center ports in the Security Center Administrator Guide. 7 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a and Step b for all the networks on your system. For more information about configuring network settings, see Network view in the Security Center Administrator Guide. 8 Force Security Desk to use a different connection type. a In the Home page in Security Desk, click Options. The Options dialog box opens. b Click the General page. c In the Network options section, next to the Network option, select Specific. d From the drop-down list, select a different network, and then click Save. e Restart Security Desk. f If changing the network connection does not work, repeat Step a to Step e to test using other networks. 9 If you still cannot view video, or the tile displaying the camera still says Waiting for signal, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
238
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
239
If you can view live video, continue with Step 2. If you cannot view any video, see the following troubleshooting section: "Troubleshooting video units that are offline" on page 236.
2 Try viewing playback video from the Archives task. a In the Archives task in Security Desk, select a camera. b Search for video archives at different dates and times, and then click Generate report. c Once the report is generated, try to view video from the archives. d Repeat Step a to Step c with other cameras.
If you can view the video from some of the video archives, go to Step 3. If you cannot view any video, go to Step 4.
3 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 4 Try viewing playback video from the Archives task on another Security Desk, and on the server where the Archiver role is running (follow the substeps in Step 2).
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see "Default Security Center ports" on page 776. 6 If you still cannot view playback video, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
240
If you are viewing live video, the recording status of the camera is indicated in the lowerright corner of the tile. If the status indicates you selected, and you know that there should be. To troubleshoot why a camera is not recording: 1 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 2 Verify the camera recording type. a In the Video task in Config Tool, select the red camera. b Click the Recording tab.
You are trying to view playback video, but there is no video available for the date and time
If the Recording settings option is set to Custom settings, check that all the recording settings are correct, and then click Apply. If the Recording settings option is set to Inherit from Archiver, continue with Step c.
c In the Video task, select the Archiver. d Click the Camera recording tab. e In the Recording modes section, make sure the Archiver is set to record on the right Schedule, and that the recording Mode is not set to Off. 3 If the camera recording mode is set to On motion/manual, make sure the motion detection settings are configured properly. a In the Video task in Config Tool, select the red camera. b Click the Motion detection tab. c Verify the motion detection settings. Fore more information, see Motion detection in the Security Center Administrator Guide. 4 Check the status of the Archiver role database. a In the Video task in Config Tool, select the Archiver.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 241
If the Archiver database status is Connected, go to Step 5. If the Archiver database status is Disconnected, or Unavailable, continue with Step c. ).
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
If the camera can record using the new Archiver database, you can continue to use the new database. If the camera is still not recording, revert back to the original database, and continue with Step 5.
5 Check how much disk space is available for archiving. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab. c In the disk information table, make sure the Min. free space value is at least 0.2% of the Total size value. The Min. free space is the minimum amount of free space that the Archiver must leave untouched on the disk. d If the Min. free space value is less than 0.2% of the Total size, click on the value, and then increase it. 6 Check for Archiving stopped and Recording stopped events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs. If there are Archiving stopped or Recording stopped events in the Entry type column, restart the Genetec Server service. a Open your Windows Control Panel. b Click Administrative Tools > Services. c Click the Genetec Server service, and then click Restart. 7 Check for Transmission lost and RTP packet lost events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs.
If there are many Transmission lost and RTP packet lost events in the Entry type column, then it might be a CPU usage or network issue. Continue with Step 8. If there are not many Transmission lost and RTP packet lost events, go to Step 9.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
242
The Windows Task Manager opens. b Click the Performance tab, and make sure the CPU Usage is not over 60%. If the CPU usage is over 60%, restart the server, and consider adding more CPU to the server. c Click the Networking tab, and make sure the network Link speed is not over 300 Mbps. 9 If you are only experiencing recording problems with one video unit, try the following: a In the Video task in Config Tool, right-click on the red video unit, and then click Delete. b In the confirmation dialog box that opens, choose if you want to keep the video archives from the unit. The video unit is removed from the Archiver. c Add the video unit. For more information about adding units in Security Center, see the Security Center Administrator Guide. 10 If you still cannot record video on the camera, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
243
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the units Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot ( 4 Try adding the unit again. 5 Make sure that you have a free camera connection in your Security Center license. a From the Home page in Config Tool, click the About page, and click the Omnicast tab. b In the Number of cameras license option, make sure there is a camera connection still available. 6 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. Youll need a username and password to log on to GTAP. 7 Make sure you are using the correct credentials when trying to add the unit. For some manufacturers, you have to set the default credentials from the Archiver Extensions tab. a From the Video task in Config Tool, select the Archiver to which you are trying to add the video unit. b Click the Extensions tab. c To add the extension for the video unit, click Add an item ( type, and click Add.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
244
d Select the extension. e In the Default logon section, enter the username and password for the unit. 8 Make sure the Archiver is connected to the correct database. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab.
If the Archiver database status is Connected, go to Step 9. If the Archiver database status is Disconnected, or Unavailable, continue with Step c. ).
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
changed, you can also re-create the Media Router database. a In the Video task in Config Tool, select the Media Router. b Click the Resources tab.
If the Media Router database status is Connected, go to Step 10. If the Media Router status is Disconnected, or Unavailable, continue with Step c. ).
10 Try adding the unit with the firewall turned off. For information about how to disable Windows firewall, see KBA00596: Recommended Windows Firewall Settings on GTAP, at https://gtap.genetec.com/Library/ KnowledgeBaseArticle.aspx?kbid=596.
IMPORTANT Do not turn off the firewall permanently. Reactivate it after your tests are
complete. 11 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a to Step c for all the networks on your system. For more information about configuring network settings, see Network view in the Security Center Administrator Guide. 12 Make sure the Archiver, Media Router, and all redirectors are using the correct NICs (network interface cards). a From the System task in Config Tool, click the Roles view.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 245
b Select the Archiver role, and click the Resources tab. c From the Network card drop-down list, select the appropriate NIC. d In the Logical view, select the Media Router role, and click the Resources tab. e Under the Servers section, click Advanced ( g Click the Properties tab. h Select a Redirector, and click Edit the item ( j Repeat Step h and Step i for each redirector. 13 Try adding the unit. 14 Verify the NICs priority in Windows. a In Windows, click Start > Run, and type ncpa.cpl. The Network Connections window opens. b Click the Advanced menu above and select Advanced Settings. c Note which NIC on your server is configured as network priority one (at the top of the Connections list), and which is configured as priority two. d If needed, use the arrow buttons on the right side to move the different connections up and down in the list. 15 Try adding the unit. 16 Make sure the Media Router role is online. a In the System task in Config Tool, select the Media Router role. b At the bottom of the System task, click Diagnose ( c If there are issues, try to fix them. 17 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose ( c If there are issues, try to fix them. 18 If you still cannot add the video unit, contact technical support (see "Technical support" on page 869). ). ). ). i From the Multicast interface drop-down list, select the appropriate NIC. ). f Select the appropriate Network card for each server, and click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
246
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
247
6 In the Name column, type AVCodec_ErrorRecognition. 7 In the Value column, type 0. 8 Click Close. 9 In the Advanced settings dialog box, click OK. 10 In the Resources tab, click Apply. 11 When you are asked to restart the Archiver, click Yes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
248
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
249
Part IV
Synergis IP access control
Learn how to set up, configure, and manage your Synergis system in Security Center. This part includes the following chapters: Chapter 10, Deploying Synergis on page 251 Chapter 11, Managing Synergis on page 295
10
Deploying Synergis
This section explains how to set up your access control system for the first time. This section includes the following topics:
"What is Synergis?" on page 252 "Synergis deployment process" on page 256 "Configuring the Access Manager role" on page 260 "Configuring access control units" on page 267 "Configuring doors" on page 268 "Using the Walkthrough wizard" on page 271 "Configuring elevators" on page 274 "Configuring secured areas" on page 278 "Configuring access rules" on page 281 "Configuring cardholders and cardholder groups" on page 283 "Configuring credentials" on page 285 "Defining badge templates" on page 289 "Testing your configuration" on page 294
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
251
What is Synergis?
What is Synergis?
Synergis is Security Centers IP access control system. From access control reader to client workstation, Synergis provides end-to-end IP connectivity. Synergis integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more. Synergis was designed with an open and distributed architecture. Build your system with new IP readers or use what you already have. Integrate your access control system with other thirdparty systems, like intrusion or building management, and distribute Synergis server components on many different network computers to optimize bandwidth and workload. Synergis Enterprise supports an unrestricted number of doors, controllers and client workstations. You can grow your system one door at a time or scale your system across multiple buildings using the Federation feature.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
252
What is Synergis?
System configurations are saved by the Directory role. The Directory pushes configurations to the Access Manager. Access Manager communicates directly with the physical door controllers (called access
control units) over TCP/IP.
Access Manager pushes schedules, cardholder information, and access rules to the door
controllers. When a cardholder presents their credential to a reader, the controller refers to the access rule to determine whether the user should be granted or denied access. Once controllers have synchronized with the Access Manager, they can operate autonomously, even if they lose the network connection to the Access Manager.
With additional configuration, a cardholder can belong to a cardholder group, a door can be part of an area, and there can be multiple schedules and rules pushed to a unit.
Role that manages the door controllers on the system. See "Access Manager" on page 511. Door controller (to which a reader is attached). See "Access control unit" on page 337. Logic used to determine whether to grant access or not. See "Uniqueness of the Synergis model" on page 254 and "Access rule" on page 349. Simple grouping of doors and elevator floors or secured area with full access control behavior, including antipassback and interlock. See "Area" on page 360. Custom-designed printing template for user credentials. See "Badge template" on page 365. Individual who possesses a credential. See "Cardholder" on page 395. Group of cardholders sharing common characteristics. See "Cardholder group" on page 398. Claim of identity (card, PIN, biometric scan, etc). See "Credential" on page 401.
Area
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
253
What is Synergis?
Icon
Entity
Description
Physical barrier controlled by an access control unit. See "Door" on page 404. A single elevator cabin. See "Elevator" on page 410. Date and time range. See "Schedule" on page 463. Group of entities on the system visible only to a group of users. See "Partition" on page 447. Individual who uses Security Center applications. See "User" on page 482. Group of users sharing common characteristics. See "User group" on page 489.
Who? (cardholder or cardholder group) What? (grant or deny access) When? (schedule)
Notice that Synergis does not grant access to a card/credential. Rather, access is granted, or denied based on the cardholders themselves.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
254
What is Synergis?
This subtle, but fundamental shift in the applied logic has a significant benefit in managing lost and stolen cards. The access rules that have been pushed to the door controllers do not have to be modified. If you associate a new credential with a cardholder, the old rule is still valid.
A B
A B C
When? (Schedule) What? (Grant or deny access) Who? (Cardholders and/or cardholder groups)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
255
"Synergis deployment prerequisites" on page 256 "Synergis deployment procedure" on page 257
A network diagram showing all public and private networks used within your organization,
and their IP address ranges. For public networks, you also need the name and public IP address of their proxy servers.
TIP Ask your IT department for this information.
Security Center Server software installed on your main server. The main server is the computer hosting the Directory role. Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
At least one Access Manager role created on your system. Security Center Client software installed on at least one workstation.
For instructions on software installation, see the Security Center Installation and Upgrade Guide.
A list of partitions (if any). Partitions are used to segregate the system into more manageable
subsystems. This is especially important in a multi-tenant environment. If, for example, you are installing one large system in a shopping center or, office tower, you might want to give local administration privileges to the tenants. By using partitions, you can group the tenants so that they can only see and manage the contents of their store or office, but not the others. All access control units (IP door controllers and/or IP readers) installed and connected together on your companys IP network, with the following information:
Manufacturer, model, and IP address of each door controller. Login credentials (username and password). Which door/gate/elevator is each controller connected to. Are the doors card-in/card-out or, card-in/REX-out? Which inputs and outputs are connected to the door monitor/REX/lock/other?
TIP A site map or floor plan showing door, controller and reader locations would be very helpful.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 256
A list of door groupings to create areas for purposes of people-counting. A list of all known cardholders (and cardholder groups where applicable).
TIP For a large installation, cardholders can be imported from a text file or from a Windows Active Directory. For more information, see "Import cardholders from a flat file" on page 284, and "Importing cardholders from an Active Directory" on page 284.
A list of available credentials. A list (and details) of all required access rules (who is allowed where and when). A list of all known users with their names and responsibilities.
TIP To save configuration time, identify users who have the same roles and responsibilities. NOTE Users are not cardholders. Users are persons who access the software. Cardholders are
Facility codes and card numbers. A list (and details) of all required schedules (office hours, holidays, etc.).
(Optional) Identify user groups that will work independently on different parts of the
system (partitions).
NOTE If Omnicast video will be integrated, you will also need:
A cross-reference list indicating which cameras should be associated with which doors.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
257
1 2 3 4
Make sure you have everything listed in the prerequisites section. Connect to your system with Config Tool using the Admin account. Change the Admin accounts password to protect your system. Create a partition for each independent user group. By first defining the partitions, you wont have to move entities around after youve created them. Configure the Logical view (the tree structure). The Logical view lets you organize the entities: areas, doors, elevators, and zones, from an endusers perspective. Configure your Access Manager roles. (Optional) Define custom fields for your system entities as needed. Discover and enroll the access control units in the system. The Access Manager role needs to see the door controllers over the IP network. Configure the newly enrolled access control units and the interface modules attached to them. Create doors and configure the wiring of the readers, sensors, locks, and son on, to the access control units. (Optional) Create elevators and configure the wiring of the cabin reader and floor buttons to their access control units. Configure the secured areas (antipassback or interlock) and their perimeter doors. Create schedules (open/closed hours and holidays). Create access rules. Link rules to doors and schedules.
"Synergis deployment prerequisites" on page 256. "Connecting to Security Center" on page 9. "Change your password" on page 10. "Defining partitions" on page 90.
6 7 8
"Configuring the Access Manager role" on page 260. "Custom fields" on page 619. "Adding access control units to your system" on page 261. "Configuring access control units" on page 267. "Configuring doors" on page 268.
9 10
11
12 13 14
"Configuring secured areas" on page 278. "Using schedules" on page 103. "Configuring access rules" on page 281.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
258
Phase
Description
See
15 16 17 18 19 20 21
Create cardholders and (optional) cardholder groups. Link to access rules. Create credentials. (Optional) Create badge templates.
"Configuring cardholders and cardholder groups" on page 283. "Configuring credentials" on page 285. "Defining badge templates" on page 289. "Testing your configuration" on page 294. "Defining users" on page 93 and "Defining user groups" on page 96. "Managing alarms" on page 111. "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
259
"Configure the Access Manager role" on page 260 "Add the unit manufacturer extensions" on page 261 "Adding access control units to your system" on page 261
Center installation files), the database size limitation is 10 GB. A door event uses (on average) 200 Bytes in the database. If you configure the Access Manager to retain door events indefinitely, it will eventually hit the 10 GB limitation and the database engine will stop. 5 Add the manufacturer extensions for the unit types this Access Manager is to manage. For more information, see "Add the unit manufacturer extensions" on page 261. 6 Add the access control units you want this Access Manager to manage. For more information, see "Adding access control units to your system" on page 261. After you are done: If you need more than one Access Manager role on your system, now is the time to add more Access Manager roles and host them on separate servers. To add a new Access Manager role, see "Add an expansion server to your system" on page 47 and "Create a role entity" on page 50.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
260
Synergis Master Controller. Synergis Master Controller (SMC) is Genetecs access control
unit that supports a variety of interface modules from third-party manufactures, such as HID, Mercury Security, STid, DDS, and more.
HID controllers. The HID controllers include the legacy VertX controllers (V1000 and
V2000), the VertX EVO controllers, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see Supported HID units in the Security Center Release Notes. To add a manufacturer extension to the Access Manager: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, select the Access Manager, and click the Extensions tab. For more information, see "Extensions" on page 513. 3 At the bottom of the extensions list (empty at the beginning), click Add an item ( If you only selected HID VertX, the procedure ends here. 5 Click the SMC extension you just added. 6 At the bottom of the Discovery Ports list, click Add an item ( ). 7 In the Discovery port dialog box, enter the port number configured for your SMC units and click Create. The port number must match the discovery port configured on your SMC units. The default value is 2000. Do not change the default value unless it is reserved by your IT department for a different purpose. 8 Click Apply ( ) to save your changes. ). 4 In the Add extensions dialog box, select the extension types you need and click Add.
"Add an HID unit manually" on page 262 "Add access control units using the Unit discovery tool" on page 265.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
261
This utility will scan a local network and report which HID units were found. You can then apply the units IP configuration, password, etc. Once the access control units are online and you have their IP addresses and passwords, you can then add the units manually in the Config Tool. To add an HID unit manually in Security Center: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view. 3 Click Add an entity ( ) > Access control unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
262
From the Network endpoint drop-down list in the Unit information tab, select the Access Manager that will manage the unit.
4 Click Unit type and select HID VertX. 5 Enter the IP address of the HID unit.
NOTE If the server hosting the Access Manager is behind a NAT, and the access control unit is not, you must click on the More button and specify the servers IP address.
7 Click Next. 8 Select a Partition where the access control unit should be added.
If no partitions were created, select the default Public partition. If there are partitions in your system, select the partition that will include the door(s), schedule(s), rule(s) cardholder(s) linked to this specific door controller.
For more information, see "Partition" on page 447, and "How is software security configured?" on page 89. 9 Click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
263
10 Review the Creation summary, and click Create. The Access Manager attempts to connect to the unit, and enrolls it in your system. Once the process has been successfully completed, a confirmation message appears.
11 Click close. Your newly created access control unit appears under the Access Manager it was assigned to in the Roles and units view.
NOTE It might take another minute or two before the unit can be used. It will undergo (automatic) synchronization. This process involves the Access Manager sending schedules, access rules, and cardholder information to the unit. The unit will save the information locally so that it can operate even if the Access Manager is unavailable.
For more information, see "Synchronization" on page 347. After you are done: To confirm whether the unit has successfully synchronized with Access Manager: 1 From the Roles and units view, select the access control unit that was just added. 2 Click the Synchronization tab, and check the date/time stamp of the Last update.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
264
To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 In the Unit discovery dialog box, click the Manufacturers button. 3 In the Configure manufacturers extensions dialog box, click the Access control tab, and click Add an item ( ). 4 Select the manufacturers you need, and click Add. 5 Click Save. 6 Click Start discovery ( ). The units discovered on your network are listed. Newly discovered entities are displayed with a yellow star. You can stop the discovery process at any time.
NOTE UPnP and Zero config protocols are also used for the discovery process. This means
that IP cameras supporting UPnP and Zero config might also be discovered during the scan.
7 To filter out the entities already enrolled in your system, click Investigation ( bottom of the dialog box, and click Show only new units. 8 Select a unit from the list, and do one of the following:
) at the
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
To change the discovery port of the unit, click Change discovery port (
).
If the login credentials are incorrect, click Manual add ( ) > Access control unit to add the unit manually, and provide the correct login credentials. See "Add an HID unit manually" on page 262.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
266
"Understanding unit synchronization" on page 267 "Synergis Master Controllers unique characteristics" on page 267
Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
267
Configuring doors
Configuring doors
In Security Center, a door entity refers to any physical barrier that can be controlled by an access control unit. Often, a door will represent a physical door, but it can also represent a gate or a turnstile. This section includes the following topics:
"Wiring doors to access control units" on page 268 "Create and configure your doors" on page 268 "Configuring a buzzer" on page 269 "Configuring readerless doors using Input/Output modules" on page 269 "Associate cameras to doors" on page 270
Card in/Card Out - 2 readers are required Card In/REX Out - 1 reader is required Readerless doors - No readers are required
To create a door in Security Center: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Door. 3 In the Creating a door wizard, enter the door name and description. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 268
Configuring doors
5 In the Door information page, assign names to the door sides (Inside/Outside, Secure/ Non-secure, Entrance/Exit, East/West). 6 To associate the door with the access control unit it is wired to, select a unit from the Access control unit drop-down list. 7 Review the Creation summary to make sure the configuration page matches the physical wiring done at the door. 8 Click Create and Close. For more information, see "Door" on page 404. After you are done:
To link an access rule to your door, see "Access rules" on page 409 To attach cameras to your door, see "Associate cameras to doors" on page 270 To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 408.
Configuring a buzzer
You can assign an access control unit output to sound a buzzer. This output is governed by the action Sound buzzer and Silence buzzer. Use the event-to-action mechanism for this. For example, the buzzer output can be used to prompt someone to shut a door when it is being held open. With an event-to-action, you associate the event Door open too long to trigger the action Sound buzzer. Then associate the event Door closed to trigger the action Silence buzzer.
NOTE Buzzer does not refer to the readers beeper, but an external buzzer that is wired to an output relay on the access control unit.
Fire exits - Locked from the outside, with a push-bar to open the door from the inside using
a REX.
Stadiums/Theatres/Arenas - Everyone must enter through the ticket booth but once the
event is finished, many exits become available to decrease congestion at the main entrance.
NOTES
No access rules need to be linked to the readerless door. For more information, see "Access
rules" on page 409. An unlock schedule can be assigned to the readerless door. For more information, see "Unlock schedules" on page 406.
269
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Configuring doors
A Security Center Federation role to connect to an external Security Center system with
cameras. For more information, see "Security Center Federation" on page 601. To link cameras to your doors: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the door entity to configure, and click the Hardware tab. 3 Below door side (A), click Associate a camera ( 4 From the Camera drop-down list, select a camera. If the camera has a PTZ motor, you can also include the PTZ preset number to ensure that the camera points towards the door. 5 To add another camera to the door side, click Associate a camera ( 6 Repeat Step 3 and Step 4 for door side (B). 7 Click Apply. ) again. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
270
"Why use the Walkthrough wizard?" on page 271 "Assigning doors to access control units using the Walkthrough Wizard" on page 272
You discover them with the HID Discovery GUI and configure their IP addresses. You wire them to the doors. You then enroll them with the Config Tool and they become part of your Security Center/Synergis system. You begin creating doors in the Config Tools Logical view.
And now, the challenge is to remember which controller is physically wired to which door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
271
To launch the walkthrough wizard: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and select the cardholder that corresponds to the credential youll be using for the wizard. 3 In the contextual commands toolbar, click Walkthrough wizard (
).
4 In the Door walkthrough wizard, select a walkthrough mode, and click Next. Real time. Credential reads are shown in real-time. If the building is large, this mode is best used with two installers. One installer runs the Config Tool, while the other walks around swiping the credential on the readers for the newly installed units. Reporting. Installation is done in two steps with one person. First you walk through the building in a pre-defined circuit, swiping the credential on readers for newly installed units. Security Center records these credential reads. Then you associate the list of discovered units to newly created doors. For this mode you set a time period during which the mode is active. Mixed mode. A combination of both real time and reporting mode.
5 Begin your walkthrough by presenting your card at each reader. As you present your card at each reader, the Walkthrough wizard notes which controller picked up the card read. In the Device discovery tab, all the access points that read your card are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
272
7 Review the Creation summary. 8 If the configuration looks correct, click Create. Your newly configured doors can now be found in the Config Tools Logical view. After you are done:
To link an access rule to your door, see "Access rules" on page 409 To attach cameras to your door, see "Associate cameras to doors" on page 270 To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 408.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
273
Configuring elevators
Configuring elevators
The elevator entity controls access to the floors of a building. When a cardholder uses a credential, the floor buttons to access those floors for which that cardholder is authorized, are enabled. This is achieved by controlling an output relay to enable the floor button. Floor tacking records the floor buttons pressed. It is achieved by monitoring inputs. This permits tracking reports for elevator usage in the Security Desk. For information about a units limitations with this feature, see the Security Center Release Notes. This section includes the following topics:
"Hardware for elevator control and floor tracking" on page 274 "Configuring elevator floors" on page 275
A reader in the elevator cab. Outputs that close relay contacts to enable the floor buttons. Inputs that record the floor buttons that have been selected (only necessary when the floor tracking is required).
HID VertX V2000 reader interface/ network gateway HID iCLASS Edge device HID VertX V1000 network gateway (in addition to a V100, up to 31 modules (V200 and V300) can be connected): HID VertX V100 reader interface module HID VertX V200 input module
4 2 Not supported
4 2
4 (including AC Fail and Bat Fail inputs) 18 (including AC Fail and Bat Fail inputs)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
274
Configuring elevators
12
Create an elevator
To create an elevator in the Config Tool: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Elevator. 3 In the elevator creation wizard, enter the elevator name and description. 4 If there are partitions in your system, select the partition where the elevator will be created, and click Next. 5 Enter the number of elevator floors, and click Create. The default floor entities are created. 6 To change a floor name, select the floor. 7 Make adjustments if necessary, and click Next. 8 Review the creation summary, and click Create and Close. The new elevator appears in the Logical views entity tree with its floors. It initially appears in red until it is fully configured.
9 From the Logical view, select the elevator, and click the Advanced tab. 10 Configure the elevator relay settings. See "Configure the elevator relay settings" on page 276.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
275
Configuring elevators
11 Click the Floors tab, and assign the access control unit to be used for the elevator, the reader, the outputs that enable the selection for a floor, and the cameras monitoring the elevator. For more information, see "Configure the elevator floors" on page 276. 12 Click the Access tab, and configure the access rules applied to the elevator floors, and scheduled periods when the elevator floors should be configured for free access (no credentials required). After you are done: You can configure event-to-actions based on events regarding this elevator. See "Using event-to-actions" on page 106.
Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
NOTE The access control unit relay output wiring must be made according to these settings (use the appropriate NO or NC relay contacts on the units).
The configuration dialog box is displayed to allow you to change the following: Type of reader (Wiegand vs. Clock & Data; Card only vs. Card and PIN) Set card and PIN mode with the schedule and access timeout.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
276
Configuring elevators
5 Under Floors, use the following buttons to add elevator floors or change their configuration:
. . . .
To delete the selected elevator floor, click To move the selected elevator floor up, click
To move the selected elevator floor down, click To modify the selected elevator floor, click .
6 From the Push button relay drop-down list, assign elevator floors to outputs. 7 From the Floor tracking drop-down list, assign elevator floors to floor tracking inputs.
NOTE On an access control unit dedicated to elevator control, all inputs can be used for floor
In the elevators Access tab, assign access rules to your elevator to determine which
cardholders can access which floors, and assign schedules to allow free access during certain times of the day. For more information, see "Access" on page 412.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
277
"Create an area" on page 278 "Add members to an area" on page 279 "Configure doors for an area" on page 279 "Configure antipassback" on page 280 "Configure interlock" on page 280
Create an area
To create a secured area: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity ( ) > Area. A new area appears in the Logical view. 3 Type a name for the area, and press ENTER. For more information, see "Area" on page 360.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
278
Click
at the bottom of the Members tab of the area entity, and use the Search tool that appears. For more information, see "Search for entities using the Search tool" on page 43. Use drag-and-drop to move or copy entities in the Logical view. For more information, see "Configuring the Logical view" on page 86.
1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Members tab. 3 Click Add an item ( ) at the bottom of the page.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
279
4 Select the doors you want as members, and click Select. 5 In the Doors section of the Members tab, set the doors as perimeter or captive doors.
For doors that represent entry or exit from the area, set the slider to Perimeter. For doors that are found within the area, set the slider to Captive.
6 To swap the door sides, beside the door, click the Swap door side button. 7 Click Apply.
Configure antipassback
Once your area has been created, and it contains at least 1 perimeter door, antipassback can be applied to your area. Please note that for areas made up of multiple doors, the antipassback logic will be applied to the perimeter doors but not the captive doors. To configure antipassback for your area: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Antipassback properties to ON, and Interlock properties to OFF. 4 Set the Type, Timeout, and Strict fields as required by your installation. For more information about these fields, see "Antipassback properties" on page 361.
IMPORTANT All doors participating in an antipassback area must be controlled by the same
Configure interlock
An interlock (also known as mantrap or airlock) is the logic applied to a group of doors stipulating that only one door can be open at any given time. This would typically be used in a passageway with at least two doors. The cardholder unlocks the first door, enters the passageway, but cannot unlock the second door until the first door has closed. To configure your area with interlock functionality: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Interlock properties to ON, and the Antipassback properties to OFF. 4 Assign an access control units input to activate either Override mode or Lockdown mode. 5 Click Apply. For more information about these fields, see "Properties" on page 361.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
280
).
Eg. Rule_Area or Door name_Schedule name. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. For more information, see "Partition" on page 447. 5 Select a schedule of when you want your rule to be active. The default is Always. For more information, see "Schedule" on page 463. 6 Click Next. 7 Review the Creation summary and click Create. 8 Select the access rule, and click the Properties tab. 9 Select a schedule, and grant access or deny access depending on your needs.
TIP Usually schedules are used to grant access through a door.
10 At the bottom of the page, click the add cardholders ( cardholders, or cardholder groups to your rule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
281
TIP It is recommended to add cardholder groups rather than cardholders, as this becomes much more manageable in large systems as new people arrive, and former people leave.
11 Click Apply. After you are done: Now that your access rule has been configured, you need to assign it to specific doors, or areas for the rule to be applied and to control physical access. Related topics:
"Access rules" on page 364, for areas "Access rules" on page 409, for doors
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
282
"Create a cardholder in Config Tool" on page 283 "Create a cardholder group in Config Tool" on page 284 "About the maximum cardholder picture file size" on page 284 "Import cardholders from a flat file" on page 284 "Importing cardholders from an Active Directory" on page 284 "Managing cardholders in Security Desk" on page 284
If you selected Create the credential for this cardholder now, continue with Step 8. If you selected Delay the creation of the credential for this cardholder, go to Step 9.
8 Choose whether to create the credential manually, or automatically and create their credential, and click Next. For more information, see "Create a credential in Config Tool" on page 285. 9 Review the Creation summary and click Create and Close. For more information, see "Cardholder" on page 395.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 283
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
284
Configuring credentials
Configuring credentials
Credentials are used by Security Center to identify who is requesting access through a secured access point. For access control to be operational, every cardholder must possess at least one credential. These are typically (but not exclusively) access control cards. For more information, see "Credential" on page 401. This section includes the following topics:
"Create a credential in Config Tool" on page 285 "Import credentials from a flat file" on page 287 "Importing credentials from an Active Directory" on page 287 "Enrolling credentials from Security Desk" on page 287 "Using custom card formats" on page 287
or with the Credential management task. For more information on the latter, see Credentials in the Security Desk User Guide. To create a new credential: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Credentials view, and click Credential ( ). 3 In the credential creation wizard, select manual or automatic credential creation. and click Next.
Manual credential creation. Involves entering the access control card number and facility code manually with your PC keyboard. Automatic credential creation. Involves presenting the card to a reader upon which it will be recognized by the system.
credential). The alternative is to assign the card number (printed on the face of the card) as the credential name. If a lost card is found, it can then be searched for quickly with this number. 5 If there are partitions in your system, select the partition in which the credential will be recognized, and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
285
Configuring credentials
For more information, see "Partition" on page 447. 6 In the Credential assignment page, assign the credential to a cardholder immediately, or create the credential but delay assigning it to a cardholder until later on.
If you selected Assign credential later on, click Next. If you selected Assign credential now, choose a cardholder from the Cardholder dropdown list, and click Next. If you initially chose Manual credential creation, select the credential type, and go to Step 12.
Card: Set the Card format, the Facility code and the Card number. PIN: Set the Code for the PIN.
If you initially chose Automatic credential creation, present the cards at a reader, and continue with Step 8.
8 In the Enrollment device section, select whether you will present the cards to a USB reader connected to your local workstation, or to a door reader from the drop-down list. 9 If you selected Door as the enrollment device, select an Access point. 10 Present the cards at the reader and you should see the cards value appear. 11 To enroll the card, select a card and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
286
Configuring credentials
TIP You can select multiple cards and enroll them at once by holding the CTRL key.
If the card has already been enrolled in the system, instead of seeing the cards value, you will see a message appear stating that The last discovered credential was discarded because it already exists. 12 If any custom fields have been created for credential properties, you are prompted to enter the custom field information. For more information, see "Custom fields" on page 335. 13 Review the Creation summary, and click Create and Close.
Ability to manually enroll a new card using a standard workstation keyboard, whereas a
card with an unknown format can only be enrolled using a card reader. Ability to view the card number in the Config Tool and the Security Desk, whereas data for unknown card formats cannot be displayed.
287
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Configuring credentials
Ability to import cards using custom formats with the Import tool. For more information,
see "Import tool" on page 657. Ability to enroll cards manually in bulk, without a card reader, using the Credential management task. For more information, see Credential management in the Genetec Security Desk User Guide.
Custom card formats are defined in Config Tool under the System entity. For more information, see Access control General settings "Custom card formats" on page 635.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
288
).
).
CR70 CR80 CR90 CR100 To create custom card size, click click OK. , enter the card name, width, and length, and then
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
289
10 Click OK.
Once the card size/format has been chosen, you can design the actual printing template. 11 In the Tools section, select a tool, and then click on the template to use it. There are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template. Rectangle tool. Use to draw a square/rectangle on the template. Ellipsis tool. Use to draw circles/ovals on the template. Text tool. Use to insert text on to the template. Image tool. Use to insert a picture on to the template. You can insert cardholder pictures, a background image for the card, and so on. Barcode tool. Use to insert barcodes on to the template.
12 If you added an image to the template, select the image to edit it using the options in the Image and Color and border sections. In the Image section, choose whether the image displayed on the badge uses a cardholder picture or an image from a file, and whether the image should be stretched or not.
Display the cardholders picture. Dynamic cardholder picture that changes, depending on which cardholder credential you are printing. This image field links to the value Cardholder picture in the configuration database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
290
TIP If a cardholders picture was taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you are creating a badge template that has an image in the background.
Select a picture from disk. Static image selected from a file. Fill. Use to modify the fill color of an inserted object like a square or oval. Border. Use to modify the border color of an inserted object. Opacity. Use to modify the opacity of an inserted object. Border thickness. Use to modify the thickness of the inserted objects border
In the Color and border section, you can use the following tools:
13 If you added text to the template, select the text to edit it using the options in the Text section. You can add dynamic cardholder fields, the date and/or time, or type specific text that will be static on the template. You can also edit the text, the text color, and the text alignment. 14 If you added a barcode to the template, right-click the barcode, and then click Properties to edit it. The data on the barcode can be static, or use dynamic credential properties.
15 In the Size and position section, select where the text, image, or barcode is located on the badge, and its width and height. 16 Click Apply. There are also other buttons available to help you edit the template:
). Import a badge template to use. ). Save your badge template. ). Copy the selected item on the badge template.
291
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Paste ( ) . Paste the copied item onto the badge template. Send to back ( ). Send the selected item to the background of the badge template.
This is option is helpful if you want to have a background image on the badge.
Bring to front (
Two different images have been inserted. One is dynamic, and the other is static:
The static image appears on the back of the card. It is the company logo that is displayed on every card. Three dynamic text fields have been inserted:
{Firstname} {lastname} appears on the front of the card. The text printed will be taken from the configuration database and we will see first name, (space), last name. {Firstname} {lastname} appears on the back of the card. This is the same as the name field on the front except with a smaller font size. {Cardholder.Department} Custom field that was created for the cardholder entity.
A barcode has been inserted, containing dynamic data. It displays the credential name,
using the barcode type Code 39.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
292
To see a print preview of what the printed cards will look like using this template: 1 In the Access control task, click the Credentials view. 2 Select the credential that you want to preview with a badge template, and then click the Badge template tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
293
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
294
11
Managing Synergis
This section explains advanced configuration techniques, and describes how to keep your access control system reliable, protected, and running smoothly. This section includes the following topics:
"Managing global cardholders" on page 296 "Viewing access control health events" on page 308 "Investigating access control unit events" on page 309 "Viewing IO configuration of access control units" on page 310 "Replace access control units" on page 311 "Replacing HID VertX 1000 units with SMC units" on page 312 "Troubleshoot HID discovery and enrollment" on page 314 "Finding out which entities are affected by access rules" on page 317 "Viewing properties of cardholder group members" on page 318 "Viewing credential properties of cardholders" on page 319 "How the Access troubleshooter tool works" on page 320 "Troubleshooting access points" on page 321 "Troubleshooting cardholder access rights" on page 322 "Diagnosing cardholder access rights based on credentials" on page 323 "Finding out who is granted access to doors and elevators" on page 324 "Finding out who is granted/denied access at access points" on page 325 "Troubleshoot door issues" on page 326
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
295
"What is global cardholder management?" on page 296 "How does global cardholder management work?" on page 296 "Rules and restrictions regarding GCM" on page 301 "Configuring global cardholder management" on page 303 "Operating on global entities" on page 305
Create global cardholders from a central location (for example your head office) and
synchronize them at remote Security Center systems that operate independently of the central system and of each other. Allow local Security Center administrators to decide what global cardholders can or cannot access at their local facilities. Allow local Security Center administrators make changes to global cardholders and their related entities, and propagate these changes to other sharing parties. Allow local system administrators keep exclusive ownership of their local cardholders and related entities, while sharing global cardholders with other systems.
Practically speaking, an organization that has multiple Security Center systems deployed at different locations can have these independent installations share information with a centralized human resource management system. Each local office continues to manage the employees working at their local office, such as maintaining the employee profile, photo ID, credentials, etc. For employees that need to travel from site to site, that same information can be shared among all sites within the organization.
"Architecture overview" on page 297 "What is the sharing host?" on page 297 "What is the sharing guest?" on page 298
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 296
"What is the Global Cardholder Synchronizer?" on page 298 "Differences between Federation and GCM" on page 299 "Differences between Active Directory integration and GCM" on page 300
Architecture overview
In order to share cardholders across multiple independent Security Center systems, one of the system must act as the sharing host, while the others act as sharing guests.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
297
The sharing host owns the master copy of the global partition and the entities that are in it. All changes made by the sharing guests to the content of the global partition must first be validated by the sharing host before they are propagated to other sharing parties. The global partition is like a central database, the sharing host is like the database server, while the sharing guests are like the database clients. There is no limit to the number of global partitions a host system can share.
In real time. The guest system is updated immediately when changes are made on the host
system.
On demand. The guest system is synchronized only when it is requested by a user. On schedule. The guest system is synchronized on schedule via a scheduled task. For more
information, see "Using scheduled tasks" on page 109. The guest-to-host synchronization is always performed immediately by the GCS role because all changes to the shared partitions must be validated by the host system before they can be accepted by the guest system. The host system processes the change requests on a first come first served basis.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
298
Purpose: Central activity/event monitoring Allows an organization to monitor from a central location (federation host), the access control events and activities at independent remote locations (federated sites). The federation host uses the Security Center Federation role to connect to the remote sites. Entities created at remote sites are federated at the central system. The federation host can observe, but cannot change anything on the remote sites. A federated site has no visibility on what is going on at the federation host or other federated sites. Almost all entities that generate events can be federated (monitored). Custom fields are not federated. A federated cardholder can be granted access to the facility managed by the federation host, but not the reverse.
Purpose: Sharing of a central configuration Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests). The remote sites use the Global Cardholder Synchronizer role to connect to the sharing host. Entities created at the central system are shared at the remote sites. The remote site can add, modify, and delete the entities that are shared by the host with all other remote sites (two-way synchronization). All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of the local entities. Only cardholders, cardholder groups, credentials, and badge templates can be shared. All custom fields and data types are shared. A global cardholder can be granted access to all facilities participating in the sharing.
Best practice: Federation and GCM are best used together on the same system to complement each other. For more information, see "Rules concerning federation and global entities" on page 302.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
299
Purpose: Centralized employee (users and cardholders) security management Allows an organization to manage the employee information from a central location, and share it with a single Security Center system (users and cardholders). The corporate directory service is the information source. Security Center gets the employee information from the corporate directory service. The Security Center system connects to the information source (directory service) via the Active Directory role. Custom fields defined on the Active Directory can be linked to Security Center custom fields. The shared employee information can only be modified on the Active Directory. Only the cardholder picture can be loaded in Security Center and updated on the Active Directory. The source information can only be shared with one Security Center system. If multiple Security Center systems need to share the same information, they need to connect individually to the corporate directory service.
Purpose: Centralized employee (cardholders) security management Allows an organization to manage the cardholder information from a central location, and share it with all Security Center systems within the organization. One Security Center system acts as the information source (sharing host), and shares it with all other Security Center systems within the organization (sharing guests). The sharing guests connect to the information source (sharing host) via the Global Cardholder Synchronizer role. All custom fields and data types are shared. The shared information can be modified by all sharing parties. The sharing host validates and propagates the changes to all sharing parties. The central Security Center system can share the cardholder information with as many satellite Security Center systems as necessary.
Best practice: Active Directory integration and GCM are best used in tandem. The sharing host should be the only system that integrates with the Active Directory. This solution keeps the Active Directory protected on the corporate LAN, while the sharing host only pushes the employee information that need to be shared to the satellite systems.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
300
"Rules concerning local and global partitions" on page 301 "Rules concerning local and global entities" on page 301 "Rules concerning global custom fields and data types" on page 302 "Rules concerning federation and global entities" on page 302 "Rules concerning Active Directory and global entities" on page 303
A global partition cannot be modified on a sharing guest, but its members can.
What the sharing guest is actually allowed to modify is subject to the privileges of user assigned to the GCS role.
No system is allowed to share what it does not own. Two-tier sharing is not permitted.
A corollary to this rule is that a local partition cannot be converted into a global partition if it contains global entities, unless it is performed on the host system.
Adding a local entity to a global partition transfers the ownership of that entity from its
local owner (sharing guest) to the partition owner (sharing host). Deleting a global entity on a sharing guest also deletes it on the sharing host, unless that entity also belongs to another global partition, in which case, only its membership is removed from the first partition.
Local access rules can apply to local and global cardholders alike.
Access rules are never shared. This ensures that local administrators always have full control over the security of their local facilities.
Global cardholders/groups can become members of local cardholder groups. Local cardholders/groups cannot become members of global cardholder groups.
An exception to this rule is when both entities belong to the same system. In this case, the local cardholder would not be shared, although the cardholder group is.
Both global and local credentials can be assigned to global cardholders. Global credentials cannot be assigned to local cardholders.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 301
Global credentials using custom card formats can be used and edited on the sharing guest.
However, the credential data would only be visible if the corresponding custom card format (XML file) is also defined on the sharing guest. For more information, see "Custom card format editor" on page 670. Best practice: It is always recommended to apply access rules to cardholder groups rather than individual cardholders. For this reason, it is recommended to share the cardholders along with their parent cardholder groups. If this is not feasible for any reason, then we recommend that you create a local cardholder group for the global cardholders.
Custom fields and data types defined for global entities are automatically shared when the Global and local custom fields remain separate even when they use the same name. They
are differentiated by their owner, which is the system that defines them. Global data types cannot be used to define local custom fields. Global entities custom field values can be modified on sharing guests. Global custom fields also apply to local entities, but their values stay local. Local custom fields also apply to global entities, but their values stay local. When a guest system stops sharing a global partition, all local copies of the shared global entities, and the local entities global custom field values are deleted. global entities are shared. Global custom field and data type definitions cannot be modified on the sharing guest.
Best practice: If you are to implement GCM within your organization, we recommended that you define all custom fields and data types for global entities on the sharing host.
If a sharing host also federates its sharing guest, only the local entities belonging to the
sharing guest are federated. The entities that are shared will not be federated on the sharing host. The sharing host which also happens to be a federation host should not share the entities it federates by adding them to a global partition because it does not own the federated entities. An entity can only be shared by its rightful owner. For the federated entities to become shared, the federated system has to become a sharing guest of the federation host. This will give the federation host the rights to share any of the federated entities.
A sharing guest which happens to federate a third system cannot share its federated entities
with the sharing host because it is not the owner of the federated entities. If a sharing guest is federated by another system, both its local and global entities will appear as federated entities on the federation host. For more information, see "Identification of federated entities" on page 128.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 302
Cardholders and cardholder groups imported from an Active Directory can be added to a
global partition on the sharing host.
Cardholders and cardholder groups imported from an Active Directory that is local to the
sharing guest cannot be added to a global partition because the Active Directory and the sharing host cannot both be owners of the shared cardholders. Global cardholders and cardholder groups imported from an Active Directory must only be modified via the directory service that owns them.
CAUTION Although it is possible to modify global cardholders and cardholder groups imported from an Active Directory on the sharing guest, these changes are temporary. You will lose the changes you made when the sharing host synchronizes with the Active Directory.
Best practice: If all cardholder data entry must be centralized, the system that imports cardholders from your corporate Active Directory should act as the sharing host, and all modifications must be made using the directory service. For more information, see "Importing cardholders from an Active Directory" on page 284.
"Global cardholder management setup prerequisites" on page 303 "Global cardholder management setup procedure" on page 304 "Configure a partition for sharing" on page 304 "Configure the Global Cardholder Synchronizer" on page 304
If the sharing host is protected behind a firewall, you need to open a port to allow the GCS
role to connect to the host system. For more information, see "Common communication ports" on page 777. Decide what types of updates the users on the guest systems are allowed to perform on the shared global partitions. You can limit their range of actions by restricting the privileges of the user representing the GCS roles on the host system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
303
d (Optional) Custom card formats are not shared. If you have shared credentials that use custom card formats, the credentials will work on your local system, but you will not be able to view the card data fields unless the custom card format in use is also defined on your local system. For more information, see "Custom card format editor" on page 670. e (Optional) Create a scheduled task to synchronize periodically your local system to the host. For more information, see "Using scheduled tasks" on page 109. 4 Repeat Step 3 for every sharing guest you have.
3 In the Specific info page, enter the following parameters, and click Next.
Server. Server where this role will be hosted. Directory. Sharing hosts main server name. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888. Username and Password. Credentials used to connect to the sharing host. The extent of what the sharing guest can do on the global partition will be limited by what this user can see and do on the sharing host. The user must have the Global Cardholder Synchronizer privilege on the sharing host in order to connect.
Synchronize automatically. Select this option to have the GCS to update the guest system immediately, every time a change is made on the host. We recommend to leave this option cleared (default) if you plan to make massive updates on the host.
4 In the Basic information page, enter the name, description, and partition where the GCS role should be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Global Cardholder Synchronizer ( to connect to the sharing host. 6 Click the Properties tab. The partitions shared by the host are listed under Global partitions. For more information, see "Properties" on page 558. 7 Select the partitions you want your local system to share and click Apply. 8 Click Synchronize now ( ). The GCS role will create a local copy of all shared entities on your system. This might take a while depending on how many entities you are sharing. After you are done: Configure the global entities you shared so they can be used on your local system. Also, consider setting the GCS role to synchronize automatically or to synchronize on a schedule. For more information, see "Using scheduled tasks" on page 109. ) role is created. Wait a few seconds for the role
"Start sharing an entity" on page 306 "Stop sharing an entity" on page 306 "Override the cardholder synchronization" on page 307
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 305
might be sharing it, even from the sharing host. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab. 4 In the Members section, select the entity you want to stop sharing, and click Remove ( 5 To confirm the action, click Remove. If this action is performed on a sharing guest, the entity is converted from a global to local entity. After you are done: Move the local entity to a local partition if it does not belong to any, so non administrative users can have access to it. ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
306
4 Make the necessary changes and click Apply. After you are done: Remember to turn the synchronization back on when the connection with the sharing host is re-established.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
307
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
308
the last week (for example, Hardware tamper), you can search for that event, and set a time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
309
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
310
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
311
The access control unit events logged in the Access Manager from the V1000 are not copied.
The events remain in the database, but you cannot search for them using the SMC unit. The following V1000 inputs and outputs are not cpoied to the SMC unit: V1000 - AC Fail, V1000 - Bat Fail, V1000 - Input 1, V1000 - Input 2, V1000 - Relay 1, and V1000 - Relay 2.
Before you begin Do the following: 1 Backup the Directory database from the Server Admin (see "Back up your role database" on page 57). 2 Physically disconnect the V1000 unit, and make sure it is offline in Security Center ( 3 Assemble and install the SMC and its hardware components. For information, see the Synergis Master Controller Hardware Installation Guide.
IMPORTANT You must set up the SMC with same interface modules that you disconnected from the V1000, or you will not be able to replace the V1000 with that SMC unit in Security Center.
).
4 Configure the SMC unit, and add it in Security Center. For more information, see the Synergis Master Controller Configuration Guide. To replace a VertX 1000 unit with an SMC unit: 1 From the Home page in Config Tool, click Tools > V1000 - SMC. 2 In the Connection dialog box, type your Security Center Username and Password, and then click Connect. 3 From the Offline V1000 units drop-down list in the Mapping tool, select the offline V1000 unit. 4 From the Available SMC units drop-down list, select the SMC unit to replace the old unit with.
NOTE The SMC unit is only available in the list if it is configured with the same number of interface modules as the V1000.
The ports used by the V1000 and SMC unit are listed in the Channel section, and the interface modules connected to those ports are listed below.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
312
5 If the interface modules are not pointing to the correct SMC ports, you must manually map the ports in the Channel section as follows: a For the interface modules that were previously connected to port A on the V1000, type the SMC port they are physically connected to (A-D). b Repeat Step a for the interface modules that were previously connected to port B on the V1000. 6 Click Apply. The V1000 configuration settings are copied to the SMC unit. 7 Click Close. 8 Remove the V1000 unit from Security Center as follows: a From the Home page open the Access control task. b Click the Roles and units tab, and then select the offline V1000 unit. c From the bottom of the Config Tool window, click Delete ( ).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
313
"Common discovery and enrollment issues" on page 314 "HID unit cannot be found with the discovery tool" on page 315 "HID unit enrollment issues" on page 315
Are the computers on which the Config Tool and Access Manager are running, behind a
firewall? Ports 4050 TCP and 4070 UDP must be unblocked. Has the HID VertX device extension been added to the Access Manager in the Server Admin? For more information, see "Extensions" on page 513. Has the HID extension properly loaded in the Access Manager? To validate: a Open console session to the Access Manager. Open a web browser and go to the URL http://(server name or IP)/Genetec/console
NOTE If you cannot connect to the console ensure that console access is enabled in the Server Admin, under the Genetec Server tab.
b Click the Commands tab at the top of the page. c Under the column User Commands on the left, expand Access Manager and click Status. d A status query will be sent to the Access Manager and the response will contain the extensions that are loaded. e Ensure that the following line is shown in the status results: HID VertX:4070 = X units.
Is the unit set to a static IP address? If so, then the DNS must also be set, otherwise the unit
might have issues enrolling or connecting. In the HID Configuration GUI, set the primary and secondary DNS to the appropriate values. If you do not know your networks DNS, set the units own IP address as the primary and secondary DNS server. To access the HID Configuration GUI, point a browser to the units IP address. Ensure no other application is blocking port 4070, 4050, and 20. Stop the Access Manager, and at the Microsoft Windows command prompt, run netstat -na.
Click Start, click Run, type cmd, and then click OK.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
314
Is the Host Name in the Advanced Setup of HID VertX web page not set or has more than
15 characters? If so, the unit cannot be discovered. Is the unit on the same network subnet as the PC on which the Config Tool is running? Discovery will only work within the same broadcast domain. Ensure no other application is already listening on ports 4070 and 4050. At the Microsoft Windows command prompt, run netstat -na. To open Command Prompt, click Start, click Run, type cmd, and then click OK. Ensure the firmware of the unit is up to date.
Unit cannot be enrolled. Unit is enrolled but its icon remains red. Unit connects and disconnects continuously. Unit begins enrolling and fails at 67%
Best practice: Use the following best practices to resolve HID unit enrollment issues.
Can you ping (check connectivity) and telnet (check credential) the unit from the machine
running the Access Manager? Proceed as follows: a Ping the unit. At the Microsoft Windows command prompt, run ping w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type ping w.x.y.z, and then click OK. A report is generated. It should show that no packets were lost. b Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z. Login to the unit. If the login is successful, there is connectivity to the unit. Is the unit on the same network subnet as the PC on which the Access Manager is running? If not, you can enroll this unit manually as long as you know its IP address. (The unit must be set to use a static IP address.) For more information, see "Add an HID unit manually" on page 262. Is the unit firmware up to date? Is the interface board firmware up to date? The required firmware version is shown in the Security Center Release Notes. Verify the network card binding and database configuration for the Access Manager is correctly set. For more information, see "Configuring the Access Manager role" on page 260 and "Access Manager" on page 511. Is the Access Manager behind a NAT? If so you must specify the translated host address for the Access Manager. For more information, see "Add an HID unit manually" on page 262.
315
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Verify that no other Access Manager is currently connected to the HID unit.
i Stop your Access Manager. (Config Tool > Role View > Deactivate) ii Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type telnet w.x.y.z, and then click OK. iii Login to the unit. (Default: user=root / password =pass) iv At the prompt, type netstat -na. A list of network connections is shown. There should be no one connected to port 4050.
Verify that any HID units (and connected interfaces) are wired to not generate tamper or
door held open alarms, access granted or access denied events. Tamper and door held open alarms will trigger repeatedly. Upon connection, any such alarms and events have to be downloaded from the unit which can slow-down the enrollment process. Symptoms of this is the unit is difficult to enroll, the unit connects and disconnects, or the unit beeps. The last solution is to upgrade the units firmware. Refer to the Security Center Release notes for a list of supported firmware versions or, contact Genetec Technical Assistance. For more information, see "Technical support" on page 869.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
316
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
317
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
318
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
319
Find out who has the right to pass through an access point at a given date and time. Find out which access points a cardholder is allowed to use at a given date and time. Find out why a given cardholder can, or cannot use an access point at a given date and time.
The Access troubleshooter is most accurate when examining an event that just occurred. When using the troubleshooter to investigate a past event (denied access, for example), keep in mind that the configurations might have changed since the event occurred. The troubleshooter does not take past settings into consideration. It only evaluates a situation based on the current settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
320
If you select a door, specify a door side. If you select an elevator, specify a floor.
5 Click Go. The active cardholders who have the rights to use the selected access point at the specified time, based on the current access rules, are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
321
5 Click Go. The access points that the selected cardholder (or visitor) has the right to use at the specified time, based on the current access rules, are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
322
If you select a door, specify a door side. If you select an elevator, specify a floor.
7 Click Go. The troubleshooter produces a diagnosis based on the current system configuration, taking into consideration the access rules, and both the cardholders and the credentials activation and expiration dates.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
323
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
324
To find out who is granted/denied access at an access point: 1 From the Home page, open the Cardholder access rights task. 2 Generate your report (see "Generate a report" on page 30). The cardholders associated with the selected access point through an access rule are listed in the report pane. The results indicate if the cardholder is granted or denied access, and by which access rule. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
325
"Request to exit events" on page 326 "Credential issues" on page 326 "Resolution of reader issues" on page 327
Credential issues
Issue: A credential does not work at a door or elevator, and the reason is unclear. Description: For a credential to be granted access at a given door side or to an elevator floor, a number of conditions have to be met. For example:
The credentials profile must be enabled The credential must be associated to a cardholder The cardholders profile must be enabled
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
326
There must be at least one access rule that specifically grants access for that cardholder or
the cardholders cardholder group. If these settings are not correct, access will be denied. Solution: The easiest way to determine what is the reason for denied access is to use the Access troubleshooter. For more information, see "Access troubleshooter" on page 652.
Ensure you are using the right type of card technology for the reader. For example, some Is the reader installed too close to another one? Readers emit an electromagnetic field that
can interfere with other readers located nearby. Test this by disconnecting the power to one reader and see if the other reader starts to operate correctly. Are you using the proper cable for the reader (see the reader and unit documentation for the maximum cable length and type)? Test this by connecting a spare reader directly to the unit with a short cable. If it works, change the cable. readers are multi-technology (can read 125 kHz and 13.56 MHz cards), other readers can read only one card type. Is the card defective? Try another card.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
327
Part V
AutoVu IP license plate recognition
Learn how to set up, configure, and manage your AutoVu system in Security Center. This part includes the following chapters: Chapter 12, Deploying AutoVu on page 329
12
Deploying AutoVu
AutoVu deployment is explained in a separate document, the AutoVu Handbook. Click the link below to open the most recent version of the AutoVu Handbook: http://downloads.genetec.com/SecurityCenter/5.2/SLA/AutoVu/EN.AutoVu Handbook 5.2 LA.pdf
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
329
Part VI
Config Tool reference
Learn about the entities, role types, tools, and utilities used in Config Tool. This part includes the following chapters: Chapter 13, Entity types on page 331 Chapter 14, Role types on page 510 Chapter 15, Administration tasks on page 611 Chapter 16, Tools and utilities on page 650 Chapter 17, User privileges on page 694 Chapter 18, Reporting task reference on page 711 Chapter 19, Events and actions in Security Center on page 744 Chapter 19, Keyboard shortcuts in Config Tool on page 764
13
Entity types
This section lists all Security Center entity types in alphabetical order. Each entity type is covered with a general description of its purpose and usage. The sub-sections describe each entity types configuration tabs and the settings they contain. This section includes the following topics:
"Common configuration tabs" on page 332 "Access control unit" on page 337 "Access rule" on page 349 "Alarm" on page 351 "Analog monitor" on page 357 "Area" on page 360 "Badge template" on page 365 "Camera (video encoder)" on page 368 "Camera sequence" on page 393 "Cardholder" on page 395 "Cardholder group" on page 398 "Cash register" on page 400 "Credential" on page 401 "Door" on page 404 "Elevator" on page 410 "Hotlist" on page 414 "Intrusion detection area" on page 421 "Intrusion detection unit" on page 423 "LPR unit" on page 426 "Macro" on page 429
"Monitor group" on page 432 "Network" on page 434 "Output behavior" on page 437 "Overtime rule" on page 439 "Parking facility" on page 444 "Partition" on page 447 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457 "Public task" on page 461 "Role" on page 462 "Schedule" on page 463 "Scheduled task" on page 469 "Server" on page 471 "Tile plugin" on page 480 "User" on page 482 "User group" on page 489 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
331
Identity
The Identity tab provides descriptive information on the entity and lets you jump to the configuration page of related entities. The sample screen shot below is that of a camera entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
332
Standard information
All entity types share the following standard attributes:
Type. Entity type. Name. Entitys given name. The entity name is editable, except in the following cases:
Server entities. The entity name corresponds to the machine name and cannot be changed.
Logical ID. Logical IDs are unique numbers assigned to entities for ease of reference in the
system (mainly for CCTV keyboard operations).
Federated entities. The entity name belongs to the original system and cannot be changed on the federation. Description. Optional descriptive text.
NOTE A logical ID must be unique across all entities of the same group. Entity types that are likely to be referenced within the same context are put in the same group. For example, cameras and public tasks belong to the same functional group, therefore, a camera and a public task may not have the same logical ID, but a camera and a camera sequence may. TIP You can view and edit the logical IDs of all entities in the system from one place. For more information, see System General settings "Logical ID" on page 625 in the Security Center Administrator Guide.
Relationships. List of relationships between this entity and other entities on the system.
You can use the command buttons found at the bottom of the relationship list to manage the relationships of this entity with other entities in the system.
Select a relationship group, and click Select a related entity, and click Select a related entity, and click
Specific information
Certain entity types may show additional information in this tab. For example, see Video unit "Identity" on page 495.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
333
Cameras
The Cameras tab allows you to associate cameras to the entity so that when it is viewed in Security Desk, the cameras are displayed instead of the entity icon. The sample screen shot below is that of a virtual zone entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
334
Custom fields
The Custom fields tab lets you view and modify the custom fields defined for this entity. The sample screen shot below is that of a cardholder entity.
In the above example, five custom fields have been defined for the cardholder entity, separated in two groups:
Employee information
Hire date Department Office extension Gender Home number Cellphone number (flagged as mandatory)
Personal information
For information on defining custom fields, see System General settings "Custom fields" on page 619.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
335
Location
The Location tab provides information regarding the time zone and the geographical location of the entity. The sample screen shot below is that of a video unit entity.
Time zone
The time zone is used to display the entity events in the entitys local time zone. In Security Center, all times are stored in UTC in the databases, but are displayed according to the local time zone of the entities. The local time of the entity is displayed below the time zone selection.
Location
The geographical location (latitude, longitude) of the entity has several different uses:
For video units, it is used for the automatic calculation of the time the sun rises and sets on
a given date. A typical application is for the system to record video only during daytime (for cameras placed outside), or to adjust the brightness of the camera based on daytime and nighttime. For more information, see "Schedule" on page 463. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated to the LPR unit on the map in Security Desk. For more information, see Hits and Reads investigation tasks in the Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
336
Properties (SMC) Connection settings and other parameters that cannot be configured using the SMC portal. Properties (HID) Portal (SMC) Network (HID) Peripherals Health Synchronization Custom fields Location Specific information about the HID unit and configuration of its subpanels. Connection to the web configuration interface (Controller Portal) of the SMC unit. Connection parameters used by the Access Manager to communicate with the HID unit. Configuration of the IO pins according to the features supported by the hardware. Applies to both SMC and HID units. Units health status. Applies to both SMC and HID units. Synchronization mode and command button allowing you to synchronize this unit with its Access Manager. Applies to both SMC and HID units. Custom field values for this unit. Time zone and geographical location of this unit.
Related topics:
"Access Manager" on page 511 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
337
Properties (SMC)
The SMC units Properties tab allows you to update the connection parameters after the unit has been discovered, such as the logon credentials.
Connection settings
The connection settings are correctly initialized at the time the SMC unit is enrolled in your system. Do not change these settings unless you changed them on the SMC using Controller Portal after the unit has been enrolled, or a Genetec representative instructs you to do so.
Web address. Web address for contacting Controller Portal. Username/Password. Logon username and password. Using DHCP. Do not change this parameter unless asked by a Genetec Technical Support
representative. This parameter is reset every time the Access Manager reconnects to the SMC unit.
Ignore web proxy. Select this option to instruct the Access Manager to ignore the Proxy
Server settings on the server currently hosting the role. Clear this option to instruct the Access Manager to follow the Proxy Server settings. (Default=cleared).
NOTE For an HID unit, the equivalent settings are found in the Network tab (see "Network
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
338
Discovered properties
Current settings returned by the SMC units. Click Upgrade to upgrade the SMC firmware. It is equivalent to the Firmware upgrade function found in the SMC Portal. See "Check and upgrade the SMC firmware" in the Synergis Master Controller Configuration Guide.
General settings
The following settings cannot be set through the SMC Portal. The settings here are pushed from Security Center to SMC during unit synchronization.
Mixed mode. Clear this option to set the SMC to operate in online mode (Default=mixed
mode).
NOTE If the connection to Access Manager is lost while in online mode, SMC will revert back to mixed mode.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
339
Properties (HID)
The Properties tab for HID shows specific information about the HID unit and allows you to configure its inputs, outputs, and subpanels (V100, V200, V300 if connected).
Unit information
This section shows the firmware version, model name, and serial number of the unit.
General settings
Mixed mode. HID units always operate in mixed mode. Monitor AC Fail. The AC fail input is being used to monitor AC failures or some other
general purpose.
Monitor battery fail. The Battery fail input is being used to monitor the backup battery or
some other general purpose.
Additional settings
In this section, you configure the units inputs and outputs according to how they are used.
Program version. The interface firmware revision number. EEPROM version. The interface EEPROM revision number.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 340
Set Card-in / Card-out if the door has two readers; Wire the door lock to the Strike Relay (Out 1) output and wire all door hardware to the Reader 1 side of the unit. The Strike Relay (Out 3) is available for any other use (for example, for a zone). Set Card-in / REX-out if the door has one reader on one side, and a REX on the other side. In this case, the unit can control two such doors:
Wire the first door with Reader 1 side of the unit and use Strike Relay (Out 1) to control the door lock. Wire the second door with Reader 2 side of the unit and use Strike Relay (Out 3) to control the door lock.
With an Edge device unit, this option is unavailable (it is Card-in / REX-out).
NOTE This configuration must correspond to the hardware assignments you make for the
Debounce. The amount of time an input can be in a changed state (for example, from active
to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).
Contact type / Supervision mode. Sets the normal state of the input contact and its
supervision mode. There are four preset configurations, and a custom one:
Preset: Normally closed / Not supervised. Preset: Normally open / Not supervised. Preset: Normally closed / 4-state supervised. Preset: Normally open / 4-state supervised. Custom. Allows you to set your custom range of values for Active and Normal input states.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
341
Minimum time (Action). Applies when the relay is being used as part of a zone (either
hardware or virtual). It establishes the minimum number of seconds the relay stays close when triggered by an event (for example Request to exit).
Minimum time (Access grant). Applies when the relay is actually being used to control a
locking device. The normal configuration is to open the lock when access is granted and to close the lock immediately after the door opens (Minimum time = 0). There are certain situations where the normal configuration would cause the door to be locked too soon (absence of a door sensor, or double doors). In those situations, a Minimum time must be set on the strike relay to keep the door unlocked after the system detects that the door has been opened (typically for the same duration as the Access grant time set on the door).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
342
Portal (SMC)
The SMC units Portal tab allows you to connect to the SMCs web-based interface (Controller Portal) for its configuration and maintenance.
Change the security password required to log on to the SMC unit. Configure the network settings on the SMC unit so it works on your system. Configure SMC to accept connections from specific Access Manager servers. Configure the properties of the interface modules attached to the SMC unit. Configure the access control behavior for SMC, in both online and offline modes. View the activity logs stored on the SMC unit. Test and diagnose the interface module connections to the SMC unit. View and export the SMC status and configuration. Upgrade the SMC firmware. Restart the SMC hardware or software. Update security clearance levels assigned to Security Center areas manually on the SMC unit when the connection to the Access Manager is lost.
For more information on what you can do through the Controller Portal, see the Synergis Master Controller Configuration Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 343
Network (HID)
The HID units Network tab allows you to configure the connection parameters for the Access Manager to communicate with the unit. These settings are correctly initialized at the time the HID unit is added to your system. Do not change these settings unless you changed them on the unit using the HID Discovery GUI after the unit has been enrolled, or a Genetec representative instructs you to do so.
Connection parameters
Username/password. Username and password used to log on to the HID unit. Use translated host address. Must be selected when there is a NAT router between the unit
and its Access Manager. The NAT routers IP address that is visible from the unit would be set here.
Obtain network settings dynamically (DHCP). Select this option if the HID unit will be
assigned its IP configuration by a DHCP server.
Use these static settings. Select this option and configure the IP address, Gateway and
Subnet mask manually if the access control unit will use a fixed IP address (recommended).
NOTE The equivalent settings for an SMC unit are configured through the SMC portal (see
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
344
Peripherals
The Peripherals tab allows you to give meaningful names to IO devices controlled by the unit so they are easier to identify. Additionally, you can assign a logical ID for each IO device.
Rename a device
To edit a units logical name, select a devices logical name (eg. V200 [02] Relay 1) and type over its existing name to something more meaningful (eg. V200 [02] - Door Bell). The (abc) button and (id) button at the bottom of the page can also be used to apply a logical name or logical ID number to one of the device peripherals.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
345
Health
The Health tab displays the memory usage on the unit.
Usage
You can monitor a units health and status:
Number of credentials. Indicates the number of credentials stored on the unit versus the
total number of credentials the unit can store, based on the available memory and the average number of bytes per credential.
Main memory. Available memory on the unit. This information is only available to HID
VertX units. For SMC units, a different set of information is available through the System status page in Controller Portal (see Viewing and exporting system information in the Synergis Master Controller Configuration Guide).
Secondary memory. Available secondary memory on the unit. This information is only
available to HID VertX units.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
346
Synchronization
The Synchronization tab allows you to configure the type of synchronization you want between the unit and its Access Manager.
A unit must be synchronized with the Access Manager database to allow it to work in offline or mixed mode. For synchronization, the Access Manager knows a units capacity, and fills it with as much information as possible so that the unit is optimized to run when it is offline, or in mixed mode. Synchronization management handles credential and IO linking rules. This can be set according to your needs. See "About unit synchronization modes" on page 348. This tab shows you the following information about this process:
Last update. Indicates the day and time of the last successful synchronization with the unit. Expiration date. Indicates the day and time when the unit will no longer be capable of fully
functioning in offline or mixed mode. This is due to the limited scheduling capability of the access control unit. You will need to synchronize before the expiration date to ensure that the unit will work in offline or mixed mode. The scheduling limit varies depending on the unit type:
HID VertX units expire after one year. Past the expiration date, the unit stops working. SMC units never expire because they fully support the scheduling schemes used in Security Center.
347
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
IMPORTANT Any synchronization errors are displayed in yellow. Pay attention to these errors to avoid any disruption in the operation. For example, HID VertX units are limited to 65,000 credentials. Exceeding this limit causes the synchronization to fail and the unit to be reset.
Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
348
Access rule
Access rule
The access rule entity defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
349
Access rule
Properties
The Properties page of an access rule links the 3 Ws: The Who, When and What. For example, All Employees, Office Hours, and Access Granted.
Schedule. Choose when this access rule is active. When the schedule is active . Select whether to grant or deny access from cardholders. Cardholders affected by this rule. Select the cardholders affected by this rule.
NOTE An access rule is not operational until it is associated to a door, elevator, or area.
Related topics:
For information about creating access rules for areas, see "Access rules" on page 364. For information about creating access rules for doors, see "Access rules" on page 409.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
350
Alarm
Alarm
The alarm entity describes a particular trouble situation that requires immediate attention, and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on. System: General Task: Alarms Alarms
Identity Properties Advanced Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Essential alarm priorities: priority, recipients, broadcast mode, and attached entities. Optional alarm properties: reactivation threshold, alarm procedure, schedule, automatic acknowledgement, and video display and recording options. Custom field values for this alarm.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
351
Alarm
Properties
The Properties tab allows you to define the essential alarm properties.
Priority
In Security Desk, alarms are displayed in the Alarm monitoring task by order of priority (this is evaluated every time a new alarm is received). The highest priority alarm is displayed in tile #1, followed by the second highest in tile #2, and so on. When two alarms have the same priority value, priority is given to the newest one. When a new alarm is received in Security Desk with a priority level identical or higher than the current alarms displayed, it pushes the other alarms down the tile list. When an alarm is acknowledged in Security Desk, it frees a tile for lower priority alarms to move up.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
352
Alarm
Recipients
An alarm recipient is either a user, user group, or analog monitor group. They receive the alarms in Security Desk.
IMPORTANT Make sure all the alarm recipients have the privilege to acknowledge alarms.
Broadcast mode
There are two ways alarm recipients can be notified:
All at once. (Default) All recipients are notified at the same time, immediately after the
alarm is triggered.
Sequential. The recipients are notified individually, each after a specified delay (in seconds)
calculated from the time the alarm is triggered. If the recipient is a user group, all members of the user group are notified at the same time.
Attached entities
The attached entities are what visually describe the alarm situation. The alarm entity has the characteristics of a composite entity. When displayed in Security Desk, you can cycle through all displayable entities (cameras, tile plugins, and so on) within the display tile, or unpack the alarm to display them all at once. For more information, see Unpack/pack tile content in the Security Desk User Guide. When a composite entity is attached to an alarm, the entities that compose it are also attached to the alarm. For example, if a door entity is attached to the alarm, the cameras associated to the door are also attached to the alarm.
Entity cycling
Entity cycling is a Security Desk feature that automatically rotates the display of a composite entity through its components within a display tile, displaying each entity for an equal amount of time. For more information, see Entity cycling in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
353
Alarm
When entity cycling is turned on in Security Desk, the order of the attached entities in the list is the order they will be displayed in Security Desk.
NOTE When the alarm is triggered by an event, the entity that caused the event is also attached to the alarm. That entity will be displayed first when the alarm is displayed.
Advanced
The Advanced settings tab allows you to configure the optional alarm properties.
Reactivation threshold
The minimum time Security Center needs to wait after triggering this alarm once, before it can trigger it again. This option serves to prevent the system from repeatedly triggering the same alarm while it is awaiting to be resolved.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
354
Alarm
NOTE The alarm procedure is also displayed as part of the entities attached to the alarm in Security Desk when entity cycling is turned on.
Schedule
The schedule defines when this alarm is in operation. This means that outside the periods defined by this schedule, triggering this alarm would have no effect.
Automatic acknowledgment
Turn this option on (default=off) to let the system automatically acknowledge this alarm if no one acknowledges it before the specified time (in seconds). This option is recommended for lowpriority alarms that serve to alert the security operator, but do not require any action.
NOTE Make sure that the recording buffer is equal to, or longer than the pre-trigger time you need for your alarm display. For more information, see "Time to record before an event" on page 523.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 355
Alarm
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
356
Analog monitor
Analog monitor
The analog monitor entity represents a physical monitor that displays video from an analog source, such as a video decoder or an analog camera. A video decoder is a device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. A video decoding unit can have multiple video decoders, each connected to an analog monitor. Each video decoder found on a video decoding unit is represented by an analog monitor entity in Security Center. System: Omnicast IP video surveillance Task: Video - Analog monitor
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. General behavior of the analog monitor.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
357
Analog monitor
Properties
The Properties tab lets you configure the video stream usage (or function) and specific network settings for the analog monitor.
Video
The video section contains various settings that affect the quality the video.
Stream usage. Select the video stream to use for cameras displayed in the analog monitor.
This option is only available for decoders capable of generating multiple video streams. The stream usage options are the following:
Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.
High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. Analog format. Select NTSC (National Television System Committee) or PAL (Phase Alternating Line) analog format for the video signal. PAL format generally streams video at a lower frame rate, but at a higher resolution.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
358
Analog monitor
Display camera name. Turn this option ON if you want the camera name to be shown
when it is displayed in the analog monitor in a tile.
Network settings
The Network settings section allows you to configure the desired connection type used by the video decoder.
UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, and TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Multicast. Communication between a single sender and multiple receivers on a network. This is the preferred connection type. In this mode, multiple users in multiple locations can receive the same video transmission simultaneously from a same source, using the bandwidth only once. Most video units are capable of multicast transmissions. UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
Hardware
The Hardware section allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this analog monitor. When the decoder is added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate the analog monitor to other devices, according to how they are physically connected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
359
Area
Area
The area entity, in its most generic use, represents a concept or a physical location (room, floor, building, site, and so on) used for the logical grouping of entities in the system. When Synergis is enabled in your license, an area entity can also be used to configure a secured area with access rules and access control behavior. System: General, Synergis (if secured areas are to be created) Task: Logical view
Identity Properties Members Access rules Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Antipassback and interlock properties for this area (Synergis only). Child entities of this area. Access rules applied to this area (Synergis only). Custom field values for this area.
Related topics:
"Managing threat levels" on page 117 "Managing the Logical view" on page 85 "Configuring secured areas" on page 278 "Configuring access rules" on page 281
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
360
Area
Properties
The Properties tab allows you define the optional area properties. Some these properties might not be visible depending on your license option settings.
Antipassback properties
Antipassback is the access restriction placed on a secured area that prevents the same cardholder from entering an area they have not yet exited, and vice-versa.
Area
Soft. Soft antipassback only logs the passback events in the database. It does not restrict the door from being unlocked due to a passback event.
Strict. When turned ON, antipassback logic is applied in both directions on the area.
Hard. Hard antipassback logs an entry in the database and prevents the door from being unlocked due to a passback event. Timeout. Set how many minutes until the passback event is automatically forgiven.
Cardholders that never left an area cannot enter, and cardholders that never entered cannot leave. Otherwise, the default is OFF and antipassback logic is only applied in one direction. Cardholders who never left an area cannot enter. When a hard antipassback event is triggered, it must be forgiven for the cardholder to unlock the door. It might be forgiven automatically due to a timeout value having been configured. Otherwise, the passback event can be forgiven by an authorized user with the Security Desk Monitoring task. For more information, see Monitoring access events About antipassback in the Security Desk User Guide.
CAUTION HID units support antipassback or interlock, but not both simultaneously.
Interlock properties
Security Center supports the interlocking of the perimeter doors for an area by allowing only one perimeter door to be open at one time. It is important that the door sensors detect when a door can be opened.
Status. Set the interlock properties feature to ON or OFF. When its status is set to ON, only
one member door of the area can be open at any given time. To open a door, all others must be closed.
Priority. An interlock override or lockdown button can be associated to this interlock. Override / Lockdown. Select an input to be used as a trigger for override or lockdown
mode.
CAUTION HID units support antipassback or interlock but not both simultaneously.
Threat levels
This section is only visible to administrative users, and if the Threat level license option is enabled. You can configure specific actions to be executed by the system when a threat level is activated or deactivated for this area. For more information, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
362
Area
Members
The Members tab shows the child entities of the area, grouped by entity type.
Areas are used as entity groupings in the Logical view. The area represented in the above sample screen shot would appear as the following in an entity tree.
For more information about adding members to an area, see "Add members to an area" on page 279.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
363
Area
Access rules
The Access rules tab is only necessary if you are configuring a secured area. This tab is only visible when Synergis is enabled in your license.
You assign one or more existing access rules that allow authorized cardholders to gain access to the area. For more information, see "Configuring access rules" on page 281.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
364
Badge template
Badge template
The badge template entity is used to configure a printing template for badges.
Related topics:
"Cardholder" on page 395 "Credential" on page 401 "Defining badge templates" on page 289
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
365
Badge template
Badge designer
The Badge designer is a tool that allows you to design and modify badge templates.
In the Badge designer, there are different tools you can use to edit a template:
In the Tools section, there are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template. Rectangle tool. Use to draw a square/rectangle on the template. Ellipsis tool. Use to draw circles/ovals on the template. Text tool. Use to insert text on to the template. Image tool. Use to insert a picture on to the template. Barcode tool. Use to insert barcodes on to the template.
In the Image section, you can choose whether the image displayed on the badge uses a
cardholder picture or an image from a file, and whether the image should be stretched or not. In the Text section, you can add cardholder fields, as well as edit the text, the text color, and the text alignment. In the Color and border section, the following options are available:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
366
Badge template
Fill. Use to modify the fill color of an inserted object like a square or oval. Border. Use to modify the border color of an inserted object. Opacity. Use to modify the opacity of an inserted object.
Border thickness. Use to modify the thickness of the inserted objects border In the Size and position section, you can choose where the text or image is located on the badge, and its width and height.
Properties (
). Opens the Format dialog box, where you can select from the following card sizes and orientation: CR70 CR80 CR90 CR100 Custom card size Orientation. You can choose Landscape or Portrait orientation. ). Import a badge template to use. ). Save your badge template. ). Copy the selected item on the badge template. ) . Paste the copied item onto the badge template.
Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge. ). Bring the selected item to the foreground of the badge template.
Bring to front (
For more information about creating badge templates, see "Defining badge templates" on page 289.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
367
Related topics:
"Configuring cameras" on page 209 "Camera sequence" on page 393 "Video unit" on page 494
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 368
Video
The Video tab allows you to define multiple video quality (resolution, frame rate, and so on) configurations for each video stream generated by your video encoder. For each stream, you can also specify its usage (or function) and specific network settings.
"Video quality" on page 370 "Stream usage" on page 373 "Network settings" on page 374 "Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
369
Video quality
Video quality refers to the various settings (image resolution, bit rate, frame rate, and so on) that affect the quality the video. Multiple video quality configurations can be defined for the same stream on different schedules. The list below describes all possible settings pertaining to video quality. These settings vary from one manufacturer to another. No single manufacturer supports them all.
NOTE For any setting not covered in this section, refer to the manufacturers documentation.
Resolution. Data format and image resolution. The available choices depend on the type of
video unit you have.
NOTE On certain models of video units that support a large number of video feeds (4 to 12), some high resolution formats might be disabled when you enable all the video streams, because the unit cannot handle all the streams at high resolutions.
Quality. Video quality depends on a combination of settings. Config Tool proposes a list of
predefined configurations for you to choose from. To adjust each of them individually, select Custom from the Quality drop-down list.
Bit rate. Sets the maximum bandwidth (kbps) allowed for this encoder. See also "Advanced
bit rate settings" on page 372.
Frame rate. This slider sets the number of frames per second (fps). A high frame rate (10
fps or more) produces fluid video and is essential for accurate motion detection. However, increasing the frame rate also sends more information over the network, and therefore, requires more bandwidth.
Image quality. This slider affects the image quality (the higher the value, the better the
quality). Higher image quality requires more bandwidth, which might compromise the frame rate. When bandwidth is limited, you should consider the following:
To retain very good image quality, restrict the number of images per second (lower frame rate).
To transmit more images per second at a high frame rate, lower the image quality. The encoder will always try to maintain each quality setting. However, if bandwidth is limited, the encoder might reduce the frame rate in favor of the image quality.
Automatic settings. Certain models of encoders (such as Bosch) let you select this option
instead of setting your own value for image quality. To set the image quality manually, you have to select Custom in the Quality drop-down list.
Key frame interval. A key frame is a frame that contains a complete image by itself as
opposed to a usual frame that only holds information that changed compared to the previous frame. You would need a higher key frame rate to recover more rapidly from cumulative errors in the video when the network is less reliable. Frequent key frames require a higher bandwidth. You can specify the key frame interval in seconds (1 to 20) or by frames (based on the frame rate).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 370
Recording frame rate. The purpose of this setting is to save storage space by recording the
video at a frame rate lower than the one used for viewing. This setting only reduces the storage usage, not the bandwidth usage. Setting the Recording frame rate to anything other than All frames locks the Key frame interval.
Profile and level. Used only for MPEG-4 streams, the profile determines the tools available
when generating the stream (for example, interlace, or B frames), and the level limits the resource usage (for example, max bit rate).
Video object type. The Video Object Type (VOT) to use for the MPEG-4 streams. The
available choices are governed by the choice of Profile and Level.
GOP structure. Stands for Group Of Picture structure. It is possible to configure up to four
types of GOP structures:
I. Stands for Intra frame structure. Meaning only Intra (key frame) frames are sent. This is primarily for using an external multiplexer. IP. Stands for Intra and Predicted frame structure. This setting results in the lowest possible video delay. IPB. Stands for Intra and Predicted and Bidirectional frame structure. This setting enables the user to have a higher quality and a higher delay.
IPBB. Stands for Intra and Predicted and Bidirectional and Bidirectional frame structure. This setting enables the highest quality and a highest delay. GOP length. Stands for Group Of Picture length. With this value, it is possible to change the distance (number of frames) between the intra-frames in the MPEG-2 video stream.
Streaming type. Select between VES (video elementary stream), which sends only video
information, or PRG (program stream), which sends both video and audio information.
Input filter mode. This drop-down list lets you select a noise filter to apply to the video
signal before it is encoded. It has four settings: None, Low, Medium, and High.
NOTE Removing noise from the video signal also reduces the sharpness of the image. If the
video signal is relatively clean, do not apply any filter (None). The higher the filter level, the more blurry the video image becomes. Keeping a sharp image creates more pixels to encode, which uses more bandwidth. This is why on some video units the default is set to Medium.
Bit rate control. This option lets the encoder automatically lower the bit rate when one of
the decoders is reporting transmission errors (dropped packets). This usually happens when there is a lot of motion on the camera. The encoder drops the bit rate as low as necessary to let all decoders receive an error free transmission. When the motion subsides, the encoder gradually increases the bit rate until it reaches the configured maximum limit. The trade-off between low bit rate and transmission errors is that with a low bit rate, the image stays crisp but the video might appear jerky, while with transmission errors, the image contains noises, but the video stays fluid.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
371
You have two values to choose from for the bit rate mode:
Variable. Variable bit rate (VBR) adjusts the bit rate according to the complexity of the
images in the video. This uses a lot of bandwidth when there is a lot of activity in the image and less bandwidth when the monitored area is quiet.
Constant. Constant bit rate (CBR) allows you to set a fixed target bit rate that will consume
a predictable amount of bandwidth, which will not change, whatever happens in the image. This requires you to set another parameter, the Bit rate priority.
The Bit rate priority lets you configure which aspect of video quality you wish to favor when you are forced to make a compromise.
Frame rate. Maintains the frame rate at the expense of the image quality. Image quality. Maintains the image quality at the expense of the frame rate. None. Lowers both the frame rate and the image quality to maintain the bit rate.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
372
Stream usage
The Stream usage options are only available for encoders capable of generating multiple video streams. It allows you to specify the usage (or function) of each stream.
Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211. stream in Security Desk is large. See "Automatic stream selection" on page 211.
High resolution. Stream used instead of the Live stream when the tile used to view the
NOTE Every stream usage must be covered by a stream, but not every stream needs to be assigned a usage. The streams that have no usage assigned are simply not generated, which conserves CPU on the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
373
Network settings
The Network settings options allow you to configure the desired connection type used by the video encoder.
UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, TCP, RTSP over HTTP, and RTSP over TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Unicast UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. Unicast TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is
374
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
RTSP stream over HTTP. This is a special case of TCP connection. The Archiver uses the RTSP protocol to request the stream through an HTTP tunnel. The stream is sent back through this tunnel using the RTP protocol. This connection type is used to minimize the number of ports needed to communicate with a unit. It is usually the best way to request the stream when the unit is behind a NAT or firewall, because requests sent to HTTP ports are easily redirected through them. RTSP stream over TCP. This is another special case of TCP connection. The Archiver uses the RTSP protocol to request the stream in TCP. The request is sent to the RTSP port of the unit.
Same as unit. Special case for Panasonic units. The connection type is the same for all streams of the unit. When present, it is the only connection type supported. The real connection type must be set in the specific configuration page of the unit. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each video encoder is assigned a different multicast address with a fixed port number. If the encoder is capable of generating multiple video streams, then a multicast address should be assigned to each stream. This is the most efficient configuration.
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder, because it will cause more traffic than is necessary on the network.
NOTE All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
375
The Record button ( ) is clicked by a Security Desk user. The Add a bookmark button ( ) is clicked by a Security Desk user.
See also "Common boost quality settings" on page 376.
The Start recording action was executed. The recording was triggered by an alarm. The recording was triggered by motion.
See also "Common boost quality settings" on page 376.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
376
The boosted quality settings you can configure are the same as the ones described in the section "Video quality" on page 370. When both sets of events are triggered, the event recording settings have priority over the manual recording settings. The duration of the quality boost depends on the type of event and the duration configured in the Recording tab of the camera. For more information, see Camera "Recording" on page 378. The ON/OFF switch tells the system whether the video quality should be boosted every time the triggering events occur (ON), or only on demand (OFF). When boost on demand is selected (switch=OFF):
You can demand the boost quality settings to be applied explicitly by executing one of the
following actions:
Override with manual recording quality. Override with event recording quality.
Once the boost quality settings are applied through an action, they have precedence over
any other settings currently in effect. To return to the normal settings, you must execute the following action:
For more information about executing actions, see "Using event-to-actions" on page 106.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
377
Recording
The Recording tab allows you to customize the recording settings on each individual camera instead of following the archiving role settings.
If the camera is associated to additional Auxiliary Archiver roles, roles, youll find one group of settings for each archiving role the camera is associated to. For each recording configuration, the camera can follow the settings inherited from the role or use its own custom settings. For more information on the rest of the recording settings related to:
An Archiver, see "Camera recording" on page 522. An Auxiliary Archiver, see "Camera recording" on page 544.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
378
Motion detection
The Motion detection tab allows you to define multiple motion detection configurations for your camera. Each configuration is based on a different schedule.
Motion detection. Turns motion detection ON or OFF for the time periods covered by the
schedule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
379
Detection is done on. Specifies whether motion detection is performed on the Archiver
(always available), or on the video unit (not all units support this feature). See also "Limitations with motion detection on unit" on page 385.
Sensitivity. Controls how much difference must be detected in a block between two
consecutive frames before it is highlighted as a motion block (see "Motion block" on page 380). With the sensibility set to the maximum (100%), the slightest variation in an image block is detected as motion. Lowering the sensitivity reduces the number of motion blocks detected in the video. Only set the sensitivity lower than 100% if your equipment is prone to generate noise.
TIP A plain image, such as viewing an empty wall, is more prone to generate noise than an image containing a lot of detail.
You can also set the sensitivity value automatically (see "Automatically set motion detection sensitivity" on page 381). See also "Advanced H.264 motion detection" on page 382.
Consecutive frame hits. A frame where the number of motion blocks reaches the Motion on
threshold is called a hit. Setting this parameter higher than 1 helps avoid false motion detection hits, such as from video noise in a single frame. This setting ensures that positive motion detection is only reported when a hit is observed over a certain number of consecutive frames. When enough consecutive hits have been observed, the first hit in the series is marked as the beginning of motion.
Motion zones. Defines where on the video image motion should be detected. Up to six
different motion zones can be defined per configuration. For the purpose of motion detection, the video image is divided into a large number of blocks (1,320 for NTSC encoding standard and 1,584 for PAL). Each of these blocks can be individually turned on/off for motion detection. A block where motion detection is turned on is represented by a semi-transparent blue square overlay on the video image. See "Drawing tools for motion zones" on page 383.
Motion block
A block is called a motion block when motion is detected in it. There is positive motion in a video image when the area covered by the block detects motion in two consecutive video frames. The number of motion blocks detected represents the amount of motion. A motion block is represented by a semi-transparent green square overlay on the video image.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
380
Motion on threshold. Indicates the minimum number of motion blocks that must be
detected before the motion is significant enough to be reported. Together with the Consecutive frame hits, a positive motion detection is made.
Motion off threshold. In the same way the Motion on threshold detects the beginning of
motion, the Motion off threshold detects the end of motion. Motion is considered stopped when the number of motion blocks drops below the Motion off threshold for at least 5 seconds.
CAUTION Light reflections on windows, switching lights on/off, and light level changes caused by cloud movement can cause undesirable responses from the motion detection algorithm, and thereby generate false alarms. Carry out a number of tests for different day and night conditions to ensure correct interpretation of the video images. For surveillance of indoor areas, ensure there is a consistent lighting of the areas during the day and at night. Uniform surfaces without contrast can trigger false alarms even with uniform lighting.
In the cameras Motion detection tab, select one of the following options from the Auto
calibrate drop-down list:
Current zone. Calibrate the sensitivity for motion detected in the currently selected motion zone on the video image. All zones. Calibrate the sensitivity for motion detected in all the motion zones on the video image. All motion. Calibrate the sensitivity for motion detected on the whole video image.
Different sensitivity values are tested to find the highest value without detecting motion in the image. This test accounts for any unwanted background noise that your camera may pick up and consider as motion.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
381
Custom. Allows you to customize your settings using the available sliders. Vector emphasis. Sets motion detection based on the difference in motion vector values
(movement) between consecutive frames.
Luma emphasis. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames. Depending on your unit, the Vector and Luma emphasis presets might not provide desirable results. If you find you are getting too many, or too few motion events, choose Custom from the Preset list and adjust the following slider values until you achieve desirable results. Values range between 0 and 100. The higher the value, the more motion is detected.
Luma weight. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames.
Chroma weight. Sets motion detection based on the difference in chroma (color) values
between consecutive frames.
Vectors weight. Sets motion detection based on the difference in vector values (movement)
between consecutive frames.
TIP Test your new settings with the View all motion mode.
Draws motion detection blocks one at a time. Erases the motion detection blocks one at a time. Draws a group of motion detection blocks. Covers the entire image with motion detection blocks. Clears all motion detection blocks. Interchanges the area with motion detection blocks with the area without. Lets the computer analyze what is typical motion in the image. When typical motion occurs, the motion detection blocks in the affected areas are turned off, so it can be ignored.
Learning mode
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
383
Test zone. The motion zone is displayed as blue overlays. The motion blocks are displayed as
green overlays. The number of motion blocks is updated in real time. When the number of motion blocks reaches the Motion threshold, it is displayed in red.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
384
Test all zones. In this mode, all motion zones are displayed at once, with the number of
motion blocks in each displayed separately.
View all motion. In this mode, the entire video image is tested for motion. All motion
anywhere on the image is displayed as motion blocks (green overlays). The total number of motion blocks is updated in real time. Use this mode to test the sensitivity setting for this camera.
Not all units support multiple motion detection zones. When switching motion detection
from Archiver to Unit, the existing zone configurations not supported by the unit will be lost. The unit might not interpret the Sensitivity parameter the same way as the Archiver. Therefore, when testing your motion zones, the results might not be accurately reflected in Config Tool. The Motion search task in Security Desk is not supported. playback.
NOTE Axis cameras however are exceptions. They do show the motion indicators in the
In most cases, the motion indicators (green bars) are not shown in the timeline during
timeline during playback when motion detection is performed on the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
385
Motion on. At the beginning of the motion period. Motion off. At the end of the motion period.
You can silence these events or replace them with the custom events of your choice using the Motion events dialog box (click the Events button to open it).
TIP One reason why you would want to use custom events is when you are using multiple motion zones. Each zone can be configured to detect motion in a different area of the cameras field of view and generate different events. Having different events allows you to program different actions to respond to different situations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
386
Color
The Color tab allows you to adjust the video attributes such as brightness, contrast, hue, and saturation, based on different schedules.
Click the Add schedule button to add an new color configuration. Click the Load default button to reset all parameters to their default values.
TIP A typical use of this feature is to automatically control the brightness and contrast based on ambient light. For more information, see "What is a twilight schedule?" on page 104.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
387
Visual tracking
Visual tracking is a Security Desk feature that allows you to follow an individual or moving object across different cameras and all within the same display tile. For more information, see Using visual tracking in Genetec Security Desk User Guide. The Visual tracking tab is where you configure this feature.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
388
Hardware
The Hardware tab allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this camera and configure specific hardware settings.
When the unit is initially added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate your camera to other devices, according to how they are physically connected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
389
PTZ configuration
If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. When you turn the PTZ switch on, additional settings appear.
Protocol. Protocol used by the PTZ motor. Serial port. Serial port used to control the PTZ motor.
Click to set the Idle delay, Idle command, and Lock delay parameters.
Enhanced PTZ. Turn this option on to enable the zoom-box and center-on-click PTZ
commands. For more information, see "Configure PTZ motors" on page 214.
Calibrate. Click to calibrate the PTZ. See "Calibrate the PTZ coordinates" on page 215.
NOTE Not all cameras require PTZ calibration.
PTZ address. Number identifying the selected PTZ motor on the serial port. This number
is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware.
Idle delay
The idle delay is used in two ways:
The idle delay defines the period of inactivity after which the PTZ is considered idle. When
a user starts moving the PTZ when it is idle, the PTZ activated event is generated. When the idle delay expires, the PTZ stopped event is generated. As long as there are users who continue to move the PTZ, the countdown timer continuously restarts.
The same idle delay value is also used specifically for the zoom operation on a PTZ.
Whenever a user starts to zoom the PTZ, the PTZ zoom by user event is generated. After the last zoom operation, when the idle delay expires, the PTZ zoom by user stopped event is generated. For a particular user, idle delay delineates a single zoom activity. A user who zooms several times, with each zoom activity taking place less than 120 seconds after the previous one, will generate only one PTZ zoom by user event, assuming the idle delay is 120 seconds. Then, if another user performs a zoom on the same PTZ before the idle delay has expired, the PTZ zoom by user event is again generated, logged to the second user, and the countdown timer
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
390
is restarted. Note that in this case, the PTZ zoom by user stopped event is only generated after the Idle delay has expired, and logged to the second user.
NOTE The PTZ activated and PTZ stopped events cannot be triggered by a programmed PTZ
action. The PTZ zoom by user and PTZ zoom by user stopped events cannot be generated due to automated PTZ functions such as presets or patterns, or by a programmed PTZ action.
Idle command
When the PTZ becomes idle (after the idle delay expires and the PTZ stopped or PTZ zoom by user stopped event is generated), this option determines the next action of the PTZ.
None. The PTZ remains idle until a user starts controlling it. Preset. The PTZ moves to a preset position when it becomes idle. Pattern. The PTZ motor starts a PTZ pattern when it becomes idle.
Lock delay
When a user controls an idle PTZ, the PTZ becomes implicitly locked for that user. The implicit PTZ lock prevents two users from fighting for the control of the same PTZ. The implicit lock lasts Idle delay + Lock delay seconds after the user has stopped using the PTZ. After this period, the PTZ automatically unlocks.
Camera tampering
Select this option to let Security Center process Camera tampering events issued by the unit. This setting is only available if the video unit is capable of detecting camera tampering. Typically, any dysfunction that prevents the original scene from being viewed properly can by treated as an attempt to tamper with the camera. This can be a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. You can control the sensitivity of the units alarm notification mechanism by specifying the Minimum duration that a dysfunction must last before the unit issues a Camera tampering event. Select the Alarm for dark images option if total obstructions are to be considered as dysfunctions.
Audio alarm
Select this option to let Security Center process audio alarms issued by the unit as Audio alarm events. This setting is only available if the video unit is capable of raising audio alarms.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
391
NOTE The Alarm level sets the value used to trigger audio alarms on the unit. A unit can be configured to issue audio alarms when the sound level rises above or falls below the set value. The alarm level can be set in the range 0-100%, where 0% is the most sensitive and 100% the least sensitive.
Image rotation
Use this setting to correct the orientation of the image when the camera is mounted upside down or at a 90 degree angle. The rotation options might vary depending on the model of the camera.
Lens type
Use this setting to select the lens type for cameras with interchangeable lenses. Depending on the selected lens type, you might have additional settings to configure, such as dewarping a fish-eye lens. For more information, see the Security Center Video Unit Configuration Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
392
Camera sequence
Camera sequence
The camera sequence entity defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. When displayed in a Security Desk, the camera sequence can be paused (stop cycling) and unpacked (showing all cameras at the same time). The cameras composing the sequence can be fixed, PTZ enabled, or federated. Each camera is given a preset amount of display time. Dome cameras can be configured to point to a preset position, to run a pattern, or to turn on/off an auxiliary switch. System: Omnicast IP video surveillance Views: Logical view
Identity Cameras Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Configuration of the cameras composing the sequence. Custom field values for this camera sequence.
Related topics:
"Camera (video encoder)" on page 368 "Creating camera sequences" on page 218 Viewing a camera sequence in the Security Desk User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
393
Camera sequence
Cameras
The Cameras tab allows you to configure the cameras composing the camera sequence. The order of the cameras in the list is the order they will be displayed in Security Desk. For information about creating camera sequences, see "Creating camera sequences" on page 218.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
394
Cardholder
Cardholder
The cardholder entity represents a person who can enter and exit secured areas using their credentials (typically access cards), and whose activities can be tracked.
Related topics:
"Badge template" on page 365 "Cardholder group" on page 398 "Credential" on page 401
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
395
Cardholder
Properties
The Properties tab shows the cardholders personal information and status. Additional information might be found in the Custom fields tab. For information about configuring cardholders, see Cardholder management in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
396
Cardholder
Picture
The Picture tab allows you to assign a picture to the cardholder. For information about editing cardholder pictures, see Assign a picture to the cardholder in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
397
Cardholder group
Cardholder group
The cardholder group entity is used to configure the common access rights and properties of a group of cardholders.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
398
Cardholder group
Properties
The Properties tab lets you view and configure the members of this cardholder group, and configure their common properties. Additional information might be found in the Custom fields tab.
Group available for visitors. Set this to ON if this group will be used for visitors Email address. Set an email address here for automated actions associated to the group Security clearance. (Only visible to administrative users) Set the security clearance level for
the cardholder group. A cardholder groups security clearance level determines their access to areas when a minimum security clearance level is required on areas by setting a threat level in Security Center. For more information, see "Set minimum security clearance" on page 122. Level 0 is the highest clearance level, with the most privileges.
Inherited from parent cardholder groups. The cardholder groups security clearance level is inherited from their parent cardholder group. When multiple parent cardholder groups exist, the highest clearance level is inherited.
Specific. Set a specific security clearance level for the cardholder group. Cardholders. Define the cardholder group members using the and buttons. Both individual cardholders and other cardholder groups can be members.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
399
Cash register
Cash register
The cash register entity represents a single cash register (or terminal) in a point of sale (POS) system. Cash register entities are created by the Point of Sale role. They identify the transaction data imported by the Point of Sale role from an external POS system. Security Center can link Omnicast cameras to cash registers to provide video support to help security officers in their investigations. For more information, see Transactions in the Security Desk User Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see Enable Point-of-Sale plugin in the Security Center Installation and Upgrade Guide.
Related topics:
"Point of Sale" on page 595 Transactions in the Security Desk User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
400
Credential
Credential
The credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Credentials are really claims of identity. A credential distinguishes one cardholder from another.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
401
Credential
Properties
The Properties tab lets you configure the credential information and status. Additional information might be found in the Custom fields tab.
Credential information
This section identifies the details of the credential itself. If the credential is an access control card, the format, facility code and card number will be shown.
Cardholder. Displays the cardholder this credential is associated with. The cardholder can
be changed if required.
State
This section shows whether the credential status is active or Inactive/Lost/Stolen/Expired. It also displays the date and time when the credential was attributed to this state. Expiration - An expiration date/time can be set here so the credential expires automatically on a certain date and time.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
402
Credential
Badge template
The Badge template tab defines the default badge template associated to this credential.
The badge template tab allows you to preview what the credential will look like when printed using any specific badge template. You can also print the card credential.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
403
Door
Door
The door entity represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default A and B. Each side is an access point (entrance or exit) to a secured area.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Elevator" on page 410
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
404
Door
Properties
The Properties tab allows you to configure the general behavior of the door.
Standard grant time. Amount of time the door is unlocked after an access granted event is
generated.
Access time. Amount of time the cardholder has to cross the entry sensor, in addition to the
Standard grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor.
EXAMPLE If the Standard grant time is 5 seconds, and the Access time is 5 seconds, the
cardholder has a total of 10 seconds to cross the entry sensor of the door.
Extended grant time. For cardholders with the property extended grant time turned on,
the amount of time the door is unlocked after access is granted.
Extended access time. For cardholders with the property extended grant time turned on,
the amount of time the cardholder has to cross the entry sensor, in addition to the Extended grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor.
EXAMPLE If the Extended grant time is 10 seconds, and the Extended Access time is 10
seconds, the cardholder has a total of 20 seconds to cross the entry sensor of the door.
Trigger a door open too long event. The event door open too long will be generated after
this duration.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 405
Door
Ignore door forced open events. Ignore door forced open events. Unlocked for maintenance. Door is unlocked, and possibly pinned open for maintenance
purposes. Do not generate the normal events when in maintenance-mode. The values in the Request to exit section are generally used to decrease the number of false Request to exit events at a door.
Time to ignore Request to exit after granted access. Ignore any requests to exits for this
long after access has been granted.
Unlock on request to exit. Set to ON if a REX is being used, and you want to automatically
grant the request to exit.
Ignore Request to exit events while door is open. Do not generate REX when door is
open.
Time to ignore Request to exit after door closure. Once the door has closed, wait this
long before generating any more Request to exit events.
Unlock schedules
Unlock schedules represent scheduled periods when the door should not be used for secured access. It is unlocked, and no access rules are in effect.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
406
Door
The main door of the office should be unlocked from 9:00 AM-12:00 PM, locked from 12:00 PM - 1:00 PM, and unlocked again from 1:00 PM - 6:00 PM.
Click the add button below Unlock schedules to apply free access periods. Click the add button below Exceptions to unlock schedules to apply controlled access
periods.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
407
Door
Hardware
The Hardware tab allows you to configure the physical wiring relationships between the access control unit and the door, and associate cameras to door sides.
Match each one of these functions to correspond with the physical wiring done on the controller and door.
EXAMPLE The physical door has the following installed:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 408
Door
A reader wired on door side A A REX wired on door side B A strike relay on the door lock A door sensor An auxiliary relay wired to a buzzer
In Config Tool, the door entity must have Card-In/REX out configuration. Door side A can be named Entry, and door-side B can be named Exit.
Access rules
The Access rules tab displays the access rules applied to this door.
In the example above, we can see that an access rule called Employees only is applied to the Entry side of the door but no rule is applied to the Exit side because of a Request to exit device.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
409
Elevator
Elevator
The elevator entity provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.
CAUTION To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit used for elevator control cannot be shared for any other purpose.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Door" on page 404
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
410
Elevator
Floors
The Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk.
Preferred unit. Assign an access control unit to manage this elevator cabs panel. Elevator cab reader. Assign a reader interface to be used inside the elevator cab. Camera. Select a camera to monitor this elevator in Security Desk. Floors. Assign push button relays and inputs to the elevator floor buttons.
Push button relay. Assign output relays to the different elevator floor buttons. Access granted events cause an output relay to close, which enables the button-push to request a certain floor. Floor tracking. (Optional) Assign inputs to elevator floor buttons. When you assign inputs, Security Center can take note of which floor button was pushed. , delete , and
The floor configurations can be added, deleted, or modified with the add buttons at the bottom of the page.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
411
Elevator
Access
The Access tab lets you configure the access rules applied to each of the elevator floor, and determine when access to floors is controlled and when free access to elevator floors is available.
Access rules. Select access rules to determine which floor buttons are enabled, when, and
for which cardholders. Different access rules can be applied to different floors, or applied to all floors. In the example above, the access rule Weekdays applies to all floors.
Exceptions. Determine if there are any exceptions to the access rule you set.
Schedule. Select a schedule when the exception applies. Floor. Select which floors the exception applies to.
Mode. Select whether access to the elevator floor is free or controlled during the exception schedule. In the example above, controlled access is used when the office is closed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
412
Elevator
Advanced
The Advanced tab lets you configure the advanced behavior of this elevator.
Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
413
Hotlist
Hotlist
The hotlist entity defines a list of wanted vehicles. Each vehicle in the list is identified by a license plate number, the license plate issuing state (or province, or country), and the reason why the vehicle is wanted (for example, Stolen, Wanted felon, Amber alert, VIP, and so on). Additional vehicle information can include the model, the color, and the vehicle identification number (VIN). Hotlists are used by both the AutoVu Patroller and the AutoVu LPR Manager role to check against license plates captured by LPR units to identify vehicles of interest. The hotlist entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include overtime, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a plate read matches a plate on a hotlist, it is called a hotlist hit. System: AutoVu IP license plate recognition Task: LPR Hotlists
Identity Properties Advanced Name, description, logical ID, and relationships of this entity with other entities in the system. Configure the basic parameters of the hotlist, including: assigning priority to a hotlist, and the location and attributes of the hotlist data file. Configure the advanced parameters of the hotlist, including: assigning color, sound, email address for notifications, and enabling hotlist and permit editor support. Custom field values for this hotlist.
Custom fields
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
414
Hotlist
Properties
The Properties tab is where you configure the basic properties of the hotlist (hotlist priority, hotlist path, attributes, and so on). These settings tell Security Center how to parse the hotlist file into the format required by the Patroller and the LPR Manager to identify plates read by Sharp units. For more information on how to configure hotlists, see Configuring hotlists in the AutoVu Handbook.
Priority. Choose a hotlist priority. Zero (0) is the highest priority setting and 100 is the
lowest priority setting. This setting is used to resolve conflicts when a plate read matches more than one hotlist, in which case the hotlist with the highest priority is displayed first in the list of hotlist matches.
Hotlist path. Type the path or browse to the hotlist text file. Every hotlist entity in Security
Center must be associated with a text file containing the actual hotlist data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computers local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and youll need to type the username and password to access the network drive.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
415
Hotlist
Use delimiters. Tells Security Center that the fields in the hotlist file are of variable length
and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your hotlist file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
If your hotlist file uses Tab as a delimiter (i.e. the Tab key on your keyboard), type the word TAB as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your hotlist file or Security Center may not be able to parse the hotlist.
Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor. Only the first 100,000 rows of a hotlist are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields in the source text file. From the Attributes area, you can add, delete, or edit the data fields (attributes). Security Center includes the following default attributes:
Category. (Mandatory field) Reason why a license plate number is wanted. For example: Scofflaw, Stolen, Amber alert, Wanted felon, and so on. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. Patroller uses the PlateNumber to match against a plate read. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional. If there is no start or end date for the hotlist, you can delete these fields, or simply leave them blank.
EffectiveDate. Date at which the hotlist starts to be effective. ExpiryDate. Date after which the hotlist is no longer valid.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
416
Hotlist
The hotlist text file must include Category, PlateState, and PlateNumber fields. For this reason, these fields already appear in the attribute list and cannot be deleted from the list. There cannot be any spaces within an attribute name.
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Add ( ) or Edit ( ) a hotlist attribute. Configure the following:
Name. Name of the field. It may contain spaces. Only the three compulsory fields, Category, PlateState and PlateNumber cannot be renamed. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimeters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimeters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is yyyy-MM-dd. Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, CarMake, and CarColor. AMBER;QC;DEF228;TOYOTA COROLLA;GREEN STOLEN;QC;345ABG;HONDA CIVIC;BLUE STOLEN;QC;067MMK;FORD MUSTANG;YELLOW STOLEN;QC;244KVF;LEXUS IS350;SILVER
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
417
Hotlist
Advanced
The Advanced tab is where you configure the advanced properties of the hotlist (the color, sound, download frequency, and so on). These properties are not required for all hotlists, but allow you to customize certain hotlists for specific scenarios. For more information on how to configure hotlists, see Configuring hotlists in the AutoVu Handbook.
Color. Assigns a color to a hotlist. When you choose a color, the map symbol that marks
the location of the hotlist hit in Security Desk and Patroller, as well of the Hotlist Hit and Review Hits screen in Patroller, appears in that color.
Use wildcards. Indicates that the hotlist contains wildcards (partial license plate numbers).
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Wildcard hotlists are used in situations where witnesses did not see, or cannot remember a complete license plate number. This allows the officer to potentially intercept vehicles associated with a crime, which otherwise would not have been detected using standard hotlists. Best practice: If using a wildcard hotlist, use the following best practices:
Do not use more than one wildcard hotlist per Patroller. By default, hotlists are applied at the LPR Manager level. Use only one wildcard hotlist per LPR manager role.
418
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Hotlist
Limit the number of entries to 100 plates. An asterisk (*) in the data file indicates a wildcard. Only the PlateNumber field accepts wildcard characters. If the asterisk is found in any other field, it is considered as a normal character. The PlateNumber field is limited to two wildcard characters. If you select Use wildcards, Patroller ignores all hotlist entries that do not contain a wildcard, or that contain more than two wildcard characters. It is the number of wildcards in the PlateNumber field, and not the location of the wildcard, that determines how many mismatched characters are allowed before a match can occur. The position of the wildcards cannot be enforced because, typically, when witnesses report a partial plate number, they do not remember the position of the characters they missed. The sequence of the normal characters in the PlateNumber is respected, such that the three patterns S*K3*7, **SK37, and SK37** are equivalent.
EXAMPLE If a wildcard hotlist contains the PlateNumber entry S*K3*7:
Plate reads NSK357 and ASDK37 will generate a hit because both reads have no more than two mismatched characters (in red) and the sequence SK37 is respected. Plate read SUKA357, will not generate a hit because it contains three mismatched characters (in red).
Plate read SKU573 read will not generate a hit because the sequence of characters SK37 is not found in the read. Covert. Set the hotlist to a covert hotlist. When you choose this setting, Patroller users are not alerted when a hit occurs. Only users with sufficient privileges can view covert hits in Security Desk.
Email address. Set hotlist email notifications. When the hotlist youre configuring
generates a hit, Security Center sends an email to the address you specify.
IMPORTANT For this feature to work, the SMTP configuration must be set up in the Server
Admin and the Email notification option must switched to ON in the Config Tools LPR Manager Properties tab.
Sound file. This indicates which sound Patroller should play when a hotlist hit occurs. If
you leave this field blank, Patroller plays its default sounds. The path (you must include the filename) indicates the files location on the Patroller in-vehicle computer. You can copy sound files to the in-vehicle computer manually, or use the Security Center updater service to push new sound files to Patroller as you would a hotfix. Only .wav files are supported.
Override privacy for emails. Bypasses any privacy settings you applied at the Directory
level (see "Applications" on page 640), and sends an email with real LPR data to the Email address you specified for this particular hotlist.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
419
Hotlist
Disable periodic transfer. Turns off periodic transfer of hotlist modifications to the
Patroller computer. When this setting is off, hotlist changes are only downloaded to Patroller when the user logs on to the application. This option requires a wireless connection between Patroller and Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
420
Related topics:
"Enroll an intrusion panel" on page 156 "Create an intrusion detection area" on page 159 "Intrusion Manager" on page 563 "Intrusion detection unit" on page 423
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
421
Properties
The Properties tab shows the properties of the intrusion detection area as configured on the intrusion detection unit.
Property description
Physical name. Name of the intrusion detection area (sometimes called zone or partition)
as it is configured on the physical intrusion panel. Changing the entity name of the intrusion detection area will not change its physical name.
Intrusion detection unit. Entity name of the intrusion detection unit (intrusion panel)
where this area is configured.
Devices. Name and description of the inputs defining this intrusion detection area.
TIP You can assign meaningful names to input and output devices of the intrusion detection unit from the units Peripherals tab. For more information, see "Edit intrusion detection unit peripherals" on page 158.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
422
NOTE Security Center currently supports both Bosch GV2/GV3 series and Honeywell Galaxy Dimension intrusion panels. Only the configuration of Bosch intrusion panels is described in this manual. For the configuration of Honeywell intrusion units in Security Center, see the Honeywell Galaxy Control Panel Integration User Guide, found in the Documentation\Controllers folder of your Security Center installation package.
Related topics:
"Enroll an intrusion panel" on page 156 "Intrusion Manager" on page 563 "Intrusion detection area" on page 421
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
423
Properties
The Properties tab allows you to configure the hardware-specific options for this unit.
Clear logs after download is completed. Select this option to erase the log from the
intrusion panel once it is downloaded to Security Center.
NOTE You might not want Security Center to erase the logs on the intrusion panel if the panel
Interface type. The interface type cannot be changed after the entity is created. If you need
to change the interface type, you need to delete the entity and re-create it. For more information, see "Enroll an intrusion panel" on page 156. For the serial interface, you can change the port number. For the IPv4 interface, you can change the IP address of the intrusion panel and its connection port.
Clock synchronization. Select Automatic synchronization if you want the clock on the
intrusion panel to be synchronized with Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
424
Peripherals
The Peripherals tab lists all peripherals (inputs pins and output relays) connected to the intrusion detection unit. For more information about editing intrusion detection unit peripherals, see "Edit intrusion detection unit peripherals" on page 158.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
425
LPR unit
LPR unit
An LPR unit is an IP-based license plate recognition (LPR) device. An LPR device converts license plate numbers cropped from camera images into a database searchable format. Typically, an LPR unit includes two cameras: an LPR camera that produces high resolution close-up images of license plates; and a context camera that produces a wide-angle color image of the license plate and the vehicle. AutoVu Sharp is the LPR unit used in Security Center AutoVu solutions. The Sharp includes license plate capturing and processing components, as well as digital video processing functions, enclosed in a ruggedized casing. Sharps can be deployed in mobile and fixed installations. A mobile installation is where the Sharp is mounted on a vehicle and is integrated into AutoVu Patroller (the in-vehicle software of the AutoVu LPR system), which in turn is integrated into Security Center. A fixed installation is where the Sharp is mounted in a fixed location, such as on a pole, and integrated directly into Security Center. The LPR Manager automatically detects Sharps on the network and adds them to the Security Center system. It detects mobile Sharps through the AutoVu Patroller system they are connected to. It detects fixed Sharps directly through the Security Center discovery port. System: AutoVu IP license plate recognition Task: Role view (under the LPR Manager roles and Patrollers)
Identity Properties Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Unit properties such as manufacturer, model, firmware version, network settings, and authentication password. Custom field values for this LPR unit. Time zone and geographical location of this unit.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
426
LPR unit
Properties
The Properties tab displays hardware and software information about the Sharp unit, such as the IP address and port being using. You can also associate a specific hotlist to the Sharp, or link the LPR camera in the Sharp to an Omnicast camera, or the Sharp's own context camera.
Properties. Displays hardware and software information about the Sharp unit:
IP address. IP address of the Sharp unit. Port. Port used by the LPR Manager to communicate with the Sharp unit. Version. AutoVu PlateReaderServer software version running on the unit. Type. Unit hardware version. Serial number. Unit factory installed serial number.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
427
LPR unit
Applications. Displays which Updater service and Firmware versions are running on the
Sharp.
Devices. Link the LPR camera to an Omnicast camera. File association. Select how the Sharp behaves with hotlists:
Inherit from LPR Manager role. The Sharp uses the hotlists associated with its parent LPR Manager. This is the default setting. Specific. Associate specific hotlists with the Sharp unit. This allows you to create Eventto-actions in Security Desk that trigger on that specific hotlist. For example, if youre using the Sharp to allow access to a parking lot, you would put the vehicle plates on a hotlist, and then associate that hotlist to the Sharp.
NOTE To reboot a fixed Sharp, click the Reboot button found on the Contextual command toolbar at the bottom of the Config Tool window. If the Reboot button is not visible, log on to the <Admin Tool>s Configuration page, and then select Accept remote reboot requests.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
428
Macro
Macro
The macro entity encapsulates a C# program that adds custom functionalities to Security Center. Macros can be executed either manually or automatically. When automated, it is loaded as a background process and executes when a set of conditions are met.
Related topics:
"Using macros" on page 110 "Tile plugin" on page 480 "Monitoring the status of your system" on page 177
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
429
Macro
Properties
The Properties tab provides a basic text editor for you to write your C# code.
Checking syntax
Click this button to validate the C# code. If errors are found in the code, they are listed in a dialog box with the line and column numbers where they are found.
NOTE Security Center prevents a macro that has errors from being saved. If a macro has errors,
and you change tabs, it is rolled back to its last error free version.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
430
Macro
By declaring mutators, your macro will have an execution context that can be configured in the Default execution context tab. If a macro is run without specifying an execution context, the default execution context is used. This is always the case when a macro is launched from the Contextual commands toolbar in Config Tool. The default execution context can be overridden by specifying your own context.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
431
Monitor group
Monitor group
The monitor group entity is used to configure the properties of a group of analog monitors.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
432
Monitor group
Monitors
The Monitors tab lets you add multiple analog monitors to the monitor group. Later, when you create alarms, you can add a monitor group and its members as a recipient of the alarm. See "Configuring analog monitors" on page 220.
IMPORTANT The order of analog monitors in the monitor group list is important. If you add more than one analog monitor to the monitor group, the first analog monitor in this list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in this list will receive all the other alarms.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
433
Network
Network
Network entities are used to capture the characteristics of the networks used by your system so that proper stream routing decisions can be made. Unless your entire system runs from a single private network without communicating with the outside world, you must configure at least one network entity other than the Default network to describe your networking environment. System: General, and more specifically for Omnicast Task: Network view
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Network characteristics and routing information.
Related topics:
"Managing the Network view" on page 82 "Server" on page 471 "Media Router" on page 585
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
434
Network
Properties
The Properties tab defines the network characteristics and routing information.
Capabilities
Data transmission capabilities. This setting is only used by Omnicast for streaming live video on the network. Always select the largest set of capabilities if your network supports them.
Unicast TCP. Unicast (one-to-one) communication using TCP protocol is the most
common mode of communication. It is supported by all IP networks, but it is also the least efficient method for transmitting video.
Unicast UDP. Unicast (one-to-one) communication using UDP protocol. Because UDP is a
connectionless protocol, it works better for live video transmission. When the network traffic is busy, UDP is much less likely to cause choppy video then TCP. A network that supports unicast UDP necessarily supports unicast TCP.
Multicast. Multicast is the most efficient transmission method for live video. It allows a
video stream to be transmitted once over the network to be received by as many destinations as necessary. The gain could be very significant if there are many destinations. A network supporting multicast necessarily supports unicast UDP and unicast TCP.
NOTE Multicast requires specialized routers and switches. Make sure you confirm this with
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
435
Network
IPv4 address
IPv4 has two display modes.
Subnet display. This mode displays the IPv4 subnet mask as four bytes.
CIDR block display. The Classless Inter-Domain Routing (CDIR) mode displays the IPv4
subnet mask as a number of bits.
Click
IPv6 address
Version 6 IP address prefix for your network.
Your network must support IPv6 and you must enable the option Use IPv6 on all your servers. For more information, see "Network" on page 476.
Proxy server
You only need to specify the proxy server when Network Address Translation (NAT) is used between your configured networks. The proxy server must be a server known to your system and must have a public port and address configured on your firewall. For more information, see Server "Properties" on page 472.
Routes
Routes are defined by default between every two networks on your system. The route capabilities are limited by the smallest capability set of the two end points. For example, if one end is capable of multicast and the other end is only capable of unicast UDP, the capabilities of the route between these two end points cannot be more than unicast UDP. If the connection between the two end points (for example VPN) only supports unicast TCP, you might have to limit the capabilities of a route even further. You need to delete a route if no direct connection exists between two networks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
436
Output behavior
Output behavior
The output behavior entity defines a custom output signal format such as a pulse with a delay and duration. Output behaviors are used to control output relays that are not being used to control door locks.
Related topics:
"Access control unit" on page 337 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
437
Output behavior
Properties
The Properties tab lets your configure the output signal pattern.
Some examples of output behaviors can include controlling a parking gate, flashing a light in the warehouse, and so on. In the image above, the behavior for an output relay is configured to open and close the circuit 10 times over a 10 second period.
Delay. The delay before the pulse or periodic output is generated. Duration. The duration (in milliseconds) of the pulse. Infinite. Select this checkbox if the periodic behavior should continue until it is told to stop
by another output behavior.
Duty cycle. The ratio of the output signal pattern pulse width divided by the period. Period. The time for one complete cycle of the output signal pattern.
Output behaviors can be triggered by automatic event-to-action relationships, manually through hot actions in Security Desk, or through IO linking.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
438
Overtime rule
Overtime rule
The overtime rule entity specifies time limits of parking within a restricted area (a single parking space, a city district, or both sides of a city block). It also specifies the maximum number of overtime violations enforceable within a single day. The overtime entity is downloaded to Patroller. In Patroller, an overtime hit occurs when the time between two plate reads of the same plate is beyond the time limit specified in the overtime rule. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator then does a second pass through the district at 1:05 P.M. If a plate was read during the first and second pass, Patroller will generate an overtime hit. The overtime rule is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a pair of plate reads (same plate read at two different times) violates an overtime rule, it is called an overtime hit. System: AutoVu IP license plate recognition Task: LPR Overtime rules
Identity Properties Parking lot Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. The parking regulations enforced by this entity. The parking zone where this entity is enforced. Custom field values for this overtime rule.
Related topics:
"Hotlist" on page 414 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
439
Overtime rule
Properties
The Properties tab is used to configure the parking regulations enforced by this overtime rule. For more information on how to configure overtime rules, see Configuring overtime rules in Security Center in the AutoVu Handbook.
Color. Assign a color to the overtime rule. When you select the overtime rule in Patroller,
the plate reads on the map, and the hit screen, are displayed in this color.
Vehicle parking position. Each Patroller has two sets of calibrated parameters for the
optimal reading of wheel images, based on the parking position of the vehicles: Parallel or Angled (45-degree). This setting tells the Patroller which set of parameters to use.
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with wheel imaging applications.
Long term overtime. Use this option for long term parking; that is, where vehicles can park
in the same spot for over 24 hours. When Long term overtime is selected, the parking time limit is specified in days (2 to 5 days).
IMPORTANT You can only have one long term overtime rule per Directory.
This option automatically sets the parking regulation to same position, meaning the vehicle has parked overtime when it stays in the same parking space beyond the parking time limit set for such parking space.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
440
Overtime rule
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with or without
wheel imaging. Wheel imaging is recommended if you plan to use this rule to detect vehicles parked long term so that you can distinguish between someone who parks in the same position and a vehicle which has been abandoned.
Parking enforcement. Select the type of restricted parking area that applies to the time
limit: a single parking spot, a district within a city, or both sides of a city block.
Same position. A vehicle is parked overtime if it parks in the same spot beyond the time limit specified. For example, your overtime rule specifies a one hour parking limit for a single parking space. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass at 10:05 A.M. If Patroller reads the same plate in the same spot both times, it results in an overtime hit.
IMPORTANT For this feature to work, Patroller needs GPS capability.
District. A vehicle is parked overtime if it is parked anywhere within a city district (a geographical area) beyond the specified time limit. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller user does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass through the district at 1:05 P.M. If Patroller reads the same plate in the same district both times, it results in an overtime hit.
Block face (2 sides). A vehicle is parked overtime if it is parked on both sides of a road between two intersections beyond the specified time limit. For example, your overtime rule specifies a 1hour parking limit within a city block face.The Patroller operator does a first pass through the block face at 9:00 A.M. collecting license plate reads. The operator does a second pass down the block at 10:05 A.M. If Patroller reads the same plate in the same block face both times, it results in an overtime hit. Regulation. Defines the parking time limit, when it is to be enforced, the grace period to be granted, and how many times it can be enforced within a single day. You can add, delete, and modify a parking regulation. To add a regulation, click , and do the following.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
441
Overtime rule
Time limit. The parking time limit in hours and minutes. Grace period. Time beyond the parking time limit during which overtime violation is waived. For example, Patroller will generate an overtime hit on a plate when time between the capture of the same plate exceeds the Time limit plus the Grace period. Applicable days. Days of the week when the time limit is enforced. You can select a weekly time frame from the drop-down list: Always (7 days), Weekdays (Monday to Friday), Weekends (Saturday and Sunday), and Custom. To create a custom time frame, click on the days. Applicable hours. Select when the time limit is enforced. You can choose All day or Time range. To define a time range, click in the date picker field, and use the text field or the graphical clock to specify the time.
Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see Zone occupancy report in Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
442
Overtime rule
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
443
Parking facility
Parking facility
The Parking facility entity defines a large open parking area or a parking garage as a number of sectors and rows for the purpose of tracking the location of vehicles inside that parking facility. It is used in the AutoVu Mobile License Plate Inventory (MLPI) application. The license plate inventory is the list of vehicles present in a parking facility within a given time period. Before AutoVu MLPI units (mobile Patrollers and handheld devices) can collect license plates for the inventory, you must define their collection route as a sequence of sectors and rows configured in the parking facility. The sector and row where a license plate is read represents the location of the vehicle inside the parking facility. Security Center collects license plate reads from the MLPI units and creates an inventory for the current date. Using Security Desk, you can find where a vehicle is parked (sector and row) and how long it has been parked there in the current inventory. You can also compare two inventories on different dates to view the vehicle movements (vehicles that were arrived, moved, or left). System: AutoVu IP license plate recognition Task: LPR Parking facilities
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Assigns an LPR Manager to this entity and configures its sectors and rows. Custom field values for this parking facility.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
444
Parking facility
Properties
The Properties tab is used to assign an LPR Manager to the parking facility and configure its sectors and rows for the license plate collection route. For more information on how to configure parking facilities, see Configuring parking facilities in the AutoVu Handbook.
AutoVu LPR Manager. Select the LPR Manager responsible for creating and managing the
license plate inventory for this parking facility. Only offloads from MLPI Patrollers managed by the same LPR Manager are used to build the inventory for this parking facility. An MLPI Patroller offload can include the vehicle inventory for multiple parking facilities, but only the reads tagged for this parking facility are used to build the inventory.
IMPORTANT Make sure to set a Read retention period for the LPR Manager (see "General settings" on page 569) that is long enough for the period of time you want to keep your inventories.
Configuration. List of sectors, rows, and space count of the parking facility. The parking
space of a parking facility is divided into sectors (or levels in the case of a parking garage) for ease of reference. Each sector contains x number of rows, and each row contains x number of spaces. You can configure Patroller to trigger an alarm (sound or warning message) if the reads collected during your sweep of a row exceed the space count for that row.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 445
Parking facility
Route. License plate collection route to be followed by the MLPI units responsible for
collecting the license plates for the inventory. The route is downloaded by the Patrollers and handheld devices assigned to this parking facility. Only one route may be defined per parking facility, but each MLPI device can start its sweeping round at a different point in the route. The route forms a closed circuit. New sectors and rows are added to the end of the route by default. You can change the order of sector-rows in the route using the and buttons.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
446
Partition
Partition
The partition entity defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. Partitions eliminate the tedious task of creating one-to-one relationships between users and the entities they are allowed to see in the system. If a user has no rights to a partition, that partition and everything it contains are invisible to that user. System: General Task: Security Partitions
Identity Properties Accepted users Name, description, logical ID, and relationships of this entity with other entities in the system. Defines the members (content) of the partition. Defines the users who can see the content of the partition.
Related topics:
"Managing software security" on page 89 "Defining partitions" on page 90 "User" on page 482 "User group" on page 489
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
447
Partition
Properties
The Properties tab allows you to view and manage partition content.
To share this partition with other independent Security Center systems, switch Global
partition to ON. For more information, see "Configure a partition for sharing" on page 304. To search for an entity in the members list, use the name filter or the custom filter. For more information, see "Searching for tasks and entities" on page 42. . For more information, see "Add members to a partition" on page 92. To remove the selected entities from the partition membership, click .
To jump to the configuration page of the selected entity, click . To filter the members by entity type, use the Show drop-down list.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
448
Partition
Accepted users
The Accepted users tab allows you to view and configure who can access the content of the partition, and designate some of them as partition managers.
To show only users, only user groups, or both, use the Entity type scroll-down list. To add accepted users to the partition, click . For more information, see "Add accepted
users to a partition" on page 92. To promote the selected user or user group to the status of partition manager, click the Partition manager checkbox
NOTE All administrators are by default managers of all partitions. This is shown by the
checkbox selected but greyed out. For more information, see "Who is a partition manager?" on page 91.
To remove all access rights over the partition from the selected users and user groups, Click
.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
449
Patroller
Patroller
A Patroller entity represents the in-vehicle software that runs on board a mobile data computer (MDC). It verifies license plates captured by LPR units mounted on the vehicle against lists of vehicles of interest and vehicles with permits. It also collects data for time-limited parking enforcement. The Patroller interface alerts users of license plates matching the above rules so that immediate action can be taken.
System: AutoVu IP license plate recognition Task: Logical view, or LPR Units (under LPR Manager)
Identity Properties Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Assigns an LPR Manager to this entity and configures its sectors and rows. Custom field values for this Patroller. Time zone and geographical location of this unit.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
450
Patroller
Properties
The Properties tab displays information about the computer hosting the Patroller entity (you cannot edit the Patroller properties). You can also configure sound management, acknowledgment buffer settings, and a hit delay for the Patroller unit.
TIP Use the Copy configuration tool to copy these settings to another Patroller entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
451
Patroller
IP address. IP address of the Patroller computer. Version. Version number of the Patroller application. Type. Patroller installation type(s). Serial number. Serial number of the Patroller. Machine name. Name of the Patroller computer. Inherit from LPR Manager role. Patroller uses the hotlists and permit lists associated with its parent LPR Manager. This is the default setting.
File association. Select how the Patroller behaves with hotlists and/or permit lists:
Specific. Associate specific hotlists or permit lists with the Patroller unit rather than the LPR Manager. If you later want to move the Patroller entity to another LPR Manager on your system, the hotlist or permit list will follow. Sound management. Configure Patroller to play a sound when reading a plate and/or generating a hit, and choose whether sounds should be played even when Patroller is minimized.
Play sound on hit. Plays a sound when Patroller generates a hit. Play sound on read. Plays a sound when Patroller reads a plate.
Play sounds even when minimized. Play sounds even if the Patroller window is minimized. Acknowledgment buffer. Specify a buffer restriction that limits how many hits can remain unacknowledged (not accepted or rejected) before Patroller starts automatically rejecting all subsequent hits. You can also choose (by priority) which hotlists should comply with this restriction.
Reject priority. When you create a hotlist entity, you can specify a priority for that hotlist. This setting tells Patroller which hotlist(s) should comply with the buffer restriction. Hotlist. Specify the Duplicate hotlist hit delay that tells Patroller to disregard multiple hits on the same plate for the duration of the delay. For example, if you set a delay of 10 minutes, no matter how many times Patroller reads the same plate during those 10 minutes, it will generate only one hit (assuming the plate is on a hotlist).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
452
Permit
Permit
The Permit entity defines a single parking permit holder list. Each permit holder is characterized by a Category (whose value is the same as the name of the Permit entity), a license plate number, a license issuing state (or province, or country), an optional permit validity range (effective date and expiry date), and an optional Permit ID. Permits are used by AutoVu Patrollers configured for either city or university parking enforcement. The permit entity belongs to a family of methods used by AutoVu to identify vehicles of interest, called hit rules. Other types of hit rules include hotlist, overtime, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a read fails to match any permit loaded in the Patroller, it generates a permit hit. System: AutoVu IP license plate recognition Task: LPR Permits
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Configuring the parsing of the source permit data file for this entity. Custom field values for this permit.
Related topics:
"Hotlist" on page 414 "Patroller" on page 450 "Overtime rule" on page 439 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
453
Permit
Properties
The permit Properties tab is used to configure the parsing of the source permit data file. For more information on how to configure permits, see Configuring permits and permit restrictions in Security Center in the AutoVu Handbook.
Path. Type the path or browse to the permit text file. Every permit entity in Security Center
must be associated with a text file containing the actual permit data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computers local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and youll need to type the username and password to access the network drive.
Use delimiters. Tells Security Center that the fields in the permit list file are of variable
length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your permit list file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
454
Permit
If your permit list file uses Tab as a delimiter (i.e. the Tab key on your keyboard), type the word Tab as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your file or Security Center may not be able to parse the permit list.
Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor. Only the first 100,000 rows of a list are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields (attributes) in the source text file. You can add, delete, or edit the fields.
Category. (Mandatory field) The name of the parking permit. This field in the permit lists source text file must match the permit entity name for the entry to be downloaded to Patroller. This field allows you to use one permit list for several permit entities on your system, provided you create permit entities for each permit category in your permit list.
EXAMPLE Here is a simple permit list with three different permit categories (Students,
Faculty;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 Maintenance;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
You can use this same permit list for three different permit entities. Create a Students permit entity, a Faculty permit entity, and a Maintenance permit entity, and then point all of them to the same source text file. Security Center will extract the license plates (and related information) whose category is the same as the name of the permit entity.
IMPORTANT The permit entity name must match the category name exactly.
PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. PlateNumber. (Mandatory field) The license plate number.
Permit
EffectiveDate. Date from which the particular permit on the list starts to be effective. ExpiryDate. Date after which the particular permit on the list is no longer valid.
PermitID. (University Parking Enforcement only) Used when multiple entries in a permit list share the same permit (e.g. car pool permits). Can be used to identify the number of the permit issued to the vehicle whose license plate is identified in PlateNumber. In the case of shared permits, normally up to four separate vehicles would all have the same permit number. Add ( ) or Edit ( ) a permit attribute. Configure the following:
Name. Only the three compulsory fields, Category, PlateState, and PlateNumber cannot be renamed. Names may contain spaces. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimiters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimiters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is yyyy-MM-dd. For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, EffectiveDate, ExpiryDate, and PermitID. MyPermit;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 MyPermit;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 MyPermit;QC;067MMK;2012-03-31;2012-09-11;PermitID_1 MyPermit;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
456
Permit restriction
Permit restriction
The permit restriction entity defines where and when permit holders can park. Different time restrictions can be applied to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. Permit restrictions are used by AutoVu Patrollers configured for University Parking Enforcement. The permit restriction entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, overtime, and permit. When a plate read matches a hit rule, it is called a hit. When a plate read matches a permit restriction, it generates a permit hit. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. System: AutoVu IP license plate recognition Task: LPR Permit restrictions
Identity Properties Parking lot Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. The parking restrictions applied to this entity. The parking zone where this entity is enforced. Custom field values for this permit restriction.
Related topics:
"Overtime rule" on page 439 "Patroller" on page 450 "Permit" on page 453
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
457
Permit restriction
Properties
The Properties tab is used to configure the restrictions for the individual permits that apply to the parking zone represented by the rule. For more information on how to configure permit restrictions, see Configuring permits and permit restrictions in Security Center in the AutoVu Handbook.
Color. Color used to represent the permit restriction in Security Desk. In Patroller, permit
restrictions are always green for regular permit hits, or blue for shared permit hits. A read is displayed as a triangular-shaped icon in the selected color on the map, when an permit restriction is in effect. When a read violates one of the restrictions, the icon is encircled with a red ring. It indicates a permit hit.
List of restrictions. Define the time restrictions for the different permits associated to a
parking zone. Each time restriction is described by the following attributes:
Everyone. Parking is available to everyone, regardless of whether they have a permit or not. No restriction is enforced during the specified time period. No permit. Only vehicles without permits can park. For example, you can use this type of restriction to reserve a zone for visitors parking. A plate read that matches any of the permits downloaded to the Patroller raises a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
458
Permit restriction
All permits. Only vehicles with a permit can park. A plate read that does not match any of the permits downloaded to the Patroller raises a hit. Specific permits. Only vehicles having one or more of the specified permits can park. A plate read that does not match any of the specified permits raises a hit.
When multiple time restrictions apply at a given time, conflicts are resolved by evaluating the restrictions in the following order: 1. Everyone, 2. No permit, 3. All permits, 4. Specific permits. Moreover, a hit is raised when a matched permit is not valid (either not yet effective or already expired).
Days. Days of the week when parking is allowed. Hours. Time during the day when parking is allowed. Validity. Dates when parking is allowed. Choose All year or select a specific time span using the date picker.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
459
Permit restriction
Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see Zone occupancy report in Genetec Security Desk User Guide.
NOTE This applies only to AutoVu Patroller University Parking applications.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
460
Public task
Public task
The public task entity represents a saved Security Desk task that can be shared among multiple Security Desk users. Public tasks can only be created from Security Desk.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
461
Role
Role
The role entity corresponds to a set of functions within Security Center, such as archiving video or managing access control units, and defines the parameters within which these functions must be carried out. Roles must be hosted by servers. Multiple roles can be hosted on a single server, and multiple servers can be assigned to perform the same role, either as a standby, or for load balancing purposes. System: All systems Task: System Roles Every role type has its particular configuration tabs. The following are the most common ones found in roles.
Identity Properties Resources Extensions Name, description, and relationships of this role with other entities in the system. Specific properties of the role. See "Role types" on page 510. Servers and database assigned to this role. Roles are often required to control hardware devices (units).
NOTE The Directory role is an exception. The Directory role can only be configured using Server Admin. For more information, see "Server Admin" on page 473.
Related topics:
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Server" on page 471 "Role types" on page 510
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
462
Schedule
Schedule
The schedule entity defines a set of time constraints that can be applied to many situations, such as when a user is allowed to log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). There are two subtypes of schedules:
Standard schedule (
). This type of schedule can be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. coverages, but cannot be used in all situations. Its primary function is to control video related behaviors. Twilight schedules are not visible in contexts where they are not applicable.
Twilight schedule ( ). This type of schedule supports both daytime and nighttime
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
463
Schedule
Properties
The Properties tab lets you configure the time constraints that define the schedule.
Date coverage
The date coverage defines a date pattern or specific dates to be covered by the schedule.
Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different
time coverage. This option is not available for twilight schedules. For more information, see "Weekly time range" on page 466.
Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date
pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year. For more information, see "Using the ordinal pattern" on page 468.
Specific. Defines a list of specific dates in the future. Each date can have a different time
coverage. This option is ideal for special events that occur only once.
Time coverage
The time coverage defines which time periods apply during a 24-hour day.
All day. Covers the entire day. This option is not available for twilight schedules. Range. Covers one or multiple discrete time periods within the day. For example, from
9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. This option is not available for twilight schedules. For more information, see "Setting the time range" on page 465.
Daytime. Covers from sunrise to sunset. This option is only available for twilight schedules.
For more information, see "Twilight coverage" on page 467.
Nighttime. Covers from sunset to sunrise. This option is only available for twilight
schedules. For more information, see "Twilight coverage" on page 467.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
464
Schedule
To switch to high resolution mode (each block represents 1 minute), click the
Eye button.
While you are in this mode, use the arrow buttons to scroll in the 24 hour time line. To switch back, click the Eye button again.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
465
Schedule
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
466
Schedule
While configuring multiple dates in the schedule (Ordinal or Specific), you can use a different time coverage for each day covered by the schedule.
Twilight coverage
The Daytime and Nighttime options are only available for twilight schedules. The following example shows a daily schedule using a Daytime coverage. The time coverage starts 10 minutes after the sun rises and ends 10 minutes before the sun sets.
NOTE You can offset the sunrise and sunset times by up to 3 hours, in both directions.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
467
Schedule
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
468
Scheduled task
Scheduled task
The scheduled task entity defines a command (or action) in Security Center that must be executed automatically, at a specific time, or repetitively on a recurring schedule.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
469
Scheduled task
Properties
The Properties tab is where you configure the scheduled tasks behavior.
Once. Executed once at a specific date and time. Every minute. Executed every minute. Hourly. Executed at a specific minute of every hour. Daily. Executed at a specific time every day. Weekly. Executed at a specific time on selected days of the week. On startup. Executed on system startup.
Interval. Executed at regular intervals that can be days, hours, minutes, or seconds. Action. Action to be executed on schedule. For more information, see "Action types" on page 758.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
470
Server
Server
The server entity represents a generic computing resource capable of taking on any role (group of functions) you assign it. Server entities are not created manually on the system. Instead, Security Center automatically creates a server entity when the Security Center Server software (Genetec Server service) is installed on a machine, and that machine is connected to the main server of your system (the server hosting the Directory role). System: General Task: Network view
Identity Properties Server Admin Name, description, logical ID, and relationships of this entity with other entities in the system. Public address and port of the server. Embedded browser to access to the Web Server Admin page.
Related topics:
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Managing the Network view" on page 82 "Network" on page 434 "Role" on page 462
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
471
Server
Properties
The Properties tab shows the servers private IP addresses, and allows you to specify a public address and a port number. These last two settings are necessary only if the server acts as the proxy server for a private network.
Server
Server Admin
The Server Admin tab lets you log on to the Server Admin Web page of the server. It also allows you to view and change the configuration of the server. For more information, see "Managing servers" on page 48.
Directory. Settings pertaining to the configuration of the Directory role. This tab is only
present on the main server. For more information, see "Directory tab" on page 473.
Genetec Server. Local settings pertaining to configuration of the Genetec Server service.
For more information, see "Genetec Server tab" on page 476.
NOTE Depending on whether you are viewing Server Admin from the Config Tool or from a Web browser, the options are not exactly the same, because Config Tool needs to stay connected to the Directory. For all purposes, the Web browser (Internet Explorer) is a better way to connect to Server Admin.
Directory tab
The Directory tab is only available on the main server hosting the Directory role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 473
Server
Directory status
Shows the status of the Directory role. Allows you to start, stop, and restart the Directory.
Database
Configuration of the Directory database. The Directory database contains all system and entity configurations, the incident reports, and the alarm history.
The management of the Directory database is similar to the management of any role database. For more information, see "Managing databases" on page 52.
NOTE If you are accessing Server Admin from Config Tool, you wont have access to the database commands such as create and delete database, resolve conflicts, and restore database, because you cannot change the Directory database while being connected to it. IMPORTANT When database failover is enabled, you must manually perform a full backup every time you make a change to the Directory database from Server Admin. For more information, see "Configure database failover through backup and restore" on page 72. NOTE The Show actions progress ( ) button does the same thing the Database actions monitoring dialog box found in the Config Tools Home page, Tools view.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
474
Server
License
Security Center license status and information.
Click License information to display your license options or to modify your license. For more information, see "License options" on page 768.
General properties
General properties of the Directory.
Secure communication. Select this option to encrypt all communications between the
Directory role and all client applications (Config Tool and Security Desk) on the system.
Incoming connection port. Port used by client applications such as Security Desk and
Config Tool to log on to your system. If you decide to change its default value (5500), the next time a user tries to log on to your system, they will have to add the port number to Directory name in the Logon dialog box, separated by a colon :.
Keep incidents. Specify how long the incident reports are kept in the Directory database. Keep audit trails. Specify how long the entity configuration history is kept in the Directory
database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
475
Server
Keep alarms. Specify how long the alarm history is kept in the Directory database.
Authentication
Use this section to change the password and HTTP port used to log on to the Server Admin on this server. These parameters correspond respectively to the Server password and the Web server port specified during Genetec Security Center Server installation.
If you decide to change the HTTP port from its default value (80), the next time someone needs to log on to this Server Admin from a Web browser, they will have to specify the port number in the URL as follows: http://machine:port/Genetec instead of http://machine/Genetec. Select the Local machine only option to accept logon requests only when they come from the local machine.
Network
Use this section to configure the network card and the TPC listening port used by Genetec Server.
Select Use IPv6 if your network supports it. IPv6 is only supported for video streaming. The Listening TCP port is used by Genetec Server to listen to commands received from the main server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
476
Server
Enter the DNS name or the IP address of the main server, and the password required to connect to the main server. The password must match the password configured in the Authentication section of the main server.
Console
Use this section to enable/disable the debug console used by technical support engineers.
SMTP
Use this section to configure the SMTP server responsible to handle email messages in Security Center.
Mail server. DNS name or IP address of your SMTP mail server. SMTP server port. The server port is usually 25, though your mail server might use a
different port.
From email address. Email address shown as the sender of the email.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
477
Server
Watchdog
Use this section to configure the Genetec Watchdog service. The role of the Watchdog is to ensure that the Genetec Server service is always running.
The Watchdog can be configured to send email notifications to a list of recipients for the following types of events: Error, Warning, and Information.
WARNING This operation restarts Genetec Server. The next time you log on to Server Admin, youll have to use a Web Browser by entering http://machine/Genetec in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work.
You will also have to activate the software license on this newly converted main server. For more information, see the Security Center Installation and Upgrade Guide. If you have other expansion servers on the system, you will need to reconfigure them to connect to this one. See also "Deactivate Directory button" on page 479.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
478
Server
WARNING This operation restarts Genetec Server. You will have to log on again to Server Admin, and connect this expansion server to a main server. Youll have to use a Web Browser, by entering http://machine/Genetec in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work. See also "Activate Directory button" on page 478.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
479
Tile plugin
Tile plugin
The tile plugin entity represents either a Web site ( ) or an interactive .dll or .xaml file ( ) that contains a map or floor plan. There are no default map files included with Security Center for tile plugins. Map files must be created using Genetec Plan Manager, or provided through an SDK developed by Genetecs Custom Development Solutions team or a third party. For information about Plan Manager, see the Plan Manager User Guide, available from the GTAP Documents page. For information about Genetecc Custom Development Solutions team, contact your sales representative. When a tile plugin is displayed in Security Desk, you can view and interact with the Web site or map file, such as viewing live video from cameras, changing the lock state of doors, and so on. When a tile plugin is attached to (is a member of) an area entity, it is automatically displayed in Security Desk instead of the area icon when the area is dragged to a tile. System: General Task: Logical view
Identity Properties Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Links the tile plugin to a Web page or a .dll file. Custom field values for this tile plugin.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
480
Tile plugin
Properties
The Properties tab lets you link the tile plugin entity to a Web site or a .dll file. For more information, see "Create a tile plugin that links to a Web site" on page 165 or "Create a tile plugin that links to a map file" on page 165.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
481
User
User
The user entity identifies a person who can use Security Center applications and defines the rights and privileges that person has on the system. Each user is assigned a username and a password, which are that persons credentials to log on to the system. While the user privileges limit the range of activities a user can perform on the system, the partitions limit the range of entities the user can exercise his/her privileges on. A user can be a member of one or more user groups. Users can inherit the privileges and the access rights from their parent user groups. System: General Task: Security Users
Identity Properties Workspace Security Privileges Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Users general profile. Users default Security Desk workspace configuration. Users security profile. Users privileges. Custom field values for this user.
Related topics:
"Defining users" on page 93 "Importing users from an Active Directory" on page 102 "Partition" on page 447 "User group" on page 489 "User privileges" on page 694
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
482
User
Properties
The Properties tab lets you configure the users general profile.
User status
Use this switch to activate or deactivate the user profile. A user cannot log on when their profile is deactivated. Deactivating a users profile while the user is logged on will immediately log off the user.
Password
Administrators and users that have the Change own password user privilege can change their password.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
483
User
Password expiration
You can configure a users password to expire after a certain number of days. The system automatically warns users whose password is expiring soon, and gives them a chance to set a new password immediately. You can set the password expiry notification period to between 0 and 30 days. If you see that your password is going to expire soon, but do not have the Change own password user privilege, contact your administrator so they can change your password.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
484
User
Workspace
The Workspace tab lets you configure the users Security Desk workspace.
Hot actions
This list shows the hot actions mapped to the PC keyboard function keys (Ctrl+F1 through Ctrl+F12) when this user is logged on to Security Center via Security Desk. The user configures his hot actions via the Monitoring task. For more information, see Working with hot actions and alarms in the Security Desk User Guide.
Additional settings
Turn on the switch Automatically start task cycling on logon so the next time the user logs on via Security Desk, task cycling will start automatically.
TIP To prevent users from stopping the task cycling once the Security Desk is open, deny them
the Start/stop task cycling privilege. There are many more privileges that are designed to help the users focus on their tasks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 485
User
Security
The Security tab lets you configure the users security profile.
User level
User levels affect three things in Security Center:
They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117. They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream.
486
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
User
For more information about blocking cameras, see Blocking/unblocking cameras in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user has multiple parents, the highest user level will be inherited. If the user has no parent, the lowest user level (254) will be inherited.
Remotely control
This section lists the Security Desk workstations that this user is allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
Logon supervisor of
This section lists the users whose logons are supervised by this current user. This means that when a user in this list needs to log on to the system, the current user must also provide his/her username and password in order to complete the logon. A user can have more than one logon supervisor. For more information, see Connecting to Security Center Log on with supervision in the Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
487
User
Privileges
The Privileges tab lets you view and configure the users privileges.
Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user can have many sets of privileges. Each user has the Basic privileges set, plus one for every partition he/she is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
488
User group
User group
The user group entity describes a group of Security Center users who share common properties and privileges. By becoming a member of a user group, a user automatically inherits all the properties of that group. This approach simplifies the configuration of users on large systems. A user can be a member of multiple user groups. User groups can also be nested. System: General Task: Security User groups
Identity Properties Security Privileges Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. User groups common email address and members. User groups security attributes than can be inherited by its members. Privileges that can be inherited by the group members. Custom field values for this user group.
Related topics:
"Defining user groups" on page 96 "Partition" on page 447 "User" on page 482 "User privileges" on page 694
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
489
User group
Properties
The Properties tab lets you view and configure the members of the user group.
Email address
The email address you set for a user group should be a group address that is used by all members of the group. This information can be imported from your companys directory service.
Members
List of user group members. The members inherit by default the rights to partitions and the privileges of the user group. The email address can be used to send emails or to email reports to users via Send an email and Email a report actions. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
490
User group
Security
The Security tab lets you configure common security attributes for the group members.
Security attributes can be inherited by the members of the user group, and can themselves be inherited from other user groups.
User level
User levels affect three things in Security Center:
They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
491
User group
They determine which users can continue viewing a video stream when a camera is blocked
in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream. For more information about blocking cameras, see Blocking/unblocking cameras in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user group has multiple parents, the highest user level will be inherited. If the user group has no parent, the lowest user level (254) will be inherited.
Remotely control
This section lists the Security Desk workstations that the members of this user group are allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
Logon supervisor of
This section lists the users whose logons are supervised by the members of this user group. This means that when users from this list need to log on to the system, any member of this user group can help them complete their logon.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
492
User group
Privileges
The Privileges tab lets you view and configure the user groups privileges.
The privileges of a user group are inherited by its members, and can themselves be inherited from other user groups.
Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user group might have many sets of privileges. Every one has the Basic privileges set, plus one for every partition the group is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
493
Video unit
Video unit
The video unit entity represents a video encoding or decoding device capable of communicating over an IP network, and incorporating either video encoders or video decoders. They come in a wide variety of brands and models. Some support audio, and others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. Video units are created manually or automatically by the Archiver if the unit supports automatic discovery. System: Omnicast IP video surveillance Task: Video Units
Identity Properties Peripherals Custom fields Location Name, description, logical ID, and relationships of this entity with other entities in the system. Information required by the Archiver to connect to this video unit and other data transmission properties. List of all peripheral devices found on the unit that you can configure. Custom field values for this video unit. Time zone and geographical location of this video unit.
Related topics:
"Adding video units to your system" on page 194 "Camera (video encoder)" on page 368 "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
494
Video unit
Identity
The Identity tab of a video unit entity includes an additional section on hardware-specific information.
a
Standard information
The top section of the video units Identity tab is the same as that of all entities. For more information, see "Identity" on page 332.
Specific information
The bottom section of the Identity tab displays hardware specific information, such as the manufacturer, model, firmware version, and whether audio or SSL (Secure Socket Layer protocol) are supported.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
495
Video unit
Click
Upgrade, and from the file browser, select the firmware file (bin) to apply.
Properties
The Properties tab lets you configure the information required by the Archiver to connect to this unit and other data transmission properties. These settings vary from one manufacturer to another. Additional options might be available, depending on the unit type. The sample screen shot below is that of an Axis 210A unit.
IP address
Obtain network settings dynamically (DHCP). Select this option to have the IP address
assigned dynamically by your DHCP (Dynamic Host Configuration Protocol) server.
NOTE Do not use this option unless your DHCP server is configured to always assign the
Video unit
Specific settings. Select this option to enter a fixed address. This is the IP address you
entered when you initially created the video unit entity. You need to enter the following fields:
Local IP. Fixed IP address. Subnet mask. The subnet mask tells the unit which peripherals it can communicate with directly. Anything that does not belong to the same subnet must go through the Gateway. Gateway. IP address of the gateway. It must be on the same subnet as the unit.
Command port
The command port is the port used by the Archiver to connect to the video unit. The command port is sometimes called the HTTP port by some manufacturers.
Discovery port
The discovery port is used for automatic discovery (see "What is automatic discovery?" on page 196). Not all manufacturers supports this feature. On Verint units, both the command port and discovery port are replaced by a single port called the VSIP port.
Authentication
Credentials used by the Archiver to connect to the video unit.
Default login. Select this option for the Archiver to use the credentials defined in the unit
manufacturers extension.
Specific. Select this option for the Archiver to use specific credentials to connect to this
unit. The fields you need to fill in depend on the units manufacturer.
Bit rate
Use this option to limit the maximum bit rate allowed for this unit. Setting a limit to the bit rate helps prevent one unit from using up all the bandwidth available on the network.
Enable UPnP
Enable this option to use the UPnP (Universal Plug and Play) protocol. Disable UPnP if you do not want the unit to be discovered by other Windows applications. This option is disabled by default.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
497
Video unit
Peripherals
The Peripherals tab lists all peripherals devices (input/output pins, audio encoder/decoder) found on the unit that are not explicitly shown as entities, such as the either video encoders or video decoders.
Name. Logical name. It is the same as the Physical name by default. Logical ID. Logical identifier. Description. Description of the device.
To change the settings of a peripheral device:
Select a peripheral from the list and click Edit the item (
Output pin settings
For the output pin, you can also configure the default mode.
).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
498
Video unit
Speaker properties
You can change the default settings of the speaker (audio decoder device).
Volume. Desired volume level (0 to mute, 100 equals maximum volume). UPD port. Port number used when the connection type is unicast UDP. Connection type. Connection type that should be used between the unit and the Archiver
for this audio decoder.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
499
Video unit
Microphone properties
You can change the default settings of the microphone (audio encoder device).
Data format. Audio compression format. Input type. Type of input source.
Line in. Used for pre-amplified source. Mic in. Use this if the microphone is directly connected to the unit. In this case, the signal is amplified by the hardware.
Internal. Use microphones integrated to the unit. Sensitivity. Desired amplification level (default=68). The lower the level, the less sensitive the microphone is to ambient noise, but the recording level will also be lower.
UPD port. Port number used when the connection type is unicast UDP. Connection type. Connection type that should be used between the unit and the Archiver
for this audio encoder. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each audio encoder is assigned a different multicast address with a fixed port number. This is the most efficient configuration.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
500
Video unit
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder because it will cause more traffic than necessary on the network. All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
501
Zone (hardware)
Zone (hardware)
The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A hardware zone (called zone in Synergis 2 and Security Center 3 and 4) is a subtype of the zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and only works in mixed and offline mode. A hardware zone cannot be armed or disarmed from Security Desk. System: Synergis IP access control Task: Logical view
Identity Properties Arming Cameras Custom fields Name, description, logical ID, and relationships of this entity with other entities in the system. Input pins defining this zone and how they are evaluated. For a hardware zone, all input pins must be from the same access control unit. Arming source used for this zone and arming behavior configuration. A hardware zone can only be armed via a key switch or on schedule. Cameras used to monitor this zone in Security Desk. Custom field values for this zone.
Related topics:
"Managing zones" on page 160 "Access control unit" on page 337 "Access Manager" on page 511 "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
502
Zone (hardware)
Properties
The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
503
Zone (hardware)
CAUTION Certain types of input, such as Door Monitor on an HID VertX unit, can only be used for their designated purpose. Other inputs, such as AC Fail and Bat Fail, must be configured for general purpose before they can be used for IO linking. If you use a specific purpose input as general purpose, your configuration will not work. For more information, see "Properties (HID)" on page 340.
Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Reactivation threshold
Set the time period during which the same event should not be re-triggered.
Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
504
Zone (hardware)
Arming source
A hardware zone can only be armed using a key switch or on a schedule.
NOTE You cannot arm or disarm a hardware zone in Security Desk, or by using a software command (event-to-action).
To configure arming via a key switch: Before you begin: The input pin must belong to the access control unit selected in the Properties tab for this to work.
Slide the Arming source to the Input pin position and select the input that is wired to the
key switch. To configure arming on schedule: Before you begin: A schedule corresponding to the period when the zone should be armed must be defined in your system.
Slide the Arming source to the Schedule position and select the desired schedule.
Delays
You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.
Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.
Countdown buzzer
You can optionally assign an output relay to activate a countdown buzzer to match the arming delay. This option is not available when the arming is done on schedule.
NOTE For this feature to work, the output relay must belong to the access control unit selected in the Properties tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
505
Zone (virtual)
Zone (virtual)
The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A virtual zone is a subtype of the zone entity where the IO linking is done by software. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. System: General Task: Logical view
Identity Properties Name, description, logical ID, and relationships of this entity with other entities in the system. Input pins defining this zone and how they are evaluated. For a virtual zone, the inputs and outputs from different units of different types can be used for IO linking. Automatic arming schedules. A virtual zone can be armed and disarmed via Security Desk or via event-to-action. An explicit arm or disarm command always takes precedence over the arming schedule. Cameras used to monitor this zone in Security Desk. Custom field values for this zone.
Arming
Related topics:
"Managing zones" on page 160 "Zone (hardware)" on page 502 "Zone Manager" on page 608
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
506
Zone (virtual)
Properties
The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
Zone Manager
A virtual zone must be controlled by a Zone Manager role. Because a virtual zone is software controlled, it works only in online mode. For more information, see "Zone Manager" on page 608.
Normal (interpreted as 0) Active (interpreted as 1) Trouble (only if the selected unit models support this feature)
You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
507
Zone (virtual)
Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Reactivation threshold
Set the time period during which the same event should not be re-triggered.
Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.
Arming source
A virtual zone can be armed at any time by a Security Desk operator, or by the Arm zone action. Arming schedules are optional and are only necessary if you want the zone to be armed automatically at a certain time. An armed virtual zone can be disarmed at any time by a Security Desk user, or by the Disarm zone action triggered by an event.
Delays
You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 508
Zone (virtual)
Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
509
14
Role types
This section lists all Security Center role types in alphabetical order. Each role type is covered with a general description of its purpose and usage. The sub-sections describe each role types configuration tabs and the settings they contain. This section includes the following topics:
"Access Manager" on page 511 "Active Directory" on page 516 "Archiver" on page 521 "Auxiliary Archiver" on page 543 "Directory" on page 551 "Directory Manager" on page 552 "Global Cardholder Synchronizer" on page 557 "Health Monitor" on page 560 "Intrusion Manager" on page 563 "LPR Manager" on page 567 "Media Router" on page 585 "Omnicast Federation" on page 590 "Plugin" on page 594 "Point of Sale" on page 595 "Report Manager" on page 599 "Security Center Federation" on page 601 "Web-based SDK" on page 605 "Zone Manager" on page 608
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
510
Access Manager
Access Manager
The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. Multiple instances of this role can be created on the system. System: Synergis IP access control Task: Access control Roles and units, or System Roles
Identity Properties Extensions Resources Name, description, and relationships of this role with other entities in the system. Database retention period for access control events. Manufacturer specific settings for connecting to access control units that this Access Manager should communicate with. Servers and database configuration for this role.
Related topics:
"Configuring the Access Manager role" on page 260 "Access control unit" on page 337 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
511
Access Manager
Properties
The Properties tab lets you configure the retention period of the access control events in the database.
Keep events
Access control events are logged by the Access Manager for access control related activity and maintenance reports. You can decide for how long you want to keep them before they are purged from the Access Manager database. Related topics:
"Finding out who is granted access to doors and elevators" on page 324
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
512
Access Manager
Extensions
The Extensions tab allows you to configure the manufacturer-specific settings for connecting to access control units that this role should communicate with.
Genetec SMC. For Synergis Master Controller (SMC) units. You also need to add at least
one discovery port (default=2000) to the extension. The discovery port configured for the extension must match the value configured on the SMC units. For more information, see the Synergis Master Controller Configuration Guide.
HID VertX. For all HID controllers, including the legacy VertX models (V1000 and
V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see Supported HID units in the Security Center Release Notes.
Advanced settings
The advanced settings are reserved for use by Genetecs Technical Assistance Center. Please do not be concerned with these settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
513
Access Manager
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Access Manager role as with any other role. For more information, see "Managing servers and roles" on page 47.
IMPORTANT The Access Manager failover works only when the role is exclusively connected to SMC units. Additional configurations are required on the SMC units for the failover to work. For more information, see Configure the SMC unit for Access Manager failover in the Synergis Master Controller Configuration Guide. The Access Manager failover does not work with HID VertX units because these units cannot handle the change of server IP address, should the Access Manager role fail over to a different server.
Database
All database management principles are the same for the Access Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
514
Access Manager
2 Enter the path to the conflict resolution file using the browse button. 3 Click Resolve conflicts. Youll be prompted to create a safety backup before updating your database. 4 Click Backup. 5 The backup and the conflict resolution updates will be performed in a single step.
6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
515
Active Directory
Active Directory
The Active Directory role imports users, user groups, cardholders, and cardholder groups from your corporate directory service (Windows Active Directory), and keeps them synchronized. Multiple instances of this role can be created on the system.
System: General, Synergis (if cardholder groups are to be imported) Task: System Roles
Identity Properties Links Resources Name, description, and relationships of this role with other entities in the system. Connection parameters to the Windows Active Directory and list of security groups to be imported as Security Center entities. Mapping between AD fields and Security Center custom fields. Servers and failover configuration for this role.
Related topics:
"Integrating with Windows Active Directory" on page 140 "Cardholder" on page 395 "Cardholder group" on page 398 "User" on page 482 "User group" on page 489
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
516
Active Directory
Properties
Defines all the parameters within which this Active Directory role is supposed to operate. For more information, see "Import security groups from an Active Directory" on page 143.
Connection status. Connection status between the role and the corporate AD. Status. Shows what the role is doing. Idle is the normal status. If there is a problem, an error
message is displayed.
Use Windows credentials. You can use the Windows credentials used for running the Genetec Server service, or specify a different set of Windows usernames and passwords. In both cases, the credentials you specify must give you read and write access to the specified corporate AD. Use SSL connection. Select this option to encrypt LDAP (Lightweight Directory Access Protocol) network traffic. LDAP is the protocol used for communication between the Active Directory role and the AD. The default port used for encrypted communication is 636. If you use a different port, you need to specify it explicitly by appending the port number after the AD server name, separated by a colon (:).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
517
Active Directory
Partition. Default partition where the entities synchronized with the corporate AD will be
created if the partition is not mapped to an AD attribute.
Synchronized groups. List of all AD security groups imported as user groups, cardholder
groups, or both. For information on how to add to this list, see "Import security groups from an Active Directory" on page 143.
No scheduled task exists to synchronize this role. This warning message appears if you
have not configured a scheduled task to automatically handle synchronization with the corporate AD. For more information, see "Create a scheduled task" on page 109.
Synchronize now. Click this button to perform an instant synchronization. You should
always re-synchronize after making changes to the synchronized groups.
Links
The Links tab allows you to map AD attributes to Security Center fields.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
518
Active Directory
Cardholder. Map AD attributes to Security Center cardholder fields. See "Select which
cardholder fields to synchronize with the AD" on page 146.
Maximum picture file size. If you are importing cardholder pictures from the AD, specify
the maximum size of the imported picture.
Upload pictures to Active Directory. Select this option if you want the pictures you assign
to imported cardholders from Security Center to be synchronized to the AD.
Card format. Select the default card format to use for the imported cardholder credentials
when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147.
Badge template. Select a default badge template to use for the imported cardholder
credentials.
Custom fields. Map additional AD to Security Center custom fields. See "Map custom
fields to synchronize with the AD" on page 148. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
519
Active Directory
Resources
The Resources tab allows you to configure the servers. The Active Directory role does not require a database.
Servers
All server management principles are the same for the Active Directory role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
520
Archiver
Archiver
The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and the video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive, and performs motion detection on units that do not support this feature. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Camera recording Trickling Extensions Resources Name, description, and relationships of this role with other entities in the system. Default recording settings for all cameras controlled by this role. Data transfer configuration for edge recording units. Manufacturer specific settings for connecting to video units that this Archiver should communicate with. Servers, databases, disk storage, and failover configuration for this role.
Related topics:
"Configuring the Archiver role" on page 193 "Managing video archives" on page 224 "Video unit" on page 494 "Auxiliary Archiver" on page 543 "Media Router" on page 585
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
521
Archiver
Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras controlled by this Archiver role. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera "Recording" on page 378.
Recording modes
The Archiver can apply different recording modes at different times.
Recording mode Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered. Records continuously. Recording cannot be stopped by the user ( ).
Continuous On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), via motion detection, or manually by a user. In this mode, the Record button in Security Desk appears grey ( ) when the Archiver is not recording, red when it is recording but can be stopped by the user ( ), or red with lock ( ) when it is recording but cannot be stopped by the user (on motion or alarm recording).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
522
Archiver
Recording mode
Description
Manual
Same as On motion/Manual. The only difference is that motion will not trigger any recording.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Archiver and the video units are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera "Hardware" on page 389. Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Archiver "Advanced settings" on page 541. Turn this option on to allow both primary and secondary servers to archive video at the same time. This setting is effective only if failover is configured. For more information, see Archiver "Server configurations" on page 534. Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video. Recording duration when recording is triggered by motion detection. For more information, see Camera "Motion detection" on page 379. During this period, the recording cannot be stopped by the user. Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
Automatic cleanup
Redundant archiving Time to record before an event Time to record after a motion Default manual recording length
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
523
Archiver
Trickling
The Trickling tab allows you to configure the transfer of video that was recorded on a video unit to the Archiver. You can define when and what type of data is transferred.
IMPORTANT To be able to trickle with a camera/video unit, you must first configure your unit to record video using the units Web page. For more information, see "Enable edge recording on a camera" on page 198.
Camera list
The camera list shows all the cameras that are set to record on the edge and perform trickling. It allows you to specify whether or not you want the units to trickle on connection or on a schedule, and supplies information about the trickling process. You can configure the same trickling settings for all cameras in the list, or configure settings for specific cameras. To add cameras to the camera list: 1 (Optional) To add a camera group, click Add group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
524
Archiver
If you have a large system, it is a good idea to create groups of cameras, so you can configure the trickling download settings for each group separately. 2 To add cameras, click Add an item. 3 From the drop-down list, select a camera group to add the cameras to. 4 Select the cameras, and then click OK. Hole CTRL or SHIFT to select multiple cameras. 5 For each camera group, or for each specific camera, specify whether or not you want the units to trickle on connection or on a schedule:
On connection. Select this option for the camera to start to trickle upon connection to the network. On schedule. Select this option for the camera to trickle based on the schedule defined in the Trickling schedule section.
Trickling status
The Trickling status dialog box allows you to start and stop trickling manually, and shows you the latest trickling status. Click at the bottom of the camera list to open it.
NOTE A camera that has just been added to the trickled camera list does not appear in this dialog
box until you have clicked Start trickling for all cameras (
) once.
Archiver
Last trickling request. Date and time of the last trickling request for the camera. Last recorded frame. Date and time of the last video frame recorded by the Archiver. Status. Lists the trickling status for the camera. The status can be one of the following:
No video. There is no video recorded on the camera that is available to trickle for the filters specified in the Trickling filter section. For example, if you specify an alarm filter, the camera might have generated an alarm event, however it did not record any video for it. No events. There are no events recorded on the camera that correspond to the filters specified in the Trickling filter section. For example, if you specify a motion filter, but there were no motion events generated by the camera, there are no events to trickle. Started. Trickling has started. Completed. Trickling was successfully completed. Pending. Trickling will start as soon as a spot opens in the download queue. The spots available depend on what is specified in the Simultaneous downloads setting. Incomplete. Something occurred during the trickling process that prevented the transfer from being completed.
Trickling schedule
Use the Trickle every setting to define a schedule for when you want video to be trickled. You can specify the amount of days, hours, and the time. If youve set all cameras to always trickle on connection, ignore this setting.
Trickling filter
Use these settings to specify what type of video data you want to be trickled. Multiple filters can be selected at the same time and all video that corresponds to the filters will be trickled.
NOTE If you do not set any filter, all available video stored on the unit will be trickled.
Time interval. Select this filter to trickle video segments recorded during a specific period
of time. You can specify a specific time range or a relative time range (last n days, hours, minutes).
Playback requests. Select this filter to trickle video segments that were played back from
the camera.
Motions. Select this option to trickle video segments that span between a Motion on and
Motion off event. This option applies to unit motion detection only.
Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a
Unit discovered event.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
526
Archiver
Video analytics. Select this filter to trickle video segments that contain video analytics
events.
Alarms. Select this filter to trickle video segments that contain alarm events. Input triggers. Select this filter to trickle video segments that contain input events.
Trickling behavior
Use these settings to specify how trickling is to be done.
Time buffer when downloading events. The time buffers apply to event-based trickling.
Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event.
Delay after connection. Use this setting to specify how long (in seconds) the Archiver will
wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping.
Simultaneous downloads. Use this setting to specify how many cameras can trickle at the
same time. If you created camera groups, you can specify how many cameras can trickle at the same time per camera group. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
527
Archiver
Extensions
The Extensions tab lets you configure the common connection parameters shared by the video units controlled by this Archiver. The manufacturer extensions are created automatically when you add a unit to the Archiver (see "Add video units manually" on page 194).
"General settings" on page 528 "Discovery settings" on page 529 "Default logon" on page 530 "Notification settings" on page 530 "Bosch VRM settings" on page 531 "Verint specific settings" on page 531 "Advanced settings" on page 532 "NTP settings" on page 532
General settings
Transaction timeout. Time to wait for a response before resending a command to the unit.
A unit is considered lost after three failed attempts.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 528
Archiver
Command port. Port used by the Archiver to send commands to the Bosch units. This field
cannot be changed.
RSTP port. RTSP (Real Time Streaming Protocol) port used by the Archiver to request
video from the units that support this protocol.
CAUTION If you have multiple Archiver roles on the system controlling different groups of video units, then each Archiver must use a different RTSP port.
VSIP port. (Verint only) Port used for automatic discovery. All units that should be
controlled through the same Verint extension must be configured with the same VSIP port. The Verint extensions configured for the same Archiver must all have different discovery ports. For more information, see "What is automatic discovery?" on page 196.
Discovery settings
The following sample screenshot shows the discovery settings of a Bosch unit.
Discovery port. Automatic discovery port. If multiple instances of the same type of
extension are configured for the same Archiver, they must all use a different discovery port. (ACTi) Corresponds to the Search server port 1 in the ACTi video server settings. (Bosch) All units that should be controlled through the same Bosch extension must be configured with the same discovery port.
NOTE If you decide to change the Discovery port after the units are discovered, youll need to create a new extension with the new discovery port and delete the old one. If the units are not automatically discovered, youll have to add them manually. For more information, see "Add video units manually" on page 194.
Discovery reply port. (ACTi and Interlogix) Corresponds to the Search server port 2 in the
ACTi video server settings.
Unicast period. Period whereby the extension repeats its connection tests using unicast to
determine whether each unit is still active in the system.
Multicast period. Period whereby the extension attempts to discover new units using
multicast. This option can be disabled. The IP address that follows is the standard multicast IP address used by Omnicast. Change it only if it is already used for something else.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
529
Archiver
Broadcast period. Period whereby the extension attempts to discover new units using
broadcast. This option can be disabled.
Default logon
Certain types of units can be protected against fraudulent access by a username and a password. The logon credentials can be defined individually for each unit or for all units using the same manufacturer extension. The following sample screenshot shows the default logon settings of an Axis unit.
Username. Certain types of units (such as Axis) require a username. Password. Certain types of units (such as Bosch) only requires a password. Use HTTPS. Select this option to use Hypertext Transfer Protocol Secure for added
security.
Notification settings
The following sample screenshot shows the notification settings of an Interlogix unit.
TCP notification port. (Panasonic and Interlogix) Port used by the Archiver role to receive
notification messages from the units. When an event occurs, such as Signal lost or Signal recovered, the unit will initiate a TCP connection with the Archiver and send the notification through this port.
Notification channel. (Interlogix only) When multiple Archiver roles are configured to
listen to the same units, such as in a failover list, each archiver must be identified with a different notification channel (1 to 8). This parameter can be ignored when you are only using one archiver. For multiple Archiver roles, the following rules must be followed:
All Archiver roles that can potentially control the same units must be configured with the same TCP notification port.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
530
Archiver
If you add more than one VRM to the list, you can use the move up ( ) and move down ( ) buttons to move a VRM up or down in the list. By default, the Archiver will use the first VRM in the list for queries and archived video. If the first VRM is not available, the Archiver will use the next VRM in the list.
Show all available video streams as separate cameras. (Verint only) Omnicast supports
encoders that generate multiple video streams from the same video source. When such a unit is discovered, the Archiver creates a video encoder with multiple streaming alternatives. For more information, see Camera "Stream usage" on page 373. With Verint units, you have the choice to represent every video stream as a separate camera. If this is the desired behavior, select this option.
NOTE This option requires a camera connection license for each stream.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 531
Archiver
SSL settings. SSL (Secure Sockets Layer) is a protocol used to secure applications that need
to communicate over a network. Security Center supports SSL on all message transmissions between the Archiver and the units, with the exception of the video streams, because the data volume would be prohibitive. The purpose for using SSL in Security Center is to prevent malicious attacks, not to stop eavesdropping. Select Enforce SSL only if SSL must be enforced on all units controlled by this Archiver. If this option is cleared, the Archiver will only use SSL to communicate with the units on which SSL is enabled.
Advanced settings
The advanced settings are reserved for use by Genetecs Technical Assistance Center. Please do not be concerned with these settings.
NTP settings
Use the NTP settings to synchronize the time between the units that support NTP (Network Time Protocol) and the NTP server. Keeping the units time synchronized is particularly important for units that handle video archiving themselves. The following parameters must be set:
NTP server. Specify the NTP server name. NTP port. Specify the NTP server port number Poll timeout. Specify in minutes how often you want the time on the units to be checked to
ensure that they are properly synched with the NTP server. For example, if 60 seconds is entered, the time will be verified every 60 seconds.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
532
Archiver
Resources
The Resources tab lets you assign servers, databases, and disk storage to this Archiver role.
"Server configurations" on page 534 "Configure standby archiving priorities" on page 535 "Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538 "Archiver statistics" on page 538 "Protected video file statistics" on page 539 "Archiving camera details" on page 540
533
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Archiver
2 From the dialog box that appears, select the desired server and click Add. The Add server tab becomes the secondary server tab.
"Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538
4 If the secondary server is also on standby for other Archiver roles, then you might have to adjust their standby archiving priorities. See "Configure standby archiving priorities" on page 535. 5 Click Apply. To switch the primary and secondary servers around: Before you begin: You must have two servers assigned to the Archiver role. It is best to choose a time when the Archiver is not archiving to perform this operation. 1 Click Failover ( ) at the bottom of the Resources tab. or to move it up or down the list. A dialog box appears, showing both servers assigned to this Archiver role. 2 Select one of the server in the list and click 3 Click OK to close the Failover dialog box. The two server tabs switch places.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
534
Archiver
4 (Optional) If the primary server that became the secondary server also hosts other Archiver roles, then you might have to adjust their standby archiving priorities. For more information, see "Configure standby archiving priorities" on page 535. 5 Click Apply.
CAUTION If the Archiver was archiving video, you will lose a few seconds of recording while the switch is taking place.
All Archiver roles that rely on this server as their primary or secondary server are listed. The archiving priority can only be set when the server is used as a standby. For roles that rely on the server as their primary server, the archiving priority is implicitly locked at 1 (the highest). 4 Set the priority of the roles as you see fit, and click Save.
NOTE The archiving priority is a setting specific to each Archiver role on each server. When
the archiving priority has never been set, its default value is 1. 5 Repeat Step 3 and Step 4 as necessary to configure all servers hosting Archiver roles on your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
535
Archiver
NOTE At any point in time on a given server, only the Archiver roles with the highest archiving
priority will be able to archive, be it 1 or 100. The archiving priority only affects archiving. Having a lower archiving priority does not stop a failed over Archiver role from performing its command and control functions.
The configuration of the Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.
Disk space cannot be allocated in advance for archiving purpose. Instead, the Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
536
Archiver
Disk base path. Root folder on the disk where all video files are located. The default value is
VideoArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Archiver role has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Archiver.
Min. free space. Minimum free space that the Archiver must leave untouched on the disk.
Click on this value to change it.
Free space. Actual free space remaining on disk. Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple Archivers share the same server, use a separate disk for each.
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Archiver by clearing the checkbox in front of each disk. A disk group is a logical storage unit used by the Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another. Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it. This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226. Refreshes the drive information.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
537
Archiver
Network card. Network card used to communicate with all video units. RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests.
When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555. Additionally the value configured must not duplicate any of those used for the Media Router role, its redirector agent, or any Auxiliary Archiver hosted on the same server.
Telnet port. Port used to listen to the Telnet Console connection requests for debugging
purposes. When you change this value, you need to deactivate and reactivate the Archiver role for the change to take effect.
Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It provides all sorts of useful information regarding the archive storage, and the rate at which it is being filled up. If nothing is displayed, click .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
538
Archiver
List of assigned disks. Snapshot of the disk statistics the last time a refresh was made.
TIP Click to view the percentage of protected video files on the selected disk. For more information, see "Protected video file statistics" on page 539.
Average disk usage. Average space used per day (first line) and average space used per
camera per day (second line).
Estimated remaining recording time. Number of days, hours, and minutes of recording
time left based on the average disk usage and the current load.
Active cameras. Number of cameras that are currently active. Archiving cameras. Number of cameras for which archiving is enabled.
TIP Click See details to view the recording state of each individual camera. For more information, see "Archiving camera details" on page 540.
Archiving span. Time bracket within which video archives can be found. Worst case bandwidth. This number gives you the worst-case scenario on the total
bandwidth requirement if all the cameras are at the peak of their archiving demands.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
539
Archiver
The orange slice represents the proportion of video files that the user has decided to unprotect. When a user decides to manually remove the protection on a video file, the Archiver waits 24 hours before actually removing the protection, giving the user enough time to change his/her mind if necessary. During this reprieve, the status is said to be Protection ending. Instead of checking the Protected video files statistics, you can also configure an event-to-action to alert you on the event Protection threshold exceeded. For more information, see "Using eventto-actions" on page 106.
This report lets you verify whether each encoder is currently streaming video (and audio) and whether the Archiver is currently recording these data. The possible Recording states are as follows:
Recording state Description
Recording off
Recording is enabled but the Archiver is currently not recording. If you suspect a problem, the Description column might give you a clue. The possible causes are as follows: Database lost. Disks full. Cannot write to any drive. Recording was started by a user.
Recording on
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
540
Archiver
Recording state
Description
Recording on (locked by system) Recording off (locked by system) Recording about to stop
Recording is currently controlled by the Archiver (following an On Motion or Continuous schedule). Recording is currently disabled on this camera by a schedule. Recording was started by a user and is about to stop (within the last 30 seconds of recording).
Advanced settings
The advanced settings are independent of the server hosting the Archiver role.
Advanced settings
Description
Video watermarking
Turn this option on to protect your video archive against tampering. For more information, see "Protecting video archive against tampering" on page 229. Turn this option on to recycle the archive storage (the default mode), meaning that the oldest files are deleted to make space for new files when all the disks within a disk group are full. TIP Another way to manage the archiving space is to set individual archive retention periods for each camera (Automatic cleanup option in each cameras Recording tab). This method allows you to keep the more important data for a longer period of time by purging less important video first.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
541
Archiver
Advanced settings
Description
Turn this option on only if the Archiver controls units configured for edge recording. This option is turned off by default to prevent sending playback requests to units that are not recording. This is a safety threshold used to limit the amount of space that protected video files are allowed to occupy on disks. Protected video files are files that will not be deleted by normal archive cleanup procedures. When this threshold is exceeded, the Archiver will generate the Protected video threshold exceeded event once every 15 minutes for as long as the condition is true, but will not delete any video file that is already protected. These two settings are used to control the size of the video files created by the Archiver: Maximum length. Limits the length of video sequence contained in each file. The video length is the time span between the first video frame and the last video frame stored in a file. Maximum size. Limits the size of the video file in MB. The Archiver will start saving the video to a new video file when either one of these conditions is met.
Video files
Additional settings
These additional settings are reserved for use by Genetecs Technical Assistance personnel. Please do not be concerned with these settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
542
Auxiliary Archiver
Auxiliary Archiver
The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including the federated ones. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If an Archiver is not running, the Auxiliary Archiver would not be able to archive the cameras it controls. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Camera recording Cameras Resources Name, description, and relationships of this role with other entities in the system. Default recording settings for all cameras archived by this role. Cameras recorded by this Auxiliary Archiver. Server, database, and disk storage configuration for this role.
Related topics:
"Configuring the Auxiliary Archiver role" on page 204 "Camera (video encoder)" on page 368 "Managing video archives" on page 224 "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
543
Auxiliary Archiver
Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras associated to this Auxiliary Archiver. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera "Recording" on page 378.
Video stream
Use this drop-down list to select the default video stream that the Auxiliary Archiver should record for each camera. The video streams are configured for each individual camera. For more information, see "Configuring video streams" on page 210.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
544
Auxiliary Archiver
Recording modes
The Auxiliary Archiver can apply different recording modes at different times.
Recording mode Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered. Records continuously. Recording cannot be stopped by the user ( ).
Continuous On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), or via motion detection. Note: Manual recording is not supported by Auxiliary Archivers.
Manual
Manual recording is not supported by Auxiliary Archivers. This schedule would have no effect.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Auxiliary Archiver and the cameras are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera "Hardware" on page 389. Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Auxiliary Archiver "Advanced settings" on page 550. Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video. Recording duration when recording is triggered by motion detection. For more information, see Camera "Motion detection" on page 379. During this period, the recording cannot be stopped by the user. Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
Automatic cleanup
Time to record before an event Time to record after a motion Default manual recording length
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
545
Auxiliary Archiver
Cameras
The Cameras tab lets you select the cameras archived by this role. The Auxiliary Archiver can record any camera on your system, except those that are federated from an Omnicast 4.x system.
Related topics:
"Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
546
Auxiliary Archiver
Resources
The Resources tab lets you configure the server, the database, and the disk storage for this Auxiliary Archiver role.
"Genetec Server" on page 548 "Network settings" on page 548 "Archive database settings" on page 548 "Archive storage settings" on page 548 "Archiver statistics" on page 550 "Protected video file statistics" on page 550 "Archiving camera details" on page 550 "Advanced settings" on page 550
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
547
Auxiliary Archiver
Genetec Server
Failover is not supported for the Auxiliary Archiver role. You can only select one server at a time. For more information, see "Move the Auxiliary Archiver to a different server" on page 208.
Network settings
Additional network settings can be configured by clicking the button:
Network card. Network card used to communicate with all video units. RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When
multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555 for the Archiver and 558 for the Auxiliary Archiver. Additionally the value configured must not duplicate any of those used for the Media Router role or its redirector agent hosted on the same server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
548
Auxiliary Archiver
Disk space cannot be allocated in advance for archiving purpose. Instead, the Auxiliary Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
Disk base path. Root folder on the disk where all video files are located. The default value is
AuxiliaryArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Auxiliary Archiver role
has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Auxiliary Archiver.
Min. free space. Minimum free space that the Auxiliary Archiver must leave untouched on
the disk. Click on this value to change it.
Free space. Actual free space remaining on disk. Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Auxiliary Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple archivers share the same server, use a separate disk for each.
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Auxiliary Archiver by clearing the checkbox in front of each disk. A disk group is a logical storage unit used by the Auxiliary Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another. Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it. This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226. Refreshes the drive information.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
549
Auxiliary Archiver
Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It works the same way as for the Archiver role. For more information, see Archiver Resources "Archiver statistics" on page 538.
Advanced settings
The Auxiliary Archivers advanced settings work the same way as the Archiver. For more information, see Archiver Resources "Advanced settings" on page 532.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
550
Directory
Directory
The Directory is the main role that identifies your Security Center system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server, and must be set up first. All other servers you add in Security Center are called expansion servers, and must connect to the main server to be part of the same system. The main functions of the Directory role are:
Client application connection authentication Software license enforcement Central configuration management Event management and routing Audit trail and activity trail management Alarm management and routing Incident management Scheduled task execution Macro execution
Start/stop the Directory role Manage the Directory database and change the data retention periods View and modify your Security Center license View and modify the main servers password and communication ports Convert the main server into an expansion server
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
551
Directory Manager
Directory Manager
The Directory Manager is the role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. Only one instance of this role is permitted per system. This role is created by default when your Security Center license supports multiple Directory servers, and cannot be deleted nor deactivated. System: General Task: System Roles
Identity Directory servers Database failover Name, description, and relationships of this role with other entities in the system. Lets you configure the servers assigned to Directory failover and load balancing. Lets you configure the failover of the Directory database. This feature is turned off by default.
Related topics:
"Configuring Directory failover and load balancing" on page 66 "Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring role failover" on page 61 "Directory" on page 551
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
552
Directory Manager
Directory servers
The Directory servers tab lets you configure the servers assigned to Directory failover and load balancing.
The server identified with a different icon ( ) than the rest ( ) is the main server. The main server is the only Directory server that can write to the Directory database. The rest can only read from that database. Related topics:
"Configuring Directory failover and load balancing" on page 66 "How Directory failover and load balancing works" on page 66 "Differences between Directory servers and the main server" on page 66
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
553
Directory Manager
Database failover
The Database failover tab lets you configure the Directory database failover. When this feature is turned on, you have two options:
LED ( ). Indicates the database server that is currently active. Server. Security Center server hosting the database instance. The server that manages the
master database instance is flagged as (Master).
Database server. Database server name. The name must be accessible from all computers.
Relative names, such as (local)\SQLSEXPRESS cannot be used. Always write explicitly the servers DNS name (for example TW-WIN7-SC-5) instead of (local).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 554
Directory Manager
IMPORTANT All database servers must be of the same version for database failover to work.
Database name. Database instance name. State. Database state. If there is a problem, an error message is displayed. Last Backup/Restore time. Time of the last backup on the master database, or the last
restore on the backup database.
Folder. Local folder on the specified server where the backup files are copied.
The other parameters are:
Automatically reconnect to master database. Select this option to force all Directory
servers to reconnect to the master database once it is back online after a failover. This will cause a short service disruption, and all changes made to the system configuration while the master database was offline will be lost.
Generate full backup every. Frequency (in days) and time at which the full backup should
be generated.
TIP It is recommended to generate a full backup after youve made lots of changes to the system configuration. You can do this anytime by clicking Generate full backup. IMPORTANT After changing the master database from Server Admin (restoring a previous backup for example), always manually generate a full backup from Config Tool immediately after. Failing to do so will cause your master and backup databases to become out of synch and the database failover mechanism will no longer work.
Generate differential backup every. Frequency (in minutes) at which the differential
backup should be generated. A differential backup contains the database transactions made after the previous backup (full or differential). The differential backups are deleted only after a full backup is made.
NOTE All backup activities are stopped when the active database is not the master database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
555
Directory Manager
Mirroring
Database failover is handled by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover.
NOTE The Principal and the Mirror databases must be of the same version. Should you decide to use a Database server instance name, the two instance names must be different. For more information on database mirroring, please refer to Microsoft SQL Server Database Mirroring documentation.
Related topics:
"How Directory database failover works" on page 71 "Configuring Directory database failover" on page 71
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
556
System: Synergis IP access control Task: Access control Units, or System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Connection parameters to the sharing host, shared global partitions, and synchronization option. Servers and failover configuration for this role.
Related topics:
"Managing global cardholders" on page 296 "What is the Global Cardholder Synchronizer?" on page 298 "Configure the Global Cardholder Synchronizer" on page 304
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
557
Properties
The Properties tab lets you configure the connection parameters to the sharing host, the global partitions you want to share, and your synchronization option.
Connection parameters
The Global Cardholder Synchronizer (GCS) role must stay connected to the sharing host in order to keep the local copies of the global entities synchronized with the host.
Connection status. Indicates the current connection status. The second line shows the
connection activities or when the last synchronization was performed.
Directory. Name of a Directory server on the sharing host. If anything else than the default
connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888.
Username and password. Credentials used by the GCS role to connect to the sharing host.
The rights and privileges of this user determine what your local system will be able to see and share with the host system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
558
Global partitions
List of global partitions found on the sharing host. Select the ones you wish to share.
Synchronize automatically
Select this option to have the GCS role perform synchronization in real time. This means that whenever a change is made on the sharing host, either by the host itself or by another sharing guest, the change will immediately be reflected on your local system. Leaving this option unchecked allows you to synchronize manually. You must also leave the role in manual synchronization mode if you want the GCS role to synchronize periodically via a scheduled task. For more information, see "Using scheduled tasks" on page 109.
Resources
The Resources tab lets you configure the servers for hosting this role. The GCS role does not require a database.
Servers
All server management principles are the same for the Global Cardholder Synchronizer role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 559
Health Monitor
Health Monitor
The Health Monitor is the central role that monitors system entities such as servers, roles, units, and client applications for health issues. Health events are recorded in a database for the purpose of reporting and statistical analysis. Current system errors are reported in real time in your applications notification tray. Only one instance of this role is permitted per system. This role is created at system installation and cannot be deleted. System: General Task: System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Health events to be monitored. Servers, database, and failover configuration for this role.
Related topics:
"Monitoring your systems health" on page 75 "Configuring the Health Monitor" on page 76 "Viewing system health events" on page 170 "Viewing the health status and availability of entities" on page 171
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
560
Health Monitor
Properties
The Properties tab lets you configure the health events to be monitored.
Client app. maintenance mode. Turn this switch on to set the client applications in
maintenance mode. Setting any entity in maintenance mode means that the down time will be considered Expected-down time and will not be used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities can be set in maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, it must be set here.
NOTE Setting something in maintenance mode does not stop the health events. Rather, it
Events to monitor. Select which events you want the Health Monitor role to watch.
IMPORTANT Clearing a health event in this list does not remove it from the Health history query filter. But, it could make some of the Health statistics calculations impossible.
Some of the events allow you to adjust the thresholds used to fire the event. For more information, see "Change the firing threshold of a health event" on page 80.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
561
Health Monitor
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database
All database management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
562
Intrusion Manager
Intrusion Manager
The Intrusion Manager role is responsible for the integration of intrusion panels (or alarm panels) to Security Center. It listens to the events reported by the intrusion panels, reports them live in Security Desk, and logs them in a database for future reporting. The Intrusion Manager is also responsible to relay user commands such as arming and disarming the areas (or zones) to the controlling panel and triggering the outputs connected to the latter via event-to-actions. Multiple instances of this role can be created on the system. System: General Intrusion detection Task: Intrusion detection Units, or System Roles
Identity Properties Extensions Resources Name, description, and relationships of this role with other entities in the system. Database retention period for intrusion events. Manufacturer specific settings for connecting to intrusion detection units that this role should communicate with. Servers, database, and failover configuration for this role.
Related topics:
"Managing intrusion panels" on page 155 "Intrusion detection unit" on page 423 "Intrusion detection area" on page 421
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
563
Intrusion Manager
Properties
The Properties tab lets you configure the retention period of the intrusion events in the database.
Keep events
Intrusion events are logged by the Intrusion Manager for intrusion activity reports. You can decide for how long you want to keep them before they are purged from the Intrusion Manager database. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
564
Intrusion Manager
Extensions
The intrusion unit models controlled by this Intrusion Manager role.
All supported manufacturer extensions are created by default when the role is created.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
565
Intrusion Manager
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing servers and roles" on page 47.
IMPORTANT The Intrusion Manager role supports failover only when the intrusion panels are connected via IP. Failover is not supported if the intrusion panels are connected via serial port. For more information, see "Configuring role failover" on page 61.
Database
All database management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
566
LPR Manager
LPR Manager
The LPR Manager stores all LPR data (reads, hits, images, vehicle status, GPS data, and so on) collected from the LPR units (fixed Sharps) and Patrollers that it manages into a central database for data mining and reporting. The LPR Manager is also responsible for updating fixed Sharps and Patrollers in the field with hotfixes, hotlist updates, and so on. Multiple instances of this role can be created on the system to provide scalability and partitioning. For example, different fleets of Patrollers can be managed by different LPR Managers, fixed Sharp units can be managed by different LPR Managers, and so on. System: AutoVu IP license plate recognition Tasks: LPR Units, or System Roles
Identity Properties Resources Name, description, logical ID, and relationships of this entity with other entities in the system. General parameters within which this role should operate. Server and database configuration for this role.
Related topics:
"Hotlist" on page 414 "LPR unit" on page 426 "Overtime rule" on page 439 "Parking facility" on page 444 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
567
LPR Manager
Properties
The Properties tab is used to configure the general LPR Manager settings and optional AutoVu features. The availability of certain features depends on your Security Center license. This section includes the following topics:
"General settings" on page 569 "Live" on page 571 "File association" on page 572 "Matching" on page 573 "Reverse geocoding" on page 574 "Plate filtering" on page 574 "Email notification" on page 576 "XML import" on page 578 "XML export" on page 579 "Update provider" on page 582 "Data import" on page 583
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
568
LPR Manager
General settings
Use the General settings to configure the Root folder for the LPR Manager, the user group for the Patrollers, and how long the data from the LPR Manager is kept in the database.
IMPORTANT Please read the following before you configure the LPR Manager General settings.
If you are using SQL Server Express Edition, the database might be full before the retention
period ends. Contact GTAP to help you evaluate whether SQL Server Express meets the requirements of your AutoVu system. If your computer is hosting more than one LPR Manager, each LPR Manager must have a different root folder.
Root folder. The main folder on the computer hosting the LPR Manager. This is where all
the configuration files are created, saved, and exchanged between the LPR Manager and the Patroller units it manages. Whenever you create a new LPR Manager role, the root folder is created automatically on your computer at the location C:\Genetec\AutoVu\RootFolder. If you create multiple LPR Managers, new folders will be created for you at the same location. For example, if you have three LPR Managers created, the folders RootFolder1, RootFolder2, and RootFolder3 will be created under the folder C:\Genetec\AutoVu. The LPR Manager root folder includes the following subfolders:
ManualTransfer. Contains the configuration and data files to transfer to Patroller manually using a USB key or similar device.
569
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
LPR Manager
Offload. Contains the LPR data offloaded by Patroller. Rules. Contains the delta files used by Security Center to transfer hotlist and permit list changes. Do not copy or move anything in this folder.
Updates. This folder appears when you first turn on the Update provider (see "Update provider" on page 582). It contains Security Center and Patroller hotfixes, as well as Sharp service and firmware updates. Patroller hotfixes are automatically downloaded to Patroller whenever Patroller is connected to Security Center. Mobile Sharp units are updated through Patroller, and fixed Sharp units are updated through the network. Optimize Root folder disk space. (Windows Vista or later only) Enables the use of symbolic links to reduce disk utilization when the same file is replicated in multiple folders, such as when you have large hotlists and/or permit lists associated to individual Patroller units. This reduces the Root folders overall disk space, and optimizes file transfer performance to the Patroller in-vehicle computer. To use this feature, the server machine must be running Windows Vista or later, otherwise hotlists and permits will be copied as usual (duplicate copies on disk). The client machine must also be running Windows Vista or later, otherwise the client wont be able to access the files inside the root folder. After enabling this option in Security Center, you also must enable it in Windows on your server and client machines (youll need administrator rights). On both the server and client machines, open Windows Command Prompt, and then type the following:
To disable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:0. User group for Patrollers. List of users (and their passwords) who are allowed to log on to the Patrollers managed by the LPR Manager. This list is downloaded to the Patrollers.
In Patroller Config Tool, if the Patroller Logon type is Secure name or Secure name and password, the Patroller user will be required to enter the username and password configured in Security Center. If secure logon names are in use, when a read or a hit occurs, in Security Desk you can view who was driving the vehicle.
Database retention periods. Specify how many days of LPR-related data Security Center
can query. The default is 90 days, and the maximum is 2000 days. LPR data that is older than the value(s) you specify will not appear in Security Center queries and reports (Hit reports, Read reports, and so on).
Patroller route retention period. Number of days Patroller route data (GPS positions) can be queried. Hit retention period. Number of days hit data can be queried. Read retention period. Number of days license plate reads can be queried. Event retention period. Number of days the LPR events License plate read and License plate hit can be queried.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
570
LPR Manager
Live
The Live settings are used to configure how data is transferred between Security Center and Patroller.
Listening port. Port used to listen for connection requests coming from fixed Sharps and
Patrollers. After the connection is established, the LPR Manager can receive live updates from the LPR units it manages.
Sharp discovery port. Port used by the LPR Manager to find fixed Sharp units on the
network. The same port number must be used in the Discovery port setting on the Sharp.
IMPORTANT Each LPR Manager must use a unique discovery port.
Send on read (fixed Sharp only). For each plate read, choose which Sharp images are sent
to Security Center. These images are displayed in Security Desk when monitoring LPR events.
License plate image. Include the high resolution close-up image of the license plate along with the plate read data.
Context image. Include the wide angle context image of the vehicle along with the plate read data. Channel security. Encrypt communication between Security Center and Patroller.
IMPORTANT Encryption must be enabled both in the Security Center Config Tool and in
LPR Manager
Encrypt communication channel. Encrypt communication between Patroller and Security Center. Accept non encrypted messages. Security Center will accept incoming connections from Patrollers that do not have the encryption option enabled.
File association
The File association settings specify which hotlists and permits are active and managed by the LPR Manager.
Hotlists. A list of all the hotlists in Security Center. Choose which hotlists you want the
LPR Manager to manage. The LPR Manager then sends the hotlists to the Patrollers it manages, or matches the hotlists against the reads collected from fixed Sharp units to produce hits. When you create a new hotlist, it is automatically added to this list and enabled for all the LPR Managers on your system.
Permits. A list of all the permits in Security Center. Choose which permits the LPR
Manager manages. The LPR Manager sends these permit lists to Patrollers. Only Patrollers configured for parking enforcement require permits. When you create a new permit, it is automatically added to this list and enabled for all the LPR Managers on your system.
NOTE You can also associate permits to individual Patrollers, and hotlists to individual Patrollers
or Sharp units. For more information, see "Patroller" on page 450, and "LPR unit" on page 426.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
572
LPR Manager
Matching
The Matching settings are used to enable matching between hotlists and fixed Sharp units. You use these settings when you want to configure event-to-actions in Security Desk that trigger on match or no match events.
Matching. Enables matching between fixed Sharp units and hotlists. When matching is
enabled, you can configure event-to-actions in Security Desk that trigger when the Sharp reads a plate that is on a hotlist youve activated in File association.
Generate No match events. Security Center generates no match events when a plate is
not found on a specific hotlist. You can then configure event-to-actions in Security Desk based on No match events. You would typically use No match events as part of an access control scenario. For example, you can associate a hotlist to a specific Sharp unit that is monitoring access to a parking lot or similar location. In this scenario, a Security Center event-to-action for a License plate hit grants the vehicle access (opens a gate, raises a barrier, and so on), and an event-to-action for a No match could trigger an alarm, or send an email to security personnel.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
573
LPR Manager
Reverse geocoding
The Reverse geocoding feature converts the raw GPS data (longitude, latitude) from Patrollers into street addresses. The street addresses are then saved along with the reads in the LPR Manager database.
NOTE You need geocoding if your Patrollers are equipped with GPS but no maps.
Map type. Displays the map type set in the Security Center license. (If you choose Mapinfo) MapInfo workspace. Folder where the MapInfo files (Maps.mws
and associated files) are found. This folder must be on the same computer where the LPR Manager is installed.
(If you choose Mapinfo) MapInfo version. If using MapInfo version 6 and later, you must
select New.
Plate filtering
The Plate filtering settings determine what to do when a hotlist or permit list is modified. The LPR Manager can detect if the new or modified lists include entries that contain invalid (nonalphanumeric) characters. You can configure the LPR Manager to either delete the invalid entries completely, or to delete only the invalid characters within the entries. You can also save logs of the filtering process to view detailed information about how many invalid entries were deleted or modified.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
574
LPR Manager
Plate number valid characters. Select the types of characters to filter on (Latin, Arabic, or
Japanese).
Invalid plate number. Configure how the LPR Manager handles invalid records:
Modify record. (Default setting). Removes any non-alphanumeric characters from the plate number. For example, the plate number ABC#%3 becomes ABC3. Remove record. Deletes the entry from the list entirely.
Logging. Select Log filtering in, and then specify where you want the log file to be saved.
The destination folder you choose must be accessible to the computer hosting the LPR Manager role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
575
LPR Manager
Email notification
The Email notification setting turns on email notifications for hotlist hits, and lets you customize the look and contents of the email message. You can configure email notification at the hotlist level (any hit from a hotlist), or at the individual license plate level (a hit from a specific plate). For more information, see Configuring email notifications for hotlist hits in the AutoVu Handbook.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
576
LPR Manager
Annotation email address. Used for email notification at the individual license plate level.
Type the name of the hotlist attribute related to email notification. For example, if you added an Email attribute on the hotlist entitys Properties page, type the exact same name here. The names must match exactly.
Email components. Choose the LPR data you want to attach to the notification email, and
whether to hide the license plate numbers in the message body.
License plate image. High resolution close-up images of the license plate. Context image. A wider angle color image of the vehicle.
License plate. Replaces the read plate number, and the matched plate number in the email with asterisks (*). Log emails in. Select the check box to log hotlist hit notification emails. Type the full path to the log file.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
577
LPR Manager
XML import
The XML import settings are used to import data from third-party applications into the LPR Manager database. When you turn this setting on, Security Center creates an XML import entity, and then associates the imported data with this entity. In Security Desk, you can then filter on the XML import entity when running hit or read reports.
XML template file. Specify where the XML template file is located. Youll find a default
template in the Security Center installation package in Tools\LPR\XMLTemplatesSamples.
XML data folder. Specify the folder that contains the XML data files for Security Center to
import.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
578
LPR Manager
XML export
The XML export settings are used to send LPR Manager reads and hits to third-party applications. Reads and hits are sent live as they occur.
XML templates folder. Specify where the XML templates folder is located. Youll find
default templates in the Security Center installation package in Tools\LPR\XMLTemplatesSamples. There are XML templates for each type of LPR event (plate reads, hotlist hits, overtime hits, permit hits, and shared permit hits).
XML export folder. Specify the folder that contains the XML files exported by the LPR
Manager.
Time format. Enter the time format used in the exported files. As you set the time format
the information field displays what the time format will look like in the XML file. To identify the units of time, use the following notation:
Notation Description
h m
Hour Minute
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
579
LPR Manager
s : hh,mm,ss h,m,s tt
Second Must use a colon (:) between the hour, minute, and second units. Display time with leading zero. For example: 03:06:03 represents 3 hours 6 minutes 3 seconds. Display without leading zero. For example: 3:6:3 represents 3 hours 6 minutes 3 seconds. Include A.M. or P.M. If using a 12-hour clock, you might want to use A.M. or P.M. notation. Unit can be preceded with or without a space. For example, HH:mm:ss tt displays 17:38:42 PM. 12-hour clock. 24-hour clock.
Lowercase h Uppercase H
Date format. Enter the date format used in the export files.
To identify the units of a date, use the following notation:
Notation Description
Month in numerals Month in numerals with leading zero. Month abbreviation. For example Apr for April. Year without century. For example, yy displays 11 for 2011. Year with century. For example, yyyy displays 2011 Date Date with leading zero. Day of week three letter abbreviation. For example, ddd displays Wed for Wednesday. Day of week. For example, dddd displays Wednesday. Can use space or dash (-) between units in the date. dddd MM dd, yyy displays Wednesday April 06, 2011.
Supported XML hashtags. The following XML hashtags are supported. Each hashtag must
have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE# you must write <ContextImage>#CONTEXT_IMAGE#</ContextImage> in the XML).
#ATTRIBUTES#. Generate all Read and Hit attributes. #CONTEXT_IMAGE#. Context image (Base64-encoded JPEG).
580
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
LPR Manager
#DATE_LOCAL#. Local date of the LPR event. #ELAPSED_TIME#. For an overtime hit, this tag indicates the time difference between the two plate reads (displaying the number of days is optional). #FIRST_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the first vehicle seen. #FIRST_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the first plate read. #FIRST_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the first plate read. #HOTLIST_CATEGORY#. Category field of the hotlist that generated the hit. #GUID#. Unique identifier of the LPR event. #INVENTORY_LOCATION#. For MLPI installations, the location of the vehicle inventory. #ISHIT#. This tag indicates if the LPR event is a hit. #LATITUDE_DEGREE#. Latitude of the LPR event (in degrees). #LATITUDE_DMS#. Latitude of the LPR event (in degrees, minutes, and seconds). #LATITUDE_MINUTE#. Latitude of the LPR event (in minutes). #LATITUDE_SECOND#. Latitude of the LPR event (in seconds). #LONGITUDE_DEGREE#. Longitude of the LPR event (in degrees). #LONGITUDE_DMS#. Longitude of the LPR event (in degrees, minutes, and seconds). #LONGITUDE_MINUTE#. Longitude of the LPR event (in minutes). #LONGITUDE_SECOND#. Longitude of the LPR event (in seconds). #MATCHED_PLATE#. License plate against which the hit was generated. #ORIGINAL#. For an overtime hit, this tag generates the content specified in ReadTemplate.xml for the first read of a given plate. #OVERVIEW_IMAGE#. Overview image (Base64-encoded JPEG). #PERMIT_NAME#. Name of the permit that generated the LPR event. #PLATE_READ#. License plate as read by the Sharp. #PLATE_IMAGE#. License plate image (Base64-encoded JPEG). #READ#. Embed the contents of the ReadTemplate.xml inside another XML template (useful for hits). #SECOND_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the second vehicle seen. #SECOND_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the second plate read. #SECOND_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the second plate read. #SHARP_NAME#. Name of the Sharp that read the plate.
581
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
LPR Manager
#STATE#. License plate's issuing state or province, if read. #TIME_LOCAL#. Local time. #USER_ACTION#. User action related to the LPR event. #VEHICLE#. Same as #READ#. #ZONE_COLOR#. Color of the zone associated to the LPR event. #ZONE_NAME#. Name of the zone associated to the LPR event.
Update provider
Turn on the Update provider to create the required sub-folder in the LPR Root folder that will receive the update files. Also, you need to specify the Listening port used for Patroller and Sharp updates. The LPR Manager will use this port to update Patrollers and Sharps with new hot fixes, hit alert sounds, hotlists, firmware and so on.
Listening port. This is the port Security Center uses to send updates to Patrollers and
connected Sharp units, as well as to fixed Sharps on the network. Make sure to use the same port number in Patroller Config Tool, and in the <Admin Tool>.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
582
LPR Manager
Data import
The Data import settings are used to import data from AutoVu 4.3 systems. The LPR Manager connects to the AutoVu Gateway 4.3 database and imports all mobile data into the LPR Manager database so that the data can be viewed with Security Desk.
IMPORTANT Before you turn on Data import, configure the AutoVu Gateway database server and database name. NOTE Please note the following about importing the AutoVu Gateway 4.3 database into Security
Center:
The first time you run the migration, the LPR Manager will import everything that is in the existing Back Office database up until the retention period specified in the General settings. It takes approximately one hour for every 2.5 GB of data to transfer. For example, if you have 100 GB of data, the data import process will take approximately 40 hours. After the first batch of data is imported, the import process will resume every 12 hours. In the mean time, the old system can operate as usual. As data from the legacy system is imported into Security Center, you'll see the Patroller and LPR units appear under the LPR Manager.
For information on how to migrate to Security Center 5.0 from AutoVu 4.3, see the Security Center Installation and Upgrade Guide. Data server. Name of the data server used by the legacy AutoVu Gateway.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
583
LPR Manager
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the LPR Manager role as with any other Security Center role.
Database
All database management principles are the same for the LPR Manager role as with any other Security Center role.
NOTE When backing up (or restoring) the database to a network drive, you must manually enter the network path (for example, \\<MyNetworkDrive>\<Backup DB folder>\.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
584
Media Router
Media Router
The Media Router role handles all stream (audio or video) requests on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks and servers).
It ensures all video streams use the best route to get to their destinations, while performing any necessary transformation (for example, from unicast to multicast, or from IPv4 to IPv6). Only a single instance of this role is permitted per system. System: Omnicast IP video surveillance Tasks: Video Units, or System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. Stream redirectors, start multicast endpoint, and RTSP port. Servers, databases, and failover configuration for this role.
Related topics:
"Configure the Media Router" on page 202 "Network" on page 434 "Server" on page 471 "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
585
Media Router
Properties
The Properties tab allows you to configure the stream redirectors, the start multicast endpoint, and the RTSP port for the Media Router.
Redirectors
Redirectors are servers assigned to host redirector agents. A redirector agent is a software module launched by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks or to balance the redirection workload between multiple servers. Click Add an item ( ) to add new redirectors or Edit an item ( ) to modify an existing one.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
586
Media Router
Server. Server selected to host the redirector agent. Multicast interface. Network adaptor to use for streaming data in multicast mode. Incoming UDP port range. Range of ports used by the redirector agent to send video using
UDP. If the redirector agent is running behind a firewall, make sure that these ports are unlocked for inbound packets for UDP connections.
RTSP port. Port used by the redirector agent to receive TCP commands. The same port is
used to stream data using TCP.
NOTE If you are configuring the redirector agent on the same server that is hosting the Media Router, the RTSP port cannot be the same as the one used by the Media Router.
Live capacity. Use this option to limit the maximum number of live streams that this server
(redirector) can redirect. This feature serves two purposes:
Avoid overloading the server with too many users trying to view video (that needs redirection) at the same time.
Avoid overloading the network with too many video streams coming from a remote site that has limited bandwidth. When the limit is reached, an error message is displayed on the client application requesting the live video that the live stream capacity is exceeded.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
587
Media Router
RTSP port
Incoming TCP command port used by the Media Router.
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Media Router role as with any other role. For more information, see "Managing servers and roles" on page 47.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
588
Media Router
Database
All database management principles are the same for the Media Router role as with any other role. For more information, see "Managing databases" on page 52.
NOTE The Media Router role supports failover and accepts multiple secondary servers. The exception to the rule is that its database can be local to each server. For more information, see "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
589
Omnicast Federation
Omnicast Federation
The Omnicast Federation role imports entities from an remote Omnicast 4.x system so that its cameras and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Task: System Roles
Identity Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment. Connection parameters to the remote Omnicast system, and default video stream and of events to receive from it. Servers and failover configuration for this role.
Properties Resources
Related topics:
"Federating remote systems" on page 128 "Federating Omnicast systems" on page 131 "Security Center Federation" on page 601
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
590
Omnicast Federation
Identity
The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than 40 Omnicast Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
591
Omnicast Federation
Properties
The Properties tab allows you to configure the connection parameters to the remote Omnicast system, and the default video stream and events you wish to receive from it.
Connection parameters
The top section identifies the remote Omnicast system and its connection status.
Connection status. Shows the connection status of the federation role to the remote system.
Click Reset connection at the bottom of the tab to force a reconnection.
Directory. Name of the Omnicast Gateway connecting you to the remote Omnicast system. Username and password. Credentials used by the federation role to log on to the remote
Omnicast system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
Version. Version of the federated Omnicast system. This drop-down list only shows the
Omnicast versions for which a compatibility pack has been installed.
Received information
The bottom section describes the default video stream and events you wish to receive from the federated system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
592
Omnicast Federation
Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers
All server management principles are the same for the Omnicast Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
593
Plugin
Plugin
The Plugin role hosts a specific plugin. Each Plugin role instance hosts exactly one plugin of the type you select.
IMPORTANT You need to install the plugin package on your client and server computers before you can create the corresponding Plugin role, and you must make sure your Security Center license has a valid certificate for the plugin you want to use.
Resources
Related topics:
"Role" on page 462 RF Code Asset Management Plugin User Guide OnGuard and Video Translator Plugin User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
594
Point of Sale
Point of Sale
The Point of Sale role imports transaction data from an external point of sale (POS) system so that transaction reports can be generated from Security Desk for investigation purpose. The transactions are tied to the cash registers that were used to capture these transactions. Security Center can link Omnicast cameras to these cash registers, allowing users to search video sequences based on the transaction details. For more information, see Transactions in the Security Desk User Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see Enable Point-of-Sale plugin in the Security Center Installation and Upgrade Guide.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
595
Point of Sale
Properties
The Properties tab lets you configure how this role is to get the transaction data from the external POS system, and how long these data should be kept in Security Center.
Database server. Database server used by the external POS system. Database. Database name used by the external POS system. Transaction header table. Table name used for transaction headers. Transaction details table. Table name used for transaction details (or transaction line items). data.
Fetch transaction every. Frequency at which the role should poll the POS database for new
Housekeeping parameters for the saved transaction data
Data fetched from the external POS database are saved to a database in Security Center. The local database where the transaction data is stored is configured in the Resources tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
596
Point of Sale
Retention period. Number of days the transaction data should be kept locally. Cleanup period. Frequency of the local database cleanup. Cleanup time. Scheduled database cleanup start time.
Cash registers
The Cash registers tab lets you configure the cash registers (or terminals) whose associated transactions ought to be downloaded from the external POS database (see Properties tab).
3 In the Cash register properties dialog box, enter the following: Name. Name of the cash register entity. Description. Description of the cash register entity. ID. External identifier (or primary key) used to identify the cash register in the external POS database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
597
Point of Sale
Partition. Partition the created cash register entity should belong to. Click different partition from your system.
to select
4 Click Save. 5 Click Apply. The new cash register entities are created and appear in the Logical view. You can associate cameras to the cash register entities. For more information, see "Cash register" on page 400.
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database
All database management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
598
Report Manager
Report Manager
The Report Manager role automates report emailing and printing based on schedules. Only one instance of this role is permitted per system. This role is created by default at system installation and hosted on your main server.
Properties
The Properties tab lets you configure the default behavior of this role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
599
Report Manager
Resources
The Resources tab lets you configure the servers for hosting this role. The Report Manager role does not require a database.
Servers
All server management principles are the same for the Report Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
600
Properties Resources
Related topics:
"Federating remote systems" on page 128 "Federating Security Center systems" on page 133 "Omnicast Federation" on page 590
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
601
Identity
The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than 100 Security Center Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear: Click inside the Name field and type Ctrl+Shift+A.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
602
Properties
The Properties tab allows you to configure the connection parameters to the remote Security Center system, and the default video stream and events you wish to receive from it.
Connection parameters
The top section identifies the remote Omnicast system and its connection status.
Connection status. Shows the connection status of the federation role to the remote system. Server. Name of the main server (Directory) for the remote Security Center system. Username and password. Credentials used by the federation role to log on to the remote
Security Center system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
Received information
The bottom section describes the default video stream and events you wish to receive from the federated system. Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
603
Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers
All server management principles are the same for the Security Center Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
604
Web-based SDK
Web-based SDK
The Web-based SDK role exposes the Security Center SDK methods and objects as Web services to support cross-platform development. For example, this role allows an application developed on Linux to interoperate with your Security Center system. This role mainly exist for clients who need custom development. If you have such needs, please contact Genetec Professional Services for a quote through your sales representative or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com. System: General Task: System Roles
Identity Properties Resources Name, description, and relationships of this role with other entities in the system. General parameters within which this role should operate. Servers and failover configuration for this role.
Related topics:
"Supporting cross-platform development" on page 164 "Macro" on page 429 "Tile plugin" on page 480
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
605
Web-based SDK
Properties
The Properties tab lets you configure what the external developers need to know to use the Web services.
Streaming port
Port where events will be streamed. The user can configure the events he wants to listen to.
The Web service address will use https instead of http. You need to configure the SSL settings:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 606
Web-based SDK
Certificate. Name of the certificate to use. Use the form: CN=NameOfTheCertificate. The certificate must be registered in Windows. You can find procedures on the Web on how to do just that. Bind certificate to port. Turn this option on (default=off) to bind the certificate to the port. This operation does the same thing as you would normally do under Windows.
Resources
The Resources tab lets you configure the servers for hosting this role. The Web-based SDK does not require a database.
Servers
All server management principles are the same for the Web-based SDK role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
607
Zone Manager
Zone Manager
The Zone Manager role manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Multiple instances of this role can be created on the system.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
608
Zone Manager
Properties
The Properties tab lets you configure the retention period of the zone events in the database.
Keep events
Zone events are logged by the Zone Manager for zone activity reports. You can decide for how long you want to keep them before they are purged from the Zone Manager database. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
609
Zone Manager
Resources
The Resources tab allows you to configure the servers and database assigned to this role.
Servers
All server management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
Database
All database management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
610
15
Administration tasks
This section lists all Security Center administration tasks in the order they appear in the Home page. Each task is covered with a short description, and when applicable, a short description for each of its configuration groupings. This section includes the following topics:
"Alarms" on page 612 "Logical view" on page 613 "Network view" on page 615 "Security" on page 617 "System" on page 618 "Video" on page 630 "Access control" on page 632 "Intrusion detection" on page 636 "LPR" on page 638 "Plugins" on page 649
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
611
Alarms
Alarms
The Alarms task allows you to configure alarms and analog monitor groups. System: General License option: Alarms Category: Administration The Alarms task includes the following views:
Alarms Monitor groups Lists all alarms in alphabetical order. For more information, see "Alarm" on page 351. Lists all monitor groups in alphabetical order. For more information, see "Monitor group" on page 432.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
612
Logical view
Logical view
The Logical view task allows you to configure the entities visible in the Security Desk (such as areas, cameras, doors, elevators, tile plugins, intrusion detection areas, zones, and so on) and organize them according to their logical relationships. Areas are used as logical groupings for other types of entities. Each area can represent a concept or a physical location. System: General Category: Administration
C D A B C D Currently selected entity (Suite 400). Click an entity to view its configuration. Jump to the configuration page of the selected entity in the Relationships group. See "Contextual command toolbar" on page 17.
Related topics:
Logical view
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
614
Network view
Network view
The Network view task allows you to configure the networks and servers in your system, and organize them according to your network topology. System: General Category: Administration
D A B C D Currently selected entity (Montreal network entity). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Managing the Network view" on page 82
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 615
Network view
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
616
Security
Security
The Security task allows you to configure the entities that pertain to the software security of your system, such as users, user groups, and partitions. System: General License option: None required Category: Administration The Security task includes the following views:
Users User groups Partitions Lists all users in alphabetical order. For more information, see "User" on page 482. Lists all user groups in alphabetical order. For more information, see "User group" on page 489. Lists all partitions in alphabetical order. For more information, see "Partition" on page 447.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
617
System
System
The System task allows you to configure the system level settings as well as all system entities that are not visible in the Logical view, such as alarms, macros, schedules, and so on. System: General License option: None required Category: Administration The System task includes the following views:
General settings Roles Schedules Scheduled tasks Macros Output behaviors Lets you configure the system level settings. List all roles in alphabetical order. For more information, see "Role" on page 462. Lists all schedules in alphabetical order. For more information, see "Schedule" on page 463. Lists all scheduled tasks in alphabetical order. For more information, see "Scheduled task" on page 469. Lists all macros in alphabetical order. For more information, see "Macro" on page 429. Lists all output behaviors in alphabetical order. For more information, see "Output behavior" on page 437.
General settings
The General settings view includes the following settings pages:
"Custom fields" on page 619 "Events" on page 622 "Actions" on page 624 "Logical ID" on page 625 "User password settings" on page 626 "Activity trails" on page 627 "Audio" on page 628 "Threat levels" on page 629
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
618
System
Custom fields
(Only visible to administrative users) The Custom fields page is where you define custom fields and custom data types for your system entities. It contains two individual tabs:
Entity icon/Field name. Custom field name and the entity type using it. Data type. Custom field data type. The default data types are:
Text. Alphanumeric text. Numeric. Integers in the range -2147483648 to 2147483647. Decimal. Real numbers from -1E28 to 1E28. Date. Gregorian calendar date. Date/Time. Gregorian calendar date and time.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
619
System
Boolean. Boolean data, represented by a check box. Image. Image file. The supported formats are: bmp, jpg, gif, and png.
Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of fields. For more information, see "Search for entities using the Search tool" on page 43. Data types can also be user defined. For more information, see "Add a custom data type" on page 138.
Default value. (Optional) Preset default values are provided for certain data types. This
column displays the default value that was selected when defining the custom field. The selected value will appear when the field is displayed in the specific entity.
Mandatory. (Optional) A value must be provided with this type of fields otherwise the
system will not accept your changes.
Value must be unique. (Optional) Indicates a key field. This option does not apply to fields
using custom data types.
Group name/Priority. (Optional) Name the custom field is grouped under, and the fields
order of appearance within the group. For an example, see "Custom fields" on page 335. No group (1) is the default value. Custom fields that belong to no group appear first in the entitys custom field page.
Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom
field is part of is part of a shared global entity definition. Related topics:
"Add a custom field" on page 136 "Managing global cardholders" on page 296
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
620
System
Custom data type. Name of the custom data type. Description. Optional data type description. Values. Enumeration of acceptable values (text strings) for this data type. Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom data type is part of a shared global entity definition.
Related topics:
"Add a custom data type" on page 138 "Modify a custom data type" on page 139 "Managing global cardholders" on page 296
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
621
System
Events
(Only visible to administrative users) The Events page allows you to define the following:
Event colors are used as visual cues in the Security Desk Monitoring task (event list and display tiles). For example, you can use red to indicate a critical event (someone attempted to use a stolen credential), and blue to indicate a less critical event (access granted). For more information, see Monitoring in the Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
622
System
Custom events
The Custom events tab allows you to view and add custom events to your system.
Custom events are names and identifiers given to input events. They are used to configure custom event-to-actions. For example, for a zone entity, you can associate the state of an input (normal, active, trouble) to a custom event such as Illegal entry. This custom event can then be used in an event-to-action sequence. For more information, see "Managing zones" on page 160.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
623
System
Actions
The Actions page allows you to create event-to-actions for your system, and search for the ones that have already been defined, by source entity (name and type), event type, and action type.
Event-to-action list
Each row in this page corresponds to one event-to-action.
Entity. Source entity, or the entity to which the event is attached. Event. Name of the event that would trigger the action. Action. Name of the action triggered by the event. Arguments. Information required for the action. For example, if the action is Trigger alarm, the argument is the alarm type that is triggered. Or, if the action is Send a message, the argument is the email recipient.
Details. Additional details about the action. Schedule. Schedule that regulates this event-to-action. Event occurring outside the time
range covered by the schedule would not trigger any action. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
624
System
Logical ID
The Logical ID page allows you to view and assign logical IDs to all entities defined in your system.
and
buttons.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
625
System
Alarm monitoring
Assign a logical ID to the Alarm monitoring task in Security Desk. This allows the Security Desk user to call up the Alarm monitoring task with the keyboard. For more information, see Alarm monitoring in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
626
System
Activity trails
(Only visible to administrative users) The Activity trails page allows you to select the types of activity (or events) to be logged for Activity trails task in Security Desk.
For more information, see "Investigating user related activity on the system" on page 182.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
627
System
Audio
(Only visible to administrative users) The Audio page shows all the sound bites (.wav files) available to your system. Sound bites can be used to alert you on certain events, such as when you receive a new alarm, or to be used with the Play a sound action.
Security Center is installed with a default selection of sound bites (.wav files). You can add, delete, or rename any sound bite in the list. To add a new sound bite: 1 Click , select a .wav file from the dialog box that appears, and click Open. to change its name. A new sound bite bearing the name of selected .wav file is added to the list. 2 (Optional) Select the new sound bite, and click 3 To listen to the new sound bite, click .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
628
System
Threat levels
(Only visible to administrative users) The Threat levels page lists all threat levels configured in your system and allows you to add new ones, and to modify and delete existing ones.
Threat level. Threat level name. Description. Threat level description . Color. Color identifying this threat level. The Security Desk background turns to this color
when the threat level is set at the system level.
Activation actions. Number of actions in the threat level activation list. These actions are
executed by the system when the threat level is set.
Deactivation actions. Number of actions in the threat level deactivation list. These actions
are executed by the system when the threat level is cleared. For more information, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
629
Video
Video
The Video task allows you to configure the video management specific roles and the video units they control. System: Omnicast IP video surveillance License option: Omnicast Category: Administration
A B
D A B C D Selected entity (Axis PTZ). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "What are the Omnicast entities?" on page 188
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 630
Video
"Archiver" on page 521 "Auxiliary Archiver" on page 543 "Media Router" on page 585 "Video unit" on page 494 "Camera (video encoder)" on page 368
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
631
Access control
Access control
The Access control task allows you to configure the general settings for access control and the related entities such as Access Manager roles, access control units, access rules, cardholders, credentials, badge templates, and so on, that are not found in the Logical view. System: Synergis IP access control License option: Synergis Category: Administration The Access control task includes the following views:
Roles and units Shows the access control specific roles and the units they control in a hierarchy. For more information, see "Access Manager" on page 511 and "Access control unit" on page 337. Lists all cardholders in alphabetical order. For more information, see "Cardholder" on page 395. Lists all cardholder groups in alphabetical order. For more information, see "Cardholder group" on page 398. Lists all credentials in alphabetical order. For more information, see "Credential" on page 401. Lists all access rules in alphabetical order. For more information, see "Access rule" on page 349. Lists all badge templates in alphabetical order. For more information, see "Badge template" on page 365. Lets you configure the general settings pertaining to access control and to install and configure custom card formats.
Cardholders Cardholder groups Credentials Access rules Badge templates General settings
Related topics:
"How does Synergis work?" on page 252 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337 "Access rule" on page 349 "Badge template" on page 365 "Cardholder" on page 395 "Cardholder group" on page 398 "Credential" on page 401
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
632
Access control
D A B C D Selected view (Roles and units). Select an entity to configure. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
633
Access control
General settings
The Access control General settings view lets you configure the general settings pertaining to access control, and to install and configure custom card formats.
D A B C D Selected view (General settings). List of card request reasons. See "Card request reasons" on page 635. List of installed custom card formats. Click "Custom card formats" on page 635. See "Contextual command toolbar" on page 17. to open the Custom card format editor. See
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
634
Access control
To add a card request reason, click . To modify a card request reason, click . To delete a request reason, click .
For more information about requesting credentials, see Request a credential card in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
635
Intrusion detection
Intrusion detection
The Intrusion detection task allows you to configure the Intrusion Manager roles and the intrusion detection units they control System: Intrusion detection License option: Number of intrusion detection units > 0. Category: Administration
A B
D A B C D Selected entity (Bosh GV3). Select an entity to configure. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
"Administration task workspace overview" on page 16 "Managing intrusion panels" on page 155
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 636
Intrusion detection
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
637
LPR
LPR
The LPR task allows you to configure the general settings for LPR (license plate recognition) and the related entities such as LPR Manager roles, LPR units, hotlists, permits, overtime rules, and so on, that are not found in the Logical view. System: AutoVu IP license plate recognition License option: AutoVu Category: Administration The LPR task includes the following views:
Roles and units Shows the LPR Manager roles and the LPR and Patroller units they control as a hierarchy. For more information, see: "LPR Manager" on page 567. "LPR unit" on page 426. "Patroller" on page 450. Lists all hotlists in alphabetical order. For more information, see "Hotlist" on page 414. Lists all overtime rules in alphabetical order. For more information, see "Overtime rule" on page 439.
Parking facilities Lists all parking facilities in alphabetical order. For more information, see "Parking facility" on page 444. Permit restrictions Permits General settings Lists all permit restrictions alphabetical order. For more information, see "Permit restriction" on page 457. Lists all permits in alphabetical order. For more information, see "Permit" on page 453. Lets your configure the general settings pertaining to license plate recognition and the generation of LPR hits.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
638
LPR
A B C D
Selected view (Roles and units). Select an entity to configure. Configuration pane of the selected entity. See Contextual command toolbar in the Security Center Administrator Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
639
LPR
General settings
The General settings view includes the following settings pages:
"Applications" on page 640 "Hotlist" on page 642 "Overtime rule" on page 644 "Permit" on page 645 "Annotation fields" on page 646 "Updates" on page 647
Applications
The Applications tab lets you configure how Security Desk displays maps in the Monitoring and Route playback tasks. You can also limit the number of logon attempts in Patroller, enforce Patroller privacy settings, and set the attributes a Patroller user must enter when enforcing a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
640
LPR
Map type. Display-only field showing the type of map system supported by your Security
Center license. The choices are Bing, MapInfo, and None.
Color for reads. Click to select the color used to show license plate reads on maps. Initial longitude/latitude. Set the default starting location for map view in Security Desk.
You can type the coordinates in the fields or click Select and zoom in on a location and click Select. A red pushpin appears to indicate the selected position.
Logon attempts before lockdown. You can specify the number of unsuccessful logon
attempts a Patroller can make before the account is locked out. For example, if the limit is set to 3, Patroller users have three attempts to log on to Patroller with their username and password. On the fourth attempt, their accounts will be locked and they wont be able to logon. Users with locked accounts must contact their administrators in order to have the password reset. Patroller must be connected to the Security Center server for the password to be reset.
Privacy. You can configure Patroller to obscure plate numbers, or exclude plate, context, or
wheel images from reads and hits so that the information is not stored in the LPR Manager database. These settings allow you to comply with privacy laws in your region:
License plate, context, or wheel images. When switched to On, images are not sent to Security Center or included in offloaded data.
License plate. When switched to On, the plate number text string is replaced by asterisks (*) when sent to Security Center or in the offloaded data. At the hotlist level, you have the option of overriding these privacy settings for the purpose of sending an email with real data to a specific recipient (see "Advanced" on page 418).
Enforced hit attributes. Create text entry fields that Patroller users must enter text in when
they enforce a hit. The information from the enforced hit text fields can be queried in the Security Desk hits report.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
641
LPR
Hotlist
The Hotlist tab allows you to define the customized attributes, reasons, and categories that will appear in Patroller when the user adds a New wanted entry, or rejects or accepts a hit. The settings are downloaded to Patroller along with the selected hotlists when Patroller connects to Security Center. These settings are also available as filter options for hit reports in Security Desk.
New wanted attributes. A new wanted is a hotlist item that is manually entered by the
Patroller user. The new wanted attributes are attributes other than the standard ones (plate number, plate issuing state, category) that the Patroller user is asked to specify when entering a new wanted item in the Patroller. One category is pre-configured for you when you install Security Center. For more information, see Configuring New wanted attributes and categories in the AutoVu Handbook.
New wanted categories. List of hotlist categories that a Patroller user can pick from when
entering a new wanted item. The category is the attribute that says why a license plate number is wanted in a hotlist. Several categories are pre-configured for you when you install Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
642
LPR
For more information, see Configuring New wanted attributes and categories in the AutoVu Handbook.
NOTE BOLO is an acronym for be on the lookout, sometimes referred to as an all-points
bulletin (APB).
Hit reject reasons. List of reasons for rejecting hotlist hits. These values also become
available as Reject reason filter options for generating hit reports in Security Desk. Several categories are pre-configured for you when you install Security Center. For more information, see Configure hit accept and hit reject reasons in the AutoVu Handbook.
Hit accept reasons. Create a survey that contains information Patroller users must provide
when they accept a hit. The information from the hit survey can be queried in the Security Desk Hit report. There are no pre-configured categories for this option. The category you see above is an example only. For more information, see Configure hit accept and hit reject reasons in the AutoVu Handbook.
Enable No infraction button. Select this option to enable the No infraction button in the
Patroller hit survey. This button allows the Patroller user to skip the hit survey after enforcing a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
643
LPR
Overtime rule
The Overtime rule tab allows you to define the custom reject reasons for overtime hits. The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
644
LPR
Permit
The Permit tab allows you to define the custom reject reasons for permit hits, and to select the minimum elapsed time for shared permit violations (University Parking Enforcement only). The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
Hit reject reasons. List of reasons for rejecting permit hits or shared permit hits. These
values also become available as Reject reason filter options for generating hits reports in Security Desk.
Maximum elapsed time for shared permit violation. This parameter defines the time
period used by University Parking Enforcement Patrollers to generate shared permit hits. A shared permit hit is generated when two vehicles sharing the same permit ID are parked in the same parking zone within the specified time period. For example, lets say youre using the default 120 minutes (two hours), and license plates ABC123 and XYZ456 are sharing the same parking permit. If Patroller reads plate ABC123
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
645
LPR
at 9:00 A.M., and then reads plate XYZ456 at 11:01 A.M., Patroller does not raise a hit because the time exceeds the 120 minutes.
Annotation fields
The Annotation fields tab allows you to define additional selectors to appear in Security Desk Reads or Hits report. To be valid, the selector must relate exactly to the information contained in the actual read or hit.
EXAMPLE If you configure CarModel and CarColor as an Enforced hit attribute (see
"Applications" on page 640), the Patroller user will be asked to enter the cars model and color when enforcing a hit, and the information will be stored with the hit. Specifying CarColor as an Annotation field will allow the values entered by the user to be displayed in a Hits report.
You can also add user custom fields to annotation fields in order to associate a users metadata with individual reads and hits. This allows you to query and filter for the user custom fields in Security Desk Reads and Hits reports. Associate user custom fields with reads and hits in the AutoVu Handbook
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
646
LPR
Updates
The Updates tab allows you to update Patrollers and Sharp units with hotfixes or new sound files for hit alerts. You can also update services on Sharp units, and upgrade Sharp firmware. Before you can send updates, you need to receive the updates from Genetec and place them in the Updates folder under the LPR Root folder. For more information, see Updating Patroller and Sharp units from Security Center in the AutoVu Handbook.
Collapse all. Collapses all items in the Entity field. Expand all. Expands all items in the Entity field. Update all. Update all units that are controlled by the currently-selected LPR Manager. This
button updates only the units on the current tab. For example, if youre on the Patroller and Sharp units tab, youll update all Patrollers and Sharp units on the list.
Status. Shows the status of the update. The possible statuses are:
Not available. Updater service is not supported (for example, Sharp versions 1.5 and 2.0 with less than 512 MB RAM). Entitled. The client machine can receive the update.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
647
LPR
Synchronizing. The client machine has started synchronizing with the server. Synchronized. All update files have been successfully downloaded to the client machine. The client machine is waiting for the update to be applied. Installing. Client machine has accepted the update, and has started replacing outdated files with new files. Installed. The new updates have successfully been applied to the client machine. Uninstalling. The update is being removed from the client machine. Uninstalled. The update has been successfully removed from the client machine.
Error. An error occurred in the update process. Drop folder. Opens the required folder for you to copy the update file. For example, clicking the drop folder icon for a Patroller entity opens C:\Genetec\AutoVu\RootFolder\Updates\Patroller (default location).
NOTE If Security Center is running on a computer that doesnt have access to the server
computer, clicking the drop folder opens the My Documents folder on the local machine.
Patrollers and Sharp units. Displays the Patrollers and Sharp units (fixed and mobile) that
are eligible for an update.
Update services. Displays the Sharp services that are eligible for an update. Firmware upgrade. Displays the Sharp units that are eligible for a firmware upgrade.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
648
Plugins
Plugins
The Plugins task allows you to configure plugin management roles and their related entities. Category: Administration
A B
D A B C D Currently selected entity (RF Code Asset Management Plugin). Click an entity to view its configuration. Configuration pane of the selected entity. See "Contextual command toolbar" on page 17.
Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
649
16
Tools and utilities
This section describes all tools and utilities available in Config Tool. They are presented in the same order as they appear in the Home pages Tools page.
NOTE The last three topics are not from the Tools page.
"Security Desk" on page 651 "Access troubleshooter" on page 652 "Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655 "Import tool" on page 657 "Copy configuration tool" on page 668 "Custom card format editor" on page 670 "Options dialog box" on page 678 "Adding shortcuts to external tools" on page 692
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
650
Security Desk
Security Desk
The Security Desk is the unified user interface for your Security Center system. Its user interface is designed to provide consistent operator workflow across all of the Security Center's main systems, Omnicast, Synergis, and AutoVu. Clicking on the Security Desk icon opens this application with the same credentials you are currently logged on with in Config Tool.
Operation. Tasks related to the day-to-day Security Center operations. Investigation. Tasks allowing you to query the Security Center databases, and those of
federated systems, for critical information.
Maintenance. Tasks pertaining to maintenance and troubleshooting. These tasks are also
available from Config Tool. Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
651
Access troubleshooter
Access troubleshooter
You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:
Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting access points" on page 321.
Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting cardholder access rights" on page 322. Find out why a given cardholder can, or cannot use an access point at a given date and time. See "Diagnosing cardholder access rights based on credentials" on page 323.
Related topics:
"Access control unit" on page 337 "Access rule" on page 349 "Cardholder" on page 395 "Cardholder group" on page 398 "Door" on page 404 "Elevator" on page 410
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
652
For information about discovering access control units when you do not know their IP address, see "Add access control units using the Unit discovery tool" on page 265. For information about discovering video units:
"What is automatic discovery?" on page 196 "Add video units using the Unit discovery tool" on page 196
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
653
Unit replacement
Unit replacement
The unit replacement tool is used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one.
You can replace access control units and video units using the Unit replacement tool.
For information about replacing access control units, see "Replace access control units" on
page 311.
For information about replacing video units, see "Replace video units" on page 234.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
654
Move unit
Move unit
Move unit is a generic tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.
Related topics:
Moving units
Before you begin: Please note the following:
Video unit. The Archiver role must be on the same LAN as the video unit it controls. Unit
manufacturer extensions are automatically created for the type of unit the Archiver needs to control. However, if you are using custom settings, such as custom logon credentials, you need to configure them manually on the new Archiver role. For more information, see "Archiver" on page 521.
Intrusion detection units. The Intrusion Manager role must be on the same LAN as the
intrusion detection unit it controls. Certain unit manufacturer extensions must be created and configured manually. If the intrusion panel is physically connected to a serial port on the server hosting the original role, make sure you do the same with the server hosting the new role. For more information, see "Intrusion Manager" on page 563.
Access control units. The Access Manager role must be on the same LAN as the access
control unit it controls. You must also create the unit manufacturer extension manually. For more information, see "Access Manager" on page 511.
LPR units. The LPR Manager role must be on the same LAN as the LPR unit it controls.
Also make sure that the discovery port configured on the LPR unit matches that of the new LPR Manager. For more information, see "LPR Manager" on page 567.
Patroller units. The LPR Manager role must be able to connect through a wireless network
by the Patroller it manages. The new LPR Manager must use the same settings (hotlists, permits, Patroller user groups, etc.) as the previous LPR Manager. For more information, see "LPR Manager" on page 567. You also need to reconfigure the Patroller so it will connect to the new LPR Manager (IP address and port for live connection, and update provider port). For more information, see Patroller Config Tool reference in the AutoVu Handbook. Once youre done, restart the Patroller. It should be discovered by the new LPR Manager and update its hotlists and permits (if applicable).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
655
Move unit
To move units: 1 From the Home page, click Tools > Move unit. 2 From the drop-down list, select the Unit type you want to move. 3 Select the units you want to move. 4 Select the new manager role from the second drop-down list (Archiver role, Access Manager role, LPR Manager role, and so on). The new role must be different from the current role.
5 Click Move to start the process. When the operation is complete, if you made a mistake or need to move the units again, repeat Step 3 to Step 5. 6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
656
Import tool
Import tool
The Import tool is a Synergis specific tool that allows you to import cardholders, cardholder groups, and credentials from a CSV file. The CSV file must be plain text with delimiters (commas, spaces, periods, and so on) to separate the fields. The delimited fields in the text files would represent values like first name, last name, cardholder group, path and filename of employee photo, and so on.
NOTE The use of this tool is limited to administrative users.
Import credentials alone (credential name, card format, facility code and card number,
status, and the partition the credential belongs to).
Import cardholders alone (cardholder name, description, picture, email, status, custom
fields, and the group and partition the cardholder belongs to). Import cardholders and credentials together (in this case, the cardholder and the credential are specified on the same line and automatically linked together). Replace old credentials with new ones (see "Replacing old credentials" on page 666).
NOTE The Import tool can also be called from a scheduled task via the Import from file action.
For more information, see "Scheduled task" on page 469. Related topics:
"Custom fields" on page 619 "Custom card format editor" on page 670
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
657
Import tool
Audrey,Williams,Technical Writer,awilliams@genetec.com,C:\Data\Cardholder\Pictures\Audrey Williams.png,TechWriters,Yes,83748952,104,18,active This plain text file, EmployeeData.csv contains 4 rows of text. The first row is a comment line, listing the cardholder and credential fields that are included in the CSV file as a reference. The following three rows contain the fields that will be imported. You also can add additional custom fields if they have been created for cardholder or credentials in Security Center. For more information, see "Fields that can be imported from a CSV file" on page 662.
3 Set the Encoding type. This is the character encoding used by the selected CSV file. The default selection is the default encoding used on your PC. If you open the CSV file on your PC and see all the characters displayed correctly, you do not need to change the default settings. 4 Set the CSV field delimiters (Column, Decimal, Thousand).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 658
Import tool
On first use, the tool takes the delimiter settings from Windows Regional Options (Control Panel > Region and Language > Additional settings). After the first use, the tool will remember the last delimiter settings you used. By default, Microsoft Excel also uses the field delimiters from Windows Regional Options when saving a CSV file. This can be overridden in Excel. It is recommended that you open the CSV file in WordPad to confirm the formatting delimiters obtained. When using a space as the Thousands separator, you can specify whether the space is nonbreaking or not. 5 Set where the import is to start. The first line in a CSV file is 1. You can choose to start the import at any line you want. For example, you can skip the first line and use it as column headings or a comment line. A comment line is a line with the hash character (#) in column 1. 6 (Optional) Set the maximum size for picture files. Large picture files (like the ones produced by digital cameras) can very quickly use up the configuration database and impact performance. To minimize the impact of large picture files, the Import tool automatically reduces their sizes before loading them. It does this by reducing the resolution of the image until its file size falls below the Maximum picture file size limit. The default value is taken from your access control system settings. Changing its value in the Import tool also changes your system settings. For more information, see Access control General settings "Maximum picture file size" on page 635. 7 Add the credential as part of the cardholder key. By default, the Import tool uses the combination of the first and last name to identify cardholders. If a cardholder already exists in the database, it is updated with the information read from the CSV file. If it does not, it is added. Using just the first and last names to differentiate cardholders might not be enough. One solution is to combine the credential information to the cardholder key. This is done by selecting the option Add credential to cardholder key. With this option, two lines from the CSV file refer to the same cardholder only if they contain the same cardholder first name, last name and credential data.
NOTE This option is only applicable when both cardholders and credentials are imported
from the same CSV file. When this solution is not applicable, other cardholder information can be used to strengthen the cardholder identification. We will come to this solution in Step 14. 8 (Optional) Set the default Card format. The default card format is only used when no credential card format is specified in the CSV file or when the field identified as Card format in the CSV file is blank. 9 Select the desired Credential operation. You have two choices:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Import tool
All credentials read from the CSV file are added as entities to your system. If a credential already exists in your database, it will be updated.
Replace. This option allows you to replace old credentials with new ones. In the Bindings page that comes next, you will find additional field options to specify the old (previous) and new credential values. For more information, see "Replacing old credentials" on page 666.
10 (Optional) Set the background transparency of the imported cardholder pictures. If the cardholder pictures you are importing were taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you created a badge template that has an image in the background. a Set the Transparency color option to ON. b Select the color of the chroma key screen the cardholder pictures were taken in front of (usually green or blue). c Set transparency percentage. 11 (Optional) Set a default Badge template for the imported cardholders. The badge templates available are ones you have already created in Config Tool. See "Defining badge templates" on page 289. 12 Click Next. The Bindings page appears.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
660
Import tool
The bindings windows displays sample data from the first row to be imported from your file. The first row to be imported is the Start line (see Step 5). 13 Bind each sample value to the database field that it should be imported to. For more information, see "Fields that can be imported from a CSV file" on page 662. If you need to skip a column in your CSV file, just leave the Binding column blank.
NOTE The information read from the CSV file is used to create new entities in your system.
For entities like cardholders and credentials, a minimum amount of information is required. If the information is incomplete, you will not be able to move to the next step. For more information, see "About minimum required information" on page 664. 14 (Optional) Add more fields to the cardholder key. When you need more than the first and last name to differentiate cardholders, you can supplement the cardholder key with additional information. This is done by selecting the Key check box next to each field you want to add to the cardholder key. Not all fields can be part of the cardholder key. The check box is disabled if a field is not eligible.
TIP The other method to strengthen the cardholder identification is to add the credential data to the cardholder key, as described in Step 7.
15 Click Next. The Import tool imports the contents of your CSV file into the database. A summary window will appear confirming the number of entities imported and the number of errors encountered. 16 Click to copy and paste the contents of the report. 17 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
661
Import tool
Card format
Credential card format.You can use one of the following values: 0 = Standard 26 bits 1 = HID H10306 34 Bits 2 = HID H10302 37 Bits 3 = HID H10304 37 Bits 4 = HID Corporate 1000 (35 Bits) To specify a custom card format, you must spell it in exactly the same way as you created it. If no card format is specified in a CSV line, the default format specified on the import settings page is used. You can specify a field in a specific card format, including custom card formats. For more information, see "Custom card format editor" on page 670. Field of an old credential to replace. These (previous value) choices appear only if you selected Replace as Credential operation. For more information, see "Replacing old credentials" on page 666. Cardholder custom field. For more information, see "Custom field limitations" on page 665. Name of the cardholder group the cardholder should belong to. If the cardholder group does not exist, it will be created in the same partition as the cardholder. Credential custom field. For more information, see "Custom field limitations" on page 665.
See "About card facility code and numbers" on page 665 See "About card facility code and numbers" on page 665 As defined by the custom field String
Cardholder group
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
662
Import tool
Field name
Field type
Description
String
The card data field allows the user to fill in the data for both standard and custom card formats. When this field is specified, the facility code and the card number fields are ignored. For all standard card formats, the string must contain the facility code followed by the card number. The accepted separators are the / and | characters. For example 35/20508 corresponds to Facility code= 35 and Card number = 20508. For a custom card format, the data should be arranged according to the custom card format definition. Cardholder entity description. Cardholder email address. Cardholder first name. This field is part of the default cardholder key. Cardholder last name. This field is part of the default cardholder key. Credential entity name. If no name is specified, the default value Imported credential or Unassigned imported credential is used. Name of the partition the cardholder should belong to. If the partition does not exist, it will be created. If it is not specified, the cardholder is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91. Name of the partition the credential should belong to. If the partition does not exist, it will be created. If it is not specified, the credential is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91. Path to a cardholder picture file (bmp, jpg, gif, or png). The path must reference a file located on the local machine or on the network. Credential corresponding to a PIN. Valid range is between 0 and 65535.
Partition
String
Partition
String
Picture
String
PIN
Unsigned integer
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
663
Import tool
Field name
Field type
Description
Status
Boolean
Cardholder status. The following values are accepted (not case sensitive): 1, True, Yes = Profile enabled 0, False, No = Profile disabled Credential status. The following values are accepted (not case sensitive): Active Inactive Lost Stolen Expired
Status
String
Credential
You have the choice of two credential keys: Supply all fields required by a given card format. Supply the Credential card data. If you choose a custom card format, all fields required by your card format must be bound to a column in the CSV file. Otherwise, the CSV file will be rejected. When credential are being imported, either one of these two keys must be present. If both keys are missing values, the line will be discarded. If both keys are present, only the card data is imported.
Cardholder
The default cardholder key is the combination of the cardholders first and last name. One of these two fields must be bound to a CSV column if cardholders are to be imported. When cardholders are being imported, all CSV lines must have a value in at least one of these two fields. If not, the line would be discarded.
Only the cardholder group name is required. Missing the cardholder group will not cause a line to be discarded. Only the partition name is required. Missing the partition name will not cause a line to be discarded.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
664
Import tool
You cannot import custom fields using the Entity data type. Custom fields using the Date data type must be imported with the format YYYY-MM-DD. The Import tool performance decreases as the number of custom fields per imported record
increases.
When you have a large number of custom fields per record, the number of records you can
import at once might also be limited. For example, if your records contain 100 custom fields each, including a 25 KB image data field, you can only import 1000 records at a time. For more information, see "Custom fields" on page 619.
Standard 26 bits HID H10306 34 Bits HID H10302 37 Bits HID H10304 37 Bits HID Corporate 1000 (35 bits)
0 to 255 0 to 65 535 Not requireda 0 to 65 535 0 to 4095 (also known as Company ID Code
0 to 65 535 0 to 65 535 (also known as Card ID Numbers) 0 to 34 359 738 367 0 to 524 287 0 to 1 048 575 (also known as Card ID Numbers)
a. If HID H10302 37 Bits is the only card format referenced in your CSV file, it is preferable to bind the card number to the Security Center Card data field instead of the Card number field since the facility code is not required. Because a single value is stored in the Credential card data field, no separator character is needed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
665
Import tool
names. The result of importing the following CSV file is the creation of a new cardholder: First name = Joe, Last name = Dalton, Email =JDalton@genetec.com, and with two card credentials (12/555 and 12/556).
First name Last name Facility code Card number Email
Joe Joe
Dalton Dalton
12 12
555 556
jdalton@acme.com jdalton@acme.com
However, if the credential is also part of the cardholder key, the same CSV file will generate two separate cardholders with the same first name, last name and email address.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
666
Import tool
NOTE The old and new credential must use the same card format. If the new credentials are to be assigned to the same cardholders, they must also be specified in the CSV file, and cannot be different than the current cardholder of the old credentials.
4 Click Next. The Import tool will change the status of the old credential to Inactive, while creating the new credential as Active. If the cardholders are also imported in the same file, the new credentials will be associated to the cardholders. The result of the operation will be displayed in a summary window. 5 Click to copy and paste the contents of the report. 6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
667
3 Select an entity type and click Next. 4 Select the source entity you want to copy the settings from, and click Next. 5 Select the options (groups of settings) you want to copy, and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
668
6 Select the destination: entities you want to copy the settings to, and click Next. The copying process starts. 7 Click Close when the copying process is completed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
669
Related topics:
C D
F G
A B C
icon).
Card format name and description listed in the Access control task, General settings view. Format used to display Credential code in reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
670
D E F G
Select the card format type and length before defining the fields. Field designated as the sequence generator (indicated by the plus Validate the format with pre-enrolled credentials. Import/export card format from XML file. icon).
To define a new custom card format: 1 From the Home page in Config Tool, open the Access control task. 2 Select the General settings view. 3 Below Custom card formats, click ( ) to open the Custom card format editor. 4 Enter the Name and Description of the custom card format. 5 Specify the Card format type and Format length.
6 Define the data fields that constitute the custom card format. The total length of the fields cannot exceed the format length.
For more information, see "Defining Wiegand fields" on page 672. For more information, see "Defining ABA fields" on page 674.
7 (Optional) For Wiegand, you might have to add parity check bits to the format. For more information, see "Adding parity checks" on page 673. 8 (Optional) For Wiegand, you can designate one field as the sequence generator. The sequence generator is used in to let you enroll a range of credentials in bulk.
The field designated as the sequence generator allows you to define a range of values for bulk credential enrollment in Security Desk
For more information regarding the credential enrollment task, see Credential enrollment in the Security Desk User Guide. 1 (Optional) Enter the format string for printing the credential code.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
671
The credential code is the printed form of the credential data. It is an optional column that is available in most access control related reports. The Code format string tells the system how to print the credential data. To include a field in the credential code, the field name must be specified in the code format string as it is spelled in the card format field definition, between curly brackets { }. The field names are case-sensitive. Any other characters in the format string that are not found between curly brackets are printed as is. For example, with the format string {Facility}/{Card Number}, a credential with the respective field values 230 and 7455 will be printed as 230/7455. 2 (Optional) Validate the new custom card format with a pre-enrolled credential. Click Validate with credential, select a pre-enrolled credential from the Search tool, and click OK. 3 (Optional) Click Export to save the custom card format to an XML file. Exporting the custom card format to an XML file allows you to import that same card format definition to other Synergis systems. 4 Click OK to close the Custom card format editor dialog box. 5 Click Apply.
The mask specifies the bits that are part of the field. The bits are named according to their respective position in the card format, starting from 0. You can enter the mask as a list of comma-separated bit positions or as a range of bit positions. For example, the mask 1,2,3,4,5,6,7,8 can also be written as 1-8 or 1-4,5-8. Note that the order of the bits within the field is important. Therefore, 1,2,3,4 is not the same as 4,3,2,1.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 672
As you define each field, it appears graphically in the Wiegand fields section.
NOTE The order of the fields within the format is important. It corresponds to the order that field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
673
To add a parity check: 1 Click in the Parity checks section. The Parity check dialog box opens.
2 Select the type of parity check (Even or Odd), the position of the Parity bit in the card format (starts at 0), and the bits that should be evaluated (Mask). The syntax of the parity check mask is the same as the data field mask, except that in this case, the order of the bits is not important. 3 Click OK. As parity checks are defined, they appear in the Parity checks list.
NOTE The order of the parity checks in the list is important. It corresponds to the order in
which the parity checks are evaluated. The mask of a subsequent parity check can include the parity bit of a previous parity check and their masks can overlap.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
674
Delimiter. This type of field specifies a delimiter character, typically used at the beginning
or the end of the card format.
Sized. This is a fixed-length field. The length is specified in characters (4 bits each). The
field can contain a fixed value. The field length must be long enough to hold the fixed value.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
675
Delimited. This is a variable length field. You must specify a maximum length (as 4-bit
characters) and a delimiter character.
As you define each field, it appears graphically in the ABA fields section.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
676
NOTE The order of the fields within the format is important for two reasons:
It defines the card format. It corresponds to the order the field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
677
Saved as local settings for your Windows user profile Saved as local settings for the workstation (applies to Config Tool and
Security Desk, for all users) Saved in the Directory database for your Security Center user profile Related topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
678
General options
The General tab allows you to configure the general behavior of Config Tool.
Force Windows credentials. (Active Directory required). Select this option to force the use
of Windows credentials for logon. For this option to work, the users who are expected to log on via this machine must be imported from an Active Directory. For more information, see "Importing users from an Active Directory" on page 102.
Force Directory to. Restrict the access of all users to a specified Directory. Prevent connection redirection to different Directory servers. This option is meaningful
only if you are using Directory load balancing. Select this option if you want to bypass the default load balancing behavior, and only connect to the Directory specified by the user in the connection dialog box.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
679
CAUTION If you use the Force Directory to option, and a mistake has been made (for example
a typo in the Directory name), the next time the user tries to log on, they might be stuck in an endless loop, unable to connect to the wrong server. The logon attempts can be stopped by clicking Cancel, but no Directory field appears to correct the misspelled Directory name.
The solution is to cancel the logon attempts, and the hold the CTRL key and SHIFT key
while clicking Log on. This will force the Directory field to be displayed.
NOTE The same keyboard and mouse-click shortcut can be used to override the Force Windows credentials option if it has been applied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
680
Network options
The network settings apply to the local workstation, and affect Security Desk and Config Tool for all users.
Network card. If your computer is equipped with more than one network card, select the
one used to communicate with Security Center applications.
Network. Config Tool can automatically detect the network your workstation is connected
to. If you have trouble getting your video feeds, set this option to Specific, and manually select the network you are on.
Incoming UDP port range. Port range used for transmitting video to your workstation
using multicast or unicast UDP.
Keyboard shortcuts
The Keyboard shortcuts tab allows you to define or change the keyboard shortcuts mapped to frequently used commands in Config Tool. The keyboard shortcut configuration is saved as part of your user profile and applies to Security Desk and Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
681
If the shortcut is already assigned to another command, you will get a popup message. Click Cancel to choose another shortcut. Click Assign to assign the shortcut to the selected command.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
682
Visual options
The Visual tab allows you to configure the position of the taskbar inside the Config Tool window, and the icons displayed in the notification tray. The visual options are saved as part of your user profile and apply to Security Desk and Config Tool.
Taskbar
Taskbar position. Select the edge (Top, Bottom, Right, Left) of the application window
where you want the taskbar to be displayed. See "Home page overview" on page 14.
Auto-hide the taskbar. Select this option to show the taskbar only when the mouse cursor
hovers over the edge of the application window where the taskbar is set to appear.
NOTE This option hides both the taskbar and the Notification tray.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
683
Notification tray
You can use the Tray options to control what to display in the notification tray.
From the drop-down list beside the icons in the Visual page of the Options dialog box, choose to Show, Hide, or Show notifications only for that item. The following table lists the notification tray icons, and what you can use them for:
Icon Name Description
Clock
Shows the local time. Hover your mouse pointer over that area to see the current date in a tooltip. To customize the time display, see "Date and time options" on page 690. Shows the CPU usage on your computer. Hover your mouse pointer over the icon to view the CPU usage percentage. Shows the current username and Security Center Directory name. Click to toggle between the long and short display. Shows the volume setting (0 to 100) of Config Tool. Click to adjust the volume using a slider, or to mute the volume. Shows the number of messages (errors, warnings, and messages), and health events on your system. Double-click to open the Notifications dialog box to read and review the messages. For more information, see "Viewing system messages" on page 168. If there are health errors, the icon turns red ( ). If there are warnings, the icon turns yellow. If there are only messages, the icon turns blue. Appears only when there are unit firmware upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details. Appears only when there are database upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details. Appears only when there are newly added units in the system. The unit count is displayed over the icon. Double-click the icon to view the details. Shows the number of pending requests for credential cards to be printed ( ). Double-click to open the Card requests dialog box and respond to the request. For more information, see Respond to a card request in the Security Desk User Guide.
Card requests
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
684
Icon
Name
Description
Shows the number of G64 files currently being converted to ASF format ( ). Double-click to open the Conversion to ASF dialog box and view the status of the conversion. When the icon changes to , the file conversion is complete. For more information, see Convert video files to ASF in the Security Desk User Guide.
Video export
Shows the number of video sequences currently being exported ( ). Double-click to open the Export dialog box and view the status of the export. When the icon changes to , the export is complete. For more information, see Export video in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
685
System messages
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Display warning if query may take a long time to execute. Select this option if you want
Config Tool to display a warning message every time you are about to execute a query that might take a long time. See the sample message below.
Ask for a name when creating a task. Select this option if you want Config Tool to ask you
for a name every time you create a task that accepts multiple instances.
Ask for confirmation before closing a task. Select this option if you want Config Tool to
ask for confirmation every time you remove a task from the interface.
UI enhancement
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Show logical ID. Select this option if you want the logical ID to be displayed in brackets
after an entity name in the Logical view.
Show Active Directory domain name where it is applicable. Displays username and
domain name when Active Directory integration is used.
Ask user. Ask you before loading the updated task definition. Yes. Reload without asking. No. Never reload.
Administrative tasks
When you rename an entity that represents a hardware unit, such as an access control unit or a video unit, Config Tool can behave one of three ways. This settings is saved as part of your administrator user profile.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 686
Ask user. Ask you before renaming all related devices. Yes. Rename all related devices without asking you. No. Never rename the related devices.
On application exit
When you exit Config Tool, if you have unsaved changes to your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.
Ask user. Ask you before saving your task list. Yes. Save without asking. No. Never save.
Advanced
When you create new entities, they can automatically be added as members of a partition. This setting is saved as part of your user profile.
From the drop-down list, select a default partition, and then click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
687
Video options
The Video tab allows you to configure the options related to how video is handled in Config Tool.
Advanced settings
The following video settings apply to the local workstation, and affect Security Desk and Config Tool for all users. However, they mainly apply to Security Desk.
NOTE After changing those settings, you need to restart Security Desk.
Out of process media components. Select whether the video signals are decoded by an inprocess or out-of-process component.
An in-process component is an application (implemented as a .dll) that runs in the same processing space as the client application (Security Desk). The advantage of this option is that the video signals are decoded quickly. An out-of-process component is a stand-alone executable program (.exe) which resides on the local computer or a remote computer, and can be accessed by Security Desk. Since the processing is done outside of Security Desks memory, the advantage of this option is the increased stability and performance of the decoding.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
688
All in the same process. Selecting this option when the Out of process media components
is turned ON means that regardless of the number of cameras being viewed, their video decoding are all handled by one decoding process.
Components per process. This setting can be adjusted between 1 and 16. It refers to how
many cameras can be decoded by a single decoding process. Setting this value to 1 means that each camera being displayed uses its own decoding process.
Enable deinterlacing. Select this option to help reduce the jagged effect around straight
lines during movement in interlaced video streams.
Performance options
The Performance tab allows you to configure the options related to how queries are handled in Config Tool. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Reports
Maximum number of results. Whenever you generate a report using one of the reporting
tasks, the maximum number of results that can be returned by the query is limited by the parameter you set here. This limit ensures stable performance when too many results are
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 689
returned. When the query reaches the specified limit, it automatically stops with a warning message. The maximum value you can set is 2,000.
TIP There is a way to bypass the limit of 2,000 results. You need to save your reporting task as a public task, and manually launch the action E-mail a report using the task you just saved as a parameter. This can be done from a scheduled task. In this case, the report is not displayed in Config Tool, and the number of results is limited to 10,000. For more information, see "Using scheduled tasks" on page 109.
Display time zone abbreviations. Select this option to add the time zone abbreviation to all
time displays.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
690
External devices
The External devices tab allows you to enable or disable access control devices, such as USB readers, signature pads, card scanners, and so on. For example, if you disable the option to use USB readers, then when you want to present a card credential, you can only use a door, not a USB reader on someones desk. These settings are saved locally for your Windows user profile. Next to each external device, set the option ON or OFF, and then click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
691
The original content of this file looks as follows: <?xml version="1.0" encoding="utf-8"?> <ArrayOfToolsMenuExtension xmlns:xsi="http://www.w3.org/2001/XMLSchema-...> <ToolsMenuExtension> <Name></Name> <FileName></FileName> </ToolsMenuExtension> </ArrayOfToolsMenuExtension>
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
692
Each shortcut is defined by an XML tag named <ToolsMenuExtension>. Each XML tag can contain four XML elements:
<Name> Command name displayed in the Tools page. <FileName> Command to execute (executable file). <Icon> (Optional) Alternate icon file (.ico). Use this element to override the default icon
extracted from the executable file.
All XML tag names are case sensitive. You can edit this XML file with any text editor.
Changes to this file are applied the next time you launch your application. If a full path is not provided in the <FileName> tag, the application will not be able to extract the icon associated with the executable. In this case, explicitly supply an icon with the <Icon> tag.
The following sample file adds the three shortcuts (Notepad, Calculator, and Paint) to the Tools page. The Notepad shortcut is configured to open the file C:\SafetyProcedures.txt when you click on it. <?xml version="1.0" encoding="utf-8"?> <ArrayOfToolsMenuExtension xmlns:xsi="http://www.w3.org/2001/XMLSchema-...> <ToolsMenuExtension> <Name>Notepad</Name> <FileName>c:\windows\notepad.exe</FileName> <Arguments>c:\SafetyProcedures.txt</Arguments> </ToolsMenuExtension> <ToolsMenuExtension> <Name>Calculator</Name> <FileName>c:\windows\system32\calc.exe</FileName> </ToolsMenuExtension> <ToolsMenuExtension> <Name>Paint</Name> <FileName>c:\windows\system32\mspaint.exe</FileName> </ToolsMenuExtension> </ArrayOfToolsMenuExtension>
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
693
17
User privileges
This section describes all privilege hierarchies in Security Center by category. This section includes the following topics:
"Application privileges" on page 695 "General privileges" on page 696 "Administrative privileges" on page 697 "Task privileges" on page 704 "Action privileges" on page 708
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
694
Application privileges
Application privileges
Application privileges grant access to the Security Center applications.
Config Tool. Allows the user to run Config Tool. Security Desk. Allows the user to run Security Desk. Change client views. Allows the user to change the Security Desk window size and position. Without this privilege, the user cannot log off or close Security Desk, and Security Desk stays locked in full screen mode. The Restore Down commands and the F11 key (used to switch between full screen and windowed mode) are also disabled. See also "Force Security Desk to run in full screen mode" on page 95. Change Security Desk options. Allows the user to change the Security Desk options through the Options dialog box (CTRL+O). Change tile content. Allows the user to change what is displayed in each tile. Change tile pattern. Allows the user to change the tile pattern. Change workspace. Allows the user to add and remove tasks from their active task list. The only exception to the rule is the Video file player task that does not need the user to be connected to the Directory to open. Start/Stop task cycling. Allows the user to start and stop task cycling, and to change the task dwell time. Web Client. Allows the user to use the Web Client. Global Cardholder Synchronizer. Allows a sharing guest to log on via the Global Cardholder Synchronizer role to the local system. The local system is the sharing host. Log on using the SDK. Allows the user to run SDK applications. Mobile application. Allows a Mobile application to connect to the local system. Federation. Allows a federation role (Omnicast Federation or Security Center Federation) from the host system to connect to the local system. The local system is the one being federated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
695
General privileges
General privileges
General privileges grant access to the generic Security Center features.
View Web pages. Allows the user to view the URL associated to tile plugins in Security Desk. Change own password. Allows the user to change their own password. Print/export reports. Allows the user to print and save reports to files. Remove entries from a report. Allows the user to remove selected entries from reports in Security Desk. Report incidents. Allows the user to report the incidents in the Security Desk.
Modify reported incidents. Allows the user to modify incident reports in the Security Desk
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
696
Administrative privileges
Administrative privileges
Administrative privileges Config Tool. grant access to the configuration of Security Center entities via
"Logical entities" on page 697 "Physical entities" on page 697 "Schedule Management" on page 700 "Access control management" on page 701 "Alarm management" on page 703 "LPR management" on page 703
Logical entities
View areas View tile plugins
View areas
Allows the user to view area configurations.
Modify areas. Allows the user to modify area configurations. Add/delete areas. Allows the user to add or delete area entities.
Modify tile plugins. Allows the user to modify tile plugin configurations.
Add/delete tile plugins. Allows the user to add or delete tile plugin entities.
Physical entities
View access control units View analog monitors View assets View cameras View cash registers View doors View elevators View LPR units View output behaviors
697
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Administrative privileges
View Patrollers View zones View camera sequence View video units View intrusion areas View intrusion detection units
Initiate access control unit firmware upgrade. Allows the user to initiate access control unit firmware upgrade. Modify access control units. Allows the user to modify access control unit configurations and to swap units. For more information, see Unit swap utility on page 163.
Add/delete access control units. Allows the user to add or delete access control units. This includes unit discovery and enrollment. For more information, see Unit discovery on page 142. Reset access control units. Allows the user to reset access control units.
Modify analog monitors. Allows the user to modify analog monitor configurations.
View assets
Allows the user to view asset configurations.
Modify assets. Allows the user to modify asset configurations. Add/delete assets. Allows the user to add or delete asset entities.
View cameras
Allows the user to view camera configurations.
Modify Cameras. Allows the user to modify camera configurations. Analytic. Allows the user to modify edge video analytics rules and settings.
Modify cash registers. Allows the user to modify cash register configurations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
698
Administrative privileges
Add/delete cash registers. Allows the user to add or delete cash register entities.
View doors
Allows the user to view door configurations.
Modify doors. Allows the user to modify door configurations. Add/delete doors. Allows the user to add or delete door entities.
View elevators
Allows the user to view elevator configurations.
Modify elevators. Allows the user to modify elevator configurations. Add/delete elevators. Allows the user to add or delete elevator entities.
Modify LPR units. Allows the user to modify LPR unit configurations. Add/delete elevators. Allows the user to add or delete LPR units. Reset LPR units. Allows the user to reset LPR units.
Modify output behaviors. Allows the user to modify output behavior configurations. Add/delete output behaviors. Allows the user to add or delete output behaviors.
View Patrollers
Allows the user to view Patroller configurations.
Modify Patrollers. Allows the user to modify Patroller configurations. Add/delete Patrollers. Allows the user to add or delete Patrollers.
View zones
Allows the user to view zone configurations.
Modify zones. Allows the user to modify zone configurations. Add/delete zones. Allows the user to add or delete zone entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
699
Administrative privileges
Modify camera sequence. Allows the user to modify camera sequence configurations. Add/delete camera sequence. Allows the user to add or delete camera sequence entities.
Initiate video units firmware upgrade. Allows the user to initiate video unit firmware upgrade. Modify video units. Allows the user to modify video unit configurations.
Add/delete video units. Allows the user to add or delete video units.
Modify intrusion areas. Allows the user to modify intrusion detection area configurations.
Add/delete intrusion areas. Allows the user to add or delete intrusion detection areas.
Modify intrusion detection units. Allows the user to modify intrusion detection unit configurations.
Add/delete intrusion detection units. Allows the user to add or delete intrusion detection units.
Schedule Management
View scheduled tasks View schedules
View scheduled tasks
Allows the user to view scheduled task configurations.
Modify scheduled tasks. Allows the user to modify scheduled task configurations. Add/delete scheduled tasks. Allows the user to add or delete scheduled tasks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
700
Administrative privileges
View schedules
Allows the user to view schedule configurations.
Modify schedules. Allows the user to modify schedule configurations. Add/delete schedules Allows the user to add or delete schedules.
Modify access rules. Allows the user to modify access rule configurations. Add/delete access rules. Allows the user to add or delete access rules.
Modify badge templates. Allows the user to modify badge template configurations. Add/delete badge templates. Allows the user to add or delete badge templates.
Modify cardholder groups. Allows the user to modify cardholder group configurations. Add/delete cardholder groups. Allows the user to add or delete cardholder groups. Modify custom fields. Allows the user to modify the cardholder group custom fields.
View cardholders
Allows the user to view cardholder configurations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 701
Administrative privileges
Modify cardholders. Allows the user to modify cardholder configurations. Add/delete cardholders. Allows the user to add or delete cardholders. Change cardholder options. Allows the user to change the cardholder options, namely, Use extended grant time and Bypass antipassback rules. Change status. Allows the user to change the cardholder status, and activation and expiration dates. Modify credential information. Allows the user to modify the card format, facility code, card number and cardholder PIN. Modify custom fields. Allows the user to modify the cardholder custom fields. Modify name. Allows the user to change the cardholder name. Take/edit picture. Allows the user to take or edit the cardholder picture.
View credentials
Allows the user to view credential configurations.
Modify credentials. Allows the user to modify credential configurations. Add/delete credentials. Allows the user to add or delete credentials. Change status. Allows the user to change the credential status, and activation and expiration dates. Modify cardholder/credential association. Allows the user to assign and remove credentials from a cardholder. Modify custom fields. Allows the user to modify the credential custom fields. Modify name. Allows the user to change the credential name. Print badges. Allows the user to print badges. View advanced credential info. Allows the user to view the credential information such as the Wiegand fields (facility code and card number) and PINs.
View visitors
Allows the user to view visitor configurations.
Modify visitors. Allows the user to modify visitor configurations. Check-in/check-out visitors. Allows the user to check-in and check-out visitors. Modify custom fields. Allows the user to change the visitor custom fields. Take/edit picture. Allows the user to take or edit the visitor picture.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
702
Administrative privileges
Alarm management
View alarms View monitor groups
View alarms
Allows the user to view alarm configurations.
Modify alarms. Allows the user to modify alarm configurations. Add/delete alarms. Allows the user to add or delete alarm entities.
Modify monitor groups. Allows the user to modify monitor group configurations. Add/delete monitor groups. Allows the user to add or delete monitor group entities.
LPR management
View LPR rules
View LPR rules
Allows the user to view LPR rule configurations. These include hotlists, overtime rules, permits, permit restrictions, and parking facilities.
Modify LPR rules. Allows the user to modify LPR rule configurations. Add/delete LPR rules. Allows the user to add or delete LPR rules.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
703
Task privileges
Task privileges
Task privileges control the accessibility of the Security Desk tasks.
Modify public tasks. Allows the user to modify public task configurations. Add/delete public tasks. Allows the user to add or delete public tasks.
Administration
Logical view. Allows the user to run the Logical view task. System. Allows the user to run the System task. Video management. Allows the user to run the Video task. Access control. Allows the user to run the Access control task. Intrusion detection. Allows the user to run the Intrusion detection task. LPR. Allows the user to run the LPR task. Plugins. Allows the user to run the Plugins task.
Operation
Monitoring. Allows the user to create/run monitoring tasks. Cardholder management. Allows the user to create/run cardholder management tasks. Visitor management. Allows the user to create/run visitor management tasks. People counting. Allows the user to create/run people counting tasks. Credential enrollment. Allows the user to create/run credential enrollment tasks. Inventory management. Allows the user to create/run the inventory management task. This privilege allows the user to create inventories, but not to modify or delete the offloaded reads. See Modify/delete LPR reads that are not part of an inventory under "Action privileges" on page 708. Hotlist and permit editor. Allows the user to create/run hotlist and permit editor tasks. Remote. Allows the user to monitor and control other Security Desk workstations and monitors using the Remote task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
704
Task privileges
Investigation
Access control Area activities. Allows the user to create/run area activity reports. Door activities. Allows the user to create/run door activity reports. Cardholder activities. Allows the user to create/run cardholder activity reports. Visitor activities. Allows the user to create/run visitor activity reports. Area presence. Allows the user to create/run area presence reports. Time and attendance. Allows the user to create/run time and attendance reports. Credential activities. Allows the user to create/run credential activity reports. Credential request history. Allows the user to create/run credential request history reports. Elevator activities. Allows the user to create/run elevator activity reports. Visit details. Allows the user to create/run visitor detail reports. Asset management
Asset activities. Allows the user to create/run asset activity reports. Asset inventory. Allows the user to create/run asset inventory reports. Intrusion detection Intrusion detection area activities. Allows the user to create/run intrusion detection area activity reports. Intrusion detection unit events. Allows the user to create/run intrusion detection unit event reports. LPR Hits. Allows the user to create/run hit reports. Reads. Allows the user to create/run read reports. Route playback. Allows the user to create/run route playback tasks. Inventory report. Allows the user to create/run parking facility inventory reports. Daily usage per Patroller. Allows the user to create/run daily usage per Patroller reports. Logons per Patroller. Allows the user to create/run logons per Patroller report. Reads/hits per day. Allows the user to create/run reads/hits per day reports. Reads/hits per zone. Allows the user to create/run reads/hits per zone reports. Zone occupancy. Allows the user to create/run zone occupancy reports. Video
705
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Task privileges
Archives. Allows the user to create/run archive reports. Bookmarks. Allows the user to create/run bookmark reports. Motion search. Allows the user to create/run motion search reports. Camera events. Allows the user to create/run camera event reports. Forensic search. Allows the user to create/run forensic search reports. Transactions. Allows the user to create/run point of sale reports. Incidents. Allows the user to create/run incident reports. Zone activities. Allows the user to create/run zone activity reports.
Maintenance
Access control Access control health history. Allows the user to create/run access control health history reports. Access control unit events. Allows the user to create/run access control unit event reports. Cardholder access rights. Allows the user to create/run cardholder access rights reports. Door troubleshooter. Allows the user to create/run Access troubleshooter reports. Access rule configuration. Allows the user to create/run access rule configuration reports. Cardholder configuration. Allows the user to create/run cardholder configuration reports. Credential configuration. Allows the user to create/run credential configuration reports. IO configuration. Allows the user to create/run IO configuration reports. Video
Archiver events. Allows the user to create/run archiver event reports. Archive storage details. Allows the user to create/run archive storage detail reports. System status. Allows the user to create/run system status reports. Audit trails. Allows the user to create/run audit trail reports. Hardware inventory. Allows the user to create/run hardware inventory reports. Health history. Allows the user to create/run health history reports. Activity trails. Allows the user to create/run activity trail reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
706
Task privileges
Alarm Management
Alarm monitoring. Allows the user to create/run the alarm monitoring task. Alarm report. Allows the user to create/run alarm reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
707
Action privileges
Action privileges
Action privileges control the actions that can be performed on the Security Center entities.
Cameras
Audio (talk/listen). Allows the user to use the talk and listen commands. Block and Unblock video. Allows the user to block and unblock video streams from other users. Protect video from deletion. Allows the user to protect video against automatic deletion.
Remove video protection. Allows the user to remove video protection. View live video. Allows the user to view live video from cameras. Digital zoom. Allows the user to use the digital zoom function. Override video quality. Allows the user to override the video quality settings. Record manually. Allows the user to start/stop recordings manually. Add bookmarks. Allows the user to add bookmarks.
Delete bookmark. Allows the user to delete bookmarks. Save/print snapshots. Allows the user to save/print snapshots. PTZ motor privileges
Override PTZ locks. Allows the user to override PTZ locks. Use auxiliaries. Allows the user to use the auxiliary controls.
Set auxiliaries. Allows the use to rename the auxiliaries. Use patterns. Allows the user to use the camera patterns.
Edit patterns. Allows the user to edit or rename the camera patterns.
Use specific commands. Allows the user to use the PTZ specific commands and the menu mode. Perform basic operations. Allows the user to perform basic PTZ operations. Change focus and iris settings. Allows the user to change the focus and iris settings.
708
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Action privileges
Edit presets. Allows the user to edit or rename the camera presets. View playback. Allows the user to view playback video.
Access Control
Doors Explicitly unlock doors. Allows the user to explicitly unlock doors. Override unlock schedules. Allows the user to override unlock schedules.
Maintenance mode. Allows the user to put the door in maintenance mode. Forgive antipassback violation. Allows the user to forgive antipassback violations. Silence\Sound buzzer. Allows the user to silence or sound a door buzzer.
Alarms
Acknowledge alarms. Allows the user to acknowledge alarms. Forward alarms. Allows the user to forward alarms. Snooze alarms. Allows the user to snooze alarms. Trigger alarms. Allows the user to trigger alarms.
Users
Display entity in SD. Allows the user to display an entity in Security Desk. Email a report. Allows the user to email reports to other users. Play a sound. Allows the user to send and play sound files to other users. Send a message. Allows the user to send text messages to other users. Send an email. Allows the user to send emails to other users. Send/clear task. Allows the user to use the Send task/Clear tasks actions. Start/Stop camera sequence. Allows the use to start/stop a camera sequence. Trigger output. Allows the user to trigger output.
Macros
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
709
Action privileges
LPR reads/hits
View live covert hits. Allows the user to view live covert hits in Security Desk. Protect/unprotect LPR reads. Allows the user to protect/unprotect LPR reads and hits against automatic deletion. Modify/delete reads that are not part of an inventory. Allows the user to modify/ delete LPR reads that are not yet committed to a parking facility inventory.
Zones
Areas
Reset people count. Allows the user to reset the people count.
Intrusion detection
Arm/Disarm intrusion detection areas. Allows the user to arm/disarm intrusion detection areas. Trigger intrusion alarm. Allows the user to trigger alarms on intrusion panels.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
710
18
Reporting task reference
This section lists the query filters and report pane columns available in Config Tool maintenance tasks. This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
711
Query filters
Query filters
Before generating a report, you must filter your query. This section lists the query filters available for each reporting task. This list is organized alphabetically by query filter.
Query filter Associated reports Associated application Description
Accept reasons
Hits
Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Security Desk Web Client Security Desk Web Client Security Desk Web Client
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool. Select the access control units to investigate.
Access control unit events IO configuration Access rule configuration Alarm report
Access rule
Acknowledged by
Acknowledged on
Alarm report
Alarm acknowledgement time range. For more information, see. Patroller hit actions (Accepted, Rejected, Not enforced) selected by the Patroller user. For fixed Sharps, a hit raised by the Hit Matcher module is always automatically Accepted and Enforced. Check one of the following acknowledgement type options: Alternate. Alarm was acknowledged by a user using the alternate mode. Default. Alarm was acknowledged by a user, or auto-acknowledged by the system. Forcibly. An administrator forced the alarm to be acknowledged. Time the visitors profile was activated.
Action taken
Hits
Acknowledgement type
Alarm report
Activation date
Visit details
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
712
Query filters
Query filter
Associated reports
Associated application
Description
Activities
Activity trails
Select which badge printing activities to investigate. Credential request. When a user requests a badge printing job. Credential request cancelled. When a user cancels a badge printing job. Credential request completed. When a user prints a badge from the queue. By default, LPR images are not displayed in the Inventory report. To view images, click Get images. NOTE To prevent performance issues, plate images are not displayed if a report includes more than a thousand rows. Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool. Select the types of alarms you want to investigate. Alarms can be locally defined ( or imported from federated systems ( ).
Advanced search
Inventory report
Security Desk
Alarm priority
Alarm report
Security Desk
Alarms
Alarm report
),
Annotation fields
Hits
Patroller hit annotations used by the Patroller user. For information about creating and configuring annotation fields, see the AutoVu Handbook. Which client application was used for the activity.
Application
Config Tool Security Desk Web Client Config Tool Security Desk Security Desk Web Client
Archiver
Archiver events
Areas
Select the areas to investigate. NOTE For the Time and attendance and Area presence tasks, select a fully secured area.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
713
Query filters
Query filter
Associated reports
Associated application
Description
Cameras
Archives Archive storage details Bookmarks Camera events Forensic search Area activities Cardholder activities Credential configuration Credential request history Door activities Elevator activities Time and attendance Cardholder configuration
Cardholders
cardholder group in the Cardholder activities task, federated cardholders are not included. This is because All cardholders is a local cardholder group that only covers local cardholders.
Cardholder groups
Config Tool Security Desk Web Client Security Desk Security Desk Security Desk Web Client
Inventory report Incidents Cardholder activities Credential activities Credential request history Door activities Elevator activities Most reports
Compare entities with a source entity (see "Source (entity)" on page 720). Incidents created/reported within the specified time range. Restrict the search to certain credentials.
Custom fields
If custom fields are defined for the entity you are investigating, they can be included in this report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field. Restrict the search to entries that contain this text string.
Description
Activity trails
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
714
Query filters
Query filter
Associated reports
Associated application
Description
Devices
IO configuration
Config Tool Security Desk Security Desk Web Client Config Tool Security Desk Web Client
Doors
Door activities
Cardholder access rights Cardholder activities Credential activities Visitor activities Door activities
Restrict the search to activities that took place at certain doors, areas, and elevators.
Door side
Security Desk
Door sides are named A and B by default, but your administrator could have given them different names. This filter allows you to search by door side. Select the elevators to investigate. Select the entities you want to investigate. You can filter the entities by name and by type.
Elevators Entities
Security Desk Config Tool Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
Expiration date
Visit details
Events
Access control unit events Activity trails Archiver events Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities
Select the events of interest. The event types available depend on the task you are using.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
715
Query filters
Query filter
Associated reports
Associated application
Description
Event timestamp
Access control health history Access control unit events Activity trails Archiver events Archive storage details Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Health history Health statistics Hits Intrusion detection area activities Intrusion detection unit events Zone activities Visit details
Define the time range for the query. For more information, see.
First name
Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client
Health event
Health history
Health severity
Health history
Severity level of the health event: Information Warning Error Select the hit rules to include in the report.
Hit rules
Hits Reads Reads/hits per day Reads/hits per zone Zone occupancy
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
716
Query filters
Query filter
Associated reports
Associated application
Description
Hit type
Security Desk
Select the type of hits to include in the report: Permit, Shared permit, Overtime, and Hotlist.
Impacted
Incident time
Incidents
Incidents reported within the specified time range. The incident time corresponds to the event or alarm timestamp the incident refers to. If the incident does not refer to any event or alarm, then the incident time corresponds to the creation time. User responsible for the activity.
Initiator
Activity trails
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Security Desk Security Desk Security Desk Web Client
Intrusion detection areas Intrusion detection units Investigated by Investigated on Last name
Intrusion detection area activities Intrusion detection unit events Alarm report Alarm report Visit details
Select the intrusion detection areas to investigate. Select the intrusion detection units to investigate. Which user put the alarm into the under investigation state. Specify a time range when the alarm was put into the under investigation state. Visitors last name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
717
Query filters
Query filter
Associated reports
Associated application
Description
License plate
Enter a Full or Partial license plate number. If you choose Partial, a search for AB returns plates that have AB anywhere in the license plate number. If you choose Full, you can enter the full license plate number, or you can use the following wildcard characters: Asterisk (*). Represents any number of unknown characters. Use it when searching for documents or files for which you have only partial names. For example, if you enter ABC* as your search term, the search might return ABC123, ABC5, ABC002, and so on. If you enter *XYZ, the search might return 1XYZ, 245XYZ, 00XYZ, and so on. Question mark (?). Represents only one unknown character. Use it when you have a list of files with very similar names, or when you are unsure of a few characters. For example, if you enter ABC12? as your search term, the search might return ABC123, ABC127, ABC12P, and so on. The question mark only covers one character, but you can enter as many question marks in a search string as you want. You can use the asterisk and the question mark anywhere in a search, and you can also use them together. NOTE License plate search does not support fuzzy matching. For example, if you are searching for a plate with ABC characters, Security Center only finds plates with the ABC characters. It does not find plates numbers with the characters A8C, ABO, or 4BC. In the Inventory report task: Specify the location in the parking facility you want to view. You can select the entire facility, or specify the sectors and rows within the facility. In the IO configuration task: Specify the areas where the devices are located.
Location
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
718
Query filters
Query filter
Associated reports
Associated application
Description
Restrict the search to Patroller units (including all their fitted LPR units) and/or LPR units representing fixed Sharp cameras on the Patroller unit. Select a computer that was having health issues to investigate.
Machine
Health history
Message
Bookmarks
Enter any text you want to find in the bookmark. A blank string finds all the bookmarks. User responsible for the entity modification.
Modified by
Audit trails
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Security Desk Web Client Security Desk
Modification time
In the Audit trails task: Entities modified within the specified time range. In the Incidents task: Incidents modified within the specified time range. Enter text to find incidents with a description starting or containing the specified text. The date and time that the Patroller offloaded the reads/hits to Security Center. For more information, see. (For University Parking Enforcement only) For University Parking Enforcement, both rules have parking lots configured and each parking lot can be defined in terms of a number of parking spaces. This allows the occupancy to be estimated. Restrict the search to Patroller units (including all their fitted LPR units).
Patrollers
Daily usage per Patroller Logons per Patroller Zone occupancy Credential request history Incidents
Restrict the search to specific users that printed a badge. Incidents referencing all the selected entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
719
Query filters
Query filter
Associated reports
Associated application
Description
Region
Security Desk
Specify one or more geographic regions on the map. Reason selected by the Patroller user when rejecting a hit. Reject reasons are created and customized in Config Tool. NOTE This filter only affects the value in the Rejected hits column. Restrict the search to specific users that requested to print a badge. Hit rule that matched the plate read.
Reject reason
Security Desk Security Desk Web Client Config Tool Security Desk Web Client
Source (entity)
Access control health history Alarm report Health history Health statistics Inventory report Hardware inventory Health history Health statistics Alarm report
Source entity of the event. In the Alarm report task, this filter represents the source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
Source group
Config Tool Security Desk Web Client Security Desk Web Client
State
Current state of the alarm. Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. Acknowledged. Alarm was acknowledged by a user, or auto-acknowledged by the system. Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
720
Query filters
Query filter
Associated reports
Associated application
Description
Status
The status of the cardholder or visitors profile: Active Expired Inactive In the Credential configuration task, the following statuses are also available: Lost Stolen Select the video file status you want to investigate: Unprotected. Video files that are not protected against the Archivers routine cleanup. These files can be deleted once their retention period expires, or when the Archiver runs out of disk space, depending on your Archiver role settings. Protection ending. Video files that you unprotected less than 24 hours ago. Protected. Video files that are protected. They are not be deleted even when the disk is full. For these files, you can also specify a protection end date. The time range for the report. For more information, see.
Time range
Bookmarks Daily usage per Patroller Forensic search Logons per Patroller Reads/hits per day Reads/hits per zone Time and attendance Zone occupancy Alarm report
Security Desk
Triggered on
Security Desk Web Client Security Desk Web Client Config Tool Security Desk
Triggering event
Alarm report
Units
Hardware inventory
Select the access control, video, intrusion detection, and LPR units to investigate.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
721
Query filters
Query filter
Associated reports
Associated application
Description
Users
Hits Logons per Patroller Reads Reads/hits per day Reads/hits per zone
Select the Patroller user name, or the Patrollers parent user groups.
Visitor
Visitor activities
Zones
Zone activities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
722
Accept reasons
Hits
Security Desk
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool. Access point involved (only applicable to areas, doors, and elevators).
Access point
Access rule configuration Cardholder activities Credential activities IO configuration Visitor activities IO configuration
Access Manager
Config Tool Security Desk Config Tool Security Desk Security Desk Web Client Security Desk Web Client Security Desk Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client
Access rules
Acknowledged by
User who acknowledged the alarm. When the alarm is acknowledge automatically by the system, Service is indicated. Time the alarm was acknowledged.
Acknowledged on
Alarm report
The change in the vehicle state: added, removed, or no change. Time the visitors profile was activated.
Activity name
Type of activity.
Address
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
723
Column
Associated reports
Associated application
Description
Alarm
Security Desk Web Client Security Desk Security Desk Web Client
Bosch forensic value. For more information, see the manufacturer documentation. Any annotation field defined in System > LPR Settings in the Config Tool. Shown in brackets. For information about creating and configuring annotation fields, see the AutoVu Handbook. Archiver role name. Area name.
Archiver Area
Camera events Area activities Area presence Time and attendance Inventory report
Arrival
Security Desk
The first time the vehicle was read. This is used to calculate the elapsed time if a vehicle is read a second time, for example the next day. The percentage of time available for a given entity.
Availability
Health statistics
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk
Calculation status
Health statistics
Camera
Archives Archive storage details Bookmarks Camera events Forensic search Motion search
Camera name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
724
Column
Associated reports
Associated application
Description
Card format
Area activities Cardholder activities Credential activities Credential configuration Door activities Elevator activities Visitor activities Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Door troubleshooter Elevator activities Visitor activities Cardholder configuration
Cardholder
European languages, and Last name + First name for Asian languages.
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client
Cardholder configuration
Cardholder status
Check-in date
Time the visitor was checked in (can correspond to the arrival time). Time the visitor was checked out (can correspond to the departure time).
Check-out date
Visit details
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
725
Column
Associated reports
Associated application
Description
Context image
Wide angle color image of the vehicle captured by the context camera.
Controlling
Config Tool Security Desk Security Desk Security Desk Config Tool Security Desk Web Client
Incidents Incidents Area activities Cardholder activities Credential activities Credential configuration Credential request history Door activities Elevator activities Credential configuration Area activities Cardholder activities Credential activities Credential configuration Door activities Elevator activities Visitor activities Credential configuration Credential configuration Most reports
User who originally reported the incident. Time the incident was reported. Credential name used by the cardholder.
Config Tool Security Desk Config Tool Security Desk Web Client
Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
Custom fields
If custom fields are defined for the entity you are investigating, they can be included in the report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
726
Column
Associated reports
Associated application
Description
Date
Time and attendance Daily usage per Patroller Logons per Patroller Reads/hits per day Credential request history Cardholder access rights Camera events Activity trails Archiver events Audit trails Health history
The date. For Daily usage per Patroller and Logons per Patroller tasks, this column represents the day of the Patroller shift.
Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
The date and time that the badge printing job was requested. Access rules denying access to at least one of the selected entities to the cardholder. Event description. In the Activity trails task, this column represents the activity description. In the Audit trails task, this column represents the description of the entity modification. Device involved on the unit (reader, REX input, IO module, Strike relay, etc.). NOTE In the Intrusion detection activities task, this column is empty if the event is an input bypass.
Description
Device
Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hits Intrusion detection area activities Intrusion detection unit events IO configuration Reads Visitor activities Door activities
Door
Security Desk Web Client Config Tool Security Desk Security Desk
Door name.
Drive
The drive on the server where the Archiver role is running. Vehicle license plate and state were edited by a user in Security Desk.
Edited
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
727
Column
Associated reports
Associated application
Description
Inventory report Elevator activities Area activities Area presence Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Elevator activities Visitor activities
Security Desk Security Desk Config Tool Security Desk Web Client
The difference between the Arrival time and the Event timestamp. Elevator name. Cardholders email address.
End time
Archives Archive storage details Forensic search Motion search Reads/hits per day Reads/hits per zone Audit trails
Enforced hits
Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Web Client
Entity
Entity type
Audit trails
Error number
Health history
Expected downtime
Health statistics
How many days/hours/minutes the entity has been offline or unavailable through user intent or Maintenance mode. For example, deactivating a server role, or disconnecting a client application causes expected down-time. Expected down-time is never used in the Availability percentage calculation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
728
Column
Associated reports
Associated application
Description
Expiration date
Visit details
Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
Alarm report
Only for federated alarms. The original alarm instance ID on the federated system. Event name.
Access control health history Access control unit events Archiver events Area activities Camera events Cardholder activities Credential activities Door activities Elevator activities Forensic search Incidents Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
729
Column
Associated reports
Associated application
Description
Event timestamp
Access control health history Access control unit events Activity trails Archiver events Area activities Bookmarks Camera events Cardholder activities Credential activities Door activities Elevator activities Health history Hits Intrusion detection area activities Intrusion detection unit events Inventory report Reads Visitor activities Zone activities Forensic search Health statistics
Security Desk Config Tool Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk
Bosch forensic value. For more information, see the manufacturer documentation. How many failures have occurred.
File name
Archive storage details Archive storage details Access control health history Hardware inventory
File size
Firmware version
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
730
Column
Associated reports
Associated application
Description
First name
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Elevator activities Zone occupancy Cardholder access rights Health history
Security Desk Security Desk Config Tool Security Desk Config Tool Security Desk Web Client Security Desk Web Client
Elevator floor name. Date and timestamp of read vehicles within the zone. Access rules granting the cardholder access to at least one of the selected entities (area, door, etc.). Name of the health event.
Health event
Hits
Number of hits.
NOTE If the Hit rules and Hit type query filters
are used, this value might not be the total number of hits in the day. Icon Access rule configuration Alarm monitoring Alarm report Config Tool Security Desk Security Desk Web Client Graphical representation of the affected entity type. Alarm instance number. Uniquely identifies each alarm instance.
ID
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
731
Column
Associated reports
Associated application
Description
Impacted entity
Activity trails
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Security Desk
Activity trails
Incident time
Incidents
The timestamp of the referenced alarm or event. If no event is referenced, it corresponds to the incident creation time. In the Activity trails task: Who performed the activity. In the Audit trails task: Who made entity modification. In the Activity trails task: The application used for this activity. In the Audit trails task: The application used to make the change. The version number of the application. This field is empty if the activity is initiated by a role entity. In the Activity trails task: Which computer the activity was performed on. In the Audit trails task: The computer used to make the change. NOTE If the entity change was initiated from a Mobile app, this column represents the phone identification number (for example, a serial number). In the Activity trails task: The type of entity that initiated the activity. In the Audit trails task: The type of entity initiating the entity modifications. Total number of times the Patroller application is opened during the day. Intrusion detection area name.
Initiator
Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client Config Tool Security Desk Web Client
Initiator application
Initiator type
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client
Instances
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
732
Column
Associated reports
Associated application
Description
Intrusion detection area activities Intrusion detection unit events Alarm report Alarm report Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Health history IO configuration Visitor activities Area presence
Security Desk Security Desk Config Tool Security Desk Web Client
Which user put the alarm into the under investigation state. The timestamp when the alarm was put into the under investigation state. IP address of the unit or computer that generated the event.
Last access
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
733
Column
Associated reports
Associated application
Description
Last name
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Hits Reads Archive storage details Cardholder activities Credential activities Visitor activities Logons per Patroller
Latitude
Security Desk
The coordinates of where the LPR event occurred. Length of the video sequence contained in the video file, in hours, minutes, and seconds. Location (area) where the activity took place.
Length
Location
Security Desk Web Client Security Desk Web Client Security Desk Web Client Security Desk Web Client Security Desk Web Client
Daily usage per Patroller Daily usage per Patroller Daily usage per Patroller Daily usage per Patroller
Percentage of Longest shutdown over the total number of minutes in a day. Single longest number of minutes in a day that the Patroller application is closed. Percentage of longest stop time over operating time. Single longest number of minutes in operating time when the vehicle is stationary.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
734
Column
Associated reports
Associated application
Description
Longitude
Security Desk
The coordinates of where the LPR event occurred. Parking zone where a given parking regulation is in force. Computer where the health event occurred.
Lot
Security Desk
Machine
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk
Manual capture
Reads Inventory report Inventory report Access control health history Hardware inventory IO configuration Access rule configuration Cardholder access rights Cardholder configuration Bookmarks Hardware inventory
Displays the plate number entered manually by the Patroller user. Vehicle was removed manually (towed) from the parking facility. Manufacturer of the unit.
Member
Member of
Message Model
Security Desk Config Tool Security Desk Config Tool Security Desk Web Client Security Desk Config Tool Security Desk Web Client
Bookmark message (might be blank if no message was written). Model of the unit involved.
Modification time
In the Audit trails task: Time the entity was last modified. In the Incidents task: Time the incident was last modified. User who last modified the incident. Mean time between failures (in hours).
Modified by MTBF
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
735
Column
Associated reports
Associated application
Description
MTTR
Health statistics
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Web Client Security Desk Web Client
Incident description. Point to this field to see the formatted text in a tooltip. Number of times this health event occurred on the selected entity.
Occurrence period
Access control unit events Alarm monitoring Alarm report Area activities Cardholder activities Credential activities Door activities Elevator activities Intrusion detection area activities Intrusion detection unit events Visitor activities Zone activities Hits Reads Daily usage per Patroller Inventory report Hardware inventory
Offload timestamp
Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk
The date and time that the Patroller offloaded the reads/hits to Security Center. Total number of minutes in a day that the Patroller application is open. Parking facility name. Strength of the password on the unit.
Operating time
Parking Password
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
736
Column
Associated reports
Associated application
Description
Patroller
Patroller entity name. The Patroller entity name field is not populated for fixed Sharp cameras. In the Inventory report task, this column represents the Patroller entity that read the plate. If a handheld device was used, XML import is shown instead. Percentage of occupied places within the parking zone. Name of the permit list under the permit restriction. The MAC address of the equipment's network interface. Device name.
Security Desk Security Desk Config Tool Security Desk Config Tool Security Desk Config Tool Security Desk Web Client
Physical name
Picture
Area activities Area presence Cardholder access rights Cardholder activities Cardholder configuration Credential activities Credential configuration Credential request history Door activities Door troubleshooter Elevator activities Time and attendance Visit details Visitor activities Credential configuration Hits Reads Inventory report
PIN
Credential PIN.
Plate image
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
737
Column
Associated reports
Associated application
Description
Plate origin
Hits Reads Inventory report Hits Reads Inventory report Archives Credential request history Alarm monitoring Alarm report
Plate read
Timeline showing where video is available during the selected time range. Reason why the badge printing job was requested. Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool. Record is not purged from the database of its parent AutoVu LPR Manager ES when the Hit Retention period (for this record) expires. Protection status of the video file.
Protected
Hits Reads Archive storage details Reads/hits per day Reads/hits per zone Incidents Hits
Security Desk Web Client Config Tool Security Desk Security Desk Web Client Security Desk Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Security Desk
Protection status
Reads
List of entities referenced by the incident. Reason selected by the Patroller user when rejecting a hit. Number of hits that were rejected.
Rejected hits
Reads/hits per day Reads/hits per zone Credential request history Hardware inventory
Email address of the user who requested the badge printing job. Role type that manages the selected unit.
Row
Inventory report
Row name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
738
Column
Associated reports
Associated application
Description
Health statistics
Config Tool Security Desk Web Client Security Desk Web Client Security Desk Config Tool Security Desk Web Client Security Desk Web Client Security Desk Web Client Config Tool Security Desk Web Client
Rule
Sector Severity
Sector name. Severity level of the health event: Information Warning Error Door side name.
Side
Door activities
Side-Direction
Area activities
Entrance or exit.
Source (entity)
Access control health history Alarm monitoring Alarm report Archiver events Archive storage details Bookmarks Health history Health statistics Incidents Motion search Alarm monitoring Alarm report
Source entity associated to the alarm or event. In the Alarm monitoring and Alarm report tasks, this column represents the source entity that triggered the alarm, when the alarm is triggered by an event-to-action. It shows a username when the alarm is triggered manually. In the video investigation tasks, this column represents the name of the system the camera belongs to. In the Incidents task, this column is empty if the incident is not based on an alarm or event. Time of the alarm triggering event. The only time Source time and Triggering time are different is when the event occurred while the access control unit was offline. Number of spaces in the parking lot. Beginning of the time range, playback sequence, or video sequence.
Source time
Zone occupancy Archives Archive storage details Forensic search Motion search
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
739
Column
Associated reports
Associated application
Description
State
Current state of the alarm. Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. Acknowledged (Default). Alarm was acknowledged using the default mode. Acknowledged (Alternate). Alarm was acknowledged using the alternate mode. Acknowledged (Forcibly). Alarm was forced to be acknowledged by an administrator. Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged. A second credential is sometimes necessary. For example, when both a card and a PIN are required to access a door or elevator.
Supplemental credential
Area activities Cardholder activities Credential activities Door activities Elevator activities Visitor activities
Thumbnails
Archives Bookmarks Access control health history Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Visitor activities Zone occupancy Daily usage per Patroller
Security Desk
Thumbnail images of the recorded video during the selected time range. Time zone of the unit.
Time zone
Date and timestamp of read vehicles within the zone. Percentage of Total shutdown over the number of minutes in a day.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
740
Column
Associated reports
Associated application
Description
Total number of minutes in a day that the Patroller application is closed. The total shutdown value plus the operating time value equals 1440 minutes. Percentage of total stop time over operating time. Total number of minutes in operating time when the vehicle is stationary. Total time spent in that area on that date by the cardholder. Bosch forensic value. For more information, see the manufacturer documentation. Event that triggered the alarm (if triggered through an event-to-action). Manual action is indicated when the alarm was manually triggered by a user. Time the alarm was triggered in Security Center Affected entity type.
Daily usage per Patroller Daily usage per Patroller Time and attendance Forensic search Alarm monitoring Alarm report
Security Desk Web Client Security Desk Web Client Security Desk Security Desk Security Desk Web Client
Trigger time
Security Desk Web Client Config Tool Security Desk Config Tool Security Desk Web Client
Type
Unexpected downtime
How many days/hours/minutes the entity has been offline or unavailable after not having been set in Maintenance mode. Unexpected down-time is not caused by user intent.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
741
Column
Associated reports
Associated application
Description
Unit
Access control health history Access control unit events Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory Hits IO configuration Reads Visitor activities Access control health history Access control unit events Area activities Cardholder activities Credential activities Door activities Elevator activities Hardware inventory IO configuration Visitor activities Health statistics
Access control, video, intrusion detection, or LPR unit involved. NOTE In the Hits and Reads tasks, this query filter represents the LPR unit that read the plate and populated for a Patroller (for example, Patroller - Left, Patroller - Right, etc.), and for a fixed Sharp.
Unit type
Up-time
How many days/hours/minutes the entity has been online and available.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
742
Column
Associated reports
Associated application
Description
User
Credential request history Hits Intrusion detection area activities Intrusion detection unit events Logons per Patroller Hardware inventory report
Name of the user who triggered the event. The user name is empty if the event was not triggered from Security Desk. NOTE For the Hits and Logons per Patroller tasks, this query filter represents the Patroller user name.
Config Tool Security Desk Security Desk Security Desk Security Desk
Zone occupancy Time and attendance Hits Reads Reads/hits per zone Zone activities Zone occupancy
Number of vehicles that were read within the zone. Weekday corresponding to the date (see Date). Image of the vehicle wheels. Used for virtual tire-chalking. Zone name. In the Reads/hits per zone task, this column represents the parking zone where the LPR event occurred. In the Zone occupancy task, this column represents the name of the Overtime or Permit restriction.
Zone
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
743
19
Events and actions in Security Center
This section lists all Security Center events and actions in alphabetical order. Each event and action is covered with a general description of its purpose and usage, and describes the entity it is associated with. This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
744
Event types
Event types
All events in Security Center are associated with a source entity, which is the main focus of the event. For more information, see "What is an event?" on page 106. Security Center supports the following event types:
Event Source entity Description
A door of an interlock has an unlock schedule configured A door of an interlock is in maintenance mode Ability to write on a drive has been restored AC fail Access denied: Antipassback violation Access denied: Denied by access rule Access denied: Expired credential Access denied: Inactive cardholder Access denied: Inactive credential Access denied: Insufficient privileges Access denied: Invalid PIN Access denied: Lost credential Access denied: No access rule assigned Access denied: Out of schedule
door
A door that is part of an interlock configuration has an unlock schedule configured. This invalidates the interlock. A door that is part of an interlock configuration is in maintenance mode. This disables the interlock. Ability to write on a drive has been restored. AC has failed. A cardholder requested access to an area that they have already entered, or requested access to leave an area that they were never in. The cardholder is denied access according to the access rule. An expired credential has been used. A cardholder with an inactive profile has attempted to access a door or area. A credential with an inactive profile has been used. The cardholder is denied access because they do not have the required user level. This event only applies to the Synergis Master Controller. A card and PIN are required to enter an area, and the cardholder entered an invalid PIN. A credential that has been declared as lost has been used. The cardholder is denied access because they are not assigned any access rights. The access rule associated with this cardholder does not apply during this date/time in the schedule.
door Archiver role access control unit cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
745
Event types
Event
Source entity
Description
Access denied: Stolen credential Access denied: Unassigned credential Access denied: Unknown credential Access granted
cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area cardholder, door, elevator, or area
A credential that has been declared as stolen has been used. A credential has been used that has not been assigned to a cardholder. A credential has been used that is unknown in the Security Center system. Access has been granted through a door to a cardholder according to the access rules governing the door or area. For a perimeter door of an interlock: When an authorized cardholder accesses a door of an interlock, Security Center might generate an Access granted event for the door even though the door does not unlock (due to another perimeter door already being open). An alarm has been acknowledged by a user, or autoacknowledged by the system. An alarm has been acknowledged by a user using the alternate mode. An alarm with a acknowledgement condition that is still active has been put into the under investigation state. The acknowledgement condition of an alarm has been cleared. An administrative user has forced an alarm to be acknowledged. An alarm has been triggered. An interlock cannot be in hard antipassback mode. This is an illegal configuration. An interlock cannot have perimeter floors, because elevator floors always allow free exit. An elevator floor has been added to the perimeter of an area. Antipassback disabled: Invalid settings.
Alarm condition cleared Alarm forcibly acknowledged Alarm triggered An interlock cannot be in hard antipassback mode An interlock cannot have perimeter floors Antipassback disabled: Elevator on area perimeter Antipassback disabled: Invalid settings
alarm or system-wide alarm or system-wide alarm or system-wide area area area area
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
746
Event types
Event
Source entity
Description
Antipassback disabled: Not supported when unit is in mixed mode Antipassback disabled: Unit is offline
area
Units have been set to mixed mode. Antipassback is available according to the units operating mode. For more information about unit limitations, see the Security Center Release Notes. At least one unit is in offline mode, disabling antipassback. Antipassback is available according to the units operating mode. Refer to the Security Center Release Notes for more information about unit limitations. An access request was made to enter an area with a credential that is already inside the area, or to exit an area with a credential that was never in the area. A security operator has granted access to an individual responsible for a passback violation. Directory or Access Manager has connected to the Security Center. Directory or Access Manager service has been lost. The Allotted space on one of the disks assigned for archive storage for this Archiver has been used up, and the Archiver has switched to the next disk in line. The names of the previous disk and current disk are indicated in the Description field. The Archiver is unable to write the video stream (packets) to disk as fast as the encoder sends it, or there is not enough CPU to process the video stream received from a camera. A problem with the Archiver database also triggers this event. The name of the camera whose packets are lost is indicated in the Description field. Archiving has stopped because the disks allocated for archiving are full. This event always accompanies a Disks full event. A noise has been detected by the camera. The unit battery has failed. A user has blocked a video stream from other users in the system. A user has unblocked a video stream from other users in the system.
area
Antipassback violation
area
Antipassback violation forgiven Application connected Application lost Archiving disk changed
Archiver role
Archiving stopped
Archiver role
Audio alarm Battery fail Block camera started Block camera stopped
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
747
Event types
Event
Source entity
Description
The camera is on an active archiving schedule but the Archiver is not receiving the video stream. A dysfunction has occurred, potentially due to camera tampering, resulting in a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. The Archiver cannot write to a specific drive. The path to the drive is indicated in the Description field. The Archiver is unable to write to any of the disk drives. This situation can arise for the following reasons: When write accesses to shared drives are revoked. When shared drives are inaccessible. When shared drives no longer exist. When this happens, archiving is stopped. The Archiver re-evaluates the drive status every 30 seconds. Client application rollback failed. Client application rollback succeeded. Client application update failed. Client application update succeeded. See System General settings "Custom events" on page 623. The connection to the role database was lost. If this event is related to a role database, it might be because the data server is down or cannot be reached by the role server. If the event is related to the Directory database, the only action you can use is Send an email, because all other actions require a working connection the Directory database. The connection to the role database has been recovered. The deadbolt on a door has been locked. The deadbolt on a door has been unlocked.
Client application rollback failed Client application rollback succeeded Client application update failed Client application update succeeded Custom event Database lost
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
748
Event types
Event
Source entity
Description
Archiver role
More than 80% of the disk space allocated for archiving has been used, caused by under-evaluating the disk space required, or by another application that is taking more disk space than it should. If 100% of the allotted disk space is used, the Archiver starts to delete old archive files prematurely in order to free disk space for new archive files, starting with the oldest files. All disks allotted for archiving are full and the Archiver is unable to free disk space by deleting existing video files. This event can occur when another application has used up all the disk space reserved for Omnicast, or when the Delete oldest files when disks full option is not selected in the Server Admin. When this happens, archiving is stopped. The Archiver re-evaluates the disk space every 30 seconds. The door has closed. The door has been forced open. This event is unavailable with a readerless door. The door has locked. The door has been taken out of maintenance mode. For more information, see Door - "Properties" on page 405. In Security Desk, a user has manually unlocked a door. The door has been held open for too long. To enable this event, you must set the property Trigger a Door open too long event in the Properties tab of a Door entity in Config Tool. The door has opened. The door has been unlocked. The door has been put into maintenance mode. For more information, see Door - "Properties" on page 405. The unit associated to this door has gone offline. The doorknob is in place and the door is closed. The doorknob has rotated. Event related to a camera that is recording directly on the unit.
Disks full
Archiver role
Door closed Door forced open Door locked Door locked: Maintenance completed Door manually unlocked Door open too long
Door opened Door unlocked Door unlocked: Maintenance started Door warning: Unit is offline Doorknob in place Doorknob rotated Edge storage medium failure Elevator warning: Unit is offline
elevator
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
749
Event types
Event
Source entity
Description
credential credential
A credential or its associated cardholder has expired (its status is now Expired). The Security Center generates this event to warn you that the expiry date of an entity is approaching. The number of days of advance warning provided by this event must be set. A health warning has been issued for this entity. A cardholder was granted access to a door, elevator, or area, and it is assumed that they entered. A cardholder was granted access to a door, elevator, or area, and their entry is detected. A video file associated to a camera has been deleted because the retention period has ended, or the archive storage disk was full. A cardholder has entered an empty area. An elevator floor button has been pressed. Glass has broken. The tamper input on a unit has been triggered. A health event has occurred. Interlock is not supported by the unit. Interlock lockdown has been turned off. Interlock lockdown has been turned on. Interlock override is off. Interlock override is on. Intrusion detection area alarm activated. Intrusion detection area arming. Intrusion detection area arming postponed. Intrusion detection area canceled alarm.
First person in Floor accessed Glass break Hardware tamper Health event Interlock is not supported by the unit Interlock lockdown off Interlock lockdown on Interlock override off Interlock override on Intrusion detection area alarm activated Intrusion detection area arming Intrusion detection area arming postponed Intrusion detection area canceled alarm
area elevator or area input/zone elevator or door Health monitor role access control unit access control unit access control unit access control unit access control unit intrusion detection area intrusion detection area intrusion detection area intrusion detection area
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
750
Event types
Event
Source entity
Description
Intrusion detection area cancelled postponed request Intrusion detection area custom event Intrusion detection area disarm request Intrusion detection area disarmed Intrusion detection area duress Intrusion detection area entry delay activated Intrusion detection area forced arming Intrusion detection area input bypass activated Intrusion detection area input bypass deactivated Intrusion detection area input trouble Intrusion detection area master arm request Intrusion detection area master armed Intrusion detection area perimeter arm request Intrusion detection area perimeter armed Intrusion detection area postponed arming request Intrusion detection unit input bypass activated Intrusion detection unit input bypass deactivated
intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection area intrusion detection unit intrusion detection unit
Intrusion detection area cancelled postponed request. Intrusion detection area custom event. Intrusion detection area disarm request. Intrusion detection area disarmed. Intrusion detection area duress. Intrusion detection area entry delay activated. Intrusion detection area forced arming. Intrusion detection area input bypass activated. Intrusion detection area input bypass deactivated. Intrusion detection area input trouble. Intrusion detection area master arm request. Intrusion detection area master armed. Intrusion detection area perimeter arm request. Intrusion detection area perimeter armed. Intrusion detection area postponed arming request. Intrusion detection unit input bypass activated. Intrusion detection unit input bypass deactivated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
751
Event types
Event
Source entity
Description
Intrusion detection unit input trouble. This warning is issued by the Archiver on startup and every 5 minutes if one of the custom encryption values (initial fingerprint or encryption key) specified in the Server Admin is invalid. The last cardholder has exited an area. A complete license plate has been sighted in the camera. A license plate read has been matched to a hotlist, an overtime rule, or a permit restriction. A license plate previously sighted in the camera has moved out of sight. A license plate has been read. A clearer or more reliable reading of a sighted license plate is available. A user has added a bookmark to a live video. For more information about adding bookmarks, see the Genetec Security Desk User Guide. Event related to a zone entity. Event related to a zone entity. Loitering activity has been detected in the camera. Execution of a macro has failed. Execution of a macro has been completed normally. Execution of a macro has begun. Someone has pulled the door emergency release (manual pull station). The door emergency release (manual pull station) has been restored to it normal operating position. There is motion detected. This event is issued following a Motion on event when motion (measured in terms of number of motion blocks) has dropped below the motion off threshold for at least 5 seconds.
Last person out License plate in sight License plate hit License plate out of sight License plate read License plate reading Live bookmark added
area LPR unit or Patroller restriction, LPR unit, or Patroller LPR unit or Patroller LPR unit or Patroller LPR unit or Patroller camera
Lock released Lock secured Loitering Macro aborted Marco completed Macro started Manual station activated Manual station reverted to normal state Motion Motion off
access control unit access control unit camera (video analytics) macro macro macro door door camera camera
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
752
Event types
Event
Source entity
Description
Motion on Multiple units are configured for the interlock No entry detected No match No RTP packet lost in the last minute Object condition changed Object crossed line Object detected Object entered Object exited Object following route Object left Object merged Object removed Object separated Object stopped Offload failed Offload successful People count reset
camera area cardholder, door, elevator, or area hotlist camera camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) camera (video analytics) Patroller Patroller area
This event is issued when positive motion detection has been made. All doors that are part of an interlock configuration must be controlled by the same unit. A cardholder was granted access to a door, elevator, or area, but no entry is detected. A vehicle has not been matched to the hotlist associated to the Sharp unit. The Archiver has received all the RTP packets in the last minute. An object has suddenly changed direction or speed, such as when a person starts running or slips. An object has crossed a predefined tripwire. An object is in the camera field of view. An object has entered the camera field of view. An object has exited the camera field of view. An object is following a predetermined route, in a specific direction. An object has entered and exited the camera field of view. Two separate objects in the camera field of view have merged. An object has been removed from the camera field of view. An object within the camera field of view has separated into two objects. A moving object has stopped. An offload from Patroller to Security Center has failed. An offload from Patroller to Security Center was successful. The number of people counted in an area has been reset to 0.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
753
Event types
Event
Source entity
Description
People counting disabled: Unit is offline Person falling Person running Person sliding Playback bookmark added
area camera (video analytics) camera (video analytics) camera (video analytics) camera
A unit has gone offline, thus disabling people counting. A person falling has been detected in the camera. A person running has been detected in the camera. A person sliding has been detected in the camera. A user has added a bookmark to a recorded video. For more information about adding bookmarks, see the Genetec Security Desk User Guide. The Protected video threshold configured in the Server Admin is been exceeded. The percentage of disk space occupied by protected video files can be monitored from the Config Tool. A user started using the PTZ after it has been idle. The Description field indicates the user who activated the PTZ. This event is regenerated every time a different user takes control of the PTZ, even when the PTZ is still active. A user has tried to move the PTZ while it is being locked by another user with a higher PTZ priority. The Description field indicates the machine, application type, and user who currently holds the lock. The PTZ has not been manipulated by any user after a predetermined period of time. The Description field indicates the user who last used the PTZ. A user started zooming the PTZ. The Description field indicates the user who performed the zoom. Subsequent PTZ zoom by user events are generated if another user zooms the PTZ, or if the original user zooms the PTZ after the Idle delay has expired. The PTZ has not been zoomed by any user after a predetermined period of time. The Description field indicates the user who last zoomed the PTZ.
Archiver role
PTZ activated
camera (PTZ)
PTZ locked
camera (PTZ)
PTZ stopped
camera (PTZ)
camera (PTZ)
camera (PTZ)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
754
Event types
Event
Source entity
Description
camera
The Archiver is receiving more than one video stream for the same camera. IMPORTANT When this rare situation arises, the Archiver cannot tell which stream is the correct one simply by looking at the source IP address because of the NAT (Network Address Translation), so an arbitrary choice is made. This can result in the wrong video stream being archived. However, the source IP address and port number of both streams are indicated in the Description field, and the two sources are labeled Archived and Rejected. You can find the faulty unit that is causing this conflict. The recording on a camera has been started as the result of an alarm being triggered. The recording on a camera has been started by a continuous archiving schedule. The recording on a camera has been started by the Start recording action. This action could have been triggered by another event or executed from a macro. The recording on a camera has been started through motion detection. The recording on a camera has been started manually by a user. The recording on a camera has stopped because the alarm recording time has elapsed. The recording on a camera has stopped because it is no longer covered by a continuous archiving schedule. The recording on a camera has been stopped by the Stop recording action. This action could have been triggered by another event or executed from a macro. The recording on a camera has stopped because the motion has ceased. The recording on a camera has been stopped manually by a user. Someone has pressed the door release button or has triggered a request to exit motion detector. The request to exit event has special filtering to make this feature compatible with motion detection request to exit hardware. Set these properties in the Config Tool > Door > Properties tab.
755
Recording started (motion) Recording started (user) Recording stopped (alarm) Recording stopped (continuous) Recording stopped (external)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Event types
Event
Source entity
Description
door camera
No request to exit is being made. There are RTP packets that the Archiver never received. This could happen if the packets have been lost on the network, or if the Archiver does not have enough CPU to process all the packets received on the network card. The Description field indicates the number of packets lost since the last time this event was issued (no more than once every minute). The schedule for controlled access to elevator floors now applies. The schedule for free access to elevator floors now applies. The door unlock schedule has expired, the lock is now re-asserted (door is locked). The door lock is unlocked due to a programmed unlock schedule. The unit signal has been lost. The unit signal has been recovered. The synchronization of an external system has completed. The synchronization of an external system has resulted in an error. The synchronization of an external system has started. Two people have entered a secured area following each other very closely. A threat level has been cleared on your system or on specific areas. A threat level has been set on your system or on specific areas. The Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds. A video analytics event has been issued, but it is not yet mapped to a Security Center event.
Scheduled controlled access Scheduled free access Scheduled lock Scheduled unlock Signal lost Signal recovered Synchronization completed: External system Synchronization error: External system Synchronization started: External system Tailgating Threat level cleared Threat level set Transmission lost
elevator elevator door door camera camera external system external system external system camera (video analytics) System, area System, area camera
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
756
Event types
Event
Source entity
Description
Unit connected Unit failed to respond to edge video request Unit lost Update failed
unit
The connection to a unit has been established or restored. Event related to a camera that is recording directly on the unit.
The connection to a unit has been lost. An update on Patroller or a Mobile Sharp unit has failed, or a file could not be synchronized on a Patroller computer. An update has completed on Patroller or a Mobile Sharp unit, and no reboot is required. A user has started an updated on Patroller by clicking the Update icon. An update has been processed, and is ready to be deployed to Patroller. A rollback on Patroller or a Mobile Sharp unit has completed. A user has started a rollback on Patroller by clicking the Rollback icon. A user has logged off of a Security Center application. A user has logged on to a Security Center application. The Archiver has attempted to connect to a VRM unit. The Archiver has failed to connect to a VRM unit.
Update installation completed Update installation started Updated published Update uninstallation completed Update uninstallation started User logged off User logged on VRM connection attempt VRM connection failure Window closed Window opened Zone armed Zone disarmed
Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp Patroller, Mobile Sharp user user
A physical window has closed. A physical window has opened. A zone has been armed. A zone has been disarmed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
757
Action types
Action types
All actions in Security Center are associated with a target entity, which is the main entity affected by the action. Additional parameters are indicated in the Description column. All parameters must be configured for an action to be valid. For more information, see "Create an event-to-action" on page 107. Security Center supports the following actions:
Action Target entity Description
Add bookmark
camera
Adds a bookmark to a camera recording. Additional parameter: Message. Bookmark text. Arms an intrusion detection area. Additional parameters: Mode: Either Master arm or Perimeter arm. When. Either immediately or with a delay. Arms a virtual zone. Blocks or unblocks a camera from other users in the system. Additional parameters: Block/Unblock. Select whether the action will block or unblock the camera. End. Select how long to block the video for: For. The video is blocked from users for the selected amount of time. Indefinitely. The video is blocked from users until you manually unblock it. User level. Select a minimum user level. All users with a level lower than the one you select are blocked from viewing video. Cancels the postponed arming of an intrusion detection area.
Clears the task list in the specified Security Desk monitors. Additional parameter: Destination. Online Security Desk application. User. All monitors of all Security Desk applications connected with the specified username. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
758
Action types
Action
Target entity
Description
Disarm intrusion detection area Disarm zone Display a camera on an analog monitor
Disarms an intrusion detection area. Disarms a virtual zone. Displays a camera in an analog monitor in a canvas tile. Additional parameters: Camera. Select which camera to display in the analog monitor. The camera must be supported by the analog monitor, and use the same video format. Analog monitor. Select an analog monitor to display the camera in. Displays a list of entities in the Security Desk canvas of selected users, in terms of one entity per tile. This action is ignored if a user does not have a Monitoring task open in Security Desk. Additional parameters: Entities. List of entities to display. Each entity is displayed in a separate tile. Display option View in a free tile. Only use free tiles. Force display in tiles. Display in free tiles first. When there are no more free tiles, use the busy tiles following the tile ID sequence. Sends a report (based on a saved reporting task) as an email attachment to a list of users. Additional parameters: Report. Public reporting task used as report template. Format. Report format, either PDF or Excel. Forgives an antipassback violation for a cardholder, or cardholder group. Commands the selected dome camera to go to its home position. Not all dome cameras support this feature. Commands the dome camera to go to the specified preset position. Additional parameter: Preset. Preset position (number) to go to. Imports a file and sends the import results to a user. Additional parameter: File name. Opens the Import tool window, where you can select the file that is used to import the data. For more information, see "Import tool" on page 657.
users (Recipients)
Email a report
users (Recipients)
user (Recipient)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
759
Action types
Action
Target entity
Description
camera
Sets the Boost quality on event recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts. Sets the Boost quality on manual recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts. Plays a sound bite in a user or user groups Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: Sound to play. Sound file (.wav) to play. For the user to hear the sound bite, the same sound file must be installed on the PC where Security Desk is running. The standard alert sound files that come with the installation are located in C:\Program files\Genetec Security Center 5.2\Audio. Postpones the intrusion detection area arming. Additional parameters: Arming mode: Either Master arm or Perimeter arm. Postpone for. Set how long to postpone the arming for, in seconds. Arming delay. Set the arming delay in seconds. Cancels the effect of the Override with manual/event recording quality actions and restores the standard recording configuration. Resets the people counter in an area. Forces the Omnicast Federation role to reconnect to the remote Omnicast system. Starts the execution of a macro. Additional parameter: Context: Specific value settings for the context variables. Commands the dome camera to run the specified pattern. Additional parameter: Pattern. Pattern number to run.
camera
Play a sound
Recording quality as standard configuration Reset area people count Reset external system Run a macro
camera
Run a pattern
dome camera
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
760
Action types
Action
Target entity
Description
Send a message
Sends a pop-up message to a users Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: Message. Text to be to displayed in the pop-up message. Sends an email to users or cardholders. The selected user must have an email address configured, and the mail server must be properly configured for Security Center, or the action is ignored. Additional parameter: Message. The email text to be sent to the recipient. Sends and adds a public task to a Security Desk application. Additional parameters: Task. Public task to send. Destination. Online Security Desk application. User. All Security Desk connected with that user. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID. (Only available when creating threat levels) Sets a reader mode for accessing doors when a threat level is set. Additional parameters: Location. The areas where this reader mode applies when a threat level is set. Reader mode. Select whether access is granted using a card and PIN, or card or PIN, for the selected areas. Sets the Unlocked for maintenance status of a door to on or off. Additional parameter: Maintenance. Desired maintenance mode (On or Off). Sets a threat level on your Security Center system, or on specific areas. Additional parameters: Area. Select which areas to set the threat level on. Can be your entire system, or specific areas. Threat level. Select which threat level to set. Resets the Buzzer output defined for a door. This action sets the Buzzer option to None in the Hardware tab of a door in Config Tool. Sets the Buzzer output defined for a door. The buzzer sound is specified under the Buzzer option in the Hardware tab of a door in Config Tool.
Send an email
user, user group, cardholder, cardholder group (Recipient) Security Desk (Destination)
Send task
cardholder, credential
door
system, area
Silence buzzer
door
Sound buzzer
door
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
761
Action types
Action
Target entity
Description
camera
Starts protecting upcoming video recordings against deletion. The protection is applied on all video files needed to store the protected video sequence. Since no video file can be partially protected, the actual length of the protected video sequence depends on the granularity of the video files. When multiple Start applying video protection actions are applied on the same video file, the longest protection period is kept. Additional parameters: Keep protected for. Duration of the video protection. Specific. Sets the protection period in number of days. Infinite. The protection can only be removed manually from the Archive storage details task. Protect video for next. Duration of the video to protect. Specific. Sets the duration in minutes and hours. Infinite. All future recordings are protected until the action Stop applying video protection is executed. Starts recording on the specified camera. This action is ignored if the camera is not on an active recording schedule. Recordings started by this action cannot be stopped manually by a user. Additional parameter: Recording duration. Sets the duration of the video recording. Default. Sets the duration to follow the value defined in Default manual recording length configured for the camera. Infinite. The recording can only be stopped by the Stop recording action. Specific. Sets the recording duration in seconds, minutes, and hours. Stops protecting upcoming video recordings against deletion. This action does not affect the video archives that are already protected. Additional parameter: Stop in. Sets the video protection to stop Now or in a Specific amount of time in minutes and hours. Stops recording on the specified camera. This action only works if the recording was started by the Start recording action. Additional parameter: Stop in. Sets the recording to stop Now or in a Specific amount of time in seconds, minutes and hours.
Start recording
camera
camera
Stop recording
camera
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
762
Action types
Action
Target entity
Description
door
Temporarily locks or unlocks a door for a given period of time. Additional parameters: Lock mode. Select Unlocked or Locked. For. Amount of time in minutes or hours. From/To. Date and time range to unlock the door. Triggers an alarm. NOTE Triggering an alarm might generate additional events, depending on the alarm configuration. Additional parameters: Acknowledgement condition. Event type that must be triggered before the alarm can be acknowledged. User acknowledgement required. Select whether the alarm must be manually acknowledged, or if it is automatically acknowledged by the system after the acknowledgement condition is cleared. Triggers a physical alarm on an intrusion detection area. Additional parameter: Recipient type. Type of alarm trigger, either the intrusion detection area or a specific alarm input. Triggers an output behavior on an output pin of a unit. For example, an action can be configured to trigger the output pin of a unit (controller or input/output module). Additional parameter: Output behavior. Select the output behavior to trigger. Starts a synchronization process on the specified role (Active Directory or Global Cardholder Synchronizer). Temporarily unlocks a door for five seconds, or the Standard grant time configured for that door.
Trigger alarm
alarm
Trigger output
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
763
20
Keyboard shortcuts in Config Tool
Learn about the default keyboard shortcuts available in Config Tool. This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
764
General commands Apply changes Exit application Full screen Go to next page Go to previous page Help Home page Options Select columns Camera commands Add a bookmark Copy statistics of the currently selected video tile Show statistics overlay on the video tile Show status overlay on the video tile PTZ commands Go to preset Pan left Jump to a PTZ preset you select. Pan the PTZ camera image to the left. SHIFT+<PTZ preset> LEFT ARROW Add a bookmark to video in the selected tile (for live video only). Copy the statistics of the selected tile. B CTRL+SHIFT+X Apply the changes made to your current configuration tab. Close Config Tool. Toggle between displaying Config Tool in full screen and windows mode. Switch to the next Config Tool task tab. Switch to the previous Config Tool task tab. Open the online help. Go to the Home page. For more information, see "Home page overview" on page 14. Open the Options dialog box. Select which columns to show/hide in the report pane. CTRL+S ALT+F4 F11 CTRL+TAB CTRL+SHIFT+TAB F1 CTRL+GRAVE ACCENT () CTRL+O CTRL+SHIFT+C
Show/hide the statistics summary of the video in the selected tile. Show/hide the status summary of the video in the selected tile.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
765
Command
Description
Shortcut
Pan right Tilt down Tilt up Zoom in Zoom out Task commands Rename task Save as Save workspace Saved tasks
Pan the PTZ camera image to the right. Tilt the PTZ camera image down. Tilt the PTZ camera image up. Zoom in the PTZ camera image. Zoom out the PTZ camera image.
RIGHT ARROW DOWN ARROW UP ARROW Hold the PLUS SIGN (+) Hold the HYPHEN (-) key
Rename the selected task. Save a task under a different name and scope (private or public). Save the task list so that it is automatically restored the next time you log on to the system with the same user name. Open the Public tasks page from the Home page. For more information, see "Home page overview" on page 14.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
766
Part VII
Appendices
Learn about the user privileges, event and action types, license options, and HID access control units available in Security Center. This part includes the following appendices: Appendix A, License options on page 768 Appendix B, Default Security Center ports on page 776 Appendix C, HID reference on page 781 Appendix D, Bosch reference on page 803 Appendix E, Honeywell reference on page 805
A
License options
This section describes all Security Center software license options, and how to view your license information. This section includes the following topics:
"Viewing license information from Config Tool" on page 769 "Viewing license information from Server Admin" on page 770 "License option descriptions" on page 771
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
768
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
License. This tab tells you when your software license expires, and gives you the
information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.
IMPORTANT Seven days before your license expires, you receive a warning message.
Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count. For the latter, the Support column shows the current use vs. the maximum allowed.
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates. Purchase order. This tab reproduces your order.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
769
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
Overview. This tab tells you when your software license expires and gives you the
information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.
Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count.
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile devices. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
770
"Security Center license options" on page 771 "Synergis license options" on page 772 "Omnicast license options" on page 773 "AutoVu license options" on page 774 "Mobile license options" on page 774 "Certificate license options" on page 775
Macros. Allows you to create macros in your system. For more information, see "Using
macros" on page 110.
Threat level. Allows you to create threat levels in Config Tool, as well as set threat levels in
Security Desk.
Remote Security Desk. Allows you to remotely monitor and control other Security Desk
workstations and monitors, using the Remote task on your local Security Desk.
Alarms. Allows you to create and manage alarms in Config Tool, and use the Alarm
monitoring and Alarm report tasks in Security Desk.
Hot actions. Allows you to trigger hot actions in Security Desk. Audio. Allows you to configure sounds bites on your system in Config Tool, and use them
in event-to-actions.
Partitions. Allows you to configure and use partitions in Security Center. Intrusion detection. Allows you to configure intrusion detection entities in Config Tool, as
well as monitor intrusion detection entities in Security Desk.
Time zone. Allows you to configure the unit time zone when a Location property tab is
displayed, as in video unit configuration for example.
Automatic email notifications. Allows you to set up an email server for email
notifications, including:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Web SDK. Allows you to create Web-based SDK roles. For more information, see
"Supporting cross-platform development" on page 164.
Plan Manager Basic. Allows you to use Plan Manager in Basic mode. For more information
about Plan Manager, see the Plan Manager User Guide.
Plan Manager Standard. Allows you to use Plan Manager in Standard mode. For more
information about Plan Manager, see the Plan Manager User Guide.
Plan Manager Advanced. Allows you to use the Advanced configuration of Plan Manager
in Advanced mode. For more information about Plan Manager, see the Plan Manager User Guide.
Number of custom fields. Maximum number of custom fields that you are allowed to
define. For more information, see System General settings "Custom fields" on page 619.
Number of Active Directories. Maximum number of Active Directory domains that can be
synchronized with your system. For more information, see "Importing users from an Active Directory" on page 102.
Number of additional Directory servers. Maximum number of Directory servers you can
have in addition to your main server to set up a high availability system. For more information, see "Configuring Directory failover and load balancing" on page 66.
Number of input pins. Maximum number of input pins that can be configured for doors,
elevators, and zones.
Number of output pins. Maximum number of input pins that can be configured can be
configured for doors, elevators, and zones.
Number of cash registers. Maximum number of cash registers that you can import from an
external point of sale system. For more information, see "Point of Sale" on page 595.
Card requests. Allows users to request card credentials to be printed by other users on the
system. Also allows you to create request reasons in Config Tool.
Import Tool. Allows you to import cardholders and credentials from a flat file. For more
information, see "Import tool" on page 657.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
772
Antipassback. Allows you to configure areas with antipassback restrictions. For more
information, see "Configure antipassback" on page 280.
People counting. Allows you to use the People counting task in Security Desk. Badge template. Allows you to define badge templates in your system. USB enrollment reader. Allows you to detect and use USB readers on your system. Visitors. Allows you to use the Visitor management task in Security Desk. Number of cardholders and visitors. Maximum number of cardholders and visitors allowed on your system, including those imported from Active Directories. For more information, see "Configuring cardholders and cardholder groups" on page 283. elevators on your system.
Number of readers. Maximum number of readers that can be configured for doors and Number of Access Managers. Maximum number of Access Manager roles that can be
created on your system. For more information, see "Configuring the Access Manager role" on page 260.
Number of cameras. Maximum number of cameras allowed on your system. Both cameras
managed locally by your system and those federated from remote systems are counted.
Number of panoramic cameras. Number of panoramic cameras allowed on your system. Number of DVR inputs. Number of video inputs from DVRs (digital video recorders)
allowed on your system.
Audio. Allows your system to stream audio and enables all audio features on your system. Forensic search. Enables the Forensic search task in Security Desk. Trickling. Enables data to be transferred in small amounts at specific or pre-determined
time from the edge-recording units to the Archiver. For more information, see "Configuring video units for trickling" on page 197.
Camera blocking. Allows you to block video from other users on the system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 773
Security Desk map. Type of map engine supported in Security Desk: Bing or MapInfo. Geocoder. Type of map engine used by the LPR Manager for geocoding: Bing or MapInfo. Microsoft Bing license expiration date. Bing license expiration date. Data import. Allows data to be imported from AutoVu 4.3 systems. For more information, see "Data import" on page 583. information, see "XML import" on page 578.
XML import. Allows you to import data from third-party applications. For more Number of LPR Managers. Maximum number of LPRManager roles allowed on your
system.
Number of fixed Sharp units. Maximum number of fixed Sharp units allowed on your
system.
Number of mobile device servers. Maximum number of Mobile Servers allowed on your
system.
Number of Web Clients. Maximum number of Web Client connections allowed on your
system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
774
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
775
B
Default Security Center ports
This section describes all default ports used by Security Center. Make sure these ports are open and redirected for firewall and network address translation purposes. This section includes the following topics:
"Common communication ports" on page 777 "AutoVu-specific ports" on page 778 "Synergis-specific ports" on page 779 "Omnicast-specific ports" on page 780
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
776
Main server Expansion servers Client workstations All servers (hosting any role) Intrusion Manager
TCP 5500 TCP 5500 TCP 5500 TCP 4502 HTTP 80 TCP 3001 TCP 3001 TCP 4502
Directory connection requests Directory connection requests Directory connection requests Communication between servers Connection via Server Admin Bosch intrusion panels
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
777
AutoVu-specific ports
AutoVu-specific ports
The following table lists the default network ports used by Security Center/AutoVu applications.
Computer Inbound Outbound Port usage
UDP 5000
Fixed Sharp unit discovery Fixed Sharp units and Patrollers Patroller hotfix requests
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
778
Synergis-specific ports
Synergis-specific ports
The following table lists the default network ports used by Security Center/Synergis applications.
Computer Inbound Outbound Port usage
Access Manager
For information about HID hardware setup, see "Refer to HIDs documentation for initial hardware setup" on page 782.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
779
Omnicast-specific ports
Omnicast-specific ports
The following table lists the default network ports used by Security Center/Omnicast applications.
Computer Inbound Outbound Port usage
Archiver
TCP 555 UDP 1500016000 TCP & UDP UDP 47806 UDP 47806 TCP 554 or HTTP 80 Telnet 5602 UDP 1500016000
Live and playback stream requests Live unicast streams (audio & video) Vendor specific ports for events and unit discovery Live audio & video multicast streams Typical port used to request video from a unit Telnet Console connection requests Playback stream requests Live and playback stream requests Live and playback stream requests Live audio & video unicast streams UDP 47806 TCP 555 Live audio & video multicast streams Communication with Archiver Live audio & video unicast streams Live multicast video streams Live multicast audio streams TCP 554560 Live and playback audio/video requests
TCP 558 TCP 554 TCP 560 UDP 800012000 UDP 47806
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
780
C
HID reference
This section describes additional information concerning the setup and configuration of HID access control units. This section includes the following topics:
"Network configuration" on page 782 "Using the HID Discovery GUI utility" on page 783 "HID initial configurations" on page 784 "Special considerations when configuring HID units" on page 785 "Interpreting the Power and Comm LEDs on an HID unit" on page 787 "Supported features and models" on page 788 "Access control unit modes of operation" on page 791 "Access control unit configuration" on page 799 "Wiring diagrams" on page 800
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
781
Network configuration
Network configuration
HID VertX (V1000, V2000), and Edge devices are IP devices that can acquire their network address automatically when your network has a DHCP server (the default). They can also be configured with static addresses (recommended).
HID VertX
HID VertX OEM Quick Installation Guide V100, V200, V300, V1000, and V2000 for configuration information.
HID VertX Install Wiring Diagram Example for wiring examples. HID Edge device
HID documentation can also be downloaded from www.HIDglobal.com. The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the following table to control it.
Computer Inbound Outbound Port usage
Access Manager
The initial discovery can be performed with either the Security Centers Unit Discovery Tool (see "Unit discovery tool" on page 653), or with the HID Discovery GUI.
NOTE The Security Centers Unit Discovery Tool does not let you assign or modify the IP configuration of an HID unit. If you do not have a DHCP server on your network, or if you want to modify the initial IP configuration of the HID unit, this should be done with the HID Discovery GUI. It can be downloaded from http://www.hidglobal.com/downloads/ DiscoveryClient.zip.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
782
Type. HID device model. MAC Address. MAC address of the devices network interface (also used as serial number). Host Name. Name assigned to the device (by default, same as Type).
3 To cause the units LED to blink so it can be identified, click the Blink ON button. 4 To go to the units configuration Web page, click the Configure Unit hyperlink. 5 To re-scan the network to find HID devices, click the Refresh button.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
783
The address 169.254.242.121 is the factory-assigned default address for every HID device. Even if the unit has been configured with an IP configuration, it still listens on this address for (possible) troubleshooting needs. 3 If a change in IP configuration is required, this is performed from the devices configuration Web page. You can open the devices Web page one of the following ways:
In the HID Discovery GUI, click the Configure Unit hyperlink. Type http://169.254.242.121 in your Web browser. User Name: root Password: pass
5 The first page displayed from the HID unit will be its Basic Setup page. It is on this page that you can assign the devices IP configuration.
CAUTION If no DNS server is present on your network, you must use the units own IP address for the Primary DNS Server value. Furthermore, the Basic Central Stations IP address should be set to the IP address of your Security Center server running the Access Manager role.
6 Scroll down, and click the link to Change Login Password. (NB: This refers to the user admin not the user root) 7 Scroll to the bottom of the page, and click Submit. The unit applies the new IP configuration, and reboot. The unit is now ready to be enrolled in Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 784
"For HID V1000 units" on page 785 "Other HID hardware" on page 785 "HID factory default input settings" on page 785 "Modify input configurations" on page 786
A door: REX, door sensor, door lock Interlock override or lockdown Elevator control floor tracking Door buzzer IO linking (Hardware zone)
Instead, you should use the inputs and outputs from the V1000s sub-panels (V200s, V300s) for these purposes.
The door monitor input is configured by default as normally closed (NC), and not
supervised (no EOL resistors). This means that if nothing is connected to the door monitor input, the unit will emit beeps to signal that the door is open. To correct this, connect the door monitor input to an actual door monitor, or reconfigure the input to normally open (NO). See illustration below. All other inputs are configured as normally open (NO), not supervised (no EOL resistors).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
785
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
786
Off Power Solid red Blinking (Red/Off) Solid green Solid red Comm Blinking (Red/Green) Blinking (Amber/Green)
Check input voltage to the unit No network activity Network activity All interfaces found (eg. V100, V200, V300) No interfaces found Some interfaces were found (the duty cycle changes according to the number of interfaces found). The unit is in Locate me mode (somebody clicked the Identify button).
For VertX V1000 units: If the Comm LED indicator is off, update the firmware for the interface (V100) part of the unit. Table 22-3: VertX interface boards (sub-panels) V100, V200, V300
LED indicator State Description
Solid red Power Anything other than solid red Blinking (Red/Green) Comm Amber
If the Comm LED indicator for an interface board is off, verify the wiring for the RS-485 bus. Then try updating the firmware.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
787
Option 00: Keypad configuration setting option of 00 = Buffer one key, no parity, 4-bit
message. Option 14: Keypad configuration setting option of 14 = Buffer one to five keys (Standard 26-bit output). This reader option is also known as Galaxy Mode.
HID keypad reader option Online mode Mixed mode Offline mode Observation
Unit type
Not applicable.
Card or PIN.
Card or PIN.
The keypad readers can be used to enroll PINs. An unknown PIN will not generate the Access denied: Unknown credential event in Security Center. The reader cannot be used to enroll PINs for credential creation.
Not applicable.
Card or PIN. Card and PIN on schedule. When offschedule, operation reverts to card only.
Not applicable.
Card only.
Card only.
For HID SmartID keypad readers (SK10), the following option is required to support card and PIN functionality:
PIN length
Currently, PINs cannot have more than fivedigits.
iCLASS EdgeReader (POE) ER40, ERP40, ERW400 integrated reader and controller EdgePlus (POE) E400 controller VertX V2000 reader interface/network gateway VertX V1000 network gateway
VertX V100 reader interface VertX V200 input interface VertX V300 output interface
Card readers:
HID units support most industry standard card readers that output card data using the HID SmartID readers (MIFARE and DESFire) are also supported.
Supported RF Ideas USB enrollment readers
The RFIdeas readers only support card data formats up to 64 bits. The following USB enrollment readers are supported: Wiegand protocol (up to 128-bit card formats). For card and keypad readers, see "Access control unit configuration" on page 799.
pcProx HID USB reader for enrolling proximity cards AIR ID Enroll iCLASS ID# USB reader for enrolling HID iCLASS cards AIR ID Enroll 14443/15693 CSN USB reader for enrolling a MIFARE card using the CSN
(card serial number)
HID V1000, V100, V200, V300 HID V2000 HID EdgeReader / EdgePlus
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
789
22,000, up to 125,000 cardholders with full memory upgrade. 22,000, up to 125,000 cardholders with full memory upgrade. 22,000 cardholders (maximum). No memory upgrades are possible.
64 readers with 32 V100 reader interface modules 32 doors configured as card in/card out 64 doors configured as card in/REX out 2 readers 1 door configured as card in/card out 2 doors configured as card in/REX out 1 reader 1 door configured as card in/REX out
HID V2000
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
790
"About offline, mixed, and online modes of operation" on page 791 "Supported modes of operation per unit type" on page 791
Mixed mode
The unit makes access control decisions locally based on information downloaded from Security Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-time. Communication with Security Center/Synergis has been lost. The unit makes access control decisions locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis when the network connection is re-established. The unit is under the direct real-time control of Security Center/Synergis. Security Center/Synergis makes all access control decisions. This mode is not available with HID VertX and Edge units.
Offline
Online
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
791
The features available for the HID mixed and HID offline modes of operation are as follows:
Action: Silence buzzer or Sound buzzer (event-to-action) Antipassback Card and PIN Elevator control Elevator floor tracking Event-to-action with Trigger output action Extended grant time Hard antipassback (passback violation event generated and access is denied) Interlock IO Linking Lockdown Override People Counting Readerless Door (use an IO module for a REX, door state, and door lock only) Soft Antipassback (passback violation event generated and access is granted) Strict Antipassback Timed antipassback
Supported Supported
For operation, the mixed and offline modes require the following:
All inputs and outputs must belong to the same HID controller (one VertX V1000, one
V2000, or one Edge).
NOTE The Action feature is not available with a readerless door.
Antipassback
Operating mode Feature availability
Depends on the antipassback settings enabled with the Config Tool. Depends on the antipassback settings enabled with the Config Tool.
For operation, the mixed and offline modes require the following:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 792
All units used for this feature must be assigned to the same Access Manager. The interlock feature must be disabled. Interlock (including the lockdown and override
functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time.
Unit time zones Doors and associated readers Areas (groups of doors) Elevators and associated floors (including unlocking schedules) Cardholder groups Schedules (including card and PIN schedules) Access rules
The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):
V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.
V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit readers. Limitation in the number of doors is based on the number of V100 modules installed. Antipassback is not recommended with the Edge product line for the following reasons:
Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both entry and exit readers. Peer-to-peer communication between Edge devices is not supported by Security Center.
An area with antipassback must be configured for readers wired to, and doors managed by,
the same unit (V1000 or V2000) because
The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices. Antipassback can be reset using the following methods:
An action (manually or with an event-to-action) The following system behavior will reset a units antipassback state:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
793
Initial unit synchronization when the Security Center services are started or restarted. Unit synchronization following the loss and recovery of a connection with the unit (V1000 or V2000).
Unit synchronization following certain configuration changes (see below for more details). Manual synchronization of the unit through the Config Tool page.
Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details. Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.
For operation, the mixed and offline modes require the following:
All reader interfaces/inputs/outputs for a door should belong to the same HID controller
(HID Edge, VertX V2000, or Vertx V100 interface module).
Elevator control
Operating mode Feature availability
Supported Supported
For operation, the mixed and offline modes require the following:
All interface modules used for elevator control (HID VertX V100, V200, and V300) must be The reader interface, inputs, and outputs must be connected to the same HID controller
assigned to the same VertX V1000. Reader, inputs and outputs must be assigned to the same V2000 (max. of 4 floors) or Edge (max. of 2 floors). All units used for this feature must be assigned to the same Access Manager. (VertX V1000, V2000, or Edge). A maximum of 1 elevator cab reader can be assigned per HID controller (VertX V1000, V2000, or Edge).
Once a VertX controller has been assigned to perform elevator control, it should only be
used for that purpose. Door and zone control should not be mixed with elevator control, even when the unit has unused readers, inputs and outputs. When elevator floors are operating under controlled access mode, schedules from different access rules applied to different floors are merged when the rules are granted to a same cardholder.
EXAMPLE Suppose that the configuration set in Config Tool is such that Bob should be granted
access to floor1 from 9 a.m. to 10 a.m. through access rule 1, and to floor2 from 10 a.m. to 11 a.m. through access rule2. When Bob presents his card in the elevator, the VertX controller will actually grant access to Robert from 9 a.m. to 11 a.m. on both floors.
Supported Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
All units used for this feature must be assigned to the same Access Manager.
Event-to-action with Trigger output action
Operating mode Feature availability
For operation, the mixed and offline modes require the following:
All units used for this feature must be assigned to the same Access Manager.
Extended grant time
Operating mode Feature availability
Supported Supported
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
795
Supported Supported
NOTE Antipassback using the HID units is available with the VertX V2000 (area with a single
door) and the VertX V1000 (multiple areas and multiple doors per area). Antipassback with the HID Edge products is not supported.
Interlock
Operating mode Feature availability
Supported Supported
For operation, the mixed and offline modes require the following:
The antipassback feature must be disabled. Interlock (including the lockdown and override All perimeter doors of an interlocked area must be assigned to the same HID controller
(one VertX V1000 or one V2000).
NOTE If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, an Access Granted event for the second door might be generated, even through the second door does not unlock.
functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time. The inputs of an HID VertX V1000 must be not used for this feature.
IO Linking
Operating mode Feature availability
Supported Supported
For operation, the mixed and offline modes require the following:
The inputs of an HID VertX V1000 must be not used for this feature. All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
796
Lockdown
Operating mode Feature availability
Supported Supported
NOTE The Lockdown feature is only supported for areas where the Interlock feature is enabled.
Override
Operating mode Feature availability
Supported Supported
NOTE The Override feature is only supported for areas where the Interlock feature is enabled.
People Counting
Operating mode Feature availability
Supported Not Supported. If a unit assigned to one of the perimeter doors of an area is in this mode of operation, the feature is disabled for the entire area.
All units used for this feature must be assigned to the same Access Manager.
Readerless Door (use an IO module for a REX, door state, and door lock only)
Operating mode Feature availability
Supported Supported NOTE There are no door activity reports during the time period when the unit is in this mode of operation.
For operation, the mixed and offline modes require the following:
The inputs of an HID VertX V1000 must be not used for this feature. All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
797
NOTE A readerless door does not generate a Door forced open event. A readerless door also does not support the buzzer feature.
Supported Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
Strict Antipassback
With HID units, Hard and Strict antipassback are one in the same, as there is no distinction between the two. See "Hard antipassback (passback violation event generated and access is denied)" on page 796.
Timed antipassback
Operating mode Feature availability
Not Supported. All perimeter doors of an area must be in online mode. Not Supported. All perimeter doors of an area must be in online mode.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
798
REX
When any unit REX input is used for a REX, you must also set: Automatically grant request to exit in the door Properties tab, which generates Request to exit events when the input is triggered. Events are logged, and can be used for event-to-actions. The input configuration in the Door, Unit tab to program the unit to react to a REX input by releasing the lock. Deselect Automatically grant request to exit in the Door, Properties tab. Configure the input for a zone, interlock, etc. Set this in the input configuration in the Door, Unit tab. NOTE This input cannot be used as a
Another purpose (a general purpose input) HID units (V100, V2000, and Edge devices) Door Monitor A door position sensor input (door open or door closed).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
799
Wiring diagrams
Wiring diagrams
The following wiring diagrams can also be found at http://www.hidglobal.com/.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
800
Wiring diagrams
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
801
Wiring diagrams
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
802
D
Bosch reference
This section describes additional information concerning the setup and configuration of Bosch GV2, GV3, and GV4 series intrusion panels. This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
803
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
804
E
Honeywell reference
This section describes additional information concerning the setup and configuration of Honeywell Galaxy Dimension series control panels. This section includes the following topics:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
805
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
806
Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Security Center is the unified platform for all Genetecs IP security solutions, which include AutoVu, Omnicast, and Synergis modules. The definitions in this glossary pertain to all three modules.
A
accepted user A user who has read access over all entities contained in a partition. This allows the user to view them in all entity browsers. Additional access rights may be granted through user privileges. Type of maintenance task that reports on access control unit malfunction events. See also Health history. access control unit Type of entity that represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. See also Access Manager, interface module and Synergis Master Controller. Access control unit events Type of maintenance task that reports on events pertaining to selected access control units. Access Manager access point Type of role that manages and monitors access control units on the system. Any monitored point that can be used to enter or exit a secured area, usually a door side or an elevator floor. Note that an elevator floor can only be used as an entry point. Type of entity that defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule. Type of maintenance task that reports on entities and access points affected by a given access rule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
807
Glossary
Access troubleshooter
Tool that helps you detect and diagnose access configuration problems. It allows you to find out about the following: Who are allowed to use an access point at a given time Which access points a cardholder is allowed to use at a given time Why a given cardholder can or cannot use an access point at a given time. access right. (1) Type of rights a user has over entities in the system (view, add, modify, delete), which are defined by a combination of partitions and user privileges. (2) The right a cardholder has to pass through an access point at a given date and time.
access right
action
User-programmable function that can be triggered as an automatic response to an event (door held open for too long, object left unattended) or executed according to a specific time table. See also event and event-to-action.
active alarm
An alarm that has not yet been acknowledged. See also alarm.
Active Directory
Active Directory (AD). (1) A directory service created by Microsoft. (2) Type of role that imports users and cardholders from an Active Directory and keeps them synchronized.
Activity trails
Type of maintenance task that reports on the user activity related to video and LPR functionality. This task can provide information such as who played back which video recordings, who used the Hotlist and permit editor, who enabled hotlist filtering, and much more.
Advanced Systems Format Advanced Systems Format or ASF (formerly Advanced Streaming Format) is a Microsoft streaming format associated with Windows Media Player. agent Subprocess created by a Security Center role to run simultaneously on multiple servers for the purpose of sharing its load. See also redirector agent. alarm Type of entity that describes a particular trouble situation that requires immediate attention and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
808
Glossary
alarm acknowledgement
User response to an alarm. There are two variants of alarm acknowledgement in Security Center: Default acknowledgement Alternate acknowledgement Each variant is associated to a different event so that specific actions can be programmed based on the alarm response selected by the user. See also action and event.
Alarm monitoring
Type of operation task that allows you to monitor and respond to alarms (acknowledge, forward, snooze, among other things) in real time, as well as review past alarms. See also monitor group.
alarm panel
Type of investigation task that allows you to search and view current and past alarms. Type of entity that represents a monitor that displays video from an analog source, such as a video decoder or an analog camera. This term is used in Security Center to refer to monitors not controlled by a computer. See also monitor group and video decoder.
Access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice-versa. Type of maintenance task that reports on the video files (file name, start and end time, file size, protection status, and so on) used to store video archive, and which allows you to change the protection status of those files, among other things. Type of role that is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive, and performs motion detection when it is not done on the unit itself. See also Auxiliary Archiver and video unit.
Archiver
Type of maintenance task that reports on events pertaining to selected Archiver roles. Type of investigation task that allows you to find and view available video archives by camera and time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
809
Glossary
area
Type of entity that represents a concept or a physical location (room, floor, building, and so on) used for the logical grouping of entities in the system. See also Logical view. When Synergis is enabled, the area entity can also be used to configure a secured area with access rules and access control behavior. See also antipassback and interlock.
Area activities
Type of investigation task that reports on area related activities (access granted, access denied, first person in, last person out, antipassback violation, and so on). Type of investigation task that provides a snapshot of all cardholders and visitors currently present in a selected area. See Advanced Systems Format. Type of entity that represents any valuable object with an RFID tag attached, allowing it to be tracked by an asset management software. See also RFID tag.
asynchronous video audio decoder audio encoder Audit trails automatic discovery
Simultaneous playback video from more than one camera that are not synchronized in time. Device or software that decodes compressed audio streams for playback. Synonym of "speaker". Device or software that encodes audio streams using a compression algorithm. Synonym of "microphone". Type of maintenance task that reports on the configuration changes who made them, on selected entities in the system. The process by which IP units on a network are automatically discovered by Security Center. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a packet that contains connection information about itself. Security Center uses the information to automatically configure the connection to the unit, thus enabling communication. Not all units support this feature. See also unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
810
Glossary
AutoVu
AutoVu is the IP license plate recognition (LPR) system of Security Center that automates the reading and verification of vehicle license plates. AutoVu Sharp cameras capture license plate images, and send the data to Patroller or Security Center to verify against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). You can install AutoVu in a fixed configuration (e.g. on a pole in a parking lot), or in a mobile configuration (e.g. on a police car). You can use AutoVu for scofflaw and wanted vehicle identification, city-wide surveillance, parking enforcement, parking permit control, vehicle inventory, security, and access control. Processing component of the SharpX system. The LPR Processing Unit is available with two or four camera ports, with one dedicated processor per camera (if using SharpX) or per two cameras (if using SharpX VGA). This ensures maximum, per-camera, processing performance. The LPR Processing Unit is sometimes referred to as the "trunk unit" because it is typically installed in a vehicle's trunk. See also LPR camera and SharpX.
Auxiliary Archiver
Type of role that supplements the video archive produced by the Archiver. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it can archive any camera in the system, including the federated ones (Security Center 5.x systems only). The Auxiliary Archiver depends on the Archiver to communicate with the video units. It cannot operate on its own. See also Archiver and discovery port.
B
Badge designer Badge printer badge template bit rate block face (2sides) Tool that allows you to design and modify badge templates. Tool that allows you to print badges in bulk, based on a badge template and a list of cardholders or credentials. Entity type used to configure a printing template for badges. Data transfer rate expressed in kilobits per second (Kbps). Type of parking regulation characterizing an overtime rule. A block face is the length of a street between two intersections. A vehicle is in violation if it is seen parked within the same block over a specified period of time. Moving the vehicle from one side of the street to the other does not make a difference. Short text used to mark a specific position in a recorded video sequence that can be used to search for that video sequence at a later stage.
bookmark
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
811
Glossary
Type of investigation task that searches for bookmarks related to selected cameras within a specified time range. Genetec's proprietary connector box for AutoVu mobile solutions that use Sharp version 2.0 cameras. The breakout box provides power and network connectivity to the Sharp units and the in-vehicle computer. Currently, the AutoVu SharpX system is the preferred solution for a mobile AutoVu installation. Communication between a single sender and all receivers on a network
broadcast
C
camera Type of entity that represents a single video source on the system. The video source can be an IP camera or an analog camera connected to the video encoder of a video unit. Multiple video streams can be generated from the same video source. See also video encoder. camera blocking Omnicast feature that lets you restrict the viewing of video (live or playback) from certain cameras to users with a minimum user level. See also user level. Camera events camera sequence canvas Type of investigation task that reports on events pertaining to selected cameras within a specified time range. Type of entity that defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. One of the panes found in the Security Desk's task workspace. The canvas is used to display multimedia information, such as videos, maps, and pictures. It is further divided into three panels: the tiles, the dashboard, and the properties. See also tile. card and pin cardholder An access point mode that requires a cardholder to present their card and then enter a personal identification number (PIN). Type of entity that represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked. Type of maintenance task that reports on which cardholders and cardholder groups are granted or denied access to selected areas, doors, and elevators. Type of investigation task that reports on cardholder activities (access denied, first person in, last person out, antipassback violation, and so on).
812
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Glossary
Cardholder configuration Type of maintenance task that reports on cardholder properties (first name, last name, picture, status, custom properties, and so on). cardholder group Cardholder management Type of entity that configures the common access rights of a group of cardholders. Type of operation task that allows you to create, modify, and delete cardholders, as well as manage their credentials, including temporary replacement cards. Type of entity that represents a single cash register (or terminal) in a point of sale system. See also point of sale system. certificate Additional license information that is required to run plugins or SDK-based applications.
cash register
City Parking Enforcement Patroller software installation that is configured for city parking enforcement: the enforcement of parking permit and/or overtime restrictions. See also overtime rule and permit. City Parking Enforcement A "City Parking Enforcement" installation of a Patroller application that also with Wheel Imaging includes wheel imaging. The use of maps and of the Navigator is mandatory. See also City Parking Enforcement. compatibility pack Config Tool See Omnicast compatibility pack. Security Center administrative application used to manage all Security Center users, and configure all Security Center entities such as areas, cameras, doors, schedules, cardholders, Patroller/LPR units, and hardware devices.
Conflict resolution utility Tool that helps you resolve conflicts caused by importing users and cardholders from an Active Directory. context camera A camera connected to an LPR unit that produces a wider angle color image of the vehicle whose license plate was read by the LPR camera. See also LPR camera and LPR unit. controlled exit controller module Credentials are necessary to leave a secured area. Processing component of Synergis Master Controller with IP capability, preloaded with the controller firmware and the web-based administration tool, Controller Portal. See also Controller Portal, four-port RS-485 module, and Synergis Master Controller.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 813
Glossary
Controller Portal
Web-based administration tool hosted on every Synergis Master Controller unit, used to configure, administer, and upgrade the controller firmware. See also controller module and Synergis Master Controller.
Tool that copies the configuration of one entity to many other entities. Read (captured license plate) that is matched to a covert hotlist. Covert hits are not displayed on the Patroller screen, but can be displayed in the Security Desk by a user with proper privileges. Hotlist hidden from the AutoVu Patroller users. Reads matching a covert hotlist generate covert hits. Type of entity that represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Type of investigation task that reports on credential related activities (access denied due to expired, inactive, lost, or stolen credential, and so on). A textual representation of the credential showing the credential data (typically the Facility code and the Card number). For credentials using custom card formats, the user can choose what to include in the credential code. Type of maintenance task that reports on credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on). Type of operation task that allows you to create, modify, and delete credentials, and print badges. It also allows you to enroll large numbers of card credentials into the system, either by scanning them at a designated card reader, or by entering a range of values. An event added after the initial system installation. Events defined at system installation are called system events. Custom events can be user-defined or automatically added through plugin installations. Unlike system events, custom events may be renamed and deleted. User defined property associated to an entity type to store additional information that is useful to your particular organization.
Credential configuration
Credential management
custom event
custom field
D
Daily usage per patroller Type of investigation task that reports on the daily usage statistics of a selected Patroller (operating time, longest stop, total number of stops, longest shutdown, and so on) for a given date range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
814
Glossary
dashboard
One of the three panels that belong to the canvas in Security Desk. It contains the graphical commands (or widgets) pertaining to the entity displayed in the current tile. See also widget.
Collection of data that is organized so that its contents can easily be accessed, managed, and updated. An application that manages databases and handles data requests made by client applications. Security Center uses Microsoft SQL Server as its database server. The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds). Transformation used to straighten a digital image taken with a fish-eye lens. A DHCP (Dynamic Host Configuration Protocol) server provides configuration parameters necessary for a unit to automatically connect to an IP network. DHCP automatically supplies the unit with an IP address, the network mask, a gateway IP address, and a DNS server IP address. The main role that identifies your system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server. All other servers in Security Center must connect to the main server and are called expansion servers. See also expansion server, main server, and server.
debounce
Directory
Directory Manager
The role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. See also Directory server and high availability.
Directory server
Any one of the multiple servers simultaneously running the Directory role in a high availability configuration. See also Directory, high availability, and server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
815
Glossary
discovery port
Port used by certain Security Center roles (Access Manager, Archiver, LPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system. See also automatic discovery.
district
Type of parking regulation characterizing an overtime rule. A district is a geographical area within a city. A vehicle is in violation if it is seen within the boundaries of the district over a specified period of time. Type of entity that represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default A and B. Each side is an access point (entrance or exit) to a secured area. Type of investigation task that reports on door related activities (access denied, door forced open, door open too long, hardware tamper, and so on). A door contact monitors the state of a door, whether it is open or closed. It can also be used to detect improper state (door open too long). See access control unit. Every door has two sides, named by default "A" and "B". Each side is an access point to an area. For example, passing through side A leads into an area, and passing through side B leads out of that area. For the purposes of access management, the credentials necessary to pass through a door in one direction are not necessarily the same to pass through in the opposite direction. Type of maintenance task that lists all the cardholders who have access to a particular door side or elevator floor at a specific date and time. Driver Development Kit (DDK). An SDK for creating device drivers. A special code used to disarm an alarm system that quietly alerts the monitoring station that the alarm system was disarmed under threat.
door
E
edge recording Video is recorded on the unit itself, eliminating the need to constantly stream video to a centralized server. See also Archiver. electric door strike elevator An electric device that releases the door latch when current is applied. Type of entity that provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.
816
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Glossary
Type of investigation task that reports on elevator related activities (access denied, floor accessed, unit is offline, hardware tamper, and so on). To take action following a confirmed hit. For example, a parking officer can enforce a scofflaw (unpaid parking tickets) violation by placing a wheel boot on the vehicle. Entities are the basic building blocks of Security Center. Everything that requires configuration is represented by an entity. An entity may represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module. The graphical representation of Security Center entities in a tree structure illustrating the hierarchical nature of their relationships. See also Logical view.
entity
entity tree
event
Indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center, and can be programmed to trigger actions, conferring intelligent behavior to the system. Every event mainly focuses on one entity, called the event source. See also event-to-action.
The coupling of an action to an event to confer automatic and intelligent behavior to the system. Any server machine in a Security Center system that does not host the Directory role. The purpose of the expansion server is to add to the processing power of the system. See also main server and server.
F
failover A backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby when the primary server becomes unavailable, either through failure or through scheduled downtime. See also high availability and load balancing. federated entity Any entity that is imported from an independent system via a federation role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
817
Glossary
federated system
A independent system (Omnicast or Security Center) that is unified under your local Security Center via a federation role, so that the local users can view and manipulate its entities as if they belong to the local system. See also Omnicast Federation and Security Center Federation.
Federation
The Federation is a virtual system formed by joining multiple remote independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system (the Federation host) to access the entities belonging to independent systems as if they were on your local system. RS-485 communication component of Synergis Master Controller with four ports (or channels) named A, B, C, and D. The number of interface modules you can connect to each channel depends on the type of hardware you have. See also controller module, interface module, and Synergis Master Controller.
A single video image. Access point state where no credentials are necessary to enter a secured area. The door is unlocked. This is typically used during normal business hours, as a temporary measure during maintenance, or when the access control system is first powered up and is yet to be configured. Access point state where no credentials are necessary to leave a secured area. The person releases the door by turning the doorknob, or by pressing the REX button, and walks out. An automatic door closer shuts the door so it can be locked after being opened.
free exit
G
G64 G64 is the native data format used by all archiving roles (Archiver and Auxiliary Archiver) to store video files. This data format incorporates all information related to the video data, including audio, bookmarks, timestamps, motion and event markers, and supports watermarking. See also ASF, video file, and video watermarking. Genetec Plan Manager Server Genetec Server Windows service that runs Plan Manager Server modules. See also Plan Manager Server. Windows service at the core of Security Center architecture that must be installed on every computer that is part of the Security Center's pool of servers. Every such server is a generic computing resource capable of taking on any role (set of functions) you assign to it. See also server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 818
Glossary
geocoding
The process of finding associated geographic coordinates (latitude and longitude) from a street address. See also reverse geocoding.
ghost camera
Entity used as a stand in camera that is automatically created by the Archiver when video archives are detected for a camera whose definition has been deleted from the Directory, either accidentally or because the physical device no longer exists. Ghost cameras cannot be configured. They only exist so users can reference the video archive that would otherwise not be associated to any camera. See also camera.
ghost Patroller
Entity automatically created by the LPR Manager when the AutoVu license includes the XML Import module. In Security Center, all LPR data must be associated to a Patroller entity or an LPR unit corresponding to a fixed Sharp camera. When you import LPR data from an external source via a specific LPR Manager using the XML Import module, the system uses the ghost entity to represent the LPR data source. You can formulate queries using the ghost entity as you would with a normal entity. See also Patroller.
GIS
Geographic information system (GIS) is a third party map provider that Plan Manager can connect to, to bring maps and all types of geographically referenced data to Security Center. See also KML, OGC, and WMS.
Type of role that ensures the two-way synchronization of shared cardholders and their related entities between the local system (sharing participant) and the central system (sharing host). See also sharing guest and sharing host.
global entity
Entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. See also global partition.
global partition
Partition that is shared across multiple independent Security Center systems by the partition owner, called the sharing host. See also global entity, partition, and sharing guest.
GUID
A globally unique identifier, or GUID, is a special type of identifier used in software applications to provide a unique reference number.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
819
Glossary
H
H.264 Hardware inventory H.264/MPEG-4 AVC (Advanced Video Coding) is a standard for video compression. Type of maintenance task that reports on the characteristics (unit model, firmware version, IP address, time zone, and so on) of access control, video, intrusion detection, and LPR units in your system. A subtype of zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and works only in mixed and offline mode. Hardware zones cannot be armed or disarmed from Security Desk. See also virtual zone and zone. Health history Type of maintenance task that reports on health issues. See also Health statistics and Health Monitor. Health Monitor The central role that monitors system entities such as servers, roles, units, and client applications for health issues. See also Health history and Health statistics. Health statistics Type of maintenance task that gives you an overall picture of the health of your system. See also Health history and Health Monitor. high availability Design approach used to enable a system to perform at a higher than normal operational level. This often involves failover and load balancing. See also failover and load balancing. HIP A hardware integration package, or HIP, is an update that can be applied to Security Center. It enables the management of new functionalities (for example, new video unit types), without requiring an upgrade to the next Security Center release. License plate read that matches a hit rule (hotlist, overtime rule, permit, or permit restriction). A Patroller user can choose to reject or accept a hit. An accepted hit can subsequently be enforced. See also enforce. hit rule Type of LPR rule used to identify vehicles of interest (called "hits") using license plate reads. The hit rules include the following types: hotlist, overtime rule, permit, and permit restriction. hit, hotlist, overtime rile, permit, and permit restriction.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013 820
hardware zone
hit
Glossary
Hits
Type of investigation task that reports on hits reported within a selected time range and geographic area. See also hit and hotlist.
An action mapped to a PC keyboard function key (Ctrl+F1 through Ctrl+F12) in Security Desk for quick access. Type of entity that defines a list of wanted vehicles, where each vehicle is identified by a license plate number, the issuing state, and the reason why the vehicle is wanted (stolen, wanted felon, Amber alert, VIP, and so on). Optional vehicle information might include the model, the color, and the vehicle identification number (VIN). See also hit rule.
Type of operation task used to edit an existing hotlist or permit list. A new list cannot be created with this task, but after an existing list has been added to Security Center, users can edit, add, or delete items from the list, and the original text file is updated with the changes. See also hotlist and permit.
hotspot
Type of map object that represents an area on the map that requires special attention. Clicking on a hotspot displays associated fixed and PTZ cameras. See also map object.
HTTPS
Secure Hypertext Transfer Protocol for the World Wide Web that provides safe data transmission by encrypting and decrypting information sent over the Internet.
I
I-frame Synonym of intra-frame and key frame. See also key frame. illuminator A light in the Sharp unit that illuminates the plate, thereby improving the accuracy of the images produced by the LPR camera. See also LPR camera. Immersive view Import tool Plan Manager feature that lets you 'walk' inside a building or a city in a first person view. Tool that allows you to import cardholders, cardholder groups, and credentials from a CSV (Comma Separated Values) file.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
821
Glossary
inactive entity
An entity that is shaded in red in the entity browser. It signals that the real world entity it represents is either not working, offline, or incorrectly configured. See also entity.
incident
Any incident reported by a Security Desk user. Incident reports can use formatted text and include events and entities as support material. See also Incidents.
Type of investigation task that allows you to search, review, and modify incident reports. A third-party device that communicates with Synergis Master Controller over IP, USB, or RS-485, and provides input, output, and reader connections to the controller module. See also controller module, four-port RS-485 module, and Synergis Master Controller.
interlock
Access restriction placed on a secured area that permits only one door to be open at any given time. When one perimeter door is open, all other perimeter doors are locked. Synonym of I-frame and key frame. See also key frame.
intra-frame
Type of entity that corresponds to a zone or a partition (group of sensors) on an intrusion panel. See also intrusion detection unit.
Type of investigation task that reports on activities (master arm, perimeter arm, duress, input trouble, and so on) in selected intrusion detection areas. Type of entity that represents an intrusion panel (or alarm panel) that is monitored and controlled by Security Center. See also Intrusion Manager.
Type of investigation task that reports on events (AC fail, battery fail, unit lost, input trouble, and so on) pertaining to selected intrusion detection units. Type of role that monitors and controls intrusion panels. It also logs the intrusion events in a database for intrusion activity reports. See also intrusion detection unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
822
Glossary
intrusion panel
A wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. See also intrusion detection unit.
Type of operation task that allows you to add and reconcile license plate reads to a parking facility inventory. Type of investigation task that allows you to view a specific inventory (vehicle location, vehicle length of stay, and so on) or compare two inventories of a selected parking facility (vehicles added, vehicles removed, and so on). Type of maintenance task that reports on the IO configurations (controlled access points, doors, and elevators) of access control units. IO (input/output) linking is controlling an output relay based on the combined state (normal, active, or trouble) of a group of monitored inputs. A standard application would be to sound a buzzer (via an output relay) when any window on the ground floor of a building is shattered (assuming that each window is monitored by a "glass break" sensor connected to an input). See also zone.
IO configuration IO linking
IP IP address
The protocol that routes data packets through a local area network (LAN) and the Internet. An IP Address is a unique numeric address for a specific computer or computing device connected to the Internet, or to a LAN. See also IPv4 and IPv6.
IP camera
IPv4 IPv6
First generation IP protocol using a 32-bit address space. New generation IP protocol extending the address space from 32 to 128 bits.
J K
key frame A key frame (or I-frame, or intra-frame) is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. It is used as reference in video image compression.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
823
Glossary
KML
Keyhole Markup Language (KML) is a file format used to display geographic data in an Earth browser such as Google Earth and Google Maps. See also GIS.
L
Law Enforcement Patroller software installation that is configured for law enforcement: the matching of license plate reads against lists of wanted license plates (hotlists). The use of maps is optional. See also hotlist. license key Software key used to unlock the Security Center software. The license key is specifically generated for each computer where the Directory role is installed. You need the System ID (which identifies your system) and the Validation key (which identifies your computer) in order to obtain your license key. List of license plate numbers of vehicles found in a parking facility within a given time period, showing where each vehicle is parked (sector and row). See also Inventory report. license plate read License plate number captured from a video image using LPR technology. See also hit and License Plate Recognition. License Plate Recognition Image processing technology used to read license plate numbers. License Plate Recognition (LPR) converts license plate numbers cropped from camera images into a database searchable format. See also LPR camera and OCR equivalence. live hit live read load balancing A hit matched by the Patroller and immediately sent to the Security Center over a wireless network. A license plate captured by the Patroller and immediately sent to the Security Center over a wireless network. Distribution of workload across multiple computers. See also failover and high availability. logical ID Unique IDs assigned to each entity in the system for ease of reference. Logical IDs are only unique within a particular entity type.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
824
Glossary
Logical view
Browser view that organizes all viewable entities in Security Desk (such as areas, cameras, doors, elevators, maps, and so on) according to their logical relationships. Areas are used as logical groupings for other entities. Each area may represent a concept or a physical location. See also Security Desk.
Type of investigation task that reports on the logon records of a selected Patroller. Type of parking regulation characterizing an overtime rule. The "long term" regulation uses the same principle as the "same position" regulation, but the parking period is over 24 hours. No more than one overtime rule may use the long term regulation in the entire system. See License Plate Recognition. A camera connected to an LPR unit that produces high resolution close-up images of license plates. See also context camera and SharpX.
LPR Manager
Type of role that manages and controls Patrollers and fixed Sharp units. The LPR Manager manages the data (reads and hits) collected by the LPR units it controls and updates the configuration of the mobile units (Patrollers) every time they begin a new shift. Method used by Security Center/AutoVu for processing a license plate read. An LPR rule can be a "hit rule" or a "parking facility". See also hit rule and parking facility.
LPR rule
LPR unit
Type of entity that represents a hardware device dedicated to the capture of license plate numbers. An LPR unit is typically connected to an LPR camera and a context camera. These cameras can be incorporated to the unit or external to the unit. See also AutoVu LPR Processing Unit, License Plate Recognition, LPR Manager, and Sharp unit.
M
macro Type of entity that encapsulates a C# program that adds custom functionalities to Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
825
Glossary
main server
The only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server in order to be part of the same system. In an high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database. See also Directory server, expansion server, and server.
When license plate information is entered into the system by the user, and not by the LPR. Manufacturer specific settings for access control units, video units, and intrusion detection units. Plan Manager server module that manages the Plan Manager database. It must run on the Plan Managers main server. See also Plan Manager Server.
Map Generator
Plan Manager server module that imports raster and vector maps to Plan Manager database. See also Plan Manager configuration.
map link
Type of map object that lets you jump to either another map or another area of the same map. See also map object.
Security Desk canvas operating mode where the main area of the canvas is used to display a geographical map. A graphical object displayed on a Plan Manager map, such as a camera, a door, or a hyperlink, that allows you to monitor and control your Security Center system, or to navigate through your maps. See also hotspot, map link, and Plan Manager Client.
Plan Manager server module that sends map files to Security Desk. See also Plan Manager Client and Plan Manager Server.
master arm
Arming an intrusion detection area in such a way that all sensors attributed to the area would set the alarm off if one of them is triggered. Some manufacturers call this arming mode Away arming.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
826
Glossary
Media Router
The central role that handles all stream (audio and video) requests in Security Center. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (client applications). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers). Metadata is data about data. Any data that describes or enriches the raw data. Tool used to migrate Omnicast 4.x systems to Security Center 5. This tool must be executed on every server computer where Omnicast 4.x components are installed. Access control unit operation mode where all access control decisions are made by the unit locally based on information downloaded from the Access Manager during unit synchronization. Access events are reported to the Access Manager in real-time. See also offline mode, online mode.
mixed mode
M-JPEG
Motion JPEG (M-JPEG) is an informal name for a class of video formats where each video frame of a digital video sequence is separately compressed as a JPEG image. See Mobile License Plate Inventory. Web-based administration tool used to configure the Mobile Server. See also Mobile Server.
Mobile app
The client component of Security Center Mobile installed on mobile devices. Mobile app users connect to Mobile Server to receive alarms, view live video streams, view the status of doors, and more, from Security Center. See also mobile device, Mobile Server, and Web Client.
Mobile Data Computer (MDC). Tablet computer or ruggedized laptop used in patrol vehicles to run the AutoVu Patroller application. The MDC is typically equipped with a touch-screen with a minimum resolution of 800 x 600 pixels and wireless networking capability. Any handheld device that can connect to Wi-Fi or wireless carrier networks, such as a smartphone, tablet, and so on, on which the Mobile app is installed. See also Mobile app.
mobile device
Patroller software installation that is configured for collecting license plates and other vehicle information for creating and maintaining a license plate inventory for a large parking area or parking garage. See also license plate inventory and parking facility.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
827
Glossary
Mobile Server
The server component of Security Center Mobile that connects Mobile apps and Web Clients to Security Center. The Mobile Server connects to Security Center, and synchronizes the data and video between Security Center and supported Mobile client components. See also Mobile Admin, Mobile app, and Web Client.
monitor group
Type of entity used to designate analog monitors for alarm display. Besides the monitor groups, the only other way to display alarms in real time is to use the Alarm monitoring task in Security Desk. See also Alarm monitoring and analog monitor.
ID used to uniquely identify a workstation screen controlled by Security Desk. Type of operation task that allows you to monitor and respond to real time events pertaining to selected entities of interest. The software component that watches for changes in a series of video images. The definition of what constitutes motion in a video can be based on highly sophisticated criteria. Type of investigation task that searches for motion detected in specific areas of a camera's field of view. User defined areas within a video image where motion should be detected. Tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move. A patented collection of methods defining compression of audio and visual (AV) digital data. Communication between a single sender and multiple receivers on a network.
MPEG-4 multicast
N
NAT Navigator See network address translation. Genetec's proprietary in-vehicle device that provides GPS coordinates and odometer readings to Patroller. The Patroller uses this information to provide precise reverse geocoding to vehicles and reads. See also reverse geocoding. network Entity type used to capture the characteristics of a network for stream routing purposes.
828
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Glossary
The process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device, for the purpose of remapping one IP address space into another. Browser view that illustrates your network environment by showing each server under the network they belong to. In Patroller, a manually entered hotlist item. When you are looking for a plate that does not appear in the hotlists loaded in the Patroller, you can enter the plate in order to raise a hit if the plate is captured.
O
OCR equivalence The interpretation of OCR equivalent characters performed during license plate recognition. OCR equivalent characters are visually similar, depending on the plates font. For example, the letter O and the number 0, or the number 5 and the letter S. There are several pre-defined OCR equivalent characters for different languages. See also Optical Character Recognition. offline mode Access control unit operation mode when the communication with the Access Manager has been lost. The unit makes access control decisions locally, based on information downloaded from the Access Manager during unit synchronization. Access events are logged in the unit and are uploaded to the Access Manager when the network connection is re-established. See also mixed mode and online mode. OGC Open Geospacial Consortium (OGC) is a standards organization for geographic information systems. See also GIS and WMS. Omnicast Omnicast is the IP video surveillance system of Security Center that provides seamless management of digital video. Omnicast allows for multiple vendors and CODEC (coder/decoder) to be used within the same installation, providing the maximum flexibility when selecting the appropriate hardware for each application. Software component that you need to install to make Security Center compatible with an Omnicast 4.x system. Type of role that imports entities from an independent Omnicast 4.x system so that its cameras and events can be used by your local Security Center users.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
829
Glossary
online mode
Access control unit operation mode where the unit is under the direct real-time control of the Access Manager. The Access Manager makes all access control decisions. This mode is not available with HID VertX and Edge units. See also mixed mode and offline mode.
Optical Character Recognition (OCR) is the technology used to translate the characters found in images into machine editable text. See also OCR equivalence.
Type of entity that defines a custom output signal format such as a pulse with a delay and duration. Type of entity that defines a parking time limit and the maximum number of violations enforceable within a single day. Overtime rules are used in city and university parking enforcement. For university parking, an overtime rule also defines the parking zone where these restrictions apply. See also hit rule and parking zone.
P
parking facility Type of entity that defines a large parking area as a number of sectors and rows for the purpose of inventory tracking. See also Mobile License Plate Inventory. parking lot A polygon that defines the location and shape of a parking area on a map. By defining the number of parking spaces inside the parking lot, Security Center can calculate its percentage of occupancy during a given time period. See also parking zone. parking zone General concept used to designate the area where a given parking regulation (overtime rule, permit, or permit restriction) is enforced. When used in the context of university parking enforcement, the parking zone must be explicitly defined as a list of parking lots. See also parking lot. partition Type of entity that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. See also accepted user and partition manager. partition manager An accepted user of a partition who has full administrative rights over the partition and its members. A partition manager can add, modify, and delete all entities within the partition, including users and user groups.
830
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Glossary
Patroller
Patroller. (1) Type of entity that represents a patrol vehicle equipped with the Patroller software. (2) AutoVu software application installed on an in-vehicle computer. Patroller connects to Security Center and is controlled by the LPR Manager. Patroller verifies license plates read from LPR cameras against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). It also collects data for time-limited parking enforcement. Patroller alerts you of hotlist or permit hits so that you can take immediate action. See also LPR camera and LPR Manager.
Patroller administrative application used to configure Patroller-specific settings such as: adding Sharp cameras to the in-vehicle LAN; enabling features such as Manual Capture or New Wanted; and specifying that a username and password are needed to log on to Patroller. Type of operation task that keeps count in real time of the number of cardholders in all secured areas of your system. Arming an intrusion detection area in such a way that only sensors attributed to the area perimeter would set the alarm off if triggered. Other sensors such as motion sensors inside the area will be ignored. Type of entity that defines a single parking permit holder list. Each permit holder is characterized by a permit ID, a license plate number, a license issuing state, and optionally, a permit validity range (effective date and expiry date). Permits are used in both city and university parking enforcement. See also City Parking Enforcement and University Parking Enforcement.
permit
permit hit
A hit that is generated when a read (license plate number) does not match any entry in a permit or when it matches an invalid permit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
831
Glossary
permit restriction
Type of entity that applies time restrictions to a series of parking permits for a given parking zone. Permit restrictions are only used in university parking enforcement. Different time restrictions can be associated to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. A plate read generates a permit hit in the following instances: Does not match any entry in the list Matches one or more permit in the list that are not valid in the parking zone Matches an invalid permit Matches a valid permit, but the permit is not valid at that time Matches a valid permit number, but the permit is temporarily not allowed to park. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. See also parking zone, permit, and permit hit.
Plan Manager
Security Center feature that lets you create and integrate interactive maps into your system, for access control, video streaming and intrusion detection. It uses digital maps to represent the physical locations of monitored inputs such as cameras, doors, areas and zones. See also Plan Manager Client and Plan Manager Server.
Plan Manager client component that runs as a plugin for Security Desk. It enables operators to use maps to monitor and control cameras, doors, and other security devices, and administrators to create map objects. See also map object, Map Tile Server, and tile plugin.
Administrative task used to set up Plan Manager Server and configure the map hierarchy. See also Plan Manager Server.
Plan Manager server component that includes three modules: Map Data Server, Map Generator, and Map Tile Server. See also Map Data Server, Map Generator, Map Tile Server, and Plan Manager configuration.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
832
Glossary
Plate Reader
Software component of the Sharp unit that processes the images captured by the LPR camera to produce license plate reads, and associates each license plate read with a context image captured by the context camera. The Plate Reader also handles the communications with the Patroller and the LPR Manager. If an external wheel imaging camera is connected to the Sharp unit, the Plate Reader also captures wheel images from this camera. See also LPR Manager, Patroller, and Sharp unit.
Plugin
Plugin. There are two definitions: (1) Proper noun Type of role that hosts a specific plugin. (2) Common noun A software module that adds a specific feature or service to a larger system.
Point of Sale
Type of role that imports transaction data from an external point of sale system so that transaction reports can be generated from Security Desk for investigation purposes. See also point of sale system.
Point of sale (POS) typically refers to the hardware and software used for checkouts - the equivalent of an electronic cash register. Point of sale systems are used in supermarkets, restaurants, hotels, stadiums, and casinos, as well as almost any type of retail establishment. Today's POS systems handle a vast array of features, including, but not limited to, detailed transaction capture, payment authorization, inventory tracking, loss prevention, sales audit and employee management.
Self-contained video player that can play exported Security Center video files on computers that do not have Security Center installed. See also video file.
primary server
The default server chosen to perform a specific function (or role) in the system. To increase the system's fault-tolerance, the primary server can be protected by a secondary server on standby. When the primary server becomes unavailable, the secondary server automatically takes over. See also failover.
private IP address
An IP address chosen from a range of addresses that are only valid for use on a LAN. The ranges for a private IP address are: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.16.255.255, and 192.168.0.0 to 192.168.255.255. Routers on the Internet are normally configured to discard any traffic using private IP addresses.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
833
Glossary
private task
Entity that represents a saved type of task that is visible only to the user who created it. See also public task and task.
One of the three panels found in the Security Desk canvas. It is used to show the metadata associated to the entity displayed in the current tile. A special partition created at system installation that has the unique characteristic that all its members are visible to all users on the system, regardless whether they are accepted users or not. Entity that represents a saved task that can be shared among multiple Security Center users. See also private task and task.
public task
Q R
read reader Reads Reads/hits per day Reads/hits per zone recording mode See license plate read. A sensor that reads the credential for an access control system. For example, this can be a card reader, or a biometrics scanner. Type of investigation task that reports on license plate reads performed within a selected time range and geographic area. Type of investigation task that reports on license plate reads performed within a selected time range and geographic area. Type of investigation task that reports on the number of reads and hits per day for a selected date range. The criteria by which the Archiver schedules the recording of video streams. There are four possible recording modes: Off (no recording allowed) Manual (record only on user requests) Continuous (always record) On motion/manual (record according to motion detection settings or on user request).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
834
Glossary
recording state
Current recording status of a given camera. There are four possible recording states: Enabled
redirector redirector agent redundant archiving Remote
Server assigned to host a redirector agent created by the Media Router role. Agent created by the Media Router role to redirect data streams from one IP endpoint to another. Option that allows a copy of all the video streams of an Archiver role to be archived simultaneously on the standby server as a protection against data loss. Type of operation task that allows you to remotely monitor and control other Security Desks that are part of your system, using the Monitoring task and the Alarm monitoring task. See also Monitoring and Alarm monitoring.
Type of role that automates report emailing and printing based on schedules. A section in the Security Desk's task workspace used to display information in a tabular form. The rows may correspond to query results or real-time events. See also task workspace.
request to exit
Request to exit (REX). (1) Door release button normally located on the inside of a secured area that when pressed, allows a person to exit the secured area without having to show any credential. This can also be the signal from a motion detector. (2) The signal received by the controller for a request to exit.
reverse geocoding
AutoVu feature that translates a pair of latitude and longitude into a readable street address. See also geocoding and Navigator.
Radio Frequency Identification tag. A device that communicates location data, and other data related to the location, of an object to which it is attached. A software module that performs a specific function (or job) within Security Center. Roles must be assigned to one or more servers for their execution. See also server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
835
Glossary
Browser view that lists all roles on your system with the devices they control as child entities. Entity used to configure the transmission capabilities between two end points in a network for the purpose of routing media streams. Type of investigation task that replays the route followed by a Patroller on a given date on a map.
S
same position Type of parking regulation characterizing an overtime rule. A vehicle is in violation if it is seen parked at the exact same spot over a specified period of time. The Patroller must be equipped with GPS capability in order to enforce this type of regulation. Type of entity that defines a set of time constraints that can be applied to a multitude of situations in the system. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). See also standard schedule and twilight schedule. scheduled task secondary server Type of entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule. Any alternate server on standby intended to replace the primary server in the case the latter becomes unavailable. See also failover and primary server. Security Center Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance system, Synergis IP access control system, and AutoVu IP license plate recognition (LPR) system. See also Security Desk. Security Center Federation Type of role that imports entities from an independent Security Center system so that its entities can be used by your local Security Center users. Security Center Mobile Security Center Mobile is a feature of Genetecs unified platform that lets you remotely connect to your Security Center system over a wireless IP network. Supported Mobile client components include a platform-independent, unified Web Client, as well as various Mobile apps for smartphones and tablets. See also Mobile Admin, Mobile app, Mobile Server, and Web Client.
schedule
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
836
Glossary
security clearance
Numerical value used to further restrict the access to an area when a threat level is in effect. Cardholders can only access (enter or exit) an area if their security clearance is equal or higher than the minimum security clearance set on the area. See also threat level.
Security Desk
Security Desk is the unified user interface of Security Center. It provides consistent operator flow across all of the Security Centers main systems, Omnicast, Synergis, and AutoVu. Security Desks unique task-based design lets operators efficiently control and monitor multiple security and public safety applications. See also Security Center.
selector
One of the panes found in the Security Desk's task workspace. The selector contains different sets of tools, grouped in tabs, to help you find and select the information you need to work on. See also task workspace.
server
Type of entity that represents a server machine on which Genetec Server is installed. See also expansion server, Genetec Server, and main server.
Server Admin
Web application running on every server machine in Security Center that allows you to configure the settings of Genetec Server. Server Admin also allows you to configure the Directory role on the main server. Security Center system that is given the rights to view and modify entities shared by another system, called the sharing host. See also Global Cardholder Synchronizer and global partition.
sharing guest
sharing host
Security Center system that owns partitions that are shared with other Security Center systems, called sharing guests. See also global partition.
Sharp EX
Sharp unit that includes an integrated image processor and supports two standard definition NTSC or PAL inputs for external cameras (LPR and context cameras). See also context camera, LPR camera, and Sharp unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
837
Glossary
Sharp Portal
Web-based administration tool used to configure Sharp cameras for fixed or mobile AutoVu systems. From a Web browser, you log on to a specific IP address (or the Sharp name in certain cases) that corresponds to the Sharp you want to configure. When you log on, you can configure options such as selecting the LPR context (e.g. Alabama, Oregon, Quebec, etc), selecting the read strategy (e.g. fast moving or slow moving vehicles), viewing the Sharps live video feed, and more. See also Sharp unit.
Sharp unit
Genetec's proprietary LPR unit that integrates license plate capturing and processing components, as well as digital video processing functions, inside a ruggedized casing. See also context camera, PlateReaderServer, LPR camera, Sharp EX, Sharp VGA, Sharp XGA, SharpX, and.
Sharp VGA
Sharp unit that integrates the following components: an infrared illuminator; a standard definition (640 x 480) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities. See also context camera, LPR camera, and Sharp unit.
Sharp XGA
Sharp unit that integrates the following components: an infrared illuminator; a high-definition (1024 x 768) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities and optional internal GPS. See also context camera, LPR camera, and Sharp unit.
SharpX
Camera component of the SharpX system. The SharpX camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SharpX VGA
Camera component of the SharpX system. The SharpX VGA camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (640 x 480 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX VGA camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SMC
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Glossary
Software Development Kit Software Development Kit (SDK). Allows end-users to develop custom applications or custom application extensions for Security Center. SSL standard schedule Secure Sockets Layer is a protocol used to secure applications that need to communicate over a network. A subtype of schedule entity that may be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. See also twilight schedule. standby server stream See secondary server. stream. (1) Video stream. (2) Entity representing a specific video quality configuration on a camera. strict antipassback Antipassback option. When enabled, a passback event is generated when a cardholder attempts to leave an area that they were never granted access to. When disabled, Security Center only generates passback events for cardholders entering an area that they never exited. See also timed antipassback. synchronous video Synergis Simultaneous live video or playback video from more than one camera that are synchronized in time. Synergis is the IP access control system of the Security Center designed to offer end-to-end IP connectivity, from access control reader to client workstation. Synergis seamlessly integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more.
Synergis Master Controller Genetec's access control unit that supports a variety of third party readers and (SMC) interface modules over IP, USB, and RS-485. SMC is seamlessly integrated to Security Center, and is capable of making the access control decisions independently of the Access Manager. See also access control unit, controller module, and four-port RS-485 module. system event A system event is a standard Security Center event defined at system installation. Unlike custom events, system events cannot be renamed or deleted. See also custom event. System status Type of maintenance task that monitors the status of all entities of a given type in real time, and allows you to interact with them.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
839
Glossary
T
tailgating task A person who enters a secure area without presenting a credential, by following behind another person who has presented their credential. The central concept on which the entire Security Center user interface is built. Each task corresponds to one aspect of your work as a security professional. For example, use a monitoring task to monitor system events in real-time, use an investigation task to discover suspicious activity patterns, or use an administration task to configure your system. All tasks can be customized and multiple tasks can be carried out simultaneously. See also private task and public task. task cycling task workspace Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time. Area in the Security Center client application window reserved for the current task. The workspace is typically divided into three panes: canvas selector report pane See also canvas, report pane, and selector. taskbar User interface element of the Security Center client application window, composed of the Home button and the task list. The taskbar can be configured to appear on either edge of the application window. Emergency handling procedure that a Security Desk operator can enact on one area or the entire system to deal promptly with a potentially dangerous situation, such as a fire or a shooting. An individual window within the tile panel, used to display a single entity. The entity displayed is typically the video from a camera, a map, or anything of a graphical nature. The look and feel of the tile depends on the displayed entity. See also tile panel. tile ID The number displayed at the upper left corner of the tile. This number uniquely identifies each tile within the tile panel. See also tile and tile panel. Tile mode Security Desk canvas operating mode where the main area of the canvas is used to display the tile panel and the dashboard.
threat level
tile
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
840
Glossary
tile panel
Panel within the canvas used to display multimedia information, such as videos, maps and pictures. The tile panel is composed of individual display windows called tiles. See also canvas and tile.
tile pattern
Predefined tile arrangements within the tile panel. See also tile panel.
tile plugin
Type of entity that represents an application that runs inside a Security Desk tile. Examples of tile plugins include a web browser (available as standard Security Center feature) and Plan Manager Client. See also Plan Manager and plugin.
Type of investigation task that reports on who has been inside a selected area and the total duration of their stay within a given time range. Antipassback option. When Security Center considers a cardholder to be already in an area, a passback event is generated when the cardholder attempts to access the same area again during the time delay defined by Timeout. When the time delay has expired, the cardholder can once again pass into the area without generating a passback event. See also strict antipassback.
timeline
A graphic illustration of a video sequence, showing where in time, motion, and bookmarks are found. Thumbnails can also be added to the timeline to help the user select the segment of interest. The Transmission Control Protocol (TCP) is a connection-oriented protocol used to send data over an IP network. The TCP/IP protocol defines how data can be transmitted in a secure manner between networks. TCP/IP is the most widely used communications standard and is the basis for the Internet. The process of transferring data in small amounts. A subtype of schedule entity that supports both daytime and nighttime coverages. A twilight schedule may not be used in all situations. Its primary function is to control video related behaviors. See also standard schedule.
U
unicast Communication between a single sender and a single receiver over a network.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
841
Glossary
Uniform Resource Locator A URL (Uniform Resource Locator, previously Universal Resource Locator) is the unique address for a file that is accessible on the Internet. The URL contains the name of the protocol (http:, ftp:, file:) to be used to access the file resource, a domain name that identifies a specific computer on the Internet, and a path name, a hierarchical description that specifies the location of a file in that computer. unit A hardware device that communicates over an IP network that can be directly controlled by a Security Center role. We distinguish four types of units in Security Center: Access control units, managed by the Access Manager role
Video units, managed by the Archiver role LPR units, managed by the LPR Manager role Intrusion detection units, managed by the Intrusion Manager role.
See also access control unit, Access Manager, Archiver, Intrusion Manager, LPR Manager, LPR unit, and video unit. Unit discovery tool Tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system. Tool used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one. For an access control unit, the configuration of the old unit is copied to the new unit. For a video unit, the video archive associated to the old unit is now associated to the new unit, but the unit configuration is not copied. Patroller software installation that is configured for university parking enforcement: the enforcement of scheduled parking permits or overtime restrictions. The use of maps is mandatory. Hotlist functionality is also included. See also overtime rule, permit, and permit restriction. unreconciled read MLPI license plate read that has not been committed to an inventory. See also Mobile License Plate Inventory. user Type of entity that identifies a person who uses Security Center applications and defines the rights and privileges that person has on the system. Users can be created manually or imported from an Active Directory. See also Active Directory and user group.
Unit replacement
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
842
Glossary
The User Datagram Protocol (UDP) is a connectionless protocol used to exchange data over an IP network. UDP is more efficient than TCP for video transmission because of lower overhead. Type of entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be member of multiple user groups. User groups can also be nested. See also user.
user group
user level
A numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or to stay logged on when a threat level is set. The smaller the value, the higher the priority. See also threat level, user, and user group.
user privilege
Privileges that control what operations a user is allowed to perform in Security Center, independent of what entities they can access, and within the constraints set by the software license. User privileges can be inherited from user groups. See also access right, partition, user, and user group.
V
validation key Serial number uniquely identifying a computer that must be provided to obtain the license key. See also license key. vehicle identification number All vehicles have a manufacturer assigned vehicle identification number (VIN). This is usually visible from outside the vehicle as a small plate on the dashboard. A VIN can be included as additional information with license plate entries in a hotlist or permit list, to further validate a hit and ensure that it is the correct vehicle. The software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people going through a door, license plate recognition, detection of unattended objects, or the direction of people walking or running. Video archive includes both the recorded audio/video footage and the database that documents those recordings (source camera, timestamps, events, bookmarks, and so on).
video analytics
video archive
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
843
Glossary
video encoder
Device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG-4, MPEG-2 or M-JPEG). The video encoder is one of the many devices found on a video encoding unit. See also camera and video unit.
video decoder
Device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. See also analog monitor and video unit.
video file
File created by an archiving role (Archiver or Auxiliary Archiver) to store archived video. The file extension is G64. You need the Security Desk or the Portable Archive Player to read video files. See also Archiver, Auxiliary Archiver, and G64.
Type of investigation task that browses through your file system for video files (G64) and allows you to play, convert to ASF, and verify the authenticity of these files. Any recorded video stream of a certain duration. Type of entity that represents a video encoding or decoding device capable of communicating over an IP network and incorporating one or more video encoders. They come in a wide variety of brands and models. Some support audio, others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. See also Archiver, video decoder, and video encoder.
video watermarking
Process by which a digital signature (watermark) is added to each recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete or modify a frame), the signatures will no longer match, thus, showing that the video has been tampered with. A subtype of zone entity where the IO linking is done by software. The input and output devices may belong to different units of different types. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. See also hardware zone and zone.
virtual zone
Type of investigation task that reports on the stay (check-in and check-out time) of current and past visitors. Type of investigation task that reports on visitor activities (access denied, first person in, last person out, antipassback violation, and so on).
844
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Visitor management
Type of operation task that allows you to check in, check out, and modify visitors, as well as manage their credentials, including temporary replacement cards. Visual tracking is a feature in Security Desk that allows you to follow an individual across different areas of your company without ever loosing sight of that individual, as long as the places this person goes through are monitored by cameras. This feature displays transparent overlays on the video to show you where you can click to switch to adjacent cameras. The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports. See also discovery port.
visual tracking
VSIP port
W
watchdog Security Center service installed alongside the Genetec Server service on every server computer, whose sole purpose is to monitor the operation of Genetec Server, and to restart it if abnormal conditions are detected. Type of role that exposes the Security Center SDK methods and objects as Web services to support cross-platform development. The client component of Security Center Mobile that provides access to Security Center features from a Web browser. Web Client users connect to Mobile Server to configure and monitor various aspects of your Security Center system. See also Mobile Server. wheel imaging widget Wiegand Virtual tire-chalking technology that takes images of the wheels of vehicles to prove whether they have moved between two license plate reads. A component of the graphical user interface (GUI) with which the user interacts. An electrical interface standard and format used between a reader and controller (from the original Wiegand card reader).
Windows Communication Windows Communication Foundation (WCF) is a communication Foundation architecture used to enable applications, in one machine or across multiple machines connected by a network, to communicate. AutoVu Patroller uses WCF to communicate wirelessly with Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
845
WMS
Web Map Service (WMS) is a standard protocol for serving over the Internet, georeferenced map images that are generated by a map server using data from a GIS database. See also GIS and OGC.
X Y Z
zone Type of entity that monitors a set of inputs and triggers events based on their combined states. These events can be used to control output relays. See also hardware zone, IO linking, and virtual zone. Zone activities Zone Manager Type of investigation task that reports on zone related activities (zone armed, zone disarmed, lock released, lock secured, and so on). Type of role that manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Type of investigation task that reports on the number of vehicles parked in a selected parking zone, and the percentage of occupancy (for university parking only). See also University Parking Enforcement.
Zone occupancy
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
846
Index
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
ABA field, defining, 674 about entity tree, 85 Logical view, 85 System entity, 85 accepted user, partitions, 92, 449 access control setting entity expiration, 634 troubleshooting configurations, 320 Access control health history, about, 308 access control unit about, 337 adding using Unit discovery tool, 265 configuring, 267 connection parameters, 344 renaming, 345 SMC, 267 synchronizing about, 267 modes, 348 viewing events, 309 viewing health events, 308 viewing IO configurations, 310 viewing properties, 184 wiring doors, 268 Access control unit events, about, 309 access denied events, investigating, 325 Access diagnosis, using, 323 access granted events, investigating, 325 Access Manager about, 260, 511 adding, 260 configuring, 260 keeping events, 512 resolving conflicts, 515 access rights
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
troubleshooting, 323 viewing, 325 access rule about, 349 applying, 277 configuring, 281 creating, 281 viewing configurations, 317 Access rule configuration about, 317 generating report, 317 Access troubleshooter about, 294, 320, 652 limitations, 320 troubleshooting access requirements, 323 cardholder access rights, 322 doors, 321 accessing storage devices, 226 action about, 106 action privileges, users, 708 actions action types, 758763 reference list, 758 task-related, 24 activating Genetec Server Directory, 478 roles, 51 user profiles, 483 Active Directory about, 516 encrypted communication, 144 importing cardholders, 284 importing ccredentials, 287 importing users, 102 synchronizing entities, 142 active tasks, list, 485 active tasks, updating, 686
847
Index
Activity trails about, 182 generating report, 182 adding accepted partition users, 92 access control units, 261 Access Mangers, 260 Archivers, 193 area members, 279 cameras to camera sequences, 218 cameras to doors, 270 cash registers, 597 expansion servers, 47 parition members, 448 parity checks, 673 partition members, 92 secondary servers, 64, 534 tasks, 22 tasks to favorites, 24 video units, 194, 244 administrative privileges, users, 697 Administrators user group, about, 97 advanced settings Archiver, 541 video units, 532 alarm about, 351 attached entities, 353 automatic acknowledgement, 355 automatic video recording, 356 broadcast mode, 353 configuring, 112 creating incidents on acknowlegement, 355 entities, 111 managing, 111 procedure, 355 protecting recorded video, 356 reactivation threshold, 354 recipients, 353 responding, 115 schedules, 355 setting priority, 352 testing, 112 triggering, 113 troubleshooting, 112 video display options, 355 Alarm Monitoring, assigning Logical IDs, 626 analyzing report results, 30
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
antipassback about, 361 configuring, 280 application privileges, users, 695 applying access rules for elevators, 277 custom filters, 43 custom filters using search tool, 43 name filters, 43 architecture Security Center system, 6 Synergis system, 252 archive database, about, 224 archive storage about, 224 accessing, 226 estimating requirements, 225 managing, 225 monitoring, 226 Archive storage details about, 233 protecting video files, 231 archive viewing, user limitations, 487, 492 Archiver about, 521 adding, 193 Bosch VRM settings, 531 camera details, 540 configuring, 193 servers, 534 standby archiving, 535 discovering video units, 529 failover, 227 limitation, 229 protected video file statistics, 539 recording modes, 522 recording options, 523, 545 settings advanced, 541 database, 536 network card, 538 storage, 536 video units, 528 statistics, 538 what is, 193 Archiver events, about, 249 Archiver role, searching for events, 249 archives
848
Index
viewing storage details, 233 area about, 360 adding members, 279 antipassback properties, 361 associating doors, 279 configuring, 278 creating, 278 interlock properties, 362 viewing cardholder access rights, 325 arming delaying arming, 505 hardware zones, 505 virtual zones, 508 zones, 160 assigning Keyboard shortcuts, 682 associating access control units to hardware zones, 503 doors to areas, 279 hardware zone states to events, 504 virtual zone states to events, 508 virtual zones to Zone Managers, 507 audio alarm, about, 391 Audit trails, about, 181 automatic stream selection, video units, 211 automating alarm acknowledgement, 355 database backup, 58 disk cleanup, 225 system behavior, 103 video recording on alarms, 356 AutoVu ports used (default), 778 Auxiliary Archiver about, 543 recording modes, 545 settings database, 548 network, 548 storage, 548
Badge designer, about, 366 badge template about, 365 Badge designer tool, 366 creating, 289 preview, 293 best practices configuring cameras, 209, 220 configuring system administrators, 97 deploying Omnicast, 190 deploying Synergis, 256 resolving reader issues, 327 solving HID unit issues, 314 system configuration, 90 wiring doors to access control units, 268 bit rate camera settings, 372 setting priority, 372 video unit settings, 497 boosting recording quality manual recording, 376 settings, 376 special events, 212 system events, 376 broadcast mode, about, 353 buzzer, configuring, 269
C
camera about, 209, 220, 368 audio alarm events, 391 boost quality settings, 376 boosting quality on event recording, 376 on manual recording, 376 configuring, 209, 220 motion detection, 379 lens type, 392 linking speakers/microphones, 391 not recording, 241 rotating images, 392 setting bit rate, 372 bit rate priority, 372 connection type, 374
B
backing up databases, 57 video archives, 227
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
849
Index
video quality, 370 stream usage, 373 tampering, 391 visual tracking, 388 camera details, Archiver, 540 camera recording, troubleshooting, 241 camera sequence about, 393 adding cameras, 218 configuring cameras, 218 creating, 218 removing cameras, 218 camera tampering, about, 391 cannot add video units, troubleshooting, 244 cannot delete video units, troubleshooting, 247 cardholder about, 395 configuring, 283 creating, 283 importing from Active Directory, 284 from flat file, 284 managing, 284 setting picture size, 284, 635 troubleshooting access rights, 322 viewing access rights, 325 viewing properties, 318 Cardholder access rights, about, 325 Cardholder configuration, about, 318 cardholder group about, 398 configuring, 283 creating, 284 viewing access rights, 325 viewing member properties, 318 Cardholder troubleshooter about, 322 using, 322 cash register about, 400 adding, 597 CCTV matrix integration, 190 using, 129 changing role servers, 50 taskbar position, 27 user password, 10, 483
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
video file protection status, 231 checking macro syntax, 430 choosing zone type, 163 closing Security Center, 10 closing Security Desk options, 687 columns reference list, 723 reordering, 33 resizing, 32 selecting, 32 showing/hiding, 32 Comm LED, about, 787 command port, about, 497 common configuration tabs about, 332 Cameras tab, 334 Custom fields tab, 335 Identity tab, 332 Location tab, 336 concurrent logons, limiting, 484 Config Tool interface, 13 configuration changes, investigating, 181 configuring Access Manager, 260 access rules, 281 alarms, 112 antipassback, 280 Archiver, 193 Archiver servers, 534 areas, 278 automatic disk cleanup, 225 camera sequences, 218 cameras, 209, 220 cardholder groups, 283 cardholders, 283 credentials, 285 database notifications, 57 Directory, 473 door buzzers, 269 doors, 268 elevator floors, 275 elevator relays, 276 elevators, 274 entities, 85 entity tree, 86 federated entities, 129
850
Index
full screen mode, 95 Genetec Server, 476 hardware zones, 162 HID units, 799 inputs, 503 interlock, 280 Media Router, 202 motion detection, 379 output pins, 498 partitions, 90 PTZ, 390 readerless doors, 269 role groups, 135 roles, 49 Saved tasks page, 23 Security Center/Patroller communication, 571 servers, 48 standby archiving, 535 user groups, 96 user password expiration, 484 user privileges, 99 users, 93 video streams, 210 virtual zones, 162 visual tracking, 212 conflict resolution utility, using, 149 connecting Security Center, 9 connection parameters access control units, 344 federated Omnicast systems, 592 federated Security Center systems, 603 contacting technical support, 869 contextual command toolbar, 17 converting expansion servers to main servers, 478 main servers to expansion servers, 49, 479 primary servers to expansion servers, 534 Copy configuration tool about, 668 using, 668 countdown buzzer, about, 505 create event-to-actions, 107 creating access rules, 281 areas, 278 badge templates, 289
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
camera sequences, 218 cardholder groups, 284 cardholders, 283 credentials, 285 databases, 55 doors, 268 entities, manually, 37 incidents for door state overrides, 635 on alarm alcknowledgement, 355 intrusion detection areas, 159 Intrusion Managers, 156 macros, 110 network entities, 83 parent user groups, 98 partitions, 91 roles, 50 tasks, 22 user groups, 97 users, 94 credential about, 401 configuring, 285 creating, 285 enrolling, 287 importing from Active Directory, 287 from flat file, 287 information, 402 state, 402 viewing properties, 319 Credential configuration, about, 319 cross-platform development about, 164 Web-based SDK, 164 CSV file importing, 658 fields, 662 custom card format benefits, 287 using, 287, 635 Custom card format editor about, 670 adding parity checks, 673 defining ABA fields, 674 formats, 670 Wiegand fields, 672
851
Index
deleting custom card formats, 677 custom data type add, 138 configuration tab, 621 modify, 139 properties, 621 what is, 138 custom field add, 136 configuration tab, 619 properties, 619 purpose, 136 standard data types, 619 custom fields importing limitations, 665 custom filter, applying, 43 cycling tasks, 24
D
database backing up automatic, 58 manual, 57 configuring notifications, 57 creating, 55 deleting, 59 finding version, 56 managing, 52 relocating, 53 restoring, 58 settings, 52 archiving, 536, 548 database failover backup and restore, 72 automatically reconnect to master database, 73 contingency backup, 72 configuring, 72 database server, about, 53 date and time options configuring, 690 displaying time zone abbreviations, 690 date coverage, setting, 464 deactivating Genetec Server Directory, 479 roles, 51 user profiles, 483
default network, 83 schedule, 104 user, 94 defining ABA fields, 674 custom card formats, 670 partitions, 91 schedules, 105 Wiegand fields, 672 delaying hardware zone arming, 505 virtual zone arming, 508 deleting current task, 25 custom card formats, 677 databases, 59 discovered entities, 45 entities, 45, 88 intrusion detection unit logs, 424 partition members, 448 tasks, 24 deleting video units, 247 demo license, acquiring, 869 deploying Omnicast, 190 Synergis, 256 determining Web service address, 606 diagnosing entities, 180 impossible to establish video session error, 239 video streams, 235 waiting for signal error, 237 Directory about, 551 configuring, 473 troubleshooting connection problems, 679 Directory Availability Manager, what is, 66 Directory Manager about, 552 Directory server, what is, 66 disarming zones, 160 discovered entities about, 39 deleting, 45 discovery port, video units, 497 displaying Security Desk in full screen, 24
852
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
document information, ii documentation. See production documentation door about, 357, 404, 432 adding cameras, 270 behavior, 405 buzzer, 269 configuring, 268 creating, 268 door state override incidents, 635 troubleshooting, 326 troubleshooting access rights, 324 unlock schedules, 406 viewing cardholder access rights, 325 wiring, 268 See also readerless door Door troubleshooter about, 321, 324 generating a report, 324 using, 321 duplicating entities, 87
E
editing keyboard shortcuts, 682 elevator about, 410 access rules, applying, 277 configuring, 274 floors, 275 relays, 276 hardware requirements, 274 viewing cardholder access rights, 325 enabling task cycling, 485 encryption communication Security Center and Active Directory, 144 enrolling credentials, 287 intrusion panels, 156 enryption key, setting up, 230 entities availability, 171 basic information, 38 configuring, 85 creating
network entities, 83 creating manually, 37 deleting, 45 diagnosing, 180 discovering, 39 duplicating, 87 entity types, 331505 renaming, 85, 87 searching, 42 by custom filter, 43 by name, 43 using global search, 42 using search tool, 43 state types, 179 viewing, 85 entity states about, 179 red, 85 troubleshooting, 179 yellow, 85 entity tree configuring, 86 deleting entities, 88 duplicating entities, 87 reorganizing, 87 entity tree, about, 85 entity types access control unit, 337 access rule, 349 alarm, 351 analog monitor, 357, 432 area, 360 badge template, 365 camera, 368 camera sequence, 393 cardholder, 395 cardholder group, 398 cash register, 400 credential, 401 door, 404 elevator, 410 hardware zone, 502 hotlist, 414 intrusion detection area, 421 intrusion detection unit, 423 LPR unit, 426 macro, 429 network, 434
853
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
output behavior, 437 overtime rule, 439 parking facility, 444 partition, 447 Patroller, 450 permit, 453 permit restriction, 457 public task, 461 role, 462 schedule, 463 scheduled task, 469 server, 471 tile plugin, 480 user, 482 user group, 489 video unit, 494 virtual zone, 506 entity, what is, 36 error impossible to establish video session, 239 waiting for signal, 237 error messages, investigating, 170 estimating archive storage requirements, 225 evaluating zone states, 503 event about, 106 custom events, 106 event types, 745757 event recording, boosting quality, 376 event types, reference list, 745 event-to-action compared to scheduled task, 109 create, 107 search, 108 using, 106 See also event, action exceptions federated alarms, 130 execution context, defining, 431 expanding Security Desk full screen, 24 expansion server adding, 47 what is, 7 exporting keyboard shortcut configurations, 682 report results, 31
F
F11 command, disabling, 95 failover how does it work?, 61 limitation, Archiver, 229 load planning, 228 third-party solutions, 60 favorites adding tasks, 24 removing tasks, 24 features, Omnicast system, 187 federated entity configuring, 129 exceptions, 130 identifying, 128 using, 129 what is, 128 Federating Omnicast systems, 131 Security Center systems, 133 Federation about, 128 advanced settings, 134 Omnicast Federation, 131 types of, 128 Federation host, definition, 128 filtering report queries, 712 finding Archiver role events, 249 database information, 56 who made configuration changes, 181 See also searching firmware upgrade, video units, 496 flat file importing cardholders, 284 importing credentials, 287 floor, elevators, 275 full screen mode configuring as default, 95 full screen, enabling for Security Desk, 24
G
general privileges, users, 696 generating Access rule configuration report, 317 Activity trails report, 182
854
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
Door troubleshooter report, 324 reports, 30 generating reports maximum results, 30 Genetec Server activating Directory, 478 configuring, 476 deactivating Directory, 479 expansion servers, 7 main server, 7 what is, 7 geocoding, about, 574 global cardholder management, what is, 296 Global Cardholder Synchronizer about, 557 connection parameters, 558 shared partitions, 559 synchronization options, 559 Global Cardholder Synchronizer, what is?, 298 global search, using, 42
H
H.264 issues, solving, 248 Hardware inventory, about, 184 hardware matrix, integration, 190 hardware requirements HID units, 782 hardware requirements, elevators, 274 hardware zone about, 161, 502 arming on a schedule, 505 using a switch key, 505 associating access control units, 503 zone states to events, 504 configuring, 162 countdown buzzer, 505 delaying arming, 505 evaluating zone state, 503 setting reactivation threshold, 504 See also zone Health history, about, 170 health issues, viewing, 168 Health Monitor about, 560
Health Monitor, what is, 75 health monitoring maintenance mode, 80 health monitoring, what is, 75 Health statistics, about, 171 HID Discovery GUI utility about, 783 using, 783 HID Edge plus, wiring, 800 HID Edge reader, wiring, 800 HID unit configuring, 799 door with reader, 799 door with two sensors, 799 inputs, 799 network, 782 discovering, 783 features available, 792 interpreting Comm LED, 787 Power LED, 787 operation modes, 791 setting up, 784 hardware, 782 special considerations default input settings, 785 HID hardware, 785 HID V1000 units, 785 supported software/hardware, 788 troubleshooting, 314 discovery issues, 315 enrollment issues, 315 wiring diagrams, 800 HID VertX units wiring VertX V1000, 801 VertX V2000, 802 hiding columns, 32 dashboard, 24 report pane, 24 selector, 24 taskbar, 27 unassigned logical IDs, 625 high availability how does it work?, 60 what is, 60 Home page, 14
855
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
I
idenfitying federated entities, 128 identifying system instabilities, 171 idle delay, PTZ, 390 image rotation, about, 392 Import tool about, 657 custom field limitations, 665 import scenarios, 657 importing CSV file fields, 662 CSV files, 658 entities, 664 replacing old credentials, 666 importing cardholders from Active Directory, 284 cardholders from flat file, 284 credentials from Active Directory, 287 credentials from flat file, 287 CSV file fields, 662 CSV files, 658 entities, 664 macros from files, 430 users from Active Directory, 102 importing keyboard shortcut configurations, 682 Impossible to establish video session, error, 239 information messages, investigating, 170 inheriting user privileges, 100 inputs, configuring, 503 instabilities, identifying in system, 171 interface, about, 13 interlock about, 362 configuring, 280 intrusion detection area about, 155, 421 creating, 159 properties, 422 intrusion detection unit about, 155, 423 deleting logs, 424 interface types, 424
renaming peripherals, 158 synchronizing clock, 424 intrusion detection, entity types, 155 Intrusion Manager about, 156, 563 creating, 156 keeping events, 564 limitations, 156 intrusion panel enrolling, 156 managing, 155 investigating malfunction events, 170 system configuration changes, 181 user activity, 182 investigation tasks generating reports, 30 IO configuration, about, 310 IO configurations, viewing, 310 IO linking, about, 160 IP address, video unit, 496 IPv4, display modes, 436 IPv6, about, 436
K
keeping events Access Manager, 512 Intrusion Manager, 564 Zone Manager, 609 key switch, zone arming, 505 keyboard shortcuts assigning, 682 configuring, 681 editing, 682 exporting configurations, 682 importing configurations, 682 restoring default configurations, 682
L
launching Walkthrough wizard, 272 lens type, about, 392 level, users, 486, 491 license information viewing from Config Tool, 769 viewing from Server Admin, 770
856
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
licensing, 869 limitations importing custom fields, 665 Intrusion Manager, 156 motion detection, 385 Omnicast Federation, 131 limiting concurrent user logons, 484 report results, 600 linking map files to maps, 165 microphones to cameras, 391 speakers to cameras, 391 Web pages to maps, 165 Live video, dialog box, 213 PTZ commands, 214 loading saved tasks, 23 location, setting, 40 lock delay, PTZ, 391 log in, video unit credentials, 530 log off, Security Center, 10 log on basic authentication, 9 supervised, 487, 492 user schedules, 484 using Windows credentials, 153 using Windows credentials in a multi-AD environment, 153 logging on options, 679 wrong Directory, 679 logical ID hiding unassigned entities, 625 showing, 625 logical ID, showing, 686 Logical view about, 85 entity tree, 86 managing, 85 logs, deleting, 424 LPR Manager about, 567 configuring Security Center/Patroller communication, 571 enabling hotlist filtering, 574 enabling permit filtering, 574 geocoding, 574 importing data, 583
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
managed hotlists and permits, 572 matching license plate reads, 573 providing Patroller updates, 582 XML exporting, 579 XML importing, 578 LPR unit about, 426 LPR unit, viewing properties, 184
M
macro about, 429 checking syntax, 430 creating, 110 defining execution contexts, 431 importing from files, 430 using, 110 main server converting to expansion servers, 49 what is, 7 maintenance mode, 80 maintenance tasks generating reports, 30 malfunction events, investigating, 170 managing alarms, 111 archive storage, 225 cardholders, 284 database, 52 intrusion panels, 155 Logical view, 85 Network view, 82 roles, 47 servers, 47 software security, 89 threat levels, 117 video archives, 224 zones, 160 manual recording, boosting quality, 376 map linking map files, 165 Web pages, 165 map file, linking to maps, 165 matching license plate reads, 573 maximum results, Security Desk reports, 30
857
Index
Media Router about, 585 configuring, 202 redirecting video streams, 586 RTSP port, 588 RTSP port conflict, 203 setting multicast port number, 588 what is, 202 microphone linking to cameras, 391 properties, 500 monitoring archive storage usage, 226 resource availability, 171 status of entities, 177 status of system, 177 system health, 171 Monitoring task viewing tiles only, 24 motion block, about, 380 motion detection about, 379 configuring, 379 drawing motion zones, 383 event types, 386 H.264 streams, 382 limitations, 385 motion blocks, 380 positive motion detection, 380 testing, 384 motion zones, drawing, 383 Move unit, about, 655
about, 83 creating, 83, 84 network options, configuring, 681 Network view managing, 82 purpose, 82 what is, 82 Network view, what is, 82 notification settings, video unit, 530 notification tray viewing system messages, 168 NTP settings, video unit, 532
O
offline video units troubleshooting, 236 Omnicast deploying prerequisities, 190 procedure, 191 entities, 188 features, 187 federating, 131 ports used (default), 780 what is, 187 Omnicast Federation about, 131, 590 connection parameters, 592 defining role groups, 591 limitations, 131 receiving information, 592 opening Server Admin, 48 Options dialog box about, 678 date/time display, 690 general options network, 681 user logon, 679 keyboard shortcuts, 681 performance options, 689 user interaction, 685 video options, 688 visual options, 683 ordinal pattern, schedules, 468 organizing video stream settings, 210
N
name filter, applying, 43 nesting partitions, 93 network about, 434 IPv4 display modes, 436 IPv6 address, 436 proxy server, 436 routes, 436 settings, 374 transmission capabilities, 435 network card settings, Archiver, 538 network entities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
858
Index
output behavior, about, 437 output pin, settings, 498 overtime rule about, 439 overtime violations, 442 overtime violations, about, 442 overwriting databases, 55
P
parition manager promoting users, 93 parity check, defining, 673 parking facility about, 444 partition about, 89, 447 adding accepted users, 92, 449 members, 92, 448 configuring, 90 creating, 91 defining, 91 deleting members, 448 nesting, 93 promoting users to managers, 93 public partition, 91 purpose, 91 system partition, 91 user privileges, 101 partition manager, about, 91 partition user, promoting, 93 password changing, 10, 483 expiration, 484 Patroller about, 450 performance options configuring, 689 limiting report results, 689 perimeter door, configuring, 279 permanently saving tasks, 26 permit about, 453 permit restriction about, 457
picture size, cardholders, 284, 635 playback video troubleshooting, 240 Plugin about, 594 Point of Sale about, 595 adding cash registers, 597 retrieving database information, 596 saving transaction data, 596 ports AutoVu-specific, 778 common to Security Center, 777 Omnicast-specific, 780 Synergis-specific, 779 positive motion detection, about, 380 Power LED, about, 787 preventing system failures, 171 primary server switching to secondary server, 534 printing report results, 31 private task saving, 24 using, 23 privilege templates about, 101 purpose, 101 usage tips, 101 using, 101 privileges, users, 694710 product documentation, about, 868 promoting partition users to managers, 93 protected video file statistics, 539 protecting alarm video recordings, 356 video archives, 227 protecting video files, 231 proxy server, about, 436 PTZ configuring, 390 using idle delay, 390 lock delay, 391 PTZ commands advanced configuration, 214 Center-on-click, 214 testing, 214
859
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
Zoom-box, 214 PTZ coordinates, dialog box, 214 public parition, about, 91 public task saving, 24 using, 23 public task, about, 461
Q
query filters reference list, 712 Query tab query filters available, 712
R
reactivation threshold alarms, 354 hardware zone, 504 virtual zone, 508 readerless door, configuring, 269 receiving information Omnicast Federation, 592 Security Center Federation, 603 recipients, alarms, 353 recording modes, Archiver, 522 recording modes, Auxiliary Archiver, 545 recording options, Archiver, 523, 545 red entity state, about, 85 redirecting video streams, 586 redundant archiving, using, 227 reference list action types, 758 event types, 745 query filters, 712 report columns, 723 relay settings, configuring, 276 relocating databases, 53 remote connection, enabling on SQL Server, 54 remote user, controlling, 487, 492 removing tasks from favorites, 24 removing cameras from camera sequences, 218 renaming access control units, 345 entities, 85, 87
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
intrusion detection unit peripherals, 158 renaming tasks, 24 reordering columns, 33 tasks, 25 reorganzing, entity tree, 87 replacing old credentials, 666 report analyzing results, 30 columns available, 723 exporting, 31 filtering query, 712 printing, 31 saving, 31 saving templates, 30 viewing results, 723 Report Manager about, 599 limiting results, 600 report pane columns available, 723 reordering columns, 33 resizing columns, 32 showing/hiding columns, 32 working with, 29 report results analyzing, 30 report results, limiting, 689 reporting tasks generating reports, 30 resizing columns, 32 resolving conflicts Access Manager, 515 how to, 149 overlapping schedules, 105 resources, monitoring availability, 171 responding, alarms, 115 restoring databases, 58 default keyboard shortcuts, 682 video archives, 227 retrieving Point of Sale system data, 596 role about, 49, 462 activating/deactivating, 51 changing servers, 50 configuring, 49 creating, 50
860
Index
managing, 47 role types, 510610 troubleshooting, 51 what is, 7 role group configuring, 135 defining, 591 setting, 602 what is, 134 role types Access Manager, 511 Active Directory, 516 Archiver, 521 Auxiliary Archiver, 543 Directory, 551 Directory Manager, 552 Global Cardholder Synchronizer, 557 Health Monitor, 560 Intrusion Manager, 563 LPR Manager, 567 Media Router, 585 Omnicast Federation, 590 Plugin, 594 Point of Sale, 595 Report Manager, 599 Security Center Federation, 601 Web-based SDK, 605 Zone Manager, 608 routes, network, 436 RTSP port, about, 203, 588
S
Saved tasks page configuring, 23 saving active task list, 687 open tasks, 24 report results, 31 report templates, 30 tasks, 24 workspace, 24 saving Point of Sale transaction data, 596 schedule about, 463 default schedule, 104 definition, 103
ordinal patterns, 468 resolving conflicts, 105 setting date coverage, 464 time coverage, 464 time range, 465 time zones, 104 twilight schedule, 104 user logon, 484 using, 103 scheduled task about, 469 compared to event-to-action, 109 create, 109 using, 109 what is, 109 schedules defining, 105 scheduling alarms, 355 hardware zone arming, 505 search event-to-actions, 108 search box using, 43 search box, using, 42 search tool, using, 43 searching for Archiver role events, 249 entities, 42 by name, 43 global search, 42 tasks, by name, 42 video files, 233 secondary server switching to primary server, 534 secondary server, adding, 64, 534 secure communication, video units, 497 Security Center about, 3 action types, 758 architecture, 6 changing user password, 10 closing, 10 common ports used, 777 connecting, 9 event types, 745 federating, 133
861
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
logging off, 10 logging on, 9, 153 ports, default, 776780 system features, 4 Security Center Federation about, 601 connection parameters, 603 receiving information, 603 setting role groups, 602 Security Desk displaying full screen, 24 Security Desk, about, 651 selecting columns, 32 Server Admin open using Config Tool, 48 using Internet Explorer, 48 using, 473 servers about, 471 configuring, 48 Directory, 473 Genetec Server, 476 managing, 47 using Server Admin, 473 setting alarm priorities, 352 bit rate priority, 372 camera bit rate priority, 372 camera bit rates, 372 camera connection type, 374 camera video quality, 370 entity expiration, 634 hardware zone reactivation threshold, 504 location, 40 multicast port number, 588 picture size, 284, 635 schedule date coverage, 464 schedule time coverage, 464 time ranges, 465 user group privileges, 493 user levels, 486, 491 user privileges, 488 video unit bit rates, 497 virtual zone reactivation threshold, 508 setting up HID units, 784 sharing guest, what is?, 298
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
sharing host, what is?, 297 showing columns, 32 logical IDs, 625 tiles only, 24 SMC units about, 267 software security about, 89 managing, 89 sorting tasks, 24, 25 speaker linking to cameras, 391 properties, 499 SQL Server, remote connection, 54 starting task cycling, 24 state types, entities, 179 status, user profiles, 483 stopping task cycling, 24 storage settings, Archiver, 536 storage settings, Auxiliary Archiver, 548 stream usage, about, 373 supervised log on, about, 487, 492 supporting cross-platform development, 164 synchronization modes, access control units, 348 synchronizing access control units, 267 entities with Active Directory, 142 intrusion detection unit clocks, 424 Synergis about, 252 architecture, 252 deploying alone, 258 prerequisities, 256 procedure, 257 with Omnicast, 259 entities, 253 ports used (default), 779 testing system, 294 unique model, 254 System entity, about, 85 system health monitoring, 171 troubleshooting, 170
862
Index
system messages about, 168 viewing, 168 system messages, display options, 686 system partition, about, 91 System status about, 177 monitoring entity statuses, 177 system, monitoring status, 177
Cardholder access rights, 325 Cardholder configuration, 318 Credential configuration, 319 Door troubleshooter, 324 Hardware inventory, 184 Health history, 170 Health statistics, 171 IO configuration, 310 System status, 177 taskbar changing position, 27 display options, 683 hiding, 27 technical support, contacting, 869 testing alarms, 112 motion detection, 384 threat level managing, 117 purpose, 117 threat, definition, 117 tile plugin about, 480 time coverage, setting, 464 time range daily time, 465 setting, 465 specific dates, 467 twilight, 467 weekly, 466 time zone displaying abbreviations, 690 time zones, warning about, 104 tips privilege templates, 101 tool types Access troubleshooter, 652 Copy configuration tool, 668 Custom card format editor, 670 Import tool, 657 Move unit, 655 Options dialog box, 678 Security Desk, 651 Unit Discovery tool, 653 Unit replacement, 654 Tools Access troubleshooter, 320 Tools menu, 692
863
T
task adding, 22 adding to favorites, 24 administration tasks, 611630 commands, 24 creating, 22 deleting, 24 loading saved tasks, 23 removing from favorites, 24 renaming, 24 reordering, 25 saving, 24 as private task, 24 as public task, 24 layout, 24 tasks permanently, 26 sorting, 25 working with, 24 task cycling starting, 24 stopping, 24 task cycling, enabling, 485 task list saving on exit, 687 sorting, 24 task privileges, users, 704 task types maintenance tasks Access control health history, 308 Access control unit events, 309 Access rule configuration, 317 Activity trails, 182 Archive storage details, 233 Archiver events, 249 Audit trails, 181
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
transmission capabilities, network, 435 trickling, what is, 198 triggering alarms, 113 troubleshooting access configuration problems, 320 access requirements, 323 access rights to doors, 324 access rule configurations, 317 Access troubleshooter, 294 alarms, 112 cameras not recording, 241 cannot add video units, 244 cannot delete video units, 247 cardholder access rights, 322 doors, 321, 326 credentials, 326 readers, 327 Request to exit, 326 entity states, 179 H.264 video stream, 248 HID units, 314 impossible to establish video session error, 239 malfunction events, 170 offline video units, 236 playback video, 240 roles, 51 system health, 170 unstable entities, 171 video streams, 235 waiting for signal, 237 troushooting user logon, 679 twilight schedule, about, 104
U
UI component Logical view, 85 UI element Home page, 14 Tools menu, 692 task workspace administration, 16 contextual command toolbar, 17 Unit discovery tool about, 653 adding
access control units, 265 video units, 196 Unit replacement, about, 654 unprotecting video files, 231 upgrading video unit firmware, 496 user about, 89, 93, 482 activating, 483 changing password, 10, 483 configuring, 93 controlling remote workstations, 487, 492 creating, 94 deactivating, 483 enabling task cycling, 485 entering personal information, 483 importing from Active Directory, 102 investigating activity, 182 limitations, archive viewing, 487, 492 limiting concurrent logons, 484 logon schedules, 484 password expiration, 484 setting level, 486, 491 setting privileges, 488 supervised log on, 487, 492 user group about, 89, 97, 489 configuring, 96 creating, 97 creating parent user groups, 98 members, 490 setting privileges, 493 user interaction options configuring, 685 displaying system messages, 686 exiting Security Desk, 687 renaming devices, 686 showing logical IDs, 686 updating public tasks, 686 user logon options, 679 troubleshooting, 679 user password changing, 10, 483 configuring expiration, 484 user privileges about, 99, 488 action privileges, 708
864
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
administrative privileges, 697 application privileges, 695 configuring, 99 general privileges, 696 hierarchy, 99 inheriting, 100 partitions, 101 settings, 99 task privileges, 704 templates, 101 using Access troubleshooter, 323 Archiver failover, 227 Cardholder troubleshooter, 322 Copy configuration tool, 668 custom card formats, 287, 635 Door troubleshooter, 321 event-to-actions, 106 federated entities, 129 global search, 42 HID Discovery GUI utility, 783 macros, 110 ordinal patterns, 468 partitions, 91 redundant archiving, 227 scheduled tasks, 109 schedules, 103 search box, 42, 43 search tool, 43 Server Admin, 473 SSL connection, 606 Web-based SDK, 164
V
video archive about, 224 archive database, 224 Archiver failover, 227 backing up, 227 encryption key, 230 failover load planning, 228 hardware failure protection, 227 managing, 224 protecting, 227 redundant archiving, 227 restoring, 227
routine cleanup protection, 229 storage, 224 storage failure protection, 227 tampering protection, 229 video display options, alarms, 355 video encoder, about, 368 video file changing protection status, 231 protecting, 231 searching, 233 unprotecting, 231 viewing properties, 233 video options configuring, 688 video protection, alarms, 356 video quality testing, 213 video quality, cameras, 370 video recording on alarms, 356 video stream automatic stream selection, 211 boosting recording quality, 212 configuring, 210 diagnosing, 235 organizing settings, 210 video unit about, 494 adding manually, 194 using Unit discovery tool, 196 advanced settings, 532 authenticating, 497 automatic discovery, 196 bit rate settings, 497 cannot add, 244 cannot delete, 247 command port, 497 discovery port, 497 discovery settings, 529 enabling UPnP, 497 IP address, 496 notification settings, 530 NTP settings, 532 peripherals configuring output pins, 498 microphone properties, 500 settings, 498 speaker properties, 499
865
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
secure communication, 497 setting login credentials, 530 settings, 528 SSL settings, 531 troubleshooting offline units, 236 upgrading firmware, 496 viewing properties, 184 viewing access control unit events, 309 access control unit health events, 308 access rule configurations, 317 active task list, 485 archive storage details, 233 cardholder access rights, 325 cardholder properties, 318 credential properties, 319 entities, 85 health issues, 168 IO configurations, 310 license information from Config Tool, 769 from Server Admin, 770 report results, 723 system messages, 168 unit properties, 184 warnings, 168 virtual zone about, 161, 506 arming, 508 associating zone states to events, 508 configuring, 162 delaying arming, 508 evaluating zone state, 507 setting reactivation threshold, 508 Zone Manager, 507 See also zone visual options configuring, 683 taskbar, 683 visual tracking about, 388 configuring, 212
about, 271 launching, 272 modes, 272 purpose, 271 warning messages investigating, 170 viewing, 168 Watchdog, about, 478 Web page, linking to maps, 165 Web-based SDK about, 164, 605 determining Web service address, 606 using, 164 SSL connection, 606 Wiegand field, defining, 672 wiring diagrams HID Edge plus, 800 HID Edge reader, 800 HID VertX V1000, 801 HID VertX V2000, 802 wiring doors, 268 working with report pane, 29 tasks, 24
X
XML exporting, 579 importing, 578
Y
yellow state, entities, 85
Z
zone about, 160 arming, 160 choosing zone type, 163 disarming, 160 hardware zone about, 161, 502 configuring, 162 IO linking, 160 managing, 160
866
W
Waiting for signal, error, 237 Walkthrough wizard
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Index
virtual zone about, 161, 506 configuring, 162 Zone Manager about, 161, 608 associating zones, 507 keeping events, 609
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
867
Genetec Technical Assistance Portal (GTAP). The latest version of the documentation is
available from the GTAP Documents page. Note, youll need a username and password to log on to GTAP.
Help. Security Center client and web-based applications include help, which explain how
the product works and provide instructions on how to use the product features. Patroller and the Sharp Portal also include context-sensitive help for each screen. To access the help, click Help, press F1, or tap the ? (question mark) in the different client applications.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
868
Technical support
Genetec Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a Genetec customer, you have access to the Genetec Technical Assistance Portal (GTAP), where you can find information and search for answers to your product questions.
Genetec Technical Assistance Portal (GTAP). GTAP is a support website that provides indepth support information, such as FAQs, knowledge base articles, user guides, supported device lists, training videos, product tools, and much more. Prior to contacting GTAC or opening a support case, it is important to look at this website for potential fixes, workarounds, or known issues. You can log in to GTAP or sign up at https://gtap.genetec.com.
Genetec Technical Assistance Center (GTAC). If you cannot find your answers on GTAP, you
can open a support case online at https://gtap.genetec.com. For GTAC's contact information in your region see the Contact page at https://gtap.genetec.com.
NOTE Before contacting GTAC, please have your System ID (available from the About button in your client application) and your SMA contract number (if applicable) ready.
Licensing.
For license activations or resets, please contact GTAC at https://gtap.genetec.com. For issues with license content or part numbers, or concerns about an order, please contact Genetec Customer Service at customerservice@genetec.com, or call 1-866-684-8006 (option #3). If you require a demo license or have questions regarding pricing, please contact Genetec Sales at sales@genetec.com, or call 1-866-684-8006 (option #2).
Additional resources
If you require additional resources other than the Genetec Technical Assistance Center, the following is available to you:
GTAP Forum. The Forum is an easy to use message board that allows clients and Genetec staff
to communicate with each other and discuss a variety of topics, ranging from technical questions to technology tips. You can log in or sign up at https://gtapforum.genetec.com.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
869